Share to Twitter

A complete founders’ guide to raising a successful angel round

Bonus: Get the list of 300+ top angels in the tech industry from around the world

If raising angel investment is a founder’s dream, the process of raising it is definitely their nightmare. 
In this guide, our CEO Ankit Pansari breaks down the steps that led to OSlash's seed round.
Learn how to reach out to top angels and structure your round successfully.

OSlash Angel Funding Guide  Cover

Introduction

In November 2021, OSlash announced a $2.5 million pre-seed round led by Accel. This was followed by our post-seed round to the tune of $5 million in March 2022.

The rounds saw participation from more than 50 angel investors and operators — the who’s who of business and technology — including Dylan Field (Figma), Akshay Kothari (Notion), Girish Mathrubootham (Freshworks), Olivier Pomel (Datadog), Nicolas Dessaigne (Algolia), Christian Oestlien (YouTube), Kunal Shah (CRED), and Cristina Cordova (First Round), among others.

How did we pull this off?

I put this guide together to answer exactly that question and to make the process of raising an angel round more transparent and easier to understand. I know what a struggle it can be to navigate obscure logistical and legal processes involved in fundraising. The lack of actionable resources for first-time founders only compounds the problem. This is a small attempt from me to solve it for you.

Unlike institutional investors such as Venture Capital (VCs), angels are individuals who take an interest in the startup at a very early stage, when the risks are still high and the fate of the startup is largely undecided. They can be the most crucial source of not just funding, but also provide an ecosystem of social and informational capital that helps a startup thrive. 

If you are an early-stage founder looking to leverage the strengths of angels for your venture, this guide can prove extremely useful to you. 

It comes with lessons from my personal, hands-on experience. Having conducted multiple private and group sessions for founders and VCs on how to structure a successful angel round prompted me to pen it all down for easy reference. 

Let’s dive in!

What is covered in this guide? 

Think of this guide as the ultimate playbook for raising money from angel investors. It will help you understand:

  1. Who are angel investors and how they can support your business 
  2. How to set goals and structure a successful angel round 
  3. How to reach out to angels
  4. What collaterals to prepare for your round
  5. How to close your round
  6. FAQs

What inspired this guide? 

Fundraising is a double-edged sword for a startup founder. 

On the one hand, it is everything you detest — tedious processes, heaps of paperwork, red tape, and bureaucracy. It eats up time you could be investing more fruitfully in building products, conducting market research, talking to your users, and scaling your business. 

On the other hand, it is indispensable if you want to grow. The angel investors you get on your cap table will not just provide finances, but also lend a helping hand as you build your business from the ground up. I wrote this guide to clear the many misconceptions founders have when they think about raising an angel round.

Who is this guide for?  

  1. This guide is for founders of technology companies, who are currently raising their seed round and would like to have angel investors participate or lead the round
  2. This guide will discuss in-depth how companies can raise a successful angel round from multiple angel investors
OSlash Angels form graphic
Get our list of top angels from around the world
Get the complete list of 300+ angels in the tech industry from around the world
Awesome!

Please check your inbox for the complete list
and other additional info
Request a demo
Oops! Something went wrong while submitting the form.

Who are angels and how can they help? 

Ever wondered why they are called angels and not simply investors? It is because they bring in so much more than cash. They bring in kindness. They are ready to believe in your dream when few others do. And they are ready to put their money where their mouths are. They are your staunch supporters who want your business to succeed as much as you want it.  

And how can they help? Well, most angels are themselves successful entrepreneurs, business leaders, innovators, and visionaries who want to help make the world a better place and give back to the community that supported and mentored them in need. They do this by:

  1. Backing your idea with much-needed finance
  2. Capitalizing on their vast networks and introducing you to the right connections. These could be additional investors, technical or business mentors, and coaches, great candidates you could hire, or even early customers for your pilots
  3. Providing a wealth of industry-specific knowledge and know-how gathered and embellished from years of personal and/or second-hand experience, especially if you are building a venture in a very regulated or vertical business
  4. Cheerleading you and lending crucial moral support and encouragement when plans go awry and you need to do some rethinking, make some adjustments, and pivot

Types of angel investors

There are different kinds of angel investors you can have on board, in order to maximize the utility and benefits you derive out of your angel round.

They include:

1. Fellow founders: 

  • They are angels who have built their own companies, often from scratch, going through each stage of the complex process. They can guide you through every aspect of founding a business and can be mentors and coaches to you
  • Since they have faced similar challenges and navigated similar journeys, they are well-qualified to dispense relevant and actionable advice for your company. They can share the best playbook from their journey
  • The only thing to keep in mind is that if they are very successful founders, they will not be able to dedicate too much time and energy to your company
  • Ex - Dylan Field, CEO of Figma or Girish Mathrubootham, CEO of Freshworks. 


2. Super angels

  • Also called archangels, super angels are extremely active investors who have a huge network of executives and advisors
  • They have a knack for making money from their well-researched and often commercially successful investments in hundreds of companies
  • Ex - Naval Ravikant, Brianne Kimmel

3. Domain experts: 

  • Angels, who can double up as domain experts, can be a valuable resource for know-how when you are building a deep tech company or going after a vertical industry such as healthcare, insurance, or construction
  • There are some investors who have deep domain expertise in certain markets, such as NFX. The entire founding team is that of operators who have built and run marketplaces companies
  • Ex - Lenny Rachitsky, Balaji S.


4. Operator angels: 

  • They are senior executives in the business such as product, engineering, or marketing leaders. It can be VP Engineering at a big tech company or a Marketing Director at a consumer goods conglomerate
  • Ex - Shreyas Doshi, Cristina Cordova

What do angel investors look for in a startup?

Angel investors primarily look for a sweet spot based on many factors before investing in a startup. These include the nature of the business & the market, the founding team’s experience & expertise, and of course, the potential returns on their investment.

Here are a few criteria a startup should fulfill before approaching angel investors:

1. A strong management team: The first thing which any investor, angel or VC, looks for in the startup is the management team. Is the team passionate about the problem? How do the founding members know each other? How long have they been working on this problem? Is the leadership strong, adaptable, observant, and trustworthy? Qualities such as integrity, clarity of strategy and approach, professionalism, determination, self-belief, and belief in the venture are important to angel investors.

There are a lot of examples where the team has started with a product and has pivoted to something else, Twitter being one of the most famous ones. It started off as a messaging service before Jack Dorsey and team pivoted to Twitter.

2. A large market size: The second thing they look for is if the market is large enough. If it is, they know that there are going to be multiple companies, which will go after this market and someone is going to win. A good example is the food delivery business. People are going to order food.

But this is particularly relevant when angels are investing in a technical product, which may not be exactly like a consumer product, for which everyone just knows there's a market.

3. A convincing business plan: Angel investors will exercise due diligence and  invest in only if they are convinced by the complete business plan, including analysis of the target market including competitors, financial projections, marketing plans, and other specifics. They want to see a fully sketched out vision that details the plans for blistering the growth and competitiveness of the company.

4. A problem they can relate to: If you are trying to solve a problem that angels have themselves experienced or one that they relate to, it serves like validation for them to invest in the startup.

5. A viable exit strategy: Since angels take considerable risk while investing in a startup, they expect manifold returns. One way in which they assess their potential returns is by evaluating the exit strategies available to them. They will expect a comprehensive analysis of their payout and their risk in each scenario.

How to raise a seed round with angel investors?

The key to raising a pre-seed or seed round with angel investors is knowing that angel investing is all about building trust and long-term relationships. This may be easier in person but post the pandemic, it has also become common to approach angels virtually. Angel investment networks and groups also exist. 

After finding potential investors, you can set up a time to meet with them and present your pitch. Your pitch should be clear and impactful and give them a reasonable idea of your business. If an angel is convinced, they may conduct further due diligence and vet your business plan, financial statements, and the like, and offer you a deal. 

Below is a step-by-step breakdown of how you can structure a successful angel round.

But before that, I want to clarify the difference between seed investment and angel investment.

Seed investment vs. angel investment — the difference

Seed money, as the name suggests, is money raised by a company in its very initial stages. It typically involves small amounts, enough to take care of a business’ essential operational needs. Seed finance enables companies to attract more financing to grow and scale themselves.

Seed money can come from a variety of sources, such as close friends and family of the founding team, crowdfunding, startup incubators & accelerator institutions, and private investors including angel investors, and venture capital (VC) funding. So, angel investment is a subset of seed investment. 

How to structure your angel investment deals?

For a successful angel round, I will break down the process of fundraising into four steps: 

  1. Goal: Planning how much money you want to raise and from whom 
  2. Outreach: Creating a lead pipeline and networking 
  3. Preparation: Creating collaterals such as an elevator pitch, investment memo, company deck, and product demo 
  4. Closure: Creating  a legal structure to collect cheques from multiple angel investors

1. Goal

How much to raise?

If you already have a lead investor and are planning to raise money from a number of small investors, I recommend keeping at least 10 to 15%  allocated to angel investors. While negotiating with your lead investor, please mention at the outset that at least 10 to 15 % would be allocated to angels. 

In OSlash, we kept a 20% allocation for angels, and our lead VC firm, Accel, was completely on board with the idea. They even introduced us to some angels. 

From whom to raise? 

Angel Investing can happen in two ways — where angels themselves are leading the round (also called Party Round) or you have a VC firm leading the round and angels participating in that round. If you already have a name VC firm leading you around, you would like to get a few angels to participate. 

  1. If you are working on a dev project, it will help to have founders of companies such as Vercel, Github or Stack Overflow on your cap table as they have already built an audience around developers
  2. If you are building a consumer tech company, try to get founders of companies such as Instagram, Bumble, Calm and others, who will be good for your cap table 

2. Reach Out Investors - Outreach

i. At the outreach stage, you should create a long list of potential angels who could participate in your angel round. 

ii. Your list should have a combination of: 
- successful founders in your category
- leading operators who can help you build the engineering, product, or marketing functions
- super angels who can open more doors for future fundraising

iii. I recommend putting together a list of 100 to 150 angels. 

  • If you don’t know where to start, we have created a list of the most prolific angels, which we would love to send to you.
OSlash Angel Funding Guide  Cover
Get our list of top angels from around the world
Get the complete list of 300+ angels in the tech industry from around the world
Awesome!

Please check your inbox for the complete list
and other additional info
Request a demo
Oops! Something went wrong while submitting the form.

  • Send personalized emails to these angels and ask for warm introductions. Follow them on Twitter and if their DMs are open, don’t hesitate to send them your elevator pitch. 

3. Preparation

You have to lay the groundwork for your potential angels and present them with all the necessary information they need to make a sound investment decision. 

After all, an angel is an individual, not an institution. They will be investing their hard-earned money and their trust into your business for a high-risk high-return proposition. Raising money is an exercise in trust-building. 

Getting their support will be far easier if you do the following religiously, provide full disclosure in the investment documents, and cover all your bases properly.

You have to work on four major preparation collaterals:

i. Elevator or email pitch
ii. Investment memo
iii. Deck
iv. Product demo 

i. Elevator Pitch

Write a short blurb about the business. Introduce the company, the problem, and the value proposition or solution you propose with its potential benefits.  

Keep it concise (so much so that you can explain it in 30 seconds to one minute). 

Here is ours, for example: At OSlash, we are building an all-in-one enterprise URL manager that lets you name, structure, access, and organize long workplace links by converting them into human-readable shortcuts. This simplifies and speeds up information-sharing, productivity, and collaboration for you and your team.

ii. Investment Memo

Expand on the blurb by writing a comprehensive investment memo. 

This will be the main document that outlines the key components of the business and presents the case and rationale for investors to put their money into it. Express all the crucial information about the business but also keep it simple. 

Here is a draft template you can use: 

  1. Introduction: This should detail:
    a. What you do
    b. The problem you intend to solve
    c. The proposed solution
    d. The business model/how the solution will make you money 
    e. The scale of the opportunity
  2. Metrics: Highlight in numbers, charts, and graphs:
    a. The traction up to now (include a chart)
    b. Revenue drivers
    c. What go-to-market looks like
  3. Challenges to growth: Mention:
    a. The obstacles hindering you from growing faster
    b. How raising money can help overcome the problem
  4. Market: Define:
    a. Your target customers and ICP
    b. The thinking patterns and behavior of your ideal customer
    c. The scope of the opportunity your target market presents
  5. Competitive Landscape: Answer how you plan to take on and beat the competitors
  6. Team: Explain the unique strengths and opportunities your team brings with it
  7. Use of funds: Elaborate on how much you plan to raise, from whom, and what you plan to do with it


Try to explain the business and why the timing is right for the venture. It’s extremely important to draft a good business memo. The memo is your source of truth for all follow on investment materials that you are going to create in the company. 

Here are a couple of good investment memos which are public: 

  1. Rippling
  2. Airbase

iii. Deck

Create a full presentation based on your investment memo. 

Your deck is a visual and succinct representation of your memo. Keep the number of slides limited and focus only on meaningful data without being too detailed. 

Tailor your deck according to the audience; do a little research before you pitch and get to know the people you’ll be pitching to better. 

One of the best guides we have found online on how to pitch decks is by Reid Hoffman - LinkedIn Deck pitch to Greylock Partners

iv. Product Demo

  1. Remember raising funds is an exercise in trust-building. Since it is impractical to meet all the angels because of location and COVID norms, founders have to get more creative and go the digital way for fundraising.
  2. You can easily make a Loom video of the product or create an early self-sign version for your angels to try out. 
  3. At OSlash, we ended up doing both - we made a Loom video with the signup link for the product. You can find the OSlash demo here
  4. If you want to learn how to create a compelling product demo, here’s a Twitter thread I wrote on this. 

4. Closure 

We are now moving to the final stages of collecting the cheque and closing the round. 

This is where things usually get complicated. I have seen founders spending a lot of time here and experiencing frustration.

Perils of an angel round

Although having a lot of angels is extremely beneficial for your company, managing all of them is cumbersome:

  1. Your cap table will get very messy: Early-stage founders don’t realize how difficult it is to maintain a cap table. When you are starting out, you will have only a few line items such as a Lead-VC, founders, and employees. But, as you start adding angels and future investors, the number starts becoming larger. You will have to invest in Cap Table Management software such as Carta or Pulley.

  2. Legally expensive: If your lawyers need to create separate legal documents for every angel, your legal fees will end up going through the roof. In future rounds, your legal cost will rise further due to a messy cap table. Late-stage investors will be disappointed as more due diligence will be required.

  3. Chasing signatures and wire transfers: You will need signatures from each angel whenever you are raising a new round. Moreover, you will have to keep track of every wire that has reached your bank account and keep all your angels updated accordingly. 

Fortunately, there is an easy way out of all this. Our friends at AngelList have come up with a brilliant solution - the AngelList Roll-up Vehicle. 

AngelList Roll-up Vehicle 

  1. Roll-up Vehicles (RUV) are a special-purpose entity set up to create a single holding company for all your angels.  
  2. You can get all the investors to invest via a single entity - without bringing them individually into your Cap Table. 
  3. Upto 250 angels can invest via a single RUV. 
  4. As a founder, you get a neat dashboard where you can track all the investments and stages of wire transfers directly into the company. 
Funding Dashboard
  1. Your investors can directly transfer the money using the ACH payment mode and also save the cost of wire transactions. 
  2. It is as simple as sharing a link with all your investors. 
Funding Dashboard 2
  1. Once angels transfer the money to AngelList, the latter will take care of all legal formalities and wire the money to your company account, once the round is closed. 
  2. The best part? RUV is private. Only people with the invite links can invest in RUV. 

Conclusion

Now that you know how to raise a successful angel investment round for your startup, it may be worthwhile to point out that fundraising is often an ongoing battle and not a one-time affair.

As a founder, your goal should be to close the round as fast as possible so that you can go back to doing what you know and do best - building your company.

I hope that this guide can help you get one step closer to doing that with more awareness, simplicity, and ease of mind.

If you have any questions, you can always reach out to me at ankit@oslash.com and I’d be more than happy to help.

Happy fundraising!

FAQs

1. When is the right time to raise money? How do I know when my business is eligible for an angel round?

The right time to raise money is when you have discovered product market fit. Generally speaking, a business can survive in the long run only when there are people who will buy what it sells. So there should be demand for your product or service and people should be willing to pay for it.

But even before that the question to ask is whether the business even needs angel money? Whenever we think of raising private money or raising money from investors, we have to keep in mind that the business must scale and provide an exit to existing investors. If you're thinking of building a large business, which you believe can scale and go public someday, and will make money for people who are investing in it, then it may be right to go for angel investment. When you know that the business is eligible, make sure you have some understanding of where the customers are going to come from. Because only then will the business succeed and scale, and make money for private investors. 

In conclusion, the moment you reach some level of product market fit, you should look at raising some angel money.

2. How do angel investors differ from a VC?

There are four major differences between angel investors and VCs:

a. Cheque size - Angels don't invest as much as VCs. While VCs can invest anything from $500,000 all the way to $500 million, the usual upper limit for angels is $100,000. And they can also invest as low as $1000.

b. Structure - Angels are generally individuals (can also form angel groups to come together and invest). But VCs are structured as a firm.

c. Source of the funds -  VCs raise money from large banks, pension funds, universities etc. to deploy into startups. Angels usually invest their own money. But, nowadays you also have angels who raise money to invest in companies.

d. Engagement level - With a VC, because of the firm structure, you have different engagement levels. You have analysts, associates, and partners who would actually be on the board and engage with you. Unless a VC firm has said yes to an investment, a partner is not going to be involved in the business. But, an angel is investing alone. They are trying to help you. They are trying to work with you so they will be personally involved from day one.

3. Should I negotiate with an angel? How do I best prepare for negotiations?

a. In most cases, you won’t need to negotiate with an angel because angels are extremely founder-friendly. In fact, you should watch out for angels who try to back you into a corner and reconsider engaging with them. Most angels would try to accommodate whatever your needs are. In my experience, they want to make sure they do right by the founders.

b. In some cases, however, you might have to negotiate, especially where they are asking for a larger allocation in the business that you can’t comply with. For example, you're raising a $2 million round out of which only $200,000 is reserved for angels. And you have an angel who wants a $50,000 allocation (that is 25% of your allocation) that you can't allow. You might have to ask them to reduce it to a $20,000 allocation. In such cases, you need to be very upfront with them and make sure that you give them some upside in the later rounds.

c. In addition, there can be one peculiar situation where you may have to negotiate. Let's say if the valuation of the company is not defined and angels are coming together in the round, you can ask the lead angel to come up with a good valuation for the company, or come up with one yourself. And if they are negotiating, try to understand where they are coming from. Also keep in mind, angels are investing their own money. So you, too, don't want to be very greedy with the valuation.

4. My collateral contains everything about my business. How do I protect the confidentiality of my idea?

a. As I said before, angel fundraising is an exercise in trust-building and it works both ways. If an angel is already investing in your startup, they have a vested interest to make sure all your rights are protected.

b. But in some cases you will come across situations where they may try to show the collateral to another company especially when they might have an investment in a competitor company. To avoid that, try to clarify these things right on the first call with the angel.

c. You can create authentication protocols for accessing the information. At OSlash, we kept our collateral on Notion and shared access only when the angel requested it. Or you can use something like DocSend where your deck can be shared only via email access. But a lot of this depends on trust. You do want to make sure the detailed numbers don't go out, but for the memo and deck, try to make sure access is authenticated. Make it fail safe.

5. How expensive is it to raise an angel round? What are the major costs and fees involved?

a. It was expensive to raise an angel round back in the day. Say if you're trying to get 20-30 angels, you have to bring them all onto your cap table. There’s the legal cost of paperwork. You have to follow up with them to coordinate wire transfers - make sure they send the right banking information, collect the cheques, and more. For us, it was not just legally expensive but also cost a lot of time. 

b. Thankfully, a few firms like AngelList came up with a special purpose vehicle where all of these angels can come together as one structured firm and the firm can invest as a single entity in the cap table. And that used to cost $8,000 - all that was required for a successful angel round.

c. Now, with AngelList RUV, things have become even easier. Plus, if a company is incorporated in Delaware and you are raising SAFEs or equity, they offer a no-fee RUV. There is zero cost attached to it. Most software companies incorporated in the US are Delaware incorporated, but if you're not a Delaware incorporation, the whole thing can be done at $2,500 which is still a pretty good deal.

6. What should I do if an angel refuses to invest in my startup? If a deal falls through?

If an angel says no to investing in a startup, that's completely okay! You have many out there, you know? Try to speak with more angels. And I think that should also be a goal. You should always aim higher. Try to get more angels than you need, because some of them might change their mind. After all, all of us are human. So it's not a big deal.

OSlash your everyday links to everyday words

If you are interested in what we’re building here at OSlash,
why not give it a spin?

Awesome! You'll hear from us very soon.
Oops! Something went wrong while submitting the form.
Get Started

ESOPs Guide for Founders & Employees in Tech Startups 2022

Bonus: Get the blueprint of the OSlash ESOP policy to effortlessly build one for your organization

ESOP Policy Cover

With companies adding stock options to compensation packages, it’s important for both founders and employees to understand how ESOPs work. This guide by our CEO, Ankit Pansari, will help dispel the ambiguity around equity compensation in early-stage tech companies.

Introduction

If you are an employee or a founder of a tech company, it’s imperative that you know about Employee Stock Ownership Plans (ESOPs). 

While setting up an ESOP policy for OSlash, we realized one thing. Though the term is prevalent in the industry, both tech founders and employees actually understand very little about ESOPs. This can cause a lot of confusion and misunderstanding about their rights and obligations with respect to ESOPs. 

To dispel the myths and bring transparency to how ESOPs work, we decided to pen this guide and share our learnings — sourced from founders of reputed tech companies such as Notion and Figma and also from our experience at OSlash.

1.1 What is covered in this guide?

Think of this guide as the ultimate playbook for understanding Employee Stock Ownership Plans (ESOPs) — for both employees as well as founders

This guide covers

  1. An introduction to equity compensation in tech companies — its origin, how it is granted, and types of equity structures in companies
  2. Why equity compensation is important for modern tech companies
  3. What are ESOPs? - Basics
  4. An understanding of ESOP valuation
  5. Employee view of ESOPs — taxation, when to sell, and things to look for
  6. Founder view of ESOPs — planning the ESOP pool, identifying the goals of equity compensation, and steps required to introduce an ESOP policy in the company
We’ve made our ESOP policy public to transform your confusion into clarity as you build one for your organization
Thanks, you’re all set!

Check your inbox for an email with the link to our ESOP policy.
Join the 2000+ teams already using OSlash to navigate your workplace links in an instant.
Request a demo
Oops! Something went wrong while submitting the form.

1.2 Who is this guide for?

  • For employees whose compensation involves ESOPs 
  • For founders looking to set up an ESOP policy for their startup from scratch
  • For founders looking for additional information to restructure their startup’s ESOP policy
  • For anyone who wants to understand ESOPs but is confused by the jargon-heavy explanations on the internet 

1.3 Why this guide?

  • ESOPs have become an increasingly common form of compensation across tech companies, especially startups 
  • People are motivated to join startups that have attractive ESOP plans. But, there is a lack of simple, understandable information about how ESOPs work, with 57% of employees citing they would like more educational guides and FAQs on the topic
  • There is absence of factually correct guidance for founders to set up their ESOP policy
  • Founders struggle to correctly and satisfactorily explain ESOPs to employees 

1.4 Disclaimer 

  • We are not lawyers. Please consult a lawyer before you adopt any of the recommendations we discuss in this document
  • This guide is specific to the US employee stock option plans for modern early-stage tech companies. Most of the specifics might not translate to other jurisdictions

2. Understanding equity compensation

Because ESOPs form an important part of employee compensation at modern tech companies, let’s first understand how compensation is structured typically at an early-stage tech startup. 

2.1 What are ESOPs?

ESOPs (Employee Stock Option Plans) are a form of equity compensation granted by companies to their employees and executives. With ESOPS, the company does not grant shares of stock directly, but gives the employee the option (or the right) to buy the company's stock at a specified price for a given period of time.

2.2 The structure of compensation in tech companies 

Types of Compensation

Compensation in tech companies is typically a combination of the following components

  • Salary: The monthly paycheck received by an employee
  • Bonus: A time or performance-based incentive granted to employees once a year or on achieving a set performance benchmark
  • Other benefits: These include perquisites (or perks) such as health insurance, expense reimbursements, retirement benefits, and other amenities such as certification courses, gadgets, gym memberships etc. 
  • Equity: Simply put, equity compensation is a stake in the ownership (and therefore the growth and profits) of the company. However, equity comes in various forms, and not all equity compensation grants employees the same rights and benefits in the company

2.3 What is equity?

As mentioned, equity refers to shares in a company’s ownership. 

A company is a legal entity formed by a group of individuals to conduct a business. It has its own separate identity, distinct from the owners, such that the assets and liabilities of the company are not equal to the personal assets and liabilities of the owners.

Equity (and equity compensation) is affected by the ownership structure of a company.

There are two types of companies – private and public. Equity in a private company is restricted to its management, investors, founders, and employees. A public company, on the other hand, raises money by offering its shares to the general public via an IPO. Shares issued via an IPO are publicly traded in the stock markets and anyone can invest in them. By purchasing these shares, such shareholders get equity in the company.

2.4 How is equity different from equity compensation?

In both public and private companies, equity compensation simply means that employees are compensated by giving them a stake in the company. In other words, employees become shareholders in the company.

2.5 Equity compensation in tech companies — the history

The origin of equity compensation in tech companies (and the origin of Silicon Valley itself)  can be traced back to 1957 when theFairchild Semiconductor Corporation came into existence. 

Founded by five scientists and three engineers, it was backed with a funding of $1.38 million by Sherman Fairchild, the largest shareholder in IBM. Each of the eight founders got to own 100 shares each, with another 300 shares reserved for managerial hires. The remaining 225 shares were taken by the two investment advisors who structured the deal.

The deal came with a condition: The investor, Fairchild, would have an option to buy shares from the founders and other shareholders at $3 million collectively if things went well. Things did go well and as a result, Fairchild could purchase all the shares from the founding team who became millionaires — receiving a quarter-million dollars each upon sale of their stakes. 

2.6 Equity compensation in tech companies — the present

In his accredited 2017 book — America, Inc: The 400-Year History of American Capitalism — venture-backed entrepreneur, Bhu Srinivasan, notes about the Fairchild Corporation deal: “While the eight men made substantial windfalls, the investment structure lacked the unlimited upside element now intrinsic to the idea of the Silicon Valley start-up.”

To drive the point home, consider the compensation structure of Frank Slootman, the CEO of cloud computing giant, Snowflake Inc. Slootman led the company to what became the largest software IPO in history, raising $3.4 billion. Care to guess how much his ESOPs are worth?

Take a look:

His stock options: 13,921,409 shares with a strike price of $8.8, which equates to 5% of the company.

Snowflake’s share price (Mar 2022)= $200 (approx.) making the shares worth ~$3 bn, which is an upside of 2172%.

This, among other reasons, is why equity compensation is so attractive. 

2.6.1 How is equity granted in tech companies today?

There are broadly two ways equity can be granted:

  1. Stock options -  A stock option gives employees the right (but does not create an obligation) to purchase a fixed number of shares of the company’s stock at a discounted price at some time in the future. Hence, it’s called an option. It’s a contract that an employee signs with the company. 
  1. Stock grants - Stock grants are generally simpler to understand than stock options. Here, companies directly pay employees shares of stock as part of their compensation. It is not up to the employees to buy the shares. The shares are received simply as part of income on a periodic basis. They are more common among large, public companies. 
Insider tip:
At OSlash, we prefer options over direct award of equity because we don't want our employees to pay taxes on the day of their receipt. If we provide them $10,000 worth of equity in a year, for example, tax authorities will count them as income and employees will be taxed in the current financial year. But if we give stock options (remember it's a contract), they don't have to pay taxes till it is actually exercised.

Both stock options and stock grants themselves come in many forms, giving birth to the different types of equity structures prevalent in companies today.

2.6.2 Types of equity structures

  1. ISO - Incentive Stock Options

Incentive stock options (ISOs) allow employees to buy shares of the company stock at a discounted price and come with tax benefits. They are not taxed until the stock is sold. To earn a tax break, they need to be held for one year after exercising (buying the shares), and two years after they were granted. On sale, they are taxed at lower rates than the ordinary income tax rate. 

ISOs are only valid for US citizens.

  1. NSO - Non-Statutory Stock Options

As opposed to ISOs, non-statutory stock options (NSOs) are taxed at the ordinary income tax rate when exercised, irrespective of whether the shares are held or sold immediately after being bought. 

While ISOs can only be granted to US employees, NSOs can be granted to foreign employees consultants, advisors, or business partners. 

  1. RSU - Restricted Stock Units

Restricted Stock Units (RSUs) are a form of stock grants. They represent the company’s promise to give you the shares or an equivalent value in cash after you spend a stipulated time in the organization. 

While RSUs don't require employees to actually buy any shares, they are considered part of ordinary income and are taxed when they vest. This means employees at companies that haven’t gone public suffer a disadvantage — they may have to pay tax on shares that they cannot yet sell. Hence, RSUs are usually offered to senior executives in startups who can pay taxes on receiving the shares. 

  1. SAR - Stock Appreciation Rights

Stock appreciation rights (SARs) are a type of equity compensation different from both stock grants and stock options. They are linked to the company's stock price during a fixed period. So, employees make a profit when the stock price increases. Unlike ESOPs however, they do not have to buy any shares themselves. They are given the amount of price rise in stock or cash.

3. Why is equity compensation important for modern tech companies?

Equity is a powerful incentive for both employees and founders.

3.1 ESOP for employees

  • The potential upside of being able to share in the profits of the company is high as equity can appreciate manifold as the company grows (while cash compensation might not). This offers employees a stake in the success of the company.
  • The benefit comes from being able to purchase company shares at a nominal rate to sell them for a huge profit (best case scenario). There are several success stories where employees became millionaires together with founders of the companies. 

    A very notable example is Google when it went public. Its founders Sergey Brin and Larry Page became the richest persons in the world, even the stock-holder employees earned millions.

    In May 2018, over a hundred Flipkart employees turned dollar millionaires as the company was bought over by Walmart which purchased ESOPs worth $800 million.

    In September 2021, over 500 Freshworks employees in India — with 70 of them below the age of 30 — became millionaires when the company became the first Indian SaaS startup to list in the US. Today, 76% of employees own shares in Freshworks. 

    “It gives me a great sense of fulfillment today. This IPO has given me an opportunity to fulfill my responsibility to all the employees of Freshworks till date who have believed in us over the last ten years and contributed to Freshworks,” - Girish Mathrubootham 
  • ESOPs come with tax benefits too, which we discuss later.

3.2 ESOP for founders

  • The sense of ownership from ESOPs results in commitment and alignment with the overall company goals—if the company does well, the employees do well too. Hence, ESOPs can be used as a powerful motivator to boost productivity.
  • ESOPs help attract talent. A senior executive from Google would not join an early stage tech company if they don’t have the significant upside of increasing the value of their ownership. 
  • ESOPs are a wonderful tool to help retain key talent. 
    In 2016, Flipkart’s Chief People Officer, Nitin Seth shared with HT Mint: “It’s pretty fair to say that 35-40% of the organization is what we see as our critical talent to whom we’re offering stock of the company. The number has gone up significantly—in the past years, the number was 10-20%. This is the highest in the history of the organization in terms of the stock that we’ve offered.”
  • They free up cash resources that would have otherwise been used for hiring talent. These can be invested in company growth instead.
  • They also make compensation packages look more attractive especially if the company has a cash crunch

Now that we know how (and why) equity compensation works, let’s dive into everything founders and employees need to know about ESOPs.

4. Basics of ESOPs

Let’s assume you join a company which offers you ESOPs in addition to your salary and cash/non-cash benefits.

This is what it may look like:
You are offered 1000 shares of stock at $1 exercise price each with a 4-year vesting period and a 1-year cliff. 

This means you have the option to buy 1000 units of stock in the company at $1 provided you meet a few predefined terms and conditions, as below.

4.1 What is the exercise price?

The exercise price (also called strike price) is the price at which you can buy the shares in the future irrespective of their actual (or market) price at that time. Your shares in the company may have a value of $10 each in 2030. Even then, you will only pay $1 to buy a share.

Do you see why ESOPs are so lucrative?
 
At OSlash, employees are offered a share at a strike price as low as $0.08 per share.

4.2 How to exercise your option?

Exercising the options means buying the shares guaranteed to you. Your options are essentially shares that you own in the form of a share certificate. You can exercise your options as you attain the legal rights to them — which happens periodically rather than in one go.

Insider tip:
You want to exercise the stock when you have the opportunity to sell it for a higher price than you are buying it.


Example:
In the above scenario, assume the stock price rises to $100. You still would be able to exercise your 1000 options by paying $1 per share i.e. $1000. This way you get to hold stock worth $100,000 at current value (a $99,000 profit).

You will be able to exercise the option within a predefined time period. This is the exercise period or the exercise window. After the exercise period, your options will expire. 

The exercise window is usually:

  • Seven to ten years as long as the person is working for the company 
  • Three to six months from leaving the company in case of termination of employment 

At OSlash, employees can exercise the option up to eight years after leaving OSlash, provided they spend two years in the company. 

4.3 What is meant by vesting, vesting period, and vesting schedule? 

Vesting is the process of getting full legal rights to the shares. Rather than giving them all in one go when someone joins, companies treat ESOPs like compensation. They give it out in small chunks over time.  

Companies will usually not allow stock options or grants to vest to new hires immediately upon their joining. Instead, employees receive parts of their equity compensation over a set period of time known as a vesting schedule.

A four-year vesting schedule is a common practice across tech companies, including here at OSlash. We follow a four-year vesting schedule with a one-year cliff, followed by monthly vesting.

This means an employee at OSlash would receive their stock options as follows:

0% will vest in the first 12 months

25% will vest on completion of the twelfth month

The rest will vest every month

4.4 What is cliff in ESOP?

Cliff is the minimum period of time before you qualify to receive the first part of your options.

For the above example, the one-year cliff means that you need to be working with OSlash for at least one year before the first (one-fourth) chunk of your ESOPs vest. If you were to leave before the year, you would not receive any ESOPs.

Understandably, companies use ESOPs to increase employee retention rates and to motivate them to stay longer.

Insider tip:
Not all companies follow the same vesting schedule, however. 

Three notably famous cases in point? Lyft, Stripe, and Coinbase. All three giants have switched to a one-year vesting schedule. Their compensation packages have been changed so that employees’ entire stock awards vest in one year, instead of the traditional four years. 

The reasons for accelerated vesting? 

The market for high tech talent is intensely competitive. Companies are trying to make their compensation more lucrative. Moreover, faster vesting schedules often go hand-in-hand with smaller equity grants each year. They result in cost-savings for fast growing companies whose valuations are rapidly rising.

Coinbase justifies this decision as being more employee-centric. “We don’t want employees to feel locked in at Coinbase based on grants awarded 3 or 4 years prior. We want to earn our employees’ commitment every year and, likewise, expect them to earn their seat at Coinbase.

We are also eliminating the one-year cliff from our new hire grants. We expect new hires to add value on their first day, so it only makes sense for them to start vesting rewards for their contributions.”

5. Understanding ESOP valuation

The value of ESOPs depends mainly on

  • The stage of the startup or company
  • The valuation of the company, and
  • The option pool

5.1. Stage and valuation of the company

Any venture-funded company like OSlash goes through different stages of fundraising, which impacts ownerships in the company.

Stage and valuation

OSlash is currently in the Seed stage. To understand how the company's valuation is determined, we need to understand the different types of shares in OSlash.

5.2 Different types of shares

There are two types of shares in OSlash — common shares and preferred shares.

  1. Preferred shares are given to investors, advisors, and angels. Since they provide us with money and advice, they have some 'preference' before all of us
  2. Common shares are the shares the management and employees of the company receive

Preferred shares are more expensive than common shares as they are entitled 

  • to receive dividends before common stock dividends can be issues
  • to be paid from company assets before common stockholders in case of the company’s bankruptcy

The cost of preferred shares determines the valuation of the company.

Remember that when we talk about ESOPs, we are referring to common equity shares.

Because of the above differences, the strike price of ESOPs cannot be the same as the price of preferred stock.

Insider tip:
The option’s exercise price is usually at a 70 to 80% discount to the preferred share price established in the prior round of fundraising. As an example, if we sold preferred stock at $1, the exercise price for the common stock value at that time would be somewhere between 20 and 30 cents per share.

Moreover, the lower the strike price for common shares, the higher the number of shares that can be issued as ESOPs. 


Getting to the exercise price is a challenging task. We need valuation consultants to come up with the right price. Companies like OSlash need to produce a valuation report called the 409a report.

We engaged a valuation consultant to come up with the report. The valuation is suitable for a whole year or until we raise more money.

According to the 409a report, the exercise price of OSlash common share is $0.08, whereas the price of a preferred share is $0.8. Preferred Shares are ten times more expensive than common shares.

As a result, OSlash employees get a discount of 90% as part of the ESOPs.

5.3 Option pool and dilution

The option pool (also called equity pool or ESOP pool) is a block of company shares that employers create, add to the existing number of shares, and set aside for future employees.

For example, if a company currently has 100,000 shares (100% of the company) and we create an option pool of 11,500 shares, there are now 1,11,500 shares of company stock on a fully diluted basis.

Note:
Fully diluted shares are the total number of common shares of a company that will be outstanding and available to trade on the open market after all possible sources of conversion, such as convertible bonds and employee stock options, are exercised.
(Source - Investopedia)

The ESOP pool is created by founders who dilute a certain percentage of their ownership to allocate to the pool (when the company is in its early-stage). If the ESOP pool is exhausted while there are still unmet hiring needs, further dilution may be done by founders (or even investors) to replenish the pool.

As a result, an ESOP pool affects existing ownerships in the company, impacts the share price, and thus the effective valuation of the company. 

Example:
When OSlash raises money from investors, we create new shares to sell to those investors. Now, the existing shareholders (say management, employees, early-stage investors etc.) will own the same number of shares as before. But, there will be a greater number of total OSlash shares available so that they will now own a smaller percentage of the company. This is what dilution is.

From the above example, if owners held 10,000 out of 100,000 shares earlier i.e. 10% of the company, after creating the pool, they will hold 10,000/111,500 shares now or 8.97% of the company.

In an ideal scenario, as the company acquires new funding, grows, and scales, its valuation keeps increasing. As a result, the value of each share held by each employee/owner/investor also rises. This means that despite dilution, they end up getting more (and not less) in each successive round of valuation — a small share but one of a larger pie.

Insider tip:
A larger option pool is attractive for hiring new employees and investors. But as we have seen, the bigger the option pool gets, the more diluted the ownerships become. The key is to set the right balance, keeping your fundraising and hiring needs in mind.

6. Employees' guide to ESOPs

6.1 When to sell your shares

After the vesting period is over, the employee can usually exercise the ESOPs and sell the shares. Of course, it makes sense to sell the shares when the option is in the money i.e. the strike price (purchase price) is lower than the market price. 

There are generally three occasions when an ESOP sale (also called Exit) is possible. You can sell your ESOPs

  1. In a buyback during the next round of fundraising - It is a common practice for companies to buyback ESOPs from existing (and even former employees) during fresh rounds of fundraising. A new set of investors come in and take the ESOPs of employees and infuse capital in the company
  2. When the company gets acquired (M&A) - The acquiring entity offers to buy existing ESOPs from the employees in order to complete the acquisition
  3. When the company goes public (IPO) - Usually, shares of an unlisted company are illiquid as the above two instances are fairly uncommon. When a company offers ESOPs, the expectation is that the employees who show greater commitment and continue with the company would eventually reap the benefits, potentially upon a future IPO, when the shares can be sold to the general public
  4. Secondary sales - This is more likely than an IPO in case of startup ESOPs. Employees can sell their shares after exercising their options to other shareholders such as existing (or new) investors

Private companies can also stipulate a lock-in period to make sure that employees do not sell the shares in the open market, as soon as they get them.

Since stock options have a shelf life (exercise window), if the company doesn’t go public, obtains the next round of funding, or gets acquired, within that time frame, your purchased options will expire. 

ESOP Lifecycle

6.2 Things to look out for

As you can tell by now, there are various clauses in an ESOP. 

Before agreeing to receive ESOPs, understanding what you are signing up for is important. 

  1. The worth of your ESOPs - Don’t be blindsided by the higher number of shares on offer. It does not mean you get more equity. The worth of your shares depends on the percentage stake you own in the total number of shares of the company’s stock. To figure this out, ask your employer for the number of “fully diluted” shares, which includes stock that has not been issued yet, but could be issued in the future. You can then use the valuation of the company to get an idea of the worth of your equity compensation. (Refer the section on option pool for more clarity)

  1. Risk - ESOPs, especially at early stage companies, carry risk. More startups fail than succeed. So, it’s a gamble — in the worst case scenario, your ESOPs may be worth nothing. This is important especially where employers may offer you more ESOPs if you take a salary cut. In the best case, your company may be acquired or listed and you may reap huge benefits.

    Just like Sudharshan (Susa) Karthik, Ex-Senior Product Manager at Freshworks. “When Freshworks went public last year (2021), the upside on my ESOPs was something beyond my wildest dreams,” he says. “But it is important that young folks realize that ESOPs are not a get-rich-quick scheme by any measure. I see a lot of people joining startups hoping to cash in millions on their ESOPs, which is an extremely rare event. It’s far more rewarding to look at ESOPs as the best way to tie your inputs to outcomes in a company and as a career-building exercise.”

  1. Vesting schedule - As a rule of thumb, the shorter the vesting period, the more quickly you receive the options, and the more quickly you can exercise them. Prefer shorter vesting schedules and cliffs and be wary of vesting schedules that have disproportionately higher vesting in later years, as they can act like “golden handcuffs”, making leaving the company disadvantageous for you. Longer vesting schedules can also make you miss out on opportunities for exits.

  1. Liquidity and exit options - For listed companies, pricing is an issue, as their stock prices do not move in sync with performance. For unlisted companies, the problem is lack of liquidity and clarity on valuation. That is why companies must mention all exit options clearly at the time of grant. For instance, if the initial public offer is the only exit route, it must be stated clearly and the potential uncertainties related to listing brought to the employees attention.
    Source: Business Today

  1. Negotiation - Just like your cash salary, you should negotiate your ESOPs when you first sign a job offer. Think of ESOPs as any other investment opportunity. You want to maximize your gains while capping potential losses. When deciding how much stock to hold, assess your life-stage, finances, and risk appetite. Negotiate accordingly. 

    Like with other assets, diversification is also important for ESOPs. Don’t bank too much on ESOPs to make you extraordinary returns,” cautions Karthik. 
Insider tip:
Don’t hesitate to ask questions from your employer about your ESOPs. Most employers will answer them happily. 

6.3 Taxation

The tax treatment of ESOPs will depend upon the country of incorporation of the company as well as the nationality of the employees.

6.3.1 ESOPs given by foreign (say US) entities to Indian employees 

The tax treatment for ESOPs given by foreign entities (such as a startup incorporated in the US) to Indian employees is as follows:

  1. Upon exercise of ESOPs: The difference between the fair market value (FMV) of shares allotted and the discounted price (strike price) paid by an employee would be taxed as perquisite in the hands of the resident employee. The tax rate would be the ordinary income tax slab rate.
  1. Upon sale of shares acquired: At the time of sale of shares, the profits will be taxed as capital gains. Short-term gains (where shares are held for less than 24 months) are taxed at income tax slab rates, while long-term gains are taxed at 20%  with indexation benefits

The company has to deduct TDS from the salary of the employees in the month in which allotment/transfer of shares is made.

Note:
In 2020, the Indian Government announced that payment of income tax on startup ESOPs can be deferred from the time of exercise of ESOPs. Now, the tax liability arises within 14 days from any of the following events, whichever is the earliest:

  • after the expiry of 48 months from the end of the relevant assessment year; or
  • from the date of the sale of ESOP shares; or
  • from the date the employee ceases to be an employee of the startup that allotted the ESOPs 

Liability for deducting tax at source (TDS) on the startup also stands deferred.

*These benefits are available only for eligible startups. 

6.3.2 ESOPs given by US entities to US employees

The tax treatment here will depend on the type of ESOPs, namely ISOs or NSOs.

  1. NSO
    NSOs are taxed twice

    a. Upon exercise of the option: The spread between the fair market value (FMV) and the exercise price (also called strike price) is taxed at ordinary income tax rates. Employees are also charged employment taxes.

    b. Upon sale of shares acquired: To qualify for long-term capital gains treatment on the sale of stock purchased through an NSO, the shares must
    - have been held for at least one year after purchase
    - come from options granted at least two years prior to the sale

Stocks held less than one year after purchase or less than two years after grant date are subject to (higher) ordinary income tax treatment.

  1. ISO
    One of the qualifications for avoiding taxation on exercise of an ISO is that it must be equal to the FMV at the date of the grant. Employees must pay AMT (Alternative Minimum Tax) on the amount the FMV exceeds the option price at the time of the grant.

    This is unlikely, but could occur in a scenario where they were granted at a certain price by the company and a new 409a valuation was completed between their grant/purchase and exercise.

    ISO stock is taxable at the long-term capital gains rate when the same conditions specified for NSO above are fulfilled. In the case that early exercise is allowed, ISOs are eligible for the 83 (b) election, which allows one to avoid their taxation as income and also starts the clock on their consideration as capital gains.

    You must file the 83 (b) election within 30 days! There are NO exceptions.

7. Founders' guide to ESOPs

7.1 How to plan for an ESOP pool in every stage of funding 

As stated, to offer ESOPs, founders have to dilute a part of their own equity and create an ESOP pool. Employees are granted ESOPs from this pool. Further dilution may be necessary to replenish the pool in successive fundraising rounds. 

Thus, the ESOP pool size is inversely proportional to the company’s growth stage – as the company scales, the size of the ESOP pool decreases. 

7.1.1 Early Stage: ESOPs as compensation

Early-stage employees should get a higher reward (in terms of a higher share of ESOPs). They are taking higher risk by joining an unproven business venture and must be compensated adequately via ESOPs. Moreover, an early-stage company is quite illiquid. Attracting key executives in the absence of huge cash compensation is a problem that can be solved by giving more ESOPs as part of compensation.

7.1.2 Growth Stage: ESOPs as rewards

In the growth stage, the focus is on retention of key talent which drives growth. As the size of the ESOP pool reduces, it becomes prudent to reserve ESOPs for key personnel and award performance-based ESOPs. Moreover, as the company matures, and cash flows begin to improve, it is easier to award higher cash compensation to new employees who join than it is to dilute equity further. 

Insider tip:
It is considered a best practice to award ESOPs to all employees in an early-stage startup, irrespective of their role and seniority. This kindles the ownership among all and gives impetus towards company’s growth.

7.2 Goals when structuring equity incentive schemes

The goal of the policy should first and foremost be to set your team up for success

7.2.1 Allow early team members to have an equity setup similar to founders

At OSlash, we have tried to ensure that we all get equitable treatment in the hiring process with respect to equity compensation. 

Founders such as Girish Mathrubootham (Freshworks) instituted RSUs for every employee as they grew, a practice lauded by Karthik, who believes this is the best way to do right by the employees. 

The very first employee at Flipkart, Ambur Iyyappa, also received shares in the company which fetched him millions upon sale. 

7.2.2 Reduce the chance of team members owing equity-related taxes 

It is advantageous to offer stock options over direct equity. For example, $10000 worth of direct equity will be counted as income and will be taxed in the current financial year at ordinary income tax rates. But, since an option is a contract to buy shares, employees don't have to pay taxes till they exercise it.

7.2.3 Reduce the chance of team members losing equity for some technicality

Good employers will always try to draft an ESOP policy that makes sure their employees come out winning. This can take many forms including front-loaded or accelerated vesting (where the majority of shares vest within a short period of joining), no cliff period, monthly vesting after cliff instead of quarterly vesting, longer exercise periods for employees leaving the organization, and lower strike prices so employees can comfortably shell out the money required to buy the shares etc.

ESOP Graphics
Want to create an ESOP policy that resonates with your team?
Here’s OSlash’s ESOP policy to help you navigate through all ambiguities 
Thanks, you’re all set!

Check your inbox for an email with the link to our ESOP policy.
Join the 2000+ teams already using OSlash to navigate your workplace links in an instant.
Request a demo
Oops! Something went wrong while submitting the form.

7.3 Summary of steps required to introduce an ESOP policy at your company

  1. Get the ESOP policy scheme draft prepared by your lawyer. You’ll have to figure out:
  • How many ESOPs to award whom (illustration below)
  • The strike price at which you will offer the options
  • The vesting schedule and cliff (if any)
  • The exercise period and conditions applicable on termination of employment/death/disability etc.
  • Whether the ESOP will be administered directly by the company via its Board or with the help of an ESOP trust
  • An exit price estimation
Determining ESOPS
  1. Communicate the policy to employees as clearly as possible and make the policy easily accessible to everyone.
Insider Tip:
Use OSlash to create a shortcut to your ESOP policy such that o/esop-policy can be accessed company-wide by everyone, every time.
  1. You can conduct a company-wide session to explain how ESOPs work in detail and to answer any questions your employees may have
  2. Register your ESOP policy and give grant letters to the employees

7.4 Actionable insights

Lastly, here are some actionable insights you may want to keep in mind before rolling out ESOPs at your startup:

  1. The earlier you create your equity pool, the better it is. The best employers reserve 12-15% of ownership for the equity pool. Remember, it’s not just a best practice but also a humane practice to be generous when it comes to ESOPs
  2. Your ESOP offering should change as the stage and valuation of your startup changes. Be flexible with ESOPs as your company grows and the balance between cash salaries and equity awards changes
  3. Since the ultimate goal of ESOPs is to encourage employee ownership and alignment with the company, focus on creating value for your employees and provide them fair terms

To conclude, we’d encourage founders to look at ESOPs through the lens of an employee. Or as Sudharshan Karthik says, “Use ESOPs to make the pie larger for everyone rather than have them act as golden handcuffs.”

OSlash your everyday links to everyday words

If you are interested in what we’re building here at OSlash,
why not give it a spin?

Awesome! You'll hear from us very soon.
Oops! Something went wrong while submitting the form.
Get Started

Building the best SaaS stack for your startup on a budget

For most startups, funding is a scarce resource and the goal is to put every dollar to work. One area where startups can save money is their SaaS stack. In this guide, our CEO, Ankit Pansari, shares our SaaS stack & describes how we got almost all of these tools for free.

Bonus: Get a list of startup programs that offer great deals on various tools!

Introduction

For a newbie startup, the market is like a vast desert and funds are like water — they’re essential commodities which must not be used until you get to the next oasis. Everything you do to conserve your funds increases your chances of getting to the next stop, while not optimizing them can lead to an early end.

This is more relevant now than ever before. With the US Central Bank — The Federal Reserve — hiking interest rates to curb inflation, the era of inexpensive liquidity and funding is set to come to an end.

Tech and growth stocks have already been hit hard, with some trading below their pre-pandemic price levels. Renowned companies such as Klarna, PayPal, Bolt, and ClickUp, among others have resorted to mass layoff to curb costs.

This is not surprising. For most startups, the goal is to put every dollar to work. Startup spending should be budgeted, controlled, and, if possible, reduced as much as possible, often by being creative.

One such area where startups can save well is their SaaS stack. You will be surprised how many software tools you can get for free, especially in the early days of your company.

We are a company of twenty people and we use more than fifty different SaaS tools.

Here’s our story on how we got almost all of our SaaS tools for free. And some insider tips on how you can too!

Wish to save big on your SaaS stack too? Download our list of startup programs that offer unbeatable deals for the best SaaS tools out there!
Thanks, you’re all set!

Check your inbox for an email with the link to our list of startup programs that offer the best deals on SaaS tools.

Join the 3000+ teams already using OSlash to navigate your workplace links in an instant.
Try for free
Oops! Something went wrong while submitting the form.

What is a SaaS stack?

A SaaS stack, as the name suggests, is a stack of your SaaS tools. SaaS stands for Software-as-a-Service or software that is delivered via the cloud instead of being locally installed on your machine. Your SaaS stack then becomes a collection of software solutions (across functions and departments)  that you can obtain remotely.

What is a SaaS tech stack?

You might also have heard of the term ‘SaaS tech stack’ or simply tech stack.  As opposed to a SaaS stack, a tech stack is a combination of software, programming languages, frameworks, and data storage technologies required by a developer to build and run a single application. It typically consists of frontend technologies, backend technologies, and cloud infrastructure services.

How to Choose A Tech Stack For SaaS Development?

In order to choose the perfect SaaS stack that would give us the most value for money, we started by making a list of all the software tools we were using and would be using in the future.

Here are the factors to look for while choosing the best SaaS stack.

  1. Cost

Cost is the most important criterion especially when you are stretched thin with the budgets.

Ask: Does the tool offer credits as part of a plan? If yes, can we get any deals or discounts?

  1. Productivity

Putting together a simple yet efficient SaaS stack that requires a lower learning curve is better than going for a top-of-the-line but complex stack.

This directly affects the productivity of your team.

  1. Ease of use

How easy is it to begin using the tool? How much time does it take for us to get up and running?

Today there are many low/no-code tools that can cut deployment time by a huge margin and be used right from the get go.

Quick and easy setup is important so that you can focus on actually building your product, rather than spending time on instrumentation.

  1. Flexibility and lock-in conditions

We love monthly billing with a discount offered for an annual commitment.

You need to choose a vendor/tool that can give you a solid foundation and business continuity for the future without forcing you into a worrisome lock-in.

  1. Integration

The tools you add to your SaaS stack should work well with the other tools in your stack.

A prime example of this for OSlash is the integration among our analytics and emailing tools. We use Segment and Mixpanel to collect customer data and insights which are then fed into our email client, Customer.io, almost effortlessly.

Best SaaS Stack 2022 - A Complete List

In line with our vision of building a culture of absolute transparency at every workplace, we want to share the entire OSlash SaaS stack (as of June 2022) with you.

We were lucky to procure some of the tools listed below at great discounts (and even for free in some cases).

Here is the complete list of our SaaS tools, split into different functions.

Or: Find the TL;DR version here

Disclaimer: This article does not prescribe or recommend the tools listed below for use by you and your team. Please make sure you do your own research and select tools that best fit the needs of your company. We only intend to provide you with the list of tools we are using and share why we decided to use them.

SaaS Stack for Product and Engineering

Design

Figma: We chose Figma for all things design because it is one of the easiest design tools to pick up and offers live collaboration. We use it for everything from wireframing, UI creation, and illustrating, to prototyping, and shipping to the dev team. Even the free version comes with unlimited personal files and unlimited collaborators — a huge asset to any startup.

Frontend

Storybook: Storybook is open source and forever free. We prefer Storybook at OSlash for UI development because it lets us build UI components in isolation without setting up any development stack and without needing any data or API.

Algolia: Algolia is a search and discovery platform. We use it to build a consistent and personalized search experience for OSlash users. Eligible startups can claim $10,000 in credits via their startup program.

Backend

Github Enterprise Cloud: We chose Github as our all-in-one tool for ​code management, version control, code review, documentation, team collaboration, and project management. We were able to secure 40 seats of Github Enterprise cloud worth $24000 for free via the Microsoft Startup Program.

Visual Studio: It offers an open source IDE (Integrated Development Environment) with hundreds of programming languages and a free code editor. We got a Visual Studio license worth $5400 for free via the Microsoft Startup Program.

There are a number of cost-saving Visual Studio subscriptions available today. They come with added benefits such as access to GitHub Enterprise, Power BI Pro, Azure DevOps, Dev/test software, monthly Azure credits, and professional training and support from providers including LinkedIn Learning.

Sentry: Sentry is a crash reporting application we use to streamline error-reporting and fix performance issues in both the frontend and backend of our software. It works across iOS, Android, and Web. Its USP is real time insights and context for faster resolution. It is free for tracking up to 5,000 events per month. For standardized error and performance monitoring, you can opt for their Business plan which costs $80 per month.

Testing/QA

Rainforest: It is a combined platform for both manual and automated QA or software testing. Since it is a no-code platform, it allows even the non-technical product folks on our team to contribute easily to better quality software. Their Professional plan starts at $0/month and offers you free no-code test automation (worth 5 hours every month) plus on-demand manual testing (free trial for 14 days).

LambdaTest: This tool lets you perform automated and live testing across Windows and Mac operating systems, along with all legacy and latest browsers.You can simultaneously use it for testing your website or web app on mobile browsers for both Android and iOS operating systems. They have a 60 min/month Freemium Plan while unlimited testing starts at $15/month.

Cloud infrastructure

For infrastructure tools, we suggest you space out your activation of accounts. It will give you enough room to experiment with every infrastructure provider out there.

Amazon Web Services (AWS): AWS is perhaps the most well-known cloud platform worldwide. It boasts over 200 on-demand cloud services such as computing power, database storage, content delivery, etc. for organizations.

Eligible startups get up to $100,000 in AWS credits by signing up for AWS Activate. In addition, there are hundreds of free-tier offers — trial, 12 months free, and always free — for everything from computing to analytics, IoT, machine learning and more. You can also get volume based discounts and realize important savings for selected services as your usage increases.

We received AWS credits worth $105,000 via SaaSBOOMi, the largest network of SaaS Companies in India, and $5000 via YC Startup School.

Microsoft Azure Services: Azure’s cloud platform also comes with over 200 services and attractive pricing options for companies of all sizes. Microsoft also claims that AWS is 5 times more expensive than Azure for Windows Server and SQL Server. It offers over 25 services for free, forever and comes with a $200 credit on each new account where you can try popular services for free for the first 12 months.

SaaSBOOMi helped us get Azure credits worth $150,000 while starting out.

Heroku: The main advantage of Heroku over other cloud platforms is its simplicity and ease of deployment. Heroku offers you a ready-to-use environment which is more beginner-friendly and can be easier for startups with small teams as compared to AWS. The YC Startup School helped us get $20,000 in credits for the tool.

Google Cloud Platform (GCP): Google offers anyone wishing to explore its cloud platform $300 in credits and over 20 free services. We use GCP extensively for our AI and ML needs as well, in addition to infrastructure hosting. A direct application to GCP for Startups also helped us secure $20,000 in credits.

Digital Ocean: This tool is known for simplifying the process of deploying servers to the cloud. Their USP is clean and simple UI, API, and Docs as opposed to GCP and AWS which can be quite overwhelming for small teams. We got credits worth $10,000 for Digital Ocean via the YC Startup School.

SaaS Stack for Project Management

Linear: We moved from Jira to a swift developer ticketing tool Linear, which comes with a generous free version. The free version has no limit on the number of users (huge plus point for startup teams) even though you can track only up to 250 issues at a time. We like Linear because of its (extremely) fast speed and lean UI.

Notion: We use Notion extensively for roadmap planning and keep all our PRDs in it. It also doubles up as the company wiki for storing and sharing important information. You can easily get ‘Notion for Startups’ with $1000 of free credits if you are part of one of their partner accelerators or VC firms. If not, you can get the same offer by purchasing a Notion plan at Product Hunt Founder’s Club. ($1,000 worth of credit via Founder’s Club)

SaaS Stack for Website Development & Optimization

Webflow: We chose Webflow for developing the OSlash website because of its low/no-code platform which is intuitive and easy to learn. Its in-built SEO capabilities are also a great add-on. For as low as $16/month, you can get a custom domain to host your startup’s own fully-functional CMS powered website.

Google Analytics: Our go-to tool for website data analytics, the free version of Google Analytics offers everything a small business or startup needs. You can analyze all website data for a volume of up to 10 million hits per month (which is fairly decent) and integrate it with Search Console, AdSense, and Adwords too.

Content

Ubersuggest: Ubersuggest is an all-in-one content management tool that helps us out with website audits, keyword research and ideas, backlinks data, content ideas, and more. One of the few SaaS tools on the list that comes with a lifetime pricing, it offers a steep 90% discount as compared to the likes of Ahrefs, Moz, and Semrush. We found a lifetime price of $120 for managing up to 3 websites too good to resist and recently added the tool to our SaaS stack.

SaaS Stack for Marketing

Customer.io: At $150 a month, this email tool may be a little pricey for early-stage startups. However, it has simplified our marketing team’s lives by helping us automate and schedule transactional emails, workflows, as well as broadcast emails without hassle. And it integrates nicely with our marketing tech stack including Segment, which is a huge bonus.

Canva: If your team does not have a dedicated graphic designer, Canva can be a great design tool to churn out social media posts, blog graphics, email graphics, promotional website banners, and other web-assets without much hassle. It is completely no-code, is super easy to learn, offers thousands of templates & free design assets, and you can collaborate on designs in real-time. As you expand and wish to publish designs directly to social media or create approval workflows for designs, you can consider upgrading plans.

SaaS Stack for Sales and Customer Success

Airtable: We started out by managing all our customer interactions and CRM activities in Airtable’s powerful spreadsheets, having received $2,000 worth of credit via “The Secret”.

Freshsales: Freshsales is a CRM that offers all basic functionalities for free — you can use it for maintaining and managing the accounts of your customers, track lifecycle stages of contacts, and service them using built-in chat, email, and phone support. Ideal to get started when you have a low volume of contacts and accounts to manage.

Freshsales is a product from Freshworks, a business software behemoth that also boasts a popular startup program. As a part of the program, eligible startups can receive up to $10000 in credits on the Pro plans for various Freshworks’ software, along with access to their mentorship platform, FORGE.

HubSpot: For teams just beginning with their CRM efforts, HubSpot’s free CRM tool is also a great risk-free choice. Plus the tool lets you prospect, collect forms, create tickets, manage ads, and run automations on customer data from a single dashboard. As you build up your sales and marketing efforts, you can upgrade plans or switch to another CRM.

Intercom: We use Intercom for customer support at OSlash because of its ease of use. If you have a website and an app, Intercom will let you easily integrate them both and quickly respond to customer issues or bugs via emails or in-app messages. Its Early Stage Academy offers eligible early-stage startups advanced Intercom features at a 95% discount.

Typeform: We are fans of Typeform’s beautiful designs and intuitive UI. We use it extensively at OSlash to create and manage forms for customer surveys and user feedback etc. Their startup program will let you avail 50% discount for 6 months on any plan.

SaaS Stack for HR, Finance, and Accounting

Freshteam: Our HR and TA cannot imagine working without the simplicity Freshteam has lent to our hiring and employee management verticals. Its LinkedIn integration lets us post new job openings on the go, and we can manage email applications in a shared inbox directly inside the tool. The free version is quite limited but may be a good starting point for early-stage companies.

Stripe: When it comes to processing subscription payments in USD, especially for clients located in the US and Europe, Stripe provides one of the simplest platforms in the industry. Chargebee is another great alternative to consider.

Quickbooks: Quickbooks pretty much boasts a monopoly in bookkeeping software. You can get started with basic bookkeeping for as low as $12.50 per month and even add their payroll software to the bundle for creating an all-in-one economical accounting package for your company. They offer a free trial for 30 days and 50% discount if you commit to using the tool for 3 months right away.

Razorpay Payroll: The biggest advantages of using RazorpayX Payroll for us have been automated compliances in matters of taxation and other statutory filings related to payroll at no extra costs. The portal is self-serve, which means your employees can also mark attendances, apply for leaves, claim reimbursements, and access their payslips — all from one software. You can do all this for less than $1.5/month in India. By being part of the Razorpay Rize platform, you can also avail 3 months free payroll.

SaaS Stack for Analytics & Data Science

A key takeaway before building your data and analytics tech stack is: The lesser the data you process, the lesser the expenditure you incur. You should use these tools judiciously to process only the necessary and relevant product/user data in your data pipeline. This has the twin benefits of not violating privacy concerns and keeping your data processing costs low.

Mixpanel: We started using Mixpanel for gaining top-level product insights. Their free plan offers insights for upto 100,000 tracked users per month. Eligible startups can also get $50,000 in credits towards the Mixpanel Growth plan for one year.

Segment: We use Segment to collect events and feed product usage data into various other tools such as Mixpanel, BigQuery, and Customer.io to name a few. You can get 10 seats and track upto 1000 users a month for free. SaasBOOMi helped us obtain credits worth $50,000 for Segment. And they also have a startup program that offers eligible startups $25,000 in annual credit toward their monthly Team plan.

Power BI Pro: Microsoft’s Business Intelligence Platform, Power BI Pro lets you easily collaborate on and share data visualizations within and outside your company so that you can use these insights to take better decisions together. We applied to the Microsoft Startup Program and got a Power BI Pro License worth $2340 through the same.

Google Cloud Platform (GCP)/BigQuery: GCP helps us with our AI and ML efforts by allowing us to create data insights and APIs. You can get $100,000 in credits across GCP services via Google’s Startup Program. Within the GCP, BigQuery forms the basis for creating our data science models. BigQuery charges for data storage, streaming inserts, and querying data, but loading and exporting data are free of charge. It offers a pay-as-you-go model costing $5 per TB where the first terabyte (1 TB) per month is free.

Team Collaboration and Communication

Slack: Slack is fast becoming the default way to communicate and collaborate within and across teams. It has a free tier and the Pro plans are also quite affordable even for early stage companies. We wrote to Slack’s Sales team requesting free licenses as an early-stage startup and they were kind enough to offer them to us.

Loom: Since a good part of our team is remote, we need async communication tools to work better. Loom helps us share video messages complete with screen recordings and has become the default way of reporting bugs and customer issues within the team. We use the free plan as it meets our everyday needs with limits of up to 25 videos/person and up to 5 mins/video.

OSlash: OSlash uses OSlash so much that it has become our way of life, something we did not expect while dogfooding the product in the initial days. The team creates Workspace shortcuts extensively to keep everyone in loop about important updates. And we also like using Private shortcuts to manage all our personal links seamlessly. Oh, did we mention OSlash is free for small teams of up to 5 users?

Calendly: Scheduling one-on-one meetings without indulging in back and forth regarding availability — this is the primary reason we use Calendly at OSlash. We mostly use it in individual capacity (for free) as opposed to getting the entire team onto the tool.  

Zoom: o/allhands and o/daily-standup are just two of the most-widely used Zoom shortcuts in our company. Zoom is terrific for virtual meetings with remote or distributed teams. The audio and video quality is great even on the free plan and the attendee limit of 100 users per meeting is what most early-stage startups can easily live with.

Google Workspace: Google's G Suite is incredibly affordable at $5/user/month for the basic plan. An office suite, an email client, file sharing, video meetings (Google Meet) and other collaboration features such as Drive and Chat are included.

Miro: Miro’s free whiteboarding tool offers our dev team the priceless ability to collaborate with potentially unlimited team members (even if the number of editable boards is limited to three). It also offers all important integrations such as with Zoom, Slack, Zapier, Google Drive, Figma and more for faster workflows.

SaaS Stack for IT, Compliance, and Security

Iubenda: Iubenda is an excellent service to make sure your website and app is compliant across multiple countries and legislations. For $129 a year, you can make your website’s privacy policy, cookie policy, and terms & conditions legally compliant across the globe. We obtained $600 in credits for Iubenda via the ‘Founders Club’.

1Password: We use 1Password for securing and sharing passwords within internal teams. If you purchase a plan for your team via the “Founders Club’, you can get $2000 in credits or six months free.

JAMF: Since we all use Macs at OSlash, we decided to adopt JAMF for device management and enforcing key security requirements such as password locks and hardware encryption. Basic plans start at $4/user and let you manage up to three devices for free as well.

List of startup programs that offer discounts

Now that our SaaS stack is public, we would also like to share with you the list of startup programs that offer great deals and discounts on these (and many other) software tools.

We hope they will make it easier (and cheaper) for you to set up your own SaaS stack.

Build the best SaaS stack for the least prices! Download our list of startup programs that offer exclusive deals & discounts on SaaS products.
Thanks, you’re all set!

Check your inbox for an email with the link to our list of startup programs that offer the best deals on SaaS tools.

Join the 3000+ teams already using OSlash to navigate your workplace links in an instant.
Try for free
Oops! Something went wrong while submitting the form.

We were able to get the above tools for free by asking nicely and also using the self-hosted version, which is not advertised.

We got combined savings of $406,210 over two years with the ability to test and experiment as much as we need without the constraint of spending.

While no living document like this is ever perfect, this is the current collection of resources we have been using at OSlash. Please note that all these deals and discounts are updated as of June 2022.

If you have any suggestions, please email us and we will add them to the list.

Although it sounds unbelievable, a leaky credit card expense can cause a serious dent in your funds. So, watch your cash flow obsessively.

There is no one size-fits-all when it comes to building the perfect SaaS stack. With the wide array of options available, it can be tough for startups to make this decision. But remember that your SaaS stack does not have to be the fanciest to get the job done. So, don’t spend a lot of time and energy on figuring out the best tools right at the start. Focus on building the best product or service you can. The rest will follow.

Appendix:

Overview of the OSlash SaaS stack

Product and Engineering

1
Figma
Comprehensive design tool with live collaboration
2
Storybook
Open source UI development without setting up any development stack
3
Algolia
Platform for building search, discovery, and recommendations for your product
4
Github Enterprise Cloud
All-in-one tool for ​code management, version control, code review, documentation, team collaboration, and project management
5
Visual Studio
Open source IDE (Integrated Development Environment) with hundreds of programming languages and a free code editor
6
Sentry
Cross platform crash reporting application 
7
Rainforest
No-code platform for manual and automated QA or software testing
8
LambdaTest
Automated and live testing across operating systems — Windows, Mac, iOS, and Android, along with all legacy and latest browsers
9
Amazon Web Services (AWS)
Cloud infrastructure platform with over 200 on-demand cloud services
10
Microsoft Azure Services
Cloud infrastructure platform with over 200 services and attractive pricing options for companies of all sizes
11
Heroku
Beginner-friendly, ready-to-use cloud environment 
12
Google Cloud Platform
Over 150 cloud computing services for companies of all sizes
13
Digital Ocean
Simplified server deployment to the cloud

Project Management

14
Linear
Swift developer ticketing and issue-tracking
15
Notion
All-in-one workspace for note-taking, task-management/ project-management, and building a company wiki etc.

Website Development and Optimization

16
Webflow
Low/no-code website development with in-built SEO capabilities
17
Google Analytics
Free and comprehensive website data analytics

Content

18
Ubersuggest
All-in-one content management tool for website audits, keyword research and content ideas, backlinks data, and more

Marketing

19
Customer.io
All-in-one content management tool for website audits, keyword research and content ideas, backlinks data, and more
20
Canva
Fully no-code design tool with live collaboration. Also offers thousands of free templates and design assets

Sales and Customer Success

21
Airtable
Low-code platform for building collaborative apps and powerful spreadsheets
22
Freshsales
Cloud-based Customer Relationship Management (CRM) tool
23
HubSpot
One of the most popular CRM tools that also offers appended marketing, sales, customer service, content management, and operations software.
24
Intercom
A customer communications platform providing solutions for every stage of the customer journey from conversion to engagement to support
25
Typeform
Simple, intuitive, no-code tool for creating customer surveys and feedback forms etc.

HR, Finance, and Accounting

26
Freshteam
Low-code platform for building collaborative apps and powerful spreadsheets
27
Stripe
Cloud-based Customer Relationship Management (CRM) tool
28
Quickbooks
One of the most popular CRM tools that also offers appended marketing, sales, customer service, content management, and operations software.
29
Razorpay Payroll
A customer communications platform providing solutions for every stage of the customer journey from conversion to engagement to support

Analytics and Data Science

30
Mixpanel
Self-serve product analytics platform 
31
Segment
Collects events from your web & mobile apps and provides a complete data toolkit to teams
32
Power BI Pro
Business Intelligence platform that lets you collaborate on and share data visualizations within and outside your company
33
BigQuery/Google Cloud Platform
Fully managed enterprise data warehouse that helps you manage and analyze your data with built-in features like machine learning

Team Collaboration and Communication

34
Slack
A messaging app designed to replace email and make collaboration across teams seamless
35
Loom
Async video messaging platform for teams
36
OSlash
Comprehensive enterprise link and knowledge management platform 
37
Calendly
Scheduling platform that lets you find common times for setting up meetings within and outside your organization
38
Zoom
A cloud-based video communications app for virtual meetings, webinars, live chats etc.
39
Google Workspace
Bundled productivity and collaboration app-suite with email, file-sharing, video communication and more functionalities 
40
Miro
Collaborative whiteboard for teams

IT, Compliance, and Security

41
Iubenda
Compliance software for websites, apps, and organizations 
42
1Password
A password manager, digital vault, form filler, and secure digital wallet
43
JAMF
Automates management of iOS and macOS devices

If you are interested in what we’re building here at OSlash,
why not give it a spin?

Awesome! You'll hear from us very soon.
Oops! Something went wrong while submitting the form.
Get Started

Encourage healthy habits with the 2022 habit tracker

With companies adding stock options to the overall compensation package of their employees, it’s important to create a sound ESOP policy that gets all your legal ducks in a row. 

We’ve made our ESOP policy public to build transparency and foster an open culture of knowledge-sharing across organizations. 

Transform confusion into clarity as you build one for your organization. 

ESOP Policy

Download the policy to understand: 

  • How startups create a legally binding ESOP policy
  • Why should you create an equity incentive plan
  • The basics of equity compensation
  • How to generate your own stock option plan easily  to issue equity directly to your employees and shareholders, and automatically vest their shares in real time as your company grows

How to fast-track SOC 2 compliance for your startup - The Ultimate Guide

Bonus: Get a handy checklist of questions to prepare faster for your SOC 2 audit.

Acquiring SOC 2 compliance is critical even for early-stage startups to avoid potential loss of business. The process is far from easy but you can get certified as fast as we did by following our founders’ guide to SOC 2 compliance.

Introduction

As our world has gone increasingly online, so has our data. With this, the risk of it getting into the wrong hands has risen manifold. 

As recently as June 2021, LinkedIn saw a breach that left the personal data—names, emails, geolocation, and more—of its 700 million users up for sale in a Dark Web forum. It exposed its users to a deluge of potential cyber attacks.

Such security threats exist not just for individuals but also for enterprises, especially those working with third-party vendors (such as SaaS providers). If third-party vendors mishandle data, enterprises stand vulnerable to serious security issues such as theft of proprietary secrets and intellectual property, extortion, and installation of malware and viruses.

No company wants to take information security lightly. No company wants to work with a service provider who cannot guarantee the safety of their data. This is where SOC 2 compliance comes in.

And this is why we wrote a guide to help you understand all about SOC 2 compliance and how to achieve it fast, just the way we did.

Want to achieve SOC 2 certification for your startup as fast as possible?
Download this handy SOC 2 compliance checklist to speed up your audit preparation.
Thanks, you’re all set!
Check your inbox for an email with the link to our SOC 2 compliance checklist.
Oops! Something went wrong while submitting the form.

What is SOC 2 compliance?

SOC 2 (Service Organization Control 2) is an auditing framework and a voluntary compliance standard applicable to SaaS and other technology service companies that store client data in the cloud.

The framework, developed by the American Institute of CPAs (AICPA), defines a set of criteria for effectively and safely managing this data. The benchmark is accepted globally. 

A company that is SOC 2 compliant ensures that its controls and practices protect the privacy and security of customer data. It therefore earns not just the business but also the trust of its client organizations. 

Why does a startup need SOC 2 compliance certification?

If you’re building a startup, you already have more than enough on your plate—from hiring the right candidates to finding a product-market fit and accelerating growth.

You might be wondering if acquiring SOC 2 compliance is as critical at such an early stage.

And the short answer is yes, it is.

Here are the top 3 reasons why SOC 2 certification is a must-have, even for early-stage startups:

  1. Demand. Your customers will require the SOC 2 compliance to trust you with their data. Enterprise-level clients will be ready to work with you only when their security concerns are addressed. You could lose prospective customers and big business if you’re not SOC 2 certified. Likewise, you can scale your revenue and growth faster by attracting potential clients with your compliance.

  2. Reputation. SOC 2 certification is synonymous with accountability and reputation. The U.S. reported its highest number of data breaches—1862—in 2021. The LinkedIn example shows how data breaches can erode trust and cause the reputation of a company to plummet, all while resulting in significant legal issues and reparation fees. No company would want to risk such damage willfully by working with a non-SOC 2 compliant vendor.

  3. Security. SOC 2 compliance at an early stage helps establish a security-first culture that trickles down to every department in the startup. Think of your development team building a more secure product, your marketing team complying with various data privacy laws, and your IT team ensuring security of all your systems right from the get go. Think also of the time and money you’ll save by pre-emptively dealing with security threats instead of addressing them later after the damage has been done.

What kind of startups need SOC 2 compliance?

If your startup provides technology services, including B2B SaaS and cloud computing, you should invest in SOC 2 compliance. While the certification is not legally mandatory, it is advantageous (and almost essential) considering the reasons above.

What are the SOC 2 compliance criteria?

Despite being a compliance standard, SOC 2 does not prescribe a set of processes, tools, or controls to be applied. 

Instead, it lists 5 criteria — the Trust Service Criteria (TSC) — that a company should aim for in order to ensure information security. The companies are free to adopt the security practices and implement the controls that they like. 

The 5 TSC are: security, availability, processing integrity, confidentiality, and privacy.

Out of these, only one (security) is a must-have for your SOC 2 compliance report. The rest are optional and can be included in the audit based on the stage of your startup and the category of services you offer.

Here is a glimpse of the 5 TSC:

Security

A must-have for every SOC 2 audit, especially for early-stage startups, security criteria will include measures to safeguard your data and apps from cyber threats. 

Availability

As the name suggests, the Availability criteria deal with operational uptime and performance standards. You can opt for these in case your customers require reassurance about avoiding downtime, having adequate backup plans, and ensuring that data recovery systems are in place in case of an emergency.

Processing Integrity

Processing Integrity criteria will be vital in case you have clients that demand accurate, reliable, and timely processing of data (such as a Fintech company).

Confidentiality

If you work with customer data that is covered by a Non-Disclosure Agreement (NDA), you’ll need to include Confidentiality criteria into your assessment. This showcases your commitment to safeguarding confidential information such as intellectual property, proprietary/business-sensitive details, and financial information etc. disclosed to you by your clients.  

Privacy

Privacy criteria should find a place in your SOC 2 report in case your clients store Personally Identifiable Information (PII) such as medical records, birthdays, employment data, social security numbers etc. This demonstrates that you have controls in place to protect such data from breaches and unauthorized access.

What is the difference between SOC 1, SOC 2, and SOC 3 reports?

You may have come across various kinds of SOC reports on the internet. They include SOC 1, SOC 2, and SOC 3.

Here are the key differences between them:

What is meant by SOC 2 Type I and SOC 2 Type II compliance?

Not only are SOC 1, 2, and 3 reports different from each other, there are two different kinds of SOC 2 Compliance Reports as well. 

While the SOC 2 Type I report signifies that security controls are in place at a particular point in time, the Type II Report validates the presence of the controls over a period of time. 

In order to achieve the SOC 2 Type II certification, you have to ensure that the controls are being operated over three-six months for the first audit and over one year for the following audits. Yes, monitoring continues even after the first audit as your SOC 2 Type II compliance needs to be renewed every 12 months.

Tip: The Type I certification can be a good (and relatively inexpensive) starting point for your startup. But as you scale and expand, it’s likely that your clients would require you to produce the more stringent SOC 2 Type II certification as a proof of continued compliance and commitment to their data security.

How to achieve SOC 2 compliance as fast as possible — an overview

While it may take you anywhere between 2 weeks to a month to get your certification once the audit is complete, the preparation phase for achieving an SOC 2 compliance lasts considerably longer, depending upon the nature and scope of compliance you opt for.

1. Identify the type and scope of compliance

Now that you know what TSC are, you should decide which ones are most relevant for your business. These will be the scope of your audit report. You should also decide whether you need a Type I or a Type II compliance audit.

If you choose to go ahead with the Type II audit, remember to take into account the longer timelines associated with it. 

Example: If your clients need a 6-month Type II report (evidence that your controls have been in place for 6 months) and your team needs 4 months to prepare for the audit, you’ll need to wait 10 months before you can start the audit. The wait gets even longer if your client needs a 1-year Type II report.

This is why it’s important to get started on your SOC 2 compliance as soon as possible, ideally long before requests for reports start coming in from your customers.

2. Choose a compliance platform for automating processes

Imagine manually scouring through every machine, every system in your company to gather the evidence of SOC 2 compliance. And then painstakingly uploading it for your auditors. 

You probably won’t be able to get back to running your primary business anytime soon. 

This is what makes a compliance platform indispensable. It can help you automate evidence collection, preparation of policy documentation, and security monitoring for smoother audits.

A good compliance platform is one that integrates seamlessly with your existing security tech-stack (and has the potential to adapt if your tools undergo a change in the future). This is essential for it to automatically and continuously gather monitoring information from your data systems to assess the status of your security measures. 

To ease this step for you, here is a list of some compliance platforms to choose from, complete with their advantages and limitations. 

3. Sign up an audit partner

After setting up your compliance tool, you would need to choose your auditor. 

Your audit firm should ideally be a licensed CPA firm that specializes in information security and fulfills basic accreditation criteria such as being registered with the Public Company Accounting Oversight Board.

It is likely that your compliance platform has a list of partner firms to choose from or can recommend to you one that fits. The suitability of the firm will depend on the stage and maturity of your startup, your budget, as well as the relative experience of the firm in dealing with your industry and/or product. 

4. Conduct an internal risk assessment 

The preparation phase of SOC 2 compliance begins with a financial risk assessment. Together with your audit partner, you will quantify risks related to each Trust Service Criteria and identify if your existing controls are effective. This will help you discover vulnerabilities and potential hazards to your organization in case of a data breach etc. 

Automated compliance platforms help in making most of this process painless.

5. Have a robust security stack in place

Once you have the compliance platform and the auditors figured out, you can get down to building up your security stack. Chances are you already have one in place, but it may be lacking the tools that will fetch you your SOC 2 compliance certification. 

How will you know which tools are missing, if at all?

Your compliance platform will answer that for you by pointing out the missing security layers in your existing stack. Broadly you need the following types of tools to be SOC 2 compliant:

  • Firewall
  • Employee background verifier
  • Vulnerability scanner
  • Password manager
  • Antivirus on all company assets
  • Some form of MDM tool to manage every employee’s company assets

6. Establish audit readiness by closing security loopholes

Audit readiness is where the bulk of your and your team’s efforts will go during the SOC 2 compliance preparation.

After the internal risk assessment is complete, you’ll have identified some gaps based on existing and potential security threats. It is likely that you have some security controls already in place.

You will establish audit readiness by remedying these gaps and bolstering controls wherever required, as per the TSC you have chosen. 

Or, if you’ve implemented the second step of outsourcing it to a compliance platform, you can simply sit back and relax as the software does all the grunt work for you — from writing policies to implementing the right controls. 

Tip: Be mindful of the common security issues that can often surface while conducting audit readiness, including

  • Defining core policies around data protection in the company
  • Conducting adequate employee background checks
  • Ensuring security compliance agreements are signed by all employees onboarded 
  • Creating strong password policies, access controls, and authentication procedures for accessing sensitive data

You should maintain the controls and processes in place right upto the official audit, especially in case of the SOC 2 Type II audit. 

7. Write your SOC 2 security system description

After you’ve complied with all the above requirements of the audit, the last step is to write a security system description and submit it to your auditors.

Now you might ask us, What’s a security system description?

Simply put, it is a description or summary of the company and its systems. These are the components that you have in place to be able to carry out your business.

What does it include?

All the details regarding your company’s

  • Infrastructure: the computing hardware, software, and SaaS components used in the infrastructure of your systems.
  • Product or service: how your product or service is used, service level agreements, sporting databases, and applications
  • People: which departments, functions, and teams support your product or service, including third-party vendors 
  • Customer data: the kinds of data that come into and move out of your product or service systems, its journey, controls in place to protect it against unauthorized access, and other risk mitigation measures
  • Operations: the auditor’s opinion on the safety of the operations and protocols involved in delivering your product or service to your clients

For a detailed overview, check out this help article.

8. Receive your compliance certification

Once you hand over the system description to your auditors and give them access to your compliance platform, you are basically through with the process, at least for achieving SOC 2 Type I certification. 

For the Type II certification, you need to ensure continuous compliance and leave controls in place over a six-month to one-year period, depending upon the choice of the observation period you made in step 1.

That’s it! You should receive your compliance certification once the observational period is over.

9. Share the good news with your (prospective) clients

As you celebrate becoming SOC 2 compliant, don’t forget to share the good news on your website, social media, newsletters, and basically everywhere else your (prospective) clients can get to see it. And where they can use it to trust you with their business.

It’s a laurel to flaunt. Trust us, we know ;)

Here’s the checklist we followed to accelerate our preparation for the SOC 2 audit.
Want to simplify the process for your startup? Get it now!
Thanks, you’re all set!
Check your inbox for an email with the link to our SOC 2 compliance checklist.
Oops! Something went wrong while submitting the form.

How much does the SOC 2 compliance cost?

The cost of SOC 2 compliance for your startup will depend on a number of factors, including

  • The scope of your compliance (TSC)
  • Salaries for consultants (if you choose a consulting firm for compliance)
  • License fees for compliance software (if you automate compliance)
  • Your audit firm and their fees
  • Miscellaneous legal fees
  • (Cybersecurity) training for your team
  • Cost of building up your information security architecture
  • Renewal fees (recurring)

The total cost of SOC 2 compliance can be broken down into four phases (these are estimates).

Cost of SOC 2 compliance

As such, you can expect to pay anywhere between $50k (when automating compliance) to $200k (when not) for attaining your SOC 2 Type II compliance.

That’s it! This is the entire process for achieving the SOC 2 compliance for your startup. It’s a lot of effort whether you hire a consulting firm or do it on your own using automation software. You’ll need time, patience, and financial resources.

But it will all be worth it when your next big client asks you if you’re SOC 2 compliant. 

We promise!

We hope we have answered all your questions regarding SOC 2 for your startup.

And while you’re here, let us throw in a superfast way for you to bypass your busywork!

OSlash your everyday links to everyday words

If you are interested in what we’re building here at OSlash,
why not give it a spin?

Awesome! You'll hear from us very soon.
Oops! Something went wrong while submitting the form.
Get Started