Advising on Capital, Building with AI, Executing Like Operators
LinkedIn

M&A Readiness

Sale Process

Selling a SaaS or Subscription Business: Valuation, Diligence, and Process

May 4, 2026  ·  11 min read · In-depth

SaaS and subscription businesses trade on ARR multiples and net revenue retention, not EBITDA. A business with 120% NRR and 85% gross margins at 4x ARR competes with EBITDA-based businesses at 8–10x. Understanding how buyers underwrite recurring revenue determines whether your process is positioned correctly from the first buyer conversation.

Best for:Founders preparing for a saleM&A advisors & bankers
Use this perspective to move toward transaction readiness, sale timing, or M&A execution work.

Key takeaways

  • SaaS and subscription businesses are valued on ARR or MRR multiples, not EBITDA, with the multiple driven by net revenue retention (NRR), growth rate, gross margin, and customer concentration.
  • Net revenue retention above 110% is the single strongest valuation signal in a recurring revenue business: it means existing customers expand faster than they churn, making the revenue base self-compounding.
  • Buyers underwrite cohort retention, not just headline churn: a business with 5% monthly churn in year one but strong expansion from survivors looks very different from one with 2% churn but no expansion.
  • Customer contract transferability is a diligence risk unique to SaaS: enterprise agreements often require customer consent to assignment in a change of control, and a material portion of ARR in non-transferable contracts can kill a deal or force significant price adjustment.
  • Strategic acquirers pay technology premiums for distribution leverage, product roadmap acceleration, or customer access, but technology diligence (code quality, infrastructure debt, security posture) is more intensive than in traditional M&A.

In this article

  1. How buyers value SaaS and subscription businesses
  2. The metrics that determine your multiple: NRR, GRR, churn, and cohorts
  3. Customer contract diligence: the SaaS-specific closing risk
  4. Technology diligence: what buyers actually assess
  5. The buyer universe and process strategy for recurring revenue businesses
  6. Common mistakes SaaS and subscription founders make before a sale

ARR multiple range

3x–8x ARR for lower middle market SaaS ($3M–$15M ARR) depending on growth, NRR, and gross margin

110%+

Net revenue retention threshold that signals self-compounding customer base

85%+

Software gross margin threshold buyers expect for full ARR multiple treatment

A SaaS or subscription business is a fundamentally different asset from a traditional services or product company, and the M&A process that produces the best outcome for a recurring revenue founder looks different from a standard lower middle market sell-side process. The valuation framework, the buyer universe, the diligence requests, and the metrics that drive or destroy value are distinct enough that preparing a SaaS business for sale using the same playbook as an EBITDA-based business almost always produces a suboptimal result.

The core difference is that buyers of recurring revenue businesses are underwriting the quality, durability, and expansion potential of the revenue base, not a point-in-time earnings figure. A business with $5M ARR, 115% net revenue retention, 82% gross margins, and 30% growth is a different asset than a $5M EBITDA manufacturing business at 15% margins, even if they trade at comparable dollar values. The metrics that communicate quality are different, the diligence process that validates them is different, and the buyers who are best positioned to pay the highest price are different.

This guide covers what recurring revenue founders need to understand before entering a sale process: how buyers value SaaS businesses, which metrics drive the multiple, how diligence is structured, and what preparation work produces the best outcome.

How buyers value SaaS and subscription businesses

The primary valuation framework for SaaS and subscription businesses is an ARR (annual recurring revenue) multiple, not an EBITDA multiple. Buyers assess the quality of the ARR base, its retention, expansion dynamics, gross margin profile, and growth trajectory, and apply a multiple to current or forward ARR. For lower middle market SaaS businesses ($3M–$15M ARR), ARR multiples at close typically range from 3x to 8x, with the spread driven by the metrics described below.

ARR Multiple DriverLow-Multiple SignalHigh-Multiple Signal
Net revenue retention (NRR)Below 95%: existing customers are shrinking; revenue base decays without new logo acquisitionAbove 110%: existing customers expand faster than they churn; revenue base is self-compounding
Gross marginBelow 65%: hosting, support, or delivery costs are high; unit economics are stressedAbove 80%: high software gross margin; incremental revenue nearly all drops to margin
ARR growth rateBelow 15%: growth is decelerating; buyer must underwrite a flat or declining profileAbove 30%: growth rate justifies premium; buyer models into a compounding return
Customer concentrationTop 3 customers >40% of ARR: loss of one customer is existentialNo single customer >15% of ARR; diverse, resilient base
Revenue predictabilityMonth-to-month contracts; high voluntary churn riskMulti-year contracts with auto-renew; low voluntary churn
Payback periodCAC payback >36 months: unit economics require long customer relationships to break evenCAC payback <18 months: capital-efficient growth; favorable LTV:CAC ratio

EBITDA is often negative in growing SaaS businesses, and buyers expect this. A SaaS business that is burning 15–20% of ARR to fund growth at 40% annual rates is underwriting a different risk/return profile than a cash-flowing services business. Buyers who value recurring revenue businesses on EBITDA are often strategic acquirers who want the revenue stream for distribution leverage, not PE buyers investing in the growth model. Understanding which buyer type is making an offer, and which valuation framework they are using, is critical to evaluating whether an LOI is fair.

For lower middle market SaaS businesses that are also EBITDA-positive, buyers will often present both frameworks and use the one that produces the lower value. A business generating $1.5M of EBITDA on $6M ARR might trade at 8x EBITDA ($12M) or 4x ARR ($24M) depending on which framework the buyer uses. Recognizing this dynamic, and positioning the business against the ARR framework when the metrics support it, is a core objective of the sale process.

The metrics that determine your multiple: NRR, GRR, churn, and cohorts

Net revenue retention (NRR) is the single most important metric in a SaaS diligence process. NRR measures what percentage of last year's ARR from existing customers is still generating revenue this year, including expansion from upsells and cross-sells, minus contraction from downgrades, and minus churn from cancellations. An NRR above 100% means the existing customer base is growing without any new logo acquisition. An NRR of 120% means that for every $100 of ARR from customers who were paying one year ago, those same customers are now paying $120.

Gross revenue retention (GRR) measures the same dynamic but excludes expansion, it is pure retention. GRR can never exceed 100%. The gap between NRR and GRR reveals the expansion engine: a business with 88% GRR and 115% NRR has significant expansion revenue offsetting material churn. A business with 96% GRR and 96% NRR has excellent retention and minimal expansion. Both are good businesses, but they have different growth profiles and diligence stories.

NRR 120%

Existing customer ARR grew 20% without new logo acquisition, each dollar retained compounds

GRR 90%

10% of prior-year ARR churned from existing customers, before accounting for expansion

Cohort analysis is how buyers validate the retention metrics. Rather than accepting headline churn numbers, buyers decompose the customer base by acquisition vintage (all customers acquired in Q1 2022, Q3 2022, etc.) and track what percentage of each cohort's ARR survived through each subsequent quarter. This analysis reveals whether retention has been improving or degrading over time, whether early cohorts are churning at higher rates than recent ones (suggesting product-market fit has improved), and whether the reported NRR is consistent across vintages or concentrated in a few high-expanding customers masking broad underlying churn.

Cohort PatternWhat It Signals
Early cohorts retain poorly; recent cohorts retain wellProduct-market fit improved; business is better than trailing retention suggests; favorable for valuation
Early cohorts retain well; recent cohorts churn fasterQuality of customer acquisition has declined; recent growth came from customers who don't stick; unfavorable
NRR is high but concentrated in 2-3 accountsExpansion is driven by outliers, not systemic; churn of one expansion account would collapse NRR
GRR is below 90% but NRR is above 110%Business is signing replacement customers faster than churning; unit economics may be worse than they appear
Retention flat or improving across all vintagesConsistent, defensible retention history; buyers can underwrite the future with confidence

Working through this yourself?

Kolton works directly with founders on M&A readiness, deal structure, and AI implementation — one advisor, not a team of generalists.

Schedule a conversation →

Customer contract diligence: the SaaS-specific closing risk

Customer contract transferability is a diligence risk unique to SaaS and subscription businesses that traditional M&A advisors often underestimate. Enterprise software agreements frequently contain change-of-control provisions that require the customer's written consent before the agreement can be assigned to a new owner. If a material percentage of ARR is concentrated in contracts with assignment restrictions, the transaction faces a specific closing risk: a customer who refuses consent can walk away from a multi-year agreement without penalty.

The risk is not theoretical. In lower middle market SaaS transactions, change-of-control consent requirements in enterprise contracts are common, and customers who are not satisfied with the existing product, who have been negotiating price reductions, or who are mid-way through evaluating alternatives use the change-of-control event as an opportunity to exit. The loss of a customer representing 8–12% of ARR at closing creates both revenue impairment and a renegotiation event with the buyer around the working capital peg or purchase price.

Before engaging a banker, a SaaS founder should systematically review every enterprise customer agreement for: (1) change-of-control notification requirements; (2) assignment-requires-consent provisions; and (3) termination rights triggered by a change of control. Contracts representing more than 5% of ARR with material assignment restrictions should be identified, evaluated, and, where possible, re-papered or proactively managed before the process begins.

Contract Risk CategoryWhat to Do
Enterprise contracts with assignment-requires-consentIdentify and prioritize; consider proactive customer conversations before a process is launched to build relationship and reduce surprise
Auto-renew contracts on evergreen termsVerify renewal dates; a contract up for renewal during a live diligence process is a negotiating moment for the customer
Month-to-month or no-contract customers representing >10% of ARRDiligence will flag this as a retention risk; consider converting to annual contracts in the 12–18 months before a process
Government contracts (SLED, federal)Often non-assignable without agency consent; may require a separate novation process that extends closing timelines
Customer contracts with most-favored-nation (MFN) provisionsPrice improvement given to one customer may flow to all MFN customers; buyers will want to understand the exposure

Technology diligence: what buyers actually assess

Technology diligence in a SaaS acquisition is more intensive than in a traditional services or product company sale. Buyers, particularly strategic acquirers and PE sponsors with existing software platforms, want to understand the quality of the codebase, the scalability of the infrastructure, the security posture, and the depth of technical documentation. Founders who have built functional products without institutional engineering practices often discover that technology diligence surfaces issues that either delay closing or justify price adjustments.

Technology Diligence AreaWhat Buyers AssessRed Flags That Affect Price
Codebase quality and documentationIs the code maintainable? Is there meaningful technical documentation? Can engineers outside the founding team understand and extend it?No documentation; custom-built infrastructure with no redundancy; sole-founder code with no peer review history
Cloud infrastructure and hostingAWS/Azure/GCP architecture; scalability evidence; reliability track record (uptime)On-premise hosting with no cloud migration path; infrastructure built on a single engineer's personal account
Security postureSOC 2 Type II certification; penetration testing history; data handling and access controlsNo SOC 2; PII handled without documented access controls; history of data incidents
Dependency and vendor riskThird-party library currency; critical vendor dependencies; API reliance on single providersOutdated dependencies with known CVEs; single-vendor critical path with no contingency
Technical debt quantificationKnown refactoring needs; deferred infrastructure work; product roadmap items blocked by architectureLarge backlog of deferred technical work; architecture that cannot scale without a rewrite
Customer data architectureHow customer data is segmented and handled; multi-tenant vs. single-tenant; data portabilityCustomer data commingled in single-tenant architecture; no documented data retention or deletion policy

SOC 2 Type II certification is increasingly a buyer expectation in SaaS diligence, particularly when the customer base includes enterprise accounts. A SOC 2 Type II audit demonstrates that the company has maintained documented controls around security, availability, and confidentiality over a defined period, typically 6 to 12 months. Pursuing SOC 2 certification in the 12–18 months before a sale process is one of the highest-return preparation investments available to a SaaS founder because it both clears a common diligence obstacle and signals institutional process discipline to buyers.

A $4.2M ARR vertical SaaS business in the property management space received its first PE term sheet at 4.5x ARR. Technology diligence revealed that the infrastructure was running entirely on a single engineer's personal AWS account (no corporate account, no formal access controls), the codebase had no documentation outside of inline comments, and the company had no SOC 2 certification despite selling to property management firms handling tenant PII. The buyer's technology advisor flagged these as material findings. The final LOI came in at 3.8x ARR with a $400K escrow holdback conditional on successful infrastructure migration within 6 months of close. The founder estimated that 12 months of preparation, corporate AWS migration, SOC 2 audit, and basic documentation, would have added 0.5–0.7x ARR to the final multiple.

The buyer universe and process strategy for recurring revenue businesses

The right buyer universe for a SaaS or subscription business depends on the size, growth profile, and strategic fit. For lower middle market recurring revenue businesses ($3M–$15M ARR), there are three primary buyer categories, each with different pricing frameworks, due diligence intensity, and post-close integration expectations.

Buyer TypeValuation FrameworkWhat They're BuyingPost-Close Expectations
Strategic acquirer (large software company)Revenue multiple or product value; may exceed 6–8x ARR for strong strategic fitDistribution leverage, product roadmap acceleration, or elimination of a competitorDeep integration; product rationalization possible; earnout tied to revenue retention or product milestones
PE-backed software platform (add-on)ARR multiple aligned with platform comps; 4–6x ARR typicalRecurring revenue base to add to existing platform; customer overlap for cross-sellModerate integration; management team often retained; growth targets set
PE growth equity (platform investment)ARR multiple with growth premium; 5–8x ARR for 30%+ growth businessesStandalone growth; management team building a platformLight-touch integration; founder often stays as CEO; significant growth capital deployed
Bootstrapped acquirer or strategic operatorOften EBITDA-based; frequently below ARR-based valuationsCash flow; product or customer base for their existing operationMinimal integration; founder often fully exits

Scroll to see more →

The process strategy for SaaS businesses differs from traditional lower middle market auctions in several ways. The buyer universe is often smaller, there are fewer buyers in the market for a $5M ARR vertical SaaS business than for a $5M EBITDA services business. The management presentation is heavier on product demonstrations and technical architecture than on financial analysis. And the negotiation dynamics often involve earn-out structures tied to ARR or NRR targets rather than EBITDA thresholds, reflecting the forward-looking nature of the revenue base.

If your SaaS business is EBITDA-positive at meaningful margins, do not let a PE buyer value you on EBITDA. An 8x EBITDA multiple on $1M of EBITDA is $8M. A 4x ARR multiple on $5M ARR is $20M. These can be the same business. The positioning choice, which framework to lead with, which buyers to prioritize, is one of the highest-stakes decisions in a recurring revenue sale process. An advisor who defaults to EBITDA framing for a SaaS business is likely leaving significant value on the table.

Common mistakes SaaS and subscription founders make before a sale

MistakeWhat It CostsHow to Avoid
Not calculating or presenting NRR before buyers askBuyers calculate it themselves from raw data and present an unfavorable methodology; founder has no defensible counterCalculate NRR, GRR, and cohort retention 12–18 months before a process; own the methodology and present it proactively in the CIM
Mixing contracted ARR with non-contractual recurring revenueBuyers discount month-to-month revenue heavily; high-quality ARR and low-quality MRR get averaged, reducing the multipleSegment revenue by contract type: multi-year contracted ARR, annual ARR, and MRR; present each separately with retention rates
No SOC 2 certification going into a processTechnology diligence flags it; enterprise customers use it as leverage; buyers apply a holdback or price adjustmentBegin SOC 2 Type II audit 12–18 months before a planned sale process; it takes 6–12 months to complete
Infrastructure running on personal accounts or without formal access controlsTechnology diligence flags as material finding; triggers escrow holdback or price adjustmentMigrate to corporate cloud accounts; implement formal access controls; document the architecture before a process begins
Accepting EBITDA-based valuation from a buyer who should pay on ARRFounder accepts 8x EBITDA ($1.5M EBITDA × 8 = $12M) when 4x ARR ($6M ARR × 4 = $24M) is the correct frameworkRun a parallel analysis of both valuation frameworks; engage an advisor who understands recurring revenue businesses
Not auditing customer contract assignment provisionsChange-of-control clauses trigger customer exit rights; 1–2 large customers walk at closingReview every enterprise agreement for assignment and COC provisions before a process; proactively manage relationships with customers who have exit rights

Work with Glacier Lake Partners

Discuss a SaaS or Subscription Business Sale

Recurring revenue businesses require a different positioning framework, buyer universe, and diligence preparation than EBITDA-based businesses. The approach matters.

Resources for Founders

Research sources

SaaStr: SaaS Valuation Benchmarks 2024Battery Ventures: State of the OpenCloud ReportSRS Acquiom: M&A Deal Terms Study 2024

Disclaimer: Financial figures and case studies in this article are illustrative, based on representative middle market assumptions, and are not guarantees of outcome. Statistical references are drawn from cited third-party research; individual transaction and operational results vary based on business characteristics, market conditions, and deal structure. This content is for informational purposes only and does not constitute legal, financial, or investment advice. Consult qualified advisors for guidance specific to your situation.

Explore adjacent topics

Operational Discipline

Operational discipline is still the fastest path to credibility

AI-Enabled Execution

AI should remove friction, not create a science project

Found this useful?Share on LinkedInShare on X
Kolton Shreve

Kolton Shreve

Founder, Glacier Lake Partners

Background in investment banking, private equity, and AI-enabled workflow design. Glacier Lake Partners advises founder-owned and middle market companies on AI workflow implementation, M&A readiness, and operating discipline.

LinkedIn ↗
Investment BankingPrivate EquityAI Workflow Design

Related reading

M&A Readiness

What private equity buyers look for in lower middle market diligence

The specific things sophisticated buyers underwrite in a lower middle market transaction — and how preparation changes outcomes.

M&A Readiness

Transaction readiness checklist for founder-owned businesses

A practical framework for evaluating where a founder-owned business stands relative to what a credible transaction process requires.

Related service

M&A Advisory

Move from the insight into the most relevant advisory path for this topic.

Related service

Transaction Readiness

Move from the insight into the most relevant advisory path for this topic.

Related service

Sell Your Business

Move from the insight into the most relevant advisory path for this topic.

Next Step

Recognized a situation? A direct conversation is faster.

If a perspective maps to an active transaction, operating, or AI challenge, the right next step is a short discussion — not more reading.

Confidential inquiriesReviewed personally1 business day response target
Discuss a Situation
View Advisory Services

Direct contact

Email DirectlyCall +1 (808) 388-2570