SaaS Due Diligence Checklist: What to Verify Before You Buy

The SaaS due diligence checklist

This SaaS due diligence checklist is the practical list of what to verify before you buy a software business, so the story in the listing matches the reality in the data. Diligence is where good acquisitions are protected and bad ones are caught. Skipping it, or doing it shallowly, is how first-time buyers overpay or inherit problems they never saw coming. Work through each section below before you wire any funds. This is educational only, not investment, legal, or financial advice, and it does not guarantee the outcome of any deal.

Why diligence matters more for AI SaaS

Every SaaS acquisition needs diligence, but AI products carry extra failure modes that generic checklists miss: dependence on a single third-party model, inference costs that quietly erode margin, unclear rights to training data, and thin defensibility when the product is a simple wrapper. A buyer who only checks the financials and ignores these can buy a business whose economics collapse the moment model pricing shifts. Treat the AI-specific section as essential, not optional.

Financial diligence

Confirm the money is real and the numbers reconcile to source data, not just a spreadsheet.

• Verify MRR and ARR against the billing system (Stripe, the payment processor, or bank deposits).
• Reconcile reported revenue with bank statements over at least the trailing twelve months.
• Separate recurring subscription revenue from one-off or services income.
• Confirm gross margin after all costs, including inference and model spend.
• Review expenses and add-backs to confirm true profit or SDE.
• Check for any deferred revenue, refunds, or chargeback patterns.

Customer and revenue-quality diligence

Two businesses with identical MRR can be worth very different amounts depending on revenue quality.

• Verify churn rate and net revenue retention from real cohort data.
• Check customer concentration, since heavy reliance on one or two accounts is a major risk.
• Review the acquisition channels and how much growth depends on paid ads.
• Confirm active users versus paying users so you are not buying inflated counts.
• Look at support volume and outstanding customer issues.

Technical diligence

You are inheriting the codebase and infrastructure, so understand what you are taking on.

1. Review the architecture, code quality, and documentation.
2. Map the full tech stack, hosting, and third-party services.
3. Identify technical debt and any single points of failure.
4. Confirm security basics: data handling, access controls, and known vulnerabilities.
5. Understand the deployment and operations burden you will own day one.

AI-specific diligence

This is the section that separates an AI-aware buyer from a generic one.

• Model dependencies. Which models power the product, and what happens if pricing, access, or terms change?
• Inference margin trend. How has gross margin behaved as usage scaled? Improving or eroding?
• Data rights. Who owns the training data, prompts, and any fine-tuned models? Are the rights transferable?
• Defensibility. Is there a real moat (proprietary data, workflow, integrations) or is it a thin wrapper?
• Compliance. Confirm how customer data is used and whether usage respects model and data terms.

Legal and ownership diligence

Confirm the seller can actually transfer everything you are paying for.

• Verify IP ownership and that all contributors signed assignment agreements.
• Confirm ownership of the domain, code repositories, and all critical accounts.
• Review customer contracts, terms of service, and any outstanding obligations.
• Check third-party licenses and whether they transfer with the sale.
• Surface any pending disputes, liabilities, or regulatory issues.

Transition and handoff

The handoff is where deals quietly go wrong, so plan it before you close. Agree on a transition period where the seller helps you take over, build a complete asset transfer list covering every account and integration, and define how customer relationships and credentials move across. Then close through escrow so funds are only released once the transfer conditions are met. For more on protecting the close, see our overview of SaaS escrow.

Using the checklist well

The point of a checklist is to slow you down at the moments that matter. Verify before you trust, reconcile every claimed number to source data, and treat anything you cannot confirm as a discount or a deal-breaker rather than a benefit of the doubt. This checklist pairs naturally with our complete guide to buying a SaaS business and our valuation guide. When you are ready, you can browse verified listings with full metrics on the marketplace.

This article is educational only and is not investment, financial, legal, or tax advice. It does not guarantee the outcome of any acquisition. Consult qualified professionals before completing a purchase.