Setting up a data room for SaaS acquisition

Here we speak with Rihards Blanks, Associate Director at saas.group, about one of the most common questions founders ask when considering selling their business: what is a data room and how to set one up properly.

What is a data room and why is it crucial for SaaS acquisitions?

A data room is, in its essence, a secure online platform used to share and manage confidential documents during due diligence processes, ensuring controlled access and streamlined deal execution.

In my opinion, there are three main reasons why a Virtual Data Room (VDR) is essential:

First, security and confidentiality. VDRs are usually encrypted with access control storage to protect sensitive financial, legal, and operational documents from unauthorized access or release.

Second, a VDR makes the M&A process more efficient by centralizing all due diligence materials in a structured format, enabling faster document retrieval, streamlined collaboration, and reduced deal friction.

And lastly, access control and tracking. They allow granular permission settings whereby you can track activities, create audit trails, and ensure that only authorized parties see the specific information needed for them.

Do you need a specialized platform for setting up a data room or is Google Drive good enough?

It’s a good start. It all has to do with dealing in good faith. As always, we sign an NDA with any given seller, which states clearly that we will not be sharing information with any third parties.

So you can send files over email or GDrive – it really doesn’t matter in the early stages. It gets a bit more serious when you start sharing really sensitive stuff like customer contracts, etc.

What are the essential folders for your SaaS data room?

For us initially, the two core items we look for are the financials, specifically the profit and loss statement, and secondly, the customer schedule, which captures your monthly movements of MRR by customer.

Once we progress to due diligence, we would normally have several key folders including:

1. Corporate legal documents that usually contain certificates of incorporation and bylaws, any shareholder agreements, the cap table, compliance and regulatory documents, if any.
   
2. Financials and accounting. If you have audited yearly reports, we’d be happy to see those, which include balance sheets on top of the P&L I mentioned.
   
3. Customer revenue data. At its core, those are customer invoices in their rawest form. Using those, we can calculate the revenues ourselves and see what’s what versus what the seller is telling us. In the same folder, it’s also really cool to see customer contracts and subscription agreements, especially for enterprise businesses.
   
4. Product and technology, which typically includes product roadmaps, development plans, tech stack overview, infrastructure documentation, and any policies or compliance documents the company has like GDPR, SOC 2, etc.
   
5. Sales and marketing – marketing campaign performance, customer acquisition costs, acquisition channels, partnerships and affiliate agreements, and stuff like that.
   
6. The last one would be legal and tax, which is typically carried out by third-party providers in our case, so that’s something we usually don’t touch.
   

Those would be the five folders I would say have to be there.

What are the common mistakes SaaS founders make with data rooms?

First of all, founders often don’t have a data room in the first place. The usual founder to whom we speak doesn’t have a data room because that’s usually something used by larger conglomerates that treat their information as super sensitive.

For us, some minor issues include incomplete or outdated documents. By incomplete, I mean you’re showing me the last 12 months of your profit and loss statement but it’s missing a month, for example. By simply not adding it, it essentially extends the due diligence timeframe, which drags things along and makes it more complex.

And outdated documents really aren’t relevant for us. If we ask for the last four years of your balance sheet and you give us your balance sheet for the last 15 years, it doesn’t bear any meaning for us.

Another topic that’s quite common is just having too much unnecessary information that buries the key insights and overwhelms potential buyers. Luckily, we have the experience to pinpoint which is the actually important stuff versus what’s irrelevant.

What are the best practices in setting up data rooms for SaaS M&A?

It’s really being able to react fast and actually have the necessary documentation. If a seller isn’t capable of showing us how they acquire leads or where they’re spending their marketing dollars, it gets tricky for us to dig deeper because there’s simply nothing to dig into.

Just having a relatively moderate selection of documents that explain your organization really helps accelerate the process as a whole.

Do we, at saas.group have any preferences towards the data that is presented and the tools that are used?

For us, number one is core financial statements, among which are the profit and loss and balance sheet. Usually, we go for the last three to four years.

Moving on, revenue and SaaS data. These are raw customer invoices accompanied by any subscription management tools that track your MRR movements on a monthly basis so we can compare them.

Lastly within the revenue and SaaS data would be customer contracts and subscription agreements. We just want to make sure those agreements are real and we can see they are signed, confirming you have actual customers.

At the same time, a budget and forecast from the selling party would be really important for us because then we can understand how they are planning to grow and by doing what exactly. They are justifying their growth rates or profitability rates by giving us assumptions and ideas about the next 12-24 months.

Besides financials, at later stages, we also ask for operational documents or legal documents. These are necessary not only for us but also for the legal and tax advisors. Those include sales pipeline and CRM data, product roadmaps, development roadmaps, tech stack infrastructure descriptions, support and SLA agreements if any, and employee and HR reports.

For legal, it’s the quite usual stuff like company incorporation and bylaws, shareholder agreements, NDAs and confidentiality, any historical litigation proceedings, IP ownership, and patents.

The sum collection of the company’s existence should be basically in a bunch of folders. But usually, these files are quite simplistic in their nature, being one or two pages long, just showing that what you’re saying is actually true based on X, Y, and Z documents.

How long does the data room review process take?

It really depends on the size of the company and the maturity of the company. For smaller companies, literally, five minutes does it. For larger organizations having sophisticated processes and sophisticated documentation, this might take a couple of days. So it really depends on the maturity of the company.