SaaS Startup Due Diligence Checklist for Investors (2026)
This checklist covers 22 due diligence items for SaaS startups. Each item has been validated against institutional investor practice. DDR automates the majority of these checks from a single pitch deck PDF upload.
22 checklist items · 7 red flags automatically detected · See a sample DDR report
SaaS Sector
✓
MRR and ARR verified with bank statements or Stripe export
✓
Monthly cohort retention curves reviewed for all customer vintages
✓
Customer concentration: top 5 customers < 30% of ARR
✓
NRR above 100% with underlying data verified
✓
All customer contracts reviewed for cancellation, auto-renewal, and pricing terms
✓
Competitive landscape documented with 5+ competitors profiled
✓
CAC payback period calculated from blended S&M spend
✓
Security posture: SOC 2 status, last pen test, data breach history
✓
Founder technical and go-to-market backgrounds verified
✓
Cap table reviewed: no major founder vesting cliffs approaching
Deep Dive
✓
Request full cohort analysis by signup month — retention curves tell the real PMF story
✓
Review every customer contract for cancellation clauses, auto-renewal terms, and pricing escalators
✓
Verify ARR vs. GAAP revenue distinction — multiyear contracts can inflate ARR
✓
Map all integrations and API dependencies — platform risk if built on one ecosystem
✓
Check competitor pricing pages and G2/Capterra reviews for positioning intelligence
✓
Review security posture: SOC 2, penetration testing, data residency for enterprise targets
Regulatory
✓
Verify: GDPR and CCPA: data residency requirements can add infrastructure cost for EU expansion
✓
Verify: HIPAA: any healthcare customer requires BAA agreements and strict data controls
✓
Verify: SOC 2 Type II: now table stakes for mid-market and enterprise buyers
OSINT Signals
✓
Check: G2/Capterra review count and rating trend (negative reviews signal churn risk)
✓
Check: LinkedIn headcount growth vs. ARR growth (hiring velocity signals growth trajectory)
✓
Check: GitHub activity for B2D (developer-facing) products
DDR AUTOMATES THIS CHECKLIST
Upload a SaaS startup pitch deck and DDR automatically completes 15+ of these 22 checklist items — sourcing data from 13 OSINT signals, benchmarking against 4 comparable companies, and detecting all 7 critical red flags.
GET YOUR FREE SCAN →