How to Create a Data Room: A Step-by-Step Guide

Step 1: Decide what the data room is for

Your purpose shapes everything else: which documents you include, how you structure folders, and how tightly you lock things down.

• Fundraising: You are sharing with prospective investors. Focus on the story: traction, financials, cap table, and your pitch deck. Keep it lean and skimmable.
• M&A or acquisition: A buyer needs depth. Expect detailed contracts, IP records, and employee data. Permissions and audit trails matter more here.
• Due diligence: Whether for a loan, partnership, or investment, the goal is to answer reviewer questions before they ask. See how teams run this on Plox for due diligence.

Write the purpose and audience in one sentence. It becomes your filter for every later decision. A useful test: "This room exists so that [audience] can [decision] by [date]." A founder raising a Series A might write, "So that 12 investors can complete diligence and issue term sheets within three weeks." That sentence tells you what to include and, just as importantly, what to leave out.

Step 2: Gather and organise your documents

Before you upload anything, collect the documents that belong in the room. Pulling everything together in advance prevents the half-finished room that makes reviewers nervous. Use this checklist as a starting point and trim it to fit your purpose.

Section	What to include
Corporate & legal	Certificate of incorporation, bylaws, shareholder agreements, board minutes, key permits and licences
Financials	Profit and loss statements, balance sheets, cash flow, financial model, monthly management accounts
Cap table & fundraising	Current cap table, option pool, SAFEs or convertible notes, prior round terms, valuation history
Product & tech	Product roadmap, architecture overview, IP and patents, security and data policies
Team	Org chart, founder bios, key employee contracts, advisor agreements, hiring plan
Market & traction	Market sizing, growth metrics, KPIs, cohort and retention data, the pitch deck
Customers & contracts	Customer list, major contracts, partnership agreements, churn and pipeline data

Name files consistently. A clean convention (for example 2026-Q1-PnL.pdf) is the difference between a reviewer finding what they need and emailing you to ask. A simple rule that scales: YYYY-MM-DD_Topic_Version.pdf. Dates sort chronologically, topics group naturally, and the version tag kills the "is this the latest model?" question.

The create-a-data-room checklist (copy this)

Work top to bottom. Each line is either done or it isn't, so there is no ambiguity when you hand the room to a colleague to review.

DATA ROOM SETUP CHECKLIST

Define
[ ] Purpose written in one sentence (audience + decision + date)
[ ] Audience list drafted (who gets in, who is blocked)
[ ] Sensitivity tier marked per folder (open / NDA / restricted)

Gather
[ ] All documents collected into one staging folder
[ ] File naming convention applied (YYYY-MM-DD_Topic_Version)
[ ] Outdated or superseded files removed
[ ] Pitch deck or executive summary finalised
[ ] Financial model exported as PDF (kill live-edit links)

Build
[ ] Top-level folders created with numbered prefixes
[ ] Most important document placed at the top
[ ] Nesting kept to two levels
[ ] Spot-check: a stranger can navigate it in under 30 seconds

Secure
[ ] Verified-email access turned on
[ ] NDA gating enabled (if required)
[ ] Allow/block list set (block competitors)
[ ] Dynamic watermarking on sensitive folders
[ ] Downloads disabled on contracts and financials
[ ] Link expiry / revoke tested

Share
[ ] Custom branding and domain applied
[ ] One link generated (or email invites sent)
[ ] Visitor groups configured (lead vs prospect access)
[ ] Test view from an incognito window before sending

Track
[ ] Real-time notifications enabled
[ ] Page-by-page analytics confirmed working
[ ] Follow-up plan based on engagement signals

Step 3: Structure folders clearly

A reviewer should understand your folder layout in seconds. Mirror the checklist sections above as top-level folders, then nest sparingly.

• Use numbered prefixes (01 Corporate, 02 Financials) so the order stays intentional.
• Keep nesting to two levels where possible. Deep folder trees hide documents.
• Put the most important document, usually the pitch deck or executive summary, at the top.
• Remove anything outdated. An old financial model creates confusion and risk.

With Plox you upload files into data rooms and arrange folders directly, so the structure your viewers see is the structure you intend.

A folder template you can copy

This layout works for most fundraising and diligence rooms. Drop folders you do not need and the numbering still reads cleanly.

00 Start Here
    Executive summary / one-pager
    Pitch deck
01 Corporate & Legal
    Certificate of incorporation
    Bylaws / articles
    Shareholder agreements
    Board minutes
    Permits & licences
02 Financials
    P&L statements
    Balance sheets
    Cash flow
    Financial model (PDF)
    Monthly management accounts
03 Cap Table & Fundraising
    Current cap table
    Option pool
    SAFEs / convertible notes
    Prior round terms
04 Product & Technology
    Roadmap
    Architecture overview
    IP & patents
    Security & data policies
05 Team
    Org chart
    Founder bios
    Key employee contracts
    Advisor agreements
06 Market & Traction
    Market sizing
    Growth metrics / KPIs
    Cohort & retention data
07 Customers & Contracts
    Customer list
    Major contracts
    Partnership agreements
    Churn & pipeline

For a deeper breakdown of why this order works and how to adapt it by stage, see our guide on data room folder structure and the practical walkthrough on how to organize a data room.

Step 4: Set permissions and access

This is where a real data room differs from a shared cloud folder. You decide who gets in and what each person can do.

1. Verified-email access: Require viewers to confirm their email before opening anything, so you know exactly who is in the room.
2. Allow and block lists: Grant access to specific people or domains, and block competitors or unwanted addresses.
3. NDA gating: Require visitors to accept a non-disclosure agreement before they see a single file. Plox supports a one-click NDA so the prompt appears the moment a viewer opens the room.
4. File-level permissions: Hide sensitive folders from some viewers while showing them to others, all from one room.
5. Visitor groups: Give your lead investor full access while a new prospect sees only the high-level material.

On Plox, verified-email access, allow and block lists come with the Team plan, while file-level permissions, visitor groups, Q&A, and NDA gating sit in the Data Rooms plan. There is a 14-day Data Rooms trial, so you can test the full permission stack before deciding.

A practical rule for sensitivity tiers: mark each folder open, NDA, or restricted in your checklist, then map those tiers to your permission settings. Most rooms keep 00 Start Here and 01 Corporate open after email verification, gate 02 Financials and 07 Customers & Contracts behind an NDA, and restrict the cap table and full contracts to your lead only until a term sheet is on the table.

Step 5: Add watermarking and disable downloads

For confidential material, viewing should not mean copying. Two controls do most of the work.

• Dynamic watermarking: Stamp each page with the viewer's email and timestamp, so any leaked screenshot traces back to a person. Because the watermark is applied per viewer on every page, the same file shown to two investors carries two different stamps.
• Disable downloads: Let viewers read documents in the browser without saving a local copy. Combined with screenshot protection, this keeps sensitive files in the room.

Apply these to your most sensitive folders, such as contracts and financials, rather than blanket-locking everything, since reviewers dislike friction on routine documents. A founder one click away from frustrating their lead investor is not worth the marginal security on a public press release.

Step 6: Invite viewers and share one link

Now open the room. With Plox, every viewer opens documents in the browser with no account and no download required, so there is nothing for your audience to install.

• Share a single secure, trackable link, or invite people by email.
• Send the same link to everyone; access rules and visitor groups handle who sees what.
• Add your branding and a custom domain so the room looks like an extension of your company.

One link replaces a tangle of email attachments and avoids the version-control nightmare of files scattered across inboxes. Because the link never changes, you can update a file inside the room and every viewer instantly sees the new version: no "please disregard my last email" follow-ups.

Before you send, open the link in an incognito window and walk it as a viewer would. You will catch a missing NDA prompt or an over-permissioned folder in 60 seconds, well before an investor does.

Step 7: Track engagement and follow up

The data room is not just storage. It tells you who is interested and how seriously.

• Page-by-page analytics show which documents each viewer opened and how long they spent on each page. This is available on every Plox plan, including Free.
• Real-time notifications ping you the moment someone opens the room, so you can follow up while you are top of mind.
• Use the signals to prioritise: an investor who spent ten minutes on your financials is a warmer lead than one who skimmed the cover page.

If a viewer has questions, a built-in Q&A module keeps the back-and-forth in one place. Plox also offers Ploxie, an AI assistant inside the room that answers viewer questions directly from your documents, so a reviewer can ask "what was Q3 net revenue retention?" and get an answer without emailing you at 11pm.

A worked example: a founder raising a seed round

Maya is raising a $2M seed round. Here is how the seven steps play out in practice.

1. Purpose: "So that 10 angels and 2 funds can decide to invest within four weeks." Lean, story-first.
2. Documents: She gathers the deck, a one-page summary, a P&L, a three-year model, the cap table, and two key customer contracts. Total: 14 files.
3. Structure: She uses folders 00 Start Here through 03 Cap Table, drops 04 to 07 because a seed room does not need them yet.
4. Permissions: Verified email on, competitors blocked, the cap table restricted to the two funds doing real diligence.
5. Protection: Watermarking on the model and contracts, downloads off for both.
6. Share: One branded link sent to all 12 prospects from her own domain.
7. Track: Two days in, analytics show one fund spent 14 minutes on the model and reopened the cap table. She emails them first. They lead the round.

The whole build took her under 30 minutes because the files were ready. The advantage was not the tooling alone, it was knowing which investor to chase.

Where a data room is not the right tool

Be honest about fit. If you are sharing a single, non-confidential PDF with one person, a data room is overkill. A trackable secure link does the job with less setup, and Plox supports that on the free plan without building a room at all. Data rooms earn their keep when you have multiple documents, multiple viewers, and a real need to control and measure access. For a one-off cover letter or a public deck, skip the room.

Likewise, if your deal demands formal compliance certifications for a specific regulated process, confirm the platform meets your auditor's requirements before committing. Match the tool to the obligation rather than assuming any data room covers every standard.

How Plox compares for building a data room

There are good tools in this space. DocSend, for instance, is genuinely strong at lightweight link sharing and is a familiar default for sending a single deck, with clean analytics. Where it falls short is a thin free tier and no AI or data-room storytelling layer. Papermark is a credible open-source DocSend alternative if you want to self-host. Legacy enterprise VDRs (iDeals, Intralinks, Datasite, Ansarada, Firmex) are deep and compliance-heavy, but they are sales-gated, pricey, and dated for a founder who wants a room live today.

Capability	Plox	DocSend	Legacy VDRs
Real free plan	Yes (links, analytics, real-time notifications, no card)	Limited	No
Pricing model	Flat, published, self-serve	Published, pricier	Quote-based, sales-gated
Page-by-page analytics	Every plan, including Free	Yes	Yes
Dynamic watermarking	Yes, per viewer per page	Yes	Yes
Data rooms with folders	Yes	Add-on / Advanced	Yes
NDA gating	One-click	Yes	Yes
AI in the room	Ploxie answers from your docs	No	Mostly no
Time to live	Minutes, no sales call	Minutes	Days, procurement
Best for	Founders and dealmakers who want speed and a real free tier	Solo deck sharing	Large regulated M&A

For broader context on options and tradeoffs, the U.S. Securities and Exchange Commission's overview of due diligence in securities offerings is a useful primer on why reviewers expect organised, controlled disclosure.

Get your data room live in minutes

You do not need a procurement process or a sales call to set up a professional data room. Plox is flat self-serve pricing with a free plan and a 14-day Data Rooms trial, so you can build, share, and track a room today. Compare options on the pricing page and create your data room. If you want inspiration first, browse real data room examples to see how other founders structured theirs.

Frequently asked questions

What is a data room?

A data room is a secure online space for sharing confidential documents with investors, buyers, or advisors during a deal or diligence process. Unlike a shared cloud folder, it adds access controls, document protection, and analytics so you know who viewed what.

How long does it take to set up a data room?

With a self-serve tool like Plox, a basic data room can be live in minutes once your documents are ready. The longest part is usually gathering and organising files, which the checklist in this guide is designed to speed up. Most founders who arrive with files in hand finish the full build in under 30 minutes.

What should go in a data room for fundraising?

For fundraising, prioritise your pitch deck, traction and KPIs, financial model, cap table, and corporate and legal basics. Keep it lean: investors want a clear story, not every document your company has ever produced. A seed room often needs only four or five folders.

How do I keep documents secure in a data room?

Use verified-email access so you know who is in the room, require an NDA where appropriate, apply dynamic watermarking, and disable downloads on sensitive files. File-level permissions let you hide confidential folders from viewers who do not need them. Mark each folder open, NDA, or restricted before you set permissions so nothing slips through.

Can I see who viewed my data room?

Yes. Plox provides page-by-page analytics and real-time notifications on every plan, including Free, so you can see which documents each viewer opened, how long they spent, and follow up at the right moment. The time-per-page signal is often the clearest indicator of genuine interest.

Do viewers need an account to open the data room?

No. With Plox, viewers open documents directly in the browser with no account and no download required. You share one secure, trackable link and access rules handle the rest.

What is the difference between a data room and a shared folder?

A shared folder simply stores files. A data room adds access control, NDA gating, watermarking, download restrictions, visitor groups, and analytics, giving you security and insight a plain folder cannot provide.