A Nigerian startup data room checklist is a structured set of folders and documents, corporate, cap table, finance, tax, legal, compliance, product, and traction often prepared for due diligence. It should reflect Nigerian requirements (CAC/CAMA docs, FIRS VAT/tax, NDPA 2023 privacy, SEC crowdfunding rules) and be organized, access-controlled, and kept audit-ready.
Why your data room matters (especially in Nigeria)
If you’re courting angels, VCs, grants, or strategic acquirers, a clean Nigerian startup data room checklist is the difference between fast diligence and endless back-and-forth. It’s a resource that proves you’re organized, compliant with local laws, and ready to scale. It also shortens diligence cycles and increases deal confidence. Guidance from leading VDR providers and investor playbooks echo the same: organized rooms win deals.
Nigeria adds a few layers: CAC/CAMA filings, FIRS VAT at 7.5%, and NDPA 2023 privacy obligations, plus possible SEC crowdfunding considerations. Getting these right keeps you out of trouble and speeds up closing.
The definitive Nigerian startup data room checklist
Below is a practical, investor-grade Nigerian startup data room checklist. Build these as top-level folders, then add subfolders and documents as noted.
1) Corporate & CAC / CAMA Documents
-
Certificate of Incorporation, CAC status report/extract, and current particulars.
-
Memorandum & Articles of Association; amendments; shareholders’ agreements.
-
Board & shareholders’ resolutions (authorizing share issuances, option plans, bank mandates).
-
Annual returns and filings under CAMA 2020 / CAC regulations (PDFs from the portal are fine; CAC accepts authenticated e-filings).
Pro tip: Keep a single “Corporate Index” one-pager listing entity names, RC numbers, directors, and secretaries with links to source docs.
2) Cap Table & Equity Instruments
-
Fully diluted cap table (as of last month).
-
SAFEs/convertibles, subscription agreements, share certificates, pre-emption waivers.
-
Option pool/ESOP plan, option grant agreements, exercise records.
-
Board-approved valuation notes (if any), 409A-style or local equivalents where applicable.
Industry-standard data room inventories include equity and security docs clearly separated.
3) Financial Statements & Metrics
-
Monthly P&L, balance sheet, cash flow (last 24 months), audited accounts (if available).
-
Detailed revenue by product/segment, cohort analysis, churn, LTV/CAC, unit economics.
-
Bank statements (12–18 months), AR/AP ageing, debt schedules.
-
Forecast model (18–24 months) with assumptions tab.
Organized financials are top of mind for diligence reviewers.
4) Tax & FIRS Filings
-
FIRS registration evidence (TIN), VAT registration certificate.
-
VAT returns (showing the 7.5% rate unless zero-rated), CIT and WHT filings, PAYE evidence.
-
Correspondence with FIRS; any assessments/settlements.
FIRS confirms the VAT rate and threshold compliance expectations; keep return PDFs for every period.
5) Regulation, Data Protection & Compliance
-
NDPA 2023 compliance: privacy policy, consent records, data mapping, DPA/DPIA where required, processor agreements, breach logs.
-
NDPC communications (if any), cookie consent configurations, data retention schedule.
-
Sectoral licenses (fintech, health, edtech, etc.), FCCPC/consumer protection policies.
-
If you process EU/UK data, note GDPR/UK GDPR alignment and cross-border transfer basis.
NDPA 2023 sets Nigeria’s baseline privacy obligations; enforcement actions show rising risk and real penalties.
6) Commercials: Customers, Revenue & Traction
-
Top 50 customer contracts (redacted where needed), standard MSAs/SLAs, pricing.
-
Pipeline, signed LOIs, churn list with reasons, NPS summaries.
-
Key supplier and distributor agreements, reseller/agent contracts.
Investor checklists consistently expect clean customer and revenue files.
7) Technology, IP & NOTAP
-
Source code repo overview, SDLC notes, security policies, architecture diagrams.
-
IP assignments from founders and staff/contractors; trademark/patent filings.
-
Third-party software licenses; open-source licenses & compliance.
-
NOTAP: If you have foreign technology transfer/licensing agreements (e.g., software licensing from a foreign parent), include registration evidence and related approvals.
8) HR, ESOP & Policies
-
Employee roster, contracts, NDAs, contractor agreements; immigration/work permits if any.
-
ESOP policy & grants (also in Equity folder), performance reviews, org chart.
-
Staff handbook, whistleblowing, anti-harassment, and disciplinary procedures.
9) Fundraising: Rounds, Term Sheets & SEC
-
Prior round term sheets, signed SPAs/SSAs, side letters, closing sets, post-money cap table.
-
Use of proceeds plan; scenario and runway analysis.
-
SEC Nigeria compliance if you raised via equity crowdfunding (issuer eligibility, portals, limits). Add portal agreements and disclosures.
10) Ops, Risk & Insurance
-
Insurance policies (D&O, cyber, general liability), claims history.
-
Compliance calendars, risk registers, incident reports.
-
Material litigation: writs, pleadings, counsel opinions, settlement agreements.
How to structure your virtual data room (VDR)
A clean folder architecture helps reviewers find answers quickly. Here’s a proven top-level structure for your Nigerian startup data room checklist:
Choose a VDR or investor room that supports granular permissions, watermarking, and activity logs. Most modern solutions also list SOC 2/ISO 27001 certifications and offer viewer analytics—handy during diligence.
Access control, versioning, and audit trails
-
Principle of least privilege: Grant access by workstream (legal, finance, tech).
-
Watermark & view-only PDFs: Reduce uncontrolled sharing.
-
Versioning: Keep superseded docs in
/99 Archivewith dates. -
Audit trails: Export user activity logs for the closing binder.
Data-room best practices emphasize structured access and monitoring.
Common red flags Nigerian investors notice
-
CAC filings missing or inconsistent with board/shareholder resolutions. Corporate Affairs Commission
-
VAT registration gaps or filings that don’t reflect 7.5% where applicable. FIRS
-
Privacy paperwork out of sync with NDPA 2023 (no consent records, no DPA with processors). Recent enforcement shows regulators will act.
-
Unregistered foreign tech transfer contracts that should be under NOTAP.
-
Crowdfunding raises missing SEC documentation.
FAQs
1) What is the minimum set for a first investor review?
Create a slim pack: CAC certificate & CAMA essentials, cap table, last 12–24 months of financials, VAT/TIN and tax filings, top 10 customer contracts, privacy policy & NDPA controls, IP assignments, and prior round docs. Add deeper materials as diligence advances.
2) Do I need NOTAP approval?
If you have a foreign technology transfer (e.g., software license, IP use, technical services) that involves payments abroad, your agreement likely needs NOTAP registration. Upload the executed agreement, fee reasonableness confirmation, and approval evidence. When unsure, consult counsel and review NOTAP’s requirements.
3) What tax items are non-negotiable for diligence?
VAT registration and returns (7.5%), corporate income tax filings, WHT schedules, PAYE remittances, and any FIRS correspondence or assessments. Keep PDF receipts and filing confirmations per period.
4) We raised via crowdfunding—what extra should be inside?
Include SEC-compliant disclosures, portal agreements, investor registers, allotment evidence, and any waivers/side letters. Ensure your issuer eligibility aligns with the SEC rules for investment-based crowdfunding.
5) How often should I update the data room?
Monthly for financials and bank statements; quarterly for tax returns and KPIs; immediately for any new board resolutions, contracts, or regulatory approvals. Weekly updates during live diligence are ideal; export the audit log at close.
Conclusion & Next Steps
A thoughtful Nigerian startup data room checklist signals discipline, speeds diligence, and reduces risk. Nail CAC/CAMA, get your FIRS VAT/tax house in order, document NDPA compliance, and present clean financials and contracts. Then keep everything updated with tight access controls. When you’re ready to level up, let Zaccheus automate the financial side of your room.
Want investor-ready financials, live metrics, and tidy exports? Try Zaccheus — your AI CFO for startups and share a cleaner data room in days, not months.