The Private Equity glossary for tech investors
Private equity investors face increasing challenges when assessing technology assets in a target company. As technology advances, systems grow more complex, making it difficult to differentiate between scalable, well-structured platforms and those burdened by inefficiencies, security risks, or outdated components. Technology assessments require specialised expertise to identify risks and growth potential. Without that clear understanding, investors risk missing hidden vulnerabilities or overestimating a company’s tech capabilities. Much like buying a second-hand car without mechanical knowledge, an investor may struggle to determine whether a technology stack is reliable or problematic. Tech due diligence bridges this gap by providing a structured evaluation of software, infrastructure, and scalability. This glossary defines key terms to help investors drive these assessments with greater confidence.

ARR (Annual Recurring Revenue)
A key metric for subscription-based businesses, particularly in SaaS companies, indicating predictable revenue generated annually. High ARR signals strong customer retention and growth potential, making it a fundamental indicator of a company's financial health and scalability.
Bolt-on acquisition
An acquisition strategy where a company acquires smaller, complementary businesses to enhance its existing operations. For example, a cloud-based cybersecurity firm might acquire a startup specialising in AI-driven threat detection to strengthen its service offering and expand its technological capabilities.
Build-up acquisition
A growth strategy involving multiple acquisitions to consolidate a market position or improve efficiencies. For example, a SaaS company specializing in enterprise collaboration tools may acquire multiple niche software firms offering AI-driven workflow automation, cloud storage optimization, and advanced security features. By integrating these technologies, the company strengthens its competitive position and enhances its product offering to meet a broader range of client needs.
Carve-out (IT carve-out)
Carve-out designates the separation of a business unit or IT system from a parent company, typically in preparation for a sale or spin-off. For example, a multinational software company looking to divest a non-core business unit may need to extract its IT systems, applications, and infrastructure from the parent organization. This process involves migrating data, disentangling shared services, and ensuring the carved-out entity has independent technology capabilities to operate efficiently post-transaction.
Dataroom
A secure digital (or physical) space where sensitive documents are stored and accessed during a transaction or due diligence process. For tech due diligence, a dataroom may include software architecture diagrams, cybersecurity audit reports, API documentation, source code repositories, open-source license inventories, and cloud infrastructure details etc… to allow investors to assess the technology stack.
Due diligence
A comprehensive assessment of a target company before an investment, focusing on financials, legal matters, operations, and risks.
EBITDA
Earnings Before Interest, Taxes, Depreciation, and Amortisation
A key financial metric assessing a company’s profitability before non-operating expenses.
Equity
Ownership in a company, typically in the form of shares, which represents a claim on profits and assets.
Exit
Private equity exits mark the end of an investment in a portfolio company. Through the exit process, the investor seaks returns on investment, often via a sale, IPO, or merger.
Infomemo / CIM (Confidential Information Memorandum)
A document prepared by a seller, outlining a company’s financials, operations, and growth potential for potential buyers.
Investment thesis
The rationale behind an investment, outlining expected value creation strategies and risks.
IPO (Initial Public Offering)
The process of a private company offering shares to the public for the first time to raise capital.
IRL (Information Request List)
A document outlining the specific data and materials required from a company for due diligence. This may include financial statements, commercial strategy etc. In the context of tech due diligence, an IRL will also include a requirement for software architecture documentation, cybersecurity policies, IT infrastructure details, open-source software usage reports, AI maturity assessments, compliance records etc….
IT due diligence
A specific type of tech due diligence focusing on IT systems, cybersecurity, software architecture, and operational risks.
LBO (Leveraged Buyout)
An acquisition strategy where a company is bought using a significant amount of borrowed capital, leveraging its assets.
MBO (Management Buyout)
When a company’s management team acquires the business from its current owners.
Merger
The combination of two companies into a single entity to create synergies and enhance value. This strategic move is often pursued to achieve economies of scale, expand market reach, or integrate complementary resources. For example, a cloud infrastructure provider may merge with a cybersecurity firm to strengthen its security offerings and provide a more comprehensive solution to BtoB clients. By integrating security protocols directly into cloud services, the combined company can enhance market positioning and create a more scalable and secure platform.
Network footprint
The digital presence and exposure of a company's IT infrastructure, including public-facing systems, cloud environments, and third-party integrations. Assessing a network footprint helps identify vulnerabilities, potential attack surfaces, and overall cybersecurity posture.
Portfolio company (PortCo)
A business that is owned or invested in by a private equity or venture capital firm and thus belongs to the Private Equity’s portfolio of companies.
Portfolio monitoring
The ongoing assessment of a private equity firm’s PortCos to track financial performance, operational efficiency, and technology scalability. Effective portfolio monitoring ensures that companies remain aligned with growth objectives, mitigate risks, and optimise value creation over time. Tech portfolio monitoring measures real time cyber strength, performance of R&D team...
Post-Merger Integration (PMI)
The process of combining operations, technology, and teams after a merger or acquisition, to create value.
Red flag
A critical risk or issue identified during due diligence that could negatively impact valuation or deal feasibility.
Scalability
The ability of a business or technology to handle increased demand and growth without significant performance degradation or cost escalation.
Technology due diligence (or technical due diligence)
A deep evaluation of a company’s technology, infrastructure, software, security, and scalability to assess risks and opportunities. This process may also examine open-source software (OSS) IP issues, financial operations (FinOps) optimisation, and the maturity of AI assets. The ultimate purpose of a tech due diligence is to provide an assessment of the tech and propose concrete actions to implement, to support compliance, financial sustainability, and the ability to scale efficiently for future growth.
Tech stack
The combination of programming languages, frameworks, and technologies used to build and run a software application.
Tech value creation
The process of increasing a company's worth through technology-driven improvements, including optimising software architecture, enhancing scalability, strengthening cybersecurity, and leveraging automation. Effective tech value creation ensures that technology assets reduce operational inefficiencies and support long-term business growth.
Tech Vendor Due Diligence (tech VDD)
A specialised form of vendor due diligence focused on evaluating a company’s technology assets before a sale. This process allows portfolio managers planning an exit to assess the technological strengths and weaknesses of a portfolio company, identify areas that may require improvements, and address potential concerns ahead of investor scrutiny. A tech VDD helps managers enhance valuation and builds trust with the future investor.
Vendor Due Diligence (VDD)
A due diligence process initiated by the seller to provide potential buyers with a transparent view of the business before a transaction.
Disclaimer
The opinions, presentations, figures and estimates set forth on the website including in the blog are for informational purposes only and should not be construed as legal advice. For legal advice you should contact a legal professional in your jurisdiction.
The use of any content on this website, including in this blog, for any commercial purposes, including resale, is prohibited, unless permission is first obtained from Vaultinum. Request for permission should state the purpose and the extent of the reproduction. For non-commercial purposes, all material in this publication may be freely quoted or reprinted, but acknowledgement is required, together with a link to this website.

Recommended for you