03
Technical due diligence
Technical due diligence is an independent audit of the software, the architecture, and the team behind a deal, so an investor or an acquirer knows what they are buying. We deliver a plain-language risk report in about a week.
What's included
- A read of the codebase, the architecture, and the deployment setup by a senior engineer who has built and shipped real products.
- A risk register: what is solid, what is fragile, and what would cost real money to fix, ranked by severity.
- An honest read on technical debt, key-person risk, security exposure, and scalability.
- A report written for a non-technical reader, with a technical appendix for the ones who want it.
- A debrief call to walk the findings and answer the questions a deal raises.
How it works
- 01
Access
We get read access to the repository, the docs, and ideally a call with the team. The lighter the team's lift, the better.
- 02
Audit
We review the code, architecture, security, and process against what the business actually needs, not a generic checklist.
- 03
Report
You get a ranked risk register and a plain-language summary, plus the technical appendix. No jargon wall.
- 04
Debrief
A call to walk the findings, weigh the risks against the price, and answer what the deal hinges on.
Most audits take about a week, faster for a focused question, longer for a large or messy codebase.
Related concepts
Common questions
Who is this for?
Investors sizing up a technical bet, founders preparing for a raise or a sale, and operators who inherited a codebase they did not write and need an honest read on it.
Is it independent?
Yes. We are not pitching to build the thing afterwards, and we have no stake in the deal closing. The report says what we found, including the parts no one wants to hear.
What do you need from the team?
Read access to the repo and docs, and ideally one call. We keep the team time to a minimum, since they usually have a deal to run.
Can a lawyer or a non-engineer read it?
That is the point. The main report is plain language with ranked risks and costs. The deep technical detail lives in an appendix for whoever wants it.
Related work
- Waydev
Waydev: lifting throughput and unifying notifications at a YC engineering-analytics startup (11 months)
Eleven months at a YC W21 startup. Migrated Laravel + Vue to Octane and shipped a notification microservice covering Slack, Teams, email, and in-app, without breaking the live product.
Read case study → - Avo HQ
Avo: building a zero-maintenance Rails admin framework that teams actually keep (16 months)
Co-founded an open-source admin framework for Ruby on Rails, still shipping at avohq.io. Configuration-based, no code generation, designed so teams can extend it without owning it.
Read case study →