Due Diligence Checklist: What Investors Check Before Funding Your Startup
You have built a great product, shown impressive traction, and an investor has shown serious interest in funding your startup. Now comes the step that can make or break the deal: due diligence. Investor due diligence is the systematic process through which investors verify every claim you have made, assess all potential risks, and confirm that your startup is worth the investment. Being well-prepared for this process is the difference between closing your round quickly at favorable terms and watching a promising deal fall apart. This guide provides a complete, practical checklist for Indian startups to ensure you are investor-ready.
Understanding the Due Diligence Process
Due diligence is not a single event but a structured investigation that typically follows the signing of a term sheet. Once you and the investor agree on the basic terms (valuation, investment amount, equity stake), the investor's legal, financial, and commercial teams begin a thorough review of your business.
The Typical Due Diligence Flow
- Term sheet signed: Basic terms agreed upon, subject to due diligence
- Data room setup: Startup organizes and shares all relevant documents
- Document review: Investor's team reviews legal, financial, and operational records
- Management meetings: Founders present the business and answer detailed questions
- Customer/reference checks: Investor speaks with key customers, partners, and industry contacts
- Issue resolution: Any gaps or concerns are addressed (fix, adjust terms, or add protections)
- Final approval: Investor's investment committee gives the go-ahead
- Definitive agreements: SHA, SSA, and other investment documents are finalized
- Closing: Conditions precedent are met, and funds are transferred
| Funding Stage | Typical Duration | Depth of Review |
|---|---|---|
| Angel / Pre-Seed | 1 to 2 weeks | Basic legal and team checks |
| Seed Round | 2 to 4 weeks | Legal, basic financial, team, and product |
| Series A | 4 to 6 weeks | Comprehensive legal, financial, IP, and commercial |
| Series B+ | 6 to 8 weeks | Institutional-grade review across all categories |
Legal Due Diligence Checklist
Legal due diligence is typically the most extensive part of the process. Investors want to ensure the company is properly incorporated, legally compliant, and free from hidden liabilities.
Corporate Records
| Document | Why It Matters | Where to Get It |
|---|---|---|
| Certificate of Incorporation | Confirms legal existence and incorporation date | MCA records |
| Memorandum of Association (MOA) | Defines the company's objects and authorized activities | Company records / MCA |
| Articles of Association (AOA) | Governs internal management and shareholder rights | Company records / MCA |
| All Board Resolutions (since incorporation) | Shows governance and decision-making trail | Company secretary / minutes book |
| General Meeting Resolutions | Confirms shareholder approvals for key decisions | Company secretary / minutes book |
| Register of Members | Shows current and historical share ownership | Statutory register |
| Share Certificates and Transfer Deeds | Confirms share issuance and ownership transfers | Company records |
| RoC Annual Filings (AOC-4, MGT-7) | Confirms ongoing statutory compliance | MCA website |
| Director DIN and KYC records | Confirms director identities and compliance | MCA records |
Previous Funding Documents
- Prior investment agreements (SHA, SSA, convertible notes, SAFEs)
- Valuation reports for previous rounds
- Complete cap table with all share classes and conversions
- Any side letters or informal understandings with existing investors
- Board composition and observer rights from previous rounds
Contracts and Agreements
- All customer contracts (especially top 10 by revenue)
- Vendor and supplier agreements
- Partnership and distribution agreements
- Office lease agreements
- Technology licensing agreements
- Any non-compete, non-solicitation, or exclusivity agreements
Financial Due Diligence Checklist
Financial due diligence verifies the accuracy of your financial representations and assesses financial health.
Financial Statements and Records
- Audited financial statements: Last 2 to 3 years (balance sheet, P&L, cash flow statement, notes)
- Monthly management accounts: P&L, balance sheet, and cash flow for the last 12 to 24 months
- Bank statements: All company bank accounts for the last 12 to 24 months
- Revenue breakdown: By customer, product, geography, and channel (monthly)
- Expense analysis: Category-wise breakdown with month-over-month trends
- Accounts receivable aging: Outstanding customer payments by age
- Accounts payable aging: Outstanding vendor payments by age
- Debt schedule: All outstanding loans, credit lines, and their terms
Unit Economics
| Metric | What Investors Look For |
|---|---|
| Monthly Recurring Revenue (MRR) | Consistent growth, low churn, verified against bank statements |
| Customer Acquisition Cost (CAC) | Sustainable and decreasing over time |
| Lifetime Value (LTV) | LTV/CAC ratio of 3x or higher |
| Gross Margin | Healthy margin trending upward |
| Burn Rate | Runway calculation and cash efficiency |
| Revenue per Employee | Productivity and scalability indicator |
| Churn Rate | Low customer and revenue churn |
Financial Projections
- 3 to 5-year revenue, expense, and profitability projections
- Key assumptions underlying the projections (growth rates, pricing, team size)
- Scenario analysis (base case, bull case, bear case)
- Cash flow projections showing when the company reaches profitability
- Use of funds breakdown showing how the investment will be deployed
Investors will cross-verify your reported revenue with GST returns, bank statements, and customer contracts. Any material discrepancy between these sources is a serious red flag that can derail the entire deal. Ensure your accounting and GST filings are consistent and up to date before starting the fundraising process.
Tax Due Diligence Checklist
Tax compliance is a dealbreaker for most institutional investors.
- Income Tax Returns: Filed for all years since incorporation (company and directors)
- GST Returns: All GSTR-1, GSTR-3B, and annual returns filed on time
- TDS Returns: Quarterly 24Q (salary), 26Q (non-salary) returns filed with consistent deposits
- Advance Tax: Paid quarterly (if tax liability exceeds Rs. 10,000 per year)
- Transfer Pricing: Compliance with arm's length pricing for related-party transactions (if applicable)
- Pending Tax Notices: List of any pending notices, assessments, or appeals
- Tax Benefits Claimed: Documentation for Section 80-IAC or other startup benefits
- Professional Tax: Registration and payment compliance (in applicable states)
Intellectual Property Due Diligence Checklist
For technology startups, IP is often the most valuable asset, and investors conduct thorough verification.
| IP Type | Documents Needed | Key Verification Points |
|---|---|---|
| Trademarks | Registration certificates, pending applications, renewal records | Brand name and logo are properly protected in relevant classes |
| Patents | Filed applications, granted patents, inventor agreements | Patents are assigned to the company (not individual founders) |
| Copyrights | Registration certificates, source code ownership records | Software and content IP owned by the company |
| Domain Names | Domain registrar records, WHOIS data | Key domains owned by the company (not personal accounts) |
| IP Assignments | Assignment agreements from founders, employees, contractors | All IP created for the company is properly assigned to it |
| Open Source | List of open-source components used, license types | No copyleft licenses that could require source code disclosure |
One of the most common issues found during due diligence is that founders have not formally assigned their pre-incorporation IP (code, designs, concepts) to the company. If the product was built before incorporation or by founders in their personal capacity, an IP assignment agreement must be executed. This is a basic requirement that investors check across every deal.
Operational Due Diligence Checklist
Team and HR
- Complete employee list with roles, joining dates, and compensation
- Employment agreements (with IP assignment and confidentiality clauses)
- Key employee retention mechanisms (ESOPs, retention bonuses)
- Contractor agreements with IP ownership clauses
- PF and ESI compliance records
- Any employee disputes, claims, or pending labour issues
- Organization chart and reporting structure
Technology and Product
- Technology architecture documentation
- Code repository access (for tech-focused investors)
- Development methodology and deployment processes
- Security measures and penetration test results
- System uptime records and SLA compliance
- Data privacy and DPDP Act compliance
- Third-party service dependencies and vendor contracts
Regulatory and Compliance
- All business licenses and permits (trade license, shop establishment, industry-specific)
- GST registration certificate
- MSME/Udyam registration (if applicable)
- DPIIT recognition certificate
- Industry-specific regulatory compliance (RBI, SEBI, FSSAI, etc.)
- Environmental and safety compliance (for manufacturing)
Commercial Due Diligence Checklist
Commercial due diligence validates whether the business opportunity is as large and attractive as presented.
- Market size analysis: TAM, SAM, SOM with credible data sources
- Customer references: Investors may speak directly with 3 to 5 key customers
- Competitive landscape: Detailed comparison with direct and indirect competitors
- Customer concentration risk: Revenue distribution across customers (no single customer should exceed 20% to 25%)
- Sales pipeline: Qualified leads, conversion rates, and projected bookings
- Product-market fit validation: Customer testimonials, NPS scores, usage data, retention metrics
- Regulatory moat: Any regulatory advantages or barriers to entry
Setting Up Your Data Room
A well-organized data room is your first opportunity to demonstrate operational excellence to investors.
Recommended Data Room Structure
| Folder | Contents |
|---|---|
| 01. Corporate | Incorporation docs, MOA/AOA, board minutes, shareholder registers, RoC filings |
| 02. Cap Table & Equity | Cap table, share certificates, previous funding docs, ESOP details |
| 03. Financial | Audited financials, management accounts, bank statements, projections |
| 04. Tax | ITR, GST returns, TDS records, tax notices/replies |
| 05. Legal | Material contracts, litigation details, regulatory licenses |
| 06. HR & Team | Employee list, agreements, PF/ESI records, org chart |
| 07. IP | Trademark/patent/copyright records, IP assignments, domain ownership |
| 08. Product & Tech | Architecture docs, security assessments, uptime records |
| 09. Commercial | Market research, customer references, competitive analysis |
| 10. Insurance | D&O insurance, liability policies, key-man insurance |
Common Due Diligence Red Flags and How to Fix Them
| Red Flag | Impact on Deal | How to Fix |
|---|---|---|
| Missing or late RoC filings | Shows poor governance, potential penalties | File all pending returns with RoC filing services immediately |
| Revenue mismatch (books vs GST vs bank) | Questions about revenue integrity | Reconcile all records with professional accounting support |
| IP not assigned to company | Company may not own its core technology | Execute IP assignment agreements with all founders and developers |
| No founder vesting agreement | Risk of co-founder walking away with equity | Draft and execute shareholder agreement with vesting |
| Pending tax notices | Unknown financial liability | Respond to notices, resolve issues, and disclose transparently |
| Undocumented related-party transactions | Governance and conflict of interest concerns | Document all transactions with board resolutions and arm's length pricing |
| High customer concentration (40%+ from one customer) | Revenue risk if key customer churns | Diversify customer base and develop risk mitigation plan |
| Employee agreements missing IP clauses | Company may not own work created by employees | Update employment agreements with IP assignment and confidentiality clauses |
Preparing for Due Diligence: A 90-Day Plan
- Month 1 (Days 1 to 30): Audit and Assess
- Conduct an internal compliance health check
- List all pending statutory filings and fix them
- Review all material contracts for completeness
- Verify cap table accuracy against MCA records
- Confirm IP ownership and assignment
- Month 2 (Days 31 to 60): Organize and Fix
- Get financial statements audited (if not done)
- Reconcile financial statements, GST returns, and bank statements
- Execute missing agreements (IP assignment, employment, shareholder agreement)
- Resolve any pending tax notices or litigation
- Update ESOP records and grant letters
- Month 3 (Days 61 to 90): Package and Present
- Set up the virtual data room with organized folders
- Prepare the management presentation
- Create financial projections with clear assumptions
- Brief customer references who may be contacted
- Prepare answers to common due diligence questions
Conclusion
Due diligence is not something you prepare for; it is something you live. The startups that close funding rounds quickly with favorable terms are those that maintain investor-ready records as standard operating practice. Clean corporate governance, accurate financials, proper tax compliance, protected intellectual property, and well-documented operations are not just boxes to check for investors. They are the foundations of a well-run business.
At IncorpX, we help startups build and maintain these foundations from day one. From company registration and ongoing compliance to virtual CFO services, accounting, and legal documentation, we ensure your startup is always ready for investor scrutiny. Because the best time to prepare for due diligence is before someone asks for it.
Frequently Asked Questions
What is due diligence in startup funding?
Due diligence is the comprehensive investigation an investor conducts before finalizing an investment in a startup. It covers legal, financial, tax, IP, operational, and commercial aspects of the business to assess risks and validate the claims made during fundraising. The process typically takes 2 to 8 weeks and can involve the investor's lawyers, accountants, and industry experts.
Why is due diligence important for startups?
Due diligence is important because it builds investor confidence and facilitates faster deal closure. A startup that passes due diligence with minimal red flags gets better terms, faster funding, and a stronger investor relationship. Failing due diligence can kill a deal entirely or result in significantly reduced valuation, additional protective clauses, or higher investor control rights.
When should a startup prepare for due diligence?
Startups should start preparing at least 3 to 6 months before they plan to raise funding. This gives time to fix compliance gaps, organize records, resolve legal issues, and ensure financial statements are audited. The best approach is to maintain investor-ready records from day one as part of good business practices, rather than scrambling before fundraising.
What are the main categories of due diligence?
Investor due diligence typically covers six main categories: legal due diligence (corporate records, contracts, litigation), financial due diligence (revenue, expenses, projections), tax due diligence (compliance, pending issues), IP due diligence (trademarks, patents, trade secrets), operational due diligence (team, processes, technology), and commercial due diligence (market, customers, product-market fit). Each category has specific documents and information requirements.
What legal documents do investors check?
Legal due diligence includes reviewing: Certificate of Incorporation and MOA/AOA, board meeting minutes and shareholders' resolutions, shareholder agreements and share subscription agreements, previous funding documents (SAFEs, convertible notes), employee agreements and IP assignment clauses, material contracts (customer, vendor, partner), pending or past litigation, regulatory licenses and permits, and statutory compliance records.
What financial information do investors review?
Financial due diligence covers: audited financial statements (last 2 to 3 years), management accounts (monthly P&L, balance sheet), revenue breakdown by customer and product, expense analysis and burn rate, bank statements and cash flow statements, accounts receivable and payable aging, financial projections (3 to 5 years), unit economics (CAC, LTV, margins), and debt schedule (existing loans and liabilities).
What tax compliance do investors verify?
Tax due diligence focuses on: income tax return filing history (company and directors), GST registration and return filing compliance, TDS deduction and deposit records, advance tax payments, pending tax notices or assessments, tax benefits claimed (Section 80-IAC for startups), transfer pricing compliance (if applicable), and any tax litigation or disputes.
How do investors evaluate the founding team?
Investors assess the team based on: founders' relevant experience and domain expertise, criminal background checks, directorship history (other companies, disqualifications), employment history and reference checks, non-compete and non-disclosure agreements, equity split among co-founders, vesting schedules, key-man risk (over-dependence on one founder), and the founders' reputation in the industry.
What IP-related checks do investors perform?
IP due diligence includes: trademark registrations and application status, patent filings and grants, copyright registrations for software and content, domain name ownership records, IP assignment agreements from founders and employees, open-source software usage and licensing compliance, trade secret protection measures, and any IP infringement claims (by or against the startup).
What is a data room in due diligence?
A data room (or virtual data room) is a secure online repository where the startup organizes and shares all due diligence documents with potential investors. Platforms like Google Drive, Dropbox, or dedicated data room providers (Notion, DocSend, DealRoom) are used. The data room should be well-organized with clear folder structures, up-to-date documents, and controlled access permissions. A well-prepared data room signals professionalism and speeds up the process.
What corporate governance records are needed?
Investors review: complete set of board meeting minutes from incorporation, general meeting minutes (AGMs and EGMs), statutory register of members, director information and KYC records, annual RoC filings (AOC-4, MGT-7), register of charges (if any), related-party transaction records, and compliance with the Companies Act provisions. Any gaps or delays in filings raise red flags.
How do investors assess revenue quality?
Revenue quality assessment includes: verifying revenue concentration (dependence on top 5 to 10 customers), analyzing revenue mix (recurring vs one-time), reviewing customer contracts and payment terms, checking for revenue recognition accuracy (Ind AS compliance), validating monthly recurring revenue (MRR) for SaaS companies, understanding customer churn rates, and comparing reported revenue with GST returns and bank statements.
What common red flags do investors look for?
Common red flags include: inconsistent or missing statutory filings, unexplained discrepancies between financial statements and tax returns, pending litigation or tax notices, missing founder vesting agreements, IP not properly assigned to the company, related-party transactions at non-arm's length, high customer concentration (one customer contributing 40%+ of revenue), frequent changes in auditors, and gaps in employee documentation.
What is the difference between legal and commercial due diligence?
Legal due diligence focuses on legal risks, compliance, and documentation (contracts, incorporation documents, litigation, regulatory). Commercial due diligence focuses on business viability and market opportunity (market size, competitive landscape, customer validation, product-market fit, growth potential). Both are critical but address different types of risk.
How should employee records be organized for due diligence?
Employee records should include: employment agreements for all employees (with IP assignment and confidentiality clauses), offer letters and appointment letters, PF registration and contribution records, ESI registration and contribution records, professional tax compliance, ESOP grant letters and ESOP policy, employee handbook, any employment disputes or claims, and contractor agreements with clear IP ownership terms.
What environmental or industry-specific compliance do investors check?
Depending on the industry, investors may check: environmental clearances and pollution control consents (for manufacturing), FSSAI compliance (for food businesses), drug licenses (for pharma), RBI compliance (for fintech), data protection compliance (for tech companies), and sector-specific regulatory approvals. Non-compliance with industry regulations can result in business shutdown, making these checks critical.
How do investors verify the cap table?
Cap table verification includes: confirming all share issuances match MCA records (Form PAS-3 filings), reviewing share transfer deeds and instruments, checking for any pledged or encumbered shares, verifying the ESOP pool size and outstanding grants, confirming convertible instrument terms (notes, SAFEs), and ensuring no unauthorized share allotments. Any discrepancy between the cap table presented and the statutory records is a serious red flag.
What material contracts should be ready for review?
Material contracts include: all customer contracts above a certain threshold (varies by company), vendor and supplier agreements, partnership and distribution agreements, lease and rental agreements, licensing agreements (for technology or IP), loan and credit facility agreements, insurance policies, service level agreements (SLAs), and any government contracts or concessions.
What is a management presentation for due diligence?
A management presentation is a formal meeting where founders present the company's story, strategy, and financials to the investor's due diligence team. It typically covers: company history and milestones, product overview and technology architecture, market opportunity and competitive landscape, business model and unit economics, financial performance and projections, team structure and key hires, use of funds, and risk factors with mitigation strategies.
How do investors assess technology and product?
Technology due diligence covers: product architecture and tech stack review, code quality and development practices (code reviews, CI/CD), scalability and performance benchmarks, security measures and vulnerability assessments, data privacy and protection measures, uptime history and disaster recovery plans, third-party dependencies and vendor lock-in risks, and technology roadmap alignment with business strategy.
What happens if issues are found during due diligence?
If issues are found, the outcomes could include: the startup fixing the issues before closing (most common for minor gaps), adjusting the valuation downward to account for risks, adding specific indemnity clauses in the investment agreement, increasing investor rights (board seats, approval rights), adding conditions precedent (issues must be fixed before funding disbursement), or in extreme cases, the investor walking away from the deal.
How do investors evaluate the market opportunity?
Market evaluation includes: total addressable market (TAM) sizing from credible sources, serviceable addressable market (SAM) based on the startup's reach, serviceable obtainable market (SOM) based on realistic market share, market growth rate and trends, competitive landscape analysis, regulatory environment affecting the market, customer validation (references, case studies), and barriers to entry for competitors.
What insurance policies should a startup have?
Investors look for: Directors and Officers (D&O) liability insurance (protecting directors from personal liability), commercial general liability insurance, professional indemnity insurance (for service companies), cyber liability insurance (for tech companies), key-man insurance (on founders), product liability insurance (for physical products), and employer's liability insurance. Having appropriate insurance shows risk awareness and protects investor value.
What is representations and warranties insurance?
Representations and warranties (R&W) insurance is a policy that covers losses arising from breaches of representations made in the investment agreement. For example, if the startup represented that all tax filings are up to date but a forgotten filing surfaces later, R&W insurance covers the financial loss. This is more common in larger deals (Series B+) and M&A transactions but provides comfort to both parties.
How should the data room be structured?
A well-organized data room typically has these main folders: Corporate (incorporation documents, board resolutions, shareholder agreements), Financial (audited financials, management accounts, projections), Tax (ITR, GST returns, TDS records), Legal (material contracts, litigation, compliance), HR (employee agreements, ESOP records, payroll), Intellectual Property (trademarks, patents, IP assignments), Operations (product docs, technology architecture), and Market (customer references, market research).
What is a condition precedent in an investment agreement?
Conditions precedent (CPs) are specific requirements that must be fulfilled before the investment is finalized and money is transferred. Common CPs include: completion of due diligence to investor satisfaction, execution of key agreements (SHA, SSA), board and shareholder approvals, filing of regulatory forms, clearing pending compliance issues, obtaining required licenses, and key employee agreements being in place.
How do investors verify startup metrics?
Investors verify metrics by: cross-referencing reported revenue with bank statements and GST returns, validating customer count through contracts and billing records, checking user data through analytics access (Google Analytics, app store), verifying growth rates through monthly data (not just annualized projections), speaking directly with reference customers, and analyzing churn data against actual customer records.
What post-investment compliance do investors expect?
After investment, investors typically require: monthly or quarterly financial reports (MIS), board meetings at regular intervals (usually quarterly), annual audited financial statements, compliance with the shareholders' agreement terms, prior approval for material decisions (above specified thresholds), regular updates on key metrics and milestones, RoC and statutory compliance, and adherence to agreed use of funds.
What is an information rights agreement?
An information rights agreement specifies the type and frequency of financial and business information the investor is entitled to receive. It typically includes monthly financial statements (within 15 to 30 days of month-end), quarterly board packages with KPIs, annual audited financials and budget, access to bank statements and tax records, notice of material events (litigation, key departures, regulatory changes), and cap table updates.
How does due diligence differ for different funding stages?
Due diligence intensity varies: Seed stage focuses on the founding team, idea validation, and basic legal compliance. Series A adds financial due diligence, product-market fit validation, and comprehensive legal review. Series B+ includes deep financial analysis, technology audits, customer reference checks, and market study. Late-stage rounds involve institutional-grade due diligence similar to IPO preparedness including detailed tax reviews and governance assessments.
What is the role of the company secretary in due diligence?
The company secretary plays a crucial role in: maintaining statutory registers and records, ensuring timely filing of RoC forms, organizing board and general meeting minutes, verifying compliance with Companies Act provisions, facilitating share allotments and transfers, maintaining the register of members, and providing compliance certificates. Having a qualified company secretary demonstrates good governance and makes due diligence smoother.
How should founders handle confidential information during due diligence?
Founders should: sign a mutual NDA with the investor before sharing sensitive information, use a secure virtual data room with access controls and activity tracking, share information in stages (start with non-sensitive data, share highly sensitive data only after term sheet signing), watermark documents to track leaks, limit access to only the investor's authorized representatives, and maintain a log of all documents shared and accessed.
What is the typical timeline for due diligence?
The typical timeline is: 2 to 4 weeks for seed/angel rounds, 4 to 6 weeks for Series A, 6 to 8 weeks for Series B and beyond. The timeline depends on the investor type (angels are faster, institutional VCs are more thorough), the startup's preparedness (organized data room speeds things up significantly), complexity of the business, and any issues discovered during the process. Being well-prepared can cut the timeline in half.
What are the costs of due diligence for a startup?
Due diligence costs for the startup include: legal counsel fees (Rs. 2 to 10 lakhs for startup's legal advisor), audit fees (if recent audit is not available), valuation report fees, and time spent by the founding team preparing documents and answering queries. Some investors share the cost of their due diligence counsel, while others bear it entirely. The startup should budget 1% to 3% of the funding amount for deal-related costs.
How can startups maintain ongoing due diligence readiness?
Maintain readiness by: filing all statutory returns on time (RoC filings, GST, TDS, income tax), keeping board and general meeting minutes updated, maintaining clean bookkeeping and accounting records, getting annual audits done promptly, keeping material contracts organized and accessible, maintaining updated cap table, ensuring all IP is properly assigned and protected, conducting periodic compliance health checks, and using a virtual CFO to maintain financial discipline.
