high high likelihood
R-001: Current financial quality and valuation are opaque
Public sources disclose historical funding, 2021 ARR, and broad customer scale, but not current revenue quality, retention, margins, cash, debt, burn, runway, or post-2021 valuation marks.
Diligence request: Require audited financials, monthly ARR bridge, cohort retention, customer concentration, debt schedule, cash runway, cap table, and investor financing documents before valuation work.
high high likelihood
R-002: Competitive pricing and positioning pressure
ActiveCampaign competes with entry-level email tools, full CRM suites, e-commerce automation specialists, and AI-native automation tools; PCMag flags price scaling, learning curve, and CRM depth limits.
Diligence request: Analyze win/loss, discounting, churn by competitor, price sensitivity, CAC payback, time-to-value, and product differentiation by segment.
high medium likelihood
R-003: Consent-driven messaging and privacy compliance exposure
SMS, WhatsApp, email, privacy, international transfers, CCPA/LGPD, DPF, and sensitive communication data create compliance obligations that may produce regulatory, class-action, and platform-policy risk.
Diligence request: Review consent logs, opt-out handling, complaints, regulator correspondence, DSAR logs, DPA/SCC/DPF controls, Meta/carrier policies, and privacy counsel memos.
medium high likelihood
R-004: Product complexity and AI execution risk
Broad automation, CRM, integrations, messaging, acquired products, and AI-agent features can create onboarding complexity, support burden, technical debt, and unproven AI monetization.
Diligence request: Review usage telemetry, feature adoption, onboarding completion, support tickets, R&D roadmap, AI cost, model governance, and product-level churn/ARR.
medium high likelihood
R-007: Third-party platform and integration dependency
Integrations, Meta/WhatsApp, SMS carriers, payment processors, APIs, and app ecosystems create external dependency risk that can affect availability, compliance, deliverability, and customer workflows.
Diligence request: Review key third-party contracts, SLAs, platform-policy change history, supplier concentration, integration uptime, and contingency plans.
medium medium likelihood
R-005: Security and privacy incident exposure
Public security materials show controls, but a reported 2022 social-engineering event and sensitive customer-data processing warrant incident and control diligence.
Diligence request: Review SOC 2 Type II, pen tests, vulnerability SLAs, incident register, postmortems, customer notifications, cyber insurance, and account-takeover controls.
medium medium likelihood
R-006: Team, governance, and headcount uncertainty
Public sources identify senior executive hires and global headcount anchors, but do not disclose board rights, succession plans, attrition, functional productivity, or current HRIS data.
Diligence request: Request board roster, executive turnover, employment agreements, equity grants, HRIS export, attrition by function/geography, compensation benchmarks, and succession planning.
medium unknown likelihood
R-008: IP, litigation, and legal-record gaps
Trademark signals are public, but patents, source-code ownership, OSS compliance, acquired IP, litigation schedules, regulatory inquiries, and insurance claims are not fully verifiable from accessible public sources.
Diligence request: Counsel should provide IP schedule, official trademark/patent review, OSS/SBOM, invention assignments, litigation/regulatory schedule, insurance policies, and M&A IP assignment documents.