If raising angel investment is a founder’s dream, the process of raising it is definitely their nightmare.
In this guide, our CEO Ankit Pansari breaks down the steps that led to OSlash's seed round.
Learn how to reach out to top angels and structure your round successfully.
In November 2021, OSlash announced a $2.5 million pre-seed round led by Accel. This was followed by our post-seed round to the tune of $5 million in March 2022.
The rounds saw participation from more than 50 angel investors and operators — the who’s who of business and technology — including Dylan Field (Figma), Akshay Kothari (Notion), Girish Mathrubootham (Freshworks), Olivier Pomel (Datadog), Nicolas Dessaigne (Algolia), Christian Oestlien (YouTube), Kunal Shah (CRED), and Cristina Cordova (First Round), among others.
I put this guide together to answer exactly that question and to make the process of raising an angel round more transparent and easier to understand. I know what a struggle it can be to navigate obscure logistical and legal processes involved in fundraising. The lack of actionable resources for first-time founders only compounds the problem. This is a small attempt from me to solve it for you.
Unlike institutional investors such as Venture Capital (VCs), angels are individuals who take an interest in the startup at a very early stage, when the risks are still high and the fate of the startup is largely undecided. They can be the most crucial source of not just funding, but also provide an ecosystem of social and informational capital that helps a startup thrive.
If you are an early-stage founder looking to leverage the strengths of angels for your venture, this guide can prove extremely useful to you.
It comes with lessons from my personal, hands-on experience. Having conducted multiple private and group sessions for founders and VCs on how to structure a successful angel round prompted me to pen it all down for easy reference.
Let’s dive in!
Think of this guide as the ultimate playbook for raising money from angel investors. It will help you understand:
Fundraising is a double-edged sword for a startup founder.
On the one hand, it is everything you detest — tedious processes, heaps of paperwork, red tape, and bureaucracy. It eats up time you could be investing more fruitfully in building products, conducting market research, talking to your users, and scaling your business.
On the other hand, it is indispensable if you want to grow. The angel investors you get on your cap table will not just provide finances, but also lend a helping hand as you build your business from the ground up. I wrote this guide to clear the many misconceptions founders have when they think about raising an angel round.
Ever wondered why they are called angels and not simply investors? It is because they bring in so much more than cash. They bring in kindness. They are ready to believe in your dream when few others do. And they are ready to put their money where their mouths are. They are your staunch supporters who want your business to succeed as much as you want it.
And how can they help? Well, most angels are themselves successful entrepreneurs, business leaders, innovators, and visionaries who want to help make the world a better place and give back to the community that supported and mentored them in need. They do this by:
There are different kinds of angel investors you can have on board, in order to maximize the utility and benefits you derive out of your angel round.
1. Fellow founders:
2. Super angels:
3. Domain experts:
4. Operator angels:
Angel investors primarily look for a sweet spot based on many factors before investing in a startup. These include the nature of the business & the market, the founding team’s experience & expertise, and of course, the potential returns on their investment.
Here are a few criteria a startup should fulfill before approaching angel investors:
1. A strong management team: The first thing which any investor, angel or VC, looks for in the startup is the management team. Is the team passionate about the problem? How do the founding members know each other? How long have they been working on this problem? Is the leadership strong, adaptable, observant, and trustworthy? Qualities such as integrity, clarity of strategy and approach, professionalism, determination, self-belief, and belief in the venture are important to angel investors.
There are a lot of examples where the team has started with a product and has pivoted to something else, Twitter being one of the most famous ones. It started off as a messaging service before Jack Dorsey and team pivoted to Twitter.
2. A large market size: The second thing they look for is if the market is large enough. If it is, they know that there are going to be multiple companies, which will go after this market and someone is going to win. A good example is the food delivery business. People are going to order food.
But this is particularly relevant when angels are investing in a technical product, which may not be exactly like a consumer product, for which everyone just knows there's a market.
3. A convincing business plan: Angel investors will exercise due diligence and invest in only if they are convinced by the complete business plan, including analysis of the target market including competitors, financial projections, marketing plans, and other specifics. They want to see a fully sketched out vision that details the plans for blistering the growth and competitiveness of the company.
4. A problem they can relate to: If you are trying to solve a problem that angels have themselves experienced or one that they relate to, it serves like validation for them to invest in the startup.
5. A viable exit strategy: Since angels take considerable risk while investing in a startup, they expect manifold returns. One way in which they assess their potential returns is by evaluating the exit strategies available to them. They will expect a comprehensive analysis of their payout and their risk in each scenario.
The key to raising a pre-seed or seed round with angel investors is knowing that angel investing is all about building trust and long-term relationships. This may be easier in person but post the pandemic, it has also become common to approach angels virtually. Angel investment networks and groups also exist.
After finding potential investors, you can set up a time to meet with them and present your pitch. Your pitch should be clear and impactful and give them a reasonable idea of your business. If an angel is convinced, they may conduct further due diligence and vet your business plan, financial statements, and the like, and offer you a deal.
Below is a step-by-step breakdown of how you can structure a successful angel round.
But before that, I want to clarify the difference between seed investment and angel investment.
Seed money, as the name suggests, is money raised by a company in its very initial stages. It typically involves small amounts, enough to take care of a business’ essential operational needs. Seed finance enables companies to attract more financing to grow and scale themselves.
Seed money can come from a variety of sources, such as close friends and family of the founding team, crowdfunding, startup incubators & accelerator institutions, and private investors including angel investors, and venture capital (VC) funding. So, angel investment is a subset of seed investment.
For a successful angel round, I will break down the process of fundraising into four steps:
If you already have a lead investor and are planning to raise money from a number of small investors, I recommend keeping at least 10 to 15% allocated to angel investors. While negotiating with your lead investor, please mention at the outset that at least 10 to 15 % would be allocated to angels.
In OSlash, we kept a 20% allocation for angels, and our lead VC firm, Accel, was completely on board with the idea. They even introduced us to some angels.
Angel Investing can happen in two ways — where angels themselves are leading the round (also called Party Round) or you have a VC firm leading the round and angels participating in that round. If you already have a name VC firm leading you around, you would like to get a few angels to participate.
i. At the outreach stage, you should create a long list of potential angels who could participate in your angel round.
ii. Your list should have a combination of:
- successful founders in your category
- leading operators who can help you build the engineering, product, or marketing functions
- super angels who can open more doors for future fundraising
iii. I recommend putting together a list of 100 to 150 angels.
You have to lay the groundwork for your potential angels and present them with all the necessary information they need to make a sound investment decision.
After all, an angel is an individual, not an institution. They will be investing their hard-earned money and their trust into your business for a high-risk high-return proposition. Raising money is an exercise in trust-building.
Getting their support will be far easier if you do the following religiously, provide full disclosure in the investment documents, and cover all your bases properly.
You have to work on four major preparation collaterals:
i. Elevator or email pitch
ii. Investment memo
iv. Product demo
Write a short blurb about the business. Introduce the company, the problem, and the value proposition or solution you propose with its potential benefits.
Keep it concise (so much so that you can explain it in 30 seconds to one minute).
Here is ours, for example: At OSlash, we are building an all-in-one enterprise URL manager that lets you name, structure, access, and organize long workplace links by converting them into human-readable shortcuts. This simplifies and speeds up information-sharing, productivity, and collaboration for you and your team.
Expand on the blurb by writing a comprehensive investment memo.
This will be the main document that outlines the key components of the business and presents the case and rationale for investors to put their money into it. Express all the crucial information about the business but also keep it simple.
Try to explain the business and why the timing is right for the venture. It’s extremely important to draft a good business memo. The memo is your source of truth for all follow on investment materials that you are going to create in the company.
Here are a couple of good investment memos which are public:
Create a full presentation based on your investment memo.
Your deck is a visual and succinct representation of your memo. Keep the number of slides limited and focus only on meaningful data without being too detailed.
Tailor your deck according to the audience; do a little research before you pitch and get to know the people you’ll be pitching to better.
One of the best guides we have found online on how to pitch decks is by Reid Hoffman - LinkedIn Deck pitch to Greylock Partners
We are now moving to the final stages of collecting the cheque and closing the round.
This is where things usually get complicated. I have seen founders spending a lot of time here and experiencing frustration.
Although having a lot of angels is extremely beneficial for your company, managing all of them is cumbersome:
Fortunately, there is an easy way out of all this. Our friends at AngelList have come up with a brilliant solution - the AngelList Roll-up Vehicle.
Now that you know how to raise a successful angel investment round for your startup, it may be worthwhile to point out that fundraising is often an ongoing battle and not a one-time affair.
As a founder, your goal should be to close the round as fast as possible so that you can go back to doing what you know and do best - building your company.
I hope that this guide can help you get one step closer to doing that with more awareness, simplicity, and ease of mind.
If you have any questions, you can always reach out to me at firstname.lastname@example.org and I’d be more than happy to help.
1. When is the right time to raise money? How do I know when my business is eligible for an angel round?
The right time to raise money is when you have discovered product market fit. Generally speaking, a business can survive in the long run only when there are people who will buy what it sells. So there should be demand for your product or service and people should be willing to pay for it.
But even before that the question to ask is whether the business even needs angel money? Whenever we think of raising private money or raising money from investors, we have to keep in mind that the business must scale and provide an exit to existing investors. If you're thinking of building a large business, which you believe can scale and go public someday, and will make money for people who are investing in it, then it may be right to go for angel investment. When you know that the business is eligible, make sure you have some understanding of where the customers are going to come from. Because only then will the business succeed and scale, and make money for private investors.
In conclusion, the moment you reach some level of product market fit, you should look at raising some angel money.
2. How do angel investors differ from a VC?
There are four major differences between angel investors and VCs:
a. Cheque size - Angels don't invest as much as VCs. While VCs can invest anything from $500,000 all the way to $500 million, the usual upper limit for angels is $100,000. And they can also invest as low as $1000.
b. Structure - Angels are generally individuals (can also form angel groups to come together and invest). But VCs are structured as a firm.
c. Source of the funds - VCs raise money from large banks, pension funds, universities etc. to deploy into startups. Angels usually invest their own money. But, nowadays you also have angels who raise money to invest in companies.
d. Engagement level - With a VC, because of the firm structure, you have different engagement levels. You have analysts, associates, and partners who would actually be on the board and engage with you. Unless a VC firm has said yes to an investment, a partner is not going to be involved in the business. But, an angel is investing alone. They are trying to help you. They are trying to work with you so they will be personally involved from day one.
3. Should I negotiate with an angel? How do I best prepare for negotiations?
a. In most cases, you won’t need to negotiate with an angel because angels are extremely founder-friendly. In fact, you should watch out for angels who try to back you into a corner and reconsider engaging with them. Most angels would try to accommodate whatever your needs are. In my experience, they want to make sure they do right by the founders.
b. In some cases, however, you might have to negotiate, especially where they are asking for a larger allocation in the business that you can’t comply with. For example, you're raising a $2 million round out of which only $200,000 is reserved for angels. And you have an angel who wants a $50,000 allocation (that is 25% of your allocation) that you can't allow. You might have to ask them to reduce it to a $20,000 allocation. In such cases, you need to be very upfront with them and make sure that you give them some upside in the later rounds.
c. In addition, there can be one peculiar situation where you may have to negotiate. Let's say if the valuation of the company is not defined and angels are coming together in the round, you can ask the lead angel to come up with a good valuation for the company, or come up with one yourself. And if they are negotiating, try to understand where they are coming from. Also keep in mind, angels are investing their own money. So you, too, don't want to be very greedy with the valuation.
4. My collateral contains everything about my business. How do I protect the confidentiality of my idea?
a. As I said before, angel fundraising is an exercise in trust-building and it works both ways. If an angel is already investing in your startup, they have a vested interest to make sure all your rights are protected.
b. But in some cases you will come across situations where they may try to show the collateral to another company especially when they might have an investment in a competitor company. To avoid that, try to clarify these things right on the first call with the angel.
c. You can create authentication protocols for accessing the information. At OSlash, we kept our collateral on Notion and shared access only when the angel requested it. Or you can use something like DocSend where your deck can be shared only via email access. But a lot of this depends on trust. You do want to make sure the detailed numbers don't go out, but for the memo and deck, try to make sure access is authenticated. Make it fail safe.
5. How expensive is it to raise an angel round? What are the major costs and fees involved?
a. It was expensive to raise an angel round back in the day. Say if you're trying to get 20-30 angels, you have to bring them all onto your cap table. There’s the legal cost of paperwork. You have to follow up with them to coordinate wire transfers - make sure they send the right banking information, collect the cheques, and more. For us, it was not just legally expensive but also cost a lot of time.
b. Thankfully, a few firms like AngelList came up with a special purpose vehicle where all of these angels can come together as one structured firm and the firm can invest as a single entity in the cap table. And that used to cost $8,000 - all that was required for a successful angel round.
c. Now, with AngelList RUV, things have become even easier. Plus, if a company is incorporated in Delaware and you are raising SAFEs or equity, they offer a no-fee RUV. There is zero cost attached to it. Most software companies incorporated in the US are Delaware incorporated, but if you're not a Delaware incorporation, the whole thing can be done at $2,500 which is still a pretty good deal.
6. What should I do if an angel refuses to invest in my startup? If a deal falls through?
If an angel says no to investing in a startup, that's completely okay! You have many out there, you know? Try to speak with more angels. And I think that should also be a goal. You should always aim higher. Try to get more angels than you need, because some of them might change their mind. After all, all of us are human. So it's not a big deal.
With companies adding stock options to compensation packages, it’s important for both founders and employees to understand how ESOPs work. This guide by our CEO, Ankit Pansari, will help dispel the ambiguity around equity compensation in early-stage tech companies.
For most startups, funding is a scarce resource and the goal is to put every dollar to work. One area where startups can save money is their SaaS stack. In this guide, our CEO, Ankit Pansari, shares our SaaS stack & describes how we got almost all of these tools for free.
Bonus: Get a list of startup programs that offer great deals on various tools!
Acquiring SOC 2 compliance is critical even for early-stage startups to avoid potential loss of business. The process is far from easy but you can get certified as fast as we did by following our founders’ guide to SOC 2 compliance.
As our world has gone increasingly online, so has our data. With this, the risk of it getting into the wrong hands has risen manifold.
As recently as June 2021, LinkedIn saw a breach that left the personal data—names, emails, geolocation, and more—of its 700 million users up for sale in a Dark Web forum. It exposed its users to a deluge of potential cyber attacks.
Such security threats exist not just for individuals but also for enterprises, especially those working with third-party vendors (such as SaaS providers). If third-party vendors mishandle data, enterprises stand vulnerable to serious security issues such as theft of proprietary secrets and intellectual property, extortion, and installation of malware and viruses.
No company wants to take information security lightly. No company wants to work with a service provider who cannot guarantee the safety of their data. This is where SOC 2 compliance comes in.
And this is why we wrote a guide to help you understand all about SOC 2 compliance and how to achieve it fast, just the way we did.
SOC 2 (Service Organization Control 2) is an auditing framework and a voluntary compliance standard applicable to SaaS and other technology service companies that store client data in the cloud.
The framework, developed by the American Institute of CPAs (AICPA), defines a set of criteria for effectively and safely managing this data. The benchmark is accepted globally.
A company that is SOC 2 compliant ensures that its controls and practices protect the privacy and security of customer data. It therefore earns not just the business but also the trust of its client organizations.
If you’re building a startup, you already have more than enough on your plate—from hiring the right candidates to finding a product-market fit and accelerating growth.
You might be wondering if acquiring SOC 2 compliance is as critical at such an early stage.
And the short answer is yes, it is.
Here are the top 3 reasons why SOC 2 certification is a must-have, even for early-stage startups:
If your startup provides technology services, including B2B SaaS and cloud computing, you should invest in SOC 2 compliance. While the certification is not legally mandatory, it is advantageous (and almost essential) considering the reasons above.
Despite being a compliance standard, SOC 2 does not prescribe a set of processes, tools, or controls to be applied.
Instead, it lists 5 criteria — the Trust Service Criteria (TSC) — that a company should aim for in order to ensure information security. The companies are free to adopt the security practices and implement the controls that they like.
The 5 TSC are: security, availability, processing integrity, confidentiality, and privacy.
Out of these, only one (security) is a must-have for your SOC 2 compliance report. The rest are optional and can be included in the audit based on the stage of your startup and the category of services you offer.
Here is a glimpse of the 5 TSC:
A must-have for every SOC 2 audit, especially for early-stage startups, security criteria will include measures to safeguard your data and apps from cyber threats.
As the name suggests, the Availability criteria deal with operational uptime and performance standards. You can opt for these in case your customers require reassurance about avoiding downtime, having adequate backup plans, and ensuring that data recovery systems are in place in case of an emergency.
Processing Integrity criteria will be vital in case you have clients that demand accurate, reliable, and timely processing of data (such as a Fintech company).
If you work with customer data that is covered by a Non-Disclosure Agreement (NDA), you’ll need to include Confidentiality criteria into your assessment. This showcases your commitment to safeguarding confidential information such as intellectual property, proprietary/business-sensitive details, and financial information etc. disclosed to you by your clients.
Privacy criteria should find a place in your SOC 2 report in case your clients store Personally Identifiable Information (PII) such as medical records, birthdays, employment data, social security numbers etc. This demonstrates that you have controls in place to protect such data from breaches and unauthorized access.
You may have come across various kinds of SOC reports on the internet. They include SOC 1, SOC 2, and SOC 3.
Here are the key differences between them:
Not only are SOC 1, 2, and 3 reports different from each other, there are two different kinds of SOC 2 Compliance Reports as well.
While the SOC 2 Type I report signifies that security controls are in place at a particular point in time, the Type II Report validates the presence of the controls over a period of time.
In order to achieve the SOC 2 Type II certification, you have to ensure that the controls are being operated over three-six months for the first audit and over one year for the following audits. Yes, monitoring continues even after the first audit as your SOC 2 Type II compliance needs to be renewed every 12 months.
Tip: The Type I certification can be a good (and relatively inexpensive) starting point for your startup. But as you scale and expand, it’s likely that your clients would require you to produce the more stringent SOC 2 Type II certification as a proof of continued compliance and commitment to their data security.
While it may take you anywhere between 2 weeks to a month to get your certification once the audit is complete, the preparation phase for achieving an SOC 2 compliance lasts considerably longer, depending upon the nature and scope of compliance you opt for.
Now that you know what TSC are, you should decide which ones are most relevant for your business. These will be the scope of your audit report. You should also decide whether you need a Type I or a Type II compliance audit.
If you choose to go ahead with the Type II audit, remember to take into account the longer timelines associated with it.
Example: If your clients need a 6-month Type II report (evidence that your controls have been in place for 6 months) and your team needs 4 months to prepare for the audit, you’ll need to wait 10 months before you can start the audit. The wait gets even longer if your client needs a 1-year Type II report.
This is why it’s important to get started on your SOC 2 compliance as soon as possible, ideally long before requests for reports start coming in from your customers.
Imagine manually scouring through every machine, every system in your company to gather the evidence of SOC 2 compliance. And then painstakingly uploading it for your auditors.
You probably won’t be able to get back to running your primary business anytime soon.
This is what makes a compliance platform indispensable. It can help you automate evidence collection, preparation of policy documentation, and security monitoring for smoother audits.
A good compliance platform is one that integrates seamlessly with your existing security tech-stack (and has the potential to adapt if your tools undergo a change in the future). This is essential for it to automatically and continuously gather monitoring information from your data systems to assess the status of your security measures.
To ease this step for you, here is a list of some compliance platforms to choose from, complete with their advantages and limitations.
After setting up your compliance tool, you would need to choose your auditor.
Your audit firm should ideally be a licensed CPA firm that specializes in information security and fulfills basic accreditation criteria such as being registered with the Public Company Accounting Oversight Board.
It is likely that your compliance platform has a list of partner firms to choose from or can recommend to you one that fits. The suitability of the firm will depend on the stage and maturity of your startup, your budget, as well as the relative experience of the firm in dealing with your industry and/or product.
The preparation phase of SOC 2 compliance begins with a financial risk assessment. Together with your audit partner, you will quantify risks related to each Trust Service Criteria and identify if your existing controls are effective. This will help you discover vulnerabilities and potential hazards to your organization in case of a data breach etc.
Automated compliance platforms help in making most of this process painless.
Once you have the compliance platform and the auditors figured out, you can get down to building up your security stack. Chances are you already have one in place, but it may be lacking the tools that will fetch you your SOC 2 compliance certification.
How will you know which tools are missing, if at all?
Your compliance platform will answer that for you by pointing out the missing security layers in your existing stack. Broadly you need the following types of tools to be SOC 2 compliant:
Audit readiness is where the bulk of your and your team’s efforts will go during the SOC 2 compliance preparation.
After the internal risk assessment is complete, you’ll have identified some gaps based on existing and potential security threats. It is likely that you have some security controls already in place.
You will establish audit readiness by remedying these gaps and bolstering controls wherever required, as per the TSC you have chosen.
Or, if you’ve implemented the second step of outsourcing it to a compliance platform, you can simply sit back and relax as the software does all the grunt work for you — from writing policies to implementing the right controls.
Tip: Be mindful of the common security issues that can often surface while conducting audit readiness, including
You should maintain the controls and processes in place right upto the official audit, especially in case of the SOC 2 Type II audit.
After you’ve complied with all the above requirements of the audit, the last step is to write a security system description and submit it to your auditors.
Now you might ask us, What’s a security system description?
Simply put, it is a description or summary of the company and its systems. These are the components that you have in place to be able to carry out your business.
What does it include?
All the details regarding your company’s
For a detailed overview, check out this help article.
Once you hand over the system description to your auditors and give them access to your compliance platform, you are basically through with the process, at least for achieving SOC 2 Type I certification.
For the Type II certification, you need to ensure continuous compliance and leave controls in place over a six-month to one-year period, depending upon the choice of the observation period you made in step 1.
That’s it! You should receive your compliance certification once the observational period is over.
As you celebrate becoming SOC 2 compliant, don’t forget to share the good news on your website, social media, newsletters, and basically everywhere else your (prospective) clients can get to see it. And where they can use it to trust you with their business.
It’s a laurel to flaunt. Trust us, we know ;)
The cost of SOC 2 compliance for your startup will depend on a number of factors, including
The total cost of SOC 2 compliance can be broken down into four phases (these are estimates).
As such, you can expect to pay anywhere between $50k (when automating compliance) to $200k (when not) for attaining your SOC 2 Type II compliance.
That’s it! This is the entire process for achieving the SOC 2 compliance for your startup. It’s a lot of effort whether you hire a consulting firm or do it on your own using automation software. You’ll need time, patience, and financial resources.
But it will all be worth it when your next big client asks you if you’re SOC 2 compliant.
We hope we have answered all your questions regarding SOC 2 for your startup.
And while you’re here, let us throw in a superfast way for you to bypass your busywork!