VC Legal Due Diligence Checklist: Corporate, IP, Employment, and Contracts

A round can feel done until legal diligence starts. Then the deal slows down over issues that are rarely existential, but frequently messy: missing IP assignments, sloppy option grants, a cap table that does not match signed documents, or a customer contract with a clause that makes enterprise expansion harder than it looks.

Legal diligence is not about perfection. It is about reducing avoidable risk and making sure ownership, IP, and obligations are clear. This checklist is designed to help founders prepare and to help investors run a consistent review.

How Legal Diligence Fits Into The Investment Process

Legal diligence typically runs in parallel with product and financial diligence. The highest leverage strategy is to check for obvious legal blockers early, then do a deeper review once the deal is likely to proceed.

Corporate and Cap Table

The goal is to verify that the company is properly formed, equity is issued correctly, and ownership is accurately reflected.

• Certificate of incorporation and bylaws (or equivalent).
• Board and stockholder consents for major actions.
• Stock ledger and cap table with supporting issuance documents.
• Option plan documents, option grant approvals, and signed agreements.
• SAFE/convertible notes: signed agreements and most favored nation terms.
• Prior financings: purchase agreements, investor rights, and side letters.

Common pitfalls

• Unsigned grants or missing approvals for equity issuances.
• Cap table spreadsheets that do not match signed paperwork.
• Unclear option pool math or missing option exercise records.

IP and Technology Ownership

Investors want confidence that the company owns what it claims to own, and that key contributors have assigned IP properly.

• Founder IP assignments (including any pre-company work).
• Employee and contractor invention assignment agreements.
• Open source usage policy (or at least a list of critical dependencies).
• Patents, trademarks, and licensing agreements (if applicable).
• Third-party code or data licenses, plus any restrictions.

Common pitfalls

• Contractors building core product without assignment language.
• Former co-founder contributions not properly assigned.
• Data licenses that restrict commercial use.

Employment and HR

Employment diligence focuses on IP assignment, confidentiality, and whether there are risks from misclassification or missing agreements.

• Employment agreements, offer letters, and confidentiality terms.
• Contractor agreements and classification rationale.
• Non-compete and non-solicit constraints by jurisdiction (if any).
• Benefit plans and any obligations tied to them.
• Outstanding disputes, terminations, or claims.

Customer and Vendor Contracts

Contract diligence is about identifying obligations that can limit scale: unusual warranties, uncapped liability, restrictive termination clauses, or exclusivity.

• Top customer agreements and standard MSA terms.
• Data processing terms (especially for B2B SaaS).
• Pricing, renewal, and termination clauses.
• SLAs and uptime commitments.
• Key vendor contracts and dependencies.

Common pitfalls

• Unlimited liability or broad indemnities in early customer deals.
• Change-of-control clauses that require consent in many contracts.
• Exclusivity that blocks expansion into adjacent markets.

Compliance, Privacy, and Security

Even at early stages, investors look for basic hygiene: what data is collected, how it is stored, and how obligations are handled.

• Privacy policy and terms (if the product is live).
• Data handling practices and access controls.
• Incident response basics and security ownership.
• Industry-specific compliance requirements (if applicable).

A Simple Founder Pre-Flight Checklist

If you do nothing else, do these five things before you send a data room:

• Reconcile cap table to signed docs and approvals.
• Collect IP assignments for founders, employees, and contractors.
• Identify your top contracts and review liability and termination clauses.
• Document your data handling and basic security posture.
• Create a list of known issues with an owner and timeline to fix.

The fastest deals are not the ones with zero issues. They are the ones where issues are known, documented, and actively managed.