Gradion

Know what you are buying before you sign.

Technical due diligence for M&A. 8 dimensions scored. Remediation costs estimated. Plain-language summary for your investment committee. EUR 6,000. 1-2 weeks.

Let's talk

The situation

Every technology acquisition contains undisclosed risk.

When you acquire a technology company, you are not buying the product. You are buying the engineering decisions made over the last 3-10 years. Some are sound. Some will cost EUR 500K to unwind. Some are critical security vulnerabilities that were never disclosed.

Most acquirers find out which is which after the deal closes. At that point, the leverage is gone.

What surfaces after close, and should have surfaced before.

Critical security issues: unpatched dependencies, exposed credentials, insecure API authentication.

Hidden technical debt: core modules written years ago, never refactored, costing months and hundreds of thousands to modernise.

Scalability limitations: the platform works at current volumes but the acquirer's growth plan requires 10x. Whether the architecture supports that is a material factor in the deal value.

Licence and compliance gaps: open-source violations, undisclosed third-party dependencies, GDPR or PCI-DSS non-compliance.

A EUR 6,000 engagement that surfaces one critical vulnerability and EUR 500K in hidden debt pays for itself by an order of magnitude.

What you will know

A scored Technical Risk Matrix across 8 dimensions.

Code Quality, Architecture, Security, Scalability, Infrastructure, Team, Technical Debt, Compliance. Each dimension scored Red/Amber/Green with written findings and evidence.

Estimated remediation costs for every significant finding.

Each finding includes estimated cost and timeline to remediate. Lets you adjust the valuation model before signing.

Deal-breaking flags clearly identified.

Critical security vulnerabilities, hidden licensing risks, non-compliance, architecture that cannot scale to your target volume.

Integration roadmap for post-acquisition.

How the target's tech stack connects to your existing systems. Integration complexity, estimated timeline, likely blockers.

Executive summary written for your investment committee.

Two pages. Plain language. Problem, findings, risk rating, recommended actions.

How it works

Scoping

Scope call with the deal lead. Target company profile, access requirements, timeline alignment. Typically same day or next day.

Deep review

Code review, architecture assessment, security scan, infrastructure audit, team evaluation. AI-assisted tooling accelerates coverage without sacrificing depth.

Analysis

Risk scoring across 8 dimensions. Remediation cost estimation. Integration complexity assessment. No client time required.

Debrief

Findings walkthrough with the investment committee or deal lead. Risk Matrix presentation. Remediation scoping conversation.

Scope

What is included

Technical Risk Matrix: 8 dimensions scored Red/Amber/Green.

Estimated remediation cost and timeline for each significant finding.

Deal-breaking flags clearly identified and explained.

Integration roadmap: complexity, timeline, blockers.

Executive summary (2 pages) written for the investment committee.

60-minute debrief call with the deal lead or investment committee.

All work conducted under NDA. Full confidentiality.

What is not included

Legal due diligence or financial analysis.

Remediation or engineering implementation (scoped separately if the deal proceeds).

Ongoing monitoring or retainer.

Extended scope for targets with 500+ engineers (priced at EUR 8,000-10,000 on request).

Who does the work

Lars Strojny, Principal Consultant.

Every Tech Due Diligence engagement is conducted personally by Lars Strojny, Gradion's most senior software architect. Not a junior analyst who learned a framework. Not a team that needs to be managed.

One senior practitioner who has reviewed dozens of codebases, knows what buried risk looks like, and writes findings in plain language your investment committee can act on.

Lars uses AI-assisted code review tools, automated security scanning, and structured assessment templates developed from previous codebase reviews. The efficiency comes from experience and tooling, not from cutting corners.

Why Gradion

EUR 6,000 vs EUR 80,000-300,000 from Big 4.

Big 4 Tech DD starts at EUR 80K and takes 4-6 weeks. Boutique firms charge EUR 30K-80K. Gradion delivers senior-architect-led rigour at EUR 6,000 in 1-2 weeks. Same depth. Fraction of the cost and timeline.

APAC-native: timezone, context, network.

Gradion is headquartered in Singapore with engineering hubs in HCMC and Bangkok. We understand the APAC tech landscape: what a Vietnamese Series B engineering team looks like, common architecture patterns, where security risks concentrate. We are not a European firm flying in to assess an Asian company.

We can implement the remediation.

With 320 engineers across four continents, Gradion executes every remediation item we identify. The team that found the issues is the team best positioned to fix them. No hand-off, no ramp-up, no gap between diagnosis and fix.

Investment

Tech Due Diligence

Fixed price. No surprises. No hidden costs.

Recommended

Standard

EUR 6,000

Full technical risk assessment: 8-dimension Risk Matrix, remediation costs, deal-breaking flags, integration roadmap, executive summary. 1-2 weeks, 3-4 work days.

  • Technical Risk Matrix across 8 dimensions
  • Estimated remediation cost per finding
  • Deal-breaking flags identified
  • Integration roadmap
  • Executive summary (2 pages, plain language)
  • 60-minute debrief with investment committee
  • Full NDA coverage

Common questions

How fast can you start?

Typically within 48 hours of scope confirmation. For urgent deal timelines, same-day start is possible. The engagement takes 1-2 weeks from start to final report delivery.

What access do you need from the target?

Read-only access to the codebase (GitHub, GitLab, or similar). One architecture interview with the target's technical lead (60-90 minutes). Access to infrastructure documentation if available. All access is conducted under NDA.

Can you do this under NDA?

Yes. Every engagement runs under full NDA. We regularly work on confidential M&A processes. The report and all findings are delivered exclusively to the commissioning party.

What if the deal falls through?

The engagement fee is fixed regardless of deal outcome. You receive the full report and debrief. Many clients keep the report on file for reference on future deals involving the same target or similar technology stacks.

What about larger or more complex targets?

For targets with 500+ engineers, multiple distributed systems, or regulated industry compliance requirements, the engagement extends to 5-7 work days at EUR 8,000-10,000. This is discussed during scoping.

From audit to production

For deals that proceed, Gradion runs the post-acquisition engineering engagement.

Remediation engineering: fix the issues Gradion identified. Security vulnerabilities first, technical debt second, architecture limitations third. Modernisation: upgrade the target's stack to meet the acquirer's standards. Integration engineering: connect the target's systems to the acquirer's platform.

Typical path: Tech DD (EUR 6,000, 1-2 weeks), then post-acquisition engineering (EUR 30K-200K, 3-6 months). Scope is derived directly from the Tech DD findings. No separate discovery needed.

No obligation to proceed. The report stands on its own as a deliverable.

Next step

Tech Due Diligence: EUR 6,000

Fixed price. 1-2 weeks. Fill out the form and we will confirm availability and scope within 48 hours.

  • No obligation. No sales pitch.
  • Response within 48 hours.
  • Senior practitioner, not a junior analyst.

By submitting this form, your data will be processed to handle your inquiry. See our Privacy Policy.