Yext (YEXT) Risk Factors

We are vulnerable to computer viruses, break-ins, phishing attacks, ransomware, supply chain attacks, attempts to overload our servers with denial-of-service or other attacks and similar disruptions from unauthorized use of our computer systems. Any such attack, or any security incident from any other source affecting us or our service providers, including, for example, through employee error or misconduct or additional vulnerabilities introduced by remote work arrangements, third-party integrations or other sources, could lead to interruptions, delays, website or application shutdowns, loss of data or unauthorized access to, or use or acquisition of, personal information, confidential information or other data that we or our service providers process or maintain. If we experience compromises to our security that result in performance or availability problems, the complete shutdown of our platform or the actual or perceived loss of, or unauthorized access to, unavailability of, or unauthorized use, disclosure, destruction, or other unauthorized processing of, personal information or other types of confidential information, our customers or application providers may assert claims against us for credits, refunds or other damages, and may lose trust and confidence in our platform. Additionally, security breaches and incidents or other unauthorized access to, unavailability of, or unauthorized use, disclosure, destruction, acquisition, or other processing of, personal information or other types of confidential information that we or our service providers maintain, or the perception that any of these have occurred, could result in claims against us for identity theft or other similar fraud claims, breach of contract or indemnity, governmental enforcement actions, litigation, fines and penalties or adverse publicity, or other claims and litigation, and could cause our customers and partners to lose trust in us, any of which could have an adverse effect on our business, reputation, operating results and financial condition. Our existing insurance coverage may not continue to be available on acceptable terms or may not be available in sufficient amounts to cover one or more large claims related to a security breach. An insurer may also deny coverage as to a future claim. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies could have a material adverse effect on our business. We could also be required to incur significant costs for remediation or expend significant capital and other resources to address a security breach. The techniques used to obtain unauthorized access, disable or degrade service or sabotage systems change frequently, often are not recognized until launched against a target and may originate from less regulated countries, we may be unable to proactively address these techniques or to implement adequate preventative measures. In addition, customers' and application providers' accounts and listing pages hosted on our platform could be accessed by unauthorized persons for the purpose of placing illegal, abusive or otherwise unauthorized content on their respective websites and applications. If an unauthorized person obtained access to a customer's account or our platform, such person could update the customer's business information with abusive content or create and disseminate false responses to reviews. This type of unauthorized activity could negatively affect our ability to attract new customers and application providers, deter current customers and application providers from using our platform, subject us to third-party lawsuits, regulatory fines, indemnification requests or additional liability under customer contracts, or other action or liability, any of which could materially harm our business, operating results and financial condition.

The market for our platform is competitive, rapidly evolving and fragmented, and is subject to changing technology and shifting customer needs. Many companies develop and market products and services that compete to varying extents with ours, and we expect competition in our market to intensify. As we develop our platform, we will introduce products and features that compete in new markets and as a result we will face new competitors. For example, in October 2019 we launched our search product, and as a result we face competition from established companies in enterprise search. We believe that our ability to compete depends upon many factors both within and beyond our control, including product capabilities, such as speed, scale, and relevance, with which to power search experiences; ease of deployment and ease of use; adoption of our products by many types of users such as developers, IT professionals, and organizational leaders; and low total cost of ownership. Our competitors in enterprise search may have greater experience in these areas as well as greater name recognition, more established relationships with current and potential customers and larger customer bases. As a result, potential customers may be unwilling to use or switch to our product. We also face many other competitors with a variety of product offerings. These companies have developed, or are developing, products that currently, or in the future are likely to, compete with some or all of ours. A number of potential new competitors, such as application providers, that enter our markets through acquisitions or otherwise, may decide to create or acquire products that compete with our platform or we may develop products that compete with their existing platforms. Moreover, industry consolidation may increase competition. Some of these current and potential competitors may have longer operating histories, greater name recognition, more established relationships with current and potential customers, larger customer bases or significantly greater financial, technical, marketing and other resources than we do. As a result, our competitors may be able to respond more quickly and effectively than we can to new or changing opportunities, technologies, standards or customer requirements. We could lose customers if our competitors introduce new competitive products, add new features to existing competitive products, acquire competitive products, reduce prices, form strategic alliances with other companies or are acquired by third parties with greater available resources. If our competitors' products, services or technologies become more accepted than our features, if they are successful in bringing their products or services to market earlier than we bring our features to market, or if their products or services are more technologically capable than our features, then our revenue growth could be adversely affected. Certain of our existing and new competitors have or may develop technologies and services that compete with specific products or features in our platform seeking to be best-in-class. To the extent our customers or potential customers choose to work with several of these vendors rather than implement our platform, our revenue growth could be adversely affected. In addition, some of our competitors offer their products and services at a lower price. If we are unable to achieve our target pricing levels, our margins and operating results could be negatively affected.

We believe that continuing to develop and maintain awareness of our brand is critical to achieving widespread acceptance of our platform and is an important element in attracting and retaining customers. Efforts to build our brand may involve significant expense and may not generate customer awareness or increase revenue at all, or in an amount sufficient to offset expenses we incur in building our brand. In addition, we sell our features to companies in a number of industries, including healthcare, hospitality, food services, retail and financial services. If we are not successful in building our brand, we may become identified with a single industry, which could make it more difficult for us to penetrate other industries. Promotion and enhancement of our brand will depend largely on our success in being able to provide high quality, reliable and cost-effective features. We may also, from time to time, adopt different strategies on how to position and/or market our platform and its features. If customers do not perceive our platform as meeting their needs, or if we fail to market our platform effectively, we will likely be unsuccessful in creating the brand awareness that is critical for broad customer adoption of our platform.

From time to time, we are and may be involved in disputes or regulatory inquiries that arise in the ordinary course of business, such as claims brought by our customers in connection with commercial disputes or employment claims made by our current or former employees. We expect that the number and significance of potential disputes may increase as our business expands and our company grows larger. While our agreements with customers limit our liability for damages arising from our platform, we cannot assure you that these contractual provisions will protect us from liability for damages in the event we are sued or a dispute arises. Although we carry general liability insurance coverage, our insurance may not cover all potential claims to which we are exposed or may not be adequate to indemnify us for all liability that may be imposed. Any claims against us, whether meritorious or not, could be time-consuming, result in costly litigation or dispute resolution, require significant amounts of management time, and result in the diversion of significant operational resources. Because litigation is inherently unpredictable, we cannot assure you that the results of any of these actions will not have a material adverse effect on our business, operating results or financial condition.

We receive, store and process various types of data, including personal data, from and about customers, including third-party reseller customers, partners, end users of our services, and in limited cases, end consumers, as well as data from and about our personnel and service providers. In connection with future feature offerings, we may receive, store and process additional types of data, including personal data. Our processing of data is subject to a variety of laws and regulations, including regulation by various government agencies, such as the U.S. Federal Trade Commission, or FTC, and various state, local and foreign agencies. Our data processing is also subject to contractual obligations and industry standards. The U.S. federal and various state governments have adopted requirements related to the collection, distribution, use, storage, and security of personal data, including unique online identifiers. For example, the California Consumer Privacy Act of 2018, or CCPA, originally became effective January 1, 2020 and an amended version became effective on January 1, 2023. The amended CCPA requires covered businesses to, among other things, make new disclosures to consumers about their data collection, use, and sharing practices, and allows consumers to opt out of certain data sharing with third parties. Under the amended CCPA, consumers include individuals that interact with us in a professional or employment capacity. The CCPA provides a limited private cause of action for certain data breaches. Numerous other states have proposed, and in many cases, enacted, privacy legislation. The effects of such state privacy laws are potentially significant and may require us to incur substantial costs and expenses in an effort to comply and increase our potential exposure to regulatory enforcement and/or litigation. We expect additional states may continue to enact data protection legislation that may be similar to or different from the state privacy laws already adopted. Additionally, the FTC and many state attorneys general are interpreting federal and state consumer protection laws as imposing standards for the collection, use, dissemination, and security of personal data. We may be required to incur costs and expenses to stay in compliance with these interpretations, and if we were found to have violated consumer protection laws, we may face enforcement actions which could adversely affect our business. We also may be subject to laws and rules implemented and enforced by the FTC, the Federal Communications Commission, or FCC, and potentially other federal agencies, as well as state, local or international laws and regulations related to marketing, advertising, commercial electronic mail and other messages. Compliance with these requirements may limit our ability to engage in certain marketing and advertising activities. If we were found to have violated such requirements, we may face enforcement actions and/or face civil penalties, either of which could adversely affect our business. Several foreign countries and governmental bodies, including the European Union, Switzerland and the United Kingdom have laws and regulations dealing with the processing of personal data obtained about their residents, which in certain cases are more restrictive than those in the United States. We expect that additional jurisdictions may enact similar requirements. Laws and regulations in these jurisdictions can apply broadly to the collection, use, storage, disclosure and security of various types of data, including personal data, such as names, email addresses and in some jurisdictions, unique online identifiers like Internet Protocol, or IP, addresses. In particular, in the European Union, the GDPR became effective in May 2018. The GDPR includes stringent operational requirements for processors and controllers of personal data and imposes significant penalties for non-compliance. The United Kingdom has implemented data protection laws that substantially align with requirements under the GDPR and provide for similar penalties. The United Kingdom's decision to adopt a separate data protection regime after its exit from the European Union, known as Brexit, has created uncertainty and the potential for differing regulations as compared to the European Union, which in turn may delay or deter transactions with customers that transfer personal data to and from the United Kingdom. In addition, there remains uncertainty regarding transfers of certain personal data from the European Economic Area, Switzerland, and the United Kingdom following Brexit as well as the invalidation of both the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield. While alternative transfer mechanisms, such as Standard Contractual Clauses, are available to Yext and its customers for such transfers, the use of these transfer mechanisms, in addition to related developments and uncertainty, could require us to implement additional contractual and technical safeguards for personal data transferred out of the European Economic Area, Switzerland, and the United Kingdom, which may increase compliance and related costs and risks, lead to increased regulatory scrutiny or liability, necessitate additional contractual negotiations, and adversely impact our business, operating results and financial condition. Customers and potential customers may hesitate or refuse to purchase and use our products and services due to the potential risk associated with cross-border data transfers or may view alternative data transfer mechanisms as being too costly, burdensome or uncertain. Our ability to attract and retain customers may therefore be impaired. In addition, other mechanisms that we use or may use in the future in an effort to legitimize cross-border data transfers may be challenged or invalidated or may evolve such that they do not function as appropriate means for us to transfer certain personal data from the European Economic Area, Switzerland, and the United Kingdom to the United States. These domestic and foreign laws and regulations relating to privacy and information security are evolving, can be subject to significant change and may result in ever-increasing regulatory and public scrutiny and escalating levels of enforcement and sanctions. Interpretation of certain requirements remains unclear and may evolve, in particular for laws and regulations that have recently been enacted. Application of laws and regulations may be inconsistent or may conflict among jurisdictions resulting in additional complexity and increased legal risk. In addition, these requirements have increased our compliance costs and may impair our ability to grow our business or offer our service in some locations, may subject us to liability for non-compliance, may require us to modify our data processing and transferring practices and policies and may strain our technical capabilities. In addition as we, our customers and potential customers evaluate the impact of new laws and regulations, sales cycles have lengthened and transaction costs have increased as customers conduct additional diligence and as contractual obligations under the new regulations are negotiated. To protect the personal data that we process, including payment card information, we have implemented technical and organizational measures in an effort to preserve and protect our data and our customers' data against loss, misuse, corruption, destruction, or misappropriation caused by systems failures, unauthorized access or other misuse. Notwithstanding these measures, we could experience security incidents, fail to handle personal data correctly or be subject to liability claims relating to information security by individuals and customers whose data resides in our databases. We are also required to comply with applicable industry standards with respect to our handling of payment card information. If we fail to meet appropriate compliance levels for payment card data specifically, this could negatively impact our ability to utilize payment cards as a method of payment, and/or collect and store payment card information, which could disrupt our business. As our products are applied to new uses and in new verticals, we may become subject to additional regulations or legal risks. For example, we have begun selling our platform to government entities. Risks associated with sales to government entities include adherence to complex procurement regulations and other government-specific contractual requirements. We may be subject to audits and investigations relating to our government contracts and any violations could result in various civil and criminal penalties and administrative sanctions, including termination of contracts, payment of fines, and suspension or debarment from future government business, as well as harm to our reputation and financial results. Sales to government entities can be highly competitive, expensive and time consuming, often requiring significant upfront time and expense without any assurance that we will successfully complete a sale. As another example, in order to offer our products to certain customers in the health care industry we have implemented certain security and privacy measures and related procedures to comply with the Health Insurance Portability and Accountability Act of 1996, or HIPAA, and the Health Information Technology for Economic and Clinical Health Act, or HITECH. We may execute HIPAA business associate agreements, or BAAs, with certain customers that are "covered entities" under HIPAA, which would subject us to additional liabilities, penalties and fines in the event we fail to comply with the terms of such agreements. The storage of such information may require us to modify and enhance our platform at a significant cost. Any failure or perceived failure by us to comply with laws, regulations, policies, legal or contractual obligations, industry standards, or regulatory guidance relating to privacy or information security may result in governmental investigations and enforcement actions, litigation, fines and penalties, consumer actions, and/or adverse publicity, and could cause our customers and partners to lose trust in us, which could have an adverse effect on our reputation and business. This could materially affect our business, operating results, and financial condition. Furthermore, our third-party reseller customers, over which we have more limited control, may not comply with the laws, regulations, and policies described above, which may damage our reputation or subject us to costly legal or regulatory inquiries and liability or to contractual liability. We expect that there will continue to be new proposed laws, regulations and industry standards relating to privacy, data protection, marketing, advertising communications, information security and cross-border data transfer in the United States, the European Union and other jurisdictions, and we cannot determine the impact such future laws, regulations and standards may have on our business. Future laws, regulations, standards and other obligations or any changed interpretation of existing laws or regulations could impair our ability to develop and market new features and maintain and grow our customer base and increase revenue. Future restrictions on the collection, use, sharing or disclosure of data or additional requirements placed upon us, our customers, partners or end consumers in connection with the use and disclosure of such information could require us to incur additional costs or modify our platform or other aspects of our products and services, possibly in a material manner, and could increase the complexity and cost of developing and deploying new products or limit our ability to develop new products and features altogether.

Our business depends on the overall demand for technology and on the economic performance of our current and prospective customers. In general, worldwide economic conditions such as inflation may remain unstable, and these conditions would make it difficult for our customers, prospective customers and us to forecast and plan future business activities accurately, and they could cause our customers or prospective customers to reevaluate their decision to purchase our features. Weak global economic conditions, changes in consumer behavior or a reduction in technology spending even if economic conditions stabilize, could adversely impact our business and results of operations in a number of ways, including longer sales cycles, lower demand or prices for our platform, fewer subscriptions and lower or no growth. In addition, the economies of certain countries or regions around the world may experience weakness or uncertainty, which may lead to negative impacts on our business in those areas.

In 2014, we opened our first office outside the United States, and we have expanded our operations abroad. Our international expansion has created and will create significant challenges for our management, administrative, operational and financial infrastructure. Operating in international markets requires significant resources and management attention and will subject us to regulatory, economic and political risks in addition to those we already face in the United States. Because of our limited experience with international operations and developing and managing sales in international markets, our international expansion efforts may not be successful. Some of the specific risks we will face in conducting business internationally that could adversely affect our business include: - the difficulty of recruiting and managing international operations and the increased operations, travel, infrastructure and legal compliance costs associated with numerous international locations;- our ability to effectively price our multi-tiered subscriptions in competitive international markets;- our ability to identify and manage sales partners;- new and different sources of competition in each country or region;- potentially greater difficulty collecting accounts receivable and longer payment cycles;- the need to adapt and localize our products for specific countries, including differences in the location attributes and formats used in each country and differences in languages, for example in the case of our search product, which relies on natural language processing;- the need to develop integrations with new third-party applications used by international customers;- the need to offer customer support in various languages;- fluctuations in currency exchange rates, which could increase the price of our products outside of the United States, increase the expenses of our international operations, or have a negative impact on our revenue and expose us to foreign currency exchange rate risk;- difficulties in understanding and complying with local laws, regulations and customs in foreign jurisdictions;- compliance with U.S. laws and regulations for foreign operations, including, without limitation, the Foreign Corrupt Practices Act, or FCPA, the U.K. Bribery Act, import and export control laws, tariffs, trade barriers, economic sanctions and other regulatory or contractual limitations on our ability to sell in certain foreign markets, and the risks and costs of non-compliance;- compliance with international laws and regulations, including without limitation, those governing privacy, data security and data transfer, such as the General Data Protection Regulation ("GDPR"), which may impair our ability to grow our business or offer our service in some locations, may subject us to liability for non-compliance or may require us to change our business practices;- expanded demands on, and distraction of, senior management;- difficulties with differing technical and environmental standards, data privacy and telecommunications regulations and certification requirements outside the United States;- varying levels of internet technology adoption and infrastructure;- tariffs and other non-tariff barriers, such as quotas and local content rules;- more limited protection for intellectual property rights in some countries;- adverse tax consequences;- currency control regulations, which might restrict or prohibit our conversion of other currencies into U.S. dollars;- restrictions on the transfer of funds, including the repatriation of cash;- deterioration of political relations between the United States and other countries;- natural disasters, pandemics, acts of terrorism, war (including the ongoing military conflicts between Russia and Ukraine and in the Middle East, and resulting sanctions imposed by the United States and other countries), and other events beyond our control; and - political or social unrest or economic instability in a specific country or region in which we operate, which could have an adverse impact on our operations in that location. Also, our network service provider fees outside of the United States are generally higher than domestic rates, and our gross margin may be affected and may fluctuate as we expand our operations and customer base worldwide. Our failure to manage any of these risks successfully could harm our international operations, and adversely affect our overall business, operating results and financial condition. Some of our customers and Publisher Network application providers also have international operations and are subject to the risks described above. Even if we are able to successfully manage the risks of international operations, our business may be adversely affected if these customers and application providers are not able to successfully manage these risks.

Natural disasters or other catastrophic events may cause damage or disruption to our operations and the global economy, and thus could have a strong negative effect on us. Our business operations are subject to interruption by natural disasters, fire, power shortages, civil unrest, pandemics, acts of terrorism and other events beyond our control. While we maintain crisis management and disaster response plans, natural disasters and other events could also make it difficult or impossible for us to continue operations, and could decrease demand for our platform. In addition, our data centers are located in New Jersey and Texas and our cloud computing providers operate from facilities in northern Virginia, Frankfurt, Germany and Tokyo, Japan, making our business particularly susceptible to natural disasters and other catastrophic events in those areas. Any natural disaster or other event affecting our data centers could have an adverse effect on our financial condition and operating results.

We face exposure to movements in currency exchange rates, which may cause our revenue and operating results to differ materially from expectations. Our operating results could be negatively affected depending on the amount of expense and intercompany transactions including loans denominated in foreign currencies. As exchange rates vary, revenue, cost of revenue, operating expenses and other operating results, when re-measured, may differ materially from expectations. For example, a significant portion of our international revenue is derived from Europe including the United Kingdom. Our revenues and cash flows from these regions may be adversely affected as a result of weakness in the Euro or British Pound. In addition, our operating results are subject to fluctuation if our mix of U.S. and foreign currency denominated transactions and expenses changes in the future. Although in the future we may apply certain strategies to mitigate foreign currency risk, these strategies might not eliminate our exposure to foreign exchange rate fluctuations and would involve costs and risks of their own, such as ongoing management time and expertise, external costs to implement the strategies and potential accounting implications. Additionally, as we anticipate growing our business further outside of the United States, the effects of movements in currency exchange rates will increase as our transaction volume outside of the United States increases.

Our platform incorporates certain third-party software obtained under licenses from other companies, including companies that sell products that compete with our platform. We anticipate that we will continue to rely on such third-party software and development tools in the future. There is no assurance that we will be able to renew licenses for third-party software that we use. Although we believe that there are commercially reasonable alternatives to the third-party software we currently license, this may not always be the case, or the software we currently license may be difficult or costly to replace. In addition, integration of the software used in our platform with new third-party software may require significant work and require substantial investment of our time and resources. Also, to the extent that our platform depends upon the successful operation of third-party software in conjunction with our software, any undetected errors or defects in this third-party software could prevent the deployment or impair the functionality of our platform, delay new feature introductions, result in a failure of our platform and injure our reputation. Our use of additional or alternative third-party software would require us to enter into license agreements with third parties.