Similarweb (SMWB) Risk Factors

Our business increasingly relies on artificial intelligence, machine learning and automated decision making. The regulatory framework for this technology is rapidly evolving, and we may not always be able to anticipate how to respond to these laws or regulations. Many federal, state and foreign government bodies and agencies have introduced or are currently considering additional laws and regulations governing the use of such technologies. There is also an increase in litigation in a number of jurisdictions, including the United States, relating to the development, security and use of artificial intelligence. In October 2023, President Biden issued the Executive Order on Safe, Secure and Trustworthy Artificial Intelligence ("The Order") with the goal of promoting the "safe, secure, and trustworthy development and use of artificial intelligence in the United States." The Order has established certain new standards for the training, testing and cybersecurity of sophisticated artificial intelligence models, and the Order has also instructed other federal agencies to promulgate additional regulations within certain timeframes from the date of the Order. Federal artificial intelligence legislation has also been introduced in the U.S. Senate. Such additional regulations may impact our ability to develop, use and commercialize artificial intelligence and machine learning technologies in the future. Additionally, in December 2023, new laws regulating artificial intelligence have been enacted in China, and the European Parliament and Council reached a political agreement on the European Union's Artificial Intelligence Act (the "EU AI Act"), which seeks to create a comprehensive legal framework for the regulation of artificial intelligence systems across the EU. The final text of the EU AI Act is expected to be published in early 2024 with the majority of obligations expected to take effect by 2026 , including requirements around transparency, conformity assessments and monitoring, risk assessments, human oversight, security, accuracy, general purpose artificial intelligence and foundation models, and fines for breach of up to 7% of worldwide annual turnover. Once fully applicable, the EU AI Act will have a material impact on the way artificial intelligence is regulated in the EU, including requirements around transparency, conformity assessments and monitoring, risk assessments, human oversight, security, accuracy, general purpose artificial intelligence and foundation models, and fines for breach of up to 7% of worldwide annual turnover. In 2022 and 2023, China implemented a number of regulations to govern generative artificial intelligence, algorithmic recommendation and deep synthesis technologies, namely the Interim Provisions on Management of Generative Artificial Intelligence Services, Administrative Provisions on Algorithm Recommendation for Internet Information Services and Provisions on Management of Deep Synthesis in Internet Information Service, respectively. Such regulations impose strict obligations on service providers, among other entities, with respect to their provision and use of generative artificial intelligence, algorithmic recommendation and deep synthesis technologies. For example, service providers must file the algorithms used and complete a security assessment with the local CAC before the provision of the service. The regulatory framework in China is expected to have a material impact on the way artificial intelligence is regulated in China, and together with developing guidance and/or decisions in this area, may affect our use of artificial intelligence and our ability to provide and to improve our services, require additional compliance measures and changes to our operations and processes, result in increased compliance costs and potential increases in civil claims against us, and could adversely affect our business, operations and financial condition. It is possible that the EU AI Act and the US artificial intelligence framework, along with the adoption of new laws and regulations in other jurisdictions, or the interpretation of existing laws and regulations, may affect the operation of our eCommerce risk intelligence platform and the way in which we use artificial intelligence and machine learning technology, including with respect to how we train our models, unintentional bias and discrimination. Failure to comply with such laws or regulations could subject us to legal or regulatory liability. Further, the cost to comply with such laws or regulations could be significant and would increase our operating expenses, which could adversely affect our business, financial condition and results of operations.

We would be classified as a passive foreign investment company, or PFIC, for any taxable year if, after the application of certain look-through rules, either: (i) 75% or more of our gross income for such year is "passive income" (as defined in the relevant provisions of the Internal Revenue Code of 1986, as amended), or (ii) 50% or more of the value of our assets (generally determined on the basis of a quarterly average) during such year is attributable to assets that produce or are held for the production of passive income. Based on the estimated composition of our income, assets and operations, we do not believe that we were classified as a PFIC for U.S. federal income tax purposes for the taxable year ended December 31, 2023. The determination of whether we are classified as a PFIC is a factual determination that must be made annually after the close of each taxable year. Moreover, this determination will depend on, among other things, the composition of our income and assets, as well as the value of our assets (which for purposes of the PFIC determination may fluctuate with our market capitalization). The United States Internal Revenue Service, or IRS, or a court may disagree with our expectations. Therefore, there can be no assurance that we were not a PFIC for our 2023 taxable year or will not be classified as a PFIC in the current taxable year or in the future. Certain adverse U.S. federal income tax consequences could apply to a U.S. Holder (as defined in "Material income tax considerations-Material U.S. federal income tax considerations for U.S. holders") if we are treated as a PFIC for any taxable year during which such U.S. Holder (defined below) holds our ordinary shares, including (1) the treatment of all or a portion of any gain on disposition of our ordinary shares as ordinary income, (2) the application of an interest charge with respect to such gain and certain dividends and (3) compliance with certain reporting requirements.

Our ability to operate our business and provide our services relies heavily on the collection and use of information. In recent years, there has been an increase in attention to and regulation of data protection and data privacy across the globe. We are subject to a variety of laws, directives and regulations relating to the collection, use, retention, security, disclosure, transfer and other processing of personal data, such as the European Union's General Data Protection Regulation, or GDPR, the EU e-Privacy Directive, and new state privacy laws such as the California Privacy Rights Act, or CPRA, California Consumer Privacy Act, or CCPA, the Virginia Consumer Data Protection Act, or VCDPA, and the Colorado Privacy Act, or CPA, the latter of which are expected to take effect in 2023. Other data privacy or data protection laws or regulations are under consideration in other jurisdictions, including in Israel, where we are incorporated. Laws such as these give rise to an increasingly complex set of compliance obligations on us. These laws impose restrictions on our ability to gather data we require in order to provide our products to our customers. These laws set out extensive compliance requirements, including providing detailed disclosures about how personal data is collected and processed; demonstrating that an appropriate legal basis is in place or otherwise exists to justify data processing activities; granting new rights for data subjects in regard to their personal data (including rights to consent, limit or opt-out of certain processing of personal data, the right to access, correct or delete personal data, and the right to data portability); notifying affected individuals, data protection regulators or supervisory authorities of data incidents or security breaches; defining requirements in connection with deidentified, aggregated or pseudonymized (i.e., key-coded) data; imposing limitations on retention, use and sale or sharing of personal data; restricting the collection of data via cookies or other online tracking tools; maintaining a record of data processing and/or conducting data risk assessments; and complying with various privacy principles and the obligation to demonstrate compliance through written policies, procedures, trainings and audits. Concern regarding our use of the personal data we collect could keep prospective customers from subscribing to our services or could limit our ability to maintain and grow our contributory network. Industry-wide incidents or incidents with respect to our practices, including misappropriation of third-party information, security breaches, or changes in industry standards, regulations, or laws, together with more active regulatory enforcement from privacy authorities could deter people from using the B2C products that we rely upon to grow and maintain our contributory network, or from using the internet, our solutions and/or our B2C products, which could harm our business. In addition, the processes we use to deidentify, aggregate or pseudonymize data or to clean data such as by identifying and removing potentially personal data from URLs may prove to be insufficient under applicable data protection laws. We also receive data from third-party sources (e.g., other data providers). We must rely on our data providers to ensure that personal data was collected and is being shared with us for our use in compliance with all applicable data privacy laws and contractual obligations and with appropriate notices and consents in place. Furthermore, we use third-party service providers some of which process personal data on our behalf. We maintain policies concerning the collection, processing, use and retention of information, including personal data and, where appropriate, we publicly post documentation regarding our practices concerning the collection, processing, use and disclosure of personal data. Although we endeavor to comply with our policies, we may at times fail to do so or be subject to a claim alleging our failure to do so. Any such non-compliance can subject us to potential governmental action, class action lawsuits, private rights of action or third-party claims. Given the nature of our business and the fact that we do not always have a direct relationship with the relevant data subject, it can be difficult for us to ensure that individuals are aware of such policies or our processing of the personal data at the point of data collection. As such, we may be subject to complaints from individuals, third-parties or regulators for failing to meet the necessary transparency obligations under applicable data privacy laws. The publication of our privacy policy and other documentation that provide information about our privacy and security practices can subject us to potential state and federal action in the United States and elsewhere if they are found to be deceptive, unfair, or a misrepresentation of our actual practices. Any failure by us, our suppliers or other parties with whom we do business to comply with this documentation or with federal, state, or local laws in the United States or international regulations, could result in proceedings against us by governmental entities or others. In many jurisdictions, enforcement actions and consequences for noncompliance are rising. In the United States, these include enforcement actions in response to rules and regulations promulgated under the authority of federal agencies and state attorneys general and legislatures and consumer protection agencies. In addition, privacy advocates and industry groups have regularly proposed, and may propose in the future, self-regulatory standards with which we must legally comply or that contractually apply to us. If we fail to follow these standards even if no user information is compromised, we may incur significant fines, adverse publicity, or experience a significant increase in costs. Certain of our activities could be found by a government or regulatory authority to be noncompliant or become noncompliant in the future with one or more data protection or data privacy laws, even if we have implemented and maintained a strategy that we believe to be compliant. For example, we process some personal data collected in the EU pursuant to the legitimate interest provision under the GDPR. However, regulators may disagree with our application of this basis for data collection and processing and find that our data collection and processing has violated the GDPR or find that we have not sufficiently justified use of the provision. Certain data privacy laws impose sanctions for violations. For example, GDPR imposes a reprimand, a temporary or definitive ban on processing and/or a fine of up to €20 million or 4% of the business's total annual worldwide turnover. Furthermore, new interpretations of existing data protection laws or regulations could be inconsistent with our interpretations, increase our compliance burden, make it more difficult to comply and/or increase our risk of regulatory investigations and fines. For example, we are subject to complex and evolving regulatory requirements regarding the collection, sharing and use of personal data, including recently enacted and upcoming state laws such as the CCPA, the CPRA, VCDPA, and CPA and pending bills that may pass in other jurisdictions, related to collection and selling of personal data. We may also be subject to laws and regulations, including the Directive on Privacy and Electronic Communications (in the EU), or the Telephone Consumer Protection Act (in the US), applying to the processing of personal data in the context of marketing, advertising, and other communications with individuals. Complying with applicable data protection laws may cause us to incur substantial operational costs or require us to change our business practices. Despite our efforts to bring practices into compliance with these laws, we may not be successful in our efforts to achieve compliance either due to internal or external factors such as resource allocation limitations or a lack of vendor cooperation. Non-compliance could result in proceedings against us by governmental entities, users, data subjects or others. We may also experience difficulty retaining or obtaining new European or multi-national users due to the legal requirements, compliance cost, potential risk exposure, and uncertainty for these entities, and we may experience significantly increased liability with respect to these users pursuant to the terms set forth in our engagements with them. Additionally, many U.S. state legislatures have adopted legislation that regulates how businesses operate online, including measures relating to privacy, data security, data breaches, and data brokers. Laws in all 50 states require businesses to provide notice to users whose personally identifiable information has been disclosed as a result of a data breach. The laws are not consistent, and compliance in the event of a widespread data breach is costly. Penalties for the failure to adequately protect personal information, notify as required or provide timely notice vary by jurisdiction. In the U.S., most state data breach notification laws consider violations to be unfair or deceptive trade practices and give the applicable state attorney general authority to levy fines or bring enforcement actions. States are also constantly amending existing laws, requiring attention to frequently changing regulatory requirements. Furthermore, additional states have passed or introduced pending legislation, which marks the beginning of a trend toward more stringent United States privacy legislation, which could increase our potential liability and adversely affect our business. Because the interpretation and application of privacy and data protection laws along with contractually imposed industry standards are uncertain, it is possible that these laws may be interpreted and applied in a manner that is inconsistent with our existing data processing practices or the features of our solutions and platform capabilities. If so, in addition to the possibility of fines, lawsuits, regulatory investigations, imprisonment of company officials and public censure, other claims and penalties, and significant costs for remediation and damage to our reputation, we could be required to fundamentally change our business activities and practices or modify our solutions and platform capabilities, any of which could have an adverse effect on our business. Any inability to adequately address privacy and security concerns, even if unfounded, or comply with applicable privacy and data security laws, regulations, and policies, could result in additional cost and liability to us, damage our reputation, inhibit sales and adversely affect our business. Furthermore, the costs of compliance with, and other requirements imposed by, the laws, regulations, and policies that are applicable to the businesses of our users may limit the use and adoption of, and reduce the overall demand for, our solutions. Privacy and data security concerns, whether valid or not valid, may inhibit market adoption of our solutions, particularly in certain industries and foreign countries. If we are not able to adjust to changing laws, regulations, and standards related to the internet, our business may be harmed. Future legal requirements could reduce demand for our services, require us to take on more onerous obligations in our contracts, restrict our ability to store, transfer and process personal and other data or, in some cases, impact our ability to offer our services in certain locations, to deploy our solutions, to reach current and prospective customers, or to derive insights from data globally. Recent legal developments in Europe have created complexity and uncertainty regarding transfers of personal data from the European Economic Area ("EEA") to the United States. Most recently, on July 16, 2020, in a case known as Schrems II, the Court of Justice of the European Union ("CJEU") invalidated the EU-US Privacy Shield Framework under which personal data could be transferred from the EEA to U.S. entities who had self-certified under the Privacy Shield scheme. While the CJEU upheld the adequacy of the standard contractual clauses (a standard form of contract approved by the European Commission as an adequate personal data transfer mechanism, and potential alternative to the Privacy Shield), it made clear that reliance on them alone may not necessarily be sufficient in all circumstances. Use of the standard contractual clauses must now be assessed on a case-by-case basis taking into account the legal regime applicable in the destination country, in particular applicable surveillance laws and rights of individuals and additional measures and/or contractual provisions may need to be put in place, however, the nature of these additional measures is currently uncertain. There are few viable alternatives to the standard contractual clauses, and the law in this area remains dynamic. These recent developments require us to review and amend the legal mechanisms by which we make and/or receive personal data transfers from EEA and UK to the United States and other countries outside Europe. As supervisory authorities issue further guidance on personal data export mechanisms, including supplementary measures for standard contractual clauses to remain a valid data transfer mechanism, and/or start taking enforcement action, we could suffer additional costs, complaints and/or regulatory investigations or fines, and/or if we are otherwise unable to transfer personal data between and among countries and regions in which we operate, it could affect the manner in which we provide our solutions, the geographical location or segregation of our relevant systems and operations, may reduce demand for our solutions from companies subject to European data protection laws and could adversely affect our financial results. Compliance with any of the foregoing laws and regulations (including as subsequently interpreted) can be costly and can delay or impede the development of new products or services. We may incur substantial fines if we violate any laws or regulations relating to the collection or use of personal data. Such penalties may be in addition to any civil litigation claims by users and data subjects. Our actual or alleged failure to comply with applicable privacy or data security laws, regulations, and policies, or to protect personal data, could result in legal actions by private actors, enforcement actions by governmental entities and significant penalties against us, which could result in negative publicity or costs, subject us to claims or other remedies, and have a material adverse effect on our business, financial condition, and results of operations.

Our ability to increase our customer base and achieve broader market acceptance of our solutions and platform capabilities will depend to a significant extent on our ability to expand our sales and marketing organizations. We plan to continue expanding our direct sales force, both in existing geographies in which we operate and new international markets. We also plan to dedicate significant resources to our sales and marketing programs and to training our sales force. All of these efforts will require us to invest significant financial and other resources, including in channels in which we have limited or no experience to date. Our business and results of operations will be harmed if our sales and marketing efforts do not generate significant increases in revenue or increases in revenue that are smaller than anticipated. We may not achieve anticipated revenue growth from expanding our sales force if we are unable to hire, develop, integrate and retain talented and effective sales personnel, if our new and existing sales personnel, on the whole, are unable to achieve desired productivity levels in a reasonable period of time, or if our sales and marketing programs are not effective. We believe that there is significant competition for sales personnel with the skills and technical knowledge that we require. Our ability to achieve revenue growth will depend, in large part, on our success in recruiting, training and retaining sufficient numbers of sales personnel to support our growth.

Our agreements with our platform customers and other third parties may include indemnification or other provisions under which we agree to indemnify or otherwise be liable to them for losses suffered or incurred as a result of claims of intellectual property infringement, damages caused by us to property or persons, or other liabilities relating to or arising from our platform, solutions or other acts or omissions. For some of our larger customers, we sometimes negotiate additional indemnification for breaches of our obligations, representations or warranties in the subscription agreement, gross negligence or willful misconduct, breaches of confidentiality, losses related to security incidents, breach of the data processing addendum or violations of applicable law. The term of these contractual provisions often survives termination or expiration of the applicable agreement. Large indemnity payments or damage claims from contractual breach could harm our business, financial condition, revenue, results of operations or cash flows. From time to time, third parties may assert intellectual property infringement claims against our platform customers. These claims may require us to initiate or defend protracted and costly litigation on behalf of our customers, regardless of the merits of these claims. If any of these claims succeed, we may be forced to pay damages on behalf of our customers or may be required to obtain costly licenses from third parties for the platform or solutions they use or modify our platform or solutions to be non-infringing or resolve a claim of infringement. If we cannot obtain all necessary licenses on commercially reasonable terms or make such modifications to avoid a claim, our customers may be forced to stop using our platform or solutions. Further, our customers may require us to indemnify or otherwise be liable to them for breach of confidentiality or failure to implement adequate security measures with respect to their data stored, transmitted or processed by our employees, platform or solutions. Although we normally contractually limit our liability with respect to such obligations, we may still incur substantial liability related to them. Any dispute with a customer with respect to such obligations could have adverse effects on our relationship with that customer and other current and prospective customers, reduce demand for our platform or solutions and harm our revenue, business and operating results.

We use software licensed to us by third-party authors under "open source" licenses in connection with the development or deployment of our proprietary platform and solutions and expect to continue to use open source software in the future. Some open source licenses contain express requirements, which may be triggered under certain circumstances, that licensees make available source code for modifications or derivative works created, or prohibit such modifications or derivative works from being licensed for a fee. Although we monitor our use of open source software to avoid subjecting our platform to such requirements, there are uncertainties regarding the proper interpretation of and compliance with open source licenses, and there is a risk that such licenses could be construed in a manner that imposes unanticipated conditions or restrictions on our ability to use such open source software, and consequently to develop, provide or distribute our proprietary platform and solutions. We may from time to time face claims from third parties claiming ownership of, or seeking to enforce the terms of, an open source license, including by demanding release of source code for the open source software, derivative works or our proprietary source code that was developed using or that is distributed with such open source software. These claims could also result in litigation and could require us to make our proprietary software source code freely available, require us to devote additional research and development resources to re-engineer our platform, seek costly licenses from third parties or otherwise incur additional costs and expenses, any of which could result in reputational harm and would have a negative effect on our business and operating results. In addition, if the license terms for the open source software we utilize change, we may be forced to reengineer our platform or incur additional costs to comply with the changed license terms or to replace the affected open source software. Further, use of certain open source software can lead to greater risks than use of third-party commercial software, as open source licensors generally do not provide support, warranties or controls on the origin or quality of the software or indemnification for third-party infringement claims. To the extent that our platform depends upon the successful operation of open source software, any undetected errors or defects in open source software that we use could prevent the deployment or impair the functionality of our systems and injure our reputation. In addition, the public availability of such software may make it easier for others to compromise our platform. Additionally, although use of open source software has historically been free, recently several open source providers have begun to charge license fees for use of their software. If our current open source providers were to begin to charge for these licenses or increase their license fees significantly, this would increase our research and development costs and have a negative impact on our results of operations and financial condition. Any of these risks could be difficult to eliminate or manage and, if not addressed, could have an adverse effect on our business and operating results.

Many of our existing competitors have, and some of our potential competitors could have, substantial competitive advantages such as: - greater brand name recognition and longer operating histories;- larger sales and marketing budgets and resources;- greater and/or more diverse data sources and/or access to unique, proprietary data sources;- broader distribution and established relationships with independent software vendors, partners and customers;- access to larger customer bases;- greater customer experience resources and support;- greater resources to make acquisitions;- lower labor and development costs;- larger and more mature intellectual property portfolios; and - substantially greater financial, technical and other resources. As a result, they may be able to adapt more quickly and effectively to new or changing opportunities, technologies, standards or customer requirements. In addition, some of our larger competitors have substantially broader offerings and can leverage their relationships based on other products or solutions or incorporate functionality into existing products or solutions to gain business in a manner that discourages customers from purchasing our solutions, including through selling at zero or negative margins, solution bundling or closed technology platforms. Potential customers may also prefer to purchase from their existing suppliers rather than a new supplier regardless of solution performance or features. As a result, even if the features of our platform are superior, potential customers may not purchase our offerings. Larger competitors may have broader solution lines and market focus and will therefore not be as susceptible to downturns in a particular market. Our competitors may also seek to repurpose their existing offerings to provide software, services, programs and tools used by knowledge workers with subscription models. Further, some current and potential customers, particularly large organizations, have elected, and may in the future elect, to develop or acquire their own software, services, programs and tools used by knowledge workers that would reduce or eliminate the demand for our platform and solutions. Conditions in our market could also change rapidly and significantly due to technological advancements, partnering by our competitors or continuing market consolidation, and it is uncertain how our market will evolve. New start-up companies that innovate and large competitors that are making significant investments in research and development may invent similar or superior solutions and technologies that compete with us. These competitive pressures in our market or our failure to compete effectively may result in price reductions, fewer customers, reduced revenue, gross profit and gross margins, increased net losses and loss of market share. Any failure to meet and address these factors could harm our business, financial condition, revenue, results of operations or cash flows.

As discussed above, we are a foreign private issuer, and therefore, we are not required to comply with all of the periodic disclosure and current reporting requirements of the Exchange Act. The determination of foreign private issuer status is made annually on the last business day of an issuer's most recently completed second fiscal quarter, and, accordingly, the next determination will be made with respect to us on June 30, 2024. In the future, we would lose our foreign private issuer status if (1) more than 50% of our outstanding voting securities are owned by U.S. residents and (2) a majority of our directors or executive officers are U.S. citizens or residents, or we fail to meet additional requirements necessary to avoid loss of foreign private issuer status. If we lose our foreign private issuer status, we will be required to file with the SEC periodic reports and registration statements on U.S. domestic issuer forms, which are more detailed and extensive than the forms available to a foreign private issuer. We will also have to mandatorily comply with U.S. federal proxy requirements, and our officers, directors and principal shareholders will become subject to the short-swing profit disclosure and recovery provisions of Section 16 of the Exchange Act. In addition, we will lose our ability to rely upon exemptions from certain corporate governance requirements under the listing rules of the NYSE. As a U.S. listed public company that is not a foreign private issuer, we will incur significant additional legal, accounting and other expenses that we will not incur as a foreign private issuer.

We compete in a market marked by rapidly changing technologies and an evolving competitive landscape. In order for us to successfully compete and grow, we must attract, recruit, retain and develop personnel with requisite qualifications to provide expertise across the entire spectrum of our intellectual capital and business needs. Our principal research and development as well as significant elements of our sales and marketing and general and administrative activities are conducted at our headquarters in Israel, and we face significant competition for suitably skilled employees in Israel. The high-tech industry in Israel has experienced significant levels of employee attrition and currently faces a shortage of skilled human capital, including engineering, research and development and sales and customer support personnel. Many of the companies with which we compete for qualified personnel have greater resources than we do, and we may not succeed in recruiting additional experienced or professional personnel, retaining personnel or effectively replacing current personnel who may depart with qualified or effective successors. In addition, as a result of the intense competition for qualified human resources, the Israeli high-tech market has also experienced and may continue to experience significant wage inflation. Accordingly, our efforts to attract, retain and develop personnel may also result in significant additional expenses, which could adversely affect our profitability. Furthermore, in making employment decisions, particularly in the high-technology industry, job candidates often consider the value of the equity they are to receive in connection with their employment. Employees may be more likely to leave us if the shares they own or the shares underlying their equity incentive awards have significantly appreciated or significantly decreased in value. Many of our employees may receive significant proceeds from sales of our equity in the public markets, which may reduce their motivation to continue to work for us and could heighten the risk of employee attrition. Conversely, if the value of our ordinary shares depreciates in value then this too could heighten the risk of employee attrition. While we utilize non-competition agreements with our employees as a means of improving our employee retention, those agreements may not be effective towards that goal. These agreements prohibit our employees, if they cease working for us, from competing directly with us or working for our competitors for a limited period. We may be unable to enforce these agreements under Israeli law and in other jurisdictions in which we operate, and it may be difficult for us to restrict our competitors from benefiting from the expertise our former employees developed while working for us. In light of the foregoing, there can be no assurance that qualified employees will remain in our employ or that we will be able to attract and retain qualified personnel in the future. Failure to retain or attract qualified personnel could have a material adverse effect on our business, financial condition and results of operations.

We outsource all of the infrastructure relating to our cloud solution to third-party hosting services, specifically to Amazon Web Services, or AWS, which is our sole provider of these services and hosts our platform, manage data, mobile application, and many of the internal tools we use to operate our business. We have a commitment with AWS through May 31, 2026 and our agreement with AWS is not terminable for convenience by either party. Our platform, mobile application and internal tools use computing, storage capabilities, bandwidth and other services provided by AWS. We rely solely upon AWS to ensure the uninterrupted operation of our cloud-based infrastructure, and therefore any significant disruption of, limitation of our access to, or other interference with our use of AWS would negatively impact our operations and could seriously harm our business. In addition, any transition of the cloud services currently provided by AWS to another cloud services provider would require significant time and expense and could disrupt or degrade delivery of our platform. Our business relies on the availability of our platform for our customers, and we may lose customers if they are not able to access our platform or encounter difficulties in doing so. The level of service provided by AWS could affect the availability or speed of our platform, which may also impact the usage of, and our customers' satisfaction with, our platform and could seriously harm our business and reputation. If AWS increases pricing terms, terminates or seeks to terminate our contractual relationship, establishes more favorable relationships with our competitors, changes or interprets its terms of service or policies in a manner that is unfavorable with respect to us or fails to agree to renew our contract or enter into a new contract on terms that are acceptable to us, our business, financial condition, revenue, results of operations or cash flows may be harmed. Any limitation on the capacity of AWS could impede our ability to onboard new customers or expand the usage of our existing customers, which could adversely affect our business, financial condition, revenue, results of operations or cash flows. In addition, any incident affecting AWS's infrastructure that may be caused by cyber-attacks, natural disasters, fire, flood, severe storm, earthquake, power loss, telecommunications failures, terrorist or other attacks, regional epidemics or global pandemics such as COVID-19 and other similar events beyond our control could negatively affect our cloud-based solutions. The cloud services we receive from AWS include design features and elements designed to prevent or minimize service disruption, including a disaster recovery service and the use of two distinct server farms in separate U.S.-based locations for hosting our platform and services, either one of which is capable of supporting our platform and services without material interruption even in the event of a failure at the other, corresponding server farm. Nevertheless, a prolonged service disruption affecting our cloud-based solution could negatively impact our ability to serve our customers and could damage our reputation with current and potential customers, expose us to liability, cause us to lose customers or otherwise harm our business. We may also incur significant costs for using alternative equipment or taking other actions in preparation for, or in reaction to, events that damage the third-party hosting services we use. In addition, we rely on hardware and infrastructure purchased or leased from third parties and software licensed from third parties to operate critical business functions. Our business would be disrupted if any of this third-party hardware, software and infrastructure becomes unavailable on commercially reasonable terms, or at all. Furthermore, delays or complications with respect to the transition of critical business functions from one third-party product to another, or any errors or defects in third-party hardware, software or infrastructure could result in errors in our solutions or a failure of our platform, which could harm our business and results of operations. In the event that our service agreements with our third-party hosting services or providers are terminated, or there is a lapse of service, delay in service, elimination of services or features that we utilize, interruption of internet service provider connectivity or damage to such facilities, we could experience interruptions in access to our platform as well as significant delays and additional expense in arranging or creating new facilities and services and/or re-architecting our cloud solution for deployment on a different cloud infrastructure service provider, which could adversely affect our business, financial condition, revenue, results of operations or cash flows.