Investor Due Diligence Checklist: What VCs Actually Look For

Due diligence is the process where an investor verifies that everything you told them during fundraising is true — and uncovers anything you did not mention. For founders, due diligence is stressful because it is invasive, time-consuming, and can kill a deal if something unexpected surfaces. The best defense is preparation. This checklist covers every category that institutional investors and sophisticated angels examine, with practical notes on what they are really looking for.

1. Corporate and legal

Investors start here. They want to confirm the company is properly set up and that there are no legal landmines.

• Certificate of Incorporation / Companies House filing
• Articles of Association / Bylaws (current version)
• Shareholder register / stock ledger
• Board minutes and resolutions (all of them)
• Previous investment agreements (SAFEs, notes, round documents)
• Shareholders' Agreement (if one exists)
• Any side letters or special investor arrangements
• Outstanding lawsuits, disputes, or regulatory actions
• Government grants, subsidies, or tax relief claims (R&D credits, SEIS/EIS)

2. Cap table and equity

The cap table is examined in detail. Any discrepancies between the cap table and the corporate records will raise red flags.

• Fully diluted cap table showing all shareholders, option holders, and convertible instruments
• Stock option plan and all grant agreements
• Vesting schedules for founders and employees (any acceleration provisions)
• Convertible notes, SAFEs, or ASAs outstanding (terms and conversion mechanics)
• 83(b) elections filed (US) or Section 431 elections (UK)
• Anti-dilution provisions in any existing agreements
• Right of first refusal / transfer restrictions

3. Intellectual property

For tech startups, IP is often the most valuable asset. Investors need to know that the company owns all of it.

• IP assignment agreements from all founders (signed before or at incorporation)
• IP assignment agreements from all employees and contractors who contributed to the product
• Patent applications or registrations (if any)
• Trademark registrations (if any)
• Open-source license audit: list of open-source components used and their licenses
• Third-party IP: any licensed technology or APIs
• Confirmation that no founder developed IP at a previous employer that could create ownership claims

4. Team and employment

• Employment agreements for all employees (with IP assignment, non-compete, and confidentiality clauses)
• Contractor agreements (with IP assignment)
• Key person risk assessment: what happens if a key team member leaves?
• Non-compete or non-solicitation agreements with previous employers (could they restrict a founder?)
• Organization chart and reporting structure
• Compensation details: salary, bonus, equity for each team member
• Outstanding or threatened employment claims

5. Financial information

• Historical financial statements (P&L, balance sheet, cash flow) — last 2–3 years if available
• Monthly management accounts for the last 12 months
• Bank statements (last 6–12 months)
• Revenue breakdown by customer, product, or geography
• Financial projections (3-year forecast with assumptions clearly stated)
• Burn rate and runway calculation
• Outstanding debts, loans, or credit lines
• Tax filings and any outstanding tax liabilities
• R&D tax credit claims (UK) or tax deductions (US)

6. Commercial and metrics

• Customer list with revenue per customer
• Key customer contracts (especially any with large revenue concentration)
• Customer churn data
• Monthly recurring revenue (MRR) or annual recurring revenue (ARR) trend
• Customer acquisition cost (CAC) and lifetime value (LTV)
• Sales pipeline and conversion rates
• Competitive landscape and differentiation
• Pricing strategy and any planned changes

7. Technical and product

• Product demo or access to a staging environment
• System architecture overview
• Technology stack and key third-party dependencies
• Security practices: authentication, encryption, access controls
• Uptime and reliability data (SLA compliance)
• Development process: CI/CD, code review, testing coverage
• Product roadmap
• Technical debt assessment

8. Compliance and data

• GDPR compliance: data processing records, DPA with processors, privacy policy, cookie consent
• Data processing agreements with third-party processors (cloud providers, analytics)
• Security certifications (SOC 2, ISO 27001) if applicable
• Data breach history and incident response plan
• Industry-specific regulations (fintech: FCA, healthtech: CQC, etc.)
• Insurance policies (D&O, professional liability, cyber)

How to organize your data room

A well-organized data room signals professionalism and operational maturity. Use a clear folder structure:

Common deal-killers in due diligence

• Missing IP assignments: if a co-founder or early contractor never assigned their IP to the company, the investor may walk away or require it as a closing condition.
• Cap table discrepancies: if the share register does not match the cap table spreadsheet, it raises questions about record-keeping and governance.
• Undisclosed liabilities: outstanding debts, pending lawsuits, or tax liabilities that were not mentioned during fundraising.
• Customer concentration: if one customer accounts for more than 30% of revenue, investors see risk. Be prepared to discuss mitigation.
• Founder non-competes: if a founder is subject to a non-compete from a previous employer that restricts their ability to work on the startup, this is a fundamental problem.
• GDPR non-compliance: European investors increasingly treat data protection compliance as essential. Having no GDPR documentation is a red flag.

How eSignHub helps with due diligence

eSignHub's deal room feature is designed for exactly this use case. Upload your data room documents into organized folders with granular access permissions. Share specific folders or the entire data room with investors via a secure link. Track which documents investors have viewed and downloaded. When the deal closes, send subscription agreements and shareholders' agreements for e-signature — all within the same platform where your data room lives.