Security due diligence for acquisitions

Know what you're buying before you connect it.

Closeproof runs security due diligence on an acquisition target, scores the risk, and carries you from the first screen through Day 100 of integration. Your deal data never leaves your browser.

Local-first. No account. No upload. In private beta.

No backend. No accounts. No upload. For M&A data, local-first is not a cost saving. It is the point.

The problem

The most sensitive picture of a target is its weaknesses.

Acquisition security lives in spreadsheets and shared data rooms. A map of everything wrong with the target gets copied across inboxes, consultants, and vendor platforms before the deal even closes. Closeproof keeps that map on your machine.

What it does

From first screen to Day 100.

01

Staged questionnaire and risk scoring

Screen and deep-dive question sets across nine security domains, scored into a per-domain risk picture.

greenamberred
02

Findings and board memo

Turn answers into a findings register with control mappings, then generate a board-ready memo in a click.

03

Day 1: connect or isolate

A decision tree that tells you whether to isolate, stage, or fast-connect the target, with the controls each path requires.

04

100-day integration board

A workstream plan from close to Day 100, pre-populated from templates and generated from your own findings.

AI-accelerated with your own API key. Every AI draft is marked unverified until you approve it.

Why local-first

Your deal never touches someone else's server.

Nothing leaves your browser
All data lives in local storage on your device.
Bring your own AI key
Calls go direct from your browser to your provider.
Encrypted local backups
Export a passphrase-encrypted file you control.
No account, works offline
Nothing to sign up for, nothing to breach.

Who it is for

Built for the people who own the risk.

CISOs at acquisitive companies PE operating partners vCISO and advisory firms