To encourage developer usage, familiarity and adoption of our platform, we offer Community Server as a “freemium” offering. Community Server is a free-to-download version of our database that does not include all of the features of our commercial platform. We also offer a free tier of MongoDB Atlas in order to accelerate adoption, promote usage and drive brand and product awareness. We do not know if we will be able to convert these users to paying customers of our platform. Our marketing strategy also depends in part on persuading users who use one of these free versions to convince others within their organization to purchase and deploy our platform. To the extent that users of Community Server or our free tier of MongoDB Atlas do not become, or lead others to become, paying customers, we will not realize the intended benefits of these strategies and our ability to grow our business or achieve profitability may be harmed.
Our decision to offer Community Server under the SSPL, may harm the adoption of Community Server.
On October 16, 2018, we announced that we were changing the license for Community Server from the AGPL to a new software license, the SSPL. The SSPL builds on the spirit of the AGPL, but includes an explicit condition that any organization attempting to exploit MongoDB as a service must open source the software that it uses to offer such service. Since the SSPL is a new license and has not been interpreted by any court, developers and the companies they work for may be hesitant to adopt Community Server because of uncertainty around the provisions of the SSPL and how it will be interpreted and enforced. In addition, the SSPL has not been approved by the Open Source Initiative, nor has it been included in the Free Software Foundation’s list of free software licenses. This may negatively impact the adoption of Community Server, which in turn could lead to reduced brand and product awareness, ultimately leading to a decline in paying customers and our ability to grow our business or achieve profitability may be harmed.
In addition to risks related to license requirements, the use of third-party open source software can lead to greater risks than the use of third-party commercial software, as open source licensors generally do not provide warranties, indemnities or other contractual protections with respect to the software (for example, non-infringement or functionality). There is typically no support available for open source software, and we cannot ensure that the authors of such open source software will implement or push updates to address security risks or will not abandon further development and maintenance. Our use of open source software may also present additional security risks because the source code for open source software is publicly available, which may make it easier for hackers and other third parties to determine how to breach our systems and networks that rely on open source software. In addition, licensors of open source software included in our offerings may, from time to time, modify the terms of their license agreements in such a manner that those license terms may become incompatible with our licensing model and thus could, among other consequences, prevent us from incorporating the software subject to the modified license.
Any of these risks could be difficult to eliminate or manage and if not addressed, could have a negative effect on our business, results of operations and financial condition.
If we are not able to introduce new features or services successfully and to make enhancements to our software or services, our business and results of operations could be adversely affected.
We have experienced rapid growth in recent periods. If we fail to continue to grow and to manage our growth effectively, we may be unable to execute our business plan, increase our revenue, improve our results of operations, maintain high levels of service, or adequately address competitive challenges.
We have experienced rapid growth in our business, operations and employee headcount. For fiscal years 2024, 2023 and 2022, our total revenue was $1,683.0 million, $1,284.0 million and $873.8 million, respectively, representing a 31% and 47% growth rate, respectively. We have also significantly increased the size of our customer base from over 3,200 customers as of January 31, 2017 to over 47,800 customers as of January 31, 2024, and we grew from 713 employees as of January 31, 2017 to 5,037 employees as of January 31, 2024. We expect to continue to expand our operations and employee headcount in the near term. Our success will depend in part on our ability to continue to grow and to manage this growth, domestically and internationally, effectively.
Our current and anticipated growth is expected to place a significant strain on our management, administrative, operational and financial infrastructure. We will need to continue to improve our operational, financial and management processes and controls and our reporting procedures to manage the expected growth of our operations and personnel, which will require significant expenditures and allocation of valuable management and employee resources. If we fail to implement these infrastructure improvements effectively, our ability to ensure the uninterrupted operation of key business systems and comply with the rules and regulations that are applicable to public reporting companies will be impaired. Further, if we do not effectively manage the growth of our business and operations, the quality of our products and services could suffer, the preservation of our culture, values and entrepreneurial environment may change and we may not be able to adequately address competitive challenges. This could impair our ability to attract new customers, retain existing customers and expand their use of our products and services, all of which would adversely affect our brand, overall business, results of operations and financial condition.
If we or our third-party service providers experience a security breach or other security incident, or unauthorized access to personal, proprietary, confidential or other sensitive data is otherwise obtained, our software may be perceived as not being secure, customers may reduce or terminate their use of our software and we may face litigation, regulatory investigations, significant liability and reputational damage.
Cyberattacks, malicious internet-based activity, and online and offline fraud, and other similar activities threaten the confidentiality, integrity and availability of our personal, proprietary, confidential and other sensitive data and our information technology systems and networks, and those of the third parties upon which we rely to help deliver services to our customers. Such threats are prevalent, increasing in frequency, evolving in nature and becoming increasingly difficult to detect and their frequency may be increased, and effectiveness enhanced, by the use of AI. These threats come from a variety of sources, including traditional computer “hackers,” threat actors (including organized criminal threat actors), “hacktivists,” personnel (such as through theft or misuse), sophisticated nation-states, and nation-state-supported actors. In addition, some actors, such as sophisticated nation-states and nation-state supported actors now engage and are expected to continue to engage in cyberattacks, including without limitation for geopolitical reasons and in conjunction with military conflicts and defense activities. During times of war and other major conflicts, we and the third parties upon whom we rely may be vulnerable to a heightened risk of these attacks, including retaliatory cyberattacks, that could materially disrupt our systems and networks, operations and supply chain. We and the third parties upon which we rely may be subject to a variety of evolving threats, including but not limited to social-engineering attacks (including through phishing attacks), malicious code (such as viruses and worms), malware (including as a result of advanced persistent threat intrusions), denial-of-service attacks (such as credential stuffing), credential harvesting, account takeovers, personnel misconduct or error, fraud, ransomware attacks, supply-chain attacks, software bugs, server malfunctions, software or hardware failures, loss or theft of data or other information technology assets, adware, telecommunications failures, pandemics, earthquakes, fires, floods, and other similar threats.
Ransomware attacks, including by organized criminal threat actors, nation-states, and nation-state-supported actors, are becoming increasingly prevalent and severe and can lead to significant interruptions in our operations, loss of data and income, reputational harm, and diversion of funds. Extortion payments may alleviate the negative impact of a ransomware attack, but we may be unwilling or unable to make such payments due to, for example, applicable laws or regulations prohibiting such payments. Similarly, supply-chain attacks have increased in frequency and severity, and we cannot guarantee that third parties and infrastructure in our supply chain or our third-party partners’ supply chains have not been compromised or that they do not contain exploitable defects or bugs that could result in a breach of or disruption to our information technology systems (including our products) or the third-party information technology systems that support us and our services.
The COVID-19 pandemic increased our remote workforce, which increased risks to our information technology systems and data, as more of our employees work from home, utilizing network connections, computers and devices outside our premises or network, including while at home, in transit and in public locations. Additionally, cybersecurity risks may be heightened as a result of the ongoing global conflicts such as the military conflict between Russia and Ukraine and the related sanctions imposed by the United States and other countries or the ongoing military conflict between Israel and Hamas. Furthermore, future or past business transactions (such as acquisitions or integrations) could expose us to additional data security risks and vulnerabilities, as our systems could be negatively affected by vulnerabilities present in acquired or integrated entities’ systems and technologies. Risks related to data security will increase as we continue to grow the scale and functionality of our business and collect, store, transmit and otherwise process increasingly large amounts of our and our customers’ information and data, which may include personal, proprietary, confidential or other sensitive data.
Any of the above identified or similar threats could cause a security breach or other security incident that could result in unauthorized, unlawful, or accidental acquisition, modification, destruction, loss, alteration, encryption, disclosure, transfer, use or other processing of, or access to our information technology systems and networks or personal, proprietary, confidential or other sensitive information, or those of the third parties upon whom we rely. For example, in December 2023 we discovered that a previously unknown flaw in a third-party application used by MongoDB enabled an unauthorized third party to successfully phish and to gain access to certain corporate applications, including applications that we use to provide support services to MongoDB customers, which include customer contact information and related account metadata. In an effort to contain the impact of this security incident, we immediately activated our incident response process, promptly published an alert on our website and emailed customers notifying them of the situation and reminding them to stay vigilant. The investigation led by MongoDB into this incident uncovered no evidence of unauthorized access to MongoDB Atlas clusters, a finding that has been verified by our third-party forensic experts. To date, we have not experienced a cybersecurity event that had a material impact on our financial performance or operations, but it is possible that we might experience such an attack in the future. A security breach or other security incident could disrupt our ability (and that of third parties upon whom we rely) to provide our platform, products, and services.
We may expend significant resources or modify our business activities to try to protect against, mitigate or remediate actual or perceived security breaches and other security incidents. Certain data privacy and security obligations may require us to implement and maintain specific security measures, industry-standard or reasonable security measures to protect our information technology systems and networks and personal, proprietary, confidential or other sensitive information
While we have implemented security measures designed to protect against security breaches and other security incidents, there can be no assurance that these measures will be effective. We have not always been able in the past and may be unable in the future to detect vulnerabilities in our information technology systems and networks (including our products) because such threats and techniques change frequently, are often sophisticated in nature, and may not be detected until after a security breach or other security incident has occurred. For example, industry publications have reported ransomware attacks on MongoDB instances. We believe these attacks were successful due to the failure by users of our Community Server offering to properly turn on the recommended security settings when running these instances. Despite our efforts to identify and remediate vulnerabilities, if any, in our information technology systems and networks (including our products), our efforts may not be successful. Further, we may experience delays in developing and deploying remedial measures designed to address any such identified vulnerabilities.
We use third-party service providers and subprocessors to help us deliver services to our customers. These third-party service providers and subprocessors may collect, store, transmit or otherwise process personal data or other confidential information of our employees and our customers. Our ability to monitor these third parties’ information security practices is limited, and these third parties may not have adequate information security measures in place. Due to applicable laws, regulations, rules, standards, contractual obligations, policies and other obligations, we may be held responsible for security breaches or other security incidents attributed to our third-party service providers as they relate to the information we share with them.
Applicable data privacy and security obligations may require us to notify relevant stakeholders of security breaches and other security incidents. Such disclosures are costly, and the disclosures or the failure to comply with such requirements could lead to adverse consequences.
If we (or a third party upon whom we rely) experience or are perceived to have experienced a security breach or other security incident, or fail to make adequate or timely disclosures to the public, regulators, law enforcement agencies or affected individuals, as applicable, following any such event, we may experience adverse consequences. These consequences may include: liability under applicable data privacy and security laws, regulations, rules, standards, contractual obligations, policies and other obligations; obligations to notify regulators and affected individuals; government enforcement actions (for example, investigations, fines, penalties, audits, and inspections); additional reporting requirements and/or oversight; restrictions on processing personal and other sensitive information; litigation (including class claims); indemnification and other contractual obligations; damages; negative publicity; reputational harm; monetary fund diversions; interruptions in our operations (including availability of data); financial loss; and other similar harms. Security breaches and other security incidents and attendant consequences may cause customers to stop using our platform, products, and services, deter new customers from using our platform, products, and services, and negatively impact our ability to grow and operate our business.
Our contracts may not contain limitations of liability, and even where they do, there can be no assurance that limitations of liability in our contracts are sufficient to protect us from liabilities, damages, or claims related to our data privacy and security obligations.
While we maintain general liability insurance coverage and coverage for errors or omissions, we cannot assure you that such coverage will be adequate or otherwise protect us from liabilities or damages with respect to claims alleging compromises of personal, proprietary, confidential or other sensitive data or otherwise relating to data privacy and security matters. The successful assertion of one or more large claims against us that exceeds our available insurance coverage, or results in changes to our insurance policies (including premium increases or the imposition of large deductible or co-insurance requirements), could have an adverse effect on our business. In addition, we cannot be sure that our existing insurance coverage and coverage for errors and omissions will continue to be available on acceptable terms or at all, or that our insurers will not deny coverage as to any future claim.
Our sales cycle may be long and is unpredictable and our sales efforts require considerable time and expense.
The timing of our sales and related revenue recognition is difficult to predict because of the length and unpredictability of the sales cycle for our offerings. We are often required to spend significant time and resources to better educate and
familiarize potential customers with the value proposition of paying for our products and services. The length of our sales cycle, from initial evaluation to payment for our offerings is generally three to nine months, but can vary substantially from customer to customer or from application to application within a given customer. As the purchase and deployment of our products can be dependent upon customer initiatives, our sales cycle can extend to more than a year for some customers. Customers often view a subscription to our products and services as a strategic decision and significant investment and, as a result, frequently require considerable time to evaluate, test and qualify our product offering prior to entering into or expanding a subscription. During the sales cycle, we expend significant time and money on sales and marketing and contract negotiation activities, which may not result in a sale. Additional factors that may influence the length and variability of our sales cycle include:
•the effectiveness of our sales force, in particular new sales people as we increase the size of our sales force;
•the discretionary nature of purchasing and budget cycles and decisions;
•the obstacles placed by a customer’s procurement process;
•our ability to convert users of our free offerings to paying customers;
•economic conditions and other factors impacting customer budgets;
•customer evaluation of competing products during the purchasing process; and
•evolving customer demands.
Given these factors, it is difficult to predict whether and when a sale will be completed and when revenue from a sale will be recognized, particularly the timing of revenue recognition related to the term license portion of our subscription revenue. In addition, as a result of rising inflation and interest rates, and global economic uncertainty, potential customers may consider reducing or delaying, technology or other discretionary spending, which could also result in an extension of our sales cycle. This could impact the variability and comparability of our quarterly revenue results and may have an adverse effect on our business, results of operations and financial condition.
We may be forced to reduce prices for our subscription offerings and as a result our revenue and results of operations will be harmed.
As the market for databases evolves, or as new competitors introduce new products or services that compete with ours, we may be unable to attract new customers or convert users of our free offerings to paying customers on terms or based on pricing models that we have used historically. In the past, we have been able to increase our prices for our subscription offerings, but we may choose not to introduce or be unsuccessful in implementing future price increases. As a result of these and other factors, in the future we may be required to reduce our prices or be unable to increase our prices, or it may be necessary for us to increase our services or product offerings without additional revenue to remain competitive, all of which could harm our results of operations and financial condition.
If we are unable to attract new customers in a manner that is cost-effective and assures customer success, we will not be able to grow our business, which would adversely affect our results of operations and financial condition.
In order to grow our business, we must continue to attract new customers in a cost-effective manner and enable these customers to realize the benefits associated with our products and services. We may not be able to attract new customers for a variety of reasons, including as a result of their use of traditional relational and/or other database products and their internal timing, budget or other constraints that hinder their ability to migrate to or adopt our products or services.
individual rights, with respect to personal data than federal or other state laws and regulations, and such laws and regulations may differ from each other, which may complicate compliance efforts and increase legal risk and compliance costs for us and the third parties upon whom we rely. In addition, laws in all 50 U.S. states generally require businesses to provide notice under certain circumstances to consumers whose personal data has been disclosed as a result of a data breach. These laws are not consistent, and compliance in the event of a widespread data breach is difficult and may be costly.
Furthermore, on May 12, 2021, the Biden administration issued an Executive Order requiring federal agencies to implement additional IT security measures, including, among other things, requiring agencies to adopt multifactor authentication and encryption for data at rest and in transit, to the maximum extent consistent with federal records laws and other applicable laws. Additionally, the Executive Order called for the development of secure software development practices or criteria for a consumer software labeling program reflecting a baseline level of secure practices for development of software sold to the U.S. federal government. Due to the Executive Order, federal agencies may require us to modify our cybersecurity practices and policies and increase our compliance costs and, if we are unable to meet the requirements of the Executive Order, it could impede our ability to work with the U.S. government and result in a loss of revenue.
歐洲以外的國家正在實施對個人數據處理的重大限制,類似於GDPR。例如,巴西已通過《一般數據保護法》(Lei Geral Proteção de Dados Pessoais,簡稱「LGPD」)(法律第13,709/2018號)。此外,2020年6月5日,日本通過了對其《個人數據保護法》(APPI)的修訂。這兩項法律以與GDPR相當的方式廣泛規範個人數據處理,違反LGPD和APPI的行爲將面臨重罰。
Furthermore, the costs of compliance with and other burdens imposed by, the laws, regulations, rules, standards, contractual obligations, policies and other obligations related to data privacy and security that are applicable to the businesses of our customers may limit the use and adoption of, and reduce the overall demand for, our software. Privacy concerns, whether valid or not valid, may inhibit market adoption of our software particularly in certain industries and foreign countries.
Our estimates of market opportunity and forecasts of market growth may prove to be inaccurate and even if the market in which we compete achieves the forecasted growth, our business could fail to grow at similar rates, if at all.
Our market opportunity estimates and growth forecasts are subject to significant uncertainty and are based on third-party assumptions and estimates that may not prove to be accurate. The market in which we compete may not meet these size estimates and may not achieve these growth forecasts. Even if the market in which we compete meets such size estimates and the growth forecasts, our business could fail to grow at similar rates, if at all, for a variety of reasons, which would adversely affect our results of operations.
We could incur substantial costs in obtaining, maintaining, protecting, defending or enforcing our intellectual property rights and any failure to obtain, maintain, protect, defend or enforce our intellectual property rights could reduce the value of our software and brand.
Our success and ability to compete depend in part upon our intellectual property rights. As of January 31, 2024, we had 77 issued patents and 35 pending patent applications in the United States. Patent applications may not result in issued patents and even if a patent issues, we cannot assure you that such patent will be adequate to protect our business. In addition to patent protection, we primarily rely on copyright and trademark laws, trade secret protection and confidentiality or other contractual arrangements with our employees, customers, partners and others to protect our intellectual property rights. However, the steps we take to protect our intellectual property rights may not be adequate and we may be unable to detect the unauthorized use of, or prevent third parties from infringing, misappropriating or otherwise violating, our intellectual property rights. In order to protect our intellectual property rights, we may be required to spend significant resources to establish, monitor and enforce such rights. Litigation brought to enforce our intellectual property rights could be costly, time-consuming and distracting to management and could be met with defenses, counterclaims and countersuits attacking the validity and enforceability of our intellectual property rights. Additionally, because of the substantial amount of discovery required in connection with intellectual property litigation, there is a risk that some of our confidential information could be compromised by disclosure during this type of litigation. An adverse determination of any litigation proceedings could put our intellectual property at risk of being invalidated, interpreted narrowly or held unenforceable and could put our related intellectual property at risk of not issuing or being canceled. The local laws of some foreign countries do not protect our intellectual property rights to the same extent as the laws of the United States and effective intellectual property protection and mechanisms may not be available in those jurisdictions. We may need to expend additional resources to defend our intellectual property in these countries and our inability to do so could impair our business or adversely affect our international expansion. Our patent applications and patents arising from any patent applications we may file in the future may never be granted and, even if we are successful in obtaining effective protection, it is expensive to maintain these rights, both in terms of application and maintenance costs, and the time and cost required to defend our rights could be substantial. Additionally, the process of obtaining patent protection is expensive and time-consuming, and we may be unable to prosecute all necessary or desirable patent applications at a reasonable cost or in a timely manner. Even if we are able to secure our intellectual property rights, there can be no assurances that such rights will provide us with competitive advantages or distinguish our products and services from those of our competitors or that our competitors will not independently develop similar technology.
In addition, we regularly contribute source code under open source licenses and have made some of our own software available under open source or source available licenses and we include third-party open source software in our products. Because the source code for any software we contribute to open source projects or distribute under open source or source available licenses is publicly available, our ability to protect our intellectual property rights with respect to such source code may be limited or lost entirely. In addition, from time to time, we may face claims from third parties claiming ownership of, or demanding release of, the software or derivative works that we have developed using third-party open source software, which could include our proprietary source code, or otherwise seeking to enforce the terms of the applicable open-source license. See “—Our software incorporates third-party open source software, which could negatively affect our ability to sell our products and subject us to possible litigation.”
We have been and may in the future be, subject to intellectual property rights claims by third parties, which may be costly to defend, could require us to pay significant damages and could limit our ability to use certain technologies.
Companies in the software and technology industries, including some of our current and potential competitors, own large numbers of patents, copyrights, trademarks and trade secrets and frequently enter into litigation based on allegations of infringement, misappropriation or other violations of intellectual property rights. We have in the past and may in the future be subject to claims that we have misappropriated, misused, infringed or otherwise violated the intellectual property rights of our competitors, non-practicing entities or other third parties. This risk is exacerbated by the fact that our software incorporates third-party open source software.
Any intellectual property claims, with or without merit, could be very time-consuming and expensive and could divert our management’s attention and other resources. These claims could also subject us to significant liability for damages, potentially including treble damages if we are found to have willfully infringed patents or copyrights. These claims could also result in our having to stop using technology found to be in violation of a third party’s rights, some of which we have invested considerable effort and time to bring to market. We might be required to seek a license for the intellectual property, which may not be available on reasonable terms or at all. Even if a license is available, we could be required to pay significant royalties, which would increase our operating expenses. As a result, we may be required to develop alternative non-infringing technology, which could require significant effort and expense. If we cannot license or develop technology for any aspect of our business that may ultimately be determined to infringe, misappropriate or otherwise violate the intellectual property rights of another party, we could be forced to limit or stop sales of subscriptions to our software and may be unable to compete effectively. In addition, to the extent we hire personnel from competitors, we may be subject to allegations that such personnel have divulged proprietary or other confidential information to us. Further, we may be unaware of the intellectual property rights of others that may cover some or all of our products, and our insurance may not cover intellectual property rights infringement claims that may be made. Any of these results would adversely affect our business, results of operations and financial condition.
If we are unable to maintain successful relationships with our partners, our business, results of operations and financial condition could be harmed.
In addition to our direct sales force and our website, we use strategic partners, such as global system integrators, value-added resellers and independent software vendors to sell our subscription offerings and related services. Our agreements with our partners are generally nonexclusive, meaning our partners may offer their customers products and services of several different companies, including products and services that compete with ours, or may themselves be or become competitors. If our partners do not effectively market and sell our subscription offerings and related services, choose to use greater efforts to market and sell their own products and services or those of our competitors, or fail to meet the needs of our customers, our ability to grow our business and sell our subscription offerings and related services may be harmed. Our partners may cease marketing our subscription offerings or related services with limited or no notice and with little or no penalty. The loss of a substantial number of our partners, our possible inability to replace them, or the failure to recruit additional partners could harm our growth objectives and results of operations.
We rely upon third-party cloud providers to host our cloud offering; any disruption of or interference with our use of third-party cloud providers would adversely affect our business, results of operations and financial condition.
We outsource substantially all of the infrastructure relating to MongoDB Atlas across AWS, Microsoft Azure and GCP to host our cloud offering. If the hosting of MongoDB Atlas is disrupted or interfered with for any reason, our business would be negatively impacted. Customers of MongoDB Atlas need to be able to access our platform at any time, without interruption or degradation of performance and we provide them with service level commitments with respect to uptime. Third-party cloud providers run their own platforms that we access and we are, therefore, vulnerable to their service interruptions. We may experience interruptions, delays and outages in service and availability from time to time as a result of problems with our third-party cloud providers’ infrastructure. Lack of availability of this infrastructure could be due to a number of potential causes including technical failures, natural disasters, fraud, cyberattacks, or security breaches or other security incidents that we cannot predict or prevent. Such interruptions, delays or outages could lead to the triggering of our service level agreements and the issuance of credits to our cloud offering customers, which may impact our business, results of operations and financial condition. In addition, if we or any of these third-party cloud providers, experience a security breach or other security incident, our software is unavailable or our customers are unable to use our software within a reasonable amount of time or at all, then our business, results of operations and financial condition could be adversely affected. In some instances, we may not be able to identify the cause or causes of these performance problems within a period of time acceptable to our customers. It is possible that our customers and potential customers would hold us accountable for
any breach of security affecting a third-party cloud provider’s infrastructure and we may incur significant liability from those customers and from third parties with respect to any breach affecting these systems. We may not be able to recover a material portion of our liabilities to our customers and third parties from a third-party cloud provider. It may also become increasingly difficult to maintain and improve our performance, especially during peak usage times, as our software becomes more complex and the usage of our software increases. Any of the above circumstances or events may harm our business, results of operations and financial condition.
Interruptions or performance problems associated with our technology and infrastructure may adversely affect our business, results of operations and financial condition.
Our continued growth depends in part on the ability of our existing customers and new customers to access our software at any time and within an acceptable amount of time. We may experience service disruptions, outages and other performance problems due to a variety of factors, including infrastructure changes or failures, human or software errors, malicious acts, terrorism, security breaches or other security incidents, or capacity constraints. Capacity constraints could be due to a number of potential causes including technical failures, natural disasters, fraud, cyberattacks, data breaches or other security incidents. In some instances, we may not be able to identify and/or remedy the cause or causes of these performance problems within an acceptable period of time. It may become increasingly difficult to maintain and improve our performance as our software offerings and customer implementations become more complex. If our software is unavailable or if our customers are unable to access features of our software within a reasonable amount of time or at all, or if other performance problems occur, our business, results of operations and financial conditions may be adversely affected.
Incorrect or improper implementation or use of our software could result in customer dissatisfaction and harm our business, results of operations, financial condition and growth prospects.
Our database software and related services are designed to be deployed in a wide variety of technology environments, including in large-scale, complex technology environments and we believe our future success will depend at least, in part, on our ability to support such deployments. Implementations of our software may be technically complicated and it may not be easy to maximize the value of our software without proper implementation and training. For example, industry publications have reported ransomware attacks on MongoDB instances. We believe these attacks were successful due to the failure by users of our Community Server offering to properly turn on the recommended security settings when running these instances. If our customers are unable to implement our software successfully, or in a timely manner, customer perceptions of our company and our software may be impaired, our reputation and brand may suffer and customers may choose not to renew their subscriptions or increase their purchases of our related services.
Our customers and partners need regular training in the proper use of and the variety of benefits that can be derived from our software to maximize its potential. We often work with our customers to achieve successful implementations, particularly for large, complex deployments. Our failure to train customers on how to efficiently and effectively deploy and use our software, or our failure to provide effective support or professional services to our customers, whether actual or perceived, may result in negative publicity or legal actions against us. Also, as we continue to expand our customer base, any actual or perceived failure by us to properly provide these services will likely result in lost opportunities for follow-on sales of our related services.
If we fail to meet our service level commitments, our business, results of operations and financial condition could be adversely affected.
Our agreements with customers typically provide for service level commitments. Our MongoDB Enterprise Advanced customers typically get service level commitments with certain guaranteed response times and comprehensive 24x365 coverage. Our MongoDB Atlas customers typically get monthly uptime service level commitments, where we are required to provide a service credit for any extended periods of downtime. The complexity and quality of our customer’s implementation and the performance and availability of cloud services and cloud infrastructure are outside our control and, therefore, we are not in full control of whether we can meet these service level commitments. Our business, results of operations and financial condition could be adversely affected if we fail to meet our service level commitments for any reason. Any extended service outages could adversely affect our business, reputation and brand.
We rely on the performance of highly skilled personnel, including senior management and our engineering, professional services, sales and technology professionals; if we are unable to retain or motivate key personnel or hire, retain and motivate qualified personnel, our business would be harmed.
We believe our success has depended, and continues to depend, on the efforts and talents of our senior management team, particularly our Chief Executive Officer, and our highly skilled team members, including our sales personnel, customer-facing technical personnel and software engineers.
We do not maintain key man insurance on any of our executive officers or key employees. From time to time, there may be changes in our senior management team resulting from the termination or departure of our executive officers and key employees. The majority of our senior management and key employees are employed on an at-will basis, which means that they could terminate their employment with us at any time. The loss of any of our senior management or key employees could adversely affect our ability to build on the efforts they have undertaken to execute our business plan and to execute against our market opportunity. We may not be able to find adequate replacements. We cannot ensure that we will be able to retain the services of any members of our senior management or other key employees. Further, if members of our management and other key personnel in critical functions across our organization are unable to perform their duties or have limited availability, we may not be able to execute on our business strategy and/or our operations may be negatively impacted.
Our ability to successfully pursue our growth strategy and compete effectively also depends on our ability to attract, motivate and retain our personnel. Competition for well-qualified employees in all aspects of our business, including sales personnel, customer-facing technical personnel and software engineers, is intense, and it may be even more challenging to retain qualified personnel as many companies have moved to offer a remote or hybrid work environment. Our recruiting efforts focus on elite organizations and our primary recruiting competition are well-known, high-paying technology companies. In response to competition, rising inflation rates and labor shortages, we may need to adjust employee compensation, which could affect our operating costs and margins, as well as potentially cause dilution to existing stockholders. We may also lose new employees to our competitors or other technology companies before we realize the benefit of our investment in recruiting and training them. If we do not succeed in attracting well-qualified employees or retaining and motivating existing employees, our business would be adversely affected.
If we are not able to maintain and enhance our brand, especially among developers, our business and results of operations may be adversely affected.
We believe that developing and maintaining widespread awareness of our brand, especially with developers, in a cost-effective manner is critical to achieving widespread acceptance of our software and attracting new customers. Brand promotion activities may not generate customer awareness or increase revenue and even if they do, any increase in revenue may not offset the expenses we incur in building our brand. For instance, our continued focus and investment in MongoDB .local events, MongoDB University and similar investments in our brand and customer engagement and education may not generate a sufficient financial return. If we fail to successfully promote and maintain our brand, or continue to incur substantial expenses, we may fail to attract or retain customers necessary to realize a sufficient return on our brand-building efforts, or to achieve the widespread brand awareness that is critical for broad customer adoption of our platform.
Our corporate culture has contributed to our success and if we cannot continue to maintain and develop this culture as we grow and evolve, we may be unable to execute effectively and could lose the innovation, creativity and entrepreneurial spirit we have worked hard to foster, which could harm our business.
We believe that our culture has been and will continue to be a key contributor to our success. Our workforce has increased significantly from January 31, 2017 and we expect to continue to hire as we expand, especially among research and development and sales and marketing personnel. Such headcount growth may result in a change to our corporate culture.
Our leadership team also plays a key role in our corporate culture. We may recruit and hire other senior executives in the future. Such management changes subject us to a number of risks, such as risks pertaining to coordination of responsibilities and tasks, creation of new management systems and processes, differences in management style, any of which could adversely impact our corporate culture. In addition, we may need to adapt our corporate culture and work environments to changing circumstances, such as during times of a natural disaster or pandemic.
If we do not continue to maintain and develop our corporate culture, we may be unable to execute effectively and foster the innovation, creativity and entrepreneurial spirit we believe we need to support our growth, which could harm our business.
We depend and rely upon SaaS technologies from third parties to operate our business and interruptions or performance problems with these technologies may adversely affect our business and results of operations.
We rely on hosted SaaS applications from third parties in order to operate critical functions of our business, including enterprise resource planning, order management, contract management billing, project management and accounting and other operational activities. If these services become unavailable due to extended outages, interruptions or because they are no longer available on commercially reasonable terms, our expenses could increase, our ability to manage finances could be interrupted and our processes for managing sales of our platform and supporting our customers could be impaired until equivalent services, if available, are identified, obtained and implemented, all of which could adversely affect our business.
Indemnity provisions in various agreements could expose us to substantial liability for data breaches, intellectual property infringement and other losses.
Our agreements with customers and other third parties may include indemnification provisions under which we agree to indemnify them for losses suffered or incurred as a result of claims of intellectual property infringement, damages caused by us to property or persons, security breaches or other security incidents, or other liabilities relating to or arising from our software, services or other contractual obligations. Large indemnity payments could harm our business, results of operations and financial condition. Although we normally contractually limit our liability with respect to such indemnity obligations, we may still incur substantial liability related to them. Any dispute with a customer with respect to such obligations could have adverse effects on our relationship with that customer and other existing customers and new customers and harm our business and results of operations.
Because our long-term growth strategy involves sales to customers outside the United States, our business is susceptible to risks associated with international operations.
A significant portion of our revenue is derived internationally and we are susceptible to risks related to our international operations. In the fiscal years ended January 31, 2024, 2023 and 2022, total revenue generated from customers outside the United States was 46%, 45% and 46%, respectively, of our total revenue. We currently have international offices outside of North America in Europe, the Middle East and Africa (“EMEA”), the Asia-Pacific region and South America, focusing primarily on selling our products and services in those regions. In addition, we expanded our reach in China in February 2021 when we announced a global partnership with Tencent Cloud that allows customers to easily adopt and use MongoDB-as-a-Service across Tencent’s global cloud infrastructure. In the future, we may continue to expand our presence in these regions or expand into other international locations. Our current international operations and future initiatives involve a variety of risks, including risks associated with:
•changes in a specific country’s or region’s political or economic conditions;
•the need to adapt and localize our products for specific countries;
•greater difficulty collecting accounts receivable and longer payment cycles;
•unexpected changes in laws, regulatory requirements, taxes or trade laws;
•shelter-in-place, occupancy limitations or similar orders, private travel limitation, or business disruption in regions affecting our operations, stemming from actual, imminent or perceived outbreak of contagious disease;
•more stringent regulations relating to data privacy and security and the unauthorized use of, or access to, commercial and personal data, particularly in EMEA;
•differing labor regulations, especially in EMEA, where labor laws are generally more advantageous to employees as compared to the United States, including deemed hourly wage and overtime regulations in these locations;
•challenges inherent in efficiently managing an increased number of employees over large geographic distances, including the need to implement appropriate systems, policies, benefits and compliance programs;
•difficulties in managing a business in new markets with diverse cultures, languages, customs, legal systems, alternative dispute systems and regulatory systems;
•increased costs associated with international operations, including travel, real estate, infrastructure and legal compliance costs;
•currency exchange rate fluctuations and the resulting effect on our revenue and expenses and the cost and risk of entering into hedging transactions if we chose to do so in the future;
•the effect of other economic factors, including inflation, pricing and currency devaluation;
•limitations on our ability to reinvest earnings from operations in one country to fund the capital needs of our operations in other countries;
•laws and business practices favoring local competitors or general preferences for local vendors;
•operating in new, developing or other markets in which there are significant uncertainties regarding the interpretation, application and enforceability of laws and regulations, including relating to contract and intellectual property rights;
•limited or insufficient intellectual property protection or difficulties enforcing our intellectual property;
•political instability, including any escalation in the geopolitical tensions between China and Taiwan, social unrest, terrorist activities, acts of civil or international hostility, such as the current military conflict and escalating tensions between Russia and Ukraine, natural disasters or regional or global outbreaks of contagious diseases, such as the COVID-19 pandemic;
•exposure to liabilities under anti-corruption and anti-money laundering laws, including the U.S. Foreign Corrupt Practices Act, U.K. Bribery Act and similar laws and regulations in other jurisdictions; and
•adverse tax burdens and foreign exchange controls that could make it difficult to repatriate earnings and cash.
Our limited experience in operating our business internationally increases the risk that any potential future expansion efforts that we may undertake will not be successful. If we invest substantial time and resources to expand our international operations and are unable to do so successfully and in a timely manner, our business and results of operations will suffer.
Changes in government trade policies, including the imposition of tariffs and other trade barriers, could limit our ability to sell our products to certain customers and certain markets, which could adversely affect our business, financial condition and results of operations.
The United States or foreign governments may take administrative, legislative or regulatory action that could materially interfere with our ability to sell our offerings in certain countries. For instance, there is currently significant uncertainty about the future relationship between the United States and China with respect to trade policies, treaties, tariffs and taxes. If tariffs or other trade barriers are placed on offerings such as ours, this could have a direct or indirect adverse effect on our business. Even in the absence of tariffs or other trade barriers, the related uncertainty and the market's fears relating to international trade might result in lower demand for our offerings, which could adversely affect our business, financial condition and results of operations.
If currency exchange rates fluctuate substantially in the future, our financial results, which are reported in U.S. dollars, could be adversely affected.
As we continue to expand our international operations, we become more exposed to the effects of fluctuations in currency exchange rates. Often, contracts executed by our foreign operations are denominated in the currency of that country or region and a portion of our revenue is therefore subject to foreign currency risks. However, a strengthening of the U.S. dollar could increase the real cost of our subscription offerings and related services to our customers outside of the United States, adversely affecting our business, results of operations and financial condition. We incur expenses for employee compensation and other operating expenses at our non-U.S. locations in the local currency. Fluctuations in the exchange rates between the U.S. dollar and other currencies could result in the dollar equivalent of such expenses being higher. This could have a negative impact on our reported results of operations. To date, we have not engaged in any hedging strategies and any such strategies, such as forward contracts, options and foreign exchange swaps related to transaction exposures that we may implement in the future to mitigate this risk may not eliminate our exposure to foreign exchange fluctuations. Moreover, the use of hedging instruments may introduce additional risks if we are unable to structure effective hedges with such instruments.
Changes in laws and regulations related to the internet or changes in the internet infrastructure itself may diminish the demand for our software and could have a negative impact on our business.
The future success of our business and particularly our cloud offerings, such as MongoDB Atlas, depends upon the continued use of the internet as a primary medium for commerce, communication and business applications. Federal, state or foreign government bodies or agencies have in the past adopted, and may in the future adopt, laws or regulations affecting the use of the internet as a commercial medium. Changes in these laws or regulations could require us to modify our software in
order to comply with these changes. In addition, government agencies or private organizations may begin to impose taxes, fees or other charges for accessing the internet or commerce conducted via the internet. These laws or charges could limit the growth of internet-related commerce or communications generally, resulting in reductions in the demand for internet-based solutions such as ours.
In addition, the use of the internet as a business tool could be adversely affected due to delays in the development or adoption of new standards and protocols to handle increased demands of internet activity, security, reliability, cost, ease of use, accessibility and quality of service. The performance of the internet and its acceptance as a business tool have been adversely affected by a variety of evolving data security threats and the internet has experienced a variety of outages and other delays as a result of damage to portions of its infrastructure. If the use of the internet is adversely affected by these issues, demand for our subscription offerings and related services could suffer.
Our corporate structure and intercompany arrangements are subject to the tax laws of various jurisdictions and we could be obligated to pay additional taxes, which would harm our results of operations.
Based on our current corporate structure, we may be subject to taxation in several jurisdictions around the world with increasingly complex tax laws, the application of which can be uncertain. The amount of taxes we pay in these jurisdictions could increase substantially as a result of changes in the applicable tax principles, including increased tax rates, new tax laws or revised interpretations of existing tax laws and precedents. The authorities in these jurisdictions could review our tax returns or require us to file tax returns in jurisdictions in which we are not currently filing and could impose additional tax, interest and penalties. In addition, the authorities could claim that various withholding requirements apply to us or our subsidiaries, assert that benefits of tax treaties are not available to us or our subsidiaries, or challenge our methodologies for valuing developed technology or intercompany arrangements, including our transfer pricing. The relevant taxing authorities may determine that the manner in which we operate our business does not achieve the intended tax consequences. If such a disagreement was to occur and our position was not sustained, we could be required to pay additional taxes and interest and penalties. Any increase in the amount of taxes we pay or that are imposed on us could increase our worldwide effective tax rate and harm our business and results of operations.
We may expand through acquisitions or investments in strategic partnerships, each of which may divert our management’s attention, result in additional dilution to our stockholders, increase expenses, disrupt our operations, and harm our results of operations.
Our success will depend, in part, on our ability to grow our business in response to changing technologies, customer demands and competitive pressures. In some circumstances, we may choose to do so through acquisitions or investments in strategic partnerships, rather than through internal development. The identification of suitable acquisition candidates can be difficult, time-consuming and costly and we may not be able to successfully complete identified acquisitions.
The risks we face in connection with any acquisitions or strategic investments include:
•the potential of incurring charges or assuming substantial debt or other liabilities, which may cause adverse tax consequences or unfavorable accounting treatment, and which may expose us to claims and disputes by stockholders and third parties, including intellectual property claims and disputes, or which may not generate sufficient financial return to offset additional costs and expenses related to the acquisition or strategic investment;
•we may encounter difficulties or unforeseen expenditures in integrating the business, technologies, products, personnel or operations of any company that we acquire or invest in, particularly if key personnel of the acquired company decide not to work for us;
•we may not be able to realize anticipated synergies;
•an acquisition or strategic investment may disrupt our ongoing business, divert resources, increase our expenses and distract our management;
•an acquisition may result in a delay or reduction of customer purchases for both us and the company acquired due to customer uncertainty about continuity and effectiveness of service from either company and we may experience increased customer churn with respect to the company acquired;
•we may encounter challenges integrating the employees of the acquired company into our company culture;
•for international transactions, we may face additional challenges related to the integration of operations across different cultures and languages and the economic, political and regulatory risks associated with specific countries;
•we may be unable to successfully sell any acquired products or increase adoption or usage of acquired products, or increase spend by acquired customers;
•our use of cash to pay for acquisitions or strategic investment would limit other potential uses for our cash;
•if we incur debt to fund any acquisitions, such debt may subject us to material restrictions on our ability to conduct our business, including financial maintenance covenants; and
•if we issue a significant amount of equity securities in connection with future acquisitions, existing stockholders may be diluted and earnings per share may decrease.
The occurrence of any of these risks could have an adverse effect on our business, results of operations and financial condition.
We are subject to risks associated with our non-marketable securities, including partial or complete loss of invested capital. Significant changes in the fair value of our private investment portfolio could negatively impact our financial results.
We have non-marketable equity securities in privately-held companies. The financial success of our investments in any privately-held company is typically dependent on a liquidity event, such as a public offering, acquisition or other favorable market event reflecting appreciation to the cost of our initial investment. In addition, valuations of privately-held companies are inherently complex due to the lack of readily available market data.
We record all fair value adjustments of our non-marketable securities through the consolidated statements of operations. As a result, we may experience additional volatility to our statements of operations due to the valuation and timing of observable price changes or impairments of our non-marketable securities. Our ability to mitigate this volatility in any given period may be impacted by our contractual obligations to hold securities for a set period of time. All of our investments, especially our non-marketable securities, are subject to a risk of a partial or total loss of investment capital. Changes in the fair value or partial or total loss of investment capital of these individual companies could be material to our financial statements and negatively impact our business and financial results.
Failure to comply with anti-bribery, anti-corruption and anti-money laundering laws could subject us to penalties and other adverse consequences.
We are subject to the U.S. Foreign Corrupt Practices Act of 1977, as amended (the “FCPA”), the U.S. Travel Act, the U.K. Bribery Act (the “Bribery Act”) and other anti-corruption, anti-bribery and anti-money laundering laws in various jurisdictions around the world. The FCPA, Bribery Act and similar applicable laws generally prohibit companies, their officers, directors, employees and third-party intermediaries, business partners and agents from making improper payments or providing other improper things of value to government officials or other persons. We and our third-party intermediaries may have direct or indirect interactions with officials and employees of government agencies or state-owned or affiliated entities and other third parties where we may be held liable for the corrupt or other illegal activities of these third-party business partners and intermediaries, our employees, representatives, contractors, resellers and agents, even if we do not explicitly authorize such activities. While we have policies and procedures and internal controls to address compliance with such laws, we cannot assure you that all of our employees and agents will not take actions in violation of our policies and applicable law, for which we may be ultimately held responsible. To the extent that we learn that any of our employees, third-party intermediaries, agents, or business partners do not adhere to our policies, procedures, or internal controls, we are committed to taking appropriate remedial action. In the event that we believe or have reason to believe that our directors, officers, employees, third-party intermediaries, agents, or business partners have or may have violated such laws, we may be required to investigate or have outside counsel investigate the relevant facts and circumstances. Detecting, investigating and resolving actual or alleged violations can be extensive and require a significant diversion of time, resources and attention from senior management. Any violation of the FCPA, Bribery Act, or other applicable anti-bribery, anti-corruption laws and anti-money laundering laws could result in whistleblower complaints, adverse media coverage, investigations, loss of export privileges, severe criminal or civil sanctions, fines and penalties or suspension or debarment from U.S. government contracts, all of which may have a material adverse effect on our reputation, business, operating results and prospects and financial condition.
Our reported financial results may be adversely affected by changes in accounting principles generally accepted in the United States.
Generally accepted accounting principles in the United States (“GAAP”), are subject to interpretation by the FASB, the SEC and various bodies formed to promulgate and interpret appropriate accounting principles. A change in these
principles or interpretations could have a significant effect on our reported financial results and could affect the reporting of transactions completed before the announcement of a change. New accounting pronouncements and varying interpretations of accounting pronouncements have occurred and may occur in the future. Changes to existing rules or the questioning of current practices may adversely affect our reported financial results or the way we conduct our business. For example, SEC proposals on climate-related disclosures may require us to update our accounting or operational policies, processes, or systems to reflect new or amended financial reporting standards. Such changes may adversely affect our business, financial condition and operating results.
If our estimates or judgments relating to our critical accounting policies prove to be incorrect, our results of operations could be adversely affected.
The enactment of legislation implementing changes in U.S. taxation of international business activities or the adoption of other tax reform policies could materially impact our financial position and results of operations.
Changes to U.S. tax laws, including limitations on the ability of taxpayers to claim and utilize foreign tax credits and the deferral of certain tax deductions until earnings outside of the United States are repatriated to the United States, as well as changes to U.S. tax laws that may be enacted in the future, could impact the tax treatment of our foreign earnings. Due to the expansion of our international business activities, any changes in the U.S. taxation of such activities may impact our evidence supporting a full valuation allowance or increase our worldwide effective tax rate and adversely affect our financial position and results of operations.
Potential tax reform globally and in the United States may result in significant changes to U.S. federal income tax law, including changes to the U.S. federal income taxation of corporations (including ours) and/or changes to the U.S. federal income taxation of stockholders in U.S. corporations, including investors in our common stock. For example, the U.S. Tax Cuts and Jobs Act of 2017 (the “Act”) was enacted on December 22, 2017 and significantly revised the U.S. corporate income tax law. Additional significant changes to U.S. federal corporate tax law were made by the Coronavirus Aid, Relief, and Economic Security Act, and the recently enacted Inflation Reduction Act (“IRA”). The Company has determined that it is not currently subject to the tax effects of the IRA, which includes a corporate alternative minimum tax and an excise tax on
stock buybacks. In addition, the E.U. member states formally adopted the EU’s Pillar Two Directive, which was established by the Organisation for Economic Co-operation and Development (“OECD”). Pillar Two generally imposes a 15 percent minimum effective tax rate in the jurisdictions where multinational enterprises operate and is effective for accounting periods beginning on or after December 31, 2023. Pillar Two became effective for the Company in the first quarter of its fiscal year ending January 31, 2025. While the Company does not anticipate that Pillar Two will have a material impact on its tax provision or effective tax rate in the short-term, the Company continues to monitor evolving tax legislation in the jurisdictions in which it operates.
We continue to monitor the progression of new global and U.S. legislation impact on our effective tax rate. We are currently unable to predict whether any future changes will occur and, if so, the impact of such changes, including on the U.S. federal income tax considerations relating to the purchase, ownership and disposition of our common stock.
Our ability to use our net operating losses to offset future taxable income may be subject to certain limitations.
As of January 31, 2024, we had net operating loss (“NOL”) carryforwards for U.S. federal and state, Irish and U.K. income tax purposes. A lack of future taxable income would adversely affect our ability to utilize these NOLs before they expire. In general, under Section 382 of the Code, a corporation that undergoes an “ownership change” (as defined under Section 382 of the Code and applicable Treasury Regulations) is subject to limitations on its ability to utilize its pre-change NOLs to offset future taxable income. We may experience a future ownership change under Section 382 of the Code that could affect our ability to utilize the NOLs to offset our income. Furthermore, our ability to utilize NOLs of companies that we have acquired or may acquire in the future may be subject to limitations. There is also a risk that due to regulatory changes, such as suspensions on the use of NOLs or other unforeseen reasons, our existing NOLs could expire or otherwise be unavailable to reduce future income tax liabilities, including for state tax purposes.
For these reasons, we may not be able to utilize a material portion of the NOLs reflected on our balance sheet, even if we attain profitability, which could potentially result in increased future tax liability to us and could adversely affect our results of operations and financial condition.
Taxing authorities may successfully assert that we should have collected or in the future should collect sales and use, value added or similar taxes and we could be subject to liability with respect to past or future sales, which could adversely affect our results of operations.
We do not collect sales and use, value added or similar taxes in all jurisdictions in which we have sales and we believe that such taxes are not applicable to our products and services in certain jurisdictions. Sales and use, value added and similar tax laws and rates vary greatly by jurisdiction. Certain jurisdictions in which we do not collect such taxes may assert that such taxes are applicable, which could result in tax assessments, penalties and interest, to us or our end-customers for the past amounts and we may be required to collect such taxes in the future. If we are unsuccessful in collecting such taxes from our end-customers, we could be held liable for such costs. Such tax assessments, penalties and interest, or future requirements may adversely affect our results of operations.
We are subject to governmental export and import controls that could impair our ability to compete in international markets or subject us to liability if we violate the controls.
Our offerings are subject to U.S. export controls and we incorporate encryption technology into certain of our offerings. These encryption offerings and the underlying technology may be exported outside of the United States only with the required export authorizations, including by license.
Furthermore, our activities are subject to the economic sanctions laws and regulations by the U.S. and other jurisdictions that prohibit the shipment of certain products and services without the required export authorizations or export to countries, governments and persons targeted by the sanctions. While we take precautions to prevent our offerings from being exported in violation of these laws, including obtaining authorizations for our encryption offerings, implementing IP address blocking and screenings against U.S. Government and international lists of restricted and prohibited persons, we cannot guarantee that the precautions we take will prevent violations of export control and sanctions laws.
We also note that if our channel partners fail to obtain appropriate import, export or re-export licenses or permits, we may also be adversely affected, through reputational harm as well as other negative consequences including government investigations and penalties. We presently incorporate export control compliance requirements in our channel partner agreements. Complying with export control and sanctions regulations for a particular sale may be time-consuming and may result in the delay or loss of sales opportunities.
If we fail to comply with U.S. and other sanctions and export control laws and regulations, we and certain of our employees could be subject to substantial civil or criminal penalties, including the possible loss of export or import privileges, fines, which may be imposed on us and responsible employees or managers and, in extreme cases, the incarceration of responsible employees or managers.
Also, various countries, in addition to the United States, regulate the import, export and sale of certain encryption and other technology, including permitting and licensing requirements and have enacted laws that could limit our ability to distribute our offerings or could limit our customers’ ability to implement our offerings in those countries. Changes in our offerings or future changes in export and import regulations may create delays in the introduction of our offerings in international markets, prevent our customers with international operations from deploying our offerings globally or, in some cases, prevent the export or import of our offerings to certain countries, governments, or persons altogether. Any change in export or import regulations, economic sanctions or related legislation, or change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our offerings by, or in our decreased ability to export or sell our offerings to, existing or potential customers with international operations. Any decreased use of our offerings or limitation on our ability to export or sell our offerings would likely adversely affect our business operations and financial results.
Our business is subject to the risks of earthquakes, fire, floods, pandemics and public health emergencies and other natural catastrophic events and to interruption by man-made problems such as power disruptions, security breaches or other security incidents, or terrorism.
As of October 31, 2024, we have customers in over 100 countries and employees in over 25 countries. A significant natural disaster or man-made problem, such as an earthquake, fire, flood, an act of terrorism, the regional or global outbreak of a contagious disease, such as the COVID-19 pandemic, or other catastrophic event occurring in any of these locations, could adversely affect our business, results of operations and financial condition. Further, if a natural disaster or man-made problem were to affect data centers used by our cloud infrastructure service providers this could adversely affect the ability of our customers to use our products. In addition, natural disasters, regional or global outbreaks of contagious diseases and acts of terrorism could cause disruptions in our or our customers’ businesses, national economies or the world economy as a whole. Moreover, these types of events could negatively impact consumer and business spending in the impacted regions or depending upon the severity, globally, which could adversely impact our operating results. For example, the COVID-19 pandemic and/or the precautionary measures that we, our customers, and the governmental authorities adopted resulted in operational challenges, including, among other things, adapting to new work-from-home arrangements. More generally, a catastrophic event could adversely affect economies and financial markets globally and lead to an economic downturn, which could decrease technology spending and adversely affect demand for our products and services. Any prolonged economic downturn or a recession could materially harm our business and operating results and those of our customers, could result in business closures, layoffs, or furloughs of, or reductions in the number of hours worked by, our and our customer's employees, and a significant increase in unemployment in the United States and elsewhere. Such events may also lead to a reduction in the capital and operating budgets that we or our customers have available, which could harm our business, financial condition, and operating results. As we experienced during the COVID-19 pandemic, the trading prices for our and other technology companies' common stock may be highly volatile as a result of a catastrophic event, which may reduce our ability to access capital on favorable terms or at all. In the event of a major disruption caused by a natural disaster or man-made problem, we may be unable to continue our operations and may endure system interruptions, reputational harm, delays in our development activities, lengthy interruptions in service, data breaches or other security incidents and loss of critical data, any of which could adversely affect our business, results of operations and financial condition.
In addition, data security threats have become more prevalent, we face increased risk from these activities to maintain the performance, reliability, security and availability of our subscription offerings and related services and technical infrastructure to the satisfaction of our customers, which may harm our reputation and our ability to retain existing customers and attract new customers.
To the extent any of the above or similar events occur and adversely affect our business and results of operations, such event may also have the effect of heightening many of the other risks and uncertainties described in this “Risk Factors” section which may materially and adversely affect our business and results of operations.
We are subject to risks related to our environmental, social, and governance activities and disclosures.
We communicate certain environmental, social and governance (“ESG”) related initiatives and goals regarding environmental matters, diversity and other matters in our annually released ESG Report (formerly known as the Corporate Sustainability Report), on our website and elsewhere. The implementation of any of our current or future initiatives, goals
•actual or anticipated changes or fluctuations in our results of operations;
•whether our results of operations meet the expectations of securities analysts or investors;
•announcements of new products or technologies, commercial relationships, acquisitions or other events by us or our competitors;
•changes in how customers perceive the benefits of our product and future product offerings and releases;
•departures of key personnel;
•price and volume fluctuations in the overall stock market from time to time;
•fluctuations in the trading volume of our shares or the size of our public float;
•sales of large blocks of our common stock;
•changes in actual or future expectations of investors or securities analysts;
•significant data breach or other security incident involving our software;
•litigation involving us, our industry, or both;
•regulatory developments in the United States, foreign countries or both;
•general economic conditions and trends;
•major catastrophic events in our domestic and foreign markets; and
•“flash crashes,” “freeze flashes” or other glitches that disrupt trading on the securities exchange on which we are listed.
In addition, if the market for technology stocks or the stock market in general experiences a loss of investor confidence, the trading price of our common stock could decline for reasons unrelated to our business, results of operations or financial condition. The trading price of our common stock might also decline in reaction to events that affect other companies in our industry even if these events do not directly affect us. In the past, following periods of volatility in the trading price of a company’s securities, securities class action litigation has often been brought against that company. If our stock price is volatile, we may become the target of securities litigation. Securities litigation could result in substantial costs and divert our management’s attention and resources from our business. This could have an adverse effect on our business, results of operations and financial condition.
We may fail to meet our publicly announced guidance or other expectations about our business and future operating results, which would cause our stock price to decline.
We release earnings guidance in our quarterly and annual earnings conference calls, quarterly and annual earnings releases, or otherwise, regarding our future performance that represents our management’s estimates as of the date of release. This guidance includes forward-looking statements based on projections prepared by our management. Projections are based upon a number of assumptions and estimates that, while presented with numerical specificity, are inherently subject to significant business, economic and competitive uncertainties and contingencies on our business, many of which are beyond our control and are based upon specific assumptions with respect to future business decisions, some of which will change. Some of those key assumptions relate to the macroeconomic environment, including inflation and interest rates, which are inherently difficult to predict. We intend to state possible outcomes as high and low ranges which are intended to provide a sensitivity analysis as variables are changed but are not intended to imply that actual results could not fall outside of the suggested ranges. The principal reason that we release guidance is to provide a basis for our management to discuss our business outlook with analysts and investors. Furthermore, analysts and investors may develop and publish their own projections of our business, which may form a consensus about our future performance. Our actual business results may vary significantly from such guidance or that consensus due to a number of factors, many of which are outside of our control, including due to the global economic uncertainty and financial market volatility, instability in the banking sector, the ongoing geopolitical instability resulting from the conflicts between Russia and Ukraine and Israel and Hamas, severely diminished liquidity and credit availability, declines in consumer confidence, declines in economic growth, increases in unemployment rates, increases in inflation rates, higher interest rates and uncertainty about economic stability, any of which or combination thereof could materially and adversely affect our business and future operating results. Furthermore, if we make downward revisions of our previously announced guidance, if we withdraw our previously announced guidance, or if our publicly announced guidance of future operating results fails to meet expectations of securities analysts, investors or other interested parties, the price of our common stock would decline.
Guidance is necessarily speculative in nature, and it can be expected that some or all of the assumptions underlying the guidance furnished by us will not materialize or will vary significantly from actual results. Accordingly, our guidance is only an estimate of what management believes is realizable as of the date of release. Actual results may vary from our guidance and the variations may be material. In light of the foregoing, investors are urged not to rely upon our guidance in making an investment decision regarding our common stock.
Any failure to successfully implement our operating strategy or the occurrence of any of the events or circumstances set forth in this “Risk Factors” section in this report could result in the actual operating results being different from our guidance, and the differences may be adverse and material.
Our issuance of additional capital stock in connection with financings, acquisitions, investments, our equity incentive plans or otherwise will dilute all other stockholders.
We expect to issue additional capital stock in the future that will result in dilution to all other stockholders. We expect to grant equity awards to employees, directors and consultants under our equity incentive plans. We may also raise capital through equity financings in the future. As part of our business strategy, we may acquire or make investments in companies, products or technologies and issue equity securities to pay for any such acquisition or investment. Any such issuances of additional capital stock may cause stockholders to experience significant dilution of their ownership interests and the per share value of our common stock to decline.
We do not intend to pay dividends on our common stock for the foreseeable future.
We have never declared or paid any dividends on our capital stock. We intend to retain any earnings to finance the operation and expansion of our business and we do not anticipate paying any dividends in the foreseeable future. As a result, investors in our common stock may only receive a return if the market price of our common stock increases.
The requirements of being a public company may strain our resources, divert management's attention and affect our ability to attract and retain additional executive management and qualified board members.
As a public company, we are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act, the Dodd-Frank Wall Street Reform and Consumer Protection Act, the listing requirements of the Nasdaq and other applicable securities rules and regulations. Our management and other personnel devote a substantial amount of time to compliance with these requirements. Moreover, these laws, regulations and standards are subject to varying interpretations and their application in practice may evolve over time as regulatory and governing bodies issue revisions to, or new interpretations of, these public company requirements. Such changes could result in continuing uncertainty regarding compliance matters and
higher legal and financial costs necessitated by ongoing revisions to disclosure and governance practices. We will continue to invest resources to comply with evolving laws, regulations and standards and this investment may result in increased general and administrative expenses and a diversion of management's time and attention from revenue-generating activities to compliance activities. If our efforts to comply with new laws, regulations and standards differ from the activities intended by regulatory or governing bodies due to ambiguities related to their application and practice, regulatory authorities may initiate legal proceedings against us and our business may be adversely affected.
Being a public company under these rules and regulations has made it more expensive for us to obtain director and officer liability insurance and in the future, we may be required to accept reduced coverage or incur substantially higher costs to obtain coverage. These factors could also make it more difficult for us to attract and retain qualified executive officers or members of our Board of Directors, particularly to serve on our audit and compensation committees.
As a result of the disclosures within our filings with the SEC, information about our business and our financial condition is available to competitors and other third parties, which may result in threatened or actual litigation, including by competitors and other third parties. If such claims are successful, our business and results of operations could be adversely affected. Even if the claims do not result in litigation or are resolved in our favor, these claims and the time and resources necessary to resolve them, could divert the resources of our management and adversely affect our business and results of operations.
Our amended and restated certificate of incorporation provides that the Court of Chancery of the State of Delaware and the federal district courts of the United States of America will be the exclusive forums for substantially all disputes between us and our stockholders, which could limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us or our directors, officers, or employees.
Our amended and restated certificate of incorporation provides that the Court of Chancery of the State of Delaware is the exclusive forum for the following types of actions or proceedings under Delaware statutory or common law:
•any derivative action or proceeding brought on our behalf;
•any action asserting a breach of fiduciary duty;
•any action asserting a claim against us arising under the Delaware General Corporation Law, our amended and restated certificate of incorporation, or our amended and restated bylaws; and
•any action asserting a claim against us that is governed by the internal-affairs doctrine.
This provision would not apply to suits brought to enforce a duty or liability created by the Exchange Act. Furthermore, Section 22 of the Securities Act creates concurrent jurisdiction for federal and state courts over all such Securities Act actions. Accordingly, both state and federal courts have jurisdiction to entertain such claims. To prevent having to litigate claims in multiple jurisdictions and the threat of inconsistent or contrary rulings by different courts, among other considerations, our amended and restated certificate of incorporation further provides that the federal district courts of the United States of America will be the exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act. These exclusive forum provisions may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or our directors, officers, or other employees, which may discourage lawsuits against us and our directors, officers and other employees. While the Delaware courts have determined that such choice of forum provisions are facially valid, a stockholder may nevertheless seek to bring a claim in a venue other than those designated in the exclusive forum provisions. In such instance, we would expect to vigorously assert the validity and enforceability of the exclusive forum provisions of our amended and restated certificate of incorporation. This may require significant additional costs, and there can be no assurance that the provisions will be enforced by a court in those other jurisdictions. If a court were to find either exclusive-forum provision in our amended and restated certificate of incorporation to be inapplicable or unenforceable in an action, we may incur further significant additional costs associated with resolving the dispute in other jurisdictions.
Delaware law and our corporate charter and bylaws contain anti-takeover provisions that could delay or discourage takeover attempts that stockholders may consider favorable.
Our amended and restated certificate of incorporation and amended and restated bylaws contain provisions that could delay or prevent a change in control of our company. These provisions could also make it difficult for stockholders to elect directors who are not nominated by the current members of our Board of Directors or take other corporate actions, including effecting changes in our management. These provisions include:
•a classified Board of Directors with three-year staggered terms, which could delay the ability of stockholders to change the membership of a majority of our Board of Directors;
The capped call transactions may affect the value of the 2026 Notes and our common stock.
In connection with the pricing of the 2026 Notes, we entered into privately negotiated capped call transactions with certain counterparties. The capped call transactions cover, subject to customary adjustments, the number of shares of our common stock initially underlying the 2026 Notes. The capped call transactions are expected to offset the potential dilution to our common stock upon any conversion of the 2026 Notes. In connection with establishing their initial hedges of the capped call transactions, the counterparties or their respective affiliates entered into various derivative transactions with respect to our common stock concurrently with or shortly after the pricing of the 2026 Notes, including with certain investors in the 2026 Notes.
The counterparties or their respective affiliates may modify their hedge positions by entering into or unwinding various derivatives with respect to our common stock and/or purchasing or selling our common stock or other securities of ours in secondary market transactions prior to the maturity of the 2026 Notes (and are likely to do so on each exercise date of the capped call transactions, which are scheduled to occur during the observation period relating to any conversion of the 2026 Notes on or after October 15, 2025), or following any termination of any portion of the capped call transactions in connection with any repurchase, redemption or early conversions of the 2026 Notes or otherwise. This activity could also cause or avoid an increase or a decrease in the market price of our common stock. We do not make any representation or prediction as to the direction or magnitude of any potential effect that the transactions described above may have on the price of shares of our common stock.
ITEM 2. UNREGISTERED SALES OF EQUITY SECURITIES AND USE OF PROCEEDS.
(a)Recent Sales of Unregistered Equity Securities
None.
(b)Use of Proceeds
None.
(c)Issuer Purchases of Equity Securities
None.
ITEM 3. DEFAULTS UPON SENIOR SECURITIES.
Not applicable.
ITEM 4. MINE SAFETY DISCLOSURES.
Not applicable.
ITEM 5. OTHER INFORMATION.
Rule 10b5-1 and Non-Rule 10b5-1 Trading Arrangements
Certain executive officers and directors of the Company may execute purchases and sales of the Company's common stock through Rule 10b5-1 equity trading plans and “non-Rule 10b5-1 equity trading arrangements” (as defined in Item 408(c) of Regulation S-K).
During the three months ended October 31, 2024, two members of our board of directors and one of our executive officers adopted the following 10b5-1 trading arrangements:
On September 10, 2024, Hope Cochran, a member of our board of directors, adopted a trading plan intended to satisfy the conditions under Rule 10b5-1(c) of the Exchange Act. Ms. Cochran’s plan is for the sale of up to 4,698 shares of common stock underlying stock options and 4,000 shares of our common stock in amounts and prices determined in accordance with a formula set forth in the plan and terminates on the earlier of the date that all the shares under the plan are sold and September 30, 2025, subject to early termination for certain specified events set forth in the plan.
On October 18, 2024, Charles M. Hazard, Jr, a member of our board of directors, adopted a trading plan intended to satisfy the conditions under Rule 10b5-1(c) of the Exchange Act. Mr. Hazard’s plan is for the sale of up to 10,000 shares of our common stock and 2,000 shares of our common stock held through a trust account in amounts and prices determined in accordance with a formula set forth in the plan and terminates on the earlier of the date that all the shares under the plan are sold and December 31, 2025, subject to early termination for certain specified events set forth in the plan.
On October 18, 2024, Dev Ittycheria, our Chief Executive Officer, adopted a trading plan intended to satisfy the conditions under Rule 10b5-1(c) of the Exchange Act. Mr. Ittycheria’s plan is for the sale of up to 38,036 shares of our common stock underlying employee stock options and up to 61,964 shares of our common stock in amounts and prices determined in accordance with a formula set forth in the plan and terminates on the earlier of the date all the shares under the plan are sold and December 31, 2025, subject to early termination for certain specified events set forth in the plan.