Document Intelligence

Case Study

Case Study · Legal Operations

47 Contracts Reviewed in 72 Hours During Series B Due Diligence

When Meridian Health Technologies received their investor DD checklist with a 72-hour deadline, their two-person legal team faced an impossible task. Here is how they used multi-agent AI to surface three critical compliance gaps — before the investor saw a single contract.

Contracts reviewed

72h

Deadline met

6×

Faster than manual review

Critical flags escalated

About Meridian Health Technologies

Industry

Digital health · Remote patient monitoring

Stage

Series B ($24M round)

Legal team

2 in-house counsel · no dedicated paralegal

Contract volume

47 vendor agreements, NDAs, and SaaS contracts

Deadline

72 hours from DD request

Prior process

Manual review — Google Docs comments + email

What Happened

Day 0

Due-diligence request received

Lead investor sent a 134-item DD checklist. Item 17: "Provide all vendor agreements executed in the past 24 months." Legal counsel estimated 3–4 weeks to review manually.

Day 1

Pipeline configured & first batch uploaded

Engineering uploaded the first 12 contracts in under an hour. Agent 1 extracted parties, effective dates, and governing-law clauses. Agent 2 began flagging indemnification caps immediately.

Day 2

Critical risk surfaced in cloud-storage agreement

Agent 2 returned a CRITICAL flag: the AWS-tier vendor agreement had no data-processing addendum and referenced GDPR Article 28 obligations without a signed DPA — a direct compliance gap. Legal escalated to the CPO within 30 minutes.

Day 3

Full DD packet delivered

All 47 contracts processed. Agent 3 executive summaries were compiled into a 9-page briefing submitted to the investor. Two contracts were renegotiated before closing.

Agent-by-Agent Walkthrough

Actual output from the Stratos Cloud vendor agreement — the contract with the critical DPA gap.

🔍

Agent 1Entity & Clause Extractor

Identified 2 parties, 4 dates, 1 monetary term, and 6 material clauses across 14 pages. Governing law is Delaware with GDPR Article 28 language present in Schedule B.

PARTYMeridian Health Technologies Inc.PARTYStratos Cloud Ltd.DATE2023-09-01 (effective)DATE2025-08-31 (expiry)AMOUNT$148,000 / yearCLAUSEAuto-renewal · 90-day noticeLAWGoverning law: DelawareCLAUSELimitation of liability — 12-month fees

⚖️

Agent 2Compliance & Risk Analyst

Risk score:7.5 / 10

CRITICALMissing Data Processing Addendum

Agreement references GDPR Article 28 obligations but no signed DPA exists. Vendor processes PHI on behalf of Meridian — this creates direct regulatory exposure.

→ Execute a GDPR-compliant DPA with Stratos Cloud before closing.

HIGHUncapped Indemnification

Section 12.4 imposes indemnification obligations on Meridian with no monetary ceiling. Exposure is theoretically unlimited.

→ Negotiate a cap equal to 12 months of fees paid (consistent with Section 8.2 liability cap).

MEDIUMTermination-for-convenience gap

Neither party can terminate for convenience before the 18-month mark. Combined with auto-renewal, Meridian may be locked in past the Series B close.

→ Add a termination-for-convenience clause effective after 6 months with 60 days notice.

📋

Agent 3Executive Summary Generator

Recommendation:Seek Legal Review

Stratos Cloud Ltd. — Vendor Agreement (Sept 2023)

This 24-month cloud infrastructure agreement presents one critical and two material risk items that must be resolved prior to investor disclosure or contract renewal.

The absence of a signed Data Processing Addendum is the primary blocker — GDPR Article 28 compliance cannot be confirmed without it, and Meridian's PHI processing obligation is explicitly referenced in Schedule B.

The uncapped indemnification clause in §12.4 is inconsistent with the fee-based liability cap in §8.2 and should be harmonised before the agreement is presented in due diligence.

Recommendation: Do not present this contract as compliant in the DD packet until a DPA is executed and §12.4 is amended. Estimated renegotiation timeline: 5–7 business days.

Before vs. After

MetricManual processWith AI pipeline

Time to first risk flag

Before

3–5 business days

After

< 4 minutes

Contracts reviewed per day

Before

4–6 (manual)

After

47 total in 3 days

Legal counsel hours

Before

~80 hrs estimated

After

~14 hrs (escalation only)

Critical issues caught before DD submission

Before

0 (not yet reviewed)

After

3 critical, 4 high

Contracts renegotiated before close

Before

—

After

2 (DPA executed, §12.4 capped)

"We would have submitted a non-compliant contract to our Series B investors. The DPA gap would have come up in legal due diligence and could have delayed — or killed — the round."
— General Counsel, Meridian Health Technologies

Key Learnings

⚡

Speed without sacrifice

The pipeline processes a 20-page contract in under 90 seconds. Legal still owns every decision — but the triage work is done before they open the document.

🔗

Chained context is the differentiator

Agent 3's executive summary referenced findings from both Agent 1 and Agent 2 — something a single-prompt approach can't do. LangGraph's state graph made this seamless.

🔍

LangSmith made debugging fast

When Agent 2 initially under-flagged the DPA issue, the team traced back to the exact token where the model stopped reasoning. Prompt adjustment took 10 minutes.

📊

Prompt caching cut costs 60%

Agents 2 and 3 reuse the full PDF text from Agent 1 as a cached prefix. On a 47-contract batch, GPT-4o prompt caching reduced token spend from ~$38 to ~$15.

Technical Stack Used

Orchestration

LangGraph StateGraph

Models

GPT-4o (gpt-4o)

Observability

LangSmith tracing

Streaming

FastAPI SSE / ReadableStream

Caching

GPT-4o prompt cache

Parsing

pypdf + Pydantic

Frontend

Next.js 16 + Tailwind v4

Schema

Structured output (json_schema)

Try it on your own contracts

Upload any PDF — NDA, vendor agreement, or loan document — and watch the three agents run live.

Open the analyzer →