How to Do Due Diligence When Buying an Online Business
Due diligence is what separates good acquisitions from disasters. Here is the framework.
Financial Deep Dive
Begin with a line-by-line review of the last 36 months of P&L statements, balance sheets, and tax returns. Reconcile reported MRR or ARR against Stripe, PayPal, or Shopify payout records to confirm accuracy. For SaaS businesses, calculate net revenue retention and gross churn; healthy targets show churn below 3% monthly and NRR above 105%. Apply the correct multiple—2–4× ARR for most SaaS under $1M ARR, 3–5× SDE for content or marketplace sites—to set a defensible offer price.
Legal and Contractual Review
Engage an attorney to examine all material contracts, including terms of service, customer agreements, vendor contracts, and IP assignments. Verify domain ownership, trademark registrations, and any open-source license obligations. Confirm there are no outstanding disputes, data-breach claims, or change-of-control clauses that could void key partnerships post-close. An APA should explicitly list every asset transferring and every liability remaining with the seller.
Technical and Operational Audit
Request read-only access to the tech stack: Git repositories, hosting accounts, payment processors, and analytics dashboards. Run a full security scan and review commit history for signs of technical debt. Interview the founder about deployment processes, uptime incidents, and key vendor relationships. Document every login credential and API key that will need rotation after closing.
Customer and Growth Validation
Export the last 24 months of customer data and segment by acquisition channel, lifetime value, and churn cohort. Send anonymous surveys to 30–50 active users to gauge satisfaction and switching costs. Compare current traffic and conversion metrics against SimilarWeb and Google Analytics archives to spot any recent decline. If the business relies on a single marketing channel or top-five customers for >40% of revenue, price in the concentration risk.
Escrow, Reps & Warranties, and Closing
Structure the deal with 10–20% of purchase price held in escrow for 12–18 months to cover breaches of reps. Include standard indemnification clauses for tax liabilities, IP infringement, and data-privacy violations. On closing day, transfer all domains, social handles, and payment accounts in a single coordinated sequence witnessed by both parties and the escrow agent. Platforms such as hades.ae, Acquire.com, and FE International provide standardized LOI templates and escrow partners that streamline this final step.
How long should due diligence take on a $300k–$800k online business?
Most buyers complete thorough diligence in 30–45 days when using a focused checklist; extending beyond 60 days often signals either seller resistance or deal fatigue.
What financial red flags should immediately lower an offer?
Monthly churn above 5%, more than 35% of revenue from one customer, unreconciled Stripe-to-P&L gaps, or declining net revenue retention below 95% are all triggers to reduce the multiple by at least 1×.
Which platforms provide the best standardized diligence templates?
hades.ae, Empire Flippers, MicroAcquire (now part of Acquire.com), and FE International each supply vetted checklists, data-room templates, and third-party escrow services tailored to digital-asset transactions.
Ready to acquire?
Browse curated digital platforms on hades.ae — every listing is built and owned by our team. View available platforms →