Similarweb (SMWB) Risk Analysis

Our ability to increase our customer base and achieve broader market acceptance of our solutions and platform capabilities will depend to a significant extent on our ability to expand our sales and marketing organizations. We plan to continue expanding our direct sales force, both in existing geographies in which we operate and new international markets. We also plan to dedicate significant resources to our sales and marketing programs and to training our sales force. All of these efforts will require us to invest significant financial and other resources, including in channels in which we have limited or no experience to date. In addition, evolving customer procurement practices, increased budget scrutiny, vendor consolidation initiatives, and longer or more complex evaluation and security review processes may require us to devote additional time and resources to close deals and may reduce our ability to efficiently acquire new customers. Our business and results of operations will be harmed if our sales and marketing efforts do not generate significant increases in revenue or increases in revenue that are smaller than anticipated. We may not achieve anticipated revenue growth from expanding our sales force if we are unable to hire, develop, integrate and retain talented and effective sales personnel, if our new and existing sales personnel, on the whole, are unable to achieve desired productivity levels in a reasonable period of time, or if our sales and marketing programs are not effective. We believe that there is significant competition for sales personnel with the skills and technical knowledge that we require. Our ability to achieve revenue growth will depend, in large part, on our success in recruiting, training and retaining sufficient numbers of sales personnel to support our growth. If we expand into new markets, industries, or customer segments, our sales personnel may require additional product, industry and regulatory expertise, and our ramp times may increase. In addition, as the size of our sales and account management organization increases, we need to attract, recruit and retain team managers and leaders who can effectively manage larger teams. If we are unable to attract, retain, and develop strong business leaders and team managers in our expanded go-to-market organization, our growth prospects and business will suffer. Moreover, changes in our go-to-market organization, including territory design, compensation structures, sales methodologies, or the deployment of new tools (including artificial intelligence-enabled sales productivity tools), may not produce the intended benefits, may disrupt execution, or may negatively affect morale, retention, and productivity. If our sales personnel do not effectively articulate the value of our solutions, demonstrate clear return on investment, or drive successful customer onboarding and adoption, our ability to acquire new customers and expand existing customers may be adversely affected.

As we increasingly incorporate artificial intelligence, machine learning, automation and data-driven models into our platform and solutions and data collection, we face evolving and uncertain intellectual property risks related to the development, training, deployment and commercialization of these technologies. Intellectual property laws and regulations governing artificial intelligence, including the ownership of AI-generated outputs, the use of training data, and the protectability of algorithms, models and methodologies, are unsettled and continue to evolve across jurisdictions. We may rely on a combination of proprietary data, licensed third-party data, open-source software, publicly available information and internally developed models to train and operate AI-enabled features. Third parties may claim that our use of data, models or outputs infringes or misappropriates their intellectual property, violates contractual restrictions, or exceeds the scope of applicable licenses. In addition, we may face allegations that AI-generated outputs produced by our solutions infringe the copyrights, trade secrets or other intellectual property rights of third parties, even where such outputs are generated without direct copying or intent to infringe. The availability, scope and enforceability of intellectual property protections for AI-related innovations remain uncertain. We may be unable to obtain or enforce patent, copyright, trade secret or other protections for certain AI-enabled features, models or outputs, and competitors may be able to replicate or approximate aspects of our AI-based solutions without infringing our intellectual property rights. Conversely, we may be required to defend against claims that our AI technologies infringe the rights of others, which could be costly, time-consuming and distracting to management, and could result in injunctions, damages, licensing obligations or the need to modify, limit or discontinue certain features or solutions. Changes in law, regulation or judicial interpretation related to artificial intelligence, including requirements for transparency, attribution, data provenance or output explainability, may further affect our ability to protect our intellectual property or expose us to additional compliance or litigation risk. If we are unable to adequately protect our AI-related intellectual property, if we are required to obtain costly licenses, modify or discontinue AI-enabled features, or if we become subject to significant infringement claims or regulatory scrutiny, our competitive position, growth prospects, reputation, results of operations and financial condition could be materially and adversely affected.

The software underlying our platform and solutions is highly technical and complex. Our software has previously contained, and may now or in the future contain, undetected errors, bugs or vulnerabilities. In addition, errors, failures, bugs and vulnerabilities may be contained in the open source software we use to build and operate our solutions or may result from errors in the deployment or configuration of open source software. Some errors in our software may only be discovered after the software has been deployed or may never be generally known. Errors or limitations in data inputs, algorithms, models or assumptions, including those used in AI-enabled features, could also lead to inaccurate, incomplete or misleading insights. Any errors, failures, bugs or vulnerabilities discovered in our software after it has been deployed, or never generally discovered, could result in a decline in the accuracy of the intelligence we produce for customers, interruptions in platform availability, solution malfunctioning or data breaches, unauthorized access to or manipulation of data, degradation of system performance, or incorrect analytical outputs, and thereby result in damage to our reputation, adverse effects upon customers, loss of customers and relationships with third parties, loss of revenue or liability for damages. Perceived errors or inaccuracies, even if not substantiated, may harm customer trust and confidence in our platform and could lead customers to reduce usage, delay renewals or terminate subscriptions. In some instances, we may not be able to identify the cause or causes of these problems or risks within an acceptable period of time. Furthermore, the detection, remediation and prevention of such issues may require significant resources and may divert management attention from other strategic initiatives.

Information may be considered MNPI for securities law purposes due to various factors including whether that information is obtained in an unlawful manner. The SEC is increasingly focusing on the use of alternative data, or data sets comprised of information about a particular company that is published by sources outside of the company, which can provide unique and timely insights into investment opportunities such as the data we provide as part of our investor intelligence solution. Specifically, the SEC is focusing on whether investment funds have received MNPI from an alternative data vendor and on whether the fund has and enforces policies and procedures designed to address the MNPI and other risks posed by the use of alternative data. To date, there is limited case law or regulatory guidance with respect to the classification of alternative data as MNPI. In light of this heightened regulatory focus and legal uncertainty, current and potential investment fund and other customers are conducting rigorous due diligence reviews of our data acquisition processes and regulatory compliance both at the on-boarding stage and subsequently on an ongoing basis. We cannot guarantee that our data acquisition processes and regulatory compliance efforts will be sufficient to meet the requirements of existing or potential customers or regulatory standards as such standards evolve or are interpreted by regulators. Failure to meet those requirements or standards could result in an increase in the cancellation or non-renewal of customer agreements and negatively affect our revenue. Furthermore, if the actionable insights we provide, the data we acquire and process, or the datasets and features we offer derived from our access to and analysis of files extracted from third party mobile applications that we provide to customers, especially to purchasers of our investor intelligence solutions, may be determined, in light of the facts and circumstances, as constituting MNPI by securities regulators, including the SEC as having been derived from data sources or methods deemed impermissible or high risk, many customers, especially purchasers of our investor intelligence solutions, would most likely cease to purchase that solution, and we could be exposed to direct legal actions and/or penalties from regulatory authorities, including the SEC. In addition, customers may seek contractual remedies, indemnification or termination rights based on perceived MNPI exposure. In that event we would likely need to invest considerable resources, suffer potential business interruption in making changes to our solutions to remove the relevant information deemed to be MNPI, modify our data acquisition methods, enhance compliance controls, or discontinue certain datasets or features altogether, which could materially and adversely affect our business, financial condition and results of operations.

We would be classified as a passive foreign investment company, or PFIC, for any taxable year if, after the application of certain look-through rules, either: (i) 75% or more of our gross income for such year is "passive income" (as defined in the relevant provisions of the Internal Revenue Code of 1986, as amended), or (ii) 50% or more of the value of our assets (generally determined on the basis of a quarterly average) during such year is attributable to assets that produce or are held for the production of passive income. Based on the estimated composition of our income, assets and operations, we do not believe that we were classified as a PFIC for U.S. federal income tax purposes for the taxable year ended December 31, 2025. The determination of whether we are classified as a PFIC is a factual determination that must be made annually after the close of each taxable year. Moreover, this determination will depend on, among other things, the composition of our income and assets, as well as the value of our assets (which for purposes of the PFIC determination may fluctuate with our market capitalization). The United States Internal Revenue Service, or IRS, or a court may disagree with our expectations. Therefore, there can be no assurance that we were not a PFIC for our 2025 taxable year or will not be classified as a PFIC in the current taxable year or in the future. Certain adverse U.S. federal income tax consequences could apply to a U.S. Holder (as defined in "Material income tax considerations-Material U.S. federal income tax considerations for U.S. holders") if we are treated as a PFIC for any taxable year during which such U.S. Holder (defined below) holds our ordinary shares, including (1) the treatment of all or a portion of any gain on disposition of our ordinary shares as ordinary income, (2) the application of an interest charge with respect to such gain and certain dividends and (3) compliance with certain reporting requirements.

Our ability to operate our business and provide our services relies heavily on the collection and use of information. In recent years, there has been an increase in attention to and regulation of data protection and data privacy as well as the development, deployment and governance of artificial intelligence systems across the globe. We are subject to a variety of laws, directives and regulations relating to the collection, use, retention, security, disclosure, transfer and other processing of personal data, such as the European Union's and United Kingdom's General Data Protection Regulation (together referred to as "GDPR"), the EU e-Privacy Directive, the EU Artificial Intelligence Act ("EU AI Act"), and many state privacy laws such as the California Consumer Privacy Act, or CCPA, the Virginia Consumer Data Protection Act, or VCDPA, the Colorado Privacy Act, or CPA, and similar laws that have been enacted in more than 20 US states, and additional privacy laws are currently being considered in many US states and at the federal level. Other data privacy or data protection laws or regulations are under consideration in other jurisdictions as well. These laws are not always uniform in the way they define and treat certain data types, including business-to-business data or "sensitive data" (as such term is defined under privacy laws), and we must often update our consumer notices and adapt our compliance programs to account for the differences among such laws. These laws impose restrictions on our ability to gather and process data we require in order to provide our products to our customers and could require us to take on more onerous obligations in our contracts and add provisions to our data protection agreements related to the processing of personal data and the use, governance and auditability of AI-enabled features. These laws set out extensive compliance requirements, including providing detailed disclosures about how personal data is collected and processed; demonstrating that an appropriate legal basis is in place or otherwise exists to justify data processing activities; granting new rights for data subjects in regard to their personal data (including rights to be informed of the processing of their personal data, to consent, and withdraw consent to such processing,object to, limit or opt-out of certain processing of personal data, the right to access, correct or delete personal data, the right not to be subject to decisions with significant effects, based solely on automated processing, and the right to data portability); notifying affected individuals, data protection regulators or supervisory authorities of data incidents or security breaches; defining requirements in connection with deidentified, aggregated or pseudonymized (i.e., key-coded) data; imposing limitations on retention, use and sale or sharing of personal data; restricting the collection of data via cookies or other online tracking tools; maintaining a record of data processing and/or conducting data risk assessments; and complying with various privacy principles and the obligation to demonstrate compliance through written policies, procedures, trainings and audits. Concern regarding our use of the personal data we collect or data used to train or support AI-enabled solutions as well as the validity of the consents we obtain, could keep prospective customers from subscribing to our services or could limit our ability to maintain and grow our contributory network. Industry-wide incidents or incidents with respect to our practices, including misappropriation of third-party information, security breaches, or changes in industry standards, regulations, or laws, together with more active regulatory enforcement from privacy authorities could deter people from using the B2C products that we rely upon to grow and maintain our contributory network, or from using the internet, our solutions and/or our B2C products, which could harm our business. Further, US state privacy laws are making it easier for individuals to opt out of having their personal data collected for purposes beyond those necessary to provide our products. Although we already honor opt-out requests, such legal and regulatory changes could increase public awareness of this option, resulting in higher rates of opting out. Third-party intermediaries have emerged, and will likely continue to emerge, that offer services involving opting individuals out of their personal data being collected at scale (i.e., from all platforms). Consequently, our ability to grow our business may be harmed.In addition, the processes we use to deidentify, aggregate or pseudonymize data or to clean data such as by identifying and removing potentially personal data from URLs may prove to be insufficient under applicable data protection laws. We also receive data from third-party sources (e.g., other data providers). We must rely on our data providers to ensure that personal data was collected and is being shared with us for our use in compliance with all applicable data privacy laws and contractual obligations and with appropriate notices and consents in place. Furthermore, we use third-party service providers some of which process personal data on our behalf. We maintain policies concerning the collection, processing, use and retention of information, including personal data and, where appropriate, we publicly post documentation regarding our practices concerning the collection, processing, use and disclosure of personal data. Although we endeavor to comply with our policies, we may at times fail to do so or be subject to a claim alleging our failure to do so. Also, although we require certain undertakings from our third-party data providers regarding their compliance with these requirements, we may fail to conduct proper due diligence, adequately monitor their compliance or may fail to discover their failure to comply with these requirements with respect to the data they provide to us. Any such non-compliance can subject us to potential governmental action, class action lawsuits, private rights of action or third-party claims. Given the nature of our business and the fact that we do not always have a direct relationship with the relevant data subject, it can be difficult for us to ensure that individuals are aware of such policies or our processing of the personal data at the point of data collection. As such, we may be subject to complaints from individuals, third-parties or regulators for failing to meet the necessary transparency obligations or obtaining valid consents under applicable data privacy laws. The publication of our privacy policy and other documentation that provide information about our privacy and security practices can subject us to potential state and federal action in the United States and elsewhere if they are found to be deceptive, unfair, or a misrepresentation of our actual practices. Any failure by us, our suppliers or other parties with whom we do business to comply with this documentation or with federal, state, or local laws in the United States or international regulations, could result in proceedings against us by governmental entities or others. In many jurisdictions, enforcement actions and consequences for noncompliance are rising. In the United States, these include enforcement actions in response to rules and regulations promulgated under the authority of federal agencies and state attorneys general and legislatures and consumer protection agencies. In addition, privacy advocates and industry groups have regularly proposed, and may propose in the future, self-regulatory standards with which we must legally comply or that contractually apply to us. If we fail to follow these standards even if no user information is compromised, we may incur significant fines, adverse publicity, or experience a significant increase in costs. Certain of our activities could be found by a government or regulatory authority to be noncompliant or become noncompliant in the future with one or more data protection or data privacy laws, even if we have implemented and maintained a strategy that we believe to be compliant. For example, we process some personal data collected in the EU and UK pursuant to the legitimate interest provision under the GDPR. However, regulators may disagree with our application of this basis for data collection and processing and find that our data collection and processing has violated the GDPR or find that we have not sufficiently justified use of the provision. If regulators determine that our reliance on legitimate interests, or any other legal basis for processing, is invalid or inadequately documented, we could be required to modify or cease certain processing activities, implement additional compliance measures, respond to regulatory investigations or complaints, or pay administrative fines. We could also face claims from data subjects or advocacy groups, reputational harm and increased compliance costs, any of which could adversely affect our business, financial condition and results of operations. Certain data privacy laws impose sanctions for violations. For example, GDPR imposes a reprimand, a temporary or definitive ban on processing and/or a fine of up to €20 million or 4% of the business's total annual worldwide turnover of the preceding financial year, whichever is higher. Furthermore, new interpretations of existing data protection laws or regulations could be inconsistent with our interpretations, increase our compliance burden, make it more difficult to comply and/or increase our risk of regulatory investigations and fines. For example, we are subject to complex and evolving regulatory requirements regarding the collection, sharing and use of personal data, including state laws such as the CCPA, VCDPA, CPA and similar US state privacy laws in other jurisdictions, related to collection and "selling" (a broadly defined term under a majority of US state privacy laws) of personal data. We may also be subject to laws and regulations, including the Directive on Privacy and Electronic Communications (in the EU), the Privacy and Electronic Communications Regulations (in the UK) or the Telephone Consumer Protection Act (in the US), applying to the processing of personal data in the context of marketing, advertising, and other communications with individuals. In Israel, where we are incorporated and have significant operations, including our corporate headquarters, we are subject to the Israeli Privacy Protection Law, 5741-1981, as amended ("PPL"), and its regulations, including the Israeli Privacy Protection Regulations (Data Security), 5777-2017 (the "Data Security Regulations"), and the guidelines of the Israeli Privacy Protection Authority ("IPPA"). The PPL, the Data Security Regulations, and the IPPA guidelines impose obligations regarding how personal data is processed, maintained, transferred, disclosed, accessed, and secured. Material changes to the PPL or the Data Security Regulations may require us to adjust our data protection and data security practices. For example, the Protection of Privacy (Amendment No. 13) Law, 5784-2024 ("Amendment 13"), passed by the Knesset in August 2024, and entered into force on August 14, 2025. Amendment 13 expanded the IPPA's authority to investigate suspected privacy violations and impose significantly higher monetary sanctions than those currently available. Amendment 13 also introduced additional obligations for parties that process personal data, which required us to modify our data practices and policies, appoint a data protection officer specifically in Israel, and incur substantial costs to adjust our privacy and data protection practices in Israel. Additionally, the Privacy Protection (Provisions Regarding Information Transferred to Israel from the European Economic Area) Regulations, 5784-2023 ("EU Transfer Regulations"), took effect in January 2025 and apply to personal data of Israeli individuals. As a result, we needed to adjust and continue to adjust our practices, especially those related to data subjects' rights. Failure to comply with the PPL, its regulations, and guidelines issued by the IPPA may expose us to administrative fines, civil claims (including class actions), and in certain cases, criminal liability. The IPPA may initiate administrative inspection proceedings from time to time. In addition, if an administrative inspection procedure initiated by the IPPA reveals irregularities with respect to our compliance with the PPL, we may need to take remedial actions to rectify such irregularities, which may increase our costs, in addition to our exposure to administrative fines, civil claims (including class actions), and in certain cases, criminal liability. Upon Amendment 13 entering into effect in August 2025, the sanctions for non-compliance with the requirements of the PPL and its regulations (including the Data Security Regulations and the EU Transfer Regulations) significantly increased and, in certain cases, may reach substantial amounts in the millions of NIS. Complying with applicable data protection laws may cause us to incur substantial operational costs or require us to change our business practices. Despite our efforts to bring practices into compliance with these laws, we may not be successful in our efforts to achieve compliance either due to internal or external factors such as resource allocation limitations or a lack of vendor cooperation. Non-compliance could result in proceedings against us by governmental entities, users, data subjects or others. We may also experience difficulty retaining or obtaining new European or multi-national users due to the legal requirements, compliance cost, potential risk exposure, and uncertainty for these entities, and we may experience significantly increased liability with respect to these users pursuant to the terms set forth in our engagements with them. Additionally, many U.S. state legislatures have adopted legislation that regulates how businesses operate online, including measures relating to privacy, data security, data breaches, and data brokers. Laws in all 50 states require businesses to provide notice to users whose personally identifiable information has been disclosed as a result of a data breach. The laws are not consistent, and compliance in the event of a widespread data breach is costly. Penalties for the failure to adequately protect personal information, notify as required or provide timely notice vary by jurisdiction. In the U.S., most state data breach notification laws consider violations to be unfair or deceptive trade practices and give the applicable state attorney general authority to levy fines or bring enforcement actions. States are also constantly amending existing laws, requiring attention to frequently changing regulatory requirements. Furthermore, additional states have passed or introduced pending legislation, which marks the beginning of a trend toward more stringent United States privacy legislation, which could increase our potential liability and adversely affect our business. A few states have enacted data broker registration laws that create additional obligations for businesses that sell certain personal data. Since we determined that we are required to register as a data broker in some states, this could increase public awareness of a consumer's ability to opt out of having their personal data processed by us, resulting in higher rates of opting out. Consequently, our ability to grow our business may be harmed. As laws place more stringent restrictions upon companies with business models such as ours, compliance will only become more complex, which could adversely affect our business. Because the interpretation and application of privacy and data protection laws along with contractually imposed industry standards and AI governance requirements are uncertain, it is possible that these laws may be interpreted and applied in a manner that is inconsistent with our existing data processing practices or the features of our solutions and platform capabilities. If so, in addition to the possibility of fines, lawsuits, regulatory investigations, imprisonment of company officials and public censure, other claims and penalties, and significant costs for remediation and damage to our reputation, we could be required to fundamentally change our business activities and practices including limiting, modifying or discontinuing certain AI-enabled functionalities, or modify our solutions and platform capabilities, any of which could have an adverse effect on our business. Any inability to adequately address privacy and security concerns, even if unfounded, or comply with applicable privacy and data security laws, regulations, and policies, could result in additional cost and liability to us, damage our reputation, inhibit sales and adversely affect our business. Furthermore, the costs of compliance with, and other requirements imposed by, the laws, regulations, and policies that are applicable to the businesses of our users may limit the use and adoption of, and reduce the overall demand for, our solutions. Privacy and data security concerns, whether valid or not valid, may inhibit market adoption of our solutions, particularly in certain industries and foreign countries. If we are not able to adjust to changing laws, regulations, and standards related to the internet, our business may be harmed. Future legal requirements could reduce demand for our services, require us to take on more onerous obligations in our contracts, restrict our ability to store, transfer and process personal and other data or, in some cases, impact our ability to offer our services in certain locations, to deploy our solutions, to reach current and prospective customers, or to derive insights from data globally. In 2023, the EU-US Privacy Shield scheme was replaced by the EU-U.S. Data Privacy Framework ("DPF") and the UK Extension to the DPF, which were developed to facilitate transatlantic commerce by providing U.S. organizations with appropriate mechanisms for personal data transfers to the U.S. from the European Economic Area and the UK. Only U.S. legal entities subject to the jurisdiction of the Federal Trade Commission or the U.S. Department of Transportation are currently eligible to participate in the DPF program, by self-certification. Companies transferring data to entities that do not self-certify under the DPF would need to rely on an alternative transfer mechanism, such as an applicable derogation or contractual safeguards (e.g. Binding Corporate Rules or the standard contractual clauses ("SCCs")). However, the July 2020 Schrems II decision of the Court of Justice of the European Union makes it clear that reliance on them alone may not necessarily be sufficient. The use of contractual safeguards must now be assessed on a case-by-case basis taking into account the legal regime applicable in the destination country, in particular applicable surveillance laws and rights of individuals and additional technical and organizational measures and/or contractual provisions may need to be put in place. The nature of the additional measures would depend on the residual risk to personal data transferred when relying on contractual safeguards like SCCs. If our ability to transfer personal data between and among the countries and regions in which we operate is hampered due to increased regulatory requirements, it could affect how we provide our solutions, the geographical location or segregation of our relevant systems and operations, reduce demand for our solutions from companies subject to European and UK data protection laws, and could adversely affect our financial results. Compliance with any of the foregoing laws and regulations (including as subsequently interpreted) can be costly and can delay or impede the development of new products or services. We may incur substantial fines if we violate any laws or regulations relating to the collection or use of personal data. Such penalties may be in addition to any civil litigation claims by users and data subjects. Our actual or alleged failure to comply with applicable privacy or data security laws, regulations, and policies, or to protect personal data, could result in legal actions by private actors, enforcement actions by governmental entities and significant penalties against us, which could result in negative publicity or costs, subject us to claims or other remedies, and have a material adverse effect on our business, financial condition, and results of operations.

Many of our existing competitors have, and some of our potential competitors could have, substantial competitive advantages such as: - greater brand name recognition and longer operating histories;- larger sales and marketing budgets and resources;- greater and/or more diverse data sources and/or access to unique, proprietary data sources;- access to large-scale, proprietary or real-time datasets and artificial intelligence training data that may be difficult or costly for us to replicate;- broader distribution and established relationships with independent software vendors, partners and customers;- access to larger customer bases;- greater customer experience resources and support;- greater resources to make acquisitions;- lower labor and development costs;- larger and more mature intellectual property portfolios; and - substantially greater financial, technical and other resources. As a result, they may be able to adapt more quickly and effectively to new or changing opportunities, technologies, standards or customer requirements. In addition, some of our larger competitors have substantially broader offerings and can leverage their relationships based on other products or solutions or incorporate functionality into existing products or solutions to gain business in a manner that discourages customers from purchasing our solutions, including through selling at zero or negative margins, solution bundling or closed technology platforms. Large technology platforms may also bundle competing functionality with core products at little or no incremental cost to customers, making it more difficult for us to compete on price or value. Potential customers may also prefer to purchase from their existing suppliers rather than a new supplier regardless of solution performance or features. As a result, even if the features of our platform are superior, potential customers may not purchase our offerings. Larger competitors may have broader solution lines and market focus and will therefore not be as susceptible to downturns in a particular market. Our competitors may also seek to repurpose their existing offerings to provide software, services, programs and tools used by knowledge workers with subscription models or embed such functionality into broader platforms,reducing demand for standalone solutions. Further, some current and potential customers, particularly large organizations, have elected, and may in the future elect, to develop or acquire their own software, services, programs and tools used by knowledge workers that would reduce or eliminate the demand for our platform and solutions. Advances in artificial intelligence, low-code or no-code development tools may further lower barriers for customers to develop internal solutions. Conditions in our market could also change rapidly and significantly due to technological advancements, partnering by our competitors or continuing market consolidation, and it is uncertain how our market will evolve. Accelerated consolidation among technology companies, including through mergers, acquisitions or strategic alliances, may result in competitors with greater scale, broader offerings or increased pricing flexibility. New start-up companies that innovate and large competitors that are making significant investments in research and development may invent similar or superior solutions and technologies that compete with us. These competitive pressures in our market or our failure to compete effectively may result in price reductions, fewer customers, reduced revenue, gross profit and gross margins, increased net losses and loss of market share. Any failure to meet and address these factors could harm our business, financial condition, revenue, results of operations or cash flows.

The rapid development and deployment of artificial intelligence ("AI") technologies pose both opportunities and risks to internet search engines and products and services such as ours that rely on them. The pace of AI innovation has accelerated significantly, particularly with respect to generative AI, large language models and AI-powered assistants. Generative AI alternatives to search engines have the potential to disrupt traditional search engine models by changing the way information is accessed, organized, and presented to users. These changes may reduce the volume of traditional search queries, increase "zero-click" experiences, or shift user engagement away from third-party websites and tools. As these AI technologies evolve, they may alter user behavior, shift market dynamics, and reduce the relevance or effectiveness of conventional search engines. In particular, the widespread adoption of AI-powered alternatives to traditional search, such as chatbots, virtual assistants, or advanced AI-driven search engines, may undermine the market share and profitability of traditional internet search engines and in turn products and services that rely on them. Search engines may increasingly surface AI-generated summaries, answers or recommendations directly to users, reducing traffic to external websites and limiting the availability, visibility or granularity of underlying data. These AI tools may provide more personalized, conversational, or context-aware results, which could reduce users' reliance on conventional search engines or affect the accuracy, visibility, and ranking of search results. In addition, changes to search engine algorithms, data access policies, application programming interfaces (APIs), or licensing terms driven by AI initiatives may limit our ability to collect, analyze or provide certain data and insights. Such shifts in user behavior could have material negative effects on businesses whose products and services rely heavily on internet search engines for customer acquisition, advertising revenue, or visibility, including our ability to deliver accurate, timely and comprehensive insights to our customers. We cannot predict with certainty how the continued evolution of AI technologies will shape the future of internet search and its related ecosystems. Our ability to respond effectively may require significant investment in research and development, data acquisition, partnerships, or new technologies, including AI-enabled capabilities, with uncertain returns. As AI tools become increasingly sophisticated, our ability to adapt and maintain the effectiveness of our search-related offerings may be challenged. If we are unable to anticipate, respond to, or capitalize on these changes, or if AI-driven alternatives reduce demand for search-based intelligence solutions, this could lead to material adverse effects on our business operations, market position, and financial results.

To increase our revenue and achieve and maintain profitability, we must continue to attract new customers and maintain and grow the subscriptions of existing customers. Our go-to-market efforts are intended to identify and attract prospective customers and convert them into paying customers, including the conversion of paying customers of solutions on our basic plan to higher tier services. In addition, we seek to expand existing customer subscriptions by adding new customers or additional solutions or services, including through expanding the adoption of our platform into other departments within organizations. We do not know whether we will continue to achieve similar client acquisition and subscription growth rates in the future as we have in the past. Numerous factors may impede our ability to add new customers and grow existing customer subscriptions, including our failure to attract and effectively train new marketing, sales and account management personnel despite increasing our sales efforts, to retain and motivate our current marketing, sales and account management personnel, to develop or expand relationships with partners, to successfully deploy new features and capabilities of our solutions and services, to provide quality customer experience or to ensure the effectiveness of our go-to-market programs. In addition, increased scrutiny of software spend, vendor rationalization and consolidation initiatives, and "tool fatigue" within customer organizations may result in customers reducing the number of vendors they use, delaying purchasing decisions, or selecting broader platforms that bundle functionality we provide. Additionally, increasing our sales to large organizations (both existing and prospective users) requires increasingly sophisticated and costly sales and account management efforts targeted at senior management and other personnel. Periods of global macroeconomic uncertainty have caused, and may continue to cause, companies to reduce or delay budgets for acquiring new products and solutions like those that we sell, which has led, and may continue to lead, to longer or less predictable sales cycles.. If our efforts to sell to organizations are not successful or do not generate additional revenue, our business will suffer. Our success will depend to a substantial extent on the widespread adoption of our platform and solutions as an alternative to existing or newly emerging solutions. The adoption of software as a service, or SaaS, business software may be slower in industries with heightened data security interests or business practices requiring highly customizable application software. In addition, evolving customer expectations regarding artificial intelligence, automation and "agentic" or outcome-based solutions may reduce demand for, or change purchasing preferences away from, traditional seat-based or feature-based software offerings, and may require us to invest significantly to remain competitive. Furthermore, as our market matures, our solutions evolve, and competitors introduce lower cost or differentiated solutions that are perceived to compete with our platform and solutions, our ability to sell subscriptions for our solutions could be impaired. Similarly, our subscription sales could be adversely affected if organizations or users within these organizations perceive that features incorporated into competitive solutions reduce the need for our solutions or if they prefer to purchase other solutions that are bundled with solutions offered by other companies that operate in adjacent markets and compete with our solutions. Competitors may also leverage proprietary datasets, integrated ecosystems, or AI-enabled functionality to differentiate their offerings, reduce switching costs, or increase customer dependence on their platforms. As a result of these and other factors, we may be unable to attract new customers, which may have an adverse effect on our business, financial condition, revenue, results of operations or cash flows. In order for us to maintain or improve our results of operations, it is important that our customers renew or expand their subscriptions with us. We cannot accurately predict our renewals and dollar-based net retention rate given the diversity of our customer base, in terms of size, industry and geography. Our renewals and dollar-based net retention rate may decline or fluctuate as a result of a number of factors, many of which are outside our control, including the business strength or weakness of our customers, customer usage, including the ability of our customers to quickly integrate our products into their businesses and continually find new uses for our solutions within their businesses, customer satisfaction with our solutions and platform capabilities and customer support, the utility of our platform to cost-effectively integrate with third-party software products, our prices, the capabilities and prices of competing products, mergers and acquisitions affecting our customer base, consolidation of affiliates' multiple paid business accounts into a single paid business account or loss of business accounts in their entirety, the effects of global economic conditions, or reductions in our customers' spending on information technology, or IT, solutions or their spending levels generally, perceived security or data privacy risks from the use of our solutions or changes in regulatory regimes that effect our customers or our ability to sell our solutions. In addition, increased regulatory requirements and customer-imposed security, privacy, data localization or artificial intelligence governance requirements could increase procurement cycles, delay deployments, or limit the features or data we are able to offer, which could adversely affect customer acquisition, renewals, expansion and net retention. These factors may also be exacerbated if, consistent with our growth strategy, our customer base continues to grow to encompass larger enterprises, which may also require more sophisticated and costly sales efforts. If our customers do not purchase additional subscriptions and solutions from us or our customers fail to renew their subscriptions, our revenue may decline and our business, financial condition, revenue, results of operations or cash flows may be harmed. Our customers may or may not renew their subscriptions as a result of a number of factors, including their satisfaction or dissatisfaction with our solutions, decreases in the number of users at the organization, our pricing or pricing structure, the pricing or capabilities of the products and services offered by our competitors, the effects of economic conditions (including as a result of general economic downturns) or reductions in our paying customers' spending levels. In addition, our customers may renew for fewer subscriptions, renew for shorter contract lengths if they were previously on multi-year contracts, or switch to lower cost offerings of our solutions and services. Customers may also seek to renegotiate renewal terms, reduce usage, delay expansions, or adopt alternative commercial models (including consumption-based or outcome-based pricing), any of which could reduce our revenue and dollar-based net retention rate. It is difficult to predict attrition rates given our varied customer base of enterprise, mid-market and small business customers across many different industries and that are located worldwide. Our attrition rates may increase or fluctuate as a result of a number of factors, including customer dissatisfaction with our solutions, customers' spending levels, mix of customer base, decreases in the number of users at our customers, competition, pricing increases or changing or deteriorating general economic conditions. If customers do not renew their subscriptions or renew on less favorable terms or if we fail to add more customers, or if we fail to expand subscriptions of existing customers, our revenue may decline or grow less quickly than anticipated, which would harm our business, financial condition, revenue, results of operations or cash flows.

Our success and future growth depend largely upon the continued services of our executive officers as well as our other key employees in the areas of research and development and sales and marketing functions. From time to time, there may be changes in our executive management team or other key employees resulting from the hiring or departure of these personnel. In 2025, two of our executive officers departed. Our executive officers and other key employees are employed on an at-will basis, which means that these personnel could terminate their employment with us at any time. The loss of one or more of our executive officers, or the failure by our executive team to effectively work with our employees and lead our company, could harm our business. We also are dependent on the continued service of our existing software engineers because of the complexity of our solutions and platform capabilities. In addition, to execute our growth plan, we must attract and retain highly qualified personnel. Competition for these personnel is intense, especially data scientists and for engineers experienced in designing and developing SaaS applications and experienced sales professionals, and such competition often results in increasing wages, especially in Israel, where most of our research and development positions are located, and in the United States, where we have a significant presence. We also engage a team of developers in the Ukraine in order to benefit from the significant pool of talent that is more readily available in such market (see General Risk Factor titled "Catastrophic events may disrupt our business" for a further discussion of the impact of conflict in Ukraine on our business). Geopolitical instability, regulatory changes or labor market disruptions in regions where we operate or engage contractors could adversely affect our access to talent. If we are unable to attract such personnel in cities where we are located, we may need to hire in other locations which may add to the complexity and costs of our business operations. From time to time, we have experienced, and we expect to continue to experience, difficulty in hiring and retaining employees with appropriate qualifications. Many of the companies with which we compete for experienced personnel have greater resources than we have. If we hire employees from competitors or other companies, their former employers may attempt to assert that these employees or we have breached their legal obligations, resulting in a diversion of our time and resources. In addition, prospective and existing employees often consider the value of the equity awards they receive in connection with their employment. If the perceived value of our equity awards declines, experiences significant volatility, or increases such that prospective employees believe there is limited upside to the value of our equity awards, it may adversely affect our ability to recruit and retain key employees. If we fail to attract new personnel or fail to retain and motivate our current personnel, our business and future growth prospects would be harmed.

We rely on third-party data sources for traffic and engagement information related to the websites and apps for which we generate estimated insights and metrics, demographics about the audiences that use such platforms, and related information about digital trends. Our reliance on third-party data sources exposes us to risks outside of our direct control, including changes in business practices, data policies, or strategic priorities of those suppliers. We continuously look to seek out and enter into relationships with new suppliers for data in order to enrich our data sources, and the availability and quality of this data is important to the continued functioning and development of our solutions and the fulfillment of our obligations to customers. Failure to find and enter into agreements with new partners, and/or to maintain current relationships with existing partners, could result in inadequate data for our ongoing and future solution requirements. Some data sources may be difficult, costly or time-consuming to replace, particularly where suppliers control unique, proprietary or large-scale datasets. Our data suppliers may increase restrictions on our use of such data, fail to adhere to our quality control, privacy or security standards, or otherwise satisfactorily perform services, increase the price they charge us for the data or refuse to license the data to us. Suppliers may also modify their data collection practices, licensing models or contractual terms in response to regulatory developments, artificial intelligence initiatives, competitive considerations or their own commercial interests. Additional restrictions on third-party data could limit our ability to include that data in certain solutions, which could lead to decreased commercial opportunities for certain solutions as well as loss of customers, obligations to provide refunds, or liability to our customers. To comply with any additional restrictions, we may be required to implement certain additional technological and manual controls that could put pressure on our cost structure and could affect our pricing. Increased compliance, monitoring or auditing requirements imposed by data suppliers or regulators could further increase our costs and operational complexity. Since we rely on third-party data sources, notwithstanding our best efforts, we may receive third-party data that is inaccurate, defective, or delayed, or which does not meet our compliance standards or the requirements of applicable data privacy laws and regulations. If third-party information is not available to us on commercially reasonable terms, or is found to be inaccurate or otherwise unsuitable for our needs, it could lead to costly and time-consuming contractual disputes or harm our solutions, our reputation and our business and financial performance. Any sustained disruption, degradation or loss of access to critical third-party data sources could materially and adversely affect the quality of our insights and our competitive position.