Item 1. Legal Proceedings
From time to time, we are involved in various legal proceedings arising from the normal course of business activities. We are not presently a party to any litigation the outcome of which, we believe, if determined adversely to us, would individually or taken together have a material adverse effect on our business, operating results, cash flows or financial condition. Defending such proceedings is costly and can impose a significant burden on management and employees. The results of any current or future litigation cannot be predicted with certainty, and regardless of the outcome, litigation can have an adverse impact on us because of defense and settlement costs, diversion of management resources and other factors.
Item 1A. Risk Factors
Our operations and financial results are subject to various risks and uncertainties, including those described below. You should carefully consider the risks described below, together with the financial and other information contained in this Quarterly Report on Form 10-Q, including the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our consolidated financial statements and related notes. The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties that we are unaware of, or that we currently believe are not material, may also become important factors that adversely affect our business. If any of the following risks or others not specified below materialize, our business, financial condition, results of operations and prospects could be materially and adversely affected. Unless otherwise indicated, references in these risk factors to our business being harmed will include harm to our business, reputation, brand, financial condition, results of operations and prospects. As a result, the trading price of our common stock could decline.
Risk Factors Summary
Our business operations are subject to numerous risks, factors and uncertainties, including those outside of our control, that could cause our actual results to be harmed, including risks regarding the following:
•Our recent rapid growth may not be indicative of our future growth. Our rapid growth also makes it difficult to evaluate our future prospects and may increase the risk that we will not be successful.
•Our limited operating history and our history of operating losses makes it difficult to evaluate our current business and prospects and may increase the risks associated with your investment.
•Our business depends on customers increasing their use of our solution and any loss of customers or decline in their use of our solution could harm our business.
•Usage of our solution accounts for substantially all of our revenue.
•If we are unable to attract new customers and retain existing customers, our business, financial condition and results of operations will be adversely affected.
•We rely upon third-party providers of cloud-based infrastructure to host our cloud-based solution. Any disruption in the operations of these third-party providers, limitations on capacity or interference with our use could adversely affect our business, financial condition and results of operations.
•We expect fluctuations of our financial results which may cause quarterly comparisons not to be meaningful.
•Our revenue growth depends in part on the success of our strategic relationships with law firms and other legal services providers, and if we are unable to establish and maintain successful relationships with them, our business, operating results and financial condition could be adversely affected.
•The markets in which we participate are competitive, and if we do not compete effectively, our business will be harmed.
•We employ a pricing model that subjects us to various challenges, and given our limited history with our pricing model, we may not be able to accurately predict the optimal pricing necessary to attract new customers and retain existing customers.
•We rely on the performance of highly skilled personnel, including our management and other key employees, and the loss of one or more of such personnel, or of a significant number of our team members, could harm our business.
•Our current operations are international in scope and we plan on further geographic expansion, creating a variety of operational challenges.
•Unfavorable conditions in our industry or the global economy or reductions in legal spending could harm our business.
•Our business and results of operations may be materially adversely affected by the ongoing COVID-19 pandemic, including variants of COVID-19, or other similar outbreaks or pandemics.
•We may in the future be subject to legal proceedings and litigation, including intellectual property disputes, which are costly and may subject us to significant liability and increased costs of doing business. Our business may suffer if it is alleged or determined that our technology infringes the intellectual property rights of others.
•We operate in a highly regulated industry and either are or may be subject to a wide range of federal, state and local, as well as foreign, laws, rules and regulations, and our failure to comply with these laws and regulations may force us to change our operations or harm our business.
•Our computer systems, or those of any third parties on whom we depend, may fail or suffer security or data privacy breaches or other unauthorized or improper access to, use of, or destruction of our proprietary or confidential data, employee data, or personal data, which could result in additional costs, loss of revenue, significant liabilities, harm to our brand and material disruption of our operations.
•Insiders have substantial control over us and will be able to influence corporate matters.
Risks Related to Our Growth and Capital Requirements
Our recent rapid growth may not be indicative of our future growth. Our rapid growth also makes it difficult to evaluate our future prospects and may increase the risk that we will not be successful.
We have experienced substantial growth in our business since inception. For example, our revenue was $80.5 million, $49.3 million, $68.4 million, and $48.6 million for the nine months ended September 30, 2021 and 2020 and the years ended December 31, 2020 and 2019, respectively. We have also experienced significant growth in headcount, our number of customers, usage and amount of data delivered across our solution. You should not rely on the revenue growth of any prior quarterly or annual period as an indication of our future performance. Even if our revenue continues to increase, we expect that our revenue growth rate may decline in the future as a result of a variety of factors, including the maturation of our business, increased competition, changes to technology, a decrease in the growth of our overall market, or our failure, for any reason, to continue to take advantage of growth opportunities. Overall growth of our revenue depends on a number of factors, including our ability to:
•price our solution effectively so that we are able to attract new customers and expand sales to our existing customers;
•expand the functionality applications of our solution;
•maintain and expand the rates at which customers use our solution;
•provide our customers with support that meets their needs;
•maintain or increase customer satisfaction with our solution;
•continue to introduce and sell our solution to new markets;
•continue to develop applications and new functionality on our solution and successfully further optimize our solution, including continued innovation of our artificial intelligence system for legal documents;
•successfully identify and acquire or invest in businesses, products or technologies that we believe could complement or expand our solution;
•recruit, hire, train and manage additional qualified developers, professionals and sales and marketing personnel; and
•increase awareness of our brand on a global basis and successfully compete with other companies.
We may not successfully accomplish any of these objectives, and as a result, it is difficult for us to forecast our future results of operations. If the assumptions that we use to plan our business are incorrect or change in reaction to changes in the markets in which we operate, or if we are unable to maintain consistent revenue or revenue growth, our stock price could be volatile and it may be difficult to achieve and maintain profitability.
In addition, we expect to continue to expend substantial financial and other resources on:
•our technology infrastructure, including systems architecture, scalability, availability, performance and security;
•sales and marketing, including a significant expansion of our sales organization to engage existing and prospective customers, increase brand awareness and drive adoption of our solution;
•product development, including investments in our development team and the development of new applications of our solution and new functionality for our existing applications and in the protection of our intellectual property rights related to our product development;
•services and support for the benefit and assistance of customers using our solution;
•acquisitions or strategic investments;
•international expansion; and
•general administration, including increased legal and accounting expenses associated with being a public company.
These investments may not be successful on the timeline we anticipate or at all and may not result in increased revenue growth. If we are unable to maintain or increase our revenue at a rate sufficient to offset the expected increase in our costs, our business, financial position and results of operations will be harmed and we may not be able to achieve or maintain profitability over the long term. Additionally, we have encountered, and may in the future encounter, risks and uncertainties frequently experienced by growing companies in rapidly changing industries, such as unforeseen operating expenses, difficulties, complications, delays and other known or unknown factors that may result in losses in future periods. If our revenue growth does not meet our expectations in future periods, our business, financial position and results of operations may be harmed and we may not achieve or maintain profitability in the future.
We may not be able to successfully manage our growth and, if we are not able to grow efficiently, our business, financial condition and results of operations could be harmed.
The rapid growth we have experienced in our business places significant demands on our operational infrastructure. As usage of our solution grows, we will need to devote additional resources to improving and maintaining our infrastructure and integrating with third-party applications, including open source software. In addition, we will need to appropriately scale our internal business systems and our services organization, including customer support and professional services, to serve our growing customer base. Any failure of or delay in these efforts could lead to impaired system performance and reduced customer satisfaction, resulting in decreased sales to customers, lower dollar-based net retention rates, the issuance of service credits or requested refunds, which would hurt our revenue growth and our reputation. Even if we are successful in our expansion efforts, they will be expensive and complex, and require the dedication of significant management time and attention. We could also face inefficiencies or service disruptions as a result of our efforts to scale our internal infrastructure. We cannot be sure that the expansion of and improvements to our internal infrastructure will be effectively implemented on a timely basis, if at all, and such failures could harm our business, financial condition and results of operations.
Our limited operating history and our history of operating losses makes it difficult to evaluate our current business and prospects and may increase the risks associated with your investment.
We launched our business in 2013 and have experienced net losses in each fiscal year since inception. We incurred net losses of $15.2 million, $19.9 million, $22.9 million and $29.8 million for the nine months ended September 30, 2021 and 2020 and the years ended December 31, 2020 and 2019, respectively. As of September 30, 2021, we had an accumulated deficit of $118.4 million. We will need to generate and sustain increased revenue levels and manage costs in future periods in order to become profitable. Even if we achieve profitability, we may not be able to maintain or increase our level of profitability. We intend to continue to incur significant costs to support further growth and further develop our solution, including expanding the functionality of our solution, technology infrastructure and business systems, expanding our direct sales force and partner ecosystem, increasing our marketing activities and growing our international operations. We will also face increased compliance costs associated with growth, expansion of our customer base and the costs of being a public company. These increased expenditures will make it harder for us to achieve or sustain profitability and we cannot predict if we will achieve or sustain profitability in the near term or at all. We may incur significant losses in the future for a number of reasons, including the other risks described herein, and unforeseen expenses, difficulties, complications and delays and other unknown events. If we are unable to achieve and sustain profitability, the value of our common stock could decline and our business may be harmed.
We have limited historical financial data and operate in a rapidly evolving market. As a result, it is difficult to evaluate our current business and our future prospects, including our ability to plan for and model future growth, and any predictions about our future revenue and expenses may not be as accurate as they would be if we had a longer operating history or operated in a more predictable market. We have encountered and will continue to encounter risks and difficulties frequently experienced by rapidly growing companies in constantly evolving industries, including the risks described herein. If we do not address these risks successfully, our business may be harmed.
Our ability to timely raise capital in the future may be limited, or such capital may be unavailable on acceptable terms, if at all.
We have funded our operations since inception primarily through payments received from our customers, sales of equity securities, including our IPO in July 2021, and borrowings under our credit facility. We cannot be certain when or if our operations will generate sufficient cash to fully fund our ongoing operations or the growth of our business. We intend to continue to make investments to support our business and may require additional funds. We evaluate financing opportunities from time to time and our ability to obtain financing will depend, among other things, on our development efforts, business plans, operating performance and condition of the capital markets at the time we seek financing. Additional financing may not be available on favorable terms, if at all. If adequate funds are not available on acceptable terms, we may be unable to invest in future growth opportunities, which could harm our business, operating results and financial condition. Furthermore, if we issue additional equity securities, stockholders will experience dilution and the new equity securities could have rights senior to those of our common stock. Because our decision to issue securities in future offerings will depend on numerous considerations, including factors beyond our control, we cannot predict or estimate the amount, timing or nature of any future issuances of debt or equity securities. As a result, our stockholders bear the risk of future issuances of debt or equity securities reducing the value of our common stock and diluting their interests.
Our issuance of additional capital stock in connection with financings, acquisitions, investments, our equity incentive plans or otherwise will dilute all other stockholders.
We may issue additional capital stock in the future that will result in dilution to all other stockholders. We expect to grant equity awards to employees, directors and consultants under our equity incentive plans. We may also raise capital through equity financings in the future. As part of our business strategy, we may acquire or make investments in companies and issue equity securities to pay for any such acquisition or investment. Any such issuances of additional capital stock may cause stockholders to experience significant dilution of their ownership interests and the per share value of our common stock to decline.
Risks Related to Our Business and Industry
Our business depends on customers increasing their use of our solution and any loss of customers or decline in their use of our solution could harm our business.
Our ability to grow and generate incremental revenue depends, in part, on our ability to maintain and grow our relationships with existing customers and to have them increase their usage of our solution. Customers are charged in part based on their usage of our solution. If our customers do not increase their usage of our solution, our revenue may decline and our results of operations may be harmed. Most of our customers do not have long-term contractual financial commitments to us and, therefore, most of our customers may reduce or cease their use of our solution at any time. Customers may terminate or reduce their use of our solution for any number of reasons, including the settlement or other resolution of legal matters, reductions in the volume of major legal matters experienced, customer budget constraints, customer satisfaction or negative perceptions as to the reliability of our solution relative to traditional methods of performing legal services, changes in our customers’ underlying businesses and financial conditions, changes in the type and size of our customers, pricing changes, legal industry trends away from litigation toward alternative forms of dispute resolution, competitive conditions and general economic conditions. In addition, even if our customers expand their usage of our solution, we cannot guarantee that they will maintain those usage levels for any meaningful period of time.
Customers under usage-based contracts can cancel their contracts or reduce their usage at any time. The loss of customers or reductions in their usage of our solution may each have a negative impact on our business, results of operations and financial condition. In addition, existing customers may negotiate lower rates for their usage in exchange for an agreement to renew, expand their usage in the future or adopt new solutions. As a result, these customers may not reduce their usage of our solution, but the revenue we derive from that usage will decrease. If our customers reduce their usage of or do not continue to use our solution, our revenue and other results of operations will decline and our business will suffer.
Our future success also depends in part on our ability to expand our existing customer relationships by increasing usage and selling additional solutions to our existing customers. The rate at which our customers purchase solutions from us depends on a number of factors, including our ability to develop additional solutions for our solution and the quality of such applications, general economic conditions and pricing and services offered by our competitors. If our efforts to increase usage and sell additional solutions to our customers are not successful, our business may be harmed.
Usage of our solution accounts for substantially all of our revenue.
We have derived and expect to continue to derive substantially all of our revenue from our solution. As such, market adoption of our solution is critical to our continued success. Our operating results could suffer due to:
•any decline in demand for our solution;
•the failure of our solution to achieve continued market acceptance;
•the failure of the market for cloud-based technologies for the legal market to continue to grow, or grow as quickly as we expect;
•the introduction of products and technologies that serve as a replacement or substitute for, or represent an improvement over, our solution;
•technological innovations or new standards that our solution does not address;
•sensitivity to current or future prices offered by us or our competitors;
•our customers’ development of their own proprietary solutions; and
•our inability to release enhanced versions of our solution on a timely basis.
If the market for our solution grows more slowly than expected or if demand for our solution does not grow as quickly as anticipated, whether as a result of competition, pricing sensitivities, product obsolescence, technological change, unfavorable economic conditions, uncertain geopolitical environment, budgetary constraints of our customers or other factors, our business would be harmed.
If we are unable to attract new customers and retain existing customers, our business, financial condition and results of operations will be adversely affected.
We must attract new customers and retain existing customers to continue to grow our business. Our success will depend to a substantial extent on the widespread adoption of our solution as an alternative to existing offerings, including as an alternative to traditional systems relying on manual tasks and processes. Our customers include law firms and other legal services providers, legal departments of corporate enterprises and organizations and governmental entities. We must convince potential customers of the value of our cloud software solution and that our technologies can automate and simplify legal services more accurately, efficiently and securely than lawyers and their staff and the products of our competitors. This may require significant and costly sales efforts that are targeted at law firms and legal departments of corporate enterprises and organizations and the senior management of these potential customers. In addition, our ability to attract new customers depends in part on our partner ecosystem, consisting of law firms and other legal services providers who resell our solution. We must develop and maintain strong relations with our partner ecosystem and convince our partners of the value of our solution so that they drive adoption of our solution by their customers. Additionally, our solution allows our customers to add other legal industry participants as non-paying users of our solution. Our ability to attract new customers depends in part on our ability to convert the non-paying part users. Our success also depends in part on our ability to offer compelling solutions and the effectiveness of our sales organization. Numerous other factors, many of which are out of our control, may now or in the future impact our ability to acquire new customers, including, but not limited to:
•competitive offerings;
•potential customers’ commitments to other providers;
•real or perceived costs of switching to our solution;
•our failure to expand, retain and motivate our sales and marketing personnel;
•our failure to develop or expand relationships with potential customers and our partner ecosystem;
•failure by us to help our customers to successfully deploy our solution;
•negative media or industry or financial analyst commentary regarding us or our solution;
•negative perceptions about the reliability of cloud-based legal solutions;
•litigation activity; and
•deteriorating general economic conditions.
If the legal market and the demand for legal services decline, customers may decide not to adopt our solution and our existing customers may cease using our solution to reduce costs. As a result of these and other factors, we may be unable to attract new customers or retain existing customers, which would adversely affect our business, financial condition and results of operations.
If our solution fails to perform properly due to defects, interruptions, delays in performance or similar problems and if we fail to resolve any defect, interruption, delay or other problem, we could lose customers, become subject to service performance or warranty claims or incur significant costs.
Our operations are dependent upon our ability to prevent system interruption. The technologies underlying our cloud solution are complex and may contain material defects or errors, which may cause disruptions in availability or other performance problems. We have from time to time found defects in our solution and may discover additional defects in the future that could result in service issues. These defects or errors could also be found in third-party applications on which we rely. We may not be able to detect and correct defects or errors before a customer begins using our solution. Consequently, we or our customers may discover defects or errors after our solution has been deployed.
In addition, we may experience system slowdowns and interruptions from time to time. Continued growth in our customer base could place additional demands on our solution and could cause or exacerbate slowdowns or interrupt the availability of our solution. If there is a substantial increase in the volume of usage on our solution, we will be required to further expand and upgrade our technology and infrastructure. There can be no assurance that we will be able to accurately project the rate or timing of increases, if any, in the use of our solution or expand and upgrade our systems and infrastructure to accommodate such increases on a timely basis. In such cases, if our users are not able to access our solution or encounter slowdowns when doing so, we may lose customers or partners. In order to remain competitive, we must continue to enhance and improve the responsiveness, functionality and features of our solution. Our response to such slowdowns or interruptions may not be sufficient to address all aspects or any unanticipated consequence or incidents and our insurance may not be sufficient to compensate us for the losses that could occur.
Our customers use our solution to manage critical aspects of their businesses and operations. The occurrence of any defects, errors, disruptions in service or other performance problems, or delays with our solution, whether in connection with the day-to-day operations or otherwise, could result in:
•loss of customers;
•loss of partners;
•reduced customer usage of our solution;
•reduced ability to attract new customers;
•lost or delayed market acceptance and sales of our solution;
•delays in payment to us by customers;
•injury to our reputation and brand;
•legal claims, including warranty claims, against us; and
•diversion of our resources, including through increased service and warranty expenses or financial concessions, and increased insurance costs.
The costs incurred in correcting any material defects, errors or other performance problems in our solution may be substantial and could harm our business.
Incorrect or improper use of our solution could result in customer dissatisfaction and harm our business, results of operations, financial condition and growth prospects.
We regularly train our customers in the proper use of and the variety of benefits that can be derived from our solution to maximize its potential. Our failure to train customers on how to efficiently and effectively deploy and use our solution, or our
failure to provide effective support or professional services to our customers, whether actual or perceived, may result in negative publicity or legal actions against us. Also, as we continue to expand our customer base, any actual or perceived failure by us to properly provide these services will likely result in lost opportunities for follow-on sales of our related services.
Customers may find our solution to be complicated to use and it may not be easy to maximize the value of our solution without proper training. Moreover, we have designed our solution to allow for use by law firms and legal services providers who are not direct customers. If our customers or such third-parties perceive that our solution is too complex or time-consuming to learn and use, customer perceptions of our company and our solution may be impaired, our reputation and brand may suffer and customers may choose not to use our solution or increase their purchases of our offerings. Further, incorrect or improper use of our solution by our customers or their external legal services providers may result in negative legal outcomes and potentially subject such parties to claims of malpractice, which would adversely affect our reputation and customer confidence in our solution.
We rely upon third-party providers of cloud-based infrastructure to host our cloud-based solution. Any disruption in the operations of these third-party providers, limitations on capacity, or interference with our use could adversely affect our business, financial condition and results of operations.
Our continued growth depends in part on the ability of our existing and potential customers to continue to adopt and utilize our cloud-based solution. We outsource substantially all of the infrastructure relating to our cloud-based solution to third-party hosting services. In particular, Amazon Web Services, or AWS, provides the cloud computing infrastructure that we use to host our solution and many of the internal tools we use to operate our business. Customers of our cloud-based solution expect to be able to access our solution at any time, without interruption or degradation of performance. Our cloud-based solution depends on protecting the virtual cloud infrastructure hosted by third-party hosting services by maintaining its configuration, architecture, features and interconnection specifications, as well as the information stored in these virtual data centers, which is transmitted by third-party internet service providers. Any disruption as a result of cyber-attacks or similar issues, or any limitation on the capacity of our third-party hosting services, could impede our ability to onboard new customers or expand the usage of our existing customers or otherwise adversely affect our business, which could adversely affect our financial condition and results of operations. Due the fact that we rely on third-party providers of cloud-based infrastructure to host our cloud-based solution, it may become increasingly difficult to maintain and improve their performance, especially during peak usage times and as our cloud capabilities become more complex and our user traffic increases, because we do not control the infrastructure supporting these services. In addition, any incident affecting our third-party hosting services’ infrastructure that may be caused by cyber-attacks, natural disasters, fire, flood, severe storm, earthquake, power loss, telecommunications failures, outbreaks of contagious diseases, terrorist or other attacks and other similar events beyond our control could negatively affect our cloud-based solution. If our cloud-based solution is unavailable or if our users are unable to access our cloud-based solution within a reasonable amount of time or at all, we may experience a loss of customers, lost or delayed market acceptance of our solution, delays in payment to us by customers, injury to our reputation and brand, legal claims against us and the diversion of our resources. We may also incur significant costs for using alternative equipment or taking other actions in preparation for, or in reaction to, events that damage the third-party hosting services we use.
As our business grows, we may need to engage additional providers of cloud computing infrastructure to support our operations. Adequate additional support may not be available to us on acceptable terms, or at all. Furthermore, certain customers may require that we use or avoid specific providers of cloud computing infrastructure. If we fail to enter into agreements or integrate our solution with third-party offerings that our customers require to operate their businesses, or to provide the proper support or ease of integration our customers require, we may not be able to offer the functionality that our customers and their consumers expect, which would harm our business. In addition, in the event that our service agreements with our third-party hosting services are terminated, or there is a lapse of service, elimination of services or features that we utilize, interruption of internet service provider connectivity or damage to such facilities, we could experience interruptions in access to our cloud-based solution as well as significant delays and additional expense in arranging or creating new facilities and services and/or re-architecting our cloud-based solution for deployment on a different cloud infrastructure service provider, which could adversely affect our business, financial condition and results of operations.
We rely on AWS to host our solution, and any disruption of service from AWS or material change to our arrangement with AWS could adversely affect our business.
We currently host our solution and support most of our operations using AWS, a provider of cloud infrastructure services. We do not control the operations of AWS’s facilities. AWS’s facilities are vulnerable to damage or interruption from earthquakes, hurricanes, floods, fires, cyber security attacks, terrorist attacks, power losses, telecommunications failures and similar events or could be subject to break-ins, computer viruses, sabotage, intentional acts of vandalism and other misconduct.
The occurrence of any of these events, a decision to close the facilities or cease or limit providing services to us without adequate notice or other unanticipated problems could result in interruptions to our solution, which may be lengthy. Our solution’s continuing and uninterrupted performance is critical to our success and employers and job seekers may become dissatisfied by service interruption. Sustained or repeated system failures could reduce the attractiveness of our solution to customers, cause our customers to decrease their use of or stop using our solution and otherwise adversely affect our business. Moreover, negative publicity from disruptions could damage our reputation.
AWS does not have an obligation to renew its agreements with us on commercially reasonable terms, or at all. If we cannot renew our agreement or are unable to renew on commercially reasonable terms, we may experience costs or downtime in connection with the transfer to, or the addition of, new cloud infrastructure or other data center. If these providers charge high costs for or increase the cost of their services, we will experience higher costs to operate our business and may have to increase the fees to use our marketplace and our operating results may be adversely impacted.
Upon expiration or termination of our agreement with AWS, we may not be able to replace the services provided to us in a timely manner or on terms and conditions, including service levels and cost, that are favorable to us, and a transition from one vendor to another vendor could subject us to operational delays and inefficiencies until the transition is complete. Switching our operations from AWS to another cloud or other data center provider would also be technically difficult, expensive and time consuming.
Any of the above circumstances or events may harm our reputation, cause customers to stop using our solution, impair our ability to increase revenue from existing customers, impair our ability to grow our customer base, subject us to financial penalties and liabilities under our service level agreements and otherwise harm our business, results of operations and financial condition.
We expect fluctuations of our financial results, which may cause quarterly comparisons not to be meaningful.
Our business model is usage-based and there is inherent unpredictability in the timing, duration and scope of our customers’ legal matters requiring use of our solution. Our operating results have fluctuated in the past and are expected to fluctuate in the future due to a variety of factors, many of which are outside of our control. As a result, our quarterly results of operations, including the levels of our revenues, working capital and cash flows, may vary significantly in the future, such that period-to-period comparisons of our results of operations may not be meaningful. Our financial results may fluctuate due to a variety of factors, many of which are outside of our control and may be difficult to predict, including, but not limited to:
•the timing of our customers’ usage of our solution;
•the level of demand for or pricing of our solution;
•our ability to grow or maintain usage by our existing customers and acquire new customers;
•the timing and success of new functionality, features, integrations, capabilities and enhancements by us to our solution, or by our competitors to their products, or any other changes in the competitive landscape of our market;
•the timing and amount of our investments to expand the capacity of our third-party cloud infrastructure providers;
•changes in our customers’ budgets and in the timing of their budget cycles and purchasing decisions;
•changes in regulatory or legal environments that may cause us to incur, among other elements, expenses associated with compliance;
•general economic conditions, both domestically and internationally, as well as economic conditions specifically affecting industries in which our customers participate;
•the effects of potential acquisitions and their integration;
•the impact of new accounting pronouncements;
•changes in the competitive dynamics of our market, including consolidation among competitors or customers;
•significant security breaches of, technical difficulties with or interruptions to the delivery and use of our solution;
•awareness of our brand and our reputation in our target markets;
•errors in our forecasting of the demand for our solution, which would lead to lower revenues, increased costs, or both; and
•our ability to control costs, including research and development and sales and marketing expenses.
Any one or more of the factors above may result in significant fluctuations in our quarterly results of operations. In addition, because we were founded in 2013 and have experienced rapid expansion of our business and revenues since such time, we do not have a long history upon which to base forecasts of future revenue and operating results. Accordingly, we may be unable to accurately forecast our revenues. As a result, our past results may not be indicative of our future performance, and the variability and unpredictability of our quarterly results of operations or other operating metrics could result in our failure to meet our expectations or those of investors or analysts with respect to revenues or other metrics for a particular period. If we fail to meet or exceed such expectations for these or any other reasons, the trading price of our common stock could decline substantially and we could face lawsuits that are costly and may divert management’s attention, including securities class action suits.
If we fail to forecast our revenue accurately, or if we fail to manage our expenditures, our operating results could be adversely affected.
Because our recent growth has resulted in the rapid expansion of our business and revenues, we do not have a long history upon which to base forecasts of future revenue and operating results. We cannot accurately predict customers’ usage given the uncertain timing and duration of legal matters and the diversity of our customer base across industries, geographies and size and other factors. Accordingly, we may be unable to accurately forecast our revenues notwithstanding our substantial investments in sales and marketing, infrastructure and research and development in anticipation of continued growth in our business. If we do not realize returns on these investments in our growth, our results of operations could differ materially from our forecasts, which would adversely affect our results of operations and could disappoint analysts and investors, causing our stock price to decline.
If we fail to adapt and respond effectively to rapidly changing technology, evolving industry standards, changing regulations and changing customer needs, requirements or preferences, our solution may become less competitive.
The market in which we compete is relatively new and subject to rapid technological change, evolving industry standards and regulatory changes, as well as changing customer needs, requirements and preferences.
The success of our business will depend, in part, on our ability to adapt and develop enhancements for our solution that respond effectively to these changes on a timely basis and in a user-friendly manner. If we are unable to evolve our cloud solution to satisfy our customers’ needs and provide enhancements or add new and innovative features and capabilities to our solution that keep pace with rapid technological and industry change, our revenue and operating results could be adversely affected. If new technologies emerge that enable our competitors to deliver competitive products, services and applications at lower prices, more efficiently, more conveniently or more securely, such technologies could adversely impact our ability to compete. If our solution does not allow us or our customers to comply with the latest regulatory requirements, our existing customers may decrease their usage on our solution and new customers will be less likely to adopt our solution.
A limited number of customers represent a substantial portion of our revenue. If we fail to retain these customers, our revenue could decline significantly.
We derive a substantial portion of our revenue from sales to our top 10% customers. As a result, our revenue could fluctuate materially and could be materially and disproportionately impacted by purchasing decisions of these customers or any other significant future customer. Any of our significant customers may decide to purchase less than they have in the past, may alter their purchasing patterns at any time with limited notice, or may decide not to continue to use our solution at all, any of which could cause our revenue to decline and adversely affect our financial condition and results of operations. If we do not further diversify our customer base, we will continue to be susceptible to risks associated with customer concentration.
Our revenue growth depends in part on the success of our strategic relationships with law firms and other legal services providers, and if we are unable to establish and maintain successful relationships with them, our business, operating results and financial condition could be adversely affected.
We seek to grow our partner ecosystem as a way to grow our business. We plan to continue to establish and maintain similar strategic relationships with law firms and other legal services providers and we expect these entities to become an increasingly important aspect of our business. Our future growth in revenue and ability to achieve and sustain profitability depends in part on our ability to identify, establish and retain successful strategic partner relationships in the United States and internationally, which will take significant time and resources and involve significant risk. In order to develop and expand our distribution channel, we must develop and improve our processes for partner introduction and training. If we do not succeed in
identifying suitable strategic partners or maintain our relationships with such partners, our business, operating results and financial condition may be adversely affected.
Moreover, we cannot be certain that these law firm and other legal services provider partners will prioritize or provide adequate resources to promote or utilize our solution. Further, some of our partners also work with our competitors. As a result of these factors, many of our law firm and other legal services provider partners may choose to promote alternative technologies in addition to or in lieu of our solution, either on their own or in collaboration with others, including our competitors. We cannot assure you that our law firm and other legal services provider partners will continue to cooperate with us. In addition, actions taken or omitted to be taken by such parties may adversely affect us. Even if we are successful in establishing and maintaining these relationships with law firms and other legal services providers, we cannot assure you that these relationships will result in increased customer usage of our solution or increased revenue to us.
Failure to effectively develop and expand our marketing and sales capabilities could harm our ability to increase our customer base and achieve broader market acceptance of our solution.
Our ability to increase our customer base and achieve broader market acceptance of our solution will significantly depend on our ability to expand our marketing and sales operations. We plan to continue expanding our sales force and strategic partners, both domestically and internationally. We also plan to dedicate significant resources to sales, marketing and demand-generation programs, including various online marketing activities as well as targeted account-based advertising. The effectiveness of our targeted account-based advertising has varied over time and may vary in the future. All of these efforts will require us to invest significant financial and other resources and if they fail to attract additional customers, our business will be harmed. If our lead generation methods do not result in broader market acceptance of our solution, we will not realize the intended benefits of this strategy and our business will be harmed.
We believe that there is significant competition for sales personnel, including sales representatives, sales managers and sales engineers, with the skills and technical knowledge that we require. Our ability to achieve significant revenue growth will depend in large part on our success in recruiting, training and retaining sufficient numbers of sales personnel to support our growth. New hires require significant training and may take significant time before they achieve full productivity. Our recent hires may not become productive as quickly as we expect, if at all, and we may be unable to hire or retain sufficient numbers of qualified individuals in the markets where we do business or plan to do business. In addition, particularly if we continue to grow rapidly, new members of our sales force will have relatively little experience working with us, our solution and our business model. If we are unable to hire and train sufficient numbers of effective sales personnel, our sales personnel do not reach significant levels of productivity in a timely manner, or our sales personnel are not successful in acquiring new customers or expanding usage by existing customers, our business will be harmed.
The markets in which we participate are competitive, and if we do not compete effectively, our business will be harmed.
The market for technology solutions for law firms, private enterprises and government and other organizations is highly fragmented, competitive and constantly evolving. With the introduction of new technologies and market entrants, we expect that the competitive environment in which we compete will remain intense going forward. Almost all potential customers have existing solutions for ediscovery and legal document review in place, which typically consists of a mix of on-premise point solutions and human professional service providers to deliver these solutions. Our competitors include (i) legal services providers, including large dedicated legal services providers such as Consilio LLC, Epiq Systems, Inc. and KLDiscovery Inc., the legal services divisions of large professional firms such as Deloitte & Touche LLP, Ernst and Young LLP, KPMG LLP and PricewaterhouseCoopers LLP, as well as a large number of smaller regional and local services companies and certain law firms providing in-house ediscovery and document review solutions; (ii) legacy on-premise software providers, such as Nuix Limited, Open Text Corporation and Relativity ODA LLC, or Relativity, RELX PLC and Thomson Reuters Corporation; and (iii) cloud software providers, such as Everlaw, Inc., Logik Systems, Inc. (d.b.a. Logikcull), Relativity’s through its RelativityOne offering and Reveal Data Corporation. In addition, we expect to expand our solution to address additional areas of the legal function and we likely face further competition from existing companies in such areas.
Some of our competitors have made or may make acquisitions or be acquired by private equity sponsors, enterprises or special purpose acquisition companies or may enter into commercial relationships or other strategic relationships that may provide more comprehensive offerings than they individually had offered. Such acquisitions or relationships may help competitors achieve greater economies of scale than us. In addition, new entrants not currently considered to be competitors may enter the market through acquisitions, partnerships or strategic relationships.
We compete on the basis of a number of factors, including:
•our solution’s functionality, scalability, performance, ease of use, reliability, security, availability and cost-effectiveness relative to that of our competitors’ products and services;
•our ability to utilize new and proprietary technologies to offer services and features previously not available in the marketplace;
•our ability to identify new markets, applications and technologies;
•our ability to attract and retain customers;
•our brand, reputation and trustworthiness;
•perceptions about the security, privacy and availability of our solution relative to competitive products and services;
•the quality of our customer support;
•our ability to recruit software developers and sales and marketing personnel; and
•our ability to protect our intellectual property.
Our competitors vary in size and in the breadth and scope of the products and services offered. Many of our competitors and potential competitors have greater name recognition, greater market penetration, longer operating histories, more established customer relationships and installed customer bases and substantially greater financial, human, technical and other resources than we do and may be able to offer competing solutions to potential customers on more favorable terms than us. While some of our competitors provide a platform with applications to support one or more use cases, many others provide point-solutions that address a single use case. Other potential competitors not currently offering competitive applications may expand their product offerings to compete with our solution. Our competitors may be able to respond more quickly and effectively than we can to new or changing opportunities, technologies, standards and customer requirements. An existing competitor or new entrant could introduce new technology that reduces demand for our solution. In addition to application and technology competition, we face pricing competition. Some of our competitors offer their applications or services at a lower price, which has resulted in pricing pressures. Some of our larger competitors have the operating flexibility to bundle competing applications and services with other offerings, including offering them at a lower price or for no additional cost to customers as part of a larger sale of other products. For all of these reasons, we may not be able to compete successfully and competition could result in the failure of our solution to achieve or maintain market acceptance, any of which could harm our business.
If the estimates and assumptions we have used to calculate the size of our addressable market opportunity are inaccurate, our future growth rate may be limited.
We have estimated the size of our addressable market opportunity based on data published by third parties and on internally generated data and assumptions. While we believe our market size information is generally reliable, such information is inherently imprecise and relies on our and third parties’ projections, assumptions and estimates within our target market, which are necessarily subject to a high degree of uncertainty and risk due to a variety of factors, including those described in this Quarterly Report on Form 10-Q. Our market is developing and may develop differently than we expect. Market opportunity estimates and growth forecasts included in the Prospectus, this Quarterly Report on Form 10-Q and other filings we make from time to time with the SEC are subject to significant uncertainty and are based on assumptions and estimates that may not prove to be accurate. If such third-party or internally generated data prove to be inaccurate or we make errors in our projections, assumptions or estimates based on that data, including how current customer data and trends may apply to potential future customers and the number and type of potential customers, our addressable target market opportunity and/or our future growth rate may be less than we currently estimate. In addition, these inaccuracies or errors may cause us to misallocate capital and other business resources, which could divert resources from more valuable alternative projects and harm our business.
The variables that go into the calculation of our market opportunity are subject to change over time and there is no guarantee that any particular number or percentage of addressable users or companies covered by our addressable target market opportunity estimates will purchase our solution at all or generate any particular level of revenue for us. Any expansion in our market depends on a number of factors, including the cost, performance and perceived value associated with our solution and applications and those of our competitors. Even if the market in which we compete meets the size estimates and growth forecasted in this Quarterly Report on Form 10-Q, we may not be successful in capitalizing on such market opportunity and our business could fail to grow for a variety of reasons, including reasons outside of our control, such as competition in our industry.
Our growth is subject to many factors, including our success in expanding our international operations, continuing to expand the use of our solution by our customers and otherwise implementing our business strategy, which are subject to many risks and uncertainties. Accordingly, information regarding the size of our addressable market opportunity should not be taken as indicative of our future growth.
If we fail to develop, maintain and enhance our brand, our ability to expand our customer base will be impaired and our business, results of operations and financial condition may suffer.
We believe that maintaining and enhancing our brand is important to continued market acceptance of our existing and future applications, attracting new customers and retaining existing customers. We also believe that the importance of brand recognition will increase as competition in our market increases. Successfully maintaining and enhancing our brand will depend largely on the effectiveness of our marketing efforts and strategies, our ability to provide a reliable solution that continues to meet the needs of our customers at competitive prices, our ability to maintain our customers’ trust, our ability to continue to develop new functionality and applications for our solution and our ability to successfully differentiate our solution from competitive products and services. Additionally, our brand and reputation may be affected if customers do not have a positive experience with our law firm and other legal services provider partners’ services. Our brand promotion activities may not generate customer awareness or yield increased revenue, and even if they do, any increased revenue may not offset the expenses we incurred in building our brand. If we fail to successfully promote and maintain our brand, our business may be harmed.
Furthermore, any negative publicity relating to our employees, customers or others associated with these parties may also tarnish our own reputation simply by association and may reduce the value of our brand. Damage to our brand and reputation may result in reduced demand for our solution and increased risk of losing market share to our competitors. Any efforts to restore the value of our brand and rebuild our reputation may be costly and may not be successful.
We employ a pricing model that subjects us to various challenges, and given our limited history with our pricing model, we may not be able to accurately predict the optimal pricing necessary to attract new customers and retain existing customers.
We generally charge our customers for their usage of our solution across a variety of dimensions of usage. We do not know whether our current or potential customers or the market in general will continue to accept this pricing model going forward and, if it fails to gain acceptance, our business could be harmed. In addition, we have limited experience with respect to determining the optimal pricing for our solution and, as a result, we have changed our pricing model in the past and expect that we may need to change it in the future. As the market for our solution matures and technology changes and improves, or as new competitors introduce new products or services that compete with ours, we may be unable to attract new customers at the same price or based on the same pricing models as we have used historically. Pricing decisions may also impact the mix of adoption among our customers and negatively impact our overall revenue. Moreover, frequent or significant users of our solution may demand substantial price concessions. As a result, in the future we may be required to reduce our prices or develop new pricing models, which could adversely affect our revenue, gross margin, profitability, financial position and cash flow.
Our sales cycles with customers can be long and unpredictable and our sales efforts require considerable time and expense.
The timing of our sales with our enterprise customers and related revenue recognition is difficult to predict because of the length and unpredictability of the sales cycle for these customers. In addition, for our enterprise customers, the lengthy sales cycle for the evaluation and implementation of our solution may also cause us to experience a delay between incurring expenses for such sales efforts and the generation of corresponding revenue. The length of our sales cycle for these customers can vary substantially from customer to customer. Our sales efforts involve educating our customers about the use, technical capabilities and benefits of our solution. Customers often undertake a prolonged evaluation process, which frequently involves not only our solution but also those of our competitors. In addition, the size of potential customers may lead to longer sales cycles. As the use of our solution can be dependent upon the timing of work in legal matters, our sales cycle can extend to even longer periods of time. During the sales cycle, we expend significant time and money on sales and marketing and contract negotiation activities, which may not result in a completed sale. Additional factors that may influence the length and variability of our sales cycle include:
•the effectiveness of our sales force, particularly new salespeople, as we increase the size of our sales force and train our new salespeople to sell to enterprise customers;
•the discretionary nature of customers’ purchasing decisions and budget cycles;
•customers’ procurement processes, including their evaluation of competing products and services;
•economic conditions and other factors affecting customer budgets;
•the regulatory environment in which our customers operate;
•customers’ familiarity with cloud computing solutions;
•evolving customer demands; and
•competitive conditions.
Given these factors, it is difficult to predict whether and when a customer will switch to our solution.
Further, some of our potential customers may undertake a significant evaluation and negotiation process due to size, organizational structure and approval requirements, all of which can lengthen our sales cycle. We may also face unexpected deployment challenges with such enterprises or more complicated deployment of our solution. These enterprises may demand additional features, support services and pricing concessions or require additional security management or control features. We may spend substantial time, effort and money on sales efforts to these customers without any assurance that our efforts will produce any sales or that these customers will deploy our solution widely enough across their organization to justify our substantial upfront investment. As a result, it is difficult to predict exactly when, or even if, we will make a sale to a potential customer or if we can increase sales to our existing customers.
If we cannot maintain our corporate culture as we grow, our success and our business and competitive position may be harmed.
We believe our culture has been a key contributor to our success to date and that the critical nature of the solution that we provide promotes a sense of greater purpose and fulfillment in our employees. We have invested in building a strong corporate culture and believe it is one of our most important and sustainable sources of competitive advantage. Any failure to preserve our culture could negatively affect our ability to retain and recruit personnel, which is critical to our growth, and to effectively focus on and pursue our corporate objectives. As we grow and develop the systems and processes associated with being a public company, we may find it difficult to maintain these important aspects of our culture. In addition, as we grow and our resources become more globally dispersed, we may find it increasingly difficult to maintain these beneficial aspects of our corporate culture. If we fail to maintain our corporate culture, or if we are unable to retain or hire key personnel, our business and competitive position may be harmed.
The success of our business depends on our customers’ continued and unimpeded access to our solution on the internet.
Our customers must have internet access in order to use our solution. We have experienced, and may in the future experience, disruptions, outages, defects and other performance and quality problems with the public cloud and internet infrastructure on which our cloud solution relies. These problems can be caused by a variety of factors, including introductions of new functionality, vulnerabilities and defects in proprietary and open source software, human error or misconduct, capacity constraints, design limitations, as well as from internal and external security breaches, malware and viruses, ransomware, cyber events, denial or degradation of service attacks or other security-related incidents. In addition, some internet providers may take measures that affect their customers’ ability to use our solution, such as degrading the quality of the content we transmit over their lines, giving that content lower priority, giving other content higher priority than ours, blocking our content entirely, or attempting to charge their customers more for using our solution. As we expand our operations internationally, these problems will be further exacerbated and we will face additional complexity due to our inability to control internet infrastructure outside the United States. Any disruptions, outages, defects and other security performance and quality problems with the public cloud and internet infrastructure on which our cloud solution relies, or any material change in our contractual and other business relationships with our public cloud providers, could result in reduced use of our solution, increased expenses, including significant, unplanned capital investments and harm to our brand and reputation, any of which could have a material adverse effect on our business, financial condition and results of operations.
Any failure to offer high-quality support and professional services for our customers may harm our relationships with our customers and, consequently, our business.
Once our solution is deployed, our customers sometimes request consulting and training to assist them in integrating our solution into their business and rely on our customer support personnel to resolve issues and realize the full benefits that our solution provides. Our ability to provide effective customer support is largely dependent on our ability to attract, train and retain qualified personnel with experience in supporting customers with a cloud solution such as ours and maintaining the same. The number of our customers has grown significantly, which is likely to increase demand for consulting, training, support and maintenance related to our solution and place additional pressure on our customer support teams. If we are unable to provide sufficient high-quality consulting, training, integration and maintenance resources, our customers may not effectively integrate
our solution into their business or realize sufficient business value from our solution to justify further usage, which could impact our future financial performance. We may be unable to respond quickly enough to accommodate short-term increases in customer demand for technical support or maintenance assistance. We also may be unable to modify the future, scope and delivery of our maintenance services and technical support to compete with changes in the technical services provided by our competitors. Increased customer demand for support and professional services, without corresponding revenue, could increase costs and negatively affect our operating results. In addition, as we continue to grow our operations and support our global customer base, we need to be able to continue to provide efficient support and effective maintenance that meets our customers’ needs globally at scale. Our ability to attract new customers is highly dependent on our business reputation and on positive recommendations from our existing customers. Any failure to maintain high-quality support services, or a market perception that we do not maintain high-quality support services for our customers, would harm our business.
We rely on the performance of highly skilled personnel, including our management and other key employees and the loss of one or more of such personnel, or of a significant number of our team members, could harm our business.
We believe our success has depended, and continues to depend, on the efforts and talents of senior management and key personnel, including Kiwi Camara, our Co-Founder and Chief Executive Officer. From time to time, there may be changes in our management team resulting from the hiring or departure of executives and key employees, which could disrupt our business. We also are dependent on the continued service of our existing software engineers because of the complexity of our solution, and our existing salespeople, because of their relationship with our customers. Our senior management and key employees are employed on an at-will basis. In addition, many of our senior management and key employees may be able to receive significant proceeds from sales of our equity in the public markets after our IPO, which may reduce their motivation to continue to work for us. We cannot ensure that we will be able to retain the services of any member of our senior management or other key employees or that we would be able to timely replace members of our senior management or other key employees should any of them depart. The loss of one or more of our senior management or other key employees could harm our business.
The failure to attract and retain additional qualified personnel could prevent us from executing our business strategy.
To execute our business strategy and growth plan, we must attract and retain highly qualified personnel. Competition for executive officers, software developers, legal professionals, sales and customer support personnel and other key employees in our industry is intense. In particular, we compete with many other companies for software developers with high levels of experience in designing, developing and managing cloud-based software, as well as for legal professionals to support our solution and skilled sales and operations professionals. In addition, we believe that the success of our business and corporate culture depends on employing people with a variety of backgrounds and experiences and the competition for such diverse personnel is significant. While the market for such talented personnel is particularly competitive in Austin, Texas, where our headquarters is located, it is also competitive in other markets where we maintain operations and the increased prevalence of remote work has increased competition for employees in all markets. Moreover, to the extent we expand our operations to additional markets, we may face difficulties attracting talented personnel to such locations. Many of the companies with which we compete for experienced personnel have greater resources than we do and can frequently offer such personnel substantially greater compensation than we can offer. If we fail to attract new personnel or fail to retain and motivate our current personnel, our business would be harmed.
Future acquisitions, strategic investments, partnerships, or alliances could be difficult to identify and integrate, divert the attention of management, disrupt our business and dilute stockholder value.
While we have not made acquisitions historically, we may in the future make acquisitions of other companies, products and technologies that we believe could complement, expand or enhance the features and functionality of our solution and technical capabilities, broaden our service offerings or offer growth opportunities. We may not be able to find suitable acquisition candidates and we may not be able to complete acquisitions on favorable terms, if at all. If we do complete acquisitions, we may not ultimately strengthen our competitive position or achieve our goals and any acquisitions we complete could be viewed negatively by customers, developers or investors. In addition, we may not be able to integrate acquired businesses successfully or effectively manage the combined company following an acquisition. If we fail to successfully integrate our acquisitions, or the people or technologies associated with those acquisitions, into our company, the results of operations of the combined company could be adversely affected. Any integration process will require significant time and resources, require significant attention from management and disrupt the ordinary functioning of our business and we may not be able to manage the process successfully, which could harm our business. In addition, we may not successfully evaluate or utilize the acquired technology and accurately forecast the financial impact of an acquisition transaction, including accounting charges.
We may have to pay cash, incur debt or issue equity securities to pay for any such acquisition, each of which could affect our financial condition or the value of our capital stock. The sale of equity to finance any such acquisitions could result in dilution to our stockholders. If we incur more debt, it would result in increased fixed obligations and could also subject us to covenants or other restrictions that would impede our ability to flexibly operate our business.
Our current operations are international in scope and we plan on further geographic expansion, creating a variety of operational challenges.
A component of our growth strategy involves the further expansion of our operations and customer base internationally. For the year ended December 31, 2020, the percentage of revenue generated from customers outside the United States was less than 5.0% of our total revenue. Beyond the United States, we have operational presence internationally in Canada and the United Kingdom. We are continuing to adapt to and develop strategies to address international markets but there is no guarantee that such efforts will have the desired effect. In connection with such expansion, we may face difficulties, including costs associated with expansion, varying seasonality patterns, potential adverse movement of currency exchange rates, longer payment cycle difficulties in collecting accounts receivable in some countries, increased management, travel, infrastructure and legal compliance costs associated with having operations and developing our business in multiple jurisdictions, different technical standards, existing or future regulatory and certification requirements and required features and functionality, political and economic conditions and uncertainty in each country or region in which we operate and general economic and political conditions and uncertainty around the world, tariffs and trade barriers, a variety of regulatory or contractual limitations on our ability to operate, adverse tax events, reduced protection of intellectual property rights in some countries and a geographically and culturally diverse workforce and customer base. In addition, our solution has been developed with a focus on the practice of law in the United States and the rules and regulations applicable domestically in the United States and we may be required to expend substantial time and resources to update our solution or develop new applications to address alternative systems of legal resolution in other jurisdictions. Furthermore, in certain jurisdictions in which we seek to enter, the rules and regulations governing the practice of law and e-discovery may impose additional obligations or restrictions on our operations. Failure to overcome any of these difficulties could harm our business.
Our limited experience in operating our business internationally increases the risk that any potential future expansion efforts that we may undertake will not be successful. If we invest substantial time and resources to further expand our international operations and are unable to do so successfully and in a timely manner, our business may be harmed.
We are exposed to fluctuations in currency exchange rates.
Our sales contracts are primarily denominated in U.S. dollars and therefore substantially all of our revenue is not subject to foreign currency risk. However, a strengthening of the U.S. dollar could increase the real cost of our solution to our customers outside of the United States, which could adversely affect our operating results. In addition, an increasing portion of our operating expenses is incurred and an increasing portion of our assets is held outside the United States. These operating expenses and assets are denominated in foreign currencies and are subject to fluctuations due to changes in foreign currency exchange rates. While we do not currently engage in hedging efforts, if we do not successfully hedge against the risks associated with currency fluctuations as our international operations and customer base grow, our business may be harmed.
Current and future indebtedness could restrict our operations, particularly our ability to respond to changes in our business or to take specified actions.
Our current revolving credit facility contains, and any future indebtedness would likely contain, a number of restrictive covenants that impose significant operating and financial restrictions on us, including restrictions on our ability to take actions that may otherwise be in our best interests. Our ability to meet those financial covenants can be affected by events beyond our control and we may not be able to continue to meet those covenants. In addition, a breach of a covenant under our revolving credit facility or any future indebtedness may result in a cross-default under a separate credit facility. If we seek to enter into a new or additional credit facility, we may not be able to obtain debt financing on terms that are favorable to us, if at all. The lender under our revolving credit facility has rights senior to holders of common stock to make claims on our assets and the terms of our revolving credit facility restrict our operations, including our ability to pay dividends on our common stock. If we are unable to obtain adequate financing or financing on terms that are satisfactory to us when we require it, our ability to continue to support our business growth and to respond to business challenges could be significantly impaired and our business may be harmed.
Risks Related to Socioeconomic Factors
Unfavorable conditions in our industry or the global economy or reductions in legal spending could harm our business.
Our results of operations may vary based on the impact of changes in our industry or the global economy on us or our customers and potential customers. This risk is presently heightened by the uncertain economic impact of the ongoing COVID-19 pandemic. Current or future economic uncertainties or downturns could adversely affect our business and results of operations. Negative conditions in the general economy both in the United States and abroad, including conditions resulting from changes in gross domestic product growth, financial and credit market fluctuations, political turmoil, natural catastrophes, warfare and terrorist attacks on the United States, Europe, the Asia-Pacific region, or elsewhere, could cause a decrease in business investments, including spending on information technology, which would harm our business. To the extent that our solution is perceived by customers and potential customers as too costly, or difficult to deploy or migrate to, our revenue may be disproportionately affected by delays or reductions in general information technology spending. Moreover, corporate entities may elect to reduce legal spending, both internally and through outside counsel, or be less willing to try alternatives to the traditional legal function. Also, our competitors, many of whom are larger and have greater financial resources than we do, may respond to market conditions by lowering prices and attempting to lure away our customers. We cannot predict the timing, strength or duration of any economic slowdown, instability or recovery, generally or within any particular industry.
Our business and results of operations may be materially adversely affected by the ongoing COVID-19 pandemic, including variants of COVID-19, or other similar outbreaks or pandemics.
Our business could be materially adversely affected by the outbreak of a widespread health epidemic or pandemic, including the ongoing outbreak of COVID-19, which has been declared a “pandemic” by the World Health Organization, variants of COVID-19 or other similar outbreaks or pandemics. The COVID-19 outbreak has reached across the globe, resulting in the implementation of significant governmental measures, including lockdowns, closures, quarantines, travel bans and occupancy limits intended to control the spread of the virus. Government authorities, including those in Austin, Texas, where our headquarters is located, previously instituted policies that required most of our employees in that area to work remotely. While strict shelter-in-place and similar orders have generally been lifted, continued limitations on indoor occupancy or other restrictions applicable to in-person operations have been and may in the future be re-instituted in some jurisdictions as rates of infection increase in those locations, including in light of the current spread of the Delta variant and other potentially more contagious variants of the COVID-19 virus. These policies have, and are expected to continue to have, an impact on our business and the business of our customers. For example, customers’ inability to access their office resulted in delays in collecting data for use in legal matters and delayed increases in usage of our solution consequently reduced our revenue growth. This impact could increase if further actions that alter our operations are required by applicable government authorities or if we determine further actions are in the best interests of our customers’ or of our employees.
To the extent that these restrictions remain in place, additional prevention and mitigation measures are implemented in the future, or there is uncertainty about the effectiveness of these or any other measures to contain or treat COVID-19 and COVID-19 variants, there could be an adverse impact on global economic conditions, which could materially and adversely impact our customers through reduced consumer demand for their products and services, which could in turn negatively impact our customers’ willingness or ability to enter into or renew contracts with us. While at this time we are working to manage and mitigate potential disruptions to our operations, the fluid nature of the pandemic and uncertainties regarding the related economic impact are likely to result in sustained market turmoil, which may harm our business, results of operations and financial condition. We cannot predict how the COVID-19 pandemic and COVID-19 variants will continue to develop, whether and to what extent government regulations or other restrictions may impact our operations or those of our customers, the timing of vaccine rollouts and rates of vaccination or whether or to what extent the COVID-19 pandemic and COVID-19 variants or the effects thereof may have longer-term unanticipated impacts on our business.
The extent of COVID-19 and COVID-19 variants’ effects on our operational and financial performance will depend on future developments, including the duration, spread and intensity of the pandemic, all of which are uncertain and difficult to predict considering the rapidly evolving landscape. As a result, it is not currently possible to ascertain the overall impact of COVID-19 on our business. However, if the pandemic continues to persist as a severe worldwide health crisis, the disease may harm our business and may also have the effect of heightening many of the other risks described in this “Risk Factors” section.
Risks Related to Our Intellectual Property
Any failure to protect our proprietary technology and intellectual property rights could substantially harm our business and operating results.
Our success and ability to compete depends in part on our intellectual property and our other proprietary technology information. We seek to control access to our proprietary information by entering into a combination of confidentiality and proprietary rights agreements, invention assignment agreements and nondisclosure agreements with our employees, consultants and third parties with whom we have relationships.
As of September 30, 2021, we had three U.S. granted patents and nine pending U.S. patent applications related to our solution and its technology. We cannot assure you that any of our patent applications will result in the issuance of a patent or that the examination process will not require us to narrow our claims. Any patents that issue from any patent applications may not give us the protection that we seek or may be challenged, invalidated or circumvented. Any patents that may issue in the future from our pending or future patent applications may not provide sufficiently broad protection and may not be valid and enforceable in actions against alleged infringers. Any patents we have obtained or may obtain in the future may be found to be invalid or unenforceable in light of recent and future changes in the law, or because of technology developed prior to the inventions we have sought to patent or because of defects in our patent prosecution process.
We may in the future be subject to legal proceedings and litigation, including intellectual property disputes, which are costly and may subject us to significant liability and increased costs of doing business. Our business may suffer if it is alleged or determined that our technology infringes the intellectual property rights of others.
The software industry is characterized by the existence of a large number of patents, copyrights, trademarks, trade secrets and other intellectual property rights. Companies in the software industry are often required to defend against litigation claims based on allegations of infringement, misappropriation or other violations of intellectual property rights. Our technologies may not be able to withstand any third-party claims or rights against their use. In addition, many of these companies have the capability to dedicate substantially greater resources to enforce their intellectual property rights (and may also have greater resources to defend claims that may be brought against them). Any litigation may also involve patent holding companies or other adverse patent owners that have no relevant product revenue and against which our patents may therefore provide little or no deterrence. If a third party is able to obtain an injunction preventing us from accessing such third-party intellectual property rights, or if we cannot license or develop technology for any infringing aspect of our business, we would be forced to limit or stop offering applications impacted by the claim or injunction or cease business activities covered by such intellectual property and may be unable to compete effectively. Any inability to license third-party technology in the future would have an adverse effect on our business or operating results and would adversely affect our ability to compete. We may also be contractually obligated to indemnify our customers in the event of infringement of a third party’s intellectual property rights and any such claims could hurt our business as well. Such claims, regardless of their merit, can be time-consuming, costly to defend in litigation and damaging to our reputation and brand. In addition, although we carry general liability and cyber security insurance, our insurance may not be adequate to indemnify us for all liability that may be imposed or otherwise protect us from liabilities or damages with respect to claims alleging compromises of customer data and any such coverage may not continue to be available to us on acceptable terms or at all.
Lawsuits are time-consuming and expensive to resolve, and they divert management’s time and attention and could cause current or potential customers to seek other providers. Although we carry insurance, our insurance may not cover potential claims of this type or may not be adequate to indemnify us for all liability that may be imposed nor the full extent of the harm that we might face. We cannot predict the outcome of lawsuits and the results of any such actions may harm our business.
Failure to protect our intellectual property rights could impair our ability to protect our proprietary technology and our brands as well as our competitive advantage.
We currently rely on a combination of patent, trademark, copyright and trade secret laws and other intellectual property rights and confidentiality or license agreements with our employees, customers, partners and others, to protect our intellectual property rights. Our success and ability to compete depend, in part, on our ability to protect our intellectual property, including our proprietary technology and our brands. If we are unable to protect our proprietary rights adequately, our competitors could use the intellectual property we have developed to enhance their own products and services, which may harm our business. It can be difficult to successfully enforce intellectual property rights and the fact that we have certain intellectual property rights does not necessarily mean that such rights are broad or strong enough to afford us a meaningful degree of protection. Furthermore, irrespective of the scope of our intellectual property rights, we may not be able to stop competitors from developing similar technologies or offering similar solutions.
We may become involved in lawsuits to protect or enforce our intellectual property, which could be expensive, time-consuming and unsuccessful.
Third parties, including our competitors, could be infringing, misappropriating or otherwise violating our intellectual property rights. In order to protect our intellectual property rights, we may be required to spend significant resources to monitor and protect our intellectual property rights. Litigation may be necessary in the future to enforce our intellectual property rights and to protect our trade secrets. Litigation brought to protect and enforce our intellectual property rights could be costly, time-consuming and distracting to management and could result in the impairment or loss of portions of our intellectual property.
Further, our efforts to enforce our intellectual property rights may be met with defenses, counterclaims and countersuits attacking the validity and enforceability of our intellectual property rights, and if such defenses, counterclaims or countersuits are successful, we could lose valuable intellectual property rights. An adverse determination of any litigation proceedings could put our intellectual property at risk of being invalidated or interpreted narrowly and could put our related patents, patent applications and trademark filings at risk of being invalidated, not issuing or being cancelled. Furthermore, because of the substantial amount of discovery required in connection with intellectual property litigation, there is a risk that some of our confidential or sensitive information could be compromised by disclosure in the event of litigation. In addition, during the course of litigation there could be public announcements of the results of hearings, motions or other interim proceedings or developments. If securities analysts or investors perceive these results to be negative, it could have a substantial adverse effect on the price of our common stock. Our inability to protect our proprietary technology against unauthorized copying or use, as well as any costly litigation or diversion of our management’s attention and resources, could delay further sales or the implementation of our solution, impair the functionality of our solution, delay introductions of new applications, result in our substituting inferior or more costly technologies into our solution or injure our reputation. Any of the foregoing could adversely impact our business, financial condition and results of operations.
We may be subject to claims asserting that our employees, consultants or advisors have wrongfully used or disclosed alleged trade secrets of their current or former employers or claims asserting ownership of what we regard as our own intellectual property.
Although we try to ensure that our employees, consultants and advisors do not use the proprietary information or know-how of others in their work for us, we may be subject to claims that we or these individuals have used or disclosed intellectual property, including trade secrets or other proprietary information, of any such individual’s current or former employer. Litigation may be necessary to defend against these claims. If we fail in defending any such claims, in addition to paying monetary damages, we may lose valuable intellectual property rights or personnel. Even if we are successful in defending against such claims, litigation could result in substantial costs and be a distraction to management.
In addition, while it is our policy to require our employees and contractors who may be involved in the creation or development of intellectual property on our behalf to execute agreements assigning such intellectual property to us, we may be unsuccessful in having all such employees and contractors execute such an agreement. The assignment of intellectual property may not be self-executing or the assignment agreement may be breached and we may be forced to bring claims against third parties or defend claims that they may bring against us to determine the ownership of what we regard as our intellectual property. Any of the foregoing could have a material adverse effect on our business, financial condition and results of operations.
Provisions in various agreements to which we are party potentially expose us to substantial liability for intellectual property infringement, data protection and other losses.
Our agreements with customers and other third parties sometimes include provisions under which we are liable or agree to indemnify them for losses suffered or incurred as a result of claims of intellectual property infringement, data protection, damages caused by us to property or persons, or other liabilities relating to or arising from our solution, services, or other contractual obligations. Some of these agreements provide for uncapped liability for which we would be responsible, and some provisions survive termination or expiration of the applicable agreement. Large liability payments could harm our business, results of operations and financial condition. Although we normally contractually limit our liability with respect to such obligations, we may still incur substantial liability related to them, and in the case of an intellectual property infringement indemnification claim, we may be required to cease use of certain functions of our solution as a result of any such claims. Any dispute with a customer with respect to such obligations could have adverse effects on our relationship with that customer and other existing customers and new customers and harm our business. Even when we have contractual protections against such customer claims, we may choose to honor a customer’s request for indemnification or otherwise seek to maintain customer satisfaction by issuing customer credits, assisting our customer in defending against claims, or in other ways.
Any significant change to applicable laws, regulations or industry practices regarding the collection, use, retention, security or disclosure of our customers’ content, or regarding the manner in which the express or implied consent of customers for the collection, use, retention or disclosure of such content is obtained, could increase our costs and require us to modify our solution, possibly in a material manner, which we may be unable to complete and may limit our ability to store and process customer data or develop new applications and features.
Risks Related to Litigation, Regulatory Compliance and Governmental Matters
Any future litigation against us could be costly and time-consuming to defend.
We are, and may become, subject to legal proceedings and claims that arise in the ordinary course of business, such as claims brought by our customers in connection with commercial disputes or employment claims made by our current or former employees. Litigation might result in substantial costs and may divert management’s attention and resources, which might seriously harm our business, financial condition and results of operations. Insurance might not cover such claims, might not provide sufficient payments to cover all the costs to resolve one or more such claims and might not continue to be available on terms acceptable to us. A claim brought against us that is uninsured or underinsured could result in unanticipated costs, potentially harming our business, financial position and results of operations.
We operate in a highly regulated industry and either are or may be subject to a wide range of federal, state and local, as well as foreign, laws, rules and regulations and our failure to comply with these laws and regulations may force us to change our operations or harm our business.
The legal industry is and will continue to be subject to extensive and evolving U.S. federal, state and foreign laws, rules and regulations, including the rules and regulations of the organizations and other authorities governing the legal profession in the jurisdictions in which we or our customers operate. These laws, rules and regulations can vary significantly from jurisdiction to jurisdiction. For example, in the United States, each state has adopted laws, regulations and codes of ethics that provide for the licensure of attorneys, generally grant licensed attorneys the exclusive right to practice law in that state and place restrictions upon the activities of licensed lawyers. The practice of law other than by an attorney entitled to practice in the jurisdiction is generally referred to as the unauthorized practice of law. As a company, we are not authorized to practice law. In the United States, we may not provide legal advice to our clients, primarily because we do not meet the ethical and regulatory requirements, present in nearly every U.S. jurisdiction, of being exclusively owned by licensed attorneys.
Our solution includes alternatives to certain traditional methods of legal services and we therefore may face claims that we are engaged in the unauthorized practice of law. Despite our belief that our operations are not subject to, or are otherwise compliant with, the requirements of the jurisdictions in which we or our customers operate, regulators or other authorities of such jurisdictions could deem that we, our employees or our customers are engaged in the unauthorized practice of law or otherwise determine that we are subject to the relevant rules and regulations governing the conduct of attorneys. In such circumstances, regulators may enjoin our operations, subject us to rules governing conflicts of interests, require registration, seek to impose punitive fines or sanctions or take other disciplinary actions against us, our employees or our customers, any of which may inhibit our ability to do business in those jurisdictions, adversely impact our reputation, increase our operating expenses and adversely affect our financial condition and results of operations.
In addition, we are subject to regulations and laws specifically governing the internet and the collection, storage, processing, transfer and other use of personal information and other customer data. We also are subject to laws and regulations involving taxes, privacy and data security, anti-spam, content protection, electronic contracts and communications, mobile communications, unencumbered internet access to our solution, the design and operation of websites and internet neutrality.
The foregoing description of laws and regulations to which we are or may be subject is not exhaustive and the regulatory framework governing our operations is subject to evolving interpretations and continuous change. Moreover, if we expand into additional jurisdictions, we will be subject to an increased variety of new and complex laws and regulations.
We are subject to anti-corruption, anti-bribery, anti-money laundering and similar laws and noncompliance with such laws can subject us to criminal or civil liability and harm our business, financial condition and results of operations.
We are subject to the U.S. Foreign Corrupt Practices Act, or FCPA, U.S. domestic bribery laws, the United Kingdom Bribery Act and other anti-corruption and anti-money laundering laws in the countries in which we conduct activities. Due to the international scope of our operations, we must comply with these laws in each jurisdiction where we operate. Additionally, many anti-bribery and anti-corruption laws, including the FCPA, have long-arm statutes that can expand the applicability of these laws to our operations worldwide. Accordingly, we must incur significant operational costs to support our ongoing
compliance with anti-bribery and anti-corruption laws at all levels of our business. If we fail to comply with these laws, we may be subject to significant penalties. Anti-corruption and anti-bribery laws have been enforced aggressively in recent years and are interpreted broadly to generally prohibit companies, their employees and their third-party intermediaries from authorizing, offering or providing, directly or indirectly, improper payments or benefits to recipients in the public or private sector. As we increase our international and public sector sales and businesses, we may engage with business partners and third-party intermediaries to market our solution and to obtain necessary permits, licenses and other regulatory approvals. In addition, we or our third-party intermediaries may have direct or indirect interactions with officials and employees of government agencies or state-owned or affiliated entities. We can be held liable for the corrupt or other illegal activities of these third-party intermediaries and our employees, representatives, contractors, partners and agents, even if we do not explicitly authorize such activities.
While we have policies and procedures to address compliance with such laws, we cannot assure you that all of our employees and agents will not take actions in violation of our policies and applicable law, for which we may be ultimately held responsible. As we increase our international sales and business, our risks under these laws may increase.
Detecting, investigating and resolving actual or alleged violations of anti-corruption laws can require a significant diversion of time, resources and attention from senior management. In addition, noncompliance with anti-corruption, anti-bribery or anti-money laundering laws could subject us to whistleblower complaints, investigations, sanctions, settlements, prosecution, enforcement actions, fines, damages, other civil or criminal penalties or injunctions, suspension or debarment from contracting with certain persons, reputational harm, adverse media coverage and other collateral consequences. If any subpoenas or investigations are launched, or governmental or other sanctions are imposed, or if we do not prevail in any possible civil or criminal proceeding, our business, financial condition and results of operations could be harmed. In addition, responding to any action will likely result in a materially significant diversion of management’s attention and resources and significant defense costs and other professional fees.
Sales to government entities and highly regulated organizations are subject to a number of challenges and risks.
We intend to sell our solution to U.S. federal, state and local, as well as foreign, governmental agency customers, as well as to customers in highly regulated industries such as financial services and healthcare. Sales to such customers are subject to a number of challenges and risks. Selling to such customers can be highly competitive, expensive and time-consuming, often requiring significant upfront time and expense without any assurance that these efforts will generate a sale. These current and prospective customers may also be required to comply with stringent regulations in connection with purchasing and implementing our solution or particular regulations regarding third-party vendors that may be interpreted differently by different customers. In addition, Congress and regulatory agencies may impose requirements on third-party vendors generally, or our company in particular, that we may not be able to, or may not choose to, meet. In addition, government customers and customers in these highly regulated industries often have a right to conduct audits of our systems and practices, which can be time-consuming and expensive. In the event that one or more customers determine that some aspect of our business does not meet regulatory requirements, we may be limited in our ability to continue or expand our business and could be subject to audits or investigations by government enforcement personnel. In addition, if our solution does not meet the standards of new or existing regulations, we may be in breach of our contracts with these customers, allowing or requiring them to terminate their agreements.
Government contracting requirements may also change and in doing so restrict our ability to sell into the government sector until we have attained the requisite approvals or until our solution meets government requirements. Government demand and payment for our solution are affected by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our solution.
These customers may also be subject to a rapidly evolving statutory and regulatory framework that may influence their ability to use our solution. Moreover, changes in the underlying statutory and regulatory conditions that affect these types of customers could harm our ability to efficiently provide them access to our solution and to grow or maintain our customer base. If we are unable to enhance, modify or improve our solution to keep pace with evolving customer requirements, or if new technologies emerge that are able to deliver competitive products and services at lower prices, more efficiently, more conveniently, or more securely than our solution, our business, financial condition and results of operations could be adversely affected.
Further, governmental and highly regulated entities may demand contractual terms that differ from our standard arrangements and are less favorable than terms agreed with private sector customers, including preferential pricing or “most favored nation” terms and conditions or are contract provisions that are otherwise time-consuming and expensive to satisfy and
monitor. In the United States, applicable federal contracting regulations change frequently and the President may issue executive orders requiring federal contractors to adhere to new compliance requirements after a contract is signed that could result in the loss of contracts for contractors who do not meet those requirements. If we undertake to meet special standards or requirements and do not meet them, we could be subject to significant liability from our customers or federal and state regulators and enforcement agencies. Even if we do meet these special standards or requirements, the additional costs associated with providing our solution to government and highly regulated customers could harm our operating results. In addition, engaging in sales activities with foreign governments introduces additional compliance risks specific to the FCPA, the United Kingdom Bribery Act and other similar statutory requirements prohibiting bribery and corruption in the jurisdictions in which we operate.
Such entities may have statutory, contractual or other legal rights to terminate contracts with us or our partners for convenience or for other reasons. Any such termination may adversely affect our ability to contract with other government customers as well as our reputation, business, financial condition and results of operations.
We are subject to governmental export and import controls that could impair our ability to compete in international markets or subject us to liability if we violate such controls.
Our solution is subject to U.S. export controls, including the Export Administration Regulations administered by the U.S. Commerce Department and economic sanctions administered by the Office of Foreign Assets Control, or OFAC, of the U.S. Treasury Department, and we incorporate encryption technology into certain of our applications. These encryption products and the underlying technology may be exported outside of the United States or accessed by foreign persons within the United States only with the required export authorizations.
Furthermore, our activities are subject to U.S. economic sanctions laws and regulations that generally prohibit the direct or indirect exportation or provision of products and services without the required export authorizations to countries, governments and individuals and entities targeted by U.S. embargoes or sanctions, except to the extent authorized by OFAC or exempt from sanctions. Obtaining the necessary export license or other authorization for a particular sale may not always be possible, and, even if the export license is ultimately granted, the process may be time-consuming and may result in the delay or loss of sales opportunities. Violations of U.S. sanctions or export control laws can result in significant fines or penalties and possible incarceration for responsible employees and managers could be imposed for criminal violations of these laws.
Other countries also regulate the import and export of certain encryption products and technology through import and export licensing requirements and have enacted laws that could limit our ability to distribute our solution or could limit our customers’ ability to implement our solution in those countries. Changes in our solution or future changes in export and import regulations may create delays in the introduction of our solution in international markets, prevent our customers with international operations from deploying our solution globally, or, in some cases, prevent the export or import of our solution to certain countries, governments or persons altogether. From time to time, various governmental agencies have proposed additional regulation of encryption products and technology, including the escrow and government recovery of private encryption keys. Any change in export or import regulations, economic sanctions or related legislation, increased export and import controls, or change in the countries, governments, persons or technologies targeted by such regulations could result in decreased use of our solution by, or in our decreased ability to export or sell our solution to, existing or potential customers with international operations. Any decreased use of our solution or limitation on our ability to export or sell our solution would harm our business.
Risks Related to Information Technology and Cybersecurity
The unavailability of or change in the terms or nature of access to third-party technology could harm our business
We license certain software from third parties and incorporate or integrate such components into and with our solution. Certain third-party software has become central to the operation and delivery of our solution. Any inability to license necessary third-party technology in the future, or maintain sufficient rights or reasonable terms under existing third-party technology that we rely upon, could have an adverse effect on our business or operating results and adversely affect our ability to compete.
A large portion of our third-party software license contracts have fixed durations and may be renewed only by mutual consent. There is no assurance that we will be able to renew these contracts as they expire or that such renewals will be on the same or substantially similar terms or on conditions that are commercially reasonable to us. If we fail to renew these contracts as they expire, we may be unable to offer certain aspects of our solution to our customers. In addition, all of our third-party software licenses are nonexclusive; and therefore, our competitors may obtain the right to license certain of the technology covered by these agreements to compete directly with us.
If certain of our third-party licensors were to change product offerings, cease actively supporting the technologies, fail to update and enhance the technologies to keep pace with changing industry standards, encounter technical difficulties in the continuing development of these technologies, significantly increase prices, terminate our licenses, suffer significant capacity or supply chain constraints or suffer significant disruptions, we would need to seek alternative suppliers and incur additional internal or external development costs to ensure continued performance of our solution. Such alternatives may not be available on attractive terms or may not be as widely accepted or as effective as the current licenses provided by our existing suppliers. Furthermore, certain customers may require that we use or ensure that our solution is compatible with certain enterprise software offerings, such as Microsoft Office 365. If we fail to obtain licenses to use such third-party offerings or otherwise integrate our solution with such offerings, our business may be harmed. If the cost of licensing or maintaining the third-party intellectual property significantly increases, our operating earnings could significantly decrease. In addition, interruption in functionality of our solution as a result of changes in or with third-party licensors could adversely affect our commitments to customers, future sales of our solution and harm our business.
Elements of our solution use open source software, which may restrict the functionality of our solution or require that we release the source code of certain applications subject to those licenses.
Our solution incorporates software licensed under open source licenses and we expect to continue to incorporate software licensed under open source licenses in the future. Such open source licenses sometimes require that source code subject to the license be made available to the public and that any modifications or derivative works to open source software continue to be licensed under open source licenses. Few courts have interpreted open source licenses and the manner in which these licenses may be interpreted and enforced is therefore subject to some uncertainty. We rely on multiple software programmers to design our proprietary technologies and we do not exercise complete control over the development efforts of our programmers and we cannot be certain that our programmers have not incorporated open source software into our proprietary solution and technologies or that they will not do so in the future. There is a risk that open source licenses could be construed in a manner that imposes unanticipated conditions, restrictions or costs on our ability to provide or distribute our software solution. To that end, while we try to mitigate the likelihood of such risks, we may from time to time face claims from third parties alleging ownership of, or demanding release or general availability of, the open source software or derivative works that we developed using such software, which could include our proprietary source code, or otherwise seeking to enforce the terms of the applicable open source license. These claims could result in litigation, which could be costly for us to defend and could adversely affect our core functionality and services. If we face such problems and attempt or are required to re-engineer our solution to mitigate them, it could require significant additional research and development resources and we may not be able to complete it successfully or in a timely manner. In addition to risks related to license requirements, usage of certain open source software can lead to greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or controls on the origin of software. Many of these risks could be difficult to eliminate or manage and could reduce or eliminate the value of our solution and technologies and materially and adversely affect our ability to sustain and grow our business.
Our actual or perceived failure to comply with privacy, data protection and information security laws, regulations and similar non-regulatory obligations could harm our business.
We are subject to numerous federal, state, local and international laws and regulations regarding privacy, data protection, information security and the storing, sharing, use, processing, transfer, disclosure and protection of personal information and other content, the scope of which is changing, subject to differing interpretations and may be inconsistent among countries, or conflict with other rules. We are also subject to the terms of our privacy policies and obligations to third parties (including contractual) related to privacy, data protection and information security. We strive to comply with applicable laws, regulations, policies and other legal obligations relating to privacy, data protection and information security. However, the regulatory framework for privacy and data protection worldwide is unclear, and is likely to remain uncertain, for the foreseeable future, and it is possible that these or other actual or perceived obligations may be interpreted and applied in a manner that is inconsistent from one jurisdiction to another and may conflict with other rules or our practices. We also expect that there will continue to be new laws, regulations and industry standards concerning privacy, data protection and information security proposed and enacted in various jurisdictions.
The collection, use, storage, disclosure, transfer or other processing of personal data regarding European Union, or EU, data subjects in the European Economic Area, or EEA, and/or carried out in the context of the activities of our establishment in any EEA member state, may be subject to the General Data Protection Regulation, or GDPR, which became effective on May 25, 2018. The GDPR is wide-ranging in scope and imposes numerous additional requirements on companies that process personal data of individuals residing in Europe, requiring that consent of individuals to whom the personal data relates is obtained in certain circumstances, requiring additional disclosures to individuals regarding data processing activities, requiring
that appropriate safeguards are implemented to protect the security and confidentiality of personal data, creating mandatory data breach notification requirements in certain circumstances and requiring that certain measures (including contractual requirements) are put in place when engaging third-party data processors. The GDPR permits data protection authorities to impose large penalties for violations of the GDPR, including potential fines of up to €20 million or 4% of annual global revenue, whichever is greater. The GDPR also provides individuals with various rights in respect of their personal data, including rights of access, erasure, portability, rectification, restriction and objection and confers a private right of action on data subjects and consumer associations to lodge complaints with supervisory authorities, seek judicial remedies and obtain compensation for damages resulting from violations of the GDPR. The GDPR requirements may apply not only to third-party transactions, but also to transfers of information between us and our subsidiaries, including employee information.
Although there are legal mechanisms to allow for the transfer of personal data from the United Kingdom, the EEA and Switzerland to the United States, uncertainty about compliance with such data protection laws remains and such mechanisms may not be available or applicable with respect to the personal data processing activities necessary to research, develop and market our solution. For example, legal challenges in Europe to the mechanisms allowing companies to transfer personal data from the EEA to the United States could result in further limitations on the ability to transfer personal data across borders, particularly if governments are unable or unwilling to reach agreement on or maintain existing mechanisms designed to support cross-border data transfers, such as the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, or the Privacy Shield Frameworks. Specifically, on July 16, 2020, the Court of Justice of the EU invalidated Decision 2016/1250 which had deemed the protection provided by the EU-U.S. Privacy Shield Framework adequate under EU privacy law, specifically under the GDPR. To the extent that we or any of our vendors, contractors or consultants had been relying on the EU-U.S. Privacy Shield Framework, we will not be able to do so in the future, which could increase our costs, inhibit transfer of any personal data to the United States and may limit our ability to process personal data from the EU. The same decision also cast doubt on the ability to use one of the primary alternatives to the Privacy Shield Frameworks, namely, the European Commission’s Standard Contractual Clauses, to lawfully transfer personal data from Europe to the United States and most other countries. At present, there are few if any viable alternatives to the Privacy Shield Frameworks and the Standard Contractual Clauses for the foregoing purposes. On September 8, 2020, Switzerland’s Federal Data Protection and Information Commissioner similarly invalidated the use of the Privacy Shield Frameworks as a vehicle for lawful data transfers from those countries to the United States and authorities in the United Kingdom may likewise invalidate use of the Privacy Shield Frameworks as a mechanism for lawful data transfers to the United States. As such, our processing of personal data from Europe may not comply with European data protection law, may increase our exposure to the GDPR’s heightened sanctions for violations of its cross-border data transfer restrictions and may reduce demand for our services from companies subject to European data protection laws. Challenges involving import personal data from Europe may also require us to increase our data processing capabilities in Europe at significant expense. Additionally, other countries outside of Europe have enacted or are considering enacting similar cross-border data transfer restrictions and laws requiring local data residency, which could increase the cost and complexity of delivering our services and operating our business.
Further, the exit of the United Kingdom from the EU, often referred to as Brexit, has created uncertainty with regard to data protection regulation in the United Kingdom and particularly whether the transfer of personal information from the EEA to the United Kingdom will be lawful under the GDPR. On June 28, 2021, the European Commission issued an adequacy decision under the GDPR which allows transfers (other than those carried out for the purposes of United Kingdom immigration control) of personal data from the EEA to the United Kingdom to continue without restriction for a period of four years ending June 27, 2025. After that period, the adequacy decision may be renewed, however, only if the United Kingdom continues to ensure an adequate level of data protection. During these four years, the European Commission will continue to monitor the legal situation in the United Kingdom and could intervene at any point if the United Kingdom deviates from the level of data protection in place at the time of issuance of the adequacy decision. If the adequacy decision is withdrawn or not renewed, transfers of personal data from the EEA to the United Kingdom will require a valid ‘transfer mechanism,’ and we may be required to implement new processes and put new agreements in place, such as SCC’s, to enable transfers of personal data from the EEA to the United Kingdom to continue.
California also enacted the California Consumer Privacy Act of 2018, or CCPA, which affords consumers expanded privacy protections as of January 1, 2020. The potential effects of this legislation are far reaching and may require us to modify our data processing practices and policies and to incur substantial costs and expenses in an effort to comply, where applicable. For example, the CCPA gives California residents expanded rights to access and require deletion of their personal information, opt out of certain personal information sharing and receive detailed information about how their personal information is used. The CCPA also provides for civil penalties for violations, as well as a private right of action for data breaches that may increase data breach litigation. In addition, the CCPA has prompted a number of proposals for new federal and state privacy legislation that, if passed, could increase our potential liability, increase our compliance costs and adversely affect our business. Additionally, a new privacy law, the California Privacy Rights Act, or CPRA, was passed by voters in California as part of the
November 3, 2020 election. The CPRA is expected to significantly modify the CCPA, potentially resulting in further uncertainty and requiring us to incur additional costs and expenses in an effort to comply. The enactment of the CCPA is prompting a wave of similar legislative developments in other states in the United States, which could create the potential for a patchwork of overlapping but different state laws. For example, in 2021, Virginia passed its Consumer Data Protection Act, and Colorado passed the Colorado Privacy Act, both of which differ from the CPRA and become effective in 2023. Some countries also are considering or have passed legislation requiring local storage and processing of data, or similar requirements, which could increase the cost and complexity of operating our solution and other aspects of our business.
With laws and regulations such as the GDPR in the EU and the CCPA and other state statutes in the United States imposing new and relatively burdensome obligations, and with substantial uncertainty over the interpretation and application of these and other laws and regulations, there is a risk that the requirements of these laws and regulations, or of contractual or other obligations relating to privacy, data protection or information security, will be interpreted or applied in a manner that is, or is alleged to be, inconsistent with our management and processing practices, our policies or procedures or the features of our solution. We may face challenges in addressing their requirements and making necessary changes to our policies and practices and may incur significant costs and expenses in an effort to do so. Although we endeavor to comply with our published policies, certifications and documentation, we may at times fail to do so or may be perceived to have failed to do so. Moreover, despite our efforts, we may not be successful in achieving compliance if our employees or vendors do not comply with our published policies and documentation. Any failure or perceived failure by us to comply with our privacy policies, our privacy-, data protection- or information security-related obligations to customers or other third parties or any of our other legal obligations relating to privacy, data protection or information security may result in governmental investigations or enforcement actions, litigation, claims or public statements against us by consumer advocacy groups or others and could result in significant liability or cause our customers to lose trust in us, which could have an adverse effect on our reputation and business. Furthermore, the costs of compliance with, and other burdens imposed by, the laws, regulations and policies that are applicable to the businesses of our customers may limit the adoption and use of, and reduce the overall demand for, our solution. Additionally, if third parties we work with, such as vendors or developers, violate applicable laws or regulations or our policies, such violations may also put our customers’ content at risk and could in turn have an adverse effect on our business.
Any significant change to applicable laws, regulations or industry practices regarding the collection, use, retention, security or disclosure of our customers’ content, or regarding the manner in which the express or implied consent of customers for the collection, use, retention or disclosure of such content is obtained, could increase our costs and require us to modify our solution, possibly in a material manner, which we may be unable to complete and may limit our ability to store and process customer data or develop new applications and features.
Our computer systems, or those of any third parties on whom we depend, may fail or suffer security or data privacy breaches or other unauthorized or improper access to, use of, or destruction of our proprietary or confidential data, employee data, or personal data, which could result in additional costs, loss of revenue, significant liabilities, harm to our brand and material disruption of our operations.
Despite the implementation of security measures in an effort to protect systems that store our information, given their size and complexity and the increasing amounts of information maintained on our information technology systems and those of our third-party contractors and consultants, these systems are potentially vulnerable to breakdown or other damage or interruption from service interruptions, system malfunction, natural disasters, terrorism, war and telecommunication and electrical failures, as well as security breaches from inadvertent or intentional actions by our employees, contractors, consultants, business partners and/or other third parties, or from cyber-attacks by malicious third parties (including supply chain cyber attacks or the deployment of harmful malware, ransomware, denial-of-service attacks, social engineering and other means to affect service reliability and threaten the confidentiality, integrity and availability of information), which may compromise our system infrastructure or lead to the loss, destruction, alteration, denial of access to, disclosure or dissemination of, or damage or unauthorized access to, our data (including trade secrets or other confidential information, intellectual property, proprietary business information and personal information) or data that is processed or maintained on our behalf, or other assets, which could result in financial, legal, business and reputational harm to us.
Companies have, in general, experienced an increase in phishing and social engineering attacks from third parties in connection with the COVID-19 pandemic and the increase in remote working further increases security threats. To the extent that any disruption or security incident were to result in any loss, destruction, unavailability, alteration, disclosure or dissemination of, or damage or unauthorized access to, our applications, any other data processed or maintained on our behalf or other assets, or for it to be believed or reported that any of these occurred, we could incur liability, financial harm and reputational damage. We cannot assure you that our data protection efforts and our investment in information technology, or the efforts or investments of our consultants or other third parties, will prevent significant breakdowns or breaches in systems or
other cyber incidents that cause loss, destruction, unavailability, alteration or dissemination of, or damage or unauthorized access to, our data and other data processed or maintained on our behalf or other assets that could have a material adverse effect upon our reputation, business, operations or financial condition. Further, any such event that leads to loss, damage, or unauthorized access to, or use, alteration, or disclosure or dissemination of, personal information, including personal information regarding our clinical trial subjects or employees, could harm our reputation directly, compel us to comply with federal and/or state breach notification laws and foreign law equivalents, subject us to mandatory corrective action and otherwise subject us to liability under laws and regulations that protect the privacy and security of personal information, which could result in significant legal and financial exposure and reputational damages that could potentially have an adverse effect on our business.
Notifications and follow-up actions related to a security incident could impact our reputation and cause us to incur significant costs, including legal expenses and remediation costs. We expect to incur significant costs in our ongoing efforts to detect and prevent security incidents and we may face increased costs and requirements to expend substantial resources in the event of an actual or perceived security incident. To the extent that any disruption or security incident were to result in any loss, destruction, or alteration of, or damage or unauthorized access to, our data or other information that is processed or maintained on our behalf, or inappropriate disclosure of or dissemination of any such information, we could be exposed to litigation and governmental investigations and we could be subject to significant fines or penalties for any noncompliance with certain state, federal and/or international privacy and security laws.
Our insurance policies may not be adequate to compensate us for the potential losses arising from any such disruption in or failure or security breach of our systems or third-party systems where information important to our business operations or commercial development is stored. In addition, such insurance may not be available to us in the future on economically reasonable terms, or at all. Further, our insurance may not cover all claims made against us and could have high deductibles in any event, and defending a suit, regardless of its merit, could be costly and divert management attention.
If the security of the personal information that we (or our vendors) collect, store, or process is compromised or is otherwise accessed without authorization, or if we fail to comply with our commitments and assurances regarding the privacy and security of such information, our reputation may be harmed and we may be exposed to liability and loss of business.
Our business involves the collection and storage of potentially highly sensitive electronic documentation for use in various legal matters, including litigation and governmental investigations. In addition, we collect and maintain data about individuals and customers, including personally identifiable information, as well as other confidential, privileged or proprietary information. We may use third-party service providers and sub-processors to help us deliver services to our customers. These vendors may store or process personal information on our behalf.
Cyberattacks and other malicious internet-based activity continue to increase. In addition to traditional computer “hackers,” malicious code (such as viruses, worms and ransomware), employee theft or misuse and denial-of-service attacks, sophisticated nation-state and nation-state supported actors and organized crime now engage in attacks (including advanced persistent threat intrusions). We cannot guarantee that our or our vendors’ security measures will be sufficient to protect against unauthorized access to or other compromise of personal information and our confidential or proprietary information. Due to the COVID-19 pandemic, our employees are temporarily working remotely, which may pose additional data security risks. The techniques used to sabotage or to obtain unauthorized access to our or our vendors’ solutions, systems, networks and/or physical facilities in which data is stored or through which data is transmitted change frequently and we or our vendors may be unable to implement adequate preventative measures or stop security breaches while they are occurring. The recovery systems, security protocols, network protection mechanisms and other security measures that we have integrated into our solution, systems, networks and physical facilities and any such measures implemented by our vendors, which are designed to protect against, detect and minimize security breaches, may not be adequate to prevent or detect service interruption, system failure, or data loss. Our solution, systems, networks and physical facilities, and those of our vendors, in the past have been, and in the future could be, attacked and/or breached and personal information has been and could be otherwise compromised. Third parties could attempt to fraudulently induce our employees or our customers to disclose information or user names and/or passwords, or otherwise compromise the security of our solution, networks, systems and/or physical facilities. Third parties have exploited in the past, and could exploit in the future, vulnerabilities in, or could obtain unauthorized access to, platforms, systems, networks and/or physical facilities utilized by our vendors.
We are required to comply with laws, rules, regulations and other obligations that require us to maintain the security of personal information. We may have contractual and other legal obligations to notify relevant stakeholders of security breaches. We operate in an industry that is prone to cyber-attacks. We have previously and may in the future become the target of cyber-attacks by third parties seeking unauthorized access to such data, including our or our customers’ data or to disrupt our ability to
provide our services. Failure to prevent or mitigate cyber-attacks could result in the unauthorized access to personal information. Most jurisdictions have enacted laws requiring companies to notify individuals, regulatory authorities and others of security breaches involving certain types of data. In addition, our agreements with certain customers and partners may require us to notify them in the event of a security breach. Such mandatory disclosures are costly, could lead to negative publicity, may cause our customers to lose confidence in the effectiveness of our security measures and require us to expend significant capital and other resources to respond to and/or alleviate problems caused by the actual or perceived security breach. A security breach of any of our vendors that processes personal information of our customers may pose similar risks. The costs to respond to a security breach and/or to mitigate any security vulnerabilities that may be identified could be significant, our efforts to address these issues may not be successful, and these issues could result in interruptions, delays, cessation of service, negative publicity, loss of customer trust, diminished use of our solution as well as other harms to our business and our competitive position. Remediation of any potential security breach may involve significant time, resources and expenses. Any security breach may result in regulatory inquiries, litigation or other investigations and can affect our financial and operational condition.
A security breach may cause us to violate the terms of our customer contracts. Our agreements with certain customers may require us to use industry-standard or reasonable measures to safeguard personal information. We also may be subject to laws that require us to use industry-standard or reasonable security measures to safeguard personal information. A security breach could lead to claims by our customers or other relevant stakeholders that we have failed to comply with such legal or contractual obligations. As a result, we could be subject to legal action or our customers could end their relationships with us. There can be no assurance that the limitations of liability in our contracts would be enforceable or adequate or would otherwise protect us from liabilities or damages and in some cases our customer agreements do not limit our remediation costs or liability with respect to data breaches.
Litigation resulting from security breaches may adversely affect our business. Unauthorized access to our solution, systems, networks, or physical facilities, or those of our vendors, could result in litigation with our customers or other relevant stakeholders. These proceedings could force us to spend money in defense or settlement, divert management’s time and attention, increase our costs of doing business, or adversely affect our reputation. We could be required to fundamentally change our business activities and practices or modify our solution and/or platform capabilities in response to such litigation, which could have an adverse effect on our business. If a security breach were to occur, and the confidentiality, integrity, or availability of personal information was disrupted, we could incur significant liability, or our solution, systems, or networks may be perceived as less desirable, which could negatively affect our business and damage our reputation.
We may not have adequate insurance coverage for security incidents or breaches. The successful assertion of one or more large claims against us that exceeds our available insurance coverage, or results in changes to our insurance policies (including premium increases or the imposition of large deductible or co-insurance requirements), could have an adverse effect on our business. In addition, we cannot be sure that our existing insurance coverage and coverage for errors and omissions will continue to be available on acceptable terms or that our insurers will not deny coverage as to any future claim.
Risks Related to Tax and Accounting Matters
Our ability to use our net operating losses to offset future taxable income may be subject to certain limitations.
Our net operating loss, or NOL, carryforwards could expire unused and be unavailable to offset future income tax liabilities. Our NOLs generated in tax years beginning on or prior to December 31, 2017 are only permitted to be carried forward for 20 years under applicable U.S. tax law. Under legislation enacted in 2017, informally titled the Tax Cuts and Jobs Act, or Tax Act, as modified by the Coronavirus Aid, Relief, and Economic Security Act, or CARES Act, our federal NOLs generated in tax years beginning after December 31, 2017 may be carried forward indefinitely, but the deductibility of such federal NOLs in tax years beginning after December 31, 2020 is limited to 80% of current year taxable income. It is uncertain if and to what extent various states will conform to the Tax Act or the CARES Act.
In addition, under Section 382 of the U.S. Internal Revenue Code of 1986, as amended, or the Code, a corporation that undergoes an “ownership change” is generally subject to limitations on its ability to utilize its pre-change NOLs to offset post-change taxable income. We may have experienced ownership changes in the past and may experience ownership changes in the future as a result of subsequent shifts in our stock ownership (some of which shifts are outside our control). Furthermore, our ability to utilize NOLs of companies that we may acquire in the future may be subject to limitations. For these reasons, we may not be able to utilize a material portion of the NOLs, even if we were to achieve profitability.
Our international operations may subject us to potential adverse tax consequences.
We are expanding our international operations and staff to better support our growth into international markets. Our corporate structure and associated transfer pricing policies contemplate future growth into the international markets and consider the functions, risks and assets of the various entities involved in the intercompany transactions. The amount of taxes we pay in different jurisdictions may depend on the application of the tax laws of the various jurisdictions, including the United States, to our international business activities; changes in tax rates; new or revised tax laws or interpretations of existing tax laws and policies; and our ability to operate our business in a manner consistent with our corporate structure and intercompany arrangements. The taxing authorities of the jurisdictions in which we operate may challenge our methodologies for pricing intercompany transactions pursuant to our intercompany arrangements or disagree with our determinations as to the income and expenses attributable to specific jurisdictions. If such a challenge or disagreement were to occur, and our position was not sustained, we could be required to pay additional taxes, interest and penalties, which could result in one-time tax charges, higher effective tax rates, reduced cash flows and lower overall profitability of our operations. Our financial statements could fail to reflect adequate reserves to cover such a contingency.
Our results of operations may be harmed if we are required to collect sales or other related taxes for our subscriptions in jurisdictions where we have not historically done so.
We collect and remit sales tax in a number of jurisdictions where we, through our employees, have a presence and where we have determined, based on the U.S. Supreme Court decision in South Dakota v. Wayfair, Inc. and legal precedents in the jurisdiction, that we have “economic nexus” or sales of our solution are otherwise classified as taxable. The application of indirect taxes (such as sales and use tax, value-added tax, or VAT, goods and services tax, or GST, business tax and gross receipt tax) to businesses that transact online, such as ours, is a complex and evolving area. There is uncertainty as to what constitutes sufficient physical presence or nexus for a state or local jurisdiction to levy taxes, fees and surcharges for sales made over the internet and our characterization of our solution as not taxable in certain jurisdictions may not be accepted by state and local taxing authorities. As a result, it may be necessary to reevaluate whether our activities give rise to sales, use and other indirect taxes as a result of any nexus or transaction thresholds in those states in which we are not currently registered to collect and remit taxes. A successful assertion by a state, country, or other jurisdiction that we should have been or should be collecting additional sales, use, or other taxes could, among other things, result in substantial tax payments, create significant administrative burdens for us, discourage potential customers from subscribing to our solution due to the incremental cost of any such sales or other related taxes, or otherwise harm our business. We continue to analyze our exposure for such taxes and liabilities.
Additionally, we have not historically collected VAT or GST on sales of our solution, generally, because we make all of our sales through our office in the United States, and we believe, based on information provided to us by our customers, that most of our sales are made to business customers. Taxing authorities may challenge our position that we do not have sufficient nexus in a taxing jurisdiction or that our solution is subject to use, VAT, GST and other taxes, which could result in increased tax liabilities for us or our customers, which could harm our business.
The application of existing, new or future laws, whether in the United States or internationally, could harm our business. There have been, and will continue to be, substantial ongoing costs associated with complying with the various indirect tax requirements in the numerous markets in which we conduct or will conduct business.
Changes in our effective tax rate or tax liability may harm our business.
Our effective tax rate could be adversely impacted by several factors, including:
•Changes in the relative amounts of income before taxes in the various jurisdictions in which we operate that have differing statutory tax rates;
•Changes in tax laws, tax treaties and regulations or the interpretation of them, including the Tax Act;
•Changes to our assessment about our ability to realize our deferred tax assets that are based on estimates of our future results, the prudence and feasibility of possible tax-planning strategies and the economic and political environments in which we do business;
•The outcome of current and future tax audits, examinations or administrative appeals; and
•Limitations or adverse findings regarding our ability to do business in some jurisdictions.
Should our effective tax rate rise, our business could be harmed.
Our financial results may be adversely affected by changes in accounting principles applicable to us.
U.S. GAAP is subject to interpretation by the Financial Accounting Standards Board, the SEC, and other various bodies formed to promulgate and interpret appropriate accounting principles. Changes in these accounting principles could adversely affect our financial results. Any difficulties in implementing these pronouncements could cause us to fail to meet our financial reporting obligations, which could result in regulatory discipline and harm our business.
If our estimates or judgments relating to our critical accounting policies prove to be incorrect, our results of operations could be adversely affected.
The preparation of financial statements in conformity with U.S. GAAP requires management to make estimates and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, as described in Note 2, “Summary of Significant Accounting Policies” in the notes to our consolidated financial statements included elsewhere in this Quarterly Report on Form 10-Q. The results of these estimates form the basis for making judgments about the carrying values of assets, liabilities and equity and the amount of revenue and expenses that are not readily apparent from other sources. Significant assumptions and estimates used in preparing our consolidated financial statements include those related to allowance for credit losses, fair value of financial instruments, valuation of stock-based compensation, valuation of warrant liabilities and the valuation allowance for deferred income taxes. Our results of operations may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our results of operations to fall below the expectations of securities analysts and investors, resulting in a decline in the trading price of our common stock. Significant judgments, estimates and assumptions used in preparing our consolidated financial statements include, or may in the future include, those related to revenue recognition, stock-based compensation expense, income taxes, goodwill and intangible assets.
Risks Related to Being a Public Company
We will continue to incur increased costs as a result of operating as a public company and our management will be required to devote substantial time to compliance with our public company responsibilities and corporate governance practices.
As a newly public company, we have and will continue to incur significant legal, accounting and other expenses that we did not incur as a private company, which we expect to further increase after we are no longer an “emerging growth company.” The Sarbanes-Oxley Act of 2002, or the Sarbanes-Oxley Act, the Dodd-Frank Wall Street Reform and Consumer Protection Act, the listing requirements of the New York Stock Exchange, or NYSE, and other applicable securities rules and regulations impose various requirements on public companies. Our management and other personnel are expected to devote a substantial amount of time to compliance with these requirements, which may divert their attention from managing our business operations. Moreover, these rules and regulations will increase our legal and financial compliance costs and will make some activities more time-consuming and costly. We cannot predict or estimate the amount of additional costs we will incur as a public company or the specific timing of such costs.
Our management team has limited experience managing a public company.
Our management team has limited experience managing a publicly traded company, interacting with public company investors and securities analysts and complying with the increasingly complex laws pertaining to public companies. These new obligations and constituents require significant attention from our management team and could divert their attention away from the day-to-day management of our business, which could harm our business, results of operations and financial condition.
We have identified a material weakness in our internal control over financial reporting. If our remediation of the material weakness is not effective, or we fail to develop and maintain effective internal control over financial reporting, our ability to produce timely and accurate financial statements or comply with applicable laws and regulations could be impaired.
Neither our management nor an independent registered public accounting firm has ever performed an evaluation of our internal controls over financial reporting in accordance with the provisions of the Sarbanes-Oxley Act because no such evaluation has been required. We will be required, pursuant to Section 404 of the Sarbanes-Oxley Act, or Section 404, to furnish a report by management on, among other things, the effectiveness of our internal controls over financial reporting for the fiscal year ending December 31, 2022. In addition, our independent registered public accounting firm will be required to attest to the effectiveness of our internal controls over financial reporting in our first annual report required to be filed with the SEC following the date we are no longer an “emerging growth company.” We have recently commenced the costly and challenging process of compiling the system and processing documentation necessary to perform the evaluation needed to
comply with Section 404, but we may not be able to complete our evaluation, testing and any required remediation in a timely fashion once initiated. Our compliance with Section 404 will require that we incur substantial expenses and expend significant management efforts. We will need to hire additional accounting and financial staff with appropriate public company experience and technical accounting knowledge and compile the system and process documentation necessary to perform the evaluation needed to comply with Section 404.
During the evaluation and testing process of our internal controls, if we identify one or more material weaknesses in our internal controls over financial reporting, we will be unable to certify that our internal controls over financial reporting is effective. A material weakness is a deficiency, or combination of deficiencies, in internal controls over financial reporting, such that there is a reasonable possibility that a material misstatement of the annual or interim financial statements will not be prevented or detected on a timely basis.
In the course of preparing our audited consolidated financial statements for the year ended December 31, 2019, a material weakness was identified in our internal controls over financial reporting related to secondary sales transactions by current and former employees. Specifically, we did not design and maintain effective controls to evaluate and assess secondary sales transactions in our common stock to determine, in a timely manner, whether additional compensation expense was incurred based on the nature of the transaction.
We have begun implementation of a plan to remediate the material weakness described above. Those remediation measures are ongoing and include the following:
•We have hired, and will continue to recruit, additional personnel, in addition to utilizing third-party consultants and specialists, to supplement the quality, depth and experience of our accounting and finance internal resources; and
•We engaged an external advisor to assist us with designing and implementing improved processes and internal controls and monitoring remediation progress.
We cannot assure you the measures we are taking to remediate the material weakness will be sufficient or that they will prevent future material weaknesses. Additional material weaknesses or failure to maintain effective internal control over financial reporting could cause us to fail to meet our reporting obligations as a public company and may result in a restatement of our financial statements for prior periods.
We may not be able to successfully manage the growth of our business if we are unable to improve our internal systems, processes and controls.
We need to continue to improve our internal systems, processes and controls to effectively manage our operations and growth. We may not be able to successfully implement and scale improvements to our systems and processes in a timely or efficient manner or in a manner that does not negatively affect our operating results. For example, we may not be able to effectively monitor certain extraordinary contract requirements or provisions that are individually negotiated by our sales force as the number of transactions continues to grow. In addition, our systems and processes may not prevent or detect all errors, omissions or fraud. We may experience difficulties in managing improvements to our systems, processes and controls or in connection with third-party software, which could impair our ability to offer our solution to our customers in a timely manner, causing us to lose customers, limit us to smaller deployments of our solution or increase our technical support costs.
We are an “emerging growth company” and a “smaller reporting company,” and we cannot be certain if the reduced reporting and disclosure requirements applicable to emerging growth companies and smaller reporting companies will make our common stock less attractive to investors.
We are an “emerging growth company,” as defined in the Jumpstart Our Business Startups Act of 2012, or the JOBS Act, and we may take advantage of certain exemptions from various reporting requirements that are applicable to other public companies that are not “emerging growth companies,” including the auditor attestation requirements of Section 404, reduced disclosure obligations regarding executive compensation in our periodic reports and proxy statements and exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved. Pursuant to Section 107 of the JOBS Act, as an emerging growth company, we have elected to use the extended transition period for complying with new or revised accounting standards until those standards would otherwise apply to private companies. As a result, our consolidated financial statements may not be comparable to the financial statements of issuers who are required to comply with the effective dates for new or revised accounting standards that are applicable to public companies, which may make our common stock less attractive to investors. In addition, if we cease to
be an emerging growth company, we will no longer be able to use the extended transition period for complying with new or revised accounting standards.
We will remain an emerging growth company until the earliest of: (1) December 31, 2026; (2) the last day of the first fiscal year in which our annual gross revenue is $1.07 billion or more; (3) the date on which we have, during the previous rolling three-year period, issued more than $1 billion in non-convertible debt securities; and (4) the last day of the fiscal year in which the market value of our common stock held by non-affiliates exceeds $700 million as of June 30 of such fiscal year.
We may continue to be a smaller reporting company even after we are no longer an emerging growth company. We may take advantage of certain of the scaled disclosures available to smaller reporting companies and will be able to take advantage of these scaled disclosures for so long as (i) the market value of our voting and non-voting common stock held by non-affiliates is less than $250 million measured on the last business day of our second fiscal quarter or (ii) our annual revenue is less than $100 million during the most recently completed fiscal year and the market value of our voting and non-voting common stock held by non-affiliates is less than $700 million measured on the last business day of our second fiscal quarter.
We cannot predict if investors will find our common stock less attractive if we choose to rely on these exemptions. For example, if we do not adopt a new or revised accounting standard, our future results of operations may not be as comparable to the results of operations of certain other companies in our industry that adopted such standards. If some investors find our common stock less attractive as a result, there may be a less active trading market for our common stock and our stock price may be more volatile.
Risks Related to Ownership of Our Common Stock
Insiders have substantial control over us and will be able to influence corporate matters.
Based on the number of shares outstanding as of September 30, 2021, our directors, officers and their respective affiliates beneficially owned, in the aggregate, approximately 34% of our outstanding common stock. As a result, these stockholders will be able to exercise significant influence over all matters requiring stockholder approval, including the election of directors and approval of significant corporate transactions, such as a merger or other sale of our company or its assets. This concentration of ownership will limit the ability of other stockholders to influence corporate matters and may cause us to make strategic decisions that could involve risks to you or that may not be aligned with your interests. This control may adversely affect the market price of our common stock.
Our stock price may be volatile, and the value of our common stock may decline.
The market price of our common stock may be highly volatile and may fluctuate or decline substantially as a result of a variety of factors, some of which are beyond our control, including:
•actual or anticipated fluctuations in our financial condition or results of operations;
•variance in our financial performance from expectations of securities analysts;
•changes in the pricing of our solution;
•changes in our projected operating and financial results;
•announcements by us or our competitors of significant business developments, acquisitions or new offerings;
•changes in laws or regulations applicable to our solution;
•significant data breaches, disruptions to or other incidents involving our software;
•our involvement in litigation;
•future sales of our common stock by us or our stockholders, as well as the anticipation of lock-up releases;
•changes in senior management or key personnel;
•the trading volume of our common stock;
•changes in the anticipated future size and growth rate of our market; and
•general economic and market conditions.
Broad market and industry fluctuations, as well as general economic, political, regulatory and market conditions, may also negatively impact the market price of our common stock.
An active public market for our common stock may not develop or be sustained.
Prior to the closing of our IPO in July 2021, no public market for our common stock existed. An active public trading market for our common stock may not continue to develop or, if further developed, it may not be sustained. The lack of an active market may impair the ability of holders of our common stock to sell their shares at the time they wish to sell them or at a price that such holders consider reasonable. The lack of an active market may also reduce the fair value of shares of our common stock. An inactive market may also impair our ability to raise capital to continue to fund operations by selling shares and may impair our ability to acquire other companies by using our shares as consideration.
Sales of our common stock in the public market could cause the market price of our common stock to decline.
Sales of a substantial number of shares of our common stock in the public market, or the perception that these sales might occur, could depress the market price of our common stock and could impair our ability to raise capital through the sale of additional equity securities. Many of our existing equityholders have substantial unrecognized gains on the value of the equity they hold, and therefore they may take steps to sell their shares or otherwise secure the unrecognized gains on those shares. We are unable to predict the timing of or the effect that such sales may have on the prevailing market price of our common stock.
All of our directors and officers, and the holders of substantially all of our capital stock and securities convertible into our capital stock outstanding prior to our IPO are subject to lock-up agreements entered into in connection with our IPO that restrict their ability to offer, sell, contract to sell, pledge, grant any option to purchase, make any short sale or otherwise dispose of any of our shares of common stock, any options or warrants to purchase any of our shares of common stock or any securities convertible into or exchangeable for or that represent the right to receive shares of our common stock through January 16, 2022, subject to certain exceptions. J.P. Morgan Securities LLC and BofA Securities, Inc., the representatives of the underwriters for our IPO, may, in their sole discretion, permit our stockholders who are subject to these lock-up agreements to sell shares prior to the expiration of the lock-up agreements, subject to applicable notice requirements. If not earlier released, all of the shares of common stock subject to such lock-up agreements will become eligible for sale on January 17, 2022, except for any shares held by our affiliates as defined in Rule 144 under the Securities Act of 1933, or the Securities Act.
Notwithstanding the foregoing, if at any time beginning October 18, 2021, the last reported closing price of our common stock on the NYSE is at least 25% greater than the price per share at which shares of common stock were sold in our IPO for five out of any ten consecutive trading days ending on or after October 18, 2021, then the terms of the lock-up agreements will expire with respect to 25% of each stockholder’s aggregate number of shares of common stock and securities convertible into or exchangeable for common stock subject to the lock-up agreement as of the date of the Prospectus, or the Early Lock-Up Expiration, and such shares will become for sale immediately prior to the opening of trading on the third trading day following the date on which all of such conditions are satisfied, or the Early Lock-Up Expiration Date; provided, that, if at the time of such Early-Lock-Up Expiration, we are in or within five trading days prior to a broadly applicable and regularly scheduled period during which trading in our securities is not permitted, or a Blackout Period, under our insider trading policy, the date of the Early Lock-Up Expiration will be delayed until immediately prior to the opening of trading on the second trading day following the first date that we are no longer in a Blackout Period under our insider trading policy. In connection with the secondary offering of our common stock by certain of our directors, officers, and stockholders in September 2021, J.P. Morgan Securities LLC and BofA Securities, Inc. granted a waiver to permit such parties to sell an aggregate of 6.1 million shares of common stock in the offering. The shares sold in connection with this offering will be deducted from the number of shares that could otherwise be sold by each stockholder under the Early Lock-Up Expiration provision. On October 18, 2021, the price-based condition for the Early Lock-Up Expiration was satisfied. As a result, the lock-up period will end with respect to approximately 6.6 million shares of common stock on November 15, 2021.
In addition, if (a) January 16, 2022 is scheduled to fall during a Blackout Period under our insider trading policy, (b) at least 135 days have elapsed since the date of our IPO, and (c) we have publicly released results from the quarterly period ending September 30, 2021, then the lock-up period shall end with respect to all remaining shares of common stock and securities convertible into or exchangeable for common stock subject to the lock-up agreement immediately prior to the opening of trading on the tenth trading day prior to the commencement of such Blackout Period. For the avoidance of doubt, notwithstanding anything to the contrary, in no event will the lock-up period end earlier than 135 days after the date of our IPO.
In addition, there were 3.0 million shares of common stock issuable upon the exercise of options outstanding as of September 30, 2021. We have registered all of the shares of common stock issuable upon the exercise of outstanding options or other equity incentives we may grant in the future, for public resale under the Securities Act. The shares of common stock will become eligible for sale in the public market to the extent such options are exercised, subject to the lock-up agreements described above and compliance with applicable securities laws.
Further, based on shares outstanding as of September 30, 2021, holders of an aggregate of 34.7 million and 41.8 million shares of our capital stock outstanding as of such date had rights, subject to some conditions, to require us to file registration statements covering the sale of their shares or to include their shares in registration statements that we may file for ourselves or other stockholders, respectively.
If securities or industry analysts do not publish research or publish unfavorable or inaccurate research about our business, the market price and trading volume of our common stock could decline.
The market price and trading volume of our common stock is heavily influenced by the way analysts interpret our financial information and other disclosures. We do not have control over these analysts. If few securities analysts commence coverage of us, or if industry analysts cease coverage of us, our stock price would be negatively affected. If securities or industry analysts do not publish research or reports about our business, downgrade our common stock, or publish negative reports about our business, our stock price would likely decline. If one or more of these analysts cease coverage of us or fail to publish reports on us regularly, demand for our common stock could decrease, which might cause our stock price to decline and could decrease the trading volume of our common stock.
We do not intend to pay dividends for the foreseeable future and, as a result, your ability to achieve a return on your investment will depend on appreciation in the price of our common stock.
We have never declared or paid any cash dividends on our capital stock and we do not intend to pay any cash dividends in the foreseeable future. Any determination to pay dividends in the future will be at the discretion of our board of directors. Accordingly, holders of our common stock may need to rely on sales of their holdings of common stock after price appreciation, which may never occur, as the only way to realize any future gains on their investment.
Anti-takeover provisions in our charter documents and under Delaware law could make an acquisition of our company more difficult, limit attempts by our stockholders to replace or remove our current management and limit the market price of our common stock.
Provisions in our amended and restated certificate of incorporation and amended and restated bylaws may have the effect of delaying or preventing a change of control or changes in our management. Our amended and restated certificate of incorporation and amended and restated bylaws include provisions that:
•authorize our board of directors to issue, without further action by the stockholders, shares of undesignated preferred stock with terms, rights and preferences determined by our board of directors that may be senior to our common stock;
•require that any action to be taken by our stockholders be effected at a duly called annual or special meeting and not by written consent;
•specify that special meetings of our stockholders can be called only by our board of directors, the chairperson of our board of directors or our chief executive officer;
•establish an advance notice procedure for stockholder proposals to be brought before an annual meeting, including proposed nominations of persons for election to our board of directors;
•establish that our board of directors is divided into three classes, with each class serving three- year staggered terms;
•prohibit cumulative voting in the election of directors;
•provide that our directors may be removed for cause only upon the vote of at least 66 2/3% of our outstanding shares of voting stock;
•provide that vacancies on our board of directors may be filled only by a majority of directors then in office, even though less than a quorum; and
•require the approval of our board of directors or the holders of at least 66 2/3% of our outstanding shares of voting stock to amend our bylaws and certain provisions of our certificate of incorporation.
These provisions may frustrate or prevent any attempts by our stockholders to replace or remove our current management by making it more difficult for stockholders to replace members of our board of directors, which is responsible for appointing the members of our management. In addition, because we are incorporated in Delaware, we are governed by the provisions of Section 203 of the Delaware General Corporation Law, which generally, subject to certain exceptions, prohibits a Delaware corporation from engaging in any of a broad range of business combinations with any “interested” stockholder for a period of three years following the date on which the stockholder became an “interested” stockholder. Any of the foregoing provisions could limit the price that investors might be willing to pay in the future for shares of our common stock and they could deter potential acquirers of our company, thereby reducing the likelihood that you would receive a premium for your shares of our common stock in an acquisition.
Our amended and restated certificate of incorporation provides that the Court of Chancery of the State of Delaware and the federal district courts of the United States of America will be the exclusive forums for substantially all disputes between us and our stockholders, which could limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us or our directors, officers or employees.
Our amended and restated certificate of incorporation provides that the Court of Chancery of the State of Delaware is the exclusive forum for the following types of actions or proceedings under Delaware statutory or common law:
•any derivative claim or cause of action brought on our behalf;
•any claim or cause of action asserting a breach of fiduciary duty;
•any claim or cause of action against us arising under the Delaware General Corporation Law;
•any claim or cause of action arising under or seeking to interpret our amended and restated certificate of incorporation or our amended and restated bylaws; and
•any claim or cause of action against us that is governed by the internal affairs doctrine.
The provisions would not apply to suits brought to enforce a duty or liability created by the Securities Exchange Act of 1934. Furthermore, Section 22 of the Securities Act creates concurrent jurisdiction for federal and state courts over all such Securities Act actions. Accordingly, both state and federal courts have jurisdiction to entertain such claims. To prevent having to litigate claims in multiple jurisdictions and the threat of inconsistent or contrary rulings by different courts, among other considerations, our amended and restated certificate of incorporation will further provide that the federal district courts of the United States of America will be the exclusive forum for resolving any complaint asserting a cause or causes of action arising under the Securities Act, including all causes of action asserted against any defendant to such complaint. For the avoidance of doubt, this provision is intended to benefit and may be enforced by us, our officers and directors, the underwriters to any offering giving rise to such complaint and any other professional entity whose profession gives authority to a statement made by that person or entity and who has prepared or certified any part of the documents underlying the offering.
While the Delaware courts have determined that such choice of forum provisions are facially valid, a stockholder may nevertheless seek to bring a claim in a venue other than those designated in the exclusive forum provisions. In such instance, we would expect to vigorously assert the validity and enforceability of the exclusive forum provisions of our amended and restated certificate of incorporation. This may require significant additional costs associated with resolving such action in other jurisdictions and there can be no assurance that the provisions will be enforced by a court in those other jurisdictions.
These exclusive forum provisions may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or our directors, officers or other employees, which may discourage lawsuits against us and our directors, officers and other employees. If a court were to find either exclusive-forum provision in our amended and restated certificate of incorporation to be inapplicable or unenforceable in an action, we may incur further significant additional costs associated with resolving the dispute in other jurisdictions, all of which could seriously harm our business.