Notes to the Condensed Consolidated Financial Statements (Unaudited)
For the three and nine months ended September 30, 2024, revenue recognized from amounts included in deferred revenue at the beginning of the period was $42.4 million and $39.1 million, respectively. For the three and nine months ended September 30, 2023, revenue recognized from amounts included in deferred revenue at the beginning of the period was $29.2 million and $25.1 million, respectively.
Remaining Performance Obligations
剩餘履行義務是指尚未確認的合同未來營業收入的金額,包括遞延收入。截至2024年9月30日,公司剩餘履行義務爲$126.6 百萬,其中400萬美元投資於2022年4月,500萬美元投資於2022年5月。 結果,非控股權益增加百萬美元,可贖回的非控股權益增加百萬美元。 2022年7月,同美和少數投資者又投資了$118.6 預計將在接下來的百萬美元內確認。 十二個月 and $8.0 百萬預計將在超過十二個月的期間內確認。
The following table presents components of accrued expenses (in thousands):
17
Klaviyo, Inc.
Notes to the Condensed Consolidated Financial Statements (Unaudited)
As of,
September 30, 2024
December 31, 2023
Accrued compensation and employee related costs
$
27,524
$
25,644
Accrued sabbatical
3,045
3,394
Accrued value added tax
4,647
7,530
Other accrued taxes
4,100
6,830
Accrued cost of revenue
11,442
6,656
Accrued professional services
3,352
3,605
Accrued marketing
7,852
6,374
Other accrued expenses
2,955
2,805
Total accrued expenses
$
64,917
$
62,838
7. Commitments and Contingencies
Contractual Obligations and Commitments
The Company has material long-term non-cancelable contractual obligations outstanding with marketing vendors and various service providers. Future minimum payments under the Company’s non-cancelable purchase commitments as of September 30, 2024 and December 31, 2023, were $276.6 million and $346.2 million, respectively.
Legal Matters
From time to time, the Company may become involved in legal proceedings or be subject to claims arising in the course of its business, including but not limited to claims brought by its customers in connection with commercial disputes and litigation arising from employee and ex-employee related matters. The Company is not presently subject to any pending or threatened litigation, individually or taken together, for which it is reasonably possible to have a material effect on its consolidated financial position or results of operations.
Guarantees and Indemnification Obligations
In the ordinary course of business, the Company enters into agreements with its customers that include commercial provisions with respect to licensing, infringement, indemnification, and other common provisions. The Company does not, in the ordinary course of business, agree to indemnification obligations for the Company under its contracts with customers except for intellectual property infringement claims related to the Company’s services. Based on historical experience and information known at September 30, 2024 and December 31, 2023, the Company has not incurred any costs for guarantees or indemnities.
8. Leases
The components of lease expense are as follows (in thousands):
Three Months Ended September 30,
Nine Months Ended September 30,
2024
2023
2024
2023
Operating lease cost
$
3,274
$
3,149
$
9,562
$
9,453
Short-term lease cost
—
125
178
534
Financing lease cost
5
5
15
15
Total lease cost
$
3,279
$
3,279
$
9,755
$
10,002
Supplemental balance sheet information related to the Company’s operating leases is as follows (in thousands):
18
Klaviyo, Inc.
Notes to the Condensed Consolidated Financial Statements (Unaudited)
As of,
September 30, 2024
December 31, 2023
Operating lease ROU assets
$
30,141
$
36,987
Operating lease liabilities, current
13,126
14,081
Operating lease liabilities, non-current
29,333
37,498
Total lease liabilities
$
42,459
$
51,579
Supplemental cash flow information and non-cash activity related to the Company’s leases are as follows (in thousands):
Nine Months Ended September 30,
2024
2023
Cash paid for operating lease liabilities, net of tenant incentives received
$
11,805
$
11,482
ROU assets recognized for new leases and amendments (non-cash)
$
—
$
1,299
Other information related to leases is as follows:
As of,
September 30, 2024
December 31, 2023
Weighted average remaining lease term
3.4 years
4.1 years
Weighted average discount rate
5.01
%
4.97
%
Future undiscounted annual cash flows for the Company’s operating leases as of September 30, 2024 are as follows (in thousands):
Fiscal Year Ending December 31,
Remaining portion of 2024
$
3,519
2025
13,249
2026
13,441
2027
12,692
2028
3,205
Total future undiscounted lease payments
46,106
Less imputed interest
(3,647)
Total lease liabilities
$
42,459
The table above does not include options to extend lease terms that are not reasonably certain of being exercised or leases signed but not yet commenced as of September 30, 2024.
In addition to the operating lease liabilities noted in the table above, during the three months ended September 30, 2024, the Company entered into a lease in the United Kingdom that has not yet commenced with future lease payments totaling $17.4 million over the term of the lease that are not yet recorded on the Condensed Consolidated Balance Sheets. The lease will commence in the fourth quarter of 2024 with a non-cancelable lease term of two years.
During the three and nine months ended September 30, 2024, 344,384 and 1,033,147 warrants vested, respectively. The Company has no vested but unexercised warrants outstanding as of September 30, 2024. During the three and nine months ended September 30, 2023, 4,526,162 and 5,706,904 warrants vested, respectively.
21
Klaviyo, Inc.
Notes to the Condensed Consolidated Financial Statements (Unaudited)
11. Stock-Based Compensation
Equity Incentive Plans
On September 1, 2015, the Company’s board of directors (the “Board”) adopted the 2015 Plan. The Board or, at its sole discretion, a committee of the Board, is responsible for the administration of the 2015 Plan. As of September 30, 2024, outstanding awards under the 2015 Plan include options and RSUs. Generally, 2015 Plan awards vest into shares of Series B common stock and are immediately reclassified to shares of Series A common stock based upon the employee’s conversion election made at the time of the IPO. All equity grants subsequent to the IPO are made pursuant to the 2023 Plan, which was approved by the Board effective as of September 18, 2023. The Board or, at its sole discretion, a committee of the Board, is responsible for the administration of the 2023 Plan. As of September 30, 2024, the Company’s authorized common stock includes 59,707,908 shares of Series A common stock reserved for issuance of equity awards under the 2023 Plan, of which 47,773,156 shares are available for future grants.
The 2015 Plan provides for the grant of various types of stock-based compensation awards including, but not limited to, RSUs, incentive stock options (“ISOs”), non-qualified stock options (“NSOs,” referred to collectively with ISOs as “options”) and restricted stock awards (“RSAs”) to directors, consultants, employees, and officers of the Company. ISOs may only be granted to employees, and the exercise price thereon cannot be less than the fair value of the Company’s common stock on the date of grant or less than 110% of the fair value in the case of employees holding 10% or more of the voting stock of the Company. The exercise price on NSOs must be at least equal to the fair value of the Company’s common stock on the date of grant. The Company has historically granted RSUs, ISOs, NSOs, and RSAs.
The 2023 Plan provides for the grants of various types of stock-based compensation awards including, but not limited to, RSUs, ISOs, NSOs, and RSAs. During the three and nine months ended September 30, 2024 and 2023, the Company solely granted RSUs as further described below.
Restricted Stock Units
During the three and nine months ended September 30, 2024, the Company granted RSUs to employees under the 2023 Plan, and during the three and nine months ended September 30, 2023, the Company granted RSUs to employees under both the 2015 and 2023 Plan. In general, RSUs granted under the 2015 Plan vest upon the satisfaction of both a service-based vesting condition and a performance-based vesting condition. Generally, the service-based vesting condition requires the grantee to remain an eligible participant, as that term is defined in the 2015 Plan, for a period of 4 years. Generally, RSUs vest quarterly over the entire 4-year period or vest 25% after 1 year, with the remainder vesting quarterly over the following 3 years. The performance-based vesting condition was satisfied upon the occurrence of the IPO in September 2023. In general, RSUs granted after the IPO under the 2023 Plan vest upon the satisfaction of service-based vesting conditions only. These service-based vesting conditions are consistent with those under the 2015 Plan detailed above.
Employee Stock Purchase Plan
On August 24, 2023, the Board adopted the ESPP pursuant to which eligible employees may contribute up to 15% of their base compensation to purchase shares of the Company’s Series A common stock at a price equal to 85% of the lower of (1) the fair market value of a share of the Company’s Series A common stock at the beginning of the offering period and (2) the fair market value of a share of the Company’s Series A common stock on the purchase date. The ESPP provides for 12-month offering periods beginning January 1 and July 1 of each year, or the next trading date thereafter. Each offering period will consist of two six-month purchase periods. The initial offering period began on January 2, 2024 and will end on December 31, 2024. As of September 30, 2024, the Company has 8,587,502 shares of Series A common stock available for issuance pursuant to purchase rights granted to the Company’s eligible employees under the ESPP. The ESPP provides that the number of shares reserved and available for issuance will automatically increase each January 1, beginning on January 1, 2024, by the least of 6,200,000 shares of our Series A common stock,
22
Klaviyo, Inc.
Notes to the Condensed Consolidated Financial Statements (Unaudited)
1% of the outstanding number of shares of our Series A common stock and Series B common stock on the immediately preceding December 31, or such lesser number of shares as determined by our administrator of the ESPP.
基於美元的淨營業收入留存率。 我們通過首先識別在確定日期之前十二個月的客戶群體來計算我們的基於美元的淨營業收入留存率(簡稱「NRR」)。然後我們計算該客戶群體在確定日期之前十二個月的年化經常性收入(簡稱「Prior Period ARR」)和該客戶群體在確定日期的年化經常性收入(簡稱「Current Period ARR」)。在任何確定日期,ARR是現有付費訂閱的年化價值,我們通過假設在下一個月沒有對這些訂閱進行更改來計算在該確定日期下,我們期望在下一個月收到的現有付費訂閱的收入金額,並將該金額乘以。
(Benefit) Provision for Income Taxes - Three Month Change
Three Months Ended September 30,
2024
2023
$ Change
% Change
($ in thousands)
(Benefit) provision for income taxes
$
(1,200)
$
819
$
(2,019)
(246.5)
%
The Company recorded an income tax (benefit) of $1.2 million for the three months ended September 30, 2024 compared to income tax expense of $0.8 million for the three months ended September 30, 2023 representing a change of $2.0 million. This was primarily due to filings in foreign jurisdictions.
Provision for Income Taxes - Nine Month Change
Nine Months Ended September 30,
2024
2023
$ Change
% Change
($ in thousands)
Provision for income taxes
$
64
$
1,786
$
(1,722)
(96.4)
%
Income tax expense for the nine months ended September 30, 2024 decreased by $1.7 million to $0.1 million compared to $1.8 million for the nine months ended September 30, 2023. This was primarily due to filings in foreign jurisdictions.
Liquidity and Capital Resources
We assess our liquidity in terms of our ability to generate cash to fund our operating, investing, and financing activities. In doing so, we review and analyze our primary sources and uses of liquidity to include cash balances on hand and cash flows from operations.
Since our inception through September 30, 2024, we have financed our operations primarily through sales of equity securities and payments received from our customers. In September 2023, we completed our IPO, which resulted in aggregate cash proceeds of approximately $320.1 million, after deducting approximately $17.7 million in underwriting discounts and commissions and $7.4 million in offering-related expenses.
As of September 30, 2024, our principal sources of liquidity included cash, cash equivalents, and restricted cash totaling $827.9 million, with such amounts held for working capital purposes. Our cash equivalents were comprised of $274.9 million in money market funds.
Our primary cash needs are for personnel-related expenses, selling and marketing expenses, and third-party cloud infrastructure expenses.
•network outages or security breaches and any associated expenses;
•foreign currency exchange rate fluctuations;
•executing acquisitions and integrating the acquired businesses, technologies, products, and other assets; and
•general economic and political conditions.
If we do not address these risks successfully, our business, results of operations, and financial condition could be adversely affected.
We operate in a highly competitive industry, and if we do not compete effectively with established companies or new market entrants, our business, results of operations, and financial condition could be adversely affected.
We operate in a highly competitive industry, and we expect competition to continue to increase. We face competition from a number of companies, including Adobe, Salesforce, Mailchimp, and Braze. We believe that our ability to compete depends upon many factors both within and beyond our control, including:
•fast time-to-value and ROI for customers;
•ease of deployment, implementation, and use;
•unified data architecture, with the ability to synchronize unaggregated, historical customer profile data with real-time event data in a single system-of-record;
•integrations with third-party applications, data sources, and open-source technologies;
•breadth and depth of features and functionality;
•quality and accuracy of data and predictive intelligence;
•ability to support multiple use cases and verticals;
•strength of sales & marketing and partnership efforts;
•market vision and product strategy;
•pace of innovation;
•brand awareness and reputation;
45
•performance, scalability, security, and reliability; and
•quality of service and customer satisfaction.
Many of our current and potential competitors have or may have significantly greater financial, technical, marketing, and other resources than we do. They may secure better terms from partners, adopt more aggressive or alternative pricing policies, or devote more resources to technology, infrastructure, sales, marketing, and customer service. These competitors may engage in more extensive research and development efforts, undertake more far-reaching marketing campaigns, and adopt more aggressive or alternative pricing policies which may allow them to attract customers or partners. For example, for our SMS offering, we do not currently separate carrier fees from the fees that our customers pay for our product. In contrast, some of our competitors separate carrier fees from their product fees, which may create the appearance of a lower product fee and which may appear more attractive. Our competitors may also develop a platform or products that are similar to ours or that achieve greater market acceptance than ours. This could attract customers or partners away from our platform or our products and reduce our market share.
In addition, if one or more of our competitors were to merge or partner with another of our competitors, our ability to compete effectively could be adversely affected. Our competitors may also establish or strengthen cooperative relationships with our current or future strategic distribution and technology partners or other parties with whom we have relationships, thereby limiting our ability to promote and increase the usage and adoption of our platform. We expect to encounter new competitors, which may include any of our current or future third-party platform providers or technology partners, both geographically and in our market verticals in and outside of retail and eCommerce. We may not be able to compete successfully against current or future competitors, and competitive pressures could adversely affect our business, results of operations, and financial condition.
Our business and success depend, in part, on our ability to successfully integrate with third-party platforms, especially with eCommerce platforms such as Shopify, and our business would be harmed as a result of any disruptions to these third-party platform integrations or our relationships with third-party platform providers.
addition, our revenue is dependent on the usage of our platform and the demand for our products, which in turn are influenced by the amount of business that our customers conduct. To the extent that weak or volatile economic conditions, including due to global health crises, labor shortages, supply chain disruptions, inflation, a government shutdown, geopolitical developments (such as the Russia-Ukraine conflict and the conflict in the Gaza Strip, as well as the implementation of, or changes to or further expansions of, trade sanctions, export restrictions, tariffs, and embargoes), deterioration of the financial services industry and other events outside of our control, result in a reduced volume of business for our customers and prospective customers, demand for, and use of, our platform and our products may decline. Specifically, because we currently operate primarily in the retail and eCommerce space, any disruption caused to the customers in this space, such as a weak global economy causing a shift in the economic viability of the retail and eCommerce businesses, may require us to adapt our business model and our operations accordingly. Furthermore, weak economic conditions may make it more difficult to collect on outstanding accounts receivable and increase our expenses. Specifically, customers may fail to make payments when due, default under their agreements with us, or become insolvent or declare bankruptcy, or a supplier may determine that it will no longer do business with us as a customer. Additionally, we generate a significant portion of our revenue from small businesses, which may be affected by economic downturns and other adverse macroeconomic conditions, as small businesses may be more likely to reduce their marketing expenses during such periods and do so to a greater extent than larger enterprises and typically have more limited financial resources, including capital borrowing capacity. In addition, a customer or supplier could be adversely affected by any of the liquidity or other risks that are described above as factors that could result in material adverse impacts on us, including but not limited to delayed access or loss of access to uninsured deposits or loss of the ability to draw on existing credit facilities involving a troubled or failed financial institution. If our customers reduce their use of our platform, or prospective customers delay adoption or elect not to adopt our platform or purchase our products, as a result of a weak economy or rising inflation and increased costs or otherwise, our business, results of operations, and financial condition could be adversely affected.
We may not be able to add new customers, retain existing customers, or increase sales to existing customers, which could adversely affect our business, results of operations, and financial condition.
We derive, and expect to continue to derive, the significant majority of our revenue from the sale of subscriptions to our platform. Our business and our growth are dependent on our ability to continue to attract and acquire new customers while retaining existing customers and expanding both their usage of our platform and the products we sell to them. The demand for our products may be inhibited, and we may be unable to grow our business and customer base, for a number of reasons, including, but not limited to:
•our failure to develop or offer new or enhanced products or features in a timely manner that keeps pace with new technologies, competitor offerings, and the evolving needs of our customers;
•difficulties providing or maintaining a high level of customer satisfaction, which could cause our existing customers to cancel or decrease their subscriptions or stop referring prospective customers to us;
•increases in our customer churn, decreases in our customer renewals or our failure to convert customers from lower tiers to higher tier priced subscriptions;
•perceived or actual security, availability, integrity, privacy, reliability, quality, or compatibility problems with our platform, including unscheduled downtime, outages, or security breaches;
•changes in search engine ranking algorithms or in search terms used by potential customers;
•our inability to market our platform in a cost-effective manner to new customers or to our existing customers due to changes in regulation, or changes in the enforcement of existing regulation, that would affect our marketing or pricing practices;
•unexpected increases in the costs of acquiring new customers;
48
•our ability to expand into new industry verticals and use cases; and
•our ability to expand into new geographic regions.
In order for us to sustain demand for our products and maintain or increase our revenue growth, it is important that our customers renew and/or expand their subscriptions. Most of our customers’ subscriptions with us are month-to-month, and they therefore have no obligation to renew their subscriptions or maintain their usage levels. Some of our customers have elected not to renew their subscriptions with us in the past, and it is difficult to accurately predict long-term customer retention. Further, to achieve continued growth, we must not only maintain our relationships with our existing customers, but expand our commercial relationships with our existing customers and encourage them to increase usage of our platform.
In order to increase our sales to new and existing customers, we may need to significantly expand our selling and marketing operations, including our sales force and third-party referral and marketing agency partners, and continue to dedicate significant resources to selling and marketing programs, both domestically and internationally. We rely on our marketing agency partners to provide certain services to our customers, as well as refer new customers to our platform. Our ability to increase our customer base and achieve broader market acceptance of our platform will depend, in part, on our ability to effectively organize, focus, and train our selling and marketing personnel, attract new marketing agency partners and retain existing marketing agency partners.
Any failure to continue to attract new customers, retain existing customers or increase usage of our platform by existing customers could have a material adverse effect on our business, results of operations, and financial condition.
We have a history of net losses, we anticipate increasing operating expenses in the future, and we may not be able to achieve and maintain profitability in the future.
We incurred net losses of $308.2 million and $49.2 million in the years ended December 31, 2023 and 2022, respectively, and a net loss of $1.3 million and $19.2 million during the three and nine months ended September 30, 2024, respectively. We are not certain whether we will be able to achieve profitability in the future. Based on our current planned operations, we expect our cash and cash equivalents will enable us to fund our operating expenses for at least the next twelve months. We have based this estimate on assumptions that in the future may prove to be wrong, and we could use our capital resources sooner than we currently expect. We also expect our costs and expenses to increase in future periods as we continue to invest in our business and increase our product offerings, which could negatively affect our future results of operations if our revenue does not continue to increase. In particular, we intend to continue to expend substantial financial resources on:
•our technology infrastructure and operations, including systems architecture, scalability, availability, performance, and security;
•platform development, including investments in our platform development team and the development of new products and functionality for our platform as well as investments in further improving our existing platform and infrastructure;
•international expansion;
•our selling and marketing organization, to engage our existing and prospective customers, increase brand awareness and drive adoption of our products;
•acquisitions or strategic investments; and
•general administration, including increased insurance, legal, and accounting expenses associated with being a public company.
49
We may not achieve the benefits anticipated from these investments, which could be more costly than we currently anticipate, or the realization of these benefits could be delayed. These investments may not result in increased revenue or growth in our business. If we are unable to maintain or increase our revenue at a rate sufficient to offset the expected increase in our costs, our business, financial condition, and results of operations could be adversely affected, and the trading price of our Series A common stock could decline as a result.
As we seek to move up-market, we expect our sales cycle with enterprise customers to be longer than with small-and-mid size businesses and we will be required to scale our operations, including by expanding our sales efforts, which may require considerable time and expense.
The majority of our customers are small to mid-size businesses and subscribe to our platform on a month-to-month basis. However, as we scale our business and enter into agreements with larger customers, such as enterprise customers, we expect that we will enter into longer-term agreements for usage of our platform and products. We anticipate that these prospective enterprise customers may have lengthy sales cycles for the evaluation and procurement of our platform and the timing of our sales cycles with these enterprise customers and the related revenue may be difficult to predict. For deals that were closed by our sales team in the year ended December 31, 2023 and in the nine months ended September 30, 2024, our median sales cycles were approximately 8 weeks and 9 weeks, respectively. This measure excludes any business generated through self-serve channels. Any delays in our sales cycles may increase the amount of time between when we incur the operating expenses related to these sales efforts and, upon successful sales, the generation of corresponding revenue. Further, we may incur additional selling and marketing expenses as we move up-market and shift our sales strategy to adapt not only to longer sales cycles but to the nature of a new sales motion associated with enterprise sales. As we seek to acquire these enterprise customers, we also anticipate that we will need to increase our sales and customer support capabilities. We may also be required to spend a significant amount of time and resources to train our sales and customer support teams for interfacing with enterprise customers, as well as educating our potential enterprise customers and familiarizing them with our platform. Additionally, these large organizations may have large data sets that require us to evaluate our existing data storage, collection and processing capabilities, and enhance the features and scalability of our platform. Enterprise customers may also view a subscription to our platform and products as a strategic decision with significant investment. As a result, these customers may require considerable time to evaluate, test, and qualify our platform prior to entering into or expanding a subscription. As we engage with enterprise customers, we may expend a greater amount of time and money on selling and marketing and contract negotiation activities, which may not result in a sale. Additional factors that may influence the length and variability of our sales cycle include:
•the effectiveness of our sales team as we hire and train our new salespeople to sell to large enterprise customers;
•the discretionary nature of purchasing, budget cycles, and decisions;
•the obstacles placed by customers’ procurement processes;
•economic conditions and other factors impacting customer budgets;
•customers’ familiarity with our products;
•customers’ evaluation of competing products during the purchasing process; and
•evolving customer demands.
In light of these factors, it is difficult to predict whether and when a sale will be completed, and if completed, the additional customer engagement and services we will need to provide for the duration of the agreement. Consequently, our efforts to expand up-market and enter into agreements with larger organizations may be difficult and could have a material adverse effect on our business, results of operations, and financial condition if we do not adapt our business to the needs of the enterprise customer base.
50
We have historically invested significantly in research and development and expect this investment to continue. If these investments do not translate into new products or enhancements to our current products or product features, or if we do not use those investments efficiently, our business, financial condition, and results of operations could be adversely affected.
For the years ended December 31, 2023 and 2022, and the three and nine months ended September 30, 2024, our research and development expenses were 37.6%, 22.0%, 23.7%, and 25.1% of our revenue, respectively. Research and development projects can be technically challenging and expensive, particularly as we work to expand both the channels through which we offer our products and the use cases for our products beyond marketing. In addition, our products have varying associated communication sending costs, and our research and development team may not be able to mitigate the impact of growth in any of those higher-cost channels, such as SMS, by maintaining efficiency. The nature of research and development cycles may cause us to experience delays between the time we incur expenses associated with research and development and the time we are able to offer compelling products and generate revenue, if any, from this investment. Additionally, anticipated customer demand for a product we are developing could decrease after the development cycle has commenced, and we would nonetheless be unable to avoid substantial costs associated with the development of any such product. If we expend a significant amount of resources on research and development and our efforts do not lead to the successful introduction or improvement of products that are competitive in our current or future markets or if we do not spend our research and development budget efficiently or effectively on compelling innovation and technologies, our competitive advantage may be adversely affected, which could materially adversely affect our business, financial condition, and results of operations.
If we fail to adapt and respond effectively to technological changes, evolving industry standards, changing regulations or changing customer or consumer needs, requirements or preferences, our platform may become less competitive.
The market in which we compete is relatively new and subject to rapid technological change, evolving industry standards, and changing regulations, as well as changing customer and consumer needs, requirements, and preferences, including changes in the use of channels through which consumers desire to communicate with brands. For example, while email marketing has been the primary product on our platform, our SMS offering is relatively new, and customers may prefer SMS or push marketing campaigns or campaigns using other new types of communication channels to email campaigns in the future. Further, as consumer preferences with respect to communication channels evolve, we may need to adapt to the varying margin profiles of these new technologies and address potential margin compression. The success of our business will depend, in part, on our ability to adapt and respond effectively to changes in customer and consumer preference on a timely basis in the markets that we currently serve, such as retail and eCommerce, and in markets we may enter in the future. Our ability to attract new customers and increase revenue from existing customers depends in large part on our ability to enhance and improve our platform and products, offer new features as part of our existing products, offer new products, and increase adoption and usage of our platform and products. For example, we expect that the number of integrations with our customers’ infrastructure that we will need to support will continue to expand as customers and developers adopt new software solutions, and we may have to develop new integrations to work with those new solutions. The success of any enhancements to our existing or new products depends on several factors, including timely completion, adequate quality testing, actual performance quality, market-accepted pricing levels, and overall market acceptance. Enhancements to our existing and new products that we develop may not be introduced in a timely or cost-effective manner, may contain errors or defects, may have interoperability difficulties with our platform or products, or may not achieve the broad market acceptance necessary to generate significant revenue. Further, the use of machine learning and artificial intelligence is becoming increasingly prevalent in our industry, and, although we intend to continue developing our platform’s machine learning and artificial intelligence capabilities to meet the needs of our customers and partners, we may be unable to accurately or efficiently integrate machine learning and artificial intelligence features or functionalities of the quality or type sought by our customers and partners or offered by our competitors. These development efforts may also require significant engineering, sales, and marketing resources, all of which could require significant capital and management investment. If we are unable to enhance our platform and product offerings to keep pace with rapid technological and regulatory change, or if new technologies, including machine learning and artificial intelligence solutions, emerge that are able to deliver competitive products at aggressive or alternative prices, more efficiently, more
51
conveniently or more securely than our platform, demand for our platform and product offerings may decline, and our business, financial condition, and results of operations may be adversely affected.
We depend on our senior management team, and the loss of one or more members of our senior management team or our key employees, or an inability to attract and retain highly skilled employees, could adversely affect our business.
Our success depends upon the continued service and contributions of our executive officers. We rely on our leadership team for research and development, marketing, sales, services, and general and administrative functions, and on mission-critical individual contributors. In particular, we depend on the vision, skills, experience, and effort of our co-founder and Chief Executive Officer, Andrew Bialecki. From time to time, our executive management team may change due to the hiring or departure of executives, which could disrupt our business. We do not maintain key person life insurance policies on any of our employees, so the loss of one or more of our executive officers or key employees (including any limitation on the performance of their duties or short-term or long-term absences as a result of illness or disability) could adversely affect our business.
Our future success also depends, in part, on our ability to continue to attract and retain highly skilled personnel. Competition for this type of personnel is intense, especially for experienced software engineers and senior sales executives. In addition, partially in response to the COVID-19 pandemic, we have a large, remote workforce, which adds to the complexity of our business operations. We expect to continue to experience difficulty in hiring and retaining employees with appropriate qualifications. Many of the companies with which we compete for experienced personnel have greater resources than we have. If we hire employees from competitors or other companies, their former employers may attempt to assert that these employees or we have breached legal obligations, resulting in a diversion of our time and resources.
Many of our key personnel are vested in a substantial amount of shares of our Series A common stock, restricted stock units, or stock options. Employees may be more likely to terminate their employment with us if the shares they own or the shares underlying their vested restricted stock units or options have significantly appreciated in value relative to the original purchase prices of the shares or the exercise price of the options or grant date values of the restricted stock units, or, conversely, if the exercise price of the options that they hold are significantly above the trading price of our Series A common stock. In addition, job candidates and existing employees often consider the value of the stock awards they receive in connection with their employment. If the perceived value of our stock awards declines, it may adversely affect our ability to recruit and retain highly skilled employees. If we fail to attract new personnel or fail to retain and motivate our current personnel, it could adversely affect our business and future growth prospects.
If we fail to maintain and enhance our brand, our ability to maintain or expand our customer base may be impaired and our business, financial condition, and results of operations could be adversely affected.
We believe that maintaining and enhancing our brand is important to support the marketing and sale of our existing and future products to new customers and expand sales of our platform and products to existing customers. We also believe that the importance of brand recognition will increase as competition in our market increases. Successfully maintaining and enhancing our brand will depend largely on our ability to carry out effective marketing efforts, provide reliable products that continue to meet the needs of our customers at competitive prices, maintain our customers’ trust, ensure the protection of our customers’ data, develop new functionality and use cases, and successfully differentiate our products and platform capabilities from the products of our competitors. Our brand promotion activities may not generate customer awareness or yield increased revenue and, even if they do, any increased revenue may not offset the expenses we incur in building our brand. If we fail to successfully promote and maintain our brand, the demand for our products may decline, and our business, results of operations, and financial condition may be adversely affected.
Doing business internationally exposes us to significant risks, and our future success depends in part on our ability to navigate the international business environment and drive the adoption of our products by international customers.
The future success of our business will depend, in part, on our ability to expand our customer base worldwide, and we are continuing to expand our international operations to increase our revenue from customers located outside of the United States as part of our growth strategy. For the three and nine months ended September 30, 2024, we derived 37.7% and
52
37.3% of our revenue, respectively, from customer accounts outside of the United States. We currently have offices in the United Kingdom and Australia, and we expect that we may in the future open additional offices internationally and hire employees to work at these offices in order to grow our business, reach new customers, and gain access to additional technical talent. Operating in international markets requires significant resources and management attention and will subject us to regulatory, economic, and political risks in addition to those we already face in the United States. Because of our limited experience with international operations as well as developing and managing sales in international markets, we may not succeed in marketing our products to potential customers internationally, as a result of which our international expansion efforts may not be successful, which could have a material adverse effect on our business, results of operations, and financial condition.
In addition, we will face risks in doing business internationally that could adversely affect our business, including:
•changes, which may be unexpected, in a specific country’s or region’s political, economic, or legal and regulatory environment, including pandemics, terrorist activities, tariffs, trade wars, or long-term environmental risks;
•the need to adapt and localize our platform for specific countries, and the costs associated with adapting and localizing our platform;
•longer payment cycles and greater difficulty enforcing contracts, collecting accounts receivable, or satisfying revenue recognition criteria, especially in emerging markets;
•differing and potentially more onerous labor regulations, especially in Europe, where labor laws are generally more advantageous to employees as compared to the United States, including deemed hourly wage and overtime regulations in these locations;
•challenges inherent in efficiently managing, and the increased costs associated with, an increased number of employees over large geographic distances, including the need to implement appropriate systems, policies, benefits, and compliance programs that are specific to each jurisdiction;
•difficulties in managing a business in new markets with diverse cultures, languages, customs, legal systems, alternative dispute systems, and regulatory systems;
•increased travel, real estate, infrastructure, and legal compliance costs associated with international operations;
•currency exchange rate fluctuations and the resulting effect on our revenue and expenses, and the cost and risk of entering into hedging transactions if we chose to do so in the future;
•laws and business practices favoring local competitors or general market preferences for local vendors or domestic products;
•limited or insufficient intellectual property protection or difficulties obtaining, maintaining, protecting, or enforcing our intellectual property rights, including our trademarks and patents;
•global health crises, such as COVID-19, that could decrease economic activity in certain markets, decrease use of our products, or decrease our ability to import, export, or sell our products to existing or new customers in international markets;
•exposure to liabilities under export control, economic and trade sanctions, anti-corruption, and anti-money laundering laws, including the Export Administration Regulations, the OFAC regulations, the U.S. Foreign Corrupt Practices Act of 1977, as amended (the “FCPA”), U.S. bribery laws, the U.K. Bribery Act 2010 (the “U.K. Bribery Act”), and similar laws and regulations in other jurisdictions;
•increased financial accounting and reporting burdens and complexities;
53
•differing technical standards, existing or future regulatory and certification requirements, and required features and functionality;
•burdens of complying with the foreign equivalents of the Telephone Consumer Protection Act (the “TCPA”), the Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003 (“CAN-SPAM”), and similar laws and regulations in other jurisdictions;
•burdens of complying with laws and regulations related to privacy and data security, including the European Union General Data Protection Regulation (the “EU GDPR”) and similar laws and regulations in other jurisdictions;
•burdens of complying with laws and regulations related to taxation; and
•adverse tax burdens, foreign exchange controls, and other regulations that could make it difficult to repatriate earnings and cash.
Our failure to manage any of these risks successfully could harm our international operations, and adversely affect our business, results of operations, and financial condition.
Our business and reputation could be adversely affected if our customers are not satisfied with the integration or implementation of our platform and products provided by us or our partners.
The success of our business depends on our customers’ satisfaction with our platform and our products and the support that we provide for our platform and products to help customers integrate and utilize our platform and products. If a customer is not satisfied with the quality of work performed by us or a third party or with the solutions delivered, we could incur additional costs to address the deficiency, which would diminish the profitability of the customer relationship. If we do not help our customers quickly resolve issues and provide effective ongoing support, our ability to sell new products to existing and new customers will suffer and our reputation with existing or potential customers will be harmed, even if the dissatisfaction resulted from services provided by a third-party partner. Further, customer dissatisfaction with our products or support services, or negative publicity related to our customer relationships, could impair our ability to expand the subscriptions within our customer base or adversely affect our customers’ renewal of existing subscriptions.
We may experience quarterly fluctuations in our results of operations due to a number of factors that make our future results difficult to predict, could cause the trading price of our Series A common stock to fluctuate, and could cause our results of operations to fall below analyst or investor expectations.
Our quarterly results of operations may fluctuate from quarter to quarter as a result of a number of factors, many of which are outside of our control. As a result, our past results may not be indicative of our future performance, and comparing our results of operations on a period-to-period basis may not be meaningful. For example, in the past we have seen an increase in demand for our platform and our products during the fourth quarter of each year and around Black Friday and Cyber Monday. Additionally, factors that may impact these fluctuations include, but are not limited to:
•demand for our platform and products by our customers;
•our success in retaining existing customers and attracting new customers;
•the timing and success of new capabilities by us or by our competitors or any other change in the competitive landscape of our market;
•the amount and timing of operating expenses and capital expenditures, as well as entry into operating leases, that we may incur to maintain and expand our business and operations and remain competitive;
•the timing of expenses and recognition of revenue;
•reduction in certain customers’ usage of our platform that is subject to seasonal fluctuations;
54
•security breaches, and technical difficulties involving our platform or interruptions or disruptions of our platform;
•adverse litigation judgments, other dispute-related settlement payments, or other litigation-related costs;
•changes in, and continuing uncertainty in relation to, the legislative or regulatory environment;
•the timing of hiring new employees;
•the rate of expansion and productivity of our sales force;
•the timing of the grant or vesting of equity awards to employees, directors, consultants, or advisors and the recognition of associated expenses;
•fluctuations in foreign currency exchange rates;
•costs and timing of expenses related to the acquisition of businesses, talent, technologies, or intellectual property, including potentially significant amortization costs and possible write-downs;
•the impact of tax charges as a result of non-compliance with federal, state, or local tax regulations in the United States;
•changes to generally accepted accounting standards in the United States;
•health pandemics, such as the COVID-19 pandemic, influenza, and other highly communicable diseases or viruses; and
•general economic conditions in either domestic or international markets, including conditions resulting from geopolitical uncertainty and instability.
Any one or more of the factors above may result in significant fluctuations in our quarterly results of operations.
The variability and unpredictability of our quarterly results of operations or other operating metrics could result in our failure to meet our expectations, or those of our investors or analysts that cover us. If we fail to meet or exceed such expectations for these or any other reasons, the trading price of our Series A common stock could fluctuate, and our business, financial condition, and results of operations could be adversely affected.
We rely upon a third-party provider of cloud-based infrastructure to host and sell our products. Any disruption in the operations of this provider or limitations on capacity or interference with our use could adversely affect our business, financial condition, and results of operations.
We outsource substantially all the infrastructure relating to our cloud-based platform to a third-party hosting provider. Our customers need to be able to access our platform at any time, without interruption or degradation of performance. Our products depend on protecting the virtual cloud infrastructure hosted by a third-party hosting provider by maintaining its configuration, architecture, features, and interconnection specifications, as well as the information stored in these virtual data centers, which is transmitted by a third-party internet service provider. Any limitation on the capacity or availability of our third-party hosting provider could impede our ability to onboard new customers or expand the usage of our existing customers, which could adversely affect our business, financial condition, and results of operations.
In the event that our service agreements with our third-party hosting provider are terminated or there is a lapse of service, elimination of services or features that we utilize, interruption of internet service provider connectivity or damage to such provider’s facilities, we could experience interruptions in access to our platform as well as significant delays and additional expense in arranging or creating new facilities and services and/or re-architecting our cloud solution for deployment on a different cloud infrastructure service provider, which would adversely affect our business, financial condition, and results of operations.
55
Our business depends on our ability to send consumer engagement messages, including emails, SMS, and mobile and web notifications, and any significant disruption in service with our third-party providers or on mobile operating systems could result in a loss of customers or less effective consumer-brand engagement, which could harm our business, financial condition, and results of operations.
Our brand, reputation, and ability to attract new customers depend on the reliable performance of our technology infrastructure and content delivery. Our platform engages with consumers through emails, SMS and push notifications, and we in large part depend on third-party services for delivery of such notifications. Any incident broadly affecting the interaction of third-party devices with our platform, including any delays or interruptions in these services that could cause delays to emails, SMS, or mobile and web notifications, could adversely affect our business. Similarly, cybersecurity events could result in a disruption to such third-party’s services, including regulatory investigations, reputational damage, and a loss of sales and customers, which could in turn impact our business. A prolonged disruption, cybersecurity event or any other negative event affecting a third-party service could lead to customer dissatisfaction and could in turn damage our reputation with current and potential customers, result in a breach under our agreements with our customers, and cause us to lose customers or otherwise harm our business, financial condition, and results of operations.
We depend in part on mobile operating systems and their respective infrastructures to send notifications through various applications that utilize our platform. As new email, mobile devices, and mobile and web platforms are released, existing email, mobile devices, and platforms may cease to support our platform or effectively roll out updates to our customers’ applications. Any changes in these systems or platforms that negatively impact the functionality of our platform could adversely affect our ability to interact with consumers in a timely and effective fashion, which could adversely affect our ability to retain and attract new customers. The parties that control the operating systems for mobile devices and mobile, web, and email platforms have no obligation to test the interoperability of new mobile devices or platforms with our platform, and third parties may produce new products that are incompatible with or not optimal for the operation of our platform. Additionally, in order to deliver high-quality consumer engagement, we need to ensure that our platform is designed to work effectively with a range of mobile technologies, systems, networks, and standards. If consumers choose to use products or platforms that do not support our platform, or if we do not ensure our platform can work effectively with such products or platforms, our business and growth could be harmed. We also may not be successful in developing or maintaining relationships with key participants in the email or mobile industries that permit such interoperability. If we are unable to adapt to changes in popular operating systems and platforms, we expect that our customer retention and customer growth would be adversely affected.
We rely heavily on the reliability, security, and performance of our software. If our software contains serious errors or defects, or we have difficulty maintaining our software, we may lose revenue and market acceptance and may incur costs to defend or settle claims with our customers.
The reliability and continuous availability of our platform is critical to our business. However, software and products in our industry often contain errors, defects, security vulnerabilities or software bugs that are difficult to detect and correct, particularly when first introduced or when new versions or enhancements are released. Our platform may contain serious errors or real or perceived defects, security vulnerabilities, failures or software bugs that we may be unable to successfully correct in a timely manner or at all, which could result in lost revenue, significant expenditures of capital, a delay or loss in market acceptance of our platform, negative publicity, loss of competitive position, lower customer retention or claims by customers for losses sustained by them and damage to our reputation and brand, any of which could have an adverse effect on our business, financial condition, and results of operations. In such an event, we may be required, or may choose, to expend additional resources in order to help correct the problem(s). In addition, we may not carry insurance sufficient to compensate us for any losses that may result from claims arising from defects or disruptions in our products.
Furthermore, our platform is a cloud-based solution that allows us to deploy new versions and enhancements to all of our customers simultaneously. As a result of any of these events, our reputation and our brand could be harmed, and our business, results of operations, and financial condition may be adversely affected.
56
Any failure to offer high-quality technical support services may harm our relationships with our customers, our brand, and our results of operations.
Once our products are deployed, our customers depend on our support organization to resolve technical issues relating to our products. We may be unable to respond quickly enough to accommodate short-term increases in customer demand for support services. We may also be unable to modify the format of our support services to compete with changes in support services provided by our competitors. Increased customer demand for these services could increase costs and harm our results of operations. In addition, our sales process is highly dependent on the quality of our products, the reputation of our business, the positive recommendations from our existing customers and through word-of-mouth generally. Any failure to maintain high-quality technical support, or a perception by our customers and others that we do not maintain high-quality support, could harm our reputation and our ability to sell our products to existing and prospective customers, and as a result, could adversely affect our business, results of operations, and financial condition.
If we are unable to maintain our culture and core values as we grow, we could lose the innovation, teamwork, passion, and focus on execution that we believe contribute to our success, and our business may be harmed.
We believe our culture and core values are critical to our success and have delivered tangible financial and operational benefits to our customers, employees, and stockholders. Our values impact everything we do in our organization, and we have designed our core values as a guiding set of principles for our employees and business. Accordingly, we have invested substantial time and resources in building a team that reflects our culture and core values. As we continue to grow and develop our infrastructure as a public company, our operations are likely to become increasingly complex, and we may find it difficult to maintain these important aspects of our culture and core values. Any failure to manage our anticipated growth and organizational changes in a manner that preserves the key aspects of our culture and core values could hurt our ability to recruit and retain personnel and effectively focus on and pursue our corporate objectives. In addition, the growth of our remote workforce may impact our ability to preserve our culture and core values. Any failure to preserve our culture or core values could negatively affect our future success, including our ability to retain and recruit personnel, and effectively focus on and pursue our corporate objectives.
Our inability to streamline operations and improve cost efficiencies could result in the contraction of our business and the implementation of additional significant cost cutting measures. Our restructuring and reorganization activities may also be disruptive to our operations.
We have previously undertaken efforts to streamline our operations and improve cost efficiencies to align with our priorities, and in March 2023 we announced a reduction-in-force affecting approximately 8% of our global workforce. We may not realize, in full or in part, the anticipated benefits, such as operational improvements and savings, from these efforts due to unforeseen difficulties, delays or unexpected costs. If there are unforeseen expenses associated with these efforts and we incur unanticipated charges or liabilities, or if we are unable to realize the expected operational efficiencies and cost savings, our business, results of operations, and financial condition could be adversely affected.
Furthermore, our workforce reductions may be disruptive to our operations. For example, our workforce reductions could yield unanticipated consequences, such as attrition beyond planned staff reductions, increased difficulties in our day-to-day operations and reduced employee morale or productivity. We may also discover that the reductions in workforce and cost cutting measures will make it difficult for us to pursue new opportunities and initiatives and require us to hire qualified replacement personnel, which may require us to incur additional and unanticipated costs and expenses.
We may take similar steps in the future as we seek to realize operating synergies, optimize our operations to achieve our target operating model and profitability objectives, respond to market forces or better reflect changes in the strategic direction of our business. Our failure to successfully accomplish any of the above activities and goals could adversely affect our business, results of operations, and financial condition.
57
Changes in financial accounting standards or practices may cause adverse, unexpected financial reporting fluctuations and affect our results of operations.
Accounting principles generally accepted in the United States (“GAAP”) and related accounting pronouncements, implementation guidelines, and interpretations we apply to a wide range of matters that are or could be relevant to our business, such as accounting for long-lived asset impairment, goodwill, variable interest entities, and stock-based compensation, are complex and involve subjective assumptions, estimates, and judgments by our management. Changes in these rules or their interpretation or changes in underlying assumptions, estimates or judgements by our management could significantly change or add significant volatility to our reported or expected financial performance. New accounting pronouncements and varying interpretations of accounting pronouncements have occurred in the past, and may occur in the future. Changes to existing rules or the questioning of current practices may adversely affect our reported financial results or the way we conduct our business. In addition, if we were to change our critical accounting estimates, including those related to the recognition of subscription revenue and other revenue sources or the period of benefit for deferred contract acquisition costs, our results of operations could be significantly affected. For more information, see Note 2. Summary of Significant Accounting Polices in the notes to our condensed consolidated financial statements included elsewhere in this Quarterly Report on Form 10-Q.
If our judgments or estimates relating to our critical accounting estimates are based on assumptions that change or prove to be incorrect, our results of operations could fall below expectations of securities analysts and investors, resulting in a decline of the trading price of our Series A common stock.
The preparation of our financial statements in conformity with GAAP requires management to make judgments, estimates, and assumptions that affect the amounts reported in our consolidated financial statements and accompanying notes. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, the results of which form the basis for making judgments about the carrying values of assets, liabilities, and equity, and the amount of revenue and expenses that are not readily apparent from other sources. Our results of operations may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our results of operations to fall below the expectations of securities analysts and investors, resulting in a decline in the trading price of our Series A common stock. Significant judgments, estimates, and assumptions used in preparing our consolidated financial statements include, or may in the future include, those related to revenue recognition, stock-based compensation expense, business combinations, and tax sharing liability.
We track certain operational metrics, which are subject to inherent challenges in measurement, and real or perceived inaccuracies in such metrics may harm our reputation and materially adversely affect our stock price, business, results of operations, and financial condition.
We track certain operational metrics, including metrics such as KAV and NRR, which may differ from estimates or similar metrics published by third parties due to differences in sources, methodologies, or the assumptions on which we rely. Our internal systems and tools are subject to a number of limitations, and our methodologies for tracking these metrics may change over time, which could result in unexpected changes to our metrics, including the metrics we publicly disclose. If the internal systems and tools we use to track these metrics undercount or overcount performance or contain algorithmic or other technical errors, the data we report may not be accurate.
Limitations or errors with respect to how we measure data or with respect to the data that we measure may affect our understanding of certain details of our business, which could affect our long-term strategies. If our operational metrics are not accurate representations of our business, or if investors do not perceive these metrics to be accurate, or if we discover material inaccuracies with respect to these figures, our reputation may be significantly harmed, our stock price could decline, we may be subject to stockholder litigation, and our business, results of operations, and financial condition could be materially adversely affected.
58
If we fail to maintain an effective system of disclosure controls and internal control over financial reporting, our ability to produce timely and accurate financial statements or comply with applicable regulations could be impaired.
As a public company, we are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act, and the rules and regulations of the applicable listing standards of the New York Stock Exchange. We expect that the requirements of these rules and regulations will continue to increase our legal, accounting, and financial compliance costs, make some activities more difficult, time-consuming, and costly, and place significant strain on our personnel, systems, and resources.
The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and effective internal control over financial reporting. We are continuing to develop and refine our disclosure controls and other procedures that are designed to ensure that information required to be disclosed by us in the reports that we will file with the SEC is recorded, processed, summarized, and reported within the time periods specified in SEC rules and forms and that information required to be disclosed in reports under the Exchange Act is accumulated and communicated to our principal executive and financial officers. We are also continuing to improve our internal control over financial reporting. In order to maintain and improve the effectiveness of our disclosure controls and procedures and internal control over financial reporting, we have expended, and anticipate that we will continue to expend, significant resources, including accounting-related costs and significant management oversight.
Our current controls and any new controls that we develop may become inadequate because of changes in conditions in our business. Further, weaknesses in our disclosure controls and internal control over financial reporting have been discovered in the past and may be discovered in the future. Any failure to develop or maintain effective controls or any difficulties encountered in their implementation or improvement could harm our results of operations or cause us to fail to meet our reporting obligations and may result in a restatement of our financial statements for prior periods. Any failure to implement and maintain effective internal control over financial reporting also could adversely affect the results of periodic management evaluations and annual independent registered public accounting firm attestation reports regarding the effectiveness of our internal control over financial reporting that we will eventually be required to include in our periodic reports that will be filed with the SEC. Ineffective disclosure controls and procedures and internal control over financial reporting could also cause investors to lose confidence in our reported financial and other information, which would likely have a negative effect on the trading price of our Series A common stock. In addition, if we are unable to continue to meet these requirements, we may not be able to remain listed on the New York Stock Exchange. We are not currently required to comply with the SEC rules that implement Section 404 of the Sarbanes-Oxley Act and are therefore not required to make a formal assessment of the effectiveness of our internal control over financial reporting for that purpose. As a public company, we are required to provide an annual management report on the effectiveness of our internal control over financial reporting commencing with our second Annual Report on Form 10-K.
Our independent registered public accounting firm is not required to formally attest to the effectiveness of our internal control over financial reporting until after we are no longer an “emerging growth company” as defined in the JOBS Act. At such time, our independent registered public accounting firm may issue a report that is adverse in the event it is not satisfied with the level at which our internal control over financial reporting is documented, designed, or operating. Any failure to maintain effective disclosure controls and internal control over financial reporting could have a material and adverse effect on our business, results of operations, and financial condition, and could cause a decline in the trading price of our Series A common stock.
We face exposure to foreign currency exchange rate fluctuations, and such fluctuations could adversely affect our business, results of operations, and financial condition.
Our results of operations and cash flows are subject to fluctuations due to changes in foreign currency exchange rates. As our international operations expand, our exposure to the effects of fluctuations in currency exchange rates will increase. We expect to expand the number of transactions with customers that are denominated in foreign currencies in the future as we continue to expand our business internationally. Accordingly, changes in the value of foreign currencies relative to the U.S. dollar can affect our results of operations due to transactional and translational remeasurements. As a result of these
59
foreign currency exchange rate fluctuations, it could be more difficult to detect underlying trends in our business and results of operations.
Changes in tax law could adversely affect our business, financial condition, and results of operations.
The rules governing U.S. federal, state, and local and non-U.S. taxation are constantly under review by persons involved in the legislative process, the Internal Revenue Service, the U.S. Treasury Department, and other taxing authorities. Changes to tax laws or tax rulings, or changes in interpretations of existing laws (which changes may have retroactive application), could adversely affect us or holders of our Series A common stock. These changes could subject us to additional income-based taxes and non-income taxes (such as payroll, sales, use, value-added, digital tax, net worth, property, and goods and services taxes), which in turn could materially affect our financial position and results of operations.
Additionally, new, changed, modified, or newly interpreted or applied tax laws could increase our customers’ and our compliance, operating, and other costs, as well as the costs of our products. In recent years, many such changes have been made, and changes are likely to continue to occur in the future. For example, under Section 174 of the Internal Revenue Code as amended (the “Code”), in taxable years beginning after December 31, 2021, expenses that are incurred for research and development in the U.S. are required to be capitalized and amortized, which may have an adverse effect on our cash flow.
Furthermore, as we expand the scale of our business activities, any changes in the U.S. and non-U.S. taxation of such activities may increase our effective tax rate and harm our business, financial condition, and results of operations. For example, many countries are actively considering or have proposed or enacted changes to their tax laws based on the model rules adopted by The Organization for Economic Cooperation and Development defining a 15% global minimum tax (commonly referred to as Pillar Two) that could increase our tax obligations in countries where we do business or cause us to change the way we operate our business.
Our international operations and structure subject us to potentially adverse tax consequences.
We currently conduct our operations in the United Kingdom and Australia through subsidiaries. Our intercompany arrangements with those subsidiaries are subject to complex transfer pricing regulations administered by taxing authorities in those jurisdictions, and these taxing authorities may challenge our methodologies for our determinations as to the value of assets sold or acquired or income and expenses attributable to specific jurisdictions. In addition, our tax expense could be affected depending on the applicability of withholding and other taxes (including withholding and indirect taxes on software licenses and related intercompany transactions) under the United Kingdom and Australian laws. The relevant revenue and taxing authorities may also disagree with positions we have taken generally. If any such disagreements were to occur (whether with the taxing authorities in jurisdictions where we currently do business or in those of jurisdictions where we may in the future operate) and our position were not sustained, we could be required to pay additional taxes, interest, and penalties, which could result in one-time tax charges, higher effective tax rates, reduced cash flows, and lower overall profitability of our operations.
Our ability to use net operating loss carryforwards to offset future taxable income for U.S. federal tax purposes is subject to limitation and risk that could further limit our ability to utilize our net operating losses.
As of December 31, 2023, we had approximately $349.2 million of federal net operating losses (“NOLs”), which have an indefinite life. As of December 31, 2023, we had approximately $245.1 million of state NOLs. State NOLs have a definite life, with various expiration dates beginning in 2027. Under current law, federal NOLs generated in taxable years beginning after December 31, 2017, may be carried forward indefinitely, but the deductibility of such federal NOLs is limited to 80% of our taxable income annually for tax years beginning after December 31, 2020. NOLs generated prior to December 31, 2017, however, have a 20-year carryforward period, but are not subject to the 80% limitation.
Under U.S. federal income tax law, a corporation’s ability to utilize its NOLs to offset future taxable income may be significantly limited if it experiences an “ownership change” as defined in Section 382 of the Code. In general, an
60
ownership change will occur if there is a cumulative change in a corporation’s ownership by “5 percent shareholders” that exceeds 50 percentage points over a rolling three-year period, including changes in ownership arising from new issuances of stock. Similar rules may apply under state tax laws. Our ability to use net operating loss to reduce future taxable income and liabilities may be subject to annual limitations as a result of ownership changes that may occur in the future. A corporation that experiences an ownership change will generally be subject to an annual limitation on the use of its pre-ownership change NOLs equal to the value of the corporation immediately before the ownership change, multiplied by the long-term tax-exempt rate (subject to certain adjustments). Furthermore, our ability to utilize NOLs of companies that we have acquired or may acquire in the future may be subject to similar limitations. There is also a risk that due to regulatory changes, such as suspensions on the use of NOLs by federal or state taxing authorities or other unforeseen reasons, our existing NOLs could expire or otherwise be unavailable to reduce future income tax liabilities. For these reasons, we may not be able to utilize a material portion of the NOLs reflected on our balance sheet, even if we attain profitability, which could potentially result in increased future tax liability to us and could adversely affect our business, results of operations, and financial condition.
We may require additional capital to support the growth of our business, and this capital might not be available on acceptable terms, if at all.
We have funded our operations since inception primarily through equity financings and cash generated from our operations through sales of subscriptions to our platform. We cannot be certain when, or if, our operations will generate sufficient cash to fully fund our ongoing operations or the growth of our business. We intend to continue to make investments to support our business and our growth, and may require additional funds to respond to future business challenges, including the need to develop new features or enhance our platform, improve our operating infrastructure, or acquire complementary businesses and technologies. Accordingly, we may need to engage in equity or debt financings to secure additional funds. If we incur debt, the debt holders would have rights senior to holders of our Series A common stock to make claims on our assets, and the terms of any debt could include restrictive covenants relating to our capital raising activities and other financial and operational matters, any of which may make it more difficult for us to obtain additional capital and to pursue business opportunities. Furthermore, if we issue equity or equity-linked securities, our existing stockholders could experience dilution, and new equity securities we issue could have rights, preferences, and privileges senior to those of our Series A common stock. As a result, our stockholders bear the risk of future issuances of debt or equity securities reducing the value of our Series A common stock and diluting their interests. Additional financing may not be available on terms favorable to us, if at all. If adequate funds are not available on acceptable terms, we may be unable to invest in future growth opportunities, which could harm our business, financial condition, and results of operations.
Partnerships, strategic investments, alliances or acquisitions could be difficult to identify, pose integration challenges, divert the attention of management, disrupt our business, dilute stockholder value, and adversely affect our business, financial condition, and results of operations.
We have in the past and may in the future seek to enter into joint ventures, or acquire or invest in new businesses, products, platform capabilities or technologies that we believe could complement our products or expand our platform capabilities, enhance our technical capabilities, or otherwise offer growth opportunities. For example, in October 2022, we acquired Napkin.io, a platform that provides developers an easy and secure way to write and deploy code. We may not be able to find and identify desirable joint ventures, acquisition targets or business opportunities or be successful in entering into an agreement with any particular potential strategic partner. Additionally, any such venture, acquisition or investment may divert the attention of management and cause us to incur various expenses in identifying, investigating, and pursuing suitable opportunities, whether or not the transactions are completed, and may result in unforeseen operating difficulties and expenditures. In particular, we may encounter difficulties assimilating or integrating the businesses, technologies, products and platform capabilities, personnel or operations of any acquired companies, particularly if the key personnel of an acquired company choose not to work for us, their software is not easily adapted to work with our platform or our products, or if we have difficulty retaining the customers of any acquired business due to changes in ownership, management or otherwise. These transactions may also disrupt our business, divert our resources, and require significant
61
management attention that would otherwise be available for the development of our existing business. Any such transactions that we are able to complete may not result in any synergies or other benefits we had expected to achieve, which could result in impairment charges that could be substantial. These transactions could also result in dilutive issuances of equity securities or the incurrence of debt, which could adversely affect our business, financial condition, and results of operations. In addition, if the resulting business from such a transaction fails to meet our expectations, our business, financial condition, and results of operations may be adversely affected, or we may be exposed to unknown risks or liabilities.
Any future litigation against us could be costly and time-consuming to defend.
We may from time to time become subject to litigation and legal proceedings and claims that arise in the ordinary course of business, such as claims brought by our customers in connection with commercial disputes or employment claims made by our current or former employees. Litigation might result in substantial costs and may divert management’s attention and resources, which might seriously harm our business, financial condition, and results of operations. We evaluate these litigation claims and legal proceedings to assess the likelihood of unfavorable outcomes and to estimate, if possible, the amount of potential losses. Based on these assessments and estimates, we may establish reserves and/or disclose the relevant litigation claims or legal proceedings, as and when required or appropriate. These assessments and estimates are based on information available to management at the time of such assessment or estimation and involve a significant amount of judgment. As a result, actual outcomes or losses could differ materially from those envisioned by our current assessments and estimates. In addition, insurance might not cover those claims, provide sufficient payments to cover all the costs to resolve one or more such claims or continue to be available on terms acceptable to us. A claim brought against us that is uninsured or underinsured could result in unanticipated costs, and our business, financial condition, and results of operations may be adversely affected.
Additionally, members of our board or management team who have had experience as board members, officers, executives or employees of other companies have been, are currently, or may become, involved in litigation, investigations or other proceedings, including related to those companies or otherwise. The defense or prosecution of these matters could be time-consuming, and the potential outcomes of such actions may negatively affect our reputation.
We agree to indemnify customers and other third parties pursuant to various contractual arrangements we enter into in the course of business, which exposes us to substantial potential liability.
The contracts that we enter into with our customers and various other third parties may include indemnification or other provisions under which we agree to indemnify or otherwise be liable to those parties for losses arising from alleged infringement, misappropriation, or other violation of intellectual property rights, data protection violations, breaches of representations and warranties, damage to property or persons, or other liabilities arising from our platform, technology, or obligations under such contracts. An event triggering our indemnity obligations could give rise to multiple claims involving multiple customers or other third parties. These claims may require us to initiate or defend protracted and costly litigation on behalf of our customers and other third parties, regardless of the merits of these claims. We may not have adequate or any insurance coverage and may be liable for up to the full amount of the indemnified claims. Even where the terms of our contractual arrangements with our customers do not require us to indemnify our customers, we may agree to indemnify or support our customers and various other third parties in connection with litigation involving our products. The foregoing could result in substantial liability or material disruption to our business or could negatively impact our relationships with customers or other third parties, reduce demand for our products, and materially adversely affect our business, results of operations, and financial condition.
We are subject to anti-corruption, anti-bribery, and similar laws, and non-compliance with these laws can subject us to criminal penalties or significant fines and adversely affect our business and reputation.
We are subject to anti-corruption and anti-bribery and similar laws, such as the FCPA, the U.S. domestic bribery statute contained in 18 U.S.C. § 201, the U.S. Travel Act, the USA PATRIOT Act, the U.K. Bribery Act, and other anti-corruption, anti-bribery, and anti-money laundering laws in countries where we conduct activities. Anti-corruption and
62
anti-bribery laws have been interpreted broadly and enforced aggressively in recent years, and prohibit companies and their employees and agents from promising, authorizing, making, or offering improper payments or other benefits to government officials and others in the private sector to influence official action, direct business to any person, gain any improper advantage, or obtain or retain business. As we increase our international sales and business, our risks under these laws may increase.
In addition, in the future we may use third parties to conduct business on our behalf abroad. We or such future third-party intermediaries may have direct or indirect interactions with officials and employees of government agencies or state-owned or affiliated entities, and we can be held liable for the corrupt or other illegal activities of such future third-party intermediaries and our employees, representatives, contractors, partners, and agents, even if we do not explicitly authorize such activities. We have implemented an anti-corruption compliance program but cannot assure you that all our employees and agents, as well as those companies we outsource certain of our business operations to, will not take actions in violation of our policies and applicable law, for which we may be ultimately held responsible. Any violation of the FCPA, other applicable anti-corruption laws, or anti-money laundering laws could result in whistleblower complaints, adverse media coverage, investigations, prosecutions, loss of export privileges, suspension or debarment from U.S. government contracts, substantial diversion of management’s attention, significant legal fees and fines, settlements, damages, severe criminal or civil sanctions, penalties or injunctions against us, our officers or our employees, disgorgement of profits, and other sanctions, enforcement actions and remedial measures, and prohibitions on the conduct of our business, any of which could have a materially adverse effect on our reputation, business, trading price, results of operations, financial condition, and prospects.
The effects of a pandemic, epidemic, outbreak of an infectious disease or public health crises, such as the COVID-19 pandemic, may materially affect how we and our partners and customers are operating our businesses, and the duration and extent of these kinds of events may impact our future results of operations and overall financial performance.
Our business could be adversely affected by health crises in regions where we operate or otherwise do business. For example, the policies and regulations implemented in response to the outbreak of the novel coronavirus disease (“COVID-19”) have had a significant impact, both directly and indirectly, on businesses and commerce. Other global health concerns could also result in social, economic, and labor instability in the countries in which we or the third parties with whom we engage operate. As recently seen in our industry, the conditions caused by the COVID-19 pandemic and its aftermath as well as macroeconomic conditions have caused diminished liquidity and credit availability, declines in consumer confidence, declines in economic growth, increases in unemployment rates, and uncertainty about economic stability, and any future health crisis may have a similar impact.
Our operations have in the past been negatively affected by a range of external factors related to the effects of the COVID-19 pandemic that are not within our control. The ultimate extent of the impact of the pandemic, including as a result of possible subsequent outbreaks of COVID-19 or of new variants thereof and measures taken in response will depend on future developments, which remain uncertain and cannot be predicted. We may also be negatively affected by a future pandemic, epidemic, outbreak of an infectious disease or public health crisis. In the past, many cities, counties, states, and even countries have imposed or may impose a wide range of restrictions on the physical movement of our employees, partners, and customers to limit the spread of COVID-19, including physical distancing, travel bans and restrictions, closure of non-essential business, quarantines, work-from-home directives, and shelter-in-place orders. These measures have previously caused, and may cause in the future, business slowdowns or shutdowns in affected areas, both regionally and worldwide. If the COVID-19 pandemic or other global health crisis has a substantial impact on the productivity of our employees and partners, or a continued substantial impact on the ability of our employees to execute responsibilities, or a continued and substantial impact on the ability of our customers to subscribe to our platform or purchase our products, our results of operations, and overall financial performance may be harmed.
To the extent the COVID-19 pandemic or a future pandemic, epidemic, outbreak of an infectious disease or public health crisis adversely affects our business and financial results, it may also have the effect of heightening many of the other risks described herein.
63
Risks Relating to Privacy, Data Security, and Data Protection Laws
We collect, process, store, share, disclose, and use personal information and other data, which subjects us to legal obligations related to privacy and security, and our actual or perceived failure to comply with these obligations could harm our business.
We collect, process, store, share, disclose, and use information from and about individuals, including our customers, their customers and users, including personal information, and other data. As a result, we are subject to a number of different legal requirements applicable to privacy. There are numerous laws around the world regarding privacy and security, including laws regarding the collection, processing, storage, sharing, disclosure, use and security of personal information, and other data from and about our customers, respondents, and users. The scope of these laws is changing, subject to differing interpretations and governmental agency enforcement priorities, may be costly to comply with, and may be inconsistent among countries and jurisdictions or conflict with other rules.
We are also subject to contractual obligations regarding the processing of personal information and must comply with our own privacy and security policies. Additionally, if third parties we work with, such as customers, partners, vendors or developers, violate applicable laws, our policies or other privacy or security-related obligations, these violations may also put our users’ information at risk and could in turn have an adverse effect on our business. In the provision of our services to our customers, we generally act as a “processor” or “service provider” (as such terms are understood under applicable privacy and data protection laws) for our customers, and we rely on our sub-processors to be compliant with applicable law. However, we cannot be certain that all customers will materially comply with their obligations as “controllers” or “businesses” under applicable privacy and data protection law. As “processors” or “service providers” we may be contractually liable to our customers if we fail to meet the terms of our data processing agreements. In addition, we may be subject to investigation or administrative fines from supervisory authorities or subject to individual claims that we failed to comply with the requirements of applicable privacy and data protection law or that we acted without or against the data controller’s lawful instructions. While we generally act as a “processor” or “service provider” in connection with our provision of services to our customers, we also act as “controller” or “business” in certain instances (such as, for instance, in connection with our processing of data concerning our own employees and contractors, the employees and representatives of our customers and in connection with our direct marketing activities). In connection with our activities undertaken in connection with our role as a “controller” or “business,” we are subject to more onerous obligations, the violation of which could cause us to be subject to fines, penalties, judgments, and other losses.
We strive to comply with applicable laws, policies, and legal obligations relating to privacy and data protection and are subject to the terms of our privacy policies and privacy-related obligations to third parties. However, these obligations may be interpreted and applied in new ways and/or in a manner that is inconsistent from one jurisdiction to another and may conflict with other rules or our practices. If we are unable to comply with law, policy or contractual obligations related to privacy and/or the processing of any personal information, we may be subject to lawsuits or governmental investigations, each of which could result in fines, penalties, settlements, judgments or other losses. Any failure or perceived failure by us to comply with our privacy-related policies and/or obligations to customers, respondents, users or other third parties, our data disclosure and consent obligations or our privacy or security-related legal obligations, or any compromise of security that results in the unauthorized disclosure, transfer or use of personal or other information, which may include personally identifiable information or other data, may result in governmental enforcement actions, litigation or public statements critical of us by consumer advocacy groups, competitors, the media or others and could cause our users to lose trust in us, which could have an adverse effect on our business.
If our security measures are breached or compromised or there is otherwise unauthorized disclosure of or access to customer data, our data, or our platform, our platform may be perceived as insecure, we may lose customers or fail to attract new customers, our reputation and brand may be harmed, and we may incur significant liabilities.
Use of our platform involves the storage, transmission, and processing of our customers’ proprietary data, including personal or identifying information of their customers or employees. Unauthorized disclosure of or access to or cybersecurity incidents, breaches or compromises of our platform could result in the loss of data, loss of business, severe
64
reputational damage adversely affecting customer or investor confidence, damage to our brand, diversion of management’s attention, regulatory investigations and orders, litigation, indemnity obligations, damages for contract breach, penalties for violation of applicable laws or regulations, including regulatory fines, and significant costs for remediation that may include liability for stolen assets or information and repair of system damage that may have been caused, incentives offered to customers or other business partners in an effort to maintain business relationships after a breach, and other liabilities. We have incurred and expect to continue to incur significant expenses to prevent cybersecurity incidents, breaches and other compromises, including deploying additional personnel and protection technologies, training employees, and engaging third-party experts and consultants. Even though we do not control the security measures of third parties who may have access to our customer data, our data, or our platform, we may be responsible for any breach of such measures or suffer reputational harm even where we do not have recourse to the third party that caused the breach. In addition, any failure by our vendors to comply with applicable law or regulations could result in proceedings against us by governmental entities or others.
Cyberattacks, denial-of-service attacks, ransomware attacks, business email compromises, computer malware, viruses, and social engineering (including phishing) are prevalent in our industry and our customers’ industries. In addition, we may experience attacks, unavailable systems, unauthorized access to systems or data or disclosure due to employee theft or misuse, denial-of-service attacks, sophisticated nation-state and nation-state supported actors, and advanced persistent threat intrusions. Electronic security attacks designed to gain access to personal, sensitive, or confidential data are constantly evolving, and such attacks continue to grow in sophistication. While we believe we have taken reasonable steps to protect our data, the techniques used to sabotage or to obtain unauthorized access to our platform, systems, networks, or physical facilities in which data is stored or through which data is transmitted change frequently, and we may be unable to implement adequate preventative measures or stop security breaches or compromises while they are occurring. We have previously been, and may in the future become, the target and victim of cyberattacks by third parties seeking unauthorized access to our or our customers’ data or to disrupt our operations or ability to sell our products. Specifically, in November 2019, we experienced an incident whereby an unauthorized third party manipulated a public-facing URL and accessed certain information, including email addresses, regarding a subset of platform users. In July 2022, we were the victim of an attack whereby an unauthorized third party compromised an employee’s credentials and gained access to our internal systems, including email as well as some of our internal support tools, and, as a result, accessed certain information, including name, email address, and phone number, for a subset of our customers. Additionally, in October 2024, an unauthorized third party gained access to company source code, as well as other system and application credentials.
We have contractual and legal obligations to notify relevant stakeholders of security breaches. Most jurisdictions have enacted laws requiring companies to notify individuals, regulatory authorities, and others of security incidents or data breaches involving certain types of data. In addition, our agreements with certain customers may require us to notify them in the event of a cybersecurity incident or compromise or data breach. Such mandatory disclosures are costly, could lead to negative publicity, may cause our customers to lose confidence in the effectiveness of our security measures, and require us to expend significant capital and other resources to respond to or alleviate problems caused by the actual or perceived security incident or data breach and otherwise comply with the multitude of foreign, federal, state, and local laws and regulations relating to the unauthorized access to, or use or disclosure of, personal information.
Additionally, as a result of a breach, compromise or other security incident, we could be subject to demands, claims, and litigation by private parties and investigations, related actions, and penalties by regulatory authorities.
If we or our third-party service providers experience a cybersecurity incident or breach or unauthorized parties otherwise obtain access to our customers’ data, our data, or our platform, our platform or our products may be perceived as not being secure, our reputation may be harmed, demand for our platform and products may be reduced, and we may incur significant liabilities.
Operating our business and platform involves the collection, processing, storage, and transmission of sensitive, regulated, proprietary and confidential information, including personal information of our customers, their users, and our personnel and our and our customers’ proprietary and confidential information. Security incidents compromising the confidentiality, integrity and availability of this information and our systems have occurred in the past and in the future
65
could result from cyberattacks, computer malware, viruses, social engineering (including phishing and ransomware attacks), credential stuffing, efforts by individuals or groups of hackers and sophisticated organizations (including state-sponsored and criminal organizations), errors or malfeasance of our personnel or our third-party service providers and security vulnerabilities in the software or systems on which we rely. Such incidents have occurred in the past and may occur in the future, resulting in unauthorized access to, inability to access, disclosure of, or loss of our or our customers’ information or our inability to sell our products.
We also rely on third-party service providers and technologies to operate critical business systems to process confidential and personal information in a variety of contexts, including, without limitation, encryption and authentication technology, employee email, content delivery to customers, back-office support, and other functions. Our ability to monitor these third parties’ cybersecurity practices is limited.
These third-party providers and technologies may not have adequate measures in place, and could experience or cause a cybersecurity incident or breach that compromises the confidentiality, integrity or availability of the systems or technologies they provide to us or the information they process on our behalf.
While we have taken steps designed to protect the proprietary, regulated, sensitive, confidential, and personal information in our control, our cybersecurity measures or those of the third parties on which we rely may not be effective against current or future security risks and threats. Cybercrime and hacking techniques are constantly evolving and a challenge of the modern global economy, and we or our third-party service providers may be unable to anticipate threats, detect or react in a timely manner, or implement adequate preventative measures, particularly given increasing use of hacking techniques designed to circumvent controls, avoid detection, and remove or obfuscate forensic artifacts. Moreover, we or our third-party service providers may be more vulnerable to such attacks in remote work environments.
If we or our third-party service providers suffer, or are perceived to have suffered, a cybersecurity breach or other cybersecurity incident, we may experience a loss of customer confidence in the security of our platform and damage to our brand, reduced demand for our products and disruption of normal business operations. Such a circumstance may also require us to spend material resources to investigate, remediate or correct the issue and prevent recurrence, notify regulators, and affected customers and individuals, expose us to legal liabilities, including litigation, regulatory enforcement, indemnity obligations, fines, and penalties, and adversely affect our business, financial condition, and results of operations. These risks are likely to increase as we continue to grow and process, store, and transmit increasingly large amounts of data.
Additionally, we cannot be certain that our insurance coverage will be adequate for data security liabilities actually incurred, will cover any indemnification claims against us relating to any incident or will continue to be available to us on economically reasonable terms, or at all, or that any insurer will not deny coverage as to any future claim. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could adversely affect our reputation, business, financial condition, and results of operations.
A security breach or compromise may cause us to breach customer contracts. Our agreements with certain customers may require us to use industry-standard or reasonable measures to safeguard personal information or confidential information. A security breach or compromise could lead to claims by our customers, their end-users, or other relevant stakeholders that we have failed to comply with such legal or contractual obligations. As a result, we could be subject to legal action or our customers could end their relationships with us.
Because data security is a critical competitive factor in our industry, we make numerous statements in our customer contracts, privacy policies, terms of service, and marketing materials, providing assurances about the security of our platform including detailed descriptions of security measures we employ. Should any of these statements be untrue or become untrue, even in circumstances beyond our reasonable control, we may face claims of misrepresentation or deceptiveness by the FTC, state, federal, and foreign regulators, and private litigants.
66
We enter into agreements with our customers regarding our collection, processing, use, and disclosure of personal information in relation to the products we sell to them. Although we endeavor to comply with these agreements, we may at times fail to do so or may be perceived to have failed to do so, including due to the errors or omissions of our personnel and third-party service providers. If we fail to detect or remediate a security breach or compromise in a timely manner, or a breach or compromise otherwise affects a large amount of data of one or more customers, or if we suffer a cyberattack that impacts our ability to operate our platform, we may suffer damage to our reputation and our brand, and our business, financial condition and results of operations may be materially adversely affected. Further, although we maintain insurance coverage, our insurance coverage may not be adequate for data security breaches, indemnification obligations, or other liabilities. In addition, we cannot be sure that our existing insurance coverage and coverage for errors and omissions will continue to be available on acceptable terms or that our insurers will not deny coverage as to any future claim. Our risks are likely to increase as we continue to expand our platform, grow our customer base, and process, store, and transmit increasingly large amounts of proprietary and sensitive data. Even if we eventually prevail in any such dispute, resolving them could be expensive and time-consuming to defend and could result in adverse publicity and reputational harm that could adversely affect our business, financial condition, and results of operations.
We are subject to stringent and changing laws and regulations related to privacy, data security, and data protection. The restrictions and costs imposed by these requirements, and our actual or perceived failure to comply with them, could harm our business.
Our business and platform involves the collection, use, processing, storage, transfer, and sharing of personal information, including such information that we handle on behalf of our customers, as well as confidential information and other sensitive data. Our data processing activities are regulated by a variety of laws, regulations, and industry standards, which have become increasingly stringent in recent years, are rapidly evolving, and are likely to remain uncertain for the foreseeable future. Increasingly, laws that regulate data processing activities are extra-territorial in their scope of application. The global nature of our customer base renders us particularly exposed to being subject to a wide range of such laws and the varying, potentially conflicting compliance obligations they impose on our business.
State legislatures also have been adopting new privacy laws or amending existing laws with increasing frequency, requiring attention to frequently changing regulatory requirements, and we expect that this trend will continue. For example, the California Consumer Privacy Act of 2018 (the “CCPA”) imposed a number of requirements on covered businesses and gave California residents certain rights related to their personal information, including the right to access and delete their personal information, to receive detailed information about how their personal information is used and shared, and to opt out of certain sharing of their personal information. The CCPA provides for civil penalties for violations of up to $7,500 for each intentional violation and created a private right of action for certain data breaches that is expected to increase data breach litigation. In addition, the California Privacy Rights Act (the “CPRA”), which has been in effect since January 1, 2023, imposed additional obligations on companies covered by the CCPA. The CPRA significantly modified the CCPA, including by expanding consumers’ rights with respect to certain sensitive personal information. Similar comprehensive privacy laws have entered into force in numerous other states, and several more will be entering into force in the coming years. In addition, comprehensive privacy laws have also been proposed in many other states and at the federal level. Such proposed legislation, if enacted, may add additional complexity, variation in requirements, restrictions, and potential legal risk, require additional investment of resources in compliance programs, impact strategies, and the availability of previously useful data and could result in increased compliance costs and/or changes in business practices and policies.
Other federal laws impose general, broad requirements designed to protect the privacy and security of personally identifiable information. For example, according to the Federal Trade Commission (the “FTC”), failing to take appropriate steps to keep consumers’ personal information secure constitutes unfair acts or practices in or affecting commerce in violation of Section 5(a) of the Federal Trade Commission Act, 15 U.S.C. § 45(a). In recent years, the FTC has paid increased attention to privacy and data security matters, and we expect them to continue to do so in the future.
Foreign privacy laws have become more stringent in recent years and may increase the costs and complexity of offering our platform and products in new and existing geographies. Outside of the United States, we are also subject to
67
stringent privacy and data protection laws in many jurisdictions. For example, we are subject to the EU GDPR and the UK General Data Protection Regulation (the “UK GDPR,” and collectively, the “GDPR”). The GDPR applies where we are collecting or otherwise processing personal data in connection with (a) the activities of a business establishment within the United Kingdom/European Economic Area; or (b) offering goods or services to or monitoring the behavior of individuals within the United Kingdom/European Economic Area, and imposes strict obligations regarding personal data processing activities.
The GDPR also imposes restrictions in relation to the international transfer of personal data. For example, in order to transfer data outside of the European Economic Area or the United Kingdom to a non-adequate country, including the United States in certain circumstances, the GDPR requires us to enter into an appropriate transfer mechanism and may require us to take additional steps to ensure an essentially equivalent level of data protection, including carrying out a transfer impact assessment to assess whether the recipient is subject to local laws which allow a public authority access to personal data and assisting controllers with such assessments if we act as processors of personal data. These transfer mechanisms are subject to change, and implementing new or revised transfer mechanisms or ensuring an essentially equivalent protection may involve additional expense and potentially increased compliance risk. Such restrictions may increase our obligations in relation to carrying out international transfers of personal data and cause us to incur additional expense and increased regulatory liabilities. Any inability to transfer personal data from Europe to the United States in compliance with data protection laws may impede our operations and may adversely affect our business and financial position.
Despite Brexit, the UK GDPR remains largely aligned with EU GDPR. Currently, the most impactful point of divergence between the EU GDPR and the UK GDPR relates to these transfer mechanisms as explained above. There may be further divergence in the future, including with regard to application, interpretation, enforcement and administrative burdens. For example, the United Kingdom has introduced the Data Reform Bill into the United Kingdom legislative process with the intention for this bill to reform the country’s data protection legal framework. If passed, the final version of the Data Reform Bill, which will introduce significant changes from the EU GDPR, may have the effect of further altering the similarities between the United Kingdom and European Economic Area data protection regimes and threaten the United Kingdom’s adequacy decision from the EU Commission which allows the free flow of personal data from the United Kingdom to the European Economic Area. This may lead to additional compliance costs and could increase our overall risk exposure. This lack of clarity on future United Kingdom laws and regulations and their interaction with those of the European Economic Area could add legal risk, uncertainty, complexity, and cost to our handling of European personal data and our privacy and security compliance programs. We may no longer be able to take a unified approach across the European Union and the United Kingdom, and we will need to amend our processes and procedures to align with the new framework. In addition, European Economic Area Member States have adopted national laws to implement the EU GDPR that may partially deviate from the EU GDPR and competent authorities in the Member States may interpret the EU GDPR obligations slightly differently from country to country. Therefore, we do not expect to operate in a uniform legal landscape in the European Economic Area.
Companies that violate the GDPR can face robust regulatory enforcement and greater penalties for noncompliance, including fines of up to €20 million (or £17.5 million under the UK GDPR) or 4% of their worldwide annual turnover, whichever is greater. A wide variety of other potential enforcement powers are available to competent supervisory authorities in respect of potential and suspected violations of the GDPR, including audit and inspection rights, and powers to order temporary or permanent bans on all or some processing activities. The GDPR also confers a private right of action on data subjects and consumer associations to lodge complaints with supervisory authorities, seek judicial remedies, and obtain compensation for damages resulting from violations of the GDPR.
In addition to the GDPR, other European data protection laws require that affirmative opt-in consent is procured to the placement of cookies and similar tracking technologies on users’ devices (other than those that are “strictly necessary” to provide services requested by the user). These requirements may increase our exposure to regulatory enforcement actions, increase our compliance costs and reduce demand for our platform. A new regulation proposed in the EU, which would apply across the European Economic Area, known as the ePrivacy Regulation, if and when enacted, may further restrict the
68
use of cookies and other online tracking technologies on which our platform relies, as well as increase restrictions on the types of direct marketing campaigns that our platform enables.
In Canada, our collection, use, disclosure, and management of personal information must comply with both federal and provincial privacy laws, which impose separate requirements, but may overlap in some instances. The federal Personal Information Protection and Electronic Documents Act (“PIPEDA”) and various provincial laws impose strict requirements on companies that handle personal information. Notably, Québec’s Act respecting the protection of personal information in the private sector (the “Private Sector Act”) was recently amended by Bill 64, which introduced major amendments to the Private Sector Act, notably, to impose significant and stringent new obligations on Québec businesses while increasing the powers of Québec’s supervisory authority. We may incur additional costs and expenses related to compliance with these laws and may incur significant liability if we are not able to comply with existing and emerging legal requirements in Canada.
Apart from the requirements of privacy and data security laws, we have obligations relating to privacy and data security under our published policies and documentation and certain of our contracts. Although we endeavor to comply with these obligations, we may have failed to do so in the past and may be subject to allegations that we have failed to do so or have otherwise processed data improperly. Such failures or alleged failures could result in proceedings against us by governmental entities, private parties or others as well as negative publicity and reputational damage.
Compliance with applicable privacy, data security or data protection requirements, many of which vary across jurisdictions, is a rigorous and time-intensive process, and we may be required to implement costly mechanisms to ensure compliance. The proliferation of privacy, data security, and data protection laws, regulations, policies, and standards increases the likelihood of differences in approaches across jurisdictions. These differences make it difficult to maintain a standardized global privacy program. Creating jurisdiction-specific approaches requires significant time and resources and the associated complexity increases the risk of potential non-compliance.
Our customers may implement compliance measures that do not align with our platform and products, which could limit the scope and type of platform and products we are able to provide. Our customers may also require us to comply with additional privacy and security obligations, causing us to incur potential disruption and expense related to our business processes. We may also be exposed to certain compliance and/or reputational risks if our customers do not comply with applicable privacy or data protection laws and/or their own privacy notices and terms of use in particular in connection with their processing of personal data, their sharing of personal data with us, the legal bases on which they rely (where applicable) under applicable privacy and data protection legislation for the processing we carry out on their behalf and/or their management of data subject requests which pertain to the processing we carry out on their behalf. In addition, we may decide not to enter into new geographic markets where we determine that compliance with such laws, regulations, policies, and standards would be prohibitively costly or difficult. Geographic markets in which we currently operate could require us to process or store regulated information within such markets only, and establishing hosting facilities in such markets could be disruptive to our business and costly. If our policies and practices, or those of our customers, service providers, contractors and/or partners, are, or are perceived to be non-compliant, we could face (1) litigation, investigations, audits, inspections, and proceedings brought by governmental entities, customers, individuals or others, (2) additional reporting requirements and/or oversight, temporary or permanent bans on all or some processing of personal data, orders to destroy or not use personal data and imprisonment of company officials, (3) fines and civil or criminal penalties for us or company officials, obligations to cease offering or to substantially modify our solutions in ways that make them less effective in certain jurisdictions, and (4) negative publicity, harm to our brand and reputation and reduced overall demand for our platform. These occurrences could adversely affect our business, financial condition, and results of operations.
Because the interpretation and application of privacy and data protection laws, regulations, rules, and other standards are still uncertain and likely to remain uncertain for the foreseeable future, it is possible that these laws, rules, regulations, and other obligations, such as contractual or self-regulatory obligations, may be interpreted and applied in a manner that is inconsistent with our data management practices or the features of our software. If so, in addition to the possibility of fines, lawsuits, and other claims, we could be required to fundamentally change our business activities and practices or modify
69
our software, which we may be unable to do in a commercially reasonable manner or at all, and which could have an adverse effect on our business. Any inability to adequately address privacy concerns, even if unfounded, or comply with applicable privacy or data protection laws, rules, regulations, and other obligations, could result in additional cost and liability to us, damage our reputation, inhibit sales, and adversely affect our business.
Existing federal, state, and foreign laws regulate the senders of commercial emails and text messages and changes in privacy laws could adversely affect our ability to provide our products and could impact our results from operations or result in costs and fines.
Our business offerings rely heavily on a variety of direct marketing techniques, including email marketing and marketing conducted via SMS. These activities are regulated by legislation such as CAN-SPAM and the TCPA as well as state laws regulating marketing via telecommunication services.
The CAN-SPAM Act, among other things, obligates the sender of commercial emails to provide recipients with the ability to opt out of receiving future commercial emails from the sender. The ability of our customers’ message recipients to opt out of receiving commercial emails may minimize the effectiveness of the email components of our platform. In addition, certain states, and foreign jurisdictions, such as Australia, Canada, the United Kingdom, and the European Union, have enacted laws that regulate sending email, and some of these laws are more restrictive than U.S. laws. For example, some foreign laws prohibit sending unsolicited email unless the recipient has provided the sender advance consent to receipt of such email, or in other words has “opted-in” to receiving it. A requirement that recipients opt into, or the ability of recipients to opt out of, receiving commercial emails may minimize the effectiveness of our platform. Any failure by us or our customers to comply fully with the CAN-SPAM Act may leave us subject to substantial fines and penalties.
Foreign privacy laws also regulate our and our customers’ ability to send commercial messages via email. For example, Canada’s Anti-Spam Legislation (“CASL”) prohibits email marketing without the recipient’s consent, with limited exceptions. Failure to comply with CASL could result in significant fines and penalties or possible damage awards.
We also face stringent regulation in connection with our use of telecommunication services for the transmission of marketing messages. The TCPA is a federal statute that protects consumers from unwanted telephone calls, faxes, and text messages. TCPA violations can result in significant financial penalties as a business can incur civil forfeiture penalties or criminal fines imposed by the Federal Communications Commission (the “FCC”) or be fined for each violation through private litigation or state attorneys general or other state actor enforcement. Class action suits are the most common method for private enforcement. Our SMS texting product is a potential source of risk for class-action lawsuits and liability for our company. Numerous class-action suits under federal and state laws have been filed in recent years against companies who conduct call and SMS texting programs, with many resulting in multi-million-dollar settlements to the plaintiffs. While we strive to adhere to strict policies and procedures, the FCC, as the agency that implements and enforces the TCPA, may determine that our efforts to address the TCPA are insufficient and may subject us to penalties and other consequences for noncompliance. Determination by a court or regulatory agency that our platform or our products violate the TCPA could subject us to civil penalties, could invalidate all or portions of some of our client contracts, could require us to change or terminate some portions of our business, could require us to refund portions of our service fees, and could have an adverse effect on our business. Further, we could be subject to class action lawsuits for any claimed TCPA violations. Even an unsuccessful challenge by consumers or regulatory authorities of our activities could result in adverse publicity and could require a costly response from us. Additionally, the scope of the TCPA is frequently under review and future regulations interpreting the TCPA may impose new limitations on our or our customers’ ability to send commercial messages via telephone calls, faxes, and text messages. Further, some states have enacted laws similar to, or broader than, the TCPA, which may be an additional source of potential claims or liability. In particular, Florida, Washington, and Oklahoma have enacted statutes that impose broader obligations than the TCPA upon companies that rely upon telephone calls or text messages for commercial communications. More U.S. states may pass similar laws in the future, and our ability to conduct our services via telephone or text message may be further limited or expose us to currently unforeseen liability.
In addition, any future restrictions in laws such as CAN-SPAM, the TCPA, and various United States state laws, or new federal laws regarding marketing and solicitation or international data protection laws that govern these activities
70
could adversely affect the continuing effectiveness of our marketing efforts and could force changes in our marketing strategies. If this occurs, we may not be able to develop adequate alternative marketing strategies, which could impact the amount and timing of our revenues.
If our platform fails to function in a manner that allows our customers to operate in compliance with regulations and/or industry standards, our business, financial condition, and results of operations could be adversely affected.
Since our customers are able to upload data into our platform, we may host or otherwise process substantial amounts of personally identifiable information. Some of our customers may require our platform to comply with certain privacy, security, and other certifications and standards. Our cloud-based platform holds various security certifications from industry organizations, designed to meet, in all material respects, the International Organization for Standardization 27001 (“ISO 27001”) standards. Governments and industry organizations may also adopt new laws, regulations or requirements, or make changes to existing laws or regulations, that could impact the demand for, or value of, our applications. If we fail to maintain our current security certifications and/or to continue to meet security standards, or if we are unable to adapt our platform to changing legal and regulatory standards or other requirements in a timely manner, our customers may lose confidence in our platform, and our revenue, business, financial condition, and results of operations could be adversely affected.
We could face liability, or our reputation might be harmed, as a result of the activities of our customers, the content sent through our platform or the data they store on our servers.
We may be subject to potential liability for the activities of our customers on or in connection with the content or data they store on or send through our platform. Although our customer terms of use and our acceptable use policy (“AUP”) prohibit, among other things, (1) illegal use of our platform and our products by our customers, (2) the use of our products for certain activities that do not comply with industry standards and guidelines outlined in our AUP, and (3) the use of our products in any manner that would infringe, misappropriate or otherwise violate the intellectual property rights of third parties, customers may nonetheless engage in prohibited activities or upload or store content with us in violation of our terms of use, our AUP, applicable law or the customer’s own policies, which could subject us to liability and/or harm our reputation.
We do not have a process in place to systematically and comprehensively monitor the content, activities, or messages of our customers in connection with their use of our services, so inappropriate content may be sent to third parties, which could subject us to legal liability. Even if we comply with legal obligations to remove or disable certain content, our customers may continue to send messages through our platform that third parties may find hostile, offensive, or inappropriate. The activities of our customers or the content of our customers’ messages may lead us to experience adverse political, business, and reputational consequences, especially if such use is high profile. Conversely, actions we take in response to the activities of our customers or users, up to and including suspending their use of our platform or products, may harm our brand and reputation.
There are certain statutory and common law frameworks and doctrines that offer defenses against liability for customer activities, including the Digital Millennium Copyright Act, the Communications Decency Act, the fair use doctrine in the United States and the Electronic Commerce Directive in the EU. Although these and other statutes and case law in the United States offer certain defenses against liability from customer activities under U.S. copyright law or regarding secondary liability from the TCPA or CAN-SPAM, they are subject to uncertain or evolving judicial interpretation and regulatory and legislative amendments, and in any event we cannot assure you that we will be successful in asserting them. In addition, pending or recently adopted legislation in the EU may impose additional obligations or liability on us associated with content uploaded by users to our platform. Laws governing these activities are unsettled in many international jurisdictions, or may prove difficult or impossible for us to comply with in some international jurisdictions. Even if ultimately resolved in our favor, we may become involved in related complaints, lawsuits or investigations which add cost to our doing business and may divert management’s time and attention or otherwise harm our reputation.
71
The standards that private entities and inbox service providers use to regulate and filter the use and delivery of email may interfere with the effectiveness of our platform and our ability to conduct business.
Many of our customers rely on email to communicate with their existing or prospective customers. Various private entities attempt to regulate the use of email for commercial solicitation. These entities often advocate standards of conduct or practice that significantly exceed current legal requirements and classify certain email solicitations that comply with current legal requirements as spam. Some of these entities maintain “blacklists” of companies and individuals, and the websites, inbox service providers, and IP addresses associated with those entities or individuals that do not adhere to those standards of conduct or practices for commercial email solicitations that the blacklisting entity believes are appropriate. If a company’s IP addresses are listed by a blacklisting entity, emails sent from those addresses may be blocked if they are sent to any internet domain or internet address that subscribes to the blacklisting entity’s service or uses its blacklist.
From time to time, some of our IP addresses have become, and we expect will continue to be, listed with one or more blacklisting entities due to the messaging practices of our customers and other users. We may be at an increased risk of having our IP addresses blacklisted due to our scale and volume of email processed compared to our smaller competitors. While the overall percentage of such email solicitations that our individual customers send may be at or below reasonable standards, the total aggregate number of all emails that we process on behalf of our customers may trigger increased scrutiny from these blacklisting entities. There can be no guarantee that we will be able to successfully remove ourselves from those lists. Because we fulfill email delivery on behalf of our customers, blacklisting of this type could undermine the effectiveness of our customers’ transactional emails, email marketing programs, and other email communications, and could result in a decline in click through rates, all of which could have a material negative impact on our business, financial condition, and results of operations.
Some inbox service providers categorize emails that originate from email marketing platforms as “promotional” and, as a result, direct them to an alternate or “tabbed” section of the recipient’s inbox. Additionally, inbox service providers can block emails from reaching their users. While we continually improve our own technology and work closely with inbox service providers and our customers to maintain our deliverability rates, the implementation of new or more restrictive policies by inbox service providers may make it more difficult to deliver our customers’ emails, particularly if we or our customers are not given adequate notice of a change in policy or struggle to update our platform or products to comply with the changed policy in a reasonable amount of time. For example, Google and Yahoo recently announced new email sender requirements that impact customers of email marketing platforms, including our platform. Beginning February 2024, Google and Yahoo now require bulk senders to authenticate their emails following certain industry standard authentication systems, enable recipients to easily unsubscribe, and ensure they only send wanted emails and stay under a certain spam rate threshold. Our customers that fail to comply with these new requirements may have their emails blocked from reaching their customers by Google or Yahoo and may not be able to effectively use our platform. If we or our customers fail to comply with new inbox service provider requirements, if inbox service providers materially limit or halt the delivery of our customers’ emails, if we fail to deliver our customers’ emails in a manner compatible with inbox service providers’ email handling or authentication technologies or other policies, if the open, unsubscribe or spam rates of our customers’ emails are negatively impacted by the actions of inbox service providers to categorize or block emails or new requirements imposed by inbox service providers, or if our customers send fewer emails or send emails to or maintain fewer profiles on our platform as a result of new inbox service provider requirements, then customers may question the effectiveness of our platform and downgrade or cancel their subscriptions. This could harm our business, financial condition, and results of operations.
Risks Relating to Our Intellectual Property
Any failure to protect our proprietary technology and intellectual property rights could substantially harm our business, financial condition, and results of operations.
To be successful, we must protect our technology and brand in the United States and other jurisdictions through trademarks, trade secrets, patents, copyrights, service marks, invention assignments, contractual restrictions, and other
72
intellectual property rights and confidentiality procedures. Despite our efforts to implement these protections, these measures may not protect our business or provide us with a competitive advantage for a variety of reasons, including:
•our failure to obtain patents and other intellectual property rights for important innovations or maintain appropriate confidentiality and other protective measures to establish and maintain our trade secrets;
•uncertainty in, and evolution of, legal standards relating to the validity, enforceability, and scope of protection of intellectual property rights;
•potential invalidation of our intellectual property rights through administrative processes or litigation;
•any inability by us to detect infringement or other misappropriation of our intellectual property rights by third parties; and
•other practical, resource, or business limitations on our ability to enforce our rights.
Further, the laws of certain foreign countries, particularly certain developing countries, do not provide the same level of protection of corporate proprietary information and assets, such as intellectual property (including, for example, patents, trademarks, trade secrets, and copyrights), know-how, and records, as the laws of the United States. As a result, we may encounter significant problems in protecting and defending our intellectual property or proprietary rights in foreign jurisdictions. Additionally, we may also be exposed to material risks of theft or unauthorized reverse engineering of our proprietary information and intellectual property, including technical data, data sets, or other sensitive information. Our efforts to enforce our intellectual property rights in such foreign countries may be inadequate to obtain a significant commercial advantage from the intellectual property that we develop, which could have a material adverse effect on our business, financial condition, and results of operations.
We enter into confidentiality and invention assignment agreements with our employees and consultants and enter into confidentiality agreements with the parties with whom we have strategic relationships and business alliances. No assurance can be given that these agreements will be effective in controlling access to and protecting our proprietary and intellectual property rights in our products, technology, and proprietary information. Further, these agreements may not prevent our competitors from independently developing technologies that are substantially equivalent or superior to our platform and offerings.
Further, litigation may be necessary to enforce and protect our intellectual property or proprietary rights, or determine the validity and scope of proprietary rights claimed by others. Any litigation, whether or not resolved in our favor, could result in significant expense to us, divert the efforts of our technical and management personnel and result in counterclaims, including with respect to infringement of intellectual property rights by us. If we are unable to prevent third parties from infringing upon or misappropriating our intellectual property or are required to incur substantial expenses defending our intellectual property rights, our business, financial condition, and results of operations may be materially adversely affected.
In the future we may be party to intellectual property rights claims, disputes, and other litigation brought by others which are expensive to support, and if resolved adversely, could have a significant impact on us.
We compete in markets where there are a large number of patents, copyrights, trademarks, trade secrets, and other intellectual property and proprietary rights, as well as disputes regarding infringement of these rights. Many of the holders of patents, copyrights, trademarks, trade secrets, and other intellectual property and proprietary rights have extensive intellectual property portfolios and greater resources than we do to enforce their rights. As compared to our larger competitors, our patent portfolio is relatively undeveloped and may not provide a material deterrent to such assertions or provide us with a strong basis to counterclaim or negotiate settlements. Further, to the extent assertions are made against us by entities that hold patents but are not operating companies, our patent portfolio may not provide deterrence because such entities are not concerned with counterclaims.
73
Any intellectual property claims, with or without merit, that we may become involved with may require us to do one or more of the following:
•cease selling, licensing, or using products or features that incorporate the intellectual property rights that we allegedly infringe upon, misappropriate, or violate;
•make substantial payments for legal fees, settlement payments, subscription fee refunds, or other costs or damages, including indemnification of third parties;
•obtain a license or enter into a royalty agreement, either of which may not be available on reasonable terms or at all, in order to obtain the right to sell, offer to sell, import, make or use the relevant intellectual property; or
•redesign certain portions of the allegedly infringing products to avoid infringement, misappropriation, or violation, which could be costly, time-consuming, or impossible.
Intellectual property infringement claims, with or without merit, are typically complex, time consuming, and expensive to resolve and would divert the time and attention of our management and technical personnel. These claims could also subject us to significant liability for damages, including treble damages if we are found to have willfully infringed third-party patents. It may enjoin us from continuing to use certain features or portions of allegedly infringing products or even the allegedly infringing products themselves. It may also result in adverse publicity, which could harm our reputation and ability to attract or retain customers or otherwise prevent us from competing effectively in the market. As we grow, we may experience a heightened risk of allegations of intellectual property infringement. An adverse result in any litigation claims against us could have a material adverse effect on our business, financial condition, and results of operations.
Our use of open source software could negatively affect our ability to sell our products and subject us to possible litigation.
We use open source software in our products, and we expect to continue to incorporate open source software in our products in the future. Few of the licenses applicable to open source software have been interpreted by courts, and there is a risk that these licenses could be construed in a manner that could impose unanticipated conditions or restrictions on our ability to commercialize our products or to maintain the confidentiality of our proprietary source code. Moreover, we may encounter instances in which we have incorporated additional open source software in our proprietary software in a manner that is inconsistent with the terms of the applicable license or our current policies and procedures. While we have adopted guidelines for the appropriate use of, and regularly audit our use of, open source software, these measures may not always be effective. If we were to combine or link our proprietary software products with open source software in a certain manner, we could, under certain open source licenses, be required to release the source code of our proprietary software products and allow others to use it at no cost. If an author or other third party that distributes such open source software were to allege that we had not complied with the conditions of one or more of these licenses, we could be required to incur significant legal expenses defending against such allegations and could be subject to significant damages, enjoined from the sale of our products that contained the open source software, and required to comply with onerous conditions or restrictions on these products, which could disrupt the distribution and sale of these products or put our proprietary source code at risk.
From time to time, there have been claims challenging the ownership rights in open source software against companies that incorporate it into their products and the licensors of such open source software provide no warranties or indemnities with respect to such claims. As a result, we and our customers could be subject to lawsuits by parties claiming ownership of what we believe to be open source software. Litigation could be costly for us to defend, have a negative effect on our business, financial condition, and results of operations, or require us to devote additional research and development resources to change our products. Some open source projects have known vulnerabilities and architectural instabilities and are provided on an “as-is” basis which, if not properly addressed, could negatively affect the performance of our platform. If we inappropriately use or incorporate open source software subject to certain types of open source licenses that challenge the proprietary nature of our platform, we may be required to re-engineer our platform, discontinue the sale of affected
74
products, or take other remedial actions, which may adversely affect our business, financial condition, and results of operations.
Our use of AI technology and the integration of AI technology with our products and services may subject us to increased risk given the emerging nature of AI technology.
We have incorporated, and may continue to incorporate, artificial intelligence technology (“AI Technology”) in our products and services, including our email, SMS, and reviews offerings, and this incorporation of AI Technology in our business and operations may become more significant over time. The use of generative AI, a newer and emerging technology in the early stages of commercial use, may expose us to additional risk, such as damage to our reputation, competitive position, additional costs, and other business, legal and regulatory risks. For example, generative AI has been known to produce false or “hallucinatory” inferences or output, and certain generative AI technology use machine learning and other predictive analysis techniques, which can produce inaccurate, incomplete, or misleading content, unintended biases, and other discriminatory or unexpected results, errors or inadequacies, any of which may not be easily detectable by us or any of our related service providers. Accordingly, while AI-powered applications may help provide more tailored or personalized user experiences, if the content, analyses, or recommendations produced by AI-powered applications are, or are perceived to be, deficient, inaccurate, biased, unethical or otherwise flawed, our reputation, competitive position, and business may be materially and adversely affected.
In addition, new laws and regulations, or the interpretation of existing laws and regulations, in any of the jurisdictions in which we operate may affect our use of AI Technology and expose us to government enforcement or civil lawsuits. For example, states such as California, Colorado, and Utah, have recently passed laws regulating the use of AI Technology, which impose additional operational burdens and may require us to modify our products and services that utilize AI Technology in order to comply with these laws. We expect that this trend will continue and we may be required to devote attention to address the frequently changing regulatory requirements. As the legal and regulatory framework relating to use of AI Technology continues to change, there may be an increase in our operational and development expenses that impact our ability to earn revenue from or utilize certain AI Technology.
Furthermore, the use of AI Technology has resulted in, and may result in, an increase in our risk with respect to intellectual property rights, privacy rights, publicity rights and cybersecurity incidents, including as it relates to personal data that we have in our possession or process on behalf of our customers. Certain output produced by us using AI Technology may not be subject to patent or copyright protection, which may adversely affect our intellectual property rights in, or ability to commercialize or use, any such output. In addition, output produced by AI Technology may include information subject to certain privacy or rights of publicity laws or constitute an unauthorized derivative work of copyrighted material used in training the underlying AI Technology, any of which could create a risk of liability for us, or adversely affect our business or operations. To the extent that we do not have sufficient rights to use the data or other material or content used in or produced by the AI Technology used in our business, or if we experience cybersecurity incidents in connection with our use of AI Technology, it could adversely affect our reputation and expose us to legal liability or regulatory risk, including with respect to third-party intellectual property rights, privacy, publicity, contractual or other rights.
As the use of AI Technology becomes more prevalent, we anticipate that it will continue to present new or unanticipated legal, reputational, technical, operational, ethical, competitive, and regulatory issues. We expect that our incorporation of AI Technology in our business will require additional resources, including the incurrence of additional costs, to develop and maintain our products, services, and features to minimize potentially harmful, unintended or other adverse consequences, to comply with existing and new laws and regulations, to maintain or extend our competitive position, and to address any legal, reputational, technical, operational, ethical, competitive, and regulatory issues that may arise as a result of any of the foregoing. Furthermore, our competitors or other third parties may incorporate AI Technology into their products more quickly or more successfully than us, which could impair our ability to compete effectively. As a result, the challenges presented with our use of AI Technology may adversely affect our business, financial condition, and results of operations.
75
Risks Relating to Ownership of Our Series A Common Stock
Our IPO occurred in September 2023. As such, there has only been a public market for our Series A common stock for a short period of time. The trading price of our Series A common stock may continue to be volatile or may decline regardless of our operating performance, and you may not be able to resell your shares at or above the price at which you purchased those shares.
The market prices of the securities of other newly public companies have historically been highly volatile and markets in general have been highly volatile in light of the COVID-19 pandemic, the Russia-Ukraine conflict, the conflict in the Gaza Strip, and other factors. Additionally, we have a relatively small public float due to the relatively small size of our IPO, and the concentrated ownership of our common stock among our executive officers, directors, and greater than 5% stockholders. As a result of our small public float, our Series A common stock may be less liquid and have greater stock price volatility than the common stock of companies with broader public ownership. The trading price of our Series A common stock may fluctuate significantly in response to numerous factors, many of which are beyond our control, including:
•overall performance of the equity markets and/or publicly-listed technology companies;
•actual or anticipated fluctuations in our revenue or other operating metrics;
•our actual or anticipated operating performance and the operating performance of our competitors;
•the financial projections we may provide to the public, any changes in those projections, or our failure to meet those projections;
•failure of securities analysts to initiate or maintain coverage of our company, changes in financial estimates by any securities analysts who follow our company, or our failure to meet the estimates or the expectations of securities analysts or investors;
•the economy as a whole and market conditions in our industry;
•rumors and market speculation involving us or other companies in our industry;
•announcements by us or our competitors of significant innovations; new products, services, or capabilities; acquisitions, strategic partnerships, or investments; joint ventures; or capital commitments;
•new laws or regulations or new interpretations of existing laws or regulations applicable to our business, including those related to privacy and cybersecurity in the United States or globally;
•lawsuits threatened or filed against us;
•actual or perceived privacy or data security incidents;
•developments or disputes concerning our intellectual property or other proprietary rights;
•announced or completed acquisitions of businesses, products, services, or technologies by us or our competitors;
•changes in accounting standards, policies, guidelines, interpretations, or principles;
•any major change in our board of directors, management, or key personnel;
•other events or factors, including those resulting from war (including the Russia-Ukraine conflict and the conflict in the Gaza Strip), incidents of terrorism, pandemics (including the COVID-19 pandemic), or elections, or responses to these events; and
•sales of additional shares of our Series A common stock by us or our stockholders.
76
In addition, stock markets, and the market for technology companies in particular, have experienced price and volume fluctuations that have affected and continue to affect the market prices of equity securities of many companies. Often, trading prices of many companies have fluctuated in ways unrelated or disproportionate to the operating performance of those companies. In the past, stockholders have filed securities class action litigation following periods of market volatility. If we were to become involved in securities litigation, it could subject us to substantial costs, divert resources and the attention of management from our business, and adversely affect our business, results of operations, and financial condition.
Moreover, because of these fluctuations, comparing our results of operations on a period-to-period basis may not be meaningful. You should not rely on our past results as an indication of our future performance. This variability and unpredictability could also result in our failing to meet the expectations of industry or financial analysts or investors for any period. If our revenue or results of operations fall below the expectations of analysts or investors or below any forecasts we may provide to the market, or if the forecasts we provide to the market are below the expectations of analysts or investors, the trading price of our Series A common stock could decline substantially. Such a trading price decline could occur even when we have met any previously publicly stated revenue or earnings forecasts that we may provide.
The dual series structure of our common stock has the effect of concentrating voting control with those stockholders who hold shares of our Series B common stock, including our directors, executive officers, and their respective affiliates. This ownership limits or precludes your ability to influence corporate matters, including the election of directors, amendments of our organizational documents, and any merger, consolidation, sale of all or substantially all of our assets, or other major corporate transaction requiring stockholder approval, and that may depress the trading price of our Series A common stock.
Our Series B common stock has tenvotes per share, and our Series A common stock has one vote per share. Our directors, executive officers, and their affiliates, beneficially own in the aggregate 63.1% of the voting power of our capital stock as of September 30, 2024. Our co-founders, Andrew Bialecki and Ed Hallen, beneficially own 46.6% and 17.3%, respectively, of our Series B common stock and together 62.2% of our Series B common stock as of September 30, 2024. As such, our co-founders individually or together hold significant influence and control over matters requiring the vote of our stockholders including the sale, merger or acquisition of our company. Because of the ten-to-one voting ratio between our Series B and Series A common stock, the holders of our Series B common stock collectively continue to control a majority of the combined voting power of our common stock and therefore are able to continue to control all matters submitted to our stockholders for approval until the seventh anniversary of our IPO, when all outstanding shares of Series A common stock and Series B common stock will convert automatically into shares of a single series of common stock, or until they no longer hold a majority of the combined voting power of our common stock. This concentrated control may limit or preclude your ability to influence corporate matters for the foreseeable future, including the election of directors, amendments of our organizational documents, and any merger, consolidation, sale of all or substantially all of our assets or other major corporate transaction requiring stockholder approval. In addition, this concentrated control may prevent or discourage unsolicited acquisition proposals or offers for our capital stock that you may believe are in your best interest as one of our stockholders.
Future transfers by holders of Series B common stock will generally result in those shares converting to Series A common stock, subject to limited exceptions, such as certain transfers effected for estate planning purposes. The conversion of Series B common stock to Series A common stock will have the effect, over time, of increasing the relative voting power of those holders of Series B common stock who retain their shares in the long term. As a result, it is possible that one or more of the persons or entities holding our Series B common stock could gain significant voting control as other holders of Series B common stock sell or otherwise convert their shares into Series A common stock.
We cannot predict the effect our dual series structure may have on the trading price of our Series A common stock.
We cannot predict whether our dual series structure will result in a lower or more volatile trading price of our Series A common stock, adverse publicity, or other adverse consequences. For example, certain index providers have announced restrictions affecting companies with multiple-class or series share structures in certain of their indices. In July 2017, FTSE
77
Russell announced that it would require new constituents of its indices to have greater than 5% of a company’s voting rights in the hands of public stockholders. Under this policy, the dual series structure of our common stock could make us ineligible for inclusion in certain indices and, as a result, mutual funds, exchange-traded funds, and other investment vehicles that attempt to passively track those indices may not invest in our Series A common stock. These policies are relatively new and it is unclear what effect, if any, they will have or continue to have on the valuations of publicly traded companies excluded from such indices, but it is possible that they may depress valuations, as compared to similar companies that are included. Because of the dual series structure of our common stock, we may be excluded from certain indices, and other stock indices may take similar actions. Given the sustained flow of investment funds into passive strategies that seek to track certain indices, exclusion from certain stock indices could preclude investment by many of these funds and could make our Series A common stock less attractive to other investors. As a result, the trading price of our Series A common stock could be adversely affected.
We are an emerging growth company, and any decision on our part to comply only with certain reduced reporting and disclosure requirements applicable to emerging growth companies could make our Series A common stock less attractive to investors.
We are an emerging growth company, and, for as long as we continue to be an emerging growth company, we may choose to take advantage of exemptions from various reporting requirements applicable to other public companies but not to emerging growth companies, including:
•not being required to have our independent registered public accounting firm audit our internal control over financial reporting under Section 404 of the Sarbanes-Oxley Act;
•reduced disclosure obligations regarding executive compensation in our periodic reports and Annual Report on Form 10-K; and
•exemptions from the requirements of holding a non-binding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved.
We could be an emerging growth company for up to five years following the completion of our IPO. Our status as an emerging growth company will end as soon as any of the following takes place:
•the last day of the fiscal year in which we have more than $1.235 billion in annual revenue;
•the date we qualify as a “large accelerated filer,” with at least $700 million of equity securities held by non-affiliates;
•the date on which we have issued, in any three-year period, more than $1.0 billion in non-convertible debt securities; or
•the last day of the fiscal year ending after the fifth anniversary of the completion of our IPO.
We cannot predict if investors will find our Series A common stock less attractive if we choose to rely on the exemptions afforded to emerging growth companies. If some investors find our Series A common stock less attractive because we rely on any of these exemptions, there may be a less active trading market for our Series A common stock and the trading price of our Series A common stock may be more volatile.
Under the JOBS Act, emerging growth companies can also delay adopting new or revised accounting standards until such time as those standards apply to private companies. We have elected to use this extended transition period for complying with new or revised accounting standards that have different effective dates for public and private companies until the earlier of the date we (i) are no longer an emerging growth company or (ii) affirmatively and irrevocably opt out of the extended transition period provided in the JOBS Act. As a result, our financial statements may not be comparable to companies that comply with new or revised accounting pronouncements as of public company effective dates.
78
If securities or industry analysts do not publish research, or publish inaccurate or unfavorable research, about our business, the trading price of our Series A common stock and trading volume could be adversely affected.
The trading market for our Series A common stock will depend in part on the research and reports that securities or industry analysts publish about us or our business. If few securities analysts cover us, or if industry analysts cease coverage of us, the trading price for our Series A common stock would be negatively affected. If one or more of the analysts who cover us downgrade our Series A common stock or publish inaccurate or unfavorable research about our business, our Series A common stock trading price would likely decline. If one or more of these analysts cease coverage of us or fail to publish reports on us on a regular basis, demand for our Series A common stock could decrease, potentially causing our Series A common stock trading price and trading volume to decline.
Sales of substantial amounts of our Series A common stock in the public markets, or the perception that sales might occur, could cause the trading price of our Series A common stock to decline.
Sales of a substantial number of shares of our Series A common stock into the public market, particularly sales by our directors, executive officers, and principal stockholders, or the perception that these sales might occur, could cause the trading price of our Series A common stock to decline. While shares held by directors, executive officers, and other affiliates are subject to volume limitations under Rule 144 under the Securities Act of 1933, as amended (the “Securities Act”) and various vesting agreements, we are unable to predict the timing of or the effect that such sales may have on the prevailing market price of our Series A common stock.
In addition, as of September 30, 2024, we had 26,640,466 options outstanding that, if fully exercised, would result in the issuance of an equal number of shares of Series B common stock, as well as 5,940,236 shares of Series B common stock and 11,208,376shares of Series A common stock subject to outstanding RSU awards. Shares of Series B common stock will automatically convert into shares of Series A common stock upon certain transfers and other events. All of the shares of Series B common stock issuable upon the exercise of stock options or the vesting of RSU awards and the shares reserved for future issuance under our equity incentive plans have been registered on a registration statement on Form S-8 under the Securities Act. Accordingly, following conversion to shares of Series A common stock, these shares can be freely sold in the public market upon issuance, subject to volume limitations under Rule 144 for our executive officers and directors and applicable vesting requirements.
Certain holders of our Series B common stock have rights, subject to some conditions, to require us to file registration statements for the public resale of the Series A common stock issuable upon conversion of such shares or to include such shares in registration statements that we may file for us or other stockholders. Any registration statement we file to register additional shares, whether as a result of registration rights or otherwise, could cause the trading price of our Series A common stock to decline or be volatile.
Our issuance of additional capital stock in connection with financings, acquisitions, investments, our stock incentive plans, or otherwise will dilute all other stockholders and could negatively affect our results of operations.
We expect to issue additional capital stock in the future that will result in dilution to all other stockholders. We expect to grant equity awards to employees, directors, consultants, and advisors under our stock incentive plans. We may also raise capital through equity financings in the future. As part of our business strategy, we may acquire or make investments in complementary companies, products, or technologies and issue equity securities to pay for any such acquisition or investment. Any such issuances of additional capital stock may cause stockholders to experience significant dilution of their ownership interests and the per share value of our Series A common stock to decline. Any additional grants of equity awards under our stock incentive plans will also increase stock-based compensation expense and negatively affect our results of operations. Commencing in the fourth quarter of 2020, we began granting RSUs to employees. RSUs granted under our 2015 Stock Incentive Plan (as amended, “2015 Plan”) prior to our IPO vest upon the satisfaction of both a service condition and a liquidity event condition. In September 2023, we completed our IPO, as a result of which the liquidity event condition was satisfied. Subsequent to the IPO, any unvested RSUs subject to both the service vesting condition and liquidity event vesting condition will vest as the service vesting condition is met over the remaining service
79
period. During the year ended December 31, 2023, stock-based compensation expense recognized for RSUs was $338.0 million, which represented $331.0 million of cumulative stock-based compensation expense for RSUs that vested upon satisfaction of both a service condition and a liquidity event condition, including the RSUs that vested in connection with our IPO, and $7.0 million of stock-based compensation expense for RSUs granted during the year ended December 31, 2023 that vest upon satisfaction of only a service condition. As a public company, our RSUs are only subject to service-based vesting, and accordingly we expect to continue to incur stock-based compensation expense as these RSUs vest.
We do not intend to pay dividends on our Series A common stock in the foreseeable future and, consequently, the ability of Series A common stockholders to achieve a return on investment will depend on appreciation in the trading price of our Series A common stock.
We have never declared or paid any cash dividends on our capital stock. We intend to retain any earnings to finance the operation and expansion of our business, and we do not anticipate paying any cash dividends in the foreseeable future. We anticipate that we will retain all of our future earnings for use in the operation of our business and for general corporate purposes. Any determination to pay dividends in the future will be at the discretion of our board of directors. Accordingly, investors must rely on sales of their Series A common stock after price appreciation, which may never occur, as the only way to realize any future gains on their investments.
Our estimates of market opportunity and forecasts of market growth may prove to be inaccurate. Even if the markets in which we compete achieve the forecasted growth, our business could fail to grow at similar rates, if at all.
Market estimates and growth forecasts are uncertain and based on assumptions and estimates that may be inaccurate. The size of our addressable market depends on a number of factors, including the desire of businesses to differentiate themselves through digital customer engagement, partnership opportunities, changes in the competitive landscape, technological changes, data security and privacy concerns, customer budgetary constraints, changes in business practices, changes in the regulatory environment, and changes in economic conditions. Our estimates and forecasts relating to the size and expected growth of our market may prove to be inaccurate. Even if the market in which we compete meets the size estimates and growth rates we forecast, our business could fail to grow at similar rates, if at all, which could cause the trading price of our Series A common stock to decline or be volatile.
Provisions in our charter documents and under Delaware law could make an acquisition of our company more difficult, limit attempts by our stockholders to replace or remove our current board of directors, and limit the trading price of our Series A common stock.
Provisions in our amended and restated certificate of incorporation and amended and restated bylaws may have the effect of delaying or preventing a change of control or changes in our management. Our amended and restated certificate of incorporation and amended and restated bylaws include provisions that:
•provide that our board of directors is classified into three classes of directors with staggered three-year terms;
•permit our board of directors to establish the number of directors and fill any vacancies and newly-created directorships;
•require super-majority voting to amend our amended and restated bylaws; provided, however, that majority voting is required to amend our amended and restated bylaws if our board of directors recommends that the stockholders approve such amendment;
•authorize the issuance of “blank check” preferred stock that our board of directors could use to implement a stockholder rights plan;
•after the date that the outstanding shares of Series B common stock no longer represent a majority of the combined voting power of our Series A and Series B common stock (the “Voting Threshold Date”), prohibit
80
stockholder action by written consent, thereby requiring all stockholder actions to be taken at a meeting of our stockholders;
•until the Voting Threshold Date, our stockholders are able to act by written consent only if the action is first recommended or approved by our board of directors;
•provide that only our board of directors is authorized to call a special meeting of stockholders;
•provide for a dual series common stock structure where holders of our Series B common stock are able to control the outcome of matters requiring stockholder approval, even if they own significantly less than a majority of the outstanding shares of our Series A and Series B common stock, including the election of directors and significant corporate transactions, such as a merger or other sale of our company or its assets;
•provide that our board of directors is expressly authorized to alter or repeal our amended and restated bylaws; and
•contain advance notice requirements for nominations for election to our board of directors or for proposing matters that can be acted upon by stockholders at annual stockholder meetings.
Moreover, Section 203 of the Delaware General Corporation Law (the “DGCL”) may discourage, delay, or prevent a change in control of our company. Section 203 imposes certain restrictions on mergers, business combinations, and other transactions between us and holders of 15% or more of our common stock.
Our amended and restated bylaws designate specific courts as the exclusive forum for certain litigation that may be initiated by our stockholders, which could potentially limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us.
Our amended and restated bylaws provide that, unless we consent in writing to the selection of an alternative forum, to the fullest extent permitted by law, the Court of Chancery of the State of Delaware is the sole and exclusive forum for any state law claims for:
•any derivative action or proceeding brought on our behalf;
•any action asserting a claim of breach of fiduciary duty owed by any of our current or former directors, officers, other employees, or stockholders to us or our stockholders;
•any action asserting a claim arising pursuant to the DGCL, our amended and restated certificate of incorporation, or our amended and restated bylaws (including the interpretation, validity or enforceability thereof); or
•any action asserting a claim that is governed by the internal affairs doctrine (the “Delaware Forum Provision”).
Our amended and restated bylaws further provide that, unless we consent in writing to the selection of an alternative forum, the federal district courts of the United States shall be the sole and exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act (the “Federal Forum Provision”). In addition, our amended and restated bylaws provide that any person or entity purchasing or otherwise acquiring any interest in shares of our capital stock is deemed to have notice of and consented to the Delaware Forum Provision and the Federal Forum Provision; provided, however, that stockholders cannot and will not be deemed to have waived our compliance with the U.S. federal securities laws and the rules and regulations thereunder.
The Delaware Forum Provision and the Federal Forum Provision in our amended and restated bylaws may impose additional litigation costs on stockholders in pursuing any such claims. Additionally, these forum selection clauses may limit our stockholders’ ability to bring a claim in a judicial forum that they find favorable for disputes with us or our directors, officers, employees, or stockholders which may discourage the filing of lawsuits against us and our directors, officers, employees, or stockholders even though an action, if successful, might benefit our stockholders. In addition, while the Delaware Supreme Court and other state courts have upheld the validity of federal forum selection provisions
81
purporting to require claims under the Securities Act be brought in federal court, there is uncertainty as to whether other courts will enforce our Federal Forum Provision. If the Federal Forum Provision is found to be unenforceable, we may incur additional costs associated with resolving such matters. The Federal Forum Provision may also impose additional litigation costs on stockholders who assert that the provision is not enforceable or invalid. The Court of Chancery of the State of Delaware and the federal district courts of the United States may also reach different judgments or results than would other courts, including courts where a stockholder considering an action may be located or would otherwise choose to bring the action, and such judgments may be more or less favorable to us than our stockholders.
General Risk Factors
We have incurred, and we will continue to incur, increased costs as a result of operating as a public company, and our management is required to devote substantial time to support compliance with our public company responsibilities and corporate governance practices.
As a public company, we have incurred, and we will continue to incur, significant finance, legal, accounting, and other expenses, including director and officer liability insurance, that we did not incur as a private company, which we expect to further increase after we are no longer an “emerging growth company.” The Sarbanes-Oxley Act, the Dodd-Frank Wall Street Reform and Consumer Protection Act, stock exchange listing requirements, the reporting requirements of the Exchange Act, and other applicable securities rules and regulations impose various requirements on public companies in the United States. Our management and other personnel devote a substantial amount of time to support compliance with these requirements. These factors could also make it more difficult for us to attract and retain qualified members of our board of directors, particularly to serve on our audit committee and compensation committee. For example, the Exchange Act requires, among other things, that we file annual, quarterly, and current reports with respect to our business and results of operations and comply with the Sarbanes-Oxley Act and other rules and regulations. Moreover, these rules and regulations have increased, and will continue to increase, our legal and financial compliance costs and make some activities more time-consuming and costly. We cannot predict or estimate the amount of additional costs we will continue to incur as a public company or the specific timing of such costs.
In addition, changing laws, regulations, and standards relating to corporate governance and public disclosure are creating uncertainty for public companies, increasing legal and financial compliance costs and making some activities more time-consuming. These laws, regulations, and standards are subject to varying interpretations, in many cases due to their lack of specificity, and, as a result, their application in practice may evolve over time as new guidance is provided by regulatory and governing bodies, potentially resulting in continued uncertainty regarding compliance matters and higher costs necessitated by ongoing revisions to disclosure and governance practices. We intend to invest substantial resources to comply with evolving laws, regulations, and standards, and this investment may result in increased general and administrative expenses and a diversion of management’s time and attention from business operations to compliance activities. If our efforts to comply with new laws, regulations, and standards differ from the activities intended by regulatory or governing bodies due to ambiguities related to their application and practice, regulatory authorities may initiate legal proceedings against us and our business may be adversely affected.
Adverse developments affecting the financial services industry, such as actual events or concerns involving liquidity, defaults, or non-performance by financial institutions or transactional counterparties, could adversely affect our current and projected business operations, financial condition, and results of operations.
Actual events involving limited liquidity, defaults, non-performance, or other adverse developments that affect financial institutions, transactional counterparties or other companies in the financial services industry or the financial services industry generally, or concerns or rumors about any events of these kinds or other similar risks, have in the past and may in the future lead to market-wide liquidity problems. For example, on March 10, 2023, Silicon Valley Bank (“SVB”), was closed by the California Department of Financial Protection and Innovation, which appointed the Federal Deposit Insurance Corporation (the “FDIC”), as receiver. Similarly, on March 12, 2023, Signature Bank and Silvergate Capital Corp. were each swept into receivership followed by First Republic Bank on May 1, 2023. Although a statement by the U.S. Department of the Treasury, the Federal Reserve, and the FDIC indicated that all depositors of SVB would have
82
access to all of their money after only one business day of closure, including funds held in uninsured deposit accounts, borrowers under credit agreements, letters of credit, and certain other financial instruments with SVB, Signature Bank or any other financial institution that is placed into receivership by the FDIC may be unable to access undrawn amounts thereunder. Although we are not currently a borrower or party to any such instruments with SVB, Signature or any other financial institution currently in receivership, if any of our future lenders or counterparties to any such instruments were to be placed into receivership, we may be unable to access such funds. In addition, if any of our customers, suppliers, or other parties with whom we conduct business are unable to access funds pursuant to such instruments or lending arrangements with such a financial institution, such parties’ ability to pay their obligations to us or to enter into new commercial arrangements requiring additional payments to us could be adversely affected. In this regard, counterparties to SVB credit agreements and arrangements, and third parties such as beneficiaries of letters of credit (among others), may experience direct impacts from the closure of SVB and uncertainty remains over liquidity concerns in the broader financial services industry. Similar impacts have occurred in the past, such as during the 2008-2010 financial crisis.
Inflation and rapid increases in interest rates have led to a decline in the trading value of previously issued government securities with interest rates below current market interest rates. Although the U.S. Department of Treasury, FDIC, and Federal Reserve Board have announced a program to provide up to $25 billion of loans to financial institutions secured by certain of such government securities held by financial institutions to mitigate the risk of potential losses on the sale of such instruments, widespread demands for customer withdrawals or other liquidity needs of financial institutions for immediate liquidity may exceed the capacity of such program. Additionally, there is no guarantee that the U.S. Department of Treasury, FDIC, and Federal Reserve Board will provide access to uninsured funds in the future in the event of the closure of other banks or financial institutions, or that they would do so in a timely fashion.
Although we assess our banking and customer relationships as we believe necessary or appropriate, our access to funding sources and other credit arrangements in amounts adequate to finance or capitalize our current and projected future business operations could be significantly impaired by factors that affect us, the financial institutions with which we have credit agreements or arrangements directly, or the financial services industry or economy in general. These factors could include, among others, events such as liquidity constraints or failures, the ability to perform obligations under various types of financial, credit or liquidity agreements or arrangements, disruptions or instability in the financial services industry or financial markets, or concerns or negative expectations about the prospects for companies in the financial services industry. These factors could involve financial institutions or financial services industry companies with which we have financial or business relationships, but could also include factors involving financial markets or the financial services industry generally.
The results of events or concerns that involve one or more of these factors could include a variety of material and adverse impacts on our current and projected business operations, financial condition, and results of operations. These could include, but may not be limited to, the following:
•Delayed access to deposits or other financial assets or the uninsured loss of deposits or other financial assets;
•Delayed or lost access to, or reductions in borrowings available under revolving existing credit facilities or other working capital sources and/or delays, inability, or reductions in our ability to refund, roll over or extend the maturity of, or enter into new credit facilities or other working capital resources;
•Potential or actual breach of contractual obligations that require us to maintain letters of credit or other credit support arrangements;
•Potential or actual breach of financial covenants in our credit agreements or credit arrangements;
•Potential or actual cross-defaults in other credit agreements, credit arrangements or operating or financing agreements; or
•Termination of cash management arrangements and/or delays in accessing or actual loss of funds subject to cash management arrangements.
83
In addition, investor concerns regarding the United States or international financial systems could result in less favorable commercial financing terms, including higher interest rates or costs and tighter financial and operating covenants, or systemic limitations on access to credit and liquidity sources, thereby making it more difficult for us to acquire financing on acceptable terms or at all. Any decline in available funding or access to our cash and liquidity resources could, among other risks, adversely impact our ability to meet our operating expenses, financial obligations or fulfill our other obligations, result in breaches of our financial and/or contractual obligations or result in violations of federal or state wage and hour laws. Any of these impacts, or any other impacts resulting from the factors described above or other related or similar factors not described above, could have material adverse impacts on our liquidity and our current and/or projected business operations, financial condition, and results of operations.
Our business is subject to the risks of earthquakes, fire, floods, and other natural catastrophic events, and to interruption by man-made problems such as power disruptions, computer viruses, data security breaches, or terrorism.
Our corporate headquarters are located in Boston, Massachusetts, and we have employees elsewhere in the United States. We also have offices in the United Kingdom and Australia. A significant natural disaster, such as an earthquake, fire, or flood, occurring at our headquarters, at one of our other facilities, or where a partner is located, could adversely affect our business, results of operations, and financial condition. Further, if a natural disaster or man-made problem were to affect our third-party vendors, it could adversely affect the ability of our customers to use our platform. In addition, natural disasters and acts of terrorism could cause disruptions in our or our customers’ businesses, national economies, or the world economy as a whole. Health concerns or political or governmental developments in countries where we or our customers and vendors operate could result in economic, social, or labor instability and could have a material adverse effect on our business, results of operations, and financial condition.
Although we maintain incident management and disaster response plans, in the event of a major disruption caused by a natural disaster or man-made problem, we may be unable to continue our operations in part or in full and may endure system interruptions, reputational harm, delays in our development activities, lengthy interruptions in service, breaches of data security and loss of critical data, any of which could adversely affect our business, results of operations, and financial condition.
Climate change may have a long-term impact on our business.
We recognize that there are inherent climate-related risks wherever business is conducted. Any of our primary office locations may be vulnerable to the adverse effects of climate change. For example, our offices globally may experience climate-related events at an increasing frequency, including drought, water scarcity, heat waves, cold waves, wildfires, and resultant air quality impacts and power shutoffs associated with wildfire prevention. While this danger currently has a low-assessed risk of disrupting our normal business operations, it has the potential to disrupt employees’ abilities to commute to work or to work from home and stay connected effectively. Furthermore, it is more difficult to mitigate the impact of these events on our employees to the extent they work from home. Climate-related events, including the increasing frequency of extreme weather events and their impact on the critical infrastructure of the United States, Europe, and other major regions, have the potential to disrupt our business, our third-party suppliers and/or the business of our customers, and may cause us to experience higher attrition, losses, and additional costs to maintain or resume operations. Regulatory developments, changing market dynamics and stakeholder expectations regarding climate change may impact our business, financial condition, and results of operations.
Item 2. Unregistered Sales of Equity Securities and Use of Proceeds
Unregistered Sales of Equity Securities
On July 29, 2024, three warrants to purchase up to an aggregate of 344,384 shares of our Series B common stock were exercised in cash for 344,384 shares of our Series B common stock at a price per share of $0.01. The issuance of those shares of Series B common stock was exempt from registration pursuant to Section 4(a)(2) of the Securities Act.
84
Use of Proceeds from Initial Public Offering of our Series A Common Stock
On September 19, 2023, the Registration Statement on Form S-1 (File No. 333-274211) (the “Registration Statement”) relating to our IPO was declared effective by the SEC and we priced our IPO. Pursuant to the Registration Statement, we registered an aggregate of 22,080,000 shares of our Series A common stock, inclusive of the underwriters’ option to purchase additional shares from the selling stockholders. On September 22, 2023, we closed our IPO of 19,200,000 shares of our Series A common stock, including the sale by us of 11,507,693 of shares, at a price to the public of $30.00 per share. We received net proceeds of approximately $320.1 million, after deducting approximately $17.7 million in underwriting discounts and commissions, and $7.4 million in offering-related expenses. Goldman Sachs & Co. LLC, Morgan Stanley & Co, LLC and Citigroup Global Markets Inc. acted as representatives of the underwriters for the offering. No payments were made to our directors or officers or their associates, holders of 10% or more of any class of our equity securities or any affiliates, other than to directors or holders of 10% or more of our equity securities that were selling stockholders in the IPO, as described below.
The IPO also included the sale of 7,692,307 shares of our Series A common stock by selling stockholders. We did not receive any proceeds from the sale of Series A common stock by the selling stockholders. The selling stockholders granted the underwriters an option to purchase up to 2,880,000 additional shares of Series A common stock. The option was exercised for 2,764,066 additional shares on October 19, 2023. Jennifer Ceran, one of our directors, and entities affiliated with Summit Partners, L.P., a holder of more than 10% of our equity securities, were selling stockholders in our IPO.
We used $62.9 million of the net proceeds from our IPO to satisfy the tax withholding and remittance obligations related to the settlement of outstanding RSUs in connection with the offering. There has been no material change in the planned use of proceeds from our IPO as described in our final prospectus as filed with the SEC on September 19, 2023.
Item 3. Defaults Upon Senior Securities
None.
Item 4. Mine Safety Disclosures
Not applicable.
Item 5. Other Information
October 2024 Cybersecurity Incident
On October 25, 2024, the Company determined that an unauthorized third party gained access to the Company's source code, as well as other system and application credentials. Following detection of this unauthorized activity, the Company initiated its response protocols and took steps to contain, assess and remediate the incident, including launching an investigation with the assistance of counsel and leading external cybersecurity experts. Although the investigation is ongoing, as of the date of this Quarterly Report on Form 10-Q, the Company has found no evidence of continued unauthorized activity on its systems and has contained the incident. The Company’s operations have continued throughout this matter in all material respects.
As of the date of this Quarterly Report on Form 10-Q, the Company does not expect that the incident is reasonably likely to have a material impact on the Company’s business, including its financial condition or results of operations.
Securities Trading Plans of Directors or Executive Officers
(c) During the three months ended September 30, 2024, two of the Company’s officers (as defined in Rule 16a-1(f) under the Exchange Act) each adopted a written plan intended to satisfy the affirmative defense conditions of Rule 10b5-1(c) of the Exchange Act for the sale of the Company’s securities, as set forth in the table below.
85
Name
Position
Adoption Date
Earliest Trade Date
Total Shares Subject to Trading Arrangement
Expiration Date
Amanda Whalen
Chief Financial Officer
August 16, 2024
November 18, 2024
220,000
November 18, 2025
Landon Edmond
Chief Legal Officer and General Counsel
August 16, 2024
November 18, 2024
133,246
August 20, 2025
No other directors or officers (as defined in Rule 16a-1(f) under the Exchange Act) adopted and/or terminated a “Rule 10b5-1 trading arrangement” or a “non-Rule 10b5-1 trading arrangement,” each as defined in Regulation S-K Item 408, during the three months ended September 30, 2024.
Item 6. Exhibits
The following exhibits are filed herewith or incorporated by reference herein:
Inline XBRL Instance Document (the instance document does not appear in the Interactive Data File because its XBRL tags are embedded within the Inline XBRL document).
Cover Page Interactive Data File (formatted as Inline XBRL and contained in Exhibit 101).
X
86
† This certification will not be deemed “filed” for purposes of Section 18 of the Exchange Act, or otherwise subject to the liability of that section. Such certification will not be deemed to be incorporated by reference into any filing under the Securities Act of 1933, as amended, or the Exchange Act, except to the extent specifically incorporated by reference into such filing.
87
Signatures
Pursuant to the requirements of the Securities Exchange Act of 1934, the Registrant has duly caused the report to be signed on its behalf by the undersigned, thereunto duly authorized.