Timing of tech DD — when do you actually get to do it?

profile

May 07, 2026

by a searcher from Georgia Institute of Technology in San Francisco, California, USA

Acquiring a B2B SaaS healthcare company. Previously an AI Architect, so I sent a thorough tech DD questionnaire to the seller covering stack, HIPAA, SOC 2, Azure inventory, multitenancy (The kind of thing I'd normally send when evaluating enterprise vendors). Broker flagged it immediately. Said the questions are too pointed and employees will figure out something is happening. Their position: announce the acquisition first, then do formal tech DD with the IT lead. The close is two weeks out. We are almost done with APA. For those who've closed SaaS deals: when did you actually get to assess the tech? Any workarounds pre-announcement, or is some of this just trust-and-verify post-close? I understand this might be tricky for software companies
0
13
314
Replies
13
commentor profile
Reply by a searcher
from Howard Payne University in Austin, TX, USA
Having been through multiple software DD processes on both sides, these questions are standard. @redacted‌ is correct - any senior technical employee who's been through an acquisition before will recognize what's happening regardless of how the questions are framed. The NDA-with-retention approach is the cleaner solution. But the more important point is this: the broker is two weeks from close with an APA nearly done. Their incentive is to get to closing, not to protect your interests. "Announce first, then do tech DD" is a broker protecting a commission, not a seller with a legitimate concern. HIPAA compliance, SOC 2 status, and multitenancy architecture are not negotiable items in any SaaS acquisition. If the seller won't answer them before close, you need to ask yourself what they're protecting, whether you want to own it. And stepping back for a moment. Is this the same deal you mentioned in a separate post with a bank appraisal at roughly half the purchase price? If so, this is the second significant red flag on this deal. Two red flags this close to close, with a broker managing access to information, is worth an honest conversation with yourself about whether you're still evaluating this deal clearly or whether you're too far in to walk away cleanly.
commentor profile
Reply by a searcher
in Orlando, FL, USA
> or is some of this just trust-and-verify post-close? NEVER! I mean, sure, you can. that can be your choice. if you have big pockets to absorb a total loss (or bigger). there is never a way to hide a DD from the tech team - unless they're inexperienced. the CTO, VPE, dir of eng, someone, should be leading this and _looped in_. if they dont know it's for sale - this is SaaS remember, not just some company with tech-involved - that is a MAJOR red flag. senior tech leaders get looped in early, and involved throughout the sale process. if they dont, there is _no one_ managing damage control internally, and this is the _major damage_ area to SaaS. Your IT team walks out, it hurts. your engineering team walks out? you're dead. I've been inside (on one side or the other) 10 SaaS (or similar) sales and mergers and 100% of the time I was read in on the possible sale early. (at least at DD time). It was pretty normal to go through DD conversations with a few different buyers before landing a deal, too. And yes, that meant my job was gathering information, presenting it, and protecting my team. and I've seen what happens when no one asks where the license keys are buried. oh, the unpaid oracle license is more than the purchase price of the business? yep.
commentor profile
+11 more replies.
Join the discussion