PSQ Holdings (PSQH) Risk Analysis

Credova operates in a highly competitive and dynamic industry with a low barrier to entry, which makes increased competition more likely. Credova's technology platform faces competition from a variety of existing businesses and new market entrants, including competitors with BNPL products and those who enable transactions and commerce via digital payments. Despite any competitive advantage Credova may have, there is always a risk of new entrants in the market, which may disrupt Credova's business and decrease Credova's market share. Credova expects competition to intensify in the future, both as emerging technologies continue to enter the marketplace and as large financial incumbents increasingly seek to innovate the services that they offer to compete with Credova's products. Technological advances and the continued growth of e-commerce activities have increased consumers' accessibility to products and services and led to the expansion of competition in digital payment options such as pay-over-time solutions. Credova faces competition in areas such as: flexibility on payment options; duration, simplicity, and transparency of payment terms; reliability and speed in processing applications; underwriting effectiveness; compliance and security; promotional offerings; fees; approval rates; ease-of-use; marketing expertise; service levels; products and services; technological capabilities and integration; customer service; brand and reputation; and consumer and merchant satisfaction. In addition, it may be become more difficult to distinguish Credova's platform, and products and services, from those of its competitors. Some of Credova's competitors are substantially larger than Credova, which gives those competitors advantages Credova does not have, such as a more diversified product, a broader consumer and merchant base, the ability to reach more consumers, the ability to cross-sell their products, operational efficiencies, the ability to cross-subsidize their offerings through their other business lines, more versatile technology platforms, the ability to acquire competitors, broad-based local distribution capabilities, and lower-cost funding. Credova's competitors may also have longer operating histories, more extensive and broader consumer and merchant relationships, and greater brand recognition and brand loyalty than Credova has. For example, more established companies that possess large, existing consumer and merchant bases, substantial financial resources, and established distribution channels could enter the market. Further, consumers' increased usage of BNPL platforms in recent years may encourage more of such competitors that may be in a better position, due to financial and other resources, to attract merchants and customers to their platforms. Increased competition, particularly for large, well-known merchants, has in the past resulted and will result in the need for Credova to alter the pricing it offers to merchants. If Credova is unable to successfully compete, the demand for Credova's platform and products could stagnate or substantially decline, and Credova could fail to retain or grow the number of consumers or merchants using its platform, which would reduce the attractiveness of its platform to other consumers and merchants, and which would materially and adversely affect Credova's business, results of operations, financial condition, and prospects.

The number of businesses and users that use the Platform and their level of engagement on the platform are critical to our success. We must continue to engage and retain existing business and consumer members on the Platform, as well as attract, engage and retain new business and consumer members. The number of business and users on the Platform may not continue to grow at the current growth rate in platform participation that we have experienced since inception, if at all, and it may even decline. If current and potential business members and users do not perceive their experience with the Platform to be useful, the content generated on the platform to be valuable or relevant or the connections with businesses and users that may result from platform engagement to be worthwhile, we may not be able to attract new business members and users, retain existing business members and users or maintain or increase the frequency and duration of their engagement on the Platform. In addition, if our existing business members and users decrease the frequency or duration of their engagement or the growth rate or our business members and users base slows or reverses, we may be required to incur significantly higher marketing expenses than we currently anticipate in order to acquire new business members and users or retain current business and consumer members. There are many factors that could negatively impact our ability to grow, retain and engage current and prospective businesses and consumer members, including, but not limited to: - users failing to migrate their engagement from or increasing their engagement with competitors' platforms, products or services instead of, or more frequently than, the Platform;- changes in the amount of time users spend across all applications and platforms, including the Platform;- our failure to introduce platform enhancements that business members and users find engaging, or our introduction of new features, terms, policies or procedures, or making changes to the Platform, that are not favorably received by current or prospective business and consumer members;- decline in the quality or competitiveness of the businesses or products offered on the Platform;- technical or other problems frustrating the user experience, such as problems that prevent us from delivering our services in a fast and reliable manner;- business members and users having difficulty installing, updating or otherwise accessing the Platform on mobile devices or through the app or web browsers;- user behavior on the Platform changing;- decreases in user or business member sentiment due to questions about the quality or usefulness of the Platform, concerns about the nature of businesses, products and services or advertising content made available on the platform, concerns related to privacy, safety, security, well-being or other factors;- users become less able or willing to spend money on values-aligned products and services offered through the Platform;- changes mandated by legislation, government and regulatory authorities, or litigation that adversely impacts the Platform or consumer members;- changes to how we promote different features on the Platform;- public perception of us, the Platform or our members becomes less favorable or unfavorable due to actions by platform participants, changes in tastes and interests or other reasons;- initiatives designed to attract and retain members and engagement are unsuccessful or discontinued, whether as a result of actions by us, third parties, or otherwise;- if we, or other partners and companies or individuals with whom we have commercial or other relationships, or other participants in the industry, are the subject of adverse media reports or other negative publicity; or - if we are unable to preserve and enhance our brand and reputation as a trusted values-aligned platform. Any decrease in member growth, retention or engagement could render our service less attractive to consumer or business members and advertisers, and could harm our business, operating results, and financial condition. In addition, business member affirmation of and adherence to our five core values is a critical feature of the Platform because we believe it demonstrates that the business members on the platform are actually values-aligned with us and our consumer members. If business members on the Platform are not correctly or accurately verified, or if our verification processes prove to be ineffective, it could result in distortion of perceived growth metrics or adverse member experiences. If we were to change our affirmation and adherence methods, that may adversely impact our ability to add new members or retain existing members and advertisers.

In order to grow, we must attract, retain and engage our consumer and business members and advertisers on the Platform and maintain an active consumer member base. Our active members may not grow, and may decline which, in turn, may affect our continued ability to attract businesses and advertisers to the Platform. If current and potential consumer members of the Platform do not perceive their experience with the Platform to be useful, or consider the information, services and products that are offered through the Platform directory to be relevant to their personal taste and interests, we may not be able to attract new consumer members, retain existing consumer members, recover past consumer members or maintain or increase the frequency and duration of consumer members' engagement. Our target demographic market is American consumers who desire to purchase products and services from businesses that share their patriotic, pro-American values. We also may not be able to penetrate our target demographic market in a meaningful manner to grow our number of members. When signing up for the Platform, businesses are required to confirm that they respect our five core values. The number of consumers or businesses who are willing to make such a confirmation may be less than we expect, potentially limiting the demand for the Platform. Further, a large portion of consumer or business members in the United States may not share our values. These factors may limit our ability to further increase our member base and attract advertisers. If we are unable to increase the base of consumers and businesses actively using the Platform, or if our members and advertisers do not believe the Platform provides them with sufficient value and utility, our business would be materially and adversely affected. There are many other factors that could negatively affect member and advertiser growth, retention and engagement, including if: - new competitors enter the market with business models similar to ours;- competitors mimic our products or product features or create more engaging platforms or products, causing members to utilize their products instead of, or more frequently than, our products;- we do not provide a compelling member experience because of the decisions we make regarding our products or the type and frequency of products, services and advertisements that we display on the Platform;- the content (including products, services and advertisements of our business members) is not relevant to consumer members' tastes or interests;- search queries by consumer members do not yield relevant results;- third parties do not permit or continue to permit their content to be displayed on the Platform;- consumer and business members have difficulty or are blocked from installing, updating or otherwise accessing the Platform on mobile devices or web browsers;- our adherence to our five core values results in business decisions that are not in our best financial interests;- there are changes in the amount of time consumer members spend across apps and platforms, including ours;- consumer and business members use or spend more time on other platforms that they feel are more relevant or engaging;- we are unable to provide engaging and relevant content on the Platform;- technical or other problems frustrate the consumer and business member experience, particularly if those problems prevent us from delivering our services in a fast and reliable manner;- we are unable to successfully educate consumer members on how to utilize new products and product features that we introduce, such as e-commerce shopping features;- unscrupulous manufacturers and suppliers attempt to counterfeit, pirate, sell, and gray market our authentic D2C product offerings, which would cause us to incur expenses to combat these attacks and could materially and adversely impact our business and harm our reputation;- consumer spending levels decrease due to increased inflationary pressures;- platform participants behave in ways that negatively affect public perception of the Platform;- changes in laws and regulations adversely affect our business;- we are unable to address member and advertiser concerns regarding the content, privacy and security of the Platform;- we are unable to combat spam, hostile, inappropriate, misleading, abusive or offensive content or usage of our products or services;- consumer members adopt new technologies that block our products or services or where our products or services may be displaced in favor of other products or services, or may not be featured or otherwise available;- our reputation, or public perception of us or persons associated with us;- third-party initiatives that may enable greater use of the Platform, including consumer discounts or rewards, are discontinued;- merchants exist on the Platform that do not provide consumer members with positive shopping experiences, for example, if products are not of the quality depicted on the platform or not readily available for purchase, are not priced competitively or for other reasons do are not in line with changing consumer preferences;- there are macro level conditions that are beyond our control, such as national or regional economic or political conditions within the United States that affect our member base and that cause consumer members to spend less time on the Platform; or - Any failure to increase or any decrease in member growth, retention or engagement would render the Platform less attractive to consumer and business members or advertisers, and would materially harm our business, revenue and financial results.

Negative publicity about Credova or its industry, including the transparency, fairness, user experience, quality, and reliability of Credova's platform or point-of-sale lending platforms in general, the effectiveness of Credova's risk model, the setting and charging of merchant and consumer fees, Credova's ability to effectively manage and resolve complaints, Credova's privacy and security practices, litigation, regulatory activity, misconduct by Credova's employees, funding sources, originating bank partners, service providers, or others in Credova's industry, the experience of consumers and investors with Credova's platform or services or point-of-sale lending platforms in general, or use of loan proceeds by consumers that have obtained loans facilitated through Credova's platform or other point-of-sale lending platforms for illegal purposes, even if inaccurate, could adversely affect Credova's reputation and the confidence in, and the use of, Credova's platform. Any such reputational harm could further affect the behavior of consumers, including their willingness to obtain loans facilitated through Credova's platform or to make payments on their loans.

A key element of our growth strategy depends on our ability to develop and market new products that appeal to our consumer members. The success of our innovation and product development efforts is affected by our ability to anticipate changes in consumer preferences, the technical capability of our innovation staff, our ability to comply with applicable governmental regulations, and the success of our management and sales and marketing teams in introducing and marketing new products. There can be no assurance that we will successfully develop and market new products that appeal to consumer members. For example, product designs we develop may not contain the product attributes desired by our consumer members. Any such failure, including any failure by our e-commerce functionality to gain market acceptance or generate meaningful transaction activity and revenue or any failure of our D2C branded consumer product initiative, may lead to a decrease in our growth, sales and ability to achieve profitability, which could materially adversely affect our business, financial condition, results of operations and prospects. Additionally, the development and introduction of new products may require substantial marketing expenditures, which we may be unable to recoup if new products do not gain widespread market acceptance. If we are unsuccessful in meeting our objectives with respect to new or improved products, our business, financial condition, results of operations and prospects could be adversely affected.

Our success depends, in part, on our ability to protect our proprietary IP rights, including certain methodologies, practices, tools, technologies and technical expertise we utilize in designing, developing, implementing and maintaining applications and processes and related technologies. To date, we have relied primarily on trademarks, trade secrets and other IP laws, non-disclosure agreements with our employees, consultants and other relevant persons and other measures to protect our IP, and intend to continue to rely on these and other means, including and not limited to patent protection, in the future. However, the steps we take to protect our IP may be inadequate, and we may choose not to pursue or maintain protection for our IP in the United States or foreign jurisdictions. We will not be able to protect our IP if we are unable to enforce our rights or if we do not detect unauthorized use of our IP. Despite our precautions, it may be possible for unauthorized third parties to copy our technology and use information that we regard as proprietary to create technology that competes with ours. Further, the laws of some countries do not protect proprietary rights to the same extent as the laws of the United States, and mechanisms for enforcement of IP rights in some foreign countries may be inadequate. To the extent we expand our international activities, our exposure to unauthorized copying and use of our technologies and proprietary information may increase. Accordingly, despite our efforts, we may be unable to prevent third parties from infringing upon, misappropriating or otherwise violating our technology and IP. We rely in part on trademarks, trade secrets, proprietary know-how and other confidential information to maintain our competitive position. Although we enter into non-disclosure and invention assignment agreements with our employees, enter into non-disclosure agreements with our business members, consultants and other parties with whom we have strategic relationships and business alliances and enter into IP assignment agreements with our consultants and vendors, no assurance can be given that these agreements will be effective in controlling access to and distribution of our technology and proprietary information. Further, these agreements do not prevent our competitors from independently developing technologies that are substantially equivalent or superior to our products.

We rely on sophisticated information technology ("IT") systems and infrastructure to support our business. At the same time, cybersecurity incidents, including deliberate attacks, malware, viruses, ransomware attacks, denial of service attacks, phishing schemes, and other attempts to harm IT systems are prevalent and have increased. Our technologies, systems and networks and those of our vendors, suppliers and other business partners may become the target of cyberattacks or information security breaches that could result in the unauthorized release, gathering, monitoring, misuse, loss or destruction of proprietary and other information, or other disruption of business operations. In addition, certain cyber incidents, such as surveillance or vulnerabilities in widely used open source software, may remain undetected for an extended period. Our systems for protecting against cybersecurity risks may not be sufficient. As the sophistication of cyber incidents continues to evolve, we have been and will likely continue to be required to expend additional resources to continue to modify or enhance our protective measures or to investigate and remediate any vulnerability to cyber incidents. Additionally, any of these systems may be susceptible to outages due to fire, floods, power loss, telecommunications failures, usage errors by employees, computer viruses, cyber-attacks or other security breaches or similar events. The failure of any of our IT systems may cause disruptions in our operations, which could adversely affect our revenues and profitability, and lead to claims related to the disruption of our services from members of the Platform and advertisers. Hackers and data thieves are increasingly sophisticated and operate large-scale and complex automated attacks, which may remain undetected until after they occur. Despite our efforts to protect our information technology networks and systems, payment processing, and information, we may not be able to anticipate or to implement effective preventive and remedial measures against all data security and privacy threats. Our security measures may not be adequate to prevent or detect service interruption, system failure, data loss or theft, or other material adverse consequences. No security solution, strategy, or measures can address all possible security threats. Our applications, systems, networks, software, and physical facilities could have material vulnerabilities, be breached, or personal or confidential information could be otherwise compromised due to employee error or malfeasance, if, for example, third parties attempt to fraudulently induce our personnel or our business members to disclose information or usernames and/or passwords, or otherwise compromise the security of our networks, systems and/or physical facilities. We cannot be certain that we will be able to address any such vulnerabilities, in whole or part, and there may be delays in developing and deploying patches and other remedial measures to adequately address vulnerabilities, and taking such remedial steps could adversely impact or disrupt our operations. We expect similar issues to arise in the future as products and services sold through the Platform are more widely adopted, and as we continue to introduce future products and services. An actual or perceived breach of our security systems or those of our third party service providers may require notification under applicable data privacy regulations or for customer relations or publicity purposes, which could result in reputational harm, costly litigation (including class action litigation), material contract breaches, liability, settlement costs, loss of sales, regulatory scrutiny, actions or investigations, a loss of confidence in our business, systems and payment processing, a diversion of management's time and attention, and significant fines, penalties, assessments, fees, and expenses. Moreover, pursuant to SEC rules, public companies must disclose material cybersecurity incidents on Form 8-K within four business days (subject to a delayed compliance date for smaller reporting companies, of which we are one). In addition, companies must provide cybersecurity risk management disclosures in their annual reports. The costs to respond to a security breach or to mitigate any security vulnerabilities that may be identified could be significant, and our efforts to address these problems may not be successful. These costs include, but are not limited to: retaining the services of cybersecurity providers; complying with requirements of existing and future cybersecurity, data protection and privacy laws and regulations, including the costs of notifying regulatory agencies and impacted individuals; and maintaining redundant networks, data backups, and other damage-mitigation measures. We could be required to fundamentally change our business activities and practices in response to a security breach or related regulatory actions or litigation, which could have an adverse effect on our business. Additionally, most jurisdictions have enacted laws requiring companies to notify individuals, regulatory authorities, and others of security breaches involving certain types of data. Such mandatory disclosures are costly, could lead to negative publicity, may cause our customers to lose confidence in the effectiveness of our security measures, and require us to expend significant capital and other resources to respond to or alleviate problems caused by the actual or perceived security breach. We may not have adequate insurance coverage for handling cyber security incidents or breaches, including fines, judgments, settlements, penalties, costs, attorney fees, and other impacts that arise out of incidents or breaches. If the impacts of a security incident or breach, or the successful assertion of one or more large claims against us that exceeds our available insurance coverage, or results in changes to our insurance policies (including premium increases or the imposition of large deductible or co-insurance requirements), it could harm our business. In addition, we cannot be sure that our existing insurance coverage will continue to be available on acceptable terms or that our insurers will not deny coverage as to all or part of any future claim or loss. Moreover, our privacy risks are likely to increase as we continue to expand, grow our consumer and business member base, and process, store, and transmit increasingly large amounts of personal or sensitive data.

Credova uses vendors, such as Credova's cloud computing web services provider, virtual card processing companies, and third-party software providers, in the operation of Credova's platform. The satisfactory performance, reliability, and availability of Credova's technology and Credova's underlying network and infrastructure are critical to Credova's operations and reputation and the ability of Credova's platform to attract new and retain existing merchants and consumers. Credova relies on these vendors to protect their systems and facilities against damage or service interruptions from natural disasters, power or telecommunications failures, air quality issues, environmental conditions, computer viruses or attempts to harm these systems, criminal acts, and similar events. If Credova's arrangement with a vendor is terminated or if there is a lapse of service or damage to its systems or facilities, Credova could experience interruptions in its ability to operate its platform. Credova also may experience increased costs and difficulties in replacing that vendor and replacement services may not be available on commercially reasonable terms, on a timely basis, or at all. Any interruptions or delays in Credova's platform availability, whether as a result of a failure to perform on the part of a vendor, any damage to one of Credova's vendor's systems or facilities, the termination of any of Credova's third-party vendor agreement, software failures, Credova's or its vendor's error, natural disasters, terrorism, other man-made problems, security breaches, whether accidental or willful, or other factors, could harm Credova's relationships with its merchants and consumers and also harm Credova's reputation. In addition, Credova sources certain information from third parties. In the event that any third party from which Credova sources information experiences a service disruption, whether as a result of maintenance, natural disasters, terrorism, or security breaches, whether accidental or willful, or other factors, the ability to score and decision loan applications through Credova's platform may be adversely impacted. Additionally, there may be errors contained in the information provided by third parties. This may result in the inability to approve otherwise qualified applicants through Credova's platform, which may adversely impact Credova's business by negatively impacting Credova's reputation and reducing Credova's transaction volume. To the extent Credova uses or is dependent on any particular third-party data, technology, or software, Credova may also be harmed if such data, technology, or software becomes non-compliant with existing regulations or industry standards, becomes subject to third-party claims of intellectual property infringement misappropriation, or other violation, or malfunctions or functions in a way Credova did not anticipate. Any loss of the right to use any of this data, technology, or software could result in delays in the provisioning of Credova's products and services until equivalent or replacement data, technology, or software is either developed by us, or, if available, is identified, obtained, and integrated, and there is no guarantee that Credova would be successful in developing, identifying, obtaining, or integrating equivalent or similar data, technology, or software, which could result in the loss or limiting of Credova's products, services, or features available in Credova's products or services. These factors could prevent Credova from processing transactions or posting payments on Credova's platform, damage Credova's brand and reputation, divert the attention of Credova's employees, reduce total income, subject Credova to liability, and cause consumers or merchants to abandon Credova's platform, any of which could have a material and adverse effect on Credova's business, results of operations, financial condition, and prospects.

Regulators in various jurisdictions are showing increased attention and scrutiny of BNPL arrangements, including in those jurisdictions in which Credova operates. There is potential that Credova may become subject to additional legal or regulatory requirements if laws or regulations change in the future, the interpretation of laws and regulations changes in the future, industry standards for consumer finance and BNPL arrangements change in the future, or regulators more heavily scrutinize consumer finance and BNPL arrangements. This increased risk may relate to state lending licensing or other state licensing or registration requirements, regulatory requirements concerning consumer finance and BNPL arrangements, consumer protection or consumer finance matters, or similar limitations on the conduct of Credova's business. There is a risk that additional or changed legal, regulatory and industry compliance standards may make it economically unfeasible for Credova to continue to operate, or to expand in accordance with its strategy. This would likely have a material adverse effect on Credova's business, results of operations and financial condition, including by preventing Credova's business from reaching sufficient scale.

From time to time, we may be party to various claims and litigation proceedings. Even when not merited, the lawsuits and other legal proceedings may divert management's attention, and we may incur significant expenses in pursuing or defending these lawsuits or other legal proceedings. The results of litigation and other legal proceedings are inherently uncertain, and adverse judgments or settlements in some of these legal disputes may result in adverse monetary damages, penalties or injunctive relief against us, which could negatively impact our financial position, cash flows or results of operations. Any claims or litigation, even if fully indemnified or insured, could damage our reputation and make it more difficult to compete effectively or to obtain adequate insurance in the future. Furthermore, while we maintain insurance for certain potential liabilities, our insurance does not cover all types and amounts of potential liabilities and is subject to various exclusions as well as caps on amounts recoverable. Even if we believe a claim is covered by insurance, insurers may dispute our entitlement to recovery for a variety of potential reasons, which may affect the timing and, if the insurers prevail, the amount of our recovery.

Due to shifting economic and political conditions in both the United States or elsewhere, tax policies, laws, or rates may be subject to significant changes in ways that impair our financial results. Various jurisdictions have enacted or are considering digital services taxes, which could lead to inconsistent and potentially overlapping tax regimes. In the United States, the rules dealing with federal, state and local income taxation are constantly under review by persons involved in the legislative process and by the Internal Revenue Service and the United States Treasury Department. Changes to tax laws (which changes may have retroactive application) could adversely affect us. In recent years, many such changes have been made and changes are likely to continue to occur in the future. It cannot be predicted whether, when, in what form, or with what effective dates, new tax laws may be enacted, or regulations and rulings may be promulgated or issued under existing or new tax laws, which could result in an increase in our tax liability or require changes in the manner in which we operates in order to minimize or mitigate any adverse effects of changes in tax law or in the interpretation thereof.

We are or may become subject to data privacy and securities laws and regulations that apply to the collection, transmission, storage, use, processing, destruction, retention and security of personal information. Our current privacy policies and practices are designed to comply with privacy and data protection laws in the United States. These policies and practices inform members how we handle their personal information and, as permitted by law, allow members to change or delete the personal information in their member accounts. The legislative and regulatory landscape for privacy and data protection continues to evolve in the United States, both federally and at the state level, as well as in other jurisdictions worldwide, and these laws and regulations may at times be conflicting. It is possible that these laws may be interpreted and applied in a manner that is inconsistent from one jurisdiction or is inconsistent with our practices, and our efforts to comply with the evolving data protection rules may be unsuccessful. We must devote significant resources to understanding and complying with this changing landscape. Failure to comply with federal, state, provincial and international laws regarding privacy and security of personal information could expose us to penalties under such laws, orders requiring that we change our practices, claims for damages or other liabilities, regulatory investigations and enforcement action (including fines and penalties), litigation, significant costs for remediation, and damage to our reputation and loss of goodwill, any of which could have a material adverse effect on our business, financial condition, results of operations and prospects. Although we endeavor to comply with our published privacy policies and related documentation, and all applicable privacy and security laws and regulations, we may at times fail to do so or may be perceived to have failed to do so. Even if we have not violated these laws and regulations, government investigations into these issues typically require the expenditure of significant resources and generate negative publicity, which could have a material adverse effect on our business, financial condition, results of operations and prospects. Additionally, if we are unable to properly protect the privacy and security of personal information, including sensitive personal information (e.g., financial information), we could be found to have breached our contracts with certain third parties. There are numerous U.S. and Canadian federal, state, and provincial laws and regulations related to the privacy and security of personal information. Determining whether protected information has been handled in compliance with applicable privacy standards and our contractual obligations can be complex and may be subject to changing interpretation. For example, in 2018, California enacted the California Consumer Privacy Act ("CCPA"), which, among other things, requires new disclosures to California consumers and affords such consumers new abilities to opt out of certain sales of information and may restrict the use of cookies and similar technologies for advertising purposes. The CCPA, which became effective on January 1, 2020, was amended on multiple occasions and is the subject of regulations issued by the California Attorney General regarding certain aspects of the law and its application. Moreover, California voters approved the California Privacy Rights Act (the "CPRA") in November 2020. The CPRA significantly modifies the CCPA, creating additional obligations relating to consumer data, with enforcement beginning July 1, 2023. Aspects of the CCPA and CPRA remain unclear, resulting in further uncertainty and potentially requiring us to modify our data practices and policies and to incur substantial additional costs and expenses in an effort to comply. Similar laws have been proposed, and likely will be proposed, in other states and at the federal level, and if passed, such laws may have potentially conflicting requirements that would make compliance challenging. Similar state laws have been passed in Virginia, Colorado, Utah, Connecticut, and New Jersey and other states are expected to follow. If we fail to comply with applicable privacy laws, we could face civil and criminal fines or penalties. Failing to take appropriate steps to keep consumers' personal information secure, or misrepresentations regarding our current privacy practices, can also constitute unfair acts or practices in or affecting commerce and be construed as a violation of Section 5(a) of the Federal Trade Commission Act (the "FTCA"), 15 U.S.C. § 45(a). The Federal Trade Commission ("FTC") expects a company's data security measures to be reasonable and appropriate in light of the sensitivity and volume of consumer information it holds, the size and complexity of our business, and the cost of available tools to improve security and reduce vulnerabilities. The FTC may also bring an action against a company who collects or otherwise processes personal information for any statements it deems misleading or false contained in privacy disclosures to consumers. While we use best efforts to comply with our published privacy policies and related documents, we may at times fail to do so, or may be perceived to have failed to do so. In addition, we may be unsuccessful in achieving compliance if our personnel, partners, or service providers fail to comply with our published privacy policies and related documentation. Such failures can subject us to potential foreign, local, state and federal action if they are found to be deceptive, unfair, or misrepresentative of our actual practices. In addition, state attorneys general are authorized to bring civil actions seeking either injunctions or damages in response to violations that threaten the privacy of state residents. We cannot be sure how these regulations will be interpreted, enforced or applied to our operations. In addition to the risks associated with enforcement activities and potential contractual liabilities, our ongoing efforts to comply with evolving laws and regulations at the federal and state level may be costly and require ongoing modifications to our policies, procedures and systems. As our business grows, we may also become subject to international privacy laws regulating the collection, transmission, storage, use, processing, destruction, retention and security of personal information. For example, in the European Union, the collection, transmission, storage, use, processing, destruction, retention and security of personal data is governed by the provisions of the General Data Protection Regulation (the "GDPR") in addition to other applicable laws and regulations. The GDPR came into effect in May 2018, repealing and replacing the European Union Data Protection Directive, and imposing revised data privacy and security requirements on companies in relation to the processing of personal data of European Union data subjects. The GDPR, together with national legislation, regulations and guidelines of the European Union Member States governing the collection, transmission, storage, use, processing, destruction, retention and security of personal data, impose strict obligations with respect to, and restrictions on, the collection, use, retention, protection, disclosure, transfer and processing of personal data. The GDPR also imposes strict rules on the transfer of personal data to countries outside the European Union that are not deemed to have protections for personal information, including the United States. The GDPR authorizes fines for certain violations of up to 4% of the total global annual turnover of the preceding financial year or €20 million, whichever is greater. Such fines are in addition to any civil litigation claims by data subjects. Separately, Brexit has led and could also lead to legislative and regulatory changes and may increase our compliance costs. As of January 1, 2021, and the expiry of transitional arrangements agreed to between the United Kingdom and the European Union, data processing in the United Kingdom is governed by a United Kingdom version of the GDPR (combining the GDPR and the Data Protection Act 2018), exposing us to two parallel regimes, each of which authorizes similar fines and other potentially divergent enforcement actions for certain violations. On June 28, 2021, the European Commission adopted an adequacy decision for the United Kingdom, allowing for the relatively free exchange of personal information between the European Union and the United Kingdom. Other jurisdictions outside the European Union are similarly introducing or enhancing privacy and data security laws, rules and regulations, which could increase our compliance costs and the risks associated with noncompliance. Overall, because of the complexity of these laws, the changing obligations and the risk associated with our collection and use of data, we cannot guarantee that we are, or will be, in compliance with all applicable U.S., Canadian, or other international regulations as they are enforced now or as they evolve.

We could face employee claims against us based on, among other things, wage and hour violations, discrimination, harassment, or wrongful termination that may also create not only legal and financial liability, but also negative publicity that could adversely affect us and divert our financial and management resources that would otherwise be used to benefit the future performance of our operations.

The sale of our D2C branded products, including our recently launched disposable diaper and wipe products under our pro-family "EveryLifeTM" brand, may expose us to significant inventory risks that may adversely affect our operating results, as a result of seasonality, new product launches, rapid changes in product cycles and pricing, defective merchandise, warranty claims, recalls, changes in consumer and business member demand and spending patterns, changes in consumer member tastes with respect to our products, and other factors. Despite our best efforts, we may not be able to accurately predict these trends and avoid overstocking or understocking D2C products we would manufacture and sell. Demand for products can change significantly between the time inventory or components are ordered and the date of sale. In addition, if we begin selling or manufacturing a new D2C product, it may be difficult to establish vendor relationships, determine appropriate product or component selection, and accurately forecast demand. The acquisition of certain types of inventory or components requires significant lead-time and prepayment and they may not be returnable. Any one of the inventory risk factors set forth above may adversely affect our operating results.

Our results of operations could be materially affected by economic and political conditions in the United States and internationally, including inflation, deflation, interest rates, availability of capital, war, terrorism, aging infrastructure, pandemics, energy and commodity prices, trade laws, election cycles and the effects of governmental initiatives to manage economic conditions. Current or potential business and consumer members may delay or decrease spending on our products and services sold through the Platform as their business and/or budgets are impacted by economic conditions. The inability of current and potential business and consumer members to pay us for products and services sold through the Platform may adversely affect our earnings and cash flows.