Executive Summary
No-Go
Risk Score: 55/100 — Critical
Critical risks identified. Significant deal breakers require resolution before proceeding.
Executive Assessment
CloudSync Technologies presents a compelling acquisition opportunity with strong recurring revenue ($4.9M ARR) and solid customer relationships across 4 enterprise accounts. However, two critical risks require pre-close resolution: (1) the NovaBridge change-of-control termination right exposes $2.4M ARR (49% of total), and (2) customer concentration in Pinnacle Analytics (36.7% of ARR) creates single-point-of-failure risk. The IP assignment gap in NovaBridge SOW-2024-003 should be remedied before close. Recommend proceeding with targeted reps & warranties covering CoC consent and IP ownership.
Risk by Domain
| Domain | P0 | P1 | P2 | P3 | Risk |
|---|---|---|---|---|---|
| Legal | 2 | 2 | 1 | 1 | High |
| Finance | 1 | 1 | 1 | 0 | High |
| Commercial | 0 | 2 | 0 | 0 | Medium |
| Product & Tech | 0 | 0 | 3 | 0 | Low |
Top Deal Breakers
- Change of control triggers immediate termination (Novabridge Software)
Section 14.2 of the MSA grants NovaBridge the right to terminate the agreement immediately upon any change of control of the Provider, with no cure period. This affects $2.4M in annual recurring revenue and could result in complete revenue loss from this customer post-close. - Customer concentration risk exceeds 35% of total ARR (Pinnacle Analytics)
Pinnacle Analytics represents $1.8M of $4.9M total ARR (36.7%). Loss of this single customer would materially impact the business. Combined with the CoC termination right, this creates compounding risk. - IP assignment clause missing for custom integrations (Novabridge Software)
Three custom integration modules were developed for NovaBridge under SOW-2024-003 but the SOW lacks an IP assignment clause. Work product ownership defaults to the developer under applicable law, creating ambiguity about who owns the integration code post-acquisition.
14
Material Findings
3
P0 Critical
80%
Match Rate
88%
Avg Governance
Concentration Risk (HHI)
2755 — High
CloudSync Technologies — M&A Due Diligence Report
Overall Risk: Critical
Run ID: sample_demo_001
4
Entities
14
Findings
4
Gaps
3
P0
5
P1
5
P2
1
P3
88%
Avg Governance
Deal Breakers (3)
P0 Change of control triggers immediate termination
Section 14.2 of the MSA grants NovaBridge the right to terminate the agreement immediately upon any change of control of the Provider, with no cure period. This affects $2.4M in annual recurring revenue and could result in complete revenue loss from this customer post-close.
“Upon any Change of Control of Provider, Customer may terminate this Agreement immediately upon written notice without penalty.”
P0 Customer concentration risk exceeds 35% of total ARR
Pinnacle Analytics represents $1.8M of $4.9M total ARR (36.7%). Loss of this single customer would materially impact the business. Combined with the CoC termination right, this creates compounding risk.
“Pinnacle Analytics Group | ARR: $1,800,000 | Status: Active”
P0 IP assignment clause missing for custom integrations
Three custom integration modules were developed for NovaBridge under SOW-2024-003 but the SOW lacks an IP assignment clause. Work product ownership defaults to the developer under applicable law, creating ambiguity about who owns the integration code post-acquisition.
“Provider shall deliver the Custom Integration Modules described in Exhibit A within 90 days of the Effective Date.”
Key Risks (5)
| Domain | Category | Count | Top Finding | Severity |
|---|---|---|---|---|
| Commercial | renewal_terms | 1 | Auto-renewal with 120-day notice period | P1 |
| Commercial | pricing_risk | 1 | MFN pricing clause limits future price increases | P1 |
| Finance | revenue_recognition | 1 | Revenue recognition timing mismatch | P1 |
| Legal | assignment_consent | 1 | Assignment requires prior written consent | P1 |
| Legal | data_privacy | 1 | HIPAA BAA with strict breach notification requirements | P1 |
Revenue-at-Risk & Financial Impact
$5.0M
Total Contracted ARR
$5.0M
Revenue at Risk (100%)
$0
Risk-Adjusted ARR
Revenue-at-Risk Waterfall
Total Contracted ARR
Change of Control Exposure
Termination for Convenience-$510K (1 entities)
Customer Concentration Risk-$340K (1 entities)
Pricing & Discount Risk
Risk-Adjusted ARR
Customer Revenue Concentration
Novabridge Software
$2.4M (48%)
$2.4M (48%)
Pinnacle Analytics
$1.8M (36%)
$1.8M (36%)
Horizon Logistics
$510K (10%)
$510K (10%)
Meridian Health
$340K (7%)
$340K (7%)
Revenue data available for 4 of 4 entities (100%). Entities without revenue data are excluded from financial impact calculations.
SaaS Health Metrics
$5.0M
Total ARR
4
Customers
4/4
With Revenue Data
$1.3M
Avg Contract Value
48% of ARR
Top Customer
Customer Tier Distribution
| Tier | Customers | % |
|---|---|---|
| Enterprise | 4 | 100% |
| Mid-Market | 0 | 0% |
| SMB | 0 | 0% |
Net & Gross Revenue Retention
100%
NRR Estimate
100%
GRR Estimate
0
Expansion Signals
0
Contraction Signals
Benchmark Comparison
NRR 100% vs. best-in-class SaaS benchmark of 120%+. GRR 100% vs. median SaaS benchmark of 90%.
Unit Economics & Growth
100%
Logo Retention (Est.)
$25.2M
CLV Estimate
0
Rule of 40 (Est.)
Rule of 40 score is 0 (below threshold)
Rule of 40 = Revenue Growth % + EBITDA Margin %. Score below 20 signals concern. Note: margin data unavailable, score reflects growth only.
Top customer represents 48% of total ARR
Moderate concentration risk. Consider earn-out or escrow protections.
Valuation Impact Bridge
$5.0M
Total ARR
$0
Risk-Adjusted ARR
$5.0M
Total Exposure
100.0%
Exposure %
Revenue exposure at 100.0%
Total risk exposure of $5.0M represents 100.0% of ARR. Significant valuation adjustment required.
Valuation Impact at Multiples
| Multiple | Gross Valuation | Risk Adjustment | Net Valuation |
|---|---|---|---|
| 5x | $25.2M | $25.2M | $0 |
| 8x | $40.4M | $40.4M | $0 |
| 12x | $60.6M | $60.6M | $0 |
Risk Category Breakdown
| Category | Exposure | % of Total |
|---|---|---|
| Change Of Control | $4.2M | 83.2% |
| Pricing Risk | $2.3M | 45.7% |
| Termination For Convenience | $510K | 10.1% |
| Customer Concentration | $340K | 6.7% |
P0 Deal Stoppers
3 P0 Deal Stoppers across 2 entities
2 entities have findings at this severity level. Review each entity's primary issue and total finding count below.
| Entity | P0 COUNT | Total Findings | Primary Issue |
|---|---|---|---|
| Novabridge Software | 2 | 5 | Change of control triggers immediate termination |
| Pinnacle Analytics | 1 | 4 | Customer concentration risk exceeds 35% of total ARR |
P1 Critical Issues
5 P1 Critical Issues across 3 entities
3 entities have findings at this severity level. Review each entity's primary issue and total finding count below.
| Entity | P1 COUNT | Total Findings | Primary Issue |
|---|---|---|---|
| Novabridge Software | 2 | 5 | Revenue recognition timing mismatch |
| Pinnacle Analytics | 2 | 4 | Assignment requires prior written consent |
| Meridian Health | 1 | 2 | HIPAA BAA with strict breach notification requirements |
Change of Control Analysis
2 entities with change-of-control provisions
3 change-of-control findings identified across 2 entities (1 Consent-Required, 2 Termination-Right). 1 entities may require assignment consent. Review consent requirements and assess impact on deal timeline.
| Entity | Type | Findings | Severity | Primary Issue |
|---|---|---|---|---|
| Pinnacle Analytics | Termination-Right | 2 | P0 | Customer concentration risk exceeds 35% of total ARR |
| Novabridge Software | Termination-Right | 1 | P0 | Change of control triggers immediate termination |
Termination for Convenience — Revenue Quality
1 entities with TfC clauses (valuation input)
1 termination-for-convenience findings across 1 entities. TfC revenue is non-committed (at-risk ARR). Model as a valuation/RPO input — this is not a deal-blocker.
| Entity | Notice Period | Revenue Impact | Finding Detail |
|---|---|---|---|
| Horizon Logistics | Either party may terminate for convenience with only 30 days written notice. Thi | See valuation model | Termination for convenience with 30-day notice |
Domain Risk Heatmap
Legal (6 findings)
High ▶| Category | Findings | Severity Mix | Top Entity |
|---|---|---|---|
| Change of Control | 1 | P0:1 | Novabridge Software |
| IP & Ownership | 1 | P0:1 | Novabridge Software |
| assignment_consent | 1 | P1:1 | Pinnacle Analytics |
| Termination & Exit | 1 | P2:1 | Horizon Logistics |
| Liability & Indemnification | 1 | P3:1 | Horizon Logistics |
| Data Privacy & Security | 1 | P1:1 | Meridian Health |
Change of Control (1 findings, P0:1)▶
Novabridge Software
P0 Change of control triggers immediate termination ▶
Section 14.2 of the MSA grants NovaBridge the right to terminate the agreement immediately upon any change of control of the Provider, with no cure period. This affects $2.4M in annual recurring revenue and could result in complete revenue loss from this customer post-close.
Confidence: high
NovaBridge/MSA_2023.pdf (Section 14.2, page 8)“Upon any Change of Control of Provider, Customer may terminate this Agreement immediately upon written notice without penalty.”
IP & Ownership (1 findings, P0:1)▶
Novabridge Software
P0 IP assignment clause missing for custom integrations ▶
Three custom integration modules were developed for NovaBridge under SOW-2024-003 but the SOW lacks an IP assignment clause. Work product ownership defaults to the developer under applicable law, creating ambiguity about who owns the integration code post-acquisition.
Confidence: high
NovaBridge/SOW_2024_003.pdf (Section 4, page 2)“Provider shall deliver the Custom Integration Modules described in Exhibit A within 90 days of the Effective Date.”
assignment_consent (1 findings, P1:1)▶
Pinnacle Analytics
P1 Assignment requires prior written consent ▶
Section 15.1 requires Pinnacle's prior written consent for any assignment of the agreement, including by operation of law or merger. Consent is not to be unreasonably withheld but adds friction to close.
Confidence: high
Pinnacle_Analytics/MSA_2022.pdf (Section 15.1, page 9)“Neither party may assign this Agreement without the prior written consent of the other party, which consent shall not be unreasonably withheld. Any attempted assignment without such consent shall be void.”
Termination & Exit (1 findings, P2:1)▶
Horizon Logistics
P2 Termination for convenience with 30-day notice ▶
Either party may terminate for convenience with only 30 days written notice. This is unusually short for an enterprise agreement and provides minimal runway to find replacement revenue.
Confidence: high
Horizon_Logistics/Services_Agreement.pdf (Section 8.1, page 5)“Either party may terminate this Agreement for any reason upon thirty (30) days prior written notice to the other party.”
Liability & Indemnification (1 findings, P3:1)▶
Horizon Logistics
P3 Standard limitation of liability at 12 months fees ▶
Liability is capped at total fees paid in the 12 months preceding the claim. This is market-standard and does not present unusual risk.
Confidence: high
Horizon_Logistics/Services_Agreement.pdf (Section 10.2, page 6)“In no event shall either party's aggregate liability exceed the total fees paid by Customer during the twelve (12) month period preceding the claim giving rise to liability.”
Data Privacy & Security (1 findings, P1:1)▶
Meridian Health
P1 HIPAA BAA with strict breach notification requirements ▶
The Business Associate Agreement requires breach notification within 24 hours (stricter than the HIPAA 60-day requirement). Non-compliance penalties are uncapped and survive termination.
Confidence: high
Meridian_Health/BAA_2023.pdf (Section 4.1, page 2)“Business Associate shall notify Covered Entity of any Breach of Unsecured PHI within twenty-four (24) hours of discovery.”
Finance (3 findings)
High ▶| Category | Findings | Severity Mix | Top Entity |
|---|---|---|---|
| Revenue Recognition | 1 | P1:1 | Novabridge Software |
| Concentration Risk | 1 | P0:1 | Pinnacle Analytics |
| Pricing & Discounts | 1 | P2:1 | Horizon Logistics |
Revenue Recognition (1 findings, P1:1)▶
Novabridge Software
P1 Revenue recognition timing mismatch ▶
Contract specifies quarterly billing in advance, but financial records show monthly revenue recognition. The $600K quarterly prepayment is recognized as $200K/month, which is appropriate under ASC 606, but the deferred revenue balance of $400K at any given time represents a liability that must be carried through the acquisition.
Confidence: high
NovaBridge/Order_Form_2024.pdf (Section 3, page 1)“Annual License Fee: $2,400,000, payable quarterly in advance.”
Concentration Risk (1 findings, P0:1)▶
Pinnacle Analytics
P0 Customer concentration risk exceeds 35% of total ARR ▶
Pinnacle Analytics represents $1.8M of $4.9M total ARR (36.7%). Loss of this single customer would materially impact the business. Combined with the CoC termination right, this creates compounding risk.
Confidence: high
_reference/Customer_Revenue_2024.xlsx (Sheet 1, Row 3)“Pinnacle Analytics Group | ARR: $1,800,000 | Status: Active”
Pricing & Discounts (1 findings, P2:1)▶
Horizon Logistics
P2 Below-market pricing with no escalation clause ▶
Horizon's per-seat pricing of $85/month is 32% below the standard rate card of $125/month, with no annual escalation clause. The agreement locks in this rate for the full 3-year term.
Confidence: medium
Horizon_Logistics/Order_Form_2024.pdf (Section 2, page 1)“Per-seat license fee: $85.00/month per named user.”
Commercial (2 findings)
Medium ▶| Category | Findings | Severity Mix | Top Entity |
|---|---|---|---|
| Customer Satisfaction | 1 | P1:1 | Novabridge Software |
| Pricing & Packaging | 1 | P1:1 | Pinnacle Analytics |
Customer Satisfaction (1 findings, P1:1)▶
Novabridge Software
P1 Auto-renewal with 120-day notice period ▶
Agreement auto-renews for successive 1-year terms unless either party provides 120 days written notice. The next renewal window closes on August 1, 2026, creating a narrow window for renegotiation post-close.
Confidence: high
NovaBridge/MSA_2023.pdf (Section 2.2, page 1)“This Agreement shall automatically renew for additional one (1) year periods unless either party provides written notice of non-renewal at least one hundred twenty (120) days prior to the end of the then-current term.”
Pricing & Packaging (1 findings, P1:1)▶
Pinnacle Analytics
P1 MFN pricing clause limits future price increases ▶
Section 7.3 contains a most-favored-nation clause requiring that Pinnacle receives pricing no less favorable than any similarly situated customer. This constrains post-acquisition pricing optimization.
Confidence: high
Pinnacle_Analytics/MSA_2022.pdf (Section 7.3, page 4)“Provider represents that the fees charged to Customer are no less favorable than those charged to any other customer of comparable size and usage volume.”
Product & Tech (3 findings)
Low ▶| Category | Findings | Severity Mix | Top Entity |
|---|---|---|---|
| technical_sla | 1 | P2:1 | Novabridge Software |
| Security | 1 | P2:1 | Pinnacle Analytics |
| Technical Debt | 1 | P2:1 | Meridian Health |
technical_sla (1 findings, P2:1)▶
Novabridge Software
P2 SLA uptime guarantee at 99.95% with service credits ▶
SLA requires 99.95% monthly uptime with graduated service credits: 10% credit for 99.9-99.95%, 25% for 99.0-99.9%, and 50% for below 99.0%. Historical uptime has been 99.97% over the past 12 months.
Confidence: medium
NovaBridge/SLA_Addendum.pdf (Exhibit B, page 1)“Provider guarantees 99.95% monthly uptime for the Platform.”
Security (1 findings, P2:1)▶
Pinnacle Analytics
P2 No SOC 2 Type II certification requirement ▶
Despite handling sensitive financial data, the agreement does not require SOC 2 Type II certification from the Provider. Pinnacle may request this as a condition of consent to assignment.
Confidence: medium
Technical Debt (1 findings, P2:1)▶
Meridian Health
P2 Technical integration dependency on legacy API ▶
Meridian's integration relies on the v1 REST API which is scheduled for deprecation in Q3 2026. Migration to v2 requires Meridian's development team involvement and has not been scheduled.
Confidence: medium
Meridian_Health/Integration_Spec.pdf (Section 2.1, page 3)“All API calls shall use the Provider REST API v1 endpoint.”
Discount & Pricing Analysis
1 entities with identified discounts
2 pricing-related findings across 1 entities. Review discount concentration for revenue quality risk.
32.0%
Avg Discount
32.0%
Max Discount
Discount Distribution
| Bucket | Count |
|---|---|
| 0-10% | 0 |
| 10-25% | 0 |
| 25-50% | 1 |
| >50% | 0 |
Top Discounted Entities
| Entity | Discount % |
|---|---|
| Horizon Logistics | 32.0% |
Pricing Findings
| Severity | Entity | Finding |
|---|---|---|
| P1 | Pinnacle Analytics | MFN pricing clause limits future price increases |
| P2 | Horizon Logistics | Below-market pricing with no escalation clause |
Renewal & Contract Expiry Analysis
1
Renewal Findings
1
Auto-Renew
0
Manual Renew
0
Escalation Caps
0
Evergreen
Expiry Distribution
| Period | Count |
|---|---|
| 0-6mo | 0 |
| 6-12mo | 0 |
| 12-24mo | 0 |
| >24mo | 0 |
Renewal Findings
| Severity | Entity | Finding |
|---|---|---|
| P1 | Novabridge Software | Auto-renewal with 120-day notice period |
Regulatory & Compliance Risk Assessment
2
Compliance Findings
0
DPA Issues
0%
DPA Coverage
1
Jurisdiction
1
Regulatory
40
Risk Score (High)
Regulatory Filing Checklist
- HIPAA: Business Associate Agreement (BAA) audit
Compliance Findings
| Severity | Entity | Finding |
|---|---|---|
| P0 | Novabridge Software | IP assignment clause missing for custom integrations |
| P1 | Meridian Health | HIPAA BAA with strict breach notification requirements |
Contract Date Timeline & Expiry Calendar
1
Date-Related Findings
1
Date Mentions
Contract Date Findings
| Severity | Entity | Finding |
|---|---|---|
| P1 | Novabridge Software | Auto-renewal with 120-day notice period |
Insurance & Liability Analysis
3
Total Findings
0
Insurance
1
Liability Caps
1
Uncapped
0
Indemnification
Uncapped liability detected in 1 contracts
1 contracts have no liability cap. Negotiate caps before close to limit exposure.
Liability Findings
| Entity | Finding | Severity |
|---|---|---|
| Novabridge Software | Revenue recognition timing mismatch | P1 |
| Horizon Logistics | Standard limitation of liability at 12 months fees | P3 |
| Meridian Health | HIPAA BAA with strict breach notification requirements | P1 |
IP & Technology License Risk
1
Total IP Findings
1
Ownership Gaps
0
Open Source
0
License Risks
1 IP ownership gaps identified
1 contracts have unclear IP ownership. Resolve ownership before close to protect core technology assets.
IP & License Findings
| Entity | Finding | Severity |
|---|---|---|
| Novabridge Software | IP assignment clause missing for custom integrations | P0 |
Cross-Domain Risk Correlation
P0 finding detected for Novabridge Software
Entity Novabridge Software has critical findings spanning 4 domains. Immediate review required.
P0 finding detected for Pinnacle Analytics
Entity Pinnacle Analytics has critical findings spanning 4 domains. Immediate review required.
Compound Risk Summary
| Entity | Domains | Findings | Risk Score |
|---|---|---|---|
| Novabridge Software | 4 | 5 | 32.0 |
| Pinnacle Analytics | 4 | 4 | 22.0 |
Clause Analysis
Findings classified against standard M&A clause taxonomy with market norm comparisons.
13
Classified Findings
11
Clause Types Found
▶ Change of Control 2
Market Norm: Most enterprise contracts include CoC clauses. Consent-required with 30-60 day cure is standard.
Risk Implications: May trigger consent requirements, termination rights, or automatic termination upon acquisition.
| Entity | Severity | Finding |
|---|---|---|
| Novabridge Software | P0 | Change of control triggers immediate termination |
| Pinnacle Analytics | P0 | Customer concentration risk exceeds 35% of total ARR |
▶ Anti-Assignment 2
Market Norm: Most contracts restrict assignment without consent but include carve-outs for affiliates or mergers.
Risk Implications: May block assignment of contracts to acquirer post-close without counterparty consent.
| Entity | Severity | Finding |
|---|---|---|
| Pinnacle Analytics | P1 | Assignment requires prior written consent |
| Pinnacle Analytics | P2 | No SOC 2 Type II certification requirement |
▶ IP Ownership 1
Market Norm: Clear assignment of all work product to hiring party is standard. Joint ownership is risky.
Risk Implications: Unclear IP ownership can undermine the core asset. Work-for-hire and joint ownership create complexity.
| Entity | Severity | Finding |
|---|---|---|
| Novabridge Software | P0 | IP assignment clause missing for custom integrations |
▶ Governing Law & Jurisdiction 1
Market Norm: Governing law typically matches vendor's primary jurisdiction. Arbitration is common internationally.
Risk Implications: Unfavorable jurisdiction increases litigation cost. Multiple governing laws create complexity.
| Entity | Severity | Finding |
|---|---|---|
| Novabridge Software | P1 | Revenue recognition timing mismatch |
▶ Renewal & Auto-Renewal 1
Market Norm: Auto-renewal with 30-90 day opt-out is standard in SaaS. 3-5% annual escalation caps are common.
Risk Implications: Auto-renewal provides revenue predictability. Manual renewal with short notice creates churn risk.
| Entity | Severity | Finding |
|---|---|---|
| Novabridge Software | P1 | Auto-renewal with 120-day notice period |
▶ Service Level Agreement 1
Market Norm: 99.5-99.9% uptime for SaaS. Service credits capped at 10-30% of monthly fees.
Risk Implications: Aggressive SLAs with uncapped service credits create financial exposure.
| Entity | Severity | Finding |
|---|---|---|
| Novabridge Software | P2 | SLA uptime guarantee at 99.95% with service credits |
▶ Most Favored Nation 1
Market Norm: Uncommon in standard SaaS. More frequent in enterprise or government contracts.
Risk Implications: MFN clauses constrain pricing flexibility and may require retroactive price adjustments.
| Entity | Severity | Finding |
|---|---|---|
| Pinnacle Analytics | P1 | MFN pricing clause limits future price increases |
▶ Termination for Convenience 1
Market Norm: Common in enterprise SaaS. 30-90 day notice period is standard. TfC with <30 day notice is non-standard.
Risk Implications: Allows counterparty to exit without cause. Affects revenue quality and committed ARR calculations.
| Entity | Severity | Finding |
|---|---|---|
| Horizon Logistics | P2 | Termination for convenience with 30-day notice |
▶ Confidentiality & NDA 1
Market Norm: Mutual NDA with 2-5 year term is standard. Carve-outs for independently developed information are expected.
Risk Implications: Missing or expired NDAs create information security risk. Broad carve-outs may expose sensitive data.
| Entity | Severity | Finding |
|---|---|---|
| Horizon Logistics | P2 | Below-market pricing with no escalation clause |
▶ Liability Cap 1
Market Norm: Cap at 12-24 months of fees paid is standard. Mutual caps are preferred.
Risk Implications: Caps limit financial exposure. Asymmetric caps or missing carve-outs for IP breaches increase risk.
| Entity | Severity | Finding |
|---|---|---|
| Horizon Logistics | P3 | Standard limitation of liability at 12 months fees |
▶ Data Privacy & DPA 1
Market Norm: DPA required for all EU personal data processing. SCCs or adequacy decisions for cross-border transfers.
Risk Implications: Missing or inadequate DPAs create regulatory exposure. Cross-border transfer issues affect operations.
| Entity | Severity | Finding |
|---|---|---|
| Meridian Health | P1 | HIPAA BAA with strict breach notification requirements |
Technology Stack Assessment
1
Tech Findings
1
Security Gaps
0
Technical Debt
0
Migration Risks
| Entity | Severity | Finding | Sub-Category |
|---|---|---|---|
| Pinnacle Analytics | P2 | No SOC 2 Type II certification requirement | Security Posture |
Data Reconciliation
5
Data Points
4
Matches
1
Mismatches
80%
Match Rate
| Entity | Field | Contract Value | Reference Value | Match |
|---|---|---|---|---|
| Horizon Logistics | Annual Revenue | $510,000 | $510,000 | Yes |
| Meridian Health | Annual Revenue | $340,000 | $340,000 | Yes |
| Novabridge Software | Annual Revenue | $2,400,000 | $2,400,000 | Yes |
| Novabridge Software | Contract End Date | 2026-12-01 | 2026-11-30 | No |
| Pinnacle Analytics | Annual Revenue | $1,800,000 | $1,800,000 | Yes |
Entity Health Tiers
2 entities require immediate attention
Tier 1 (Critical): 2 entities have P0 findings. Tier 2 (High): 1 entities have P1 findings. Tier 3 (Standard): 1 of 4 entities have only lower-severity findings.
2
Tier 1 — Critical
1
Tier 2 — High
1
Tier 3 — Standard
4
Total Entities
Tier 1 — Immediate Attention
- T1 Novabridge Software
- T1 Pinnacle Analytics
Tier 2 — Pre-Close Review
- T2 Meridian Health
Recommendations
Immediate
Resolve 3 P0 Critical Findings Before Closing
3 critical findings require immediate resolution. These represent potential deal-breakers that must be addressed or mitigated with appropriate deal structure protections.
Pre-Close
Obtain Assignment Consent from 2 Entities
3 change-of-control findings across 2 entities. 1 require consent — initiate outreach to key customers. Consider escrow holdback for consent-dependent revenue.
Pre-Close
Negotiate Customer Concentration Protection
HHI concentration index of 2755 indicates high customer concentration. Consider earn-out tied to customer retention (10-30% of consideration) or escrow holdback for 12-24 months.
Pre-Close
Close 4 Documentation Gaps
4 documentation gaps identified. Request missing documents from the target company. Prioritize gaps affecting P0/P1 findings.
Valuation
Model TfC Revenue Exposure for 1 Entities
Revenue from TfC contracts is non-committed. Model as at-risk ARR in valuation analysis.
Positive
1 Entities Have No Critical/High Findings
1 of 4 entities analyzed have no P0 or P1 findings, indicating a healthy base of low-risk contracts.
Post-Close Integration Playbook
74
Churn Risk Score
High
Churn Risk Level
High
Integration Complexity
Churn Risk Score: 74/100 (High)
Estimated $3.7M ARR at elevated churn risk. Recommend retention-focused integration plan with customer outreach within first 30 days post-close.
Integration Risk Factors
| Risk Factor | Impact | ARR at Risk |
|---|---|---|
| Change of Control exposure | high | $4.2M |
| Termination for Convenience clauses | high | $510K |
| Customer concentration risk | medium | $340K |
Integration Milestones
Pre-Close
- Identify 3 contracts requiring consent/notice for CoC
- Assess 1 contracts with TfC risk for retention strategy
Day 1
- Communicate acquisition to key accounts
- Send consent/notice letters for CoC-triggered contracts
Day 30-90
- Complete customer outreach for top revenue accounts
- Implement retention plans for at-risk contracts
Day 90-180
- Monitor churn signals and contract renewals
- Execute pricing/contract harmonization where needed
Missing or Incomplete Data (4 items)
Documentation Gaps (4)
▶By Priority
P0 1
P1 2
P2 1
By Type
Missing_Doc: 3
Stale_Doc: 1
| Entity | Priority | Type | Missing Item | Risk | Why Needed | Request to Company | Agent |
|---|---|---|---|---|---|---|---|
| Novabridge Software | P0 | Missing_Doc | SOW IP Assignment Amendment | IP ownership of custom integrations remains ambiguous | |||
| Novabridge Software | P1 | Stale_Doc | Current DPA (last version from 2021) | Data processing agreement may not comply with current GDPR requirements | |||
| Pinnacle Analytics | P1 | Missing_Doc | Data Processing Agreement | No formal DPA despite processing financial data | |||
| Meridian Health | P2 | Missing_Doc | Penetration test report (last available: 2023) | Security posture unverified for healthcare data handling |
Entity Detail
Horizon Logistics (3 findings, 0 gaps) P2:2 P3:1▶
Governance Resolution: 95%
Cross-Reference Reconciliation
| Field | Source A | Source B | Match |
|---|---|---|---|
| Annual Revenue | $510,000 | $510,000 | Yes |
Findings
Legal
P2 Termination for convenience with 30-day notice ▶
Either party may terminate for convenience with only 30 days written notice. This is unusually short for an enterprise agreement and provides minimal runway to find replacement revenue.
Confidence: high
Horizon_Logistics/Services_Agreement.pdf (Section 8.1, page 5)“Either party may terminate this Agreement for any reason upon thirty (30) days prior written notice to the other party.”
P3 Standard limitation of liability at 12 months fees ▶
Liability is capped at total fees paid in the 12 months preceding the claim. This is market-standard and does not present unusual risk.
Confidence: high
Horizon_Logistics/Services_Agreement.pdf (Section 10.2, page 6)“In no event shall either party's aggregate liability exceed the total fees paid by Customer during the twelve (12) month period preceding the claim giving rise to liability.”
Finance
P2 Below-market pricing with no escalation clause ▶
Horizon's per-seat pricing of $85/month is 32% below the standard rate card of $125/month, with no annual escalation clause. The agreement locks in this rate for the full 3-year term.
Confidence: medium
Horizon_Logistics/Order_Form_2024.pdf (Section 2, page 1)“Per-seat license fee: $85.00/month per named user.”
Meridian Health (2 findings, 1 gap) P1:1 P2:1▶
Governance Resolution: 88%
Cross-Reference Reconciliation
| Field | Source A | Source B | Match |
|---|---|---|---|
| Annual Revenue | $340,000 | $340,000 | Yes |
Findings
Legal
P1 HIPAA BAA with strict breach notification requirements ▶
The Business Associate Agreement requires breach notification within 24 hours (stricter than the HIPAA 60-day requirement). Non-compliance penalties are uncapped and survive termination.
Confidence: high
Meridian_Health/BAA_2023.pdf (Section 4.1, page 2)“Business Associate shall notify Covered Entity of any Breach of Unsecured PHI within twenty-four (24) hours of discovery.”
Product & Tech
P2 Technical integration dependency on legacy API ▶
Meridian's integration relies on the v1 REST API which is scheduled for deprecation in Q3 2026. Migration to v2 requires Meridian's development team involvement and has not been scheduled.
Confidence: medium
Meridian_Health/Integration_Spec.pdf (Section 2.1, page 3)“All API calls shall use the Provider REST API v1 endpoint.”
Gaps
| Priority | Type | Missing Item | Risk | Why Needed | Request to Company | Agent |
|---|---|---|---|---|---|---|
| P2 | Missing_Doc | Penetration test report (last available: 2023) | Security posture unverified for healthcare data handling |
Novabridge Software (5 findings, 2 gaps) P0:2 P1:2 P2:1▶
Governance Resolution: 78%
Cross-Reference Reconciliation
| Field | Source A | Source B | Match |
|---|---|---|---|
| Annual Revenue | $2,400,000 | $2,400,000 | Yes |
| Contract End Date | 2026-12-01 | 2026-11-30 | No |
Findings
Legal
P0 Change of control triggers immediate termination ▶
Section 14.2 of the MSA grants NovaBridge the right to terminate the agreement immediately upon any change of control of the Provider, with no cure period. This affects $2.4M in annual recurring revenue and could result in complete revenue loss from this customer post-close.
Confidence: high
NovaBridge/MSA_2023.pdf (Section 14.2, page 8)“Upon any Change of Control of Provider, Customer may terminate this Agreement immediately upon written notice without penalty.”
P0 IP assignment clause missing for custom integrations ▶
Three custom integration modules were developed for NovaBridge under SOW-2024-003 but the SOW lacks an IP assignment clause. Work product ownership defaults to the developer under applicable law, creating ambiguity about who owns the integration code post-acquisition.
Confidence: high
NovaBridge/SOW_2024_003.pdf (Section 4, page 2)“Provider shall deliver the Custom Integration Modules described in Exhibit A within 90 days of the Effective Date.”
Finance
P1 Revenue recognition timing mismatch ▶
Contract specifies quarterly billing in advance, but financial records show monthly revenue recognition. The $600K quarterly prepayment is recognized as $200K/month, which is appropriate under ASC 606, but the deferred revenue balance of $400K at any given time represents a liability that must be carried through the acquisition.
Confidence: high
NovaBridge/Order_Form_2024.pdf (Section 3, page 1)“Annual License Fee: $2,400,000, payable quarterly in advance.”
Commercial
P1 Auto-renewal with 120-day notice period ▶
Agreement auto-renews for successive 1-year terms unless either party provides 120 days written notice. The next renewal window closes on August 1, 2026, creating a narrow window for renegotiation post-close.
Confidence: high
NovaBridge/MSA_2023.pdf (Section 2.2, page 1)“This Agreement shall automatically renew for additional one (1) year periods unless either party provides written notice of non-renewal at least one hundred twenty (120) days prior to the end of the then-current term.”
Product & Tech
P2 SLA uptime guarantee at 99.95% with service credits ▶
SLA requires 99.95% monthly uptime with graduated service credits: 10% credit for 99.9-99.95%, 25% for 99.0-99.9%, and 50% for below 99.0%. Historical uptime has been 99.97% over the past 12 months.
Confidence: medium
NovaBridge/SLA_Addendum.pdf (Exhibit B, page 1)“Provider guarantees 99.95% monthly uptime for the Platform.”
Gaps
| Priority | Type | Missing Item | Risk | Why Needed | Request to Company | Agent |
|---|---|---|---|---|---|---|
| P0 | Missing_Doc | SOW IP Assignment Amendment | IP ownership of custom integrations remains ambiguous | |||
| P1 | Stale_Doc | Current DPA (last version from 2021) | Data processing agreement may not comply with current GDPR requirements |
Pinnacle Analytics (4 findings, 1 gap) P0:1 P1:2 P2:1▶
Governance Resolution: 91%
Cross-Reference Reconciliation
| Field | Source A | Source B | Match |
|---|---|---|---|
| Annual Revenue | $1,800,000 | $1,800,000 | Yes |
Findings
Legal
P1 Assignment requires prior written consent ▶
Section 15.1 requires Pinnacle's prior written consent for any assignment of the agreement, including by operation of law or merger. Consent is not to be unreasonably withheld but adds friction to close.
Confidence: high
Pinnacle_Analytics/MSA_2022.pdf (Section 15.1, page 9)“Neither party may assign this Agreement without the prior written consent of the other party, which consent shall not be unreasonably withheld. Any attempted assignment without such consent shall be void.”
Finance
P0 Customer concentration risk exceeds 35% of total ARR ▶
Pinnacle Analytics represents $1.8M of $4.9M total ARR (36.7%). Loss of this single customer would materially impact the business. Combined with the CoC termination right, this creates compounding risk.
Confidence: high
_reference/Customer_Revenue_2024.xlsx (Sheet 1, Row 3)“Pinnacle Analytics Group | ARR: $1,800,000 | Status: Active”
Commercial
P1 MFN pricing clause limits future price increases ▶
Section 7.3 contains a most-favored-nation clause requiring that Pinnacle receives pricing no less favorable than any similarly situated customer. This constrains post-acquisition pricing optimization.
Confidence: high
Pinnacle_Analytics/MSA_2022.pdf (Section 7.3, page 4)“Provider represents that the fees charged to Customer are no less favorable than those charged to any other customer of comparable size and usage volume.”
Product & Tech
P2 No SOC 2 Type II certification requirement ▶
Despite handling sensitive financial data, the agreement does not require SOC 2 Type II certification from the Provider. Pinnacle may request this as a condition of consent to assignment.
Confidence: medium
Gaps
| Priority | Type | Missing Item | Risk | Why Needed | Request to Company | Agent |
|---|---|---|---|---|---|---|
| P1 | Missing_Doc | Data Processing Agreement | No formal DPA despite processing financial data |
Methodology & Limitations
Analysis Process
This due diligence report was generated through automated analysis of the target company's data room documents using specialized AI agents. The process follows a deterministic 35-step pipeline with 5 blocking quality gates.
4
Entities Analyzed
14
Findings Extracted
4
Gaps Identified
5
Data Points Reconciled
Agent Coverage
| Domain | Findings | Risk Level |
|---|---|---|
| Legal | 6 | High |
| Finance | 3 | High |
| Commercial | 2 | Medium |
| Product & Tech | 3 | Low |
Data Quality
- Cross-reference match rate: 80% (4 matches, 1 mismatches of 5 data points)
- Average governance resolution: 88%
- Entities with incomplete governance: 4
Known Limitations
- Analysis is limited to documents provided in the data room. Documents not included may contain material information.
- Financial figures extracted from contract text are best-effort and may not reflect current values.
- Unreadable or corrupted documents are flagged as gaps but cannot be analyzed.
- AI-generated findings should be verified by legal and financial advisors before making investment decisions.
- Cross-reference reconciliation depends on data availability in both contract documents and reference sources.