How to Set Up a Private Placement Data Room (Folder Structure + Checklist)

Last updated: June 2026

Quick answer: Set up a private placement data room around the offering, not a generic deal stack. Use a seven-folder structure — Offering Documents (PPM, term sheet, subscription agreement, investor questionnaire), Corporate & Formation (charter, operating/LP agreement, resolutions, cap table), Financials, Material Contracts & IP, Diligence, Compliance (Form D, blue-sky, bad-actor reps), and Investor Correspondence — and for each folder decide what it contains AND who can see it. Gate the PPM behind an NDA + accredited-investor questionnaire + email verification, give every investor a per-recipient watermarked link, and (for a 506(c) round) keep a dedicated folder to collect and log accreditation-verification evidence. The frame to remember: a PPM discloses; the data room proves. Run it on Peony Data Room at $52/admin/month — watermarks, granular per-file permissions, instant revoke, AI auto-indexing — and you can go live the same afternoon.

I run Peony, a data room platform serving 5,900+ customers across M&A, fundraising, and private capital. A recurring request from founders and sponsors is some version of: "I have a PPM and a list of accredited investors — how do I actually build the room?" They've usually read a generic "how to set up a data room" guide and found it doesn't answer the securities-specific questions: where does the subscription agreement go, how do I keep the PPM hidden until someone signs an NDA, and what do I do about 506(c) verification?

This guide is the securities-offering-specific version of data-room setup. If you want the universal eight-step mechanics, our generic how-to-set-up-a-data-room guide covers them — and you should read it first if data rooms are new to you. This post is the private-placement layer on top: the folder structure shaped by your offering, the document checklist by offering stage, the permission tiers for accredited and sophisticated investors, and a realistic go-live timeline.

The single idea that should drive every decision: a private placement memorandum discloses the story of the offering; the data room is where you prove it. Every risk factor, every financial claim, every "material contract" the PPM references should have a corresponding document in the room that substantiates it — and the room is also where you capture the verification evidence and subscription e-signatures that make the close defensible.

For the strategy layer above this build — choosing 506(b) vs 506(c), structuring the whole offering — see the private placement data room hub and the Reg D 506(b) vs 506(c) guide.

---

What is a private placement data room, and why does setup differ from a generic data room?

A private placement data room is the secure, access-controlled environment an issuer (a company, sponsor, or SPV organizer) uses to disclose an exempt securities offering — typically under Regulation D, Rule 506(b) or 506(c) — to prospective accredited investors, collect their qualification and verification evidence, and capture signed subscription documents. Private placements are the dominant way private companies raise: per the SEC, issuers raised roughly $259 billion through Rule 506(b) and about $16 billion through Rule 506(c) in the year from July 2022 to June 2023.

A generic data room setup is a universal workflow — define purpose, choose a platform, plan folders, upload, set permissions, secure, go live. A private placement room is that workflow shaped by securities law, and three things change:

• The folders are organized around the offering, not a generic corporate stack — the PPM, subscription agreement, investor questionnaire, Form D, and bad-actor representations are first-class folders.
• The access model is built around investor qualification — an NDA-plus-questionnaire gate before the PPM, and (for 506(c)) a verification-evidence intake — rather than simple bidder tiers.
• The room doubles as your compliance file — the per-investor, who-saw-what-version audit trail and the captured subscription e-signatures are part of the offering record.

The rest of this guide builds that room step by step.

What folder structure should a private placement data room use?

This is the question that sends most issuers to a generic guide and leaves them unsatisfied. A private placement room uses seven offering-oriented folders — and the move that makes it genuinely useful (rather than a flat numbered list) is to decide, per folder, both what it contains and who can see it:

Two structural rules carry this:

1. Folder 1 is gated; the rest open after the gate clears. Nothing in the Offering Documents folder — least of all the PPM — is visible until a prospect verifies email, signs the NDA, and completes the accredited-investor questionnaire.
2. Folder 7 is isolated per investor. Each investor's subscription package, signed documents, and verification evidence live in their own space; no investor can see another's identity or paperwork. A leaked investor list is a real risk, and isolation is the fix.

If you'd rather not build this by hand, upload your files in bulk and let AI auto-indexing classify them into this structure in minutes, then set the per-folder permissions once. This is also where Peony differs from convert-to-PDF rooms: your financial model can render as a live, interactive spreadsheet in the browser (formulas compute, no download), so an investor can interrogate the projections without you emailing the real .xlsx — and it stays wrapped in watermarking, screenshot protection, and instant revoke.

For the deeper "what every claim needs to prove" inventory, our generic folder-structure thinking and the broader due diligence data room checklist map the supporting-document categories in depth — pull from them to populate Folders 3 through 5.

What is the private placement document checklist by offering stage?

A folder structure tells you where things go; a stage checklist tells you when to add them. Build the room in the order the offering actually moves, so the room is always one step ahead of the investor:

1. Structuring. While counsel finalizes terms, stage drafts of the PPM, term sheet, and the Corporate & Formation documents (charter, operating/LP agreement, resolutions, current cap table). Keep these internal until they're final.
2. Marketing. Publish the finished PPM, investor deck, and one-pager into the Offering Documents folder — gated behind the NDA and the accredited-investor questionnaire. This is the first thing a qualified prospect sees.
3. Diligence. Open Financials (statements, model, projections), Material Contracts & IP, and the Diligence substantiation file. This is where you prove every claim the PPM makes.
4. 506(c) verification intake (only if you're generally soliciting). Stand up the folder where each investor's verification evidence is collected and logged — a third-party verifier's letter, or the documents your reviewer relies on. (More on the compliance line below.)
5. Subscription. Add the subscription agreement, investor questionnaire, and wiring instructions, with e-signature capture so an investor can subscribe inside the room rather than over email.
6. Closing. Drop in countersigned subscription documents, the updated cap table, and closing certificates. The room becomes your closing binder.
7. Reporting. Keep a standing post-close folder for investor updates, K-1s or tax documents, and financials — so the relationship outlives the raise.

Don't duplicate the work the fund-vehicle versions already cover: if you're raising a blind-pool fund from LPs rather than selling your own company's securities, the VC fund data room checklist and the real estate fund data room guide walk the LP-diligence document set (ILPA DDQ, track record, waterfall). This post is the issuer/company-offering checklist — a company or sponsor selling its own securities to accredited investors.

How do you gate the PPM behind an NDA and investor questionnaire?

The PPM is the document you least want floating in inboxes, so it should be the last thing a prospect sees, not the first. Set the gate so the sequence a prospective investor experiences is:

1. Click their per-recipient link (unique to them, tracked individually).
2. Verify their email (identity check on the way in).
3. Sign the NDA with an integrated e-signature.
4. Complete the accredited-investor questionnaire.
5. Only then does the Offering Documents folder — including the PPM — become visible.

Nothing in the offering is exposed before that gate clears. On Peony, NDA gating, per-recipient links, e-signatures, password protection, link expiry, and page-level analytics are available from the Business plan ($30/admin/month) — and analytics, expiry, and password protection are on the free tier. The reason most issuers step up to the Data Room plan ($52/admin/month) is the PPM itself: that tier adds dynamic watermarks (viewer name, email, and timestamp on every rendered page), screenshot protection, granular per-file permissions, and single-viewer instant revoke. A watermarked, revocable PPM that you can pull back from one specific investor the moment a relationship stalls is the entire reason not to email the document around.

How do you set permissions for accredited and sophisticated investors — and verify accreditation?

Permissions in a private placement are keyed to investor qualification, not generic viewer tiers. Use permission groups plus per-recipient links:

• 506(c) (general solicitation): every investor must be accredited and verified, so you typically run one accredited group with the PPM and full diligence open post-gate, plus the verification-intake folder.
• 506(b) (no general solicitation): you may include up to 35 non-accredited but sophisticated investors alongside accredited ones — give that group a narrower view if counsel advises, and keep the verification-intake workflow for the accredited side.
• Per investor: every investor gets their own personalized link, so you can track engagement per person, revoke a single investor instantly, and keep each investor's subscription documents isolated in their own correspondence folder.

Now the compliance line, stated carefully: a data room does not verify accreditation for you. Under Rule 506(c), you (or a third party you rely on — a CPA, attorney, or verification service) must take reasonable steps to verify each investor's accredited status. Accredited generally means, per the SEC, income over $200,000 (or $300,000 joint) for the past two years, or net worth over $1 million excluding your primary residence, or holding a Series 7, 65, or 82 license. The March 12, 2025 SEC no-action letter to Latham & Watkins clarified that a high minimum investment paired with the investor's written representations can satisfy 506(c) in defined circumstances — your counsel decides which path applies.

What the room does is operationalize the workflow without overclaiming: it gates access behind the NDA, questionnaire, and email verification; it gives you a dedicated, access-controlled folder to collect and log each investor's verification evidence (for example, a verifier's letter the investor uploads); and it produces a per-investor, who-saw-what-version audit trail that becomes part of your offering file. Think of it as evidence collection and access gating, never as automated accreditation. For staged-disclosure mechanics across multiple investors at once, our multiple-bidders data room guide covers the isolation patterns.

How do you go live, and what is a realistic setup timeline?

The go-live path for a private placement room is short if you let the platform do the heavy lifting:

1. Bulk upload every document you have — drafts and finals, unsorted.
2. Let AI auto-indexing classify them into the seven offering-stage folders in minutes (then move the handful it places in borderline spots).
3. Set the gate — NDA + accredited-investor questionnaire + email verification on the Offering Documents folder.
4. Configure permissions — accredited/sophisticated groups, per-investor isolation on the Correspondence folder, watermarks and view-only on the PPM and sensitive contracts.
5. Add e-signature fields to the subscription agreement and NDA.
6. Share per-recipient links with your prospect list, then watch page-level analytics to see who's actually reading the PPM and financials.

Realistically, the upload-and-index step is minutes; the bulk of your time goes to the gate and permissions. Most issuers go from a pile of files to a live, gated room the same afternoon — a different universe from the 20-to-40-hour manual builds that the generic setup guide warns about, and far faster (and cheaper) than spinning up a legacy per-deal VDR for a single Reg D raise. Once you've sold, remember the standing obligation: file your Form D on EDGAR within 15 days of the first sale (a Compliance-folder task, not a room task), and keep the Reporting folder alive for post-close investor updates.

How is this different from setting up a generic data room or a fund data room?

Two differentiations worth making explicit, because they decide which guide you should actually be following:

Versus a generic data room. The generic how-to-set-up-a-data-room post is the universal eight-step workflow that applies to any deal — fundraise, M&A, legal, board. This post keeps that skeleton but reshapes it for a securities offering: offering-oriented folders, qualification-based access, a verification-evidence intake, and a room that doubles as a compliance file. If you only need the universal mechanics, start there; if you're running a Reg D offering, stay here.

Versus a fund data room. The VC fund data room checklist and real estate fund data room guide cover a blind-pool fund raising from LPs — the document set is built around the ILPA due-diligence questionnaire, the GP's track record, and the distribution waterfall. This post covers the issuer/company offering — a company or sponsor selling its own securities directly to accredited investors. Both are private placements in the legal sense, but the room contents and audience differ. If you're forming a fund, follow the fund guides; if you're a company or SPV selling an interest in a specific opportunity, this is your build.

The bottom line: build the room your PPM points to

A private placement data room isn't a generic folder dump with a fancier name. It's a room organized around your offering (seven folders, each with a clear "what it contains and who sees it"), gated by investor qualification (NDA + questionnaire + email verification before the PPM), and structured to double as your compliance file (per-investor audit trail, captured subscription e-signatures, a folder for verification evidence). Build it by stage, let AI auto-indexing collapse the setup time, watermark the PPM, and give every investor their own revocable link.

Remember the frame through the whole build: a PPM discloses; the data room proves. The room exists to substantiate every claim the memorandum makes — and to make the close defensible.

See Peony for fundraising → · Start a data room →

---

Related resources

• Private Placement Data Room (The Complete Guide) — the cluster hub: strategy and structure above this build
• Private Placement Memorandum: What It Is and What It Proves — the disclosure document this room substantiates
• Reg D Data Room: 506(b) vs 506(c) — choosing the exemption that sets your gating and verification rules
• How to Set Up a Data Room (the generic 8-step workflow) — the universal version; this post is the securities-offering-specific layer
• VC Fund Data Room Checklist — the fund-vehicle version (raising a blind-pool fund from LPs)
• Real Estate Fund Data Room — the real-asset fund-vehicle version
• Due Diligence Data Room Checklist — the supporting-document inventory for Folders 3–5
• Best Data Room for Multiple Bidders — staged disclosure and per-investor isolation
• Peony for Fundraising
• Peony Pricing