0001628280-21-003310.txt : 20210225 0001628280-21-003310.hdr.sgml : 20210225 20210225163126 ACCESSION NUMBER: 0001628280-21-003310 CONFORMED SUBMISSION TYPE: 10-K PUBLIC DOCUMENT COUNT: 114 CONFORMED PERIOD OF REPORT: 20201231 FILED AS OF DATE: 20210225 DATE AS OF CHANGE: 20210225 FILER: COMPANY DATA: COMPANY CONFORMED NAME: Sailpoint Technologies Holdings, Inc. CENTRAL INDEX KEY: 0001627857 STANDARD INDUSTRIAL CLASSIFICATION: SERVICES-PREPACKAGED SOFTWARE [7372] IRS NUMBER: 471628077 FISCAL YEAR END: 1231 FILING VALUES: FORM TYPE: 10-K SEC ACT: 1934 Act SEC FILE NUMBER: 001-38297 FILM NUMBER: 21680853 BUSINESS ADDRESS: STREET 1: 11120 FOUR POINTS DRIVE STREET 2: SUITE 100 CITY: AUSTIN STATE: TX ZIP: 78726 BUSINESS PHONE: (512) 346-2000 MAIL ADDRESS: STREET 1: 11120 FOUR POINTS DRIVE STREET 2: SUITE 100 CITY: AUSTIN STATE: TX ZIP: 78726 10-K 1 sail-20201231.htm 10-K sail-20201231
FALSE2020FY0001627857us-gaap:AccountingStandardsUpdate201409Memberus-gaap:AccountingStandardsUpdate201613Memberus-gaap:AccruedLiabilitiesAndOtherLiabilitiesus-gaap:AccruedLiabilitiesAndOtherLiabilities00016278572020-01-012020-12-31iso4217:USD00016278572020-06-30xbrli:shares00016278572021-02-1800016278572020-12-3100016278572019-12-31iso4217:USDxbrli:shares0001627857us-gaap:LicenseMember2020-01-012020-12-310001627857us-gaap:LicenseMember2019-01-012019-12-310001627857us-gaap:LicenseMember2018-01-012018-12-310001627857sail:SubscriptionMember2020-01-012020-12-310001627857sail:SubscriptionMember2019-01-012019-12-310001627857sail:SubscriptionMember2018-01-012018-12-310001627857us-gaap:TechnologyServiceMember2020-01-012020-12-310001627857us-gaap:TechnologyServiceMember2019-01-012019-12-310001627857us-gaap:TechnologyServiceMember2018-01-012018-12-3100016278572019-01-012019-12-3100016278572018-01-012018-12-310001627857us-gaap:CommonStockMember2017-12-310001627857us-gaap:AdditionalPaidInCapitalMember2017-12-310001627857us-gaap:RetainedEarningsMember2017-12-3100016278572017-12-3100016278572017-01-012017-12-310001627857srt:CumulativeEffectPeriodOfAdoptionAdjustmentMemberus-gaap:RetainedEarningsMember2017-12-310001627857srt:CumulativeEffectPeriodOfAdoptionAdjustmentMember2017-12-310001627857us-gaap:CommonStockMember2018-01-012018-12-310001627857us-gaap:AdditionalPaidInCapitalMember2018-01-012018-12-310001627857us-gaap:RetainedEarningsMember2018-01-012018-12-310001627857us-gaap:CommonStockMember2018-12-310001627857us-gaap:AdditionalPaidInCapitalMember2018-12-310001627857us-gaap:RetainedEarningsMember2018-12-3100016278572018-12-310001627857us-gaap:CommonStockMember2019-01-012019-12-310001627857us-gaap:AdditionalPaidInCapitalMember2019-01-012019-12-310001627857us-gaap:RetainedEarningsMember2019-01-012019-12-310001627857us-gaap:CommonStockMember2019-12-310001627857us-gaap:AdditionalPaidInCapitalMember2019-12-310001627857us-gaap:RetainedEarningsMember2019-12-310001627857srt:CumulativeEffectPeriodOfAdoptionAdjustmentMemberus-gaap:RetainedEarningsMember2019-12-310001627857srt:CumulativeEffectPeriodOfAdoptionAdjustmentMember2019-12-310001627857us-gaap:CommonStockMember2020-01-012020-12-310001627857us-gaap:AdditionalPaidInCapitalMember2020-01-012020-12-310001627857us-gaap:RetainedEarningsMember2020-01-012020-12-310001627857us-gaap:CommonStockMember2020-12-310001627857us-gaap:AdditionalPaidInCapitalMember2020-12-310001627857us-gaap:RetainedEarningsMember2020-12-310001627857srt:MinimumMember2020-01-012020-12-310001627857srt:MaximumMember2020-01-012020-12-31xbrli:pure0001627857us-gaap:EmployeeStockMembersrt:MinimumMember2020-12-310001627857srt:MaximumMemberus-gaap:EmployeeStockMember2020-12-310001627857us-gaap:EmployeeStockMember2020-01-012020-12-310001627857srt:CumulativeEffectPeriodOfAdoptionAdjustmentMemberus-gaap:RetainedEarningsMember2020-01-010001627857us-gaap:SubsequentEventMembersrt:CumulativeEffectPeriodOfAdoptionAdjustmentMembersrt:MinimumMember2021-01-010001627857us-gaap:SubsequentEventMembersrt:CumulativeEffectPeriodOfAdoptionAdjustmentMembersrt:MaximumMember2021-01-010001627857us-gaap:SubsequentEventMembersrt:ScenarioForecastMembersrt:MinimumMembersail:AccountingStandardsUpdate202006Member2021-01-012021-12-310001627857us-gaap:SubsequentEventMembersrt:MaximumMembersrt:ScenarioForecastMembersail:AccountingStandardsUpdate202006Member2021-01-012021-12-310001627857us-gaap:LicenseMemberus-gaap:TransferredAtPointInTimeMember2020-01-012020-12-310001627857us-gaap:TransferredOverTimeMembersail:SubscriptionSaaSMember2020-01-012020-12-310001627857us-gaap:TransferredOverTimeMemberus-gaap:MaintenanceMember2020-01-012020-12-310001627857us-gaap:TransferredOverTimeMembersail:OtherSubscriptionServicesMember2020-01-012020-12-310001627857us-gaap:TransferredOverTimeMemberus-gaap:TechnologyServiceMember2020-01-012020-12-310001627857sail:SubscriptionSaaSMember2020-01-012020-12-310001627857us-gaap:MaintenanceMember2020-01-012020-12-310001627857sail:OtherSubscriptionServicesMember2020-01-012020-12-310001627857us-gaap:LicenseMemberus-gaap:TransferredAtPointInTimeMember2019-01-012019-12-310001627857us-gaap:TransferredOverTimeMembersail:SubscriptionSaaSMember2019-01-012019-12-310001627857us-gaap:TransferredOverTimeMemberus-gaap:MaintenanceMember2019-01-012019-12-310001627857us-gaap:TransferredOverTimeMembersail:OtherSubscriptionServicesMember2019-01-012019-12-310001627857us-gaap:TransferredOverTimeMemberus-gaap:TechnologyServiceMember2019-01-012019-12-310001627857sail:SubscriptionSaaSMember2019-01-012019-12-310001627857us-gaap:MaintenanceMember2019-01-012019-12-310001627857sail:OtherSubscriptionServicesMember2019-01-012019-12-310001627857us-gaap:LicenseMemberus-gaap:TransferredAtPointInTimeMember2018-01-012018-12-310001627857us-gaap:TransferredOverTimeMembersail:SubscriptionSaaSMember2018-01-012018-12-310001627857us-gaap:TransferredOverTimeMemberus-gaap:MaintenanceMember2018-01-012018-12-310001627857us-gaap:TransferredOverTimeMembersail:OtherSubscriptionServicesMember2018-01-012018-12-310001627857us-gaap:TransferredOverTimeMemberus-gaap:TechnologyServiceMember2018-01-012018-12-310001627857sail:SubscriptionSaaSMember2018-01-012018-12-310001627857us-gaap:MaintenanceMember2018-01-012018-12-310001627857sail:OtherSubscriptionServicesMember2018-01-012018-12-3100016278572021-01-012020-12-3100016278572022-01-012020-12-310001627857us-gaap:AccountsReceivableMember2019-12-310001627857sail:ContractAssetsMember2019-12-310001627857srt:CumulativeEffectPeriodOfAdoptionAdjustmentMemberus-gaap:AccountsReceivableMember2019-12-310001627857srt:CumulativeEffectPeriodOfAdoptionAdjustmentMembersail:ContractAssetsMember2019-12-310001627857us-gaap:AccountsReceivableMember2020-01-012020-12-310001627857sail:ContractAssetsMember2020-01-012020-12-310001627857us-gaap:AccountsReceivableMember2020-12-310001627857sail:ContractAssetsMember2020-12-310001627857us-gaap:MoneyMarketFundsMemberus-gaap:FairValueInputsLevel1Member2020-12-310001627857us-gaap:MoneyMarketFundsMemberus-gaap:FairValueInputsLevel2Member2020-12-310001627857us-gaap:FairValueInputsLevel3Memberus-gaap:MoneyMarketFundsMember2020-12-310001627857us-gaap:MoneyMarketFundsMember2020-12-310001627857us-gaap:FairValueInputsLevel1Member2020-12-310001627857us-gaap:FairValueInputsLevel2Member2020-12-310001627857us-gaap:FairValueInputsLevel3Member2020-12-310001627857us-gaap:MoneyMarketFundsMemberus-gaap:FairValueInputsLevel1Member2019-12-310001627857us-gaap:MoneyMarketFundsMemberus-gaap:FairValueInputsLevel2Member2019-12-310001627857us-gaap:FairValueInputsLevel3Memberus-gaap:MoneyMarketFundsMember2019-12-310001627857us-gaap:MoneyMarketFundsMember2019-12-310001627857us-gaap:FairValueInputsLevel1Member2019-12-310001627857us-gaap:FairValueInputsLevel2Member2019-12-310001627857us-gaap:FairValueInputsLevel3Member2019-12-310001627857sail:OrkusMember2019-10-152019-10-150001627857sail:OrkusMember2019-10-150001627857sail:OrkusMemberus-gaap:OtherCurrentLiabilitiesMember2020-12-310001627857sail:OrkusMemberus-gaap:OtherCurrentLiabilitiesMember2019-12-310001627857sail:OrkusMemberus-gaap:OtherNoncurrentLiabilitiesMember2019-12-310001627857sail:OrkusMember2020-01-012020-12-310001627857sail:OrkusMemberus-gaap:DevelopedTechnologyRightsMember2019-10-150001627857sail:OrkusMemberus-gaap:DevelopedTechnologyRightsMember2019-10-152019-10-150001627857sail:OverwatchIDMember2019-10-152019-10-150001627857sail:OverwatchIDMember2019-10-150001627857sail:OverwatchIDMemberus-gaap:OtherCurrentLiabilitiesMember2019-12-310001627857sail:OverwatchIDMemberus-gaap:OtherCurrentLiabilitiesMember2020-12-310001627857sail:OverwatchIDMemberus-gaap:OtherNoncurrentLiabilitiesMember2019-12-310001627857sail:OverwatchIDMember2020-01-012020-12-310001627857sail:OverwatchIDMemberus-gaap:DevelopedTechnologyRightsMember2019-10-150001627857sail:OverwatchIDMemberus-gaap:DevelopedTechnologyRightsMember2019-10-152019-10-150001627857us-gaap:CustomerListsMember2020-01-012020-12-310001627857us-gaap:CustomerListsMember2020-12-310001627857us-gaap:CustomerListsMember2019-12-310001627857us-gaap:DevelopedTechnologyRightsMember2020-01-012020-12-310001627857us-gaap:DevelopedTechnologyRightsMember2020-12-310001627857us-gaap:DevelopedTechnologyRightsMember2019-12-310001627857us-gaap:TrademarksAndTradeNamesMember2020-01-012020-12-310001627857us-gaap:TrademarksAndTradeNamesMember2020-12-310001627857us-gaap:TrademarksAndTradeNamesMember2019-12-310001627857us-gaap:OtherIntangibleAssetsMember2020-01-012020-12-310001627857us-gaap:OtherIntangibleAssetsMember2020-12-310001627857us-gaap:OtherIntangibleAssetsMember2019-12-310001627857us-gaap:ResearchAndDevelopmentExpenseMember2020-01-012020-12-310001627857us-gaap:ResearchAndDevelopmentExpenseMember2019-01-012019-12-310001627857us-gaap:ResearchAndDevelopmentExpenseMember2018-01-012018-12-310001627857us-gaap:SellingAndMarketingExpenseMember2020-01-012020-12-310001627857us-gaap:SellingAndMarketingExpenseMember2019-01-012019-12-310001627857us-gaap:SellingAndMarketingExpenseMember2018-01-012018-12-310001627857srt:MinimumMember2020-12-310001627857srt:MaximumMember2020-12-310001627857sail:TermLoanMembersail:PriorCreditAgreementMember2016-08-310001627857us-gaap:RevolvingCreditFacilityMembersail:PriorCreditAgreementMember2016-08-310001627857us-gaap:LondonInterbankOfferedRateLIBORMembersail:PriorCreditAgreementMember2016-08-012016-08-310001627857sail:TermLoanMembersail:PriorCreditAgreementMember2016-08-012016-08-310001627857sail:TermLoanMembersail:PriorCreditAgreementMember2018-01-012018-12-310001627857sail:PriorCreditAgreementMember2018-01-012018-12-310001627857sail:TermLoanMembersail:PriorCreditAgreementMember2018-12-310001627857us-gaap:LetterOfCreditMembersail:PriorCreditAgreementMember2018-12-310001627857us-gaap:RevolvingCreditFacilityMemberus-gaap:LineOfCreditMember2019-03-110001627857us-gaap:RevolvingCreditFacilityMemberus-gaap:LineOfCreditMember2020-12-310001627857us-gaap:LineOfCreditMemberus-gaap:LetterOfCreditMember2020-12-310001627857us-gaap:LineOfCreditMemberus-gaap:RevolvingCreditFacilityMembersrt:MinimumMember2020-01-012020-12-310001627857us-gaap:LineOfCreditMemberus-gaap:RevolvingCreditFacilityMembersrt:MaximumMember2020-01-012020-12-310001627857us-gaap:LetterOfCreditMembersail:NewCreditAgreementMember2020-01-012020-12-310001627857us-gaap:RevolvingCreditFacilityMemberus-gaap:LineOfCreditMember2019-12-310001627857sail:ConvertibleSeniorNotesDueTwoThousandTwentyFourMember2019-09-300001627857sail:ConvertibleSeniorNotesDueTwoThousandTwentyFourMember2019-09-012019-09-300001627857sail:ConvertibleSeniorNotesDueTwoThousandTwentyFourMember2020-01-012020-12-31sail:Day0001627857us-gaap:CommonStockMembersail:ConvertibleSeniorNotesDueTwoThousandTwentyFourMember2020-01-012020-12-310001627857us-gaap:CommonStockMembersail:ConvertibleSeniorNotesDueTwoThousandTwentyFourMember2020-12-310001627857sail:LiabilityComponentMembersail:ConvertibleSeniorNotesDueTwoThousandTwentyFourMember2020-12-310001627857sail:EquityComponentMembersail:ConvertibleSeniorNotesDueTwoThousandTwentyFourMember2020-12-310001627857sail:ConvertibleSeniorNotesDueTwoThousandTwentyFourMember2020-12-310001627857sail:ConvertibleSeniorNotesDueTwoThousandTwentyFourMember2019-12-310001627857sail:ConvertibleSeniorNotesDueTwoThousandTwentyFourMember2019-01-012019-12-310001627857sail:CappedCallTransactionsMember2019-09-300001627857sail:CappedCallTransactionsMember2020-01-012020-12-310001627857sail:CappedCallTransactionsMember2019-09-012019-09-3000016278572017-11-300001627857sail:IncentiveStockOptionsAndNonqualifiedStockOptionsMember2015-12-310001627857us-gaap:RestrictedStockMember2015-12-310001627857sail:TwentyFifteenStockIncentivePlanMember2015-12-310001627857sail:IncentiveStockOptionsAndNonqualifiedStockOptionsMembersrt:MaximumMember2020-01-012020-12-310001627857sail:IncentiveStockOptionsAndNonqualifiedStockOptionsMember2020-01-012020-12-310001627857sail:TwentyFifteenStockOptionAndGrantPlanMember2020-12-310001627857sail:TwentyFifteenStockIncentivePlanMember2020-12-310001627857sail:TwentySeventeenLongTermIncentivePlanMember2020-12-310001627857sail:TwentySeventeenLongTermIncentivePlanMember2020-01-012020-12-310001627857us-gaap:EmployeeStockOptionMember2020-01-012020-12-310001627857us-gaap:EmployeeStockOptionMember2019-01-012019-12-310001627857us-gaap:EmployeeStockOptionMember2018-01-012018-12-310001627857us-gaap:EmployeeStockMember2019-01-012019-12-310001627857us-gaap:EmployeeStockMember2018-01-012018-12-310001627857us-gaap:EmployeeStockMembersrt:MinimumMember2019-01-012019-12-310001627857srt:MaximumMemberus-gaap:EmployeeStockMember2019-01-012019-12-310001627857us-gaap:EmployeeStockOptionMember2017-12-310001627857us-gaap:EmployeeStockOptionMember2017-01-012017-12-310001627857us-gaap:EmployeeStockOptionMember2018-01-012018-12-310001627857us-gaap:EmployeeStockOptionMember2018-12-310001627857us-gaap:EmployeeStockOptionMember2019-01-012019-12-310001627857us-gaap:EmployeeStockOptionMember2019-12-310001627857us-gaap:EmployeeStockOptionMember2020-01-012020-12-310001627857us-gaap:EmployeeStockOptionMember2020-12-310001627857sail:TimeBasedMember2017-12-310001627857sail:TimeBasedMember2018-01-012018-12-310001627857sail:TimeBasedMember2018-12-310001627857sail:TimeBasedMember2019-01-012019-12-310001627857sail:TimeBasedMember2019-12-310001627857sail:TimeBasedMember2020-01-012020-12-310001627857sail:TimeBasedMember2020-12-310001627857sail:IncentiveUnitPlanMember2018-01-012018-12-310001627857sail:IncentiveUnitPlanMember2018-12-310001627857sail:IncentiveUnitPlanMember2019-01-012019-12-310001627857us-gaap:RestrictedStockUnitsRSUMember2017-12-310001627857us-gaap:RestrictedStockUnitsRSUMember2017-01-012017-12-310001627857us-gaap:RestrictedStockUnitsRSUMember2018-01-012018-12-310001627857us-gaap:RestrictedStockUnitsRSUMember2018-12-310001627857us-gaap:RestrictedStockUnitsRSUMember2019-01-012019-12-310001627857us-gaap:RestrictedStockUnitsRSUMember2019-12-310001627857us-gaap:RestrictedStockUnitsRSUMember2020-01-012020-12-310001627857us-gaap:RestrictedStockUnitsRSUMember2020-12-310001627857us-gaap:EmployeeStockMember2020-12-310001627857sail:IncentiveUnitPlanMember2020-01-012020-12-310001627857us-gaap:RestrictedStockMember2020-01-012020-12-310001627857us-gaap:RestrictedStockMember2019-01-012019-12-310001627857us-gaap:RestrictedStockMember2018-01-012018-12-310001627857us-gaap:GeneralAndAdministrativeExpenseMember2020-01-012020-12-310001627857us-gaap:GeneralAndAdministrativeExpenseMember2019-01-012019-12-310001627857us-gaap:GeneralAndAdministrativeExpenseMember2018-01-012018-12-310001627857us-gaap:ComputerEquipmentMember2020-12-310001627857us-gaap:ComputerEquipmentMember2019-12-310001627857us-gaap:FurnitureAndFixturesMember2020-12-310001627857us-gaap:FurnitureAndFixturesMember2019-12-310001627857us-gaap:LeaseholdImprovementsMember2020-12-310001627857us-gaap:LeaseholdImprovementsMember2019-12-310001627857us-gaap:OtherCapitalizedPropertyPlantAndEquipmentMember2020-12-310001627857us-gaap:OtherCapitalizedPropertyPlantAndEquipmentMember2019-12-310001627857us-gaap:ForeignCountryMember2020-12-310001627857us-gaap:ForeignCountryMember2019-12-310001627857us-gaap:DomesticCountryMember2020-12-310001627857us-gaap:DomesticCountryMember2020-01-012020-12-310001627857sail:ForeignCountryAndStateAndLocalJurisdictionMember2020-01-012020-12-310001627857us-gaap:EmployeeStockOptionMember2020-01-012020-12-310001627857us-gaap:EmployeeStockOptionMember2019-01-012019-12-310001627857us-gaap:EmployeeStockOptionMember2018-01-012018-12-310001627857us-gaap:RestrictedStockUnitsRSUMember2020-01-012020-12-310001627857us-gaap:RestrictedStockUnitsRSUMember2019-01-012019-12-310001627857us-gaap:RestrictedStockUnitsRSUMember2018-01-012018-12-310001627857us-gaap:EmployeeStockMember2020-01-012020-12-310001627857us-gaap:EmployeeStockMember2019-01-012019-12-310001627857us-gaap:EmployeeStockMember2018-01-012018-12-310001627857us-gaap:ConvertibleDebtSecuritiesMember2020-01-012020-12-310001627857us-gaap:ConvertibleDebtSecuritiesMember2019-01-012019-12-310001627857us-gaap:ConvertibleDebtSecuritiesMember2018-01-012018-12-31sail:Segment0001627857country:US2020-01-012020-12-310001627857country:US2019-01-012019-12-310001627857country:US2018-01-012018-12-310001627857us-gaap:EMEAMember2020-01-012020-12-310001627857us-gaap:EMEAMember2019-01-012019-12-310001627857us-gaap:EMEAMember2018-01-012018-12-310001627857sail:RestOfTheWorldMember2020-01-012020-12-310001627857sail:RestOfTheWorldMember2019-01-012019-12-310001627857sail:RestOfTheWorldMember2018-01-012018-12-310001627857us-gaap:SubsequentEventMembersail:IntelloIncMember2021-02-222021-02-22
UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
________________________________________________________________
FORM 10-K
________________________________________________________________
(Mark One)
ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
For the fiscal year ended December 31, 2020
OR
 
TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
FOR THE TRANSITION PERIOD FROM                      TO
Commission File Number 001-38297
________________________________________________________________
SailPoint Technologies Holdings, Inc.
(Exact name of Registrant as specified in its Charter)
________________________________________________________________
Delaware
(State or other jurisdiction of
incorporation or organization)
11120 Four Points DriveSuite 100,
AustinTX
(Address of principal executive offices)
47-1628077
(I.R.S. Employer
Identification No.)
78726
(Zip Code)
Registrant’s telephone number, including area code: (512346-2000
________________________________________________________________
Securities registered pursuant to Section 12(b) of the Act:
Title of each classTrading Symbol(s)Name of each exchange on which registered
Common stock, par value $0.0001 per shareSAILNew York Stock Exchange
Securities registered pursuant to Section 12(g) of the Act:  None
Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes x    No ¨
Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or 15(d) of the Act. Yes ¨    No x
Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the Registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes x   No ¨
Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the Registrant was required to submit such files). Yes x    No ¨
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or emerging growth company. See the definition of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.
Large accelerated filerxAccelerated filer
Non-accelerated filerSmaller reporting company
Emerging growth company
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act.  ¨
Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C.7262(b)) by the registered public accounting firm that prepared or issued its audit report.  
Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act). Yes     No x
On June 30, 2020, the last business day of the Registrant’s most recently completed second fiscal quarter, the aggregate market value of the common stock, par value $0.0001 per share, held by non-affiliates of the Registrant was approximately $2.3 billion, based upon the closing price on the New York Stock Exchange on such date.
The registrant had 91,429,769 shares of common stock outstanding as of February 18, 2021.
DOCUMENTS INCORPORATED BY REFERENCE
Portions of the Registrant’s definitive proxy statement for its 2021 Annual Meeting of Stockholders (the “Proxy Statement”), to be filed within 120 days of the Registrant’s fiscal year ended December 31, 2020, are incorporated by reference in Part III of this Annual Report on Form 10-K (this “Form 10-K”). Except with respect to information specifically incorporated by reference in this Form 10-K, the Proxy Statement is not deemed to be filed as part of this Form 10-K.



Table of Contents
Page
PART I
Item 1.
Item 1A.
Item 1B.
Item 2.
Item 3.
Item 4.
PART II
Item 5.
Item 6.
Item 7.
Item 7A.
Item 8.
Item 9.
Item 9A.
Item 9B.
PART III
Item 10.
Item 11.
Item 12.
Item 13.
Item 14.
PART IV
Item 15.
Item 16.

i

SPECIAL NOTE ABOUT FORWARD-LOOKING STATEMENTS
This Annual Report on Form 10-K contains forward-looking statements within the meaning of the federal securities laws, which statements involve substantial risks and uncertainties. Forward-looking statements generally relate to future events or our future financial or operating performance. All statements included in this Annual Report on Form 10-K, other than statements of historical fact, are forward-looking statements. This includes statements regarding our strategy, future operations, financial position, estimated revenues and losses, projected costs, prospects, plans and objectives of management. In some cases, you can identify forward-looking statements because they contain words such as “may,” “will,” “should,” “expects,” “plans,” “anticipates,” “could,” “intends,” “target,” “projects,” “contemplates,” “believes,” “estimates,” “predicts,” “potential” or “continue” or the negative of these words or other similar terms or expressions.
You should not rely upon forward-looking statements as predictions of future events or place undue reliance thereon. We have based the forward-looking statements contained in this Annual Report on Form 10-K primarily on our current expectations and projections, in light of currently available information, about future events and trends that we believe may affect our business, financial condition, results of operations and prospects. The outcome of the events described in these forward-looking statements is subject to risks, uncertainties and other factors described in the section titled “Risk Factors” and elsewhere in this Annual Report on Form 10-K. Moreover, we operate in a very competitive and rapidly changing environment. New risks and uncertainties emerge from time to time and it is not possible for us to predict all risks and uncertainties that could have an impact on the forward-looking statements contained in this Annual Report on Form 10-K. We cannot assure you that the results, events and circumstances reflected in the forward-looking statements will be achieved or occur, and actual results, events or circumstances could differ materially from those described in the forward-looking statements.
The forward-looking statements made in this Annual Report on Form 10-K relate only to events as of the date on which the statements are made. We undertake no obligation to update any forward-looking statements made in this Annual Report on Form 10-K to reflect events or circumstances after the date of this Annual Report on Form 10-K or to reflect new information or the occurrence of unanticipated events, except as required by law. Our forward-looking statements do not reflect the potential impact of any future acquisitions, mergers, dispositions, joint ventures or investments we may make.
1

PART I
ITEM 1. BUSINESS
Overview
SailPoint Technologies Holdings, Inc. (“SailPoint,” “the Company” or “we”) is the leading provider of enterprise identity security solutions. SailPoint was launched by a team of visionary industry veterans to empower our customers to efficiently and securely govern the digital identities of employees, contractors, business partners, software bots and other human and non-human users, and manage their constantly changing access rights to enterprise applications and data. Our identity security solutions provide organizations with critical visibility into who currently has access to which resources, who should have access to those resources and how that access is being used. We offer both software as a service (“SaaS”) and software solutions, which provide organizations the intelligence required to empower users and govern their access to systems, applications and data across hybrid IT environments, spanning on-premises and cloud applications and file storage platforms. We help customers enable their businesses with more agile and innovative IT, streamline delivery of access to their businesses, enhance their security posture and better meet compliance and regulatory requirements. Our customers include many of the world’s largest and most complex organizations, including commercial enterprises, financial institutions and governments.
Organizations globally are investing in technologies such as cloud computing, artificial intelligence ("AI") and machine learning ("ML") to improve employee productivity, business agility and competitiveness. Today, enterprise environments are more open and interconnected with their business partners, contractors, vendors and customers. Business users have driven a dramatic increase in the number of applications and amount of data that organizations need to manage, much of which sits beyond the traditional network perimeter. Because of these trends, the attack surface is expanding while well-funded cyber attackers, in some cases sponsored by nation-states, have significantly increased the frequency and sophistication of their attacks. For example, it has been reported that the SolarWinds breach was part of a highly sophisticated, broad and coordinated nation-state cyber operation that targeted the IT infrastructure of the United States and potentially other countries as well. As a result, IT professionals need to manage and secure increasingly complex hybrid IT environments within these extended enterprises.
Attackers frequently target the identity vector as it allows them to leverage user identities to gain access to high-value systems and data while concealing their activity and movements within an organization’s IT infrastructure. The consequences of a data breach can be extremely damaging, with organizations facing significant costs to remediate the breach and repair brand and reputational damage. In addition, governments and regulatory bodies have increased efforts to protect users and their data with a new wave of regulatory and compliance measures that are further burdening organizations and levying severe penalties for non-compliance. As a result of these trends, enterprises are struggling to efficiently manage and secure their digital identities.
We believe that our identity security solutions are a critical, foundational layer of a modern cyber security strategy, which increasingly leverages a zero-trust approach for securing access. Open architecture allows our solutions to complement and build upon traditional perimeter- and endpoint-centric security solutions, which we believe on their own are increasingly insufficient to secure organizations, and their applications and data. We deliver an identity security platform that combines identity and data governance solutions to form a holistic view of the enterprise's identities, both human and non-human. In combination with our technology partners, we create identity awareness throughout our customers’ environments by providing valuable insights into, and incorporating information from, a broad range of enterprise software and security solutions. Our governance platform provides a system of record for digital identities across our customers’ IT environments while allowing them to remain agile and competitive. Our adaptable solutions integrate seamlessly into existing technology stacks, allowing organizations to maximize the value of their technology investments. Our professionals work closely with customers throughout the implementation lifecycle, from documentation to development to integration.
Our solutions address the complex needs of global enterprises and mid-market organizations. Our go-to-market strategy consists of both direct sales and indirect sales through resellers, such as Optiv, and system integrators. Our mature system integrator channel includes global consultants such as Accenture, Deloitte, Ernst & Young (“EY”), KPMG and PricewaterhouseCoopers (“PwC”), all of whom have dedicated SailPoint practices, with some dating back more than 10 years.
2

Our Growth Strategy
Key investments we are making to drive growth include:
Driving new customer growth within existing geographic markets. There is a significant opportunity to expand our footprint through both new, greenfield deployments and displacement of competitive legacy solutions in the markets that we currently serve. We plan to expand our customer base in these countries by continuing to grow our sales organization, expand and leverage our channel partnerships and enhance our marketing efforts.
Further penetrating our existing customer base. Our customer base of 1,753, as of December 31, 2020, provides a significant opportunity to drive incremental sales. Our customers have the flexibility to start with a single use case or project and expand over time. As they realize the value of their investment, new use cases and deployments are identified, allowing us to sell more products to existing customers and to expand the number and types of identities, including non-human and machine identities, and governed systems we cover within their organizations. This is especially true when it comes to our new and expanded SaaS offerings, including AI and cloud governance. We believe strong customer satisfaction is fundamental to our ability to expand our customer relationships.
Continuing to invest in our platform. Innovation is a core part of our culture. We believe we have established a reputation as a technology leader and innovator in identity security. We intend to continue investing, particularly in our SaaS offerings, to extend our position as the leader in identity security by developing or acquiring new products and technologies.
Leveraging and expanding our network of partners. Our partnerships with global system integrators, such as Accenture, Deloitte, EY, KPMG and PwC, and resellers, such as Optiv, have helped us extend our reach and serve our customers more effectively. We see a significant opportunity to offer comprehensive solutions to customers by collaborating with adjacent technology vendors. We intend to continue to invest in our partnership network as their influence on our sales is vital to the success of our business.
Expanding market and product investment across existing vertical markets. We believe there is significant opportunity to further penetrate our target vertical markets by continuing to provide vertical-specific identity solutions and focusing our marketing efforts to address the use cases of those customers. With this approach, we believe we will be better able to address opportunities in key industries, such as financial services, healthcare, and federal, state and local government.
Continuing to expand our global presence. We believe there is significant opportunity to grow our business internationally. Enterprises around the world are facing similar operational, security and compliance challenges, driving the need for identity governance. We have personnel in 18 countries and customers based in 57 countries as of December 31, 2020 and we generated 28% of our revenue outside of the United States in 2020. We plan to leverage our existing strong relationships with global system integrators and channel partners to grow our presence in Europe, Asia Pacific and other international markets.
Product, Subscription, and Support Offerings
We deliver an integrated set of solutions to address identity security challenges for medium and large enterprises. This set of solutions supports all aspects of identity security, including provisioning, access request, compliance, password management and identity analytics for visualizing and controlling which identities have access to data stored in applications and files.
Our solutions deliver governance across the hybrid enterprise, extending from the mainframe to the cloud. We provide over 100 out-of-the-box connectors to enterprise applications environments such as SAP, Workday and ServiceNow, which automate the collection, analysis and provisioning of identity data. We also provide governance over infrastructure components, such as mainframes, operating systems, directories, databases and data storage solutions, and over vertical solutions, such as Epic in the healthcare provider market. SailPoint leverages AI and ML technologies into our open identity platform to deliver actionable insights and recommendations to reduce risk, accelerate deployment and simplify administration.
Our solutions are built on our open identity platform, which creates a flexible deployment to address a wide range of customer use cases and enables integration to a variety of security and operational IT applications such as IT service management solutions (e.g., BMC Remedy and ServiceNow), privileged access management (“PAM”) (e.g., CyberArk and BeyondTrust), enterprise mobility management and security information and event management. Our open identity platform extends the reach of our identity security processes and enables effective identity security controls across unique customer environments.
3

IdentityNow
IdentityNow is our cloud-based, multi-tenant identity governance platform, which is delivered as a SaaS subscription offering. IdentityNow provides customers with a set of fully integrated services for compliance, provisioning and password management for applications and data hosted on-premises or in the cloud. IdentityNow meets the most stringent identity security requirements and provides enterprise-grade services that meet scalability, performance, availability and security demands. IdentityNow enables organizations to:
Automate identity security processes in one unified solution delivered from the cloud;
Accelerate deployment with built-in best practice policies, options and default settings; and
Eliminate the need to buy, deploy and maintain hardware and software to run an identity security solution.
We package and price IdentityNow into a Cloud Platform and Governance Services with unique functionality as outlined below:
Cloud Platform: IdentityNow provides foundational components for identity security in the cloud, including production and sandbox instances and the IdentityNow Cloud Gateway virtual appliance, which leverages our patented method for integrating with on-premises applications and data. IdentityNow also includes a large catalog of pre-built connectors and application profiles to on-premises and cloud applications, leveraging the intellectual property developed for IdentityIQ. It is included with all Governance Services at no additional charge.
User Provisioning: This module enables business users to be productive from day one. With IdentityNow user provisioning, organizations can streamline the on-boarding and off-boarding process with best practice configurations and workflows, enabling IT to immediately grant employees access to the applications and data they need to do their jobs.
Access Request: This module empowers the entire enterprise with a robust self-service solution for requesting and approving access to applications and data. Automating the access request process quickly delivers business users the access they need to do their jobs.
Access Certifications: This module automates the process of reviewing user access privileges across the organization. Using IdentityNow, organizations can quickly plan, schedule and execute certification campaigns to ensure the right users have the appropriate access to corporate resources.
Separation-of-Duties: This module simplifies and speeds the process of investigating access, quickly uncovering any access-related conflicts of interest for review and mitigation. It also automates the creation of policies that ensure continuous compliance with internal and external audit requirements.
Password Management: This module offers business users an intuitive, self-service experience for managing and resetting passwords from any device and from anywhere. This service enforces consistent and secure password policies for all users across all systems from the cloud to the data center.
IdentityIQ
IdentityIQ is our on-premises identity security solution, which can be hosted in the public cloud or deployed in a customer’s data center. It provides large, complex enterprise customers a unified and highly configurable identity security solution that consistently applies business and security policies as well as role and risk models across applications and data on-premises or hosted in the cloud. IdentityIQ enables organizations to:
Empower users to request and gain access to enterprise applications and data;
Enable business users to reset their passwords via self-service tools without the need for IT involvement;
Provide on-demand visibility to IT, business and risk managers into “which identities have access to what resources” to help make business decisions, improve security and meet audit requirements;
Improve security and eliminate common weak points associated with data breaches, including weak passwords, orphaned accounts, entitlement creep and separation-of-duties policy violations; and
Manage compliance using automated access certifications and policy management.
We package and price IdentityIQ into Core Modules and Advanced Integration Modules. All customers leverage the IdentityIQ Governance Platform, which provides the base features of the solution, including the identity warehouse, workflow engine and governance models. The three Core Modules include:
Lifecycle Manager: This module provides a business-oriented solution that delivers access securely and cost effectively. The self-service access request capabilities feature an intuitive user interface that empowers business users to take an active role in managing changes to their access while greatly reducing the burden on IT organizations. Automated provisioning manages the business processes of granting, modifying and
4

revoking access throughout a user’s lifecycle with an organization, whether that user is an employee, contractor or business partner. Changes to user access can be automatically provisioned via a large library of direct connectors for applications such as Workday and SAP or synchronized with IT service management solutions such as ServiceNow.
Compliance Manager: This module enables the business to improve compliance and audit performance while lowering costs. It provides business user friendly access certifications and automated policy management controls (e.g., separation-of-duty violation reporting) that are designed to simplify and streamline audit processes across all applications and data. Built-in audit reporting and analytics give IT, business and audit teams visibility into, and management over, all compliance activities in the organization.
File Access Manager: This module, a rebranded and repackaged version of the SecurityIQ product line, secures access to the growing amount of data stored in file servers, collaboration portals, mailboxes and cloud storage systems. The change was made to align the positioning and packaging of solutions with how our customers are purchasing and deploying a comprehensive identity security strategy. It helps organizations identify where sensitive data resides, which identities have access to it, and how they are using it and then puts effective controls in place to secure it. File Access Manager is designed to interoperate with the Compliance Manager and Lifecycle Manager modules to provide comprehensive visibility and governance over user access to all data. By augmenting identity data from structured systems with data from unstructured data targets, organizations can more quickly identify and mitigate risks, spot compliance issues and make the right decisions when granting or revoking access to sensitive data.
The Advanced Integration Modules provide connectivity to target application platforms such as SAP, mainframes and file storage systems.
SailPoint Identity Services
SailPoint Identity Services are delivered as multi-tenant SaaS subscription services and are designed to integrate and extend IdentityNow and IdentityIQ. We package and price SailPoint Identity Services individually. The current list of SailPoint Identity Services includes:
Access Insights: collects a wealth of identity information, turns that information into actionable insights and provides business-oriented dashboards and reports to track the effectiveness of your identity program;
Recommendation Engine: uses AI and ML, peer group analysis, identity attributes and access activity to help you decide whether access should be requested, granted or removed;
Access Modeling: uses AI and ML to suggest roles based on similar access between users and gives you insights to confirm the correct access for each role; and
Cloud Access Management: uses AI and ML to automatically learn, monitor and secure access to cloud infrastructure.
Technology
Our comprehensive, enterprise-grade identity security platform is the result of both years of investment and the expertise of the Company’s management and technical teams. Taking the lessons learned from our experiences with prior generation identity solutions, our engineers and architects designed a modern identity platform with internet scale, comprehensive hybrid environment coverage, and openness to optimize customers’ existing technology investments.
Identity Cube Technology
Our Identity Cube technology establishes the 360-degree control essential to govern and secure digital identities in today’s complex IT environments. Our extensive data modeling capabilities allow us to understand how each identity relates to the full IT environment, whether on-premises or in the cloud. SailPoint’s account correlation and orphan account management capabilities allow IT security professionals and business managers to track and monitor the accounts that are most frequently under attack.
Identity Cubes track all relevant information about an identity and its relationships to applications and data. They create the “identity context” which is key to an identity-aware infrastructure in which identity information is shared across the extended enterprise. With identity context, operational and security systems can make informed decisions about access and perform key remediation and change requests on our open identity platform via our standardized application program interfaces (“APIs”) and software development kits (“SDKs”).
5

Model-Based Governance
Our model-based governance engine sits at the center of our platform and provides a comprehensive understanding of both the current state of which identities currently have access to what as well as the desired state of who should have access to what. The governance engine is responsible for managing the ongoing process of aligning these two states.
Governance and control models are used to drive our policy-based reconciliation service and to define how reconciliation and provisioning fulfillment actions are executed. These models are designed with graphical tools, enabling IT and business users to own and define the reconciliation and fine-grained access provisioning fulfillment processes for applications and data.
Access Modeling
Our AI-based Access Modeling is designed to continually model and adapt access to evolving business needs. Leveraging AI, Access Modeling evaluates the access that users have, including collections of entitlements bundled into roles, and recommends new access models. Once approved and created, these access models can be assigned to identities. Access Modeling also continually monitors for updates to existing roles within the access model to help enforce the principle of least privileged access.
Recommendation Engine
The patented Recommendation Engine leverages AI and ML technologies to automate mundane tasks and provide Open and Extensible Identity Platform users with insights in order to make more informed decisions. Based on identity information and attributes collected, the Recommendation Engine identifies and classifies access as acceptable or risky, along with the reasons for those classifications. These recommendations are visually presented to users reviewing access, so they can quickly, and efficiently, make decisions. Recommendations can also be used to automatically approve acceptable access.
Provisioning Broker
Our provisioning broker provides separation between identity processes at the business level (e.g., requesting access to an application) and the actual fulfillment of that request on the target system. The provisioning broker is a specialized business process workflow execution engine that manages long-running provisioning tasks and provides tracking, monitoring and statistics for the end-to-end fulfillment process.
The decoupling capability of the provisioning broker maximizes our customers’ flexibility and allows for the reuse of their existing IT investments. For example, if access to an application can only be provided manually through the opening of a help desk ticket, the provisioning broker will send that request to the help desk and report back on the status of that request. Likewise, if a customer utilizes a legacy provisioning system, the provisioning broker can pass off a request to that legacy system for fulfillment. In addition, the provisioning broker provides us with a unique migration strategy for customers moving from a legacy system to our identity security solutions.
Enterprise-Grade Cloud Gateway
To manage on-premises infrastructure, applications and data from the cloud, we employ a Cloud Gateway Server (“CGS”), delivered as a virtual machine behind the customer’s firewall, which ensures that all SailPoint communications are highly secure. Our CGS technology is a high availability, secure, self-managed container that allows for controlled and automated updates of our connector infrastructure while ensuring the integrity of individual on-premises and cloud connections.
Our CGS also provides an innovative and patented approach to protecting our customer’s credentials. Our “zero-knowledge encryption” technology allows us to store all of a customer’s passwords and security credentials inside the CGS behind their firewall. As a result, we protect the confidentiality of our customers’ system and end-user credentials, even if our cloud service provider were to be breached.
Data Ownership Assessment and Election
Verifying the business end-user who is the logical owner of information is a key challenge in managing growing volumes of unstructured data in the enterprise. Our novel, patent-supported approach determines the rightful owner of files, so they can be integrated into governance control processes, such as access certifications and access approvals. Our solution leverages profile data to determine logical owners of information based on identity attributes and usage data. Once a set of
6

logical owners is identified, we use a crowd-sourcing approach to allow other users familiar with the data to vote on the rightful owner of the file or file storage location. This enables organizations to efficiently identify and designate specific owners for sensitive information stored in files and incorporate them into identity security processes.
Connectivity for the Hybrid IT Environment
Our extensive library of over 100 proprietary connectors provides interfaces to on-premises and cloud applications. These connectors are the means by which we provide governance over target systems. We support granular management of a wide range of systems, from mainframe security managers, including CA ACF2 and Top Secret, IBM and RACF, to traditional enterprise applications, including Oracle E-Business Suite and SAP, and pure SaaS business applications, such as Microsoft Office365, Salesforce, ServiceNow, Slack and Zoom. Generally, the same connectors are used for both our on-premises and cloud-based products. This allows both solutions to leverage fully the over 400-person years we have invested in developing these connectors.
Open and Extensible Identity Platform
Our open identity platform is the result of over a decade of investment. Recognizing identity security is at the center of critical enterprise business and IT processes, we developed a comprehensive set of services that go beyond simple APIs. In addition to our comprehensive API strategy, we deliver SDKs and plug-in frameworks which allow our partners and customers to create their own integrations and extensions to our core product capabilities. For example, we leverage our open identity platform to integrate with third-party user provisioning solutions, such as IBM Security Identity Manager and Oracle Identity Manager, and service desk solutions, such as BMC Remedy and ServiceNow, to implement account change requests. This enables SailPoint to govern access and provide identity context to downstream processes managed by these solutions. Another important open identity platform integration model is with PAM solutions. SailPoint provides a framework that enables organizations to use the same governance controls to oversee both privileged and standard account access. We also collect activity and other information from third-party solutions to improve risk analytics and identity security processes in our products.
Our APIs and SDKs are compliant with System for Cross-domain Identity Management ("SCIM") and both provide standards-based bi-directional runtime access to our identity context model. Many such integrations and extensions have already been built by partners and certified for commercialization on our open identity platform.
Our SaaS Event Trigger Service emits actionable events that allows customers to extend identity security into their own application ecosystems. Once subscribed to these events, SailPoint starts streaming identity events into their custom integrations.
Seasonality
We generally experience seasonal fluctuations in demand for our products and services. Our quarterly sales are impacted by industry buying patterns. As a result, our sales have generally been highest in the fourth quarter of a calendar year and lowest in the first quarter.
Customers
As of December 31, 2020, we have 1,753 customers based in 57 countries. In the year ended December 31, 2020, we generated 28% of our revenue outside of the United States. As of December 31, 2020, our revenue did not materially depend on any single customer.
Sales and Marketing
Sales
We sell our platform through our direct sales organization, which is comprised of field and inside sales personnel, as well as through channel partners. Our sales strategy often reflects a “land-and-expand” business model, in which our initial deployment with a new customer typically addresses a limited number of use cases within a single business unit. Such initial deployments frequently expand across departments, divisions and geographies through a need for additional users, increased usage or extended functionality. As we expand our portfolio of offerings within our platform, we execute a growing number of “solution” deals that include two to three of our products in the initial transaction.
7

Our sales force is structured by geography, customer size, status (customer or prospect) and industry. Our global sales organization is comprised of quota-carrying sales representatives supported by sales development representatives, sales engineers, partner managers, product and technical specialists and solution architects.
Partners constitute an essential part of our selling model. We have established a model designed to create zero conflict, and typically include our partners in all of our training and enablement efforts. As a result, our indirect sales model, executed through our global and regional system integrators, technology partners and value-added resellers, is a key factor in our overall success.
Marketing
Our marketing strategy is focused on building a strong brand through differentiated messaging and thought leadership, educating the market on the importance of identity security, communicating our product advantages and generating pipeline for our sales force. Our data-driven digital approach to marketing is tightly aligned to the needs of our addressable market and provides agility to leverage market opportunities in a targeted and timely fashion. Our awareness and educational efforts focus on branding, digital and content marketing, public and analyst relations and social media, including blogs and bylines. Engagement programs include digital campaigns and webinars and virtual events such as Navigate, while pipeline maturation focuses on customer and executive round tables. Pipeline generation and maturation efforts focus digital strategies—global and regional—to move targeted accounts through their buyer’s journey and through the SailPoint pipeline. While digital efforts are managed centrally and regionally, engagements programs are run in our three major geographies: (i) Americas, (ii) Europe, the Middle East and Africa (“EMEA”) and (iii) Asia-Pacific (“APAC”). Audiences for such events are typically IT and security professionals, including Chief Information Officers and Chief Information Security Officers. Our global virtual Navigate user conferences demonstrate our strong commitment to enabling our customers to succeed, while also serving as an opportunity to create pipeline for new sales to prospective customers and additional sales to existing customers.
Professional Services and Maintenance and Customer Support
Professional Services
We are primarily focused on ensuring that our professional services partners, who perform a majority of the implementations for our customers, are able to implement our solutions successfully. We provide “expert services” to partners and customers for complex implementation assistance. We also lead direct implementations when requested by a customer. We believe that our investment in professional services and in our partners will drive increased adoption of our platform.
Maintenance and Customer Support
Our customers receive one year of software maintenance and support as part of their initial purchase of our on-premises offerings and may renew their maintenance and support agreement following the initial period. Our cloud-based offerings include customer support. For our on-premises offerings, our maintenance provides customers with the right to receive major releases of their purchased solutions, maintenance releases and patches and access to our technical support services during the term of the agreement. We provide customers of our cloud-based offerings with technical support services and all aspects of infrastructure support. We maintain a customer support organization, which includes experienced, trained engineers, that offers multiple service levels for our customers based on their needs. These customers receive contractual response times, telephonic support and access to online support portals. Our highest levels of support provide 24x7x365 support for critical issues. Our customer support organization has global capabilities, a deep expertise in our solutions and, through select support partners, is able to deliver support in multiple languages.
Customer Success Management
Our customer success strategy centers around our investment in, and ownership of, the post-sale experience for our customers. Every customer has an assigned dedicated Customer Success Manager (“CSM”), who is responsible for ensuring that return on investment and business results, committed during the sales cycle, are achieved. Through proactive and regular engagements, the CSM makes sure every customer is satisfied and is using their SailPoint products or services optimally. When necessary, the CSM coordinates cross-departmental resources to remove any barrier to success. In addition, our customer success team utilizes customer data to identify and present any cross-sell or upsell solutions aligned to a customer’s business objectives, thereby contributing to revenue expansion and increased product penetration. By proactively managing customer relationships, our CSM team nurtures client advocates, who become a powerful asset in closing new business.
8

Partnerships and Strategic Relationships
As a core part of our strategy, we have cultivated strong relationships with partners to help us increase our reach and influence, while providing a broader distribution of our identity security services. We have developed a large partner network consisting of technology partners, system integrators, a growing network of value-added resellers and our alliance partners (Accenture, Deloitte, EY, KPMG and PwC). In 2020, approximately 90% of our new customer transactions involved our partners. We believe that our extensive partnership network enables us to provide the most complete identity security solution to our customers.
Technology Partners
We have partnered with industry leaders across a spectrum of technologies that enable organizations to integrate their entire security, mobility, cloud, and applications infrastructure into our platform so that breaches can be better identified, mitigated and contained, and operations can be streamlined. We believe that solutions from companies such as AWS, CyberArk, Microsoft, SAP, ServiceNow and Workday that are plugged into our open identity platform through APIs provide our customers value-added capabilities to build an identity-aware enterprise.
The SailPoint Technology Partner Program is a technology partnering network that leverages familiar standards and methods—like SQL, SCIM and Representational State Transfer—that make it easy to share identity context and configure identity-specific policies across disparate systems. For example, when PAM systems are integrated with our solutions, enterprises can conduct regular audits of privileged users and automatically remediate any policy violations. Program offerings include access to SailPoint SDKs and APIs, developer support, and cloud-based certification services. The Identity+ Alliance comprises over 60 technology and implementation partners and has produced over 40 certified integrations.
Value-Added Resellers
Value-added resellers bring product expertise and implementation best practices to our customers globally. They provide vertical expertise and technical advice in addition to reselling or bundling our software. Many of our reseller partners have been trained to demonstrate and promote our identity platform. Our reseller channel ranges from large companies, like Optiv, to regional resellers in our markets and territories. Our reseller program is designed to scale growth, help generate new opportunities, optimize customer experience and increase profitability as well as sales efficiency.
System Integrators
We partner with many large and global system integrators. We have partnerships with global advisory firms such as Deloitte, EY, KPMG, and PwC, with global system integrators such as Accenture and DXC Technologies, and with many regional system integrators in all three of our geographies. The focus of our system integrators program is to deliver pipeline growth and bookings, to help partners drive self-sufficiency and to foster transparency and collaboration through shared assets and resources. We have implemented joint business controls and metrics that provide a platform for discussion and partnership development and help us optimize our program and unified value proposition.
Research and Development
Innovation is one of our core values, and it is at the heart of how we think and do business. We believe ongoing and timely development of new products and features is imperative to maintaining our competitive position. We continue to invest in both our cloud and on-premises solutions. Additionally, we will be opportunistic in leveraging technology acquisitions. As of December 31, 2020, our research and development team had 403 employees.
Competition
We operate in a highly competitive market characterized by constant change and innovation. Our competitors include large enterprise software vendors that offer identity solutions within their product portfolios, pure play identity vendors (including new market entrants) and vendors with whom we have not traditionally competed but may either introduce new products or incorporated features into existing products that compete with our solutions.
9

We believe the principal competitive factors in our market include:
Comprehensiveness of visibility to which identities have access to what across cloud and on-premises applications and data repositories
Reliability and effectiveness in defining and implementing identity security policies;
Flexibility to deploy identity security and administration as a SaaS solution or as a software-based solution on-premises or in the cloud;
Adherence to government and industry regulations and standards;
Comprehensiveness and interoperability of the solution with other IT and security solutions;
Enterprise security, scalability and performance;
Ability to innovate and respond to customer needs rapidly;
Quality and responsiveness of support organizations;
Total cost of ownership;
Ease of use; and
Customer experience.
Some of our competitors have significantly greater financial, technical, and sales and marketing resources, as well as greater name recognition, in some cases within particular geographic regions, and more extensive geographic presence than we do. However, we believe we compete favorably with our competitors on the basis of all the factors above.
Intellectual Property
Our success depends in part on our ability to protect our intellectual property. We rely on copyrights and trade secret laws, confidentiality procedures, employment proprietary information and inventions assignment agreements, trademarks and patents to protect our intellectual property rights. We also license software from third parties for integration into our product solutions, including open source software and other software available on commercially reasonable terms.
We control access to and use of our product solutions and other confidential information through the use of internal and external controls, including contractual protections with employees, contractors, customers and partners, and our software is protected by U.S. and international copyright and trade secret laws. Despite our efforts to protect our trade secrets and proprietary rights through intellectual property rights, licenses and confidentiality agreements, unauthorized parties may still copy or otherwise obtain and use our software and technology.
We have 36 issued patents and 25 patent applications pending in the United States relating to certain aspects of our technology. Additionally, we have three issued patents and one patent application pending internationally. The expiration dates of our issued patents range from 2024 to 2040. We cannot assure you whether any of our patent applications will result in the issuance of a patent or whether the examination process will require us to narrow our claims. Any of our existing patents and any that may issue may be contested, circumvented, found unenforceable or invalidated, and we may not be able to prevent third parties from infringing them. In addition, we have international operations and intend to continue to expand these operations, and effective patent, copyright, trademark and trade secret protection may not be available or may be limited in foreign countries.
Human Capital Management
We understand that our success as a company is strongly linked to our core values:
Innovation – developing creative solutions to real challenges;
Integrity – delivering on the commitments we make;
Impact – measuring and rewarding results, not activity; and
Individuals – valuing every person at SailPoint.
These values are cornerstones to our corporate culture and the way that we manage our human capital – from team member engagement efforts to providing career development and training opportunities to attracting and retaining top talent.
We think team member engagement is critical to maintaining a positive culture, and our annual team member engagement survey helps us evaluate our efforts in light of our core principles. In our annual global employee engagement survey, our overall team member satisfaction has exceeded 90% for each of the last 4 years. And over the last 10 years, we’ve been consistently recognized as a “best place to work” by various organizations such as Austin Business Journal, Fortune and Glassdoor. Our diversity, inclusion and belonging efforts are critical to creating and maintaining a positive culture in which all
10

team members can succeed and thrive. Those efforts include focused training on recognizing and removing bias from our recruitment process, broadening our talent pool reach by working with diversity-focused talent acquisition vendors, pay equity reviews during our merit and equity planning process and other programs designed to improve indicators related to inclusion and equity in our workforce.
Training and development efforts built around our core values are another key part of our human capital management strategy. Our leaders go through specific training to ensure they are leading their teams with our values at the forefront of the decisions they make. Our annual employee review process allows team members to engage in meaningful discussions with their managers regarding performance and development goals. Additionally, our managers assess the growth potential of each team member through a standardized evaluation process, which provides actionable outputs to help develop and retain our high potential employees. We also regularly hold educational lunch and learns on a wide range of topics including interrupting unconscious bias, wellness, local volunteering opportunities, and tips and tricks to more effectively use our latest technologies. Through these and other training efforts, we believe that we support the growth and development of our crew members in a way that promotes our growth and innovation.
Offering a competitive compensation and benefits package is a critical part of our effort to attract and retain top talent. In addition to competitive base salaries, we offer team members comprehensive health, welfare, income protection and long-term savings benefits, the opportunity to participate in our employee stock purchase plan, and incentive equity compensation and incentive cash plans for eligible team members. Total compensation is designed to align with SailPoint’s business objectives and financial goals, and pay is differentiated for individuals based on relevant experience, impact, relative internal value and company performance. Variable compensation delivers pay aligned with company and individual performance, with more pay at risk at more senior levels. Management regularly discusses compensation and benefits strategies with the compensation committee of our board of directors.
As we work to execute our growth strategy, which is described above, we continue to invest in human capital resources that will sustain and fuel that growth. As of December 31, 2020, we had a total of 1,394 employees, including 403 involved in research and development activities, 537 in our sales and marketing organization and 297 in professional services and customer support. As of December 31, 2020, approximately 31% of our employees were located outside of the United States. Ensuring that we have the right people in the right positions is essential to our strategy for sustained growth.
Government Regulations
A wide variety of domestic and foreign laws and regulations apply to the collection, use, retention, protection, disclosure, transfer, disposal and other processing of personal data. These data protection and privacy-related laws and regulations are evolving and may result in regulatory and public scrutiny and escalating levels of enforcement and sanctions. Our failure to comply with applicable laws and regulations, or to protect any personal or other customer data, could result in enforcement actions against us, including regulatory fines, as well as claims for damages by customers and other affected individuals, damage to our reputation and loss of goodwill (both in relation to existing customers and prospective customers), any of which could adversely affect our business, operating results, financial performance and prospects.
Domestically, California enacted the California Consumer Privacy Act (the “CCPA”) which took effect on January 1, 2020, creating additional new consumer privacy rights, and providing for both civil penalties as well as a private right of action for data breaches. On November 3, 2020, California voters approved Proposition 24, also known as the California Privacy Rights Act (the “CPRA”). The CPRA will go into effect January 2023 and provides for additional consumer privacy rights, increased penalties, and establishes a new dedicated California data protection regulator with rulemaking and audit authorities. Other states are also considering legislation similar to California. The CCPA imposed additional regulatory risks and burdens on our company. Additional resources will be required to respond to these changes in the law and coming regulations, including to implement new internal and customer supporting compliance procedures, and potentially to offer new product features to respond to data protection requirements or related market trends.
Also domestically, the Health Insurance Portability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act (“HITECH”), and their respective implementing regulations (“HIPAA”), imposes specified requirements relating to the privacy, security and transmission of individually identifiable health information. Among other things, HITECH makes HIPAA’s security standards directly applicable to “business associates.” We function as a business associate for certain of our customers that are HIPAA covered entities and service providers and, in that context, we are regulated as a business associate for the purposes of HIPAA. The HIPAA covered entities and service providers to which we provide services require us to enter into HIPAA-compliant business associate agreements with them. These agreements impose stringent data security obligations on us. If we are unable to comply with our obligations, including contractual
11

obligations, as a HIPAA business associate, we could face substantial contractual, civil and even criminal liability. Modifying the already stringent penalty structure that was present under HIPAA prior to HITECH, HITECH created four new tiers of civil monetary penalties and gave state attorneys general new authority to file civil actions for damages or injunctions in federal courts to enforce the federal HIPAA laws and seek attorneys’ fees and costs associated with pursuing federal civil actions. In addition, many state laws govern the privacy and security of health information in certain circumstances, many of which differ from HIPAA and each other in significant ways and may not have the same effect.
In jurisdictions outside of the United States, we may face heightened data protection and privacy requirements. In the EU, for example, the General Data Protection Regulation (the “GDPR”) regulates the collection, use and disclosure of personal data that is subject to the GDPR, including the transfer of personal data to third countries, such as the United States. On July 16, 2020, the Court of Justice of the European Union (“CJEU”) issued a decision invalidating the U.S. Privacy Shield as a mechanism to transfer personal data from Europe to the U.S., and requiring additional safeguards for reliance on standard contractual clauses as a transfer mechanism. We are certified to the U.S. Privacy Shield and also continue to rely on standard contractual clauses. As regulatory guidance on recommendations to comply with the GDPR in light of the CJEU decision evolve, we face uncertainty as to whether our efforts to comply with such transfer restrictions are adequate and, as a result, we and our customers may be at risk of enforcement actions taken by EU data protection authorities until such point in time that we may be able to ensure that all international data transfers comply with applicable law and regulatory guidance. The GDPR also imposes significant penalties for non-compliance and may continue to cause our company to incur increased compliance costs. The GDPR and other international data protection laws are subject to differing interpretations and may cause us to incur substantial compliance costs and/or to make significant changes in our business operations, all of which may adversely affect our revenues and our business overall.
Corporate Information
Our principal executive offices are located at 11120 Four Points Drive, Suite 100, Austin, Texas 78726, and our telephone number at that address is (512) 346-2000. Our website address is www.sailpoint.com. Information contained on, or that can be accessed through, our website does not constitute part of this Annual Report on Form 10-K, and inclusions of our website address in this Annual Report on Form 10-K are inactive textual references only.
The SailPoint design logo and our other registered or common law trademarks, service marks or trade names appearing in this Annual Report on Form 10-K are the property of SailPoint Technologies, Inc., our wholly-owned subsidiary. Other trademarks and trade names referred to in this Annual Report on Form 10-K are the property of their respective owners.
Available Information
Our website is located at https://www.sailpoint.com, and our investor relations website is located at https://investors.sailpoint.com. The information posted on our website is not incorporated into this Annual Report on Form 10-K. Our Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K and amendments to reports filed or furnished pursuant to Sections 13(a) and 15(d) of the Securities Exchange Act of 1934 (the “Exchange Act”) are available free of charge on our investor relations website as soon as reasonably practicable after we electronically file such material with, or furnish it to, the Securities and Exchange Commission (“SEC”). You may also access all of our public filings through the SEC’s website at https://www.sec.gov.
Investors and other interested parties should note that we use our media and investor relations website and our social media channels to publish important information about us, including information that may be deemed material to investors. We encourage investors and other interested parties to review the information we may publish through our media and investor relations website and the social media channels listed on our media and investor relations website, in addition to our SEC filings, press releases, conference calls and webcasts.
12

ITEM 1A. RISK FACTORS
The nature of the business activities conducted by the Company subjects it to certain hazards and risks. The following is a summary of some of the material risks relating to the Company’s business activities. Other risks are described in Part I, Item 1. “Business—Competition”, Item 7. “Management’s Discussion and Analysis of Financial Condition and Results of Operations.—Liquidity and Capital Resources and Part II, Item 7A. “Quantitative and Qualitative Disclosures About Market Risk.” These risks are not the only risks facing the Company. The Company’s business could also be affected by additional risks and uncertainties not currently known to the Company or that it currently deems to be immaterial. If any of these risks actually occurs, it could materially harm the Company’s business, financial condition or results of operations and impair the Company’s ability to implement business plans. In that case, the market price of the Company’s common stock could decline.
Risks Related to Our Financial Performance and Results
Since our inception, except for the year ended December 31, 2018, we have incurred net losses and we may not be able to generate sufficient revenue to achieve and sustain profitability.
Since our inception, except for the year ended December 31, 2018, we have incurred net losses, including a net loss of $10.8 million for the year ended December 31, 2020. We cannot assure you that we will achieve profitability in the future or that we would be able to sustain profitability. We expect our operating expenses to increase significantly as we continue to expand our sales and marketing efforts, continue to invest in research and development, particularly for our cloud-based solutions, and expand our operations in existing and new geographies and vertical markets. Further, we expect our revenue growth rate to be materially adversely impacted by our continued shift to subscription-based arrangements. As a result, we do not know when we will achieve profitability, and it is possible that we continue to sustain net losses for a period.
We have experienced rapid growth in recent periods, and our recent growth rates may not be indicative of our future growth.
We have experienced rapid growth in recent years. Our revenue grew from $248.9 million to $365.3 million from the year ended December 31, 2018 to the year ended December 31, 2020. In future periods, we may not be able to sustain revenue growth consistent with recent history, or at all. We believe our revenue growth depends on a number of factors, including (i) our ability to attract new customers and retain and increase sales to existing customers; (ii) our ability to, and the ability of our channel partners to, successfully deploy and implement our solutions, increase our existing customers’ use of our solutions and provide our customers with excellent customer support; (iii) our ability to develop our existing solutions and introduce new solutions; (iv) our ability to hire substantial numbers of new sales and marketing, research and development and general and administrative personnel, and expand our global operations; and (v) our ability to increase the number of our technology partners.
If we are unable to achieve any of these requirements, our revenue growth will be adversely affected. In addition, as discussed below, our revenue growth may be materially and adversely affected during any period of significant shifts to subscription-based arrangements.
Our future revenues and operating results will be harmed if we are unable to acquire new customers, if our customers do not renew their arrangements with us, or if we are unable to expand sales to our existing customers or develop new solutions that achieve market acceptance.
To continue to grow our business, it is important that we continue to acquire new customers to purchase and use our solutions. Our success in adding new customers depends on numerous factors, including our ability to (i) offer a compelling identity security platform and solutions, (ii) execute an effective sales and marketing strategy, (iii) attract, effectively train and retain new sales, marketing, professional services and support personnel in the markets we pursue, (iv) develop or expand relationships with channel partners, including systems integrators, resellers and technology partners, (v) expand into new geographies and vertical markets, (vi) deploy our platform and solutions for new customers and (vii) provide quality customer support once deployed. As a result of the COVID-19 pandemic, we shifted all customer events to virtual-only experiences for the time being. Although the level of attendance at our virtual-only events has been generally consistent with or greater than our in-person events, it is possible that the level of prospective customer engagement, and thus conversion into sales, is lower at such events.
It is important to our continued growth that our customers renew their arrangements when existing contract terms expire. Our customers have no obligation to renew their maintenance and support, SaaS, and/or term-license agreements, and our customers may decide not to renew these agreements with a similar contract period, at the same prices and terms or with the same or a greater number of identities. Our customer retention and expansion is difficult to accurately predict and may decline
13

or fluctuate as a result of a number of factors. Our ability to increase revenue also depends in part on our ability to increase the number of identities governed with our solutions and sell more modules and solutions to our existing and new customers. If we are unable to successfully acquire new customers, retain our existing customers, expand sales to existing customers or introduce new solutions, our business, financial condition and operating results could be adversely affected. The adverse effect on our financial results may be particularly acute because of the significant research, development, marketing, sales and other expenses we will have incurred in connection with the new solutions.
Our sales cycle is long and unpredictable, and our sales efforts require considerable time and expense.
The length and unpredictability of the sales cycle for our offerings makes it difficult to identify a regular cadence to our sales and the related revenue recognition. We and our channel partners are often required to spend significant time and resources to better educate and familiarize potential customers with the value proposition of our platform and solutions. Customers often view the purchase of our solutions as a strategic decision and significant investment and, as a result, frequently require considerable time to evaluate, test and qualify our platform and solutions prior to purchasing our solutions. During the sales cycle, we expend significant time and money on sales and marketing and contract negotiation activities, which ultimately may not result in a sale. Additional factors that may influence the length and variability of our sales cycle include: (i) the discretionary nature of purchasing and budget cycles and decisions; (ii) lengthy purchasing approval processes; (iii) the evaluation of competing products during the purchasing process; (iv) time, complexity and expense involved in replacing existing solutions; (v) announcements or planned introductions of new products features or functionality by our competitors or of new solutions or modules by us; (vi) the practice of large enterprises often driving their purchasing cycles based on internal factors rather than marketing cycles; and (viii) evolving functionality demands. If our efforts in pursuing sales and customers are unsuccessful, or if our sales cycles lengthen, our revenue could be lower than expected, which would have an adverse effect on our business, operating results and financial condition.
We recognize some of our revenue ratably over the term of our agreements with customers and, as a result, downturns or upturns in sales may not be immediately reflected in our operating results.
We recognize revenue from our subscription offerings ratably over the terms of our agreements with customers. As a result, a portion of the revenue that we report in each period will be derived from the recognition of deferred revenue relating to agreements entered into during previous periods. Consequently, a decline in new subscription sales or renewals in any one period may not be immediately reflected in our revenue results for that period. This decline, however, will negatively affect our revenue in future periods. Accordingly, the effect of significant downturns in sales and market acceptance of our products and potential changes in our rate of renewals may not be fully reflected in our operating results until future periods.
We expect to continue to invest in research and development, sales and marketing, and general and administrative functions and other areas to grow our subscription-related business. These subscription-related costs are generally expensed as incurred (with the exception of sales commissions), as compared to the corresponding revenue, substantially all of which is recognized ratably in future periods. We are likely to recognize the costs associated with these investments earlier than some of the anticipated benefits and the return on these investments may develop more slowly, or may be lower, than we expect, which could adversely affect our operating results.
Our quarterly results fluctuate significantly and may not fully reflect the underlying performance of our business.
Our quarterly revenue and operating results tend to fluctuate from period-to-period, and we believe that our quarterly results may vary significantly in the future. These results may fluctuate as a result of a variety of factors, including the mix of revenue and associated costs attributable to licenses, subscription and professional services, the mix of revenue attributable to larger transactions as opposed to smaller transactions, and others discussed throughout this “Risk Factors” section, many of which are outside of our control. Consequently, you should not rely on the results of any one quarter as an indication of future performance. Period-to-period comparisons of our revenue and operating results may not be meaningful and, as a result, may not fully reflect the underlying performance of our business.
Risks Related to Our Technology, Products and Security
Real or perceived errors, failures, or disruptions, including those caused by cyber-attacks, in our platform and solutions could adversely affect our customers’ satisfaction with our solutions and harm our business and industry reputation.
Our platform and solutions are very complex and have contained and may contain undetected defects, vulnerabilities or errors, especially when solutions are first introduced or enhanced. Our platform and solutions are often used in connection
14

with large-scale computing environments with different operating systems, system management software, equipment and networking configurations, which may cause errors or failures of products, or other aspects of the computing environment into which our products are deployed. If our platform and solutions are not implemented or used correctly or as intended, inadequate performance and disruption in service may result. In addition, deployment of our platform and solutions into complicated, large-scale computing environments may expose errors, failures or vulnerabilities in our products. Any such errors, failures, or vulnerabilities may not be found until after they are deployed to our customers. Some of our software and features are powered by ML and AI, which depend on datasets and algorithms that could be flawed, including through inaccurate, insufficient, outdated or biased data. From time to time, we have experienced errors, failures and bugs in our platform that have resulted in customer downtime, and we cannot assure you that we will be able to mitigate future errors, failures, vulnerabilities or bugs in a quick or cost-effective manner.
We and our third-party service providers have in the past experienced, and may in the future experience, performance issues due to a variety of factors, including infrastructure changes, human or software errors, website or third-party hosting disruptions or capacity constraints due to a number of potential causes including technical failures, cyber-attacks, security incidents, natural disasters or fraud. We have also been the target of distributed denial-of-service attacks and other cybersecurity attacks that attempt to disrupt our services. If our or our third-party service providers’ products or solutions or corporate security are compromised, our website, professional services, customer support or SaaS solutions are unavailable, or there are flaws in our ML and AI processes, our business could be negatively affected. Moreover, if our security measures, products, services or third-party service providers are subject to cyber-attacks that degrade or deny the ability of users to access our website or other products or services, our products or services may be perceived as insecure, and we may incur significant legal and financial exposure. In particular, our cloud-based products may be especially vulnerable to interruptions, performance problems or cyber-attacks. Furthermore, our solutions may not help detect situations in which a valid user identity has been compromised, for example as part of a highly sophisticated cyberattack of the type described below. If we, our third party service providers or our partners or one or more customers were to suffer a highly publicized breach, even if our platform and solutions perform effectively, such a breach could cause our customers or potential customers to lose trust in our identity governance platform in general, which could cause us to suffer reputational harm, lose existing commercial relationships and customers or deter them from purchasing additional solutions and prevent new customers from purchasing our solutions. For example, in December 2020, it was widely reported that hackers installed malware into business software updates provided by SolarWinds Corporation. The attack was widespread, affecting public and private organizations around the world, including several U.S. government agencies. Highly publicized cybersecurity events such as this have heightened consumer, legislative and regulatory awareness of these kinds of cybersecurity risks, while further emboldening individuals or groups to target IT systems more aggressively, highlighting the vulnerability of IT supply chains.
We continue to invest in the personnel, infrastructure and third-party best practice software solutions and services necessary to mitigate these risks. However, if we are unable to attract and retain personnel with the necessary cybersecurity expertise, or fail to implement sufficient safeguarding measures, we may not be able to prevent, detect, and mitigate potentially disruptive events which could occur in the future. In some instances, we may not be able to identify the cause or causes of these events within an acceptable period of time. Even with these investments, we may not be able to stop a complex and sophisticated cyberattack of the type that occurred in the SolarWinds breach. Based on reporting, the U.S. government and many private-sector experts have stated the belief that a foreign nation-state conducted the intrusive operation against SolarWinds as part of a widespread attack against America’s cyber infrastructure. SolarWinds has reported that the attackers first gained access to its systems in September 2019 but the breach was not identified until December 2020. In addition, the continuing investigation of the breach may take several more weeks, possibly months, as a result of the sophistication of the attacks. If we are or become a target of such an attack, we may not be able to prevent, detect and mitigate such an attack, which could cause disruptions in service or other performance problems, hurt our reputation and our ability to attract new customers and retain existing customers, and damage our customers’ businesses.
Since our customers use our platform and solutions for important aspects of their security environment and operational business, any real or perceived errors, failures or vulnerabilities in our products, or disruptions in service or other performance problems, could hurt our reputation and may damage our customers’ businesses. Furthermore, defects, errors, vulnerabilities or failures in our platform or solutions may require us to implement design changes or software updates. Any defects, vulnerabilities or errors in our platform or solutions, or the perception of such defects, vulnerabilities or errors, could result in: (i) expenditure of significant financial and product development resources in efforts to analyze, correct, eliminate or work around errors or defects; (ii) loss of existing or potential customers or channel partners; (iii) delayed or lost revenue; (iv) delay or failure to attain market acceptance; (v) delay in the development or release of new solutions or services; (vi) negative publicity, which will harm our reputation; (vii) an increase in collection cycles for accounts receivable or the expense and risk of litigation; and (viii) harm to our operating results.
15

The contractual protections we have in our standard terms and conditions of sale, such as warranty disclaimers and limitation of liability provisions, may not fully or effectively protect us from claims by customers, commercial relationships or other third parties. Any insurance coverage we may have may not adequately cover all claims asserted against us or cover only a portion of such claims. In addition, even claims that ultimately are unsuccessful could result in our expenditure of funds in litigation and the diverting of management’s time and other resources.
Interruptions with the delivery of our SaaS solutions, or third-party cloud-based systems that we use in our operations, may adversely affect our business, operating results and financial condition.
Our continued growth depends in part on the ability of our existing customers and new customers to access our platform and solutions at any time and within an acceptable amount of time. In addition, our ability to access certain third-party SaaS solutions is important to our operations and the delivery of our customer support and professional services. We have experienced, and may in the future experience, service disruptions, outages and other performance problems both in the delivery of our SaaS solutions and in third-party SaaS solutions we use due to a variety of factors, including infrastructure changes, malicious actors, human or software errors or capacity constraints. In some instances, we may not be able to identify the cause or causes of these performance problems within an acceptable period of time. If our SaaS solutions or the third-party SaaS solutions we depend on are unavailable or if our customers are unable to access features of our SaaS solutions within a reasonable amount of time or at all, our business would be negatively affected.
We host our SaaS and other subscription services solutions primarily using AWS data centers. Our related operations depend on protecting the virtual cloud infrastructure hosted in AWS by maintaining its configuration, architecture, features and interconnection specifications, as well as the information stored in these virtual data centers and which third-party internet service providers transmit. Although we have disaster recovery plans that utilize multiple AWS locations, any incident affecting their infrastructure that may be caused by fire, flood, severe storm, earthquake or other natural disasters, cyber-attacks, terrorist or other attacks, public health issues or other similar events beyond our control could negatively affect our SaaS platform. A prolonged AWS service disruption affecting our SaaS platform for any of the foregoing or other reasons would negatively impact our ability to serve our customers and could damage our reputation with current and potential customers, expose us to liability, cause us to lose customers or otherwise harm our business. We may also incur significant costs for using alternative equipment or taking other actions in preparation for, or in reaction to, events that damage the AWS services we use, which would also likely require significant investments of time. In addition, AWS may terminate the agreement by providing 30 days’ prior written notice and may, in some cases, terminate the agreement immediately for cause upon notice. In the event that our AWS service agreements are terminated, or there is a lapse of service, elimination of AWS services or features that we utilize, interruption of internet service provider connectivity or damage to such facilities, we could experience interruptions in access to our platform as well as significant delays and additional expense in arranging or creating new facilities and services and/or re-architecting our SaaS solutions for deployment on a different cloud infrastructure service provider, which may adversely affect our business, operating results and financial condition.
Breaches in our security, cyber-attacks or other cyber-risks could expose us to significant liabilities and cause our business and reputation to suffer.
Our operations involve transmission and processing of our customers' and their employees’ confidential, proprietary and sensitive information including, in some cases, personally identifiable information. We have legal and contractual obligations to protect the confidentiality and appropriate use of customer data. Despite our security measures, our and our third-party service providers' information technology and infrastructure may be vulnerable to security risks, including unauthorized access to use or disclosure of customer data, theft of proprietary information, employee error or misconduct, denial of service attacks, loss or corruption of customer data, and computer hacking attacks or other cyber-attacks subsequently originated from our infrastructure. Such events could expose us to substantial litigation expenses and damages, indemnity and other contractual obligations, government fines and penalties, mitigation expenses and other liabilities. Because techniques used to obtain unauthorized access or to sabotage systems change frequently and generally are not recognized until successfully launched against a target, we and our third-party service providers may be unable to anticipate these techniques or to reasonably implement adequate preventative measures. For example, we may not be able to stop a complex and sophisticated cyberattack of the type described in the risk factor above. If an actual or perceived breach of our or our third-party service providers' security occurs, the market perception of the effectiveness of our security measures could be harmed, our brand and reputation could be impacted, we could lose potential sales and existing customers, our ability to operate our business could be impaired, and we may incur significant liabilities. Moreover, failure to maintain effective internal accounting controls related to data security breaches and cybersecurity in general could impact our ability to produce timely and accurate financial statements and could subject us to regulatory scrutiny.
16

If we fail to adapt and respond effectively to rapidly changing technology, evolving industry standards, changing regulations and changing customer needs, requirements or preferences, our platform and solutions may become less competitive.
The market in which we compete is relatively new and subject to rapid technological change, evolving industry standards and changing regulations, as well as changing customer needs, requirements and preferences. The success of our business will depend, in part, on our ability to adapt and respond effectively to these changes on a timely basis. In addition, as our customers’ technologies and business plans grow more complex, we expect them to face new and increasing challenges. Our customers require that our solution effectively identifies and responds to these challenges without disrupting the performance of our customers’ IT systems. As a result, we must continually modify and improve our products and introduce or acquire new products in response to changes in our customers’ IT infrastructures. We may be unable to anticipate future market needs and opportunities or be unable to develop enhancements to our platform or existing solutions or new solutions to meet such needs or opportunities in a timely manner, if at all. Even if we are able to anticipate, develop and commercially introduce enhancements to our platform and existing solutions and new solutions, those enhancements and new solutions may not achieve widespread market acceptance. Our enhancements or new solutions could fail to attain sufficient market acceptance for many reasons.
Any actual or perceived failure by us to comply with our privacy commitments or legal or regulatory data protection requirements in one or multiple jurisdictions could result in proceedings, actions or penalties against us, as well as a loss of goodwill.
Our customers’ storage and use of data concerning, among others, their employees, contractors, customers and partners is essential to their use of our platform and solutions. We have implemented various features intended to enable our customers to better secure their information and comply with applicable privacy and security requirements in their collection and use of data, but these features do not ensure their compliance and may not be effective against all potential privacy and data security concerns.
A wide variety of domestic and foreign laws and regulations apply to the collection, use, retention, protection, disclosure, transfer, disposal and other processing of personal data. These data protection and privacy-related laws and regulations are evolving and may result in regulatory and public scrutiny and escalating levels of enforcement and sanctions. See Part I, Item 1. “Business—Government Regulations” for more information. Our failure to comply with applicable laws and regulations, or to protect any personal or other customer data, could result in enforcement actions against us, including regulatory fines, as well as claims for damages by customers and other affected individuals, damage to our reputation and loss of goodwill (both in relation to existing customers and prospective customers), any of which could adversely affect our business, operating results, financial performance and prospects. In particular, we function as a HIPAA "business associate" for certain of our customers and, as such, are subject to strict privacy and data security requirements.
In addition, we are subject to certain contractual obligations and have made privacy commitments, including in privacy policies, regarding our collection, use, storage, transfer, disclosure, disposal or processing of personal data. As a company that supports customer privacy and security objectives, even the perception of a failure by us to comply with our privacy commitments, whether or not valid, may harm our reputation, inhibit adoption of our solutions by current and future customers or adversely impact our ability to attract and retain workforce talent. Additionally, a failure or perceived failure to comply with privacy commitments could lead to regulator or civil claims if our commitments are found to be deceptive or otherwise misrepresentative of our actual policies and practices.
Loss, retention or misuse of certain information and alleged violations of laws and regulations relating to privacy and data security, and any relevant claims, may expose us to potential liability and may require us to expend significant resources on data security and in responding to and defending such allegations and claims. In addition, future laws, regulations, standards and other obligations, and changes in the interpretation of existing laws, regulations, standards and other obligations could impair our customers’ ability to collect, use or disclose data relating to individuals, which could decrease demand for our platform and solutions, increase our costs and impair our ability to maintain and grow our customer base and increase our revenue. This includes evolutions in definitions of what constitutes “Personal Information” and “Personal Data” subject to privacy laws, especially relating to classification of IP addresses, machine or device identification numbers, location data and other information. Changes in the law may limit or inhibit our ability to offer certain products or features, limit the growth of features and/or development of new products and services supported by AI or machine learning, or limit our ability to operate or expand our business and develop technology alliance relationships that may involve the sharing of data.
Around the world, there are numerous lawsuits in process against various technology companies that process personal data. If those lawsuits are successful, it could increase the likelihood that our company may be exposed to liability for our own
17

policies and practices concerning the processing of personal data and could hurt our business. Furthermore, the costs of compliance with, and other burdens imposed by laws, regulations and policies concerning privacy and data security that are applicable to the businesses of our customers may limit the use and adoption of our platform or solutions and reduce overall demand for them. Privacy concerns, whether or not valid, may inhibit market adoption of our platform. Additionally, concerns about security or privacy may result in the adoption of new legislation that restricts the implementation of technologies like ours or requires us to make modifications to our platform, which could significantly limit the adoption and deployment of our technologies or result in significant expense to modify our platform.
If we are not able to maintain and enhance our brand or reputation as an industry leader and innovator, our business and operating results may be adversely affected.
We believe that maintaining and enhancing our reputation as a leader and innovator in the market for identity and data governance solutions is critical to our relationship with our existing customers and our ability to attract new customers. The successful promotion of our brand attributes will depend on a number of factors, including our marketing efforts, our ability to continue to develop high-quality features and solutions for our platform and our ability to successfully differentiate our platform and solutions from competitive products and services. Our brand promotion activities may not be successful or yield increased revenue. In addition, independent industry analysts often provide reports of our platform and solutions, as well as products and services of our competitors, and perception of our platform and solutions in the marketplace may be significantly influenced by these reports. If these reports are negative, or less positive as compared to those of our competitors’ products and services, our reputation may be adversely affected. If we do not successfully maintain and enhance our brand and reputation, our business and operating results may be adversely affected.
If our platform and solutions do not effectively interoperate with our customers’ existing or future IT infrastructures, installations could be delayed or cancelled, which would harm our business.
Our success depends on the interoperability of our platform and solutions with third-party operating systems, applications, data and devices that we have not developed and do not control. Any changes in such operating systems, applications, data or devices that degrade the functionality of our platform or solutions or give preferential treatment to competitive software could adversely affect the adoption and usage of our platform. We may not be successful in adapting our platform or solutions to operate effectively with these applications, data or devices. If it is difficult for our customers to access and use our platform or solutions, or if our platform or solutions cannot connect to a broadening range of applications, data and devices, then our customer growth and retention may be harmed, and our business and operating results could be adversely affected.
If our products fail to help our customers achieve and maintain compliance with certain government regulations and industry standards, our business and operating results could be materially and adversely affected.
We believe we generate a portion of our revenues from our products and services because our customers use our products and services as part of their efforts to achieve and maintain compliance with certain government regulations and industry standards, and we expect that will continue for the foreseeable future. Examples of industry standards and government regulations include the Payment Card Industry Data Security Standard; the Federal Information Security Management Act and associated National Institute for Standards and Testing Network Security Standards; the Sarbanes-Oxley Act of 2002; Title 21 of the U.S. Code of Federal Regulations, which governs food and drugs industries; the North American Electric Reliability Corporation Critical Infrastructure Protection Plan; the GDPR; the German Federal Financial Supervisory Authority Minimum Requirements for Risk Management; and the Monetary Authority of Singapore’s Technology Risk Management Notices. These industry standards may change with little or no notice, including changes that could make them more or less onerous for businesses. In addition, governments may also adopt new laws or regulations, or make changes to existing laws or regulations, that could affect whether our customers believe our solution assists them in maintaining compliance with such laws or regulations. If our solutions fail to expedite our customers’ compliance initiatives, our customers may lose confidence in our products and could switch to products offered by our competitors. In addition, if government regulations and industry standards related to IT security are changed in a manner that makes them less onerous, our customers may view compliance as less
18

critical to their businesses, and our customers may be less willing to purchase our products and services. In either case, our sales and financial results would suffer.
Risks Related to Our Strategy and Competition
A shift in our business from selling licenses to selling subscriptions could materially and adversely affect our financial condition, operating results and liquidity, and our business, financial condition, operating results and prospects could be materially and adversely affected if we fail to successfully manage this shift.
We believe enterprises are increasingly embracing the cloud to house their critical security infrastructure. As a result, a growing number of enterprises are changing their approach to identity security and now prefer SaaS in place of purchasing software via a license and independently operating their identity infrastructure. Our current product strategy reflects our belief in this industry shift. As we make this transition and sell subscription-based arrangements, our license revenue will likely be negatively impacted.
In a subscription-based arrangement with a customer, we typically:
recognize revenue (i) ratably over the term of the applicable agreement if the software is delivered as a service, whereas we typically recognize revenue from perpetual licenses upfront upon delivering the applicable license, or (ii) upfront if the software is purchased as a term license, but for an amount less than we would charge for a perpetual license given the finite term of the term license; meaning in each case that for a given customer, we will initially recognize less revenue if our software is delivered via a subscription-based arrangement rather than as a perpetual license; and
invoice the customer for subscription fees annually, and at an amount less than we would charge initially for a perpetual license, meaning that for a given customer, initially our billings and our cash flows will decrease.
As a result, during any period of significant shifts to subscription-based arrangements, our revenue and cash flows, financial condition, operating results and liquidity may be materially and adversely affected. Additionally, if a greater percentage of our customers purchase our solutions through subscription-based arrangements than we expect in any period, our revenue and earnings will likely fall below expectations for that period and our cash flows may be lower than expected. Furthermore, our business, financial condition, operating results and prospects could be materially and adversely affected if we fail to successfully manage this industry shift, which depends upon our ability to, among other things, properly price our subscription-based arrangements, deliver SaaS, retain our customers, and further develop or acquire related technologies and infrastructure. If the industry shift occurs differently than we anticipate, our business, financial condition, operating results and prospects could be materially and adversely affected.
We face intense competition in our market, both from larger, well established companies and from emerging companies, and we may lack sufficient financial and other resources to maintain and improve our competitive position.
The market for identity and data governance solutions is intensely competitive and is characterized by constant change and innovation. We face competition from large, well-known enterprise software vendors that offer identity solutions within their product portfolios, pure play identity vendors (including new market entrants) and vendors with whom we have not traditionally competed but who may either introduce new products or incorporate features into existing products that compete with our solutions.
Many of our competitors are larger, have greater resources and existing customer relationships, and may be able to compete and respond more effectively than we can to new or changing opportunities, technologies, standards or customer requirements. Our competitors may also seek to extend or supplement their existing offerings to provide identity and data governance solutions that more closely compete with our offerings. Potential customers may also prefer to purchase, or incrementally add solutions, from their existing suppliers rather than a new or additional supplier regardless of product performance or features.
In addition, merger and acquisition transactions in the technology industry continue to occur, particularly transactions involving cloud-based technologies. Accordingly, there is a greater likelihood that we will compete with other large technology companies in the future. Continued industry consolidation may adversely impact customers’ perceptions of the viability of small and medium-sized technology companies and consequently their willingness to purchase from those companies.
19

New start-up companies that innovate and competitors that are making significant investments in research and development may invent similar or superior products and technologies that compete with our products, and our business could be materially and adversely affected if such technologies or products are widely adopted. These competitive pressures in our market or our failure to compete effectively may result in price reductions, fewer orders, reduced revenue and gross margins, increased net losses, and loss of market share. Any failure to meet and address these factors could adversely affect our business, financial condition and operating results.
If we are unable to maintain successful relationships with our channel partners, our ability to market, sell and distribute our solutions will be limited and our business, financial condition and operating results could be adversely affected.
We derive a significant portion of our revenue from sales influenced or made through our channel partner network and expect these sales to continue to grow for the foreseeable future. Our channel partners provide implementation and other services to our customers in exchange for fees paid by those customers. We may not achieve anticipated revenue growth from our channel partners if we are unable to retain our existing channel partners and expand their sales or add additional motivated channel partners. Our arrangements with our channel partners are generally non-exclusive, meaning they may offer customers the products of several different companies, including products that compete with our platform and solutions. If our channel partners do not effectively market and sell our solutions, choose to use greater efforts to market and sell our competitors’ products or services, fail to meet the needs of our customers, or cease marketing our products or providing services to us, our ability to grow our business and sell our solutions may be adversely affected. If we are unable to maintain our relationships with these channel partners, our business, financial condition and operating results could be adversely affected. We also collaborate with adjacent technology vendors to offer comprehensive solutions to our customers. If we do not effectively collaborate with them, or if they elect to terminate their relationship with us or develop and market solutions that compete with our solutions, our growth may be adversely affected.
We anticipate that our operations will continue to increase in complexity as we grow, which will add additional challenges to the management of our business in the future.
Our business has experienced significant growth and is becoming increasingly complex. We increased the number of our employees from 1,003 at December 31, 2018 to 1,394 at December 31, 2020. We have also experienced growth in the number of customers of our solutions from 1,173 at December 31, 2018 to 1,753 at December 31, 2020. We expect this growth to continue and for our operations to become increasingly complex. To effectively manage this growth, we have made and plan to continue to make substantial investments to improve our operational, financial and management controls as well as our reporting systems and procedures. Our success will depend in part on our ability to manage this complexity effectively without undermining our corporate culture, which we believe has been central to our success. If we are unable to manage this complexity, our business, operations, operating results and financial condition may suffer.
As our customer base continues to grow, we likely will need to expand our professional services and other personnel, and maintain and enhance our existing partner network, to provide a high level of customer service. We also will need to effectively manage our direct and indirect sales processes as the number and type of our sales personnel and partner network continues to grow and become more complex and as we continue to expand into new geographies and vertical markets. This complexity is further driven by the various ways in which we sell our solutions, including on a per identity and per module basis through perpetual and term licenses, SaaS and other subscription services. If we do not effectively manage the increasing complexity of our business and operations, the quality of our solutions and customer service could suffer, and we may not be able to adequately address competitive challenges. These factors could impair our ability, and our channel partners’ ability, to attract new customers, retain existing customers, expand our customers’ use of existing solutions and adoption of more of our solutions and continue to provide high levels of customer service, all of which would adversely affect our reputation, overall business, operations, operating results and financial condition.
We may acquire or invest in companies, which may divert our management’s attention and result in additional dilution to our stockholders. We may be unable to integrate acquired businesses and technologies successfully or achieve the expected benefits of such acquisitions, and acquisitions, particularly of development stage companies, may adversely affect our operating results and liquidity as well as our ability to meet expectations.
Our success will depend, in part, on our ability to expand our solutions and services and grow our business in response to changing technologies, customer demands and competitive pressures. In some circumstances, we may choose to do so through the acquisition of, or investment in, new or complementary businesses and technologies rather than through internal development. As a function of the industry in which we operate, we may acquire development stage companies that are not yet
20

profitable, and that require continued investment, which could adversely affect our results of operations and liquidity as well as our ability to meet expectations, particularly if they were formulated prior to such acquisitions. Development stage companies generally involve a higher degree of risk and have not been proven, require additional capital to develop, and typically do not generate enough revenue to offset increased expenses associated therewith.
The identification of suitable acquisition or investment candidates can be difficult, time-consuming and costly, and we may not be able to successfully complete identified acquisitions or investments. The risks we face in connection with acquisitions and/or investments include difficulties integrating the new businesses, technologies, or personnel, distractions to management, adverse tax consequences, claims and disputes by stockholders, and the assumption of debt or other liabilities, among other things. The occurrence of any of these or other risks could prevent us from realizing the anticipated benefits of an acquisition and could adversely affect our business, operating results and financial condition.
Because our long-term success depends, in part, on our ability to expand the sales and marketing of our platform and solutions to customers located outside of the United States, and we perform a significant portion of our development outside of the United States, our business will be susceptible to risks associated with international operations.
At December 31, 2020, we had customers in 57 countries and personnel in 18 countries, and we intend to continue expanding our international sales and marketing operations. Conducting international operations subjects us to risks that we do not generally face in the United States. These risks include: (i) heightened risks of unethical, unfair or corrupt business practices, actual or claimed, in certain geographies and of improper or fraudulent sales arrangements; (ii) political instability, war, armed conflict or terrorist activities; (iii) public health issues, including outbreaks of contagious diseases or illnesses; (iv) currency fluctuations; (v) laws imposing heightened restrictions on data usage and increased penalties for failure to comply with applicable laws, particularly in the European Union (“EU”); (vi) risks associated with trade restrictions and foreign import requirements; (vii) potentially different pricing environments, longer sales cycles and longer accounts receivable payment cycles and collections issues; (viii) management communication and integration problems resulting from cultural differences and geographic dispersion; (ix) increased turnover of international personnel as compared to our domestic operations; (x) potentially adverse tax consequences, including multiple and possibly overlapping tax structures, the complexities of foreign value added tax systems, restrictions on the repatriation of earnings and changes in tax rates; (xi) changes in global trade policies, such as the United Kingdom’s exit from the EU, trade disputes and increased tariffs between the United States and China, or other political, cultural or economic developments; (xii) greater difficulty in enforcing contracts, accounts receivable collection and longer collection periods; (xiii) the uncertainty and limitation of protection for intellectual property rights in some countries; and (xiv) increased financial accounting and reporting burdens and complexities. Additionally, operating in international markets requires significant management attention and financial resources.
Legal, Regulatory and Governance Risks
If we fail to meet contractual commitments related to response time, service level commitments or quality of professional services, we could be obligated to provide credits for future service, or face contract termination, which could adversely affect our business, operating results and financial condition.
Depending on the products purchased, our customer agreements contain service level agreements, under which we guarantee specified availability of our platform and solutions. If we are unable to meet the stated service level commitments to our customers or suffer extended periods of unavailability of our SaaS solutions or other subscription services, we may be contractually obligated to provide affected customers with service credits or customers could elect to terminate and receive refunds for prepaid amounts. In addition, if the quality of our professional services does not meet contractual requirements, we may be required to re-perform the services at our expense or refund amounts paid for the services. Any failure to meet these contractual commitments could adversely affect our revenue, operating results and financial condition and any failure to meet service level commitments or extended service outages of our SaaS solutions or other subscription services could adversely affect our business and reputation as customers may elect not to renew and we could lose future sales.
We use third-party licensed software in or with our solutions, and the inability to maintain these licenses or issues with the software we license could result in increased costs or reduced service levels, which would adversely affect our business.
Our solutions include software or other intellectual property licensed from third parties, and we otherwise use software and other intellectual property licensed from third parties in our business. We anticipate that we will continue to rely on such third-party software and intellectual property in the future. This exposes us to risks over which we may have little or no control. The third-party software we currently license may not always be available, and we may not have access to alternative third-
21

party software on commercially reasonable terms. In addition, a third party may assert that we or our customers are in breach of the terms of a license, which could, among other things, give such third party the right to terminate a license or seek damages from us, or both. Our inability to obtain or maintain certain licenses or other rights or to obtain or maintain such licenses or rights on favorable terms, or the need to engage in litigation regarding these matters, could result in delays in releases of new solutions, and could otherwise disrupt our business, until equivalent technology can be identified, licensed or developed, if at all. Also, to the extent that our platform and solutions depend upon the successful operation of third-party software in conjunction with our software, any undetected errors, vulnerabilities, compromises or defects in such third-party software could prevent the deployment or impair the functionality of our platform, delay new feature introductions, result in a failure of our platform and injure our reputation.
If we fail to adequately protect our proprietary rights, our competitive position could be impaired, and we may lose valuable assets, generate reduced revenue and incur costly litigation to protect our rights.
We rely on copyrights, trade secret laws, confidentiality procedures, employment proprietary information and inventions assignment agreements, trademarks and patents to protect our intellectual property rights. To protect our trade secrets and proprietary information, we rely in significant part on confidentiality arrangements with our employees, licensees, independent contractors, advisers, channel partners, resellers and customers. These arrangements and other steps we take may not be effective to prevent disclosure of confidential information, including trade secrets, and may not provide an adequate remedy in the event of unauthorized disclosure of confidential information.
We may be required to spend significant resources to obtain, monitor and enforce our intellectual property rights. Litigation brought to enforce our intellectual property could be costly, time-consuming and distracting to management and could be met with defenses, counterclaims and countersuits attacking the validity and enforceability of our intellectual property, which may result in the impairment or loss of portions of our intellectual property. The laws of some foreign countries do not protect our intellectual property to the same extent as the laws of the United States, and effective intellectual property protection and mechanisms may not be available in those jurisdictions. We may need to expend additional resources to defend our intellectual property in these countries, and our inability to do so could impair our business or adversely affect our international expansion.
We may be subject to intellectual property rights claims by third parties or contractual counterparties, which may be costly to defend, could require us to pay significant damages and could limit our ability to use certain technologies.
Companies in the software and technology industries, including some of our current and potential competitors, own large numbers of patents, copyrights, trademarks and trade secrets and frequently enter into litigation based on allegations of infringement, misappropriation or other violations of intellectual property rights. We have in the past and may in the future be subject to notices that claim we have infringed, misappropriated or misused the intellectual property of our competitors or other third parties, many of which have significantly larger and more mature patent holdings than we do or are patent holding companies whose sole business is to assert such claims. To the extent we increase our visibility in the market, we face a higher risk of being the subject of intellectual property claims. Additionally, we could in the future be subject to claims that we, our employees or our contractors have inadvertently or otherwise used or disclosed trade secrets or other proprietary information of our competitors or other parties.
Our agreements with customers and other third parties may include indemnification provisions under which we agree to indemnify them or otherwise be liable for losses suffered or incurred as a result of claims of intellectual property infringement or misappropriation, damages caused by us to property or persons, or other liabilities relating to or arising from our platform, solutions, services or other contractual obligations. Some of these indemnity agreements provide for significant or uncapped liability for which we would be responsible, and some indemnity provisions survive termination or expiration of the applicable agreement. Any dispute with a customer with respect to such obligations could have adverse effects on our relationship with that customer and other existing customers and new customers and adversely affect our business and operating results.
Any intellectual property, indemnification or wrongful use or disclosure claims, with or without merit, could be time-consuming and expensive, could require litigation and could divert our management’s attention and other resources. These claims could also subject us to significant liability for damages, potentially including treble damages if we are found to have willfully infringed patents or copyrights. These claims could also result in our having to stop using technology found to be in violation of a third party’s rights. We might be required to seek a license for the intellectual property, which may not be available on reasonable terms or at all. Even if a license is available, we could be required to pay significant royalties, which would increase our operating expenses. As a result, we may be required to develop alternative non-infringing technology, which could require significant effort and expense. If we cannot license or develop technology for any aspect of our business that may
22

ultimately be determined to infringe on or misappropriate the intellectual property rights of another party, we could be forced to limit or stop sales of licenses to our platform and solutions and may be unable to compete effectively. We could also lose valuable intellectual property rights or key personnel as a result of a wrongful disclosure dispute. Furthermore, we may be subject to indemnification obligations with respect to third-party intellectual property pursuant to our agreements with our channel partners or customers. Any of these results would adversely affect our business, operating results and financial condition.
Our use of “open source” software could negatively affect our ability to sell our solutions and subject us to possible litigation.
Some aspects of our platform and solutions are built using open source software, and we intend to continue to use open source software in the future. From time to time, we contribute software source code to open source projects under open source licenses or release internal software projects under open source software licenses and anticipate doing so in the future. The terms of certain open source licenses to which we are subject have not been interpreted by U.S. or foreign courts, and there is a risk that open source software licenses could be construed in a manner that imposes unanticipated conditions or restrictions on our ability to monetize our products. Additionally, we may from time to time face claims from third parties claiming ownership of, or demanding release of, the open source software or derivative works that we developed using such software, which could include our proprietary source code, or otherwise seeking to enforce the terms of the applicable open source software license. These claims could result in litigation and could require us to make our software source code freely available, purchase a costly license or cease offering the implicated services unless and until we can re-engineer them to avoid infringement or violation. This re-engineering process could require significant additional research and development resources, and we may not be able to complete it successfully. In addition to risks related to license requirements, use of certain open source software can lead to greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or controls on the origin of software and, thus, may contain security vulnerabilities or broken code. Any of these risks could be difficult to eliminate or manage, and if not addressed, could have a negative effect on our business, operating results and financial condition.
Our charter and bylaws contain anti-takeover provisions that could delay or discourage takeover attempts that stockholders may consider favorable.
Our charter and bylaws contain provisions that could delay or prevent a change in control of our company. These provisions could also make it difficult for stockholders to elect directors who are not nominated by the current members of our board of directors or take other corporate actions, including effecting changes in our management. These provisions include: (i) a classified board of directors with three-year staggered terms; (ii) removal of directors only for cause; (iii) the ability of our board of directors to issue shares of preferred stock and to determine the price and other terms of those shares, including preferences and voting rights, without stockholder approval; (iv) allowing only our directors to fill vacancies on our board of directors; (v) a prohibition on stockholder action by written consent; (vi) the requirement that a special meeting of stockholders may be called only by or at the direction of our board of directors; (vii) the requirement for the affirmative vote of holders of at least 66 2/3% of the voting power of all of the then outstanding shares of the voting stock, voting together as a single class, to amend the provisions of our charter relating to the management of our business (including our classified board structure) or certain provisions of our bylaws; (viii) the ability of our board of directors to amend the bylaws; (ix) advance notice procedures with which stockholders must comply to nominate candidates to our board of directors or to propose matters to be acted upon at a stockholders’ meeting; and (x) a prohibition of cumulative voting in the election of our board of directors. Our charter also contains a provision that provides us with protections similar to Section 203 of the Delaware General Corporation Law (“DGCL”), and prevents us from engaging in a business combination, such as a merger, with an interested stockholder (i.e., a person or group who acquires at least 15% of our voting stock) for a period of three years from the date such person became an interested stockholder, unless (with certain exceptions) the business combination or the transaction in which the person became an interested stockholder is approved in a prescribed manner.
Our charter designates the Court of Chancery of the State of Delaware as the sole and exclusive forum for certain types of actions and proceedings by our stockholders, which could limit their ability to obtain a favorable judicial forum for disputes with us or our directors, officers, employees or agents.
Our charter provides that, unless we consent in writing to the selection of an alternative forum, the Court of Chancery of the State of Delaware will, to the fullest extent permitted by applicable law, be the sole and exclusive forum for (i) any derivative action or proceeding brought on our behalf, (ii) any action asserting a claim of breach of a fiduciary duty owed by any of our directors, officers, employees or agents to us or our stockholders, (iii) any action asserting a claim arising pursuant to any provision of the DGCL, our charter or bylaws, or (iv) any action asserting a claim against us that is governed by the internal
23

affairs doctrine, in each such case subject to such Court of Chancery of the State of Delaware having personal jurisdiction over the indispensable parties named as defendants therein. Any person or entity purchasing or otherwise acquiring any interest in shares of our capital stock will be deemed to have notice of, and consented to, the provisions of our charter described in the preceding sentence. This choice of forum provision may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or our directors, officers, employees or agents, which may discourage such lawsuits against us and such persons.
The enforceability of similar exclusive forum provisions in other companies’ charters has been challenged in legal proceedings, and it is possible that, in connection with one or more actions or proceedings described above, a court could rule that this provision in our charter is inapplicable or unenforceable. For example, the choice of forum provisions summarized above are not intended to, and would not, apply to suits brought to enforce any liability or duty created by the Exchange Act, or other claim for which the federal courts have exclusive jurisdiction. Additionally, there is uncertainty as to whether our choice of forum provisions would be enforceable with respect to suits brought to enforce any liability or duty created by the Securities Act of 1933, as amended (the “Securities Act”), or other claims for which the federal courts have concurrent jurisdiction, and in any event stockholders will not be deemed to have waived the Company’s compliance with federal securities laws and rules and regulations thereunder. If a court were to find these provisions of our charter inapplicable to, or unenforceable in respect of, one or more of the specified types of actions or proceedings, we may incur additional costs associated with resolving such matters in other jurisdictions, which could adversely affect our business, financial condition or operating results.
General Risk Factors
Our success depends on the experience and expertise of our senior management team and key employees. If we are unable to hire, retain, train and motivate our personnel, our business, operating results and prospects may be harmed.
Our success has depended, and continues to depend, on the efforts and talents of our senior management team and key employees, including our engineers, product managers, sales and marketing personnel and professional services personnel. Our future success will also depend upon our continued ability to identify, hire and retain additional skilled and highly qualified personnel, which will require significant time, expense and attention. Competition for such highly skilled personnel is intense, and we may need to invest significant amounts of cash and equity to attract and retain new employees. If we do not succeed in attracting well-qualified employees or retaining and motivating existing employees, or if we lose one or more members of our senior management team, our business, operating results and prospects could be adversely affected.
Our business depends, in part, on sales to the public sector, and significant changes in the contracting or fiscal policies of the public sector could have an adverse effect on our business.
We derive a portion of our revenue from sales of our solutions to federal, state, local and foreign governments, and we believe that the success and growth of our business will continue to depend in part on our successful procurement of government contracts. Factors that could impede our ability to maintain or increase the amount of revenue derived from government contracts include: (i) changes in fiscal or contracting policies; (ii) decreases in available government funding; (iii) changes in government programs or applicable requirements; (iv) the adoption of new laws or regulations or changes to existing laws or regulations; and (v) potential delays or changes in the government appropriations or other funding authorization processes. The occurrence of any of the foregoing could cause governments and governmental agencies to delay or refrain from purchasing our solutions or otherwise have an adverse effect on our business, operating results and financial condition.
If our estimates or judgments relating to our critical accounting policies prove to be incorrect, our operating results could be adversely affected.
The preparation of financial statements in conformity with accounting principles generally accepted in the United States of America requires management to make estimates and assumptions that affect the amounts reported in our consolidated financial statements and accompanying notes. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, as provided in Item 7. “Management’s Discussion and Analysis of Financial Condition and Results of OperationsCritical Accounting Estimates.” The results of these estimates form the basis for making judgments about the carrying values of assets, liabilities and equity, and the amount of revenue and expenses that are not readily apparent from other sources. Significant assumptions and estimates used in preparing our consolidated financial statements include those related to revenue recognition, including the determination of stand-alone selling price, the expected period of benefit for our deferred contract acquisition costs, income taxes, and the valuation, estimated useful lives and impairment of intangible assets and goodwill arising from business combinations. Our operating results may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our
24

operating results to fall below the expectations of securities analysts and investors, resulting in a decline in the trading price of our common stock.
Our failure to raise additional capital or generate cash flows necessary to expand our operations and invest in new technologies in the future could reduce our ability to compete successfully and harm our operating results.
We may need to raise additional funds, and we may not be able to obtain additional debt or equity financing on favorable terms, if at all. If we raise additional equity financing, our security holders may experience significant dilution of their ownership interests. If we engage in additional debt financing, we may be required to accept terms that restrict our ability to incur additional indebtedness, force us to maintain specified liquidity or other ratios or restrict our ability to pay dividends or make acquisitions. If we need additional capital and cannot raise it on acceptable terms, or at all, we may not be able to, among other things: (i) develop and enhance our products; (ii) continue to expand our product development, sales and marketing organizations; (iii) hire, train and retain employees; (iv) respond to competitive pressures or unanticipated working capital requirements; or (v) pursue acquisition opportunities.
Servicing our debt may require a significant amount of cash, and we may not have sufficient cash flow from our business to do so.
We have historically relied on the availability of some amount of debt financing. Our ability to make scheduled payments of the principal of, to pay interest on or to refinance our indebtedness, including our $400.0 million aggregate principal amount of 0.125% convertible senior notes due 2024 (the “Notes”) and any future borrowings under our credit facility, depends on our future performance, which is subject to economic, financial, competitive and other factors beyond our control, including the factors described in this “Risk Factors” section. Our business may not continue to generate cash flow from operations in the future sufficient to service our debt and make necessary capital expenditures. If we are unable to generate such cash flow, we may be required to adopt one or more alternatives, such as selling assets, restructuring debt or obtaining additional equity capital on terms that may be onerous or highly dilutive. Our ability to refinance our indebtedness will depend on the capital markets and our financial condition at such time. We may not be able to engage in any of these activities or engage in these activities on desirable terms. In addition, our credit facility and any of our future debt agreements may contain restrictive covenants that prohibit us from adopting any of these alternatives.
The terms, conditions and restrictions contained in our credit agreement and our convertible notes and related capped call transactions could expose us to risks that could adversely affect our liquidity and financial condition or otherwise adversely affect our operating results.
Our credit agreement contains various covenants that, among other things, limit our and certain of our subsidiaries’ abilities to: (i) incur additional indebtedness or guarantee indebtedness of others; (ii) create additional liens on our assets; (iii) merge, consolidate or dissolve; (iv) make loans or investments, including acquisitions; (v) sell assets; (vi) engage in sale and leaseback transactions; (vii) pay dividends and make other distributions on our capital stock, and redeem and repurchase our capital stock; or (viii) enter into transactions with affiliates. Our credit agreement also contains numerous affirmative covenants and a financial covenant. Our failure to comply with these covenants could result in an event of default, which, if not cured or waived, could result in the acceleration of our debt. Any additional debt that we incur in the future could subject us to similar or additional covenants.
Holders of the Notes have the right to require us to repurchase their Notes upon the occurrence of a fundamental change (as defined in the indenture governing the Notes) at a repurchase price equal to 100% of the principal amount of the Notes to be repurchased, plus accrued and unpaid interest, if any. In such event, we may not have enough available cash or be able to obtain financing at the time to make repurchases of the Notes surrendered therefor. In addition, our ability to repurchase the Notes may be limited by our existing credit agreement or agreements governing our future indebtedness. Our failure to repurchase the Notes at a time when the repurchase is required by the indenture governing the Notes would constitute a default under such indenture. A default under the indenture or the fundamental change itself could also lead to a default under agreements governing our existing credit facility or future indebtedness.
The conditional conversion feature of the Notes has been triggered during certain quarters and may be triggered in future quarters, entitling holders of the Notes to convert the Notes at any time during specified periods at their option. We have received, and we may in the future receive, requests from holders to convert all or a portion of their Notes (for more information, see Item 7. "Management’s Discussion and Analysis of Financial Condition and Results of Operations—Liquidity and Capital Resources"). To the extent that we elect to settle a portion or all of our conversion obligation through the payment of cash, this could adversely affect our liquidity. The conversion of some or all of the Notes will also dilute the ownership
25

interests of existing stockholders to the extent we satisfy our conversion obligation by delivering shares of our common stock upon any conversion of such Notes. In addition, even if holders do not elect to convert their Notes, we could be required under applicable accounting rules to reclassify all or a portion of the outstanding principal of the Notes as a current rather than long-term liability, which would result in a material reduction of our net working capital. The Notes were classified as current liabilities on the consolidated balance sheet as of December 31, 2020.
In connection with the pricing of the Notes, we entered into privately negotiated capped call transactions (“Capped Call Transactions”) that are intended to reduce the potential dilution to our common stock upon any conversion of the Notes and/or offset any potential cash payments we are required to make in excess of the principal amount of converted Notes. The unwinding of such Capped Call Transactions in connection with a conversion of some or all of the Notes could adversely affect the value of our common stock.
Additionally, it is possible that the accounting standards relating to the Notes and/or the Capped Call Transactions could in the future change, and compliance with any new or updated standards could have a material adverse effect on our results, including with respect to earnings per share.
The COVID-19 pandemic continues to affect populations and businesses worldwide and may materially affect how we and our customers operate, and the duration and extent to which these effects may impact our future results of operations and overall financial performance remains uncertain.
The emergence of the novel coronavirus as a global pandemic in late 2019 and the devastating effects of COVID-19 throughout 2020 and into 2021 have caused substantial disruption to populations, including markets and economies, worldwide. Governments and public health officials have recommended and imposed significant regulations and restrictions designed to protect human life, but which have simultaneously had (and are expected to continue to have) serious adverse impacts on domestic and foreign economies. Further, as new variants of the coronavirus emerge throughout the world, some governments have tightened restrictions, and making it even more difficult to predict the scope and duration of the effects of the coronavirus. While we believe that the pandemic has not had an immediate material adverse impact on our financial performance, our business may yet be negatively impacted by the COVID-19 pandemic as the duration of the pandemic and the scope of its effects ultimately remain unknown.
The conditions caused by the COVID-19 pandemic have in some cases affected, and may continue to affect, the rate of IT spending by our current and prospective customers, impacting some of our customers’ ability and willingness to purchase our offerings, in some instances delaying prospective customers’ purchasing decisions, delaying the provisioning of our offerings and causing some customers to fail to make timely payments. We have seen an immaterial number of customer requests, and may continue to see similar requests, to lengthen payment terms or reduce the value or duration of subscription contracts, and for those customers that prefer we provide on-site consulting services, we have generally been unable to do so during the pandemic due to local and regional restrictions, instead providing those services virtually.
Given the nature and significance of the circumstances created by the coronavirus, we are not able to enumerate all potential risks to our business; however, we believe that in addition to the impacts described above, other potential impacts of the global pandemic include: (i) an increased likelihood of interruptions with the delivery of our SaaS solutions, other subscription services or third-party cloud-based systems that we use in our operations; (ii) a decrease in the volume of sales through our channel partners due to changes to their business models as a result of COVID-19; (iii) cybersecurity issues, as digital technologies may become more vulnerable and experience a higher rate of cyberattacks in the current environment of remote connectivity; (iv) risk of stockholder lawsuits arising from volatility in the trading price of our common stock and other securities-related claims; (v) litigation risk and possible loss contingencies related to COVID-19 and its impact, including with respect to commercial contracts, employee matters and insurance arrangements; (vi) changes to our culture and workforce to adjust to market conditions and as a result of increased remote connectivity; (vii) potentially higher borrowing costs or we may not be able to raise capital on terms acceptable to us or at all in the future; (viii) impairments and other accounting charges if demand for our services and products decreases; and (ix) infections and quarantining of our employees and the personnel of our customers, suppliers and other third parties in areas in which we operate.
The duration and extent of the impact from the COVID-19 pandemic depends on future developments, including the effectiveness of vaccinations as they are distributed and the nature and number of variants of the coronavirus that emerge, that cannot be accurately predicted at this time. If we are not able to respond to and manage the impact of such events effectively, our business will be harmed. To the extent the COVID-19 pandemic adversely affects our business and financial results, it may also have the effect of heightening many of the other risks set forth in these “Risk Factors”, such as those relating to our financial performance and debt obligations.
26

The impact of various tax laws and regulations, including our failure to comply therewith, could have a negative impact on our operating results and financial condition.
We are subject to tax laws and regulations, both in the United States and internationally, which laws and regulations are complex and may change over time. Compliance with such laws and regulations may have negative impacts on our operating results and financial condition, and our efforts to comply in a timely manner may prove inadequate. For example, (i) comprehensive U.S. federal tax reform legislation could adversely affect our business and financial condition; (ii) changes in existing financial accounting standards or practices, or taxation rules or practices, may harm our operating results; (iii) our business may be subject to additional obligations to collect and remit sales tax, value-added and other taxes, and we may be subject to tax liability for past sales; (iv) our corporate structure and intercompany arrangements are subject to the tax laws of various jurisdictions, and we could be obligated to pay additional taxes, which would harm our operating results; and (v) our ability to use net operating losses and other tax attributes to offset future taxable income may be subject to certain limitations. Additionally, forecasting our estimated annual effective tax rate for financial accounting purposes is complex and subject to uncertainty, and there may be material differences between our forecasted and actual tax rates. Any of these circumstances could have a material impact on our results of business, financial condition and results of operations.
Item 1B. Unresolved Staff Comments.
None.
Item 2. Properties.
Our corporate headquarters in Austin, Texas consists of 164,818 square feet of space under a lease that expires in April 2029. We also have additional office space under leases in Pune, India, Tel Aviv, Israel, London, United Kingdom, San Jose, California and Singapore.
We lease all of our facilities. We believe that our facilities are adequate for our current needs and anticipate that suitable additional space will be readily available to accommodate any foreseeable expansion of our operations. For more information about our lease commitments, see also Note 7 “Leases” in our notes to our consolidated financial statements included in this Annual Report.
Item 3. Legal Proceedings.
We are not currently a party to, nor is our property currently subject to, any material legal proceedings other than ordinary routine litigation incidental to the business, and we are not aware of any such proceedings contemplated by governmental authorities.
Item 4. Mine Safety Disclosures.
None.
27

PART II
Item 5. Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities.
Market Information
Our common stock is listed and traded on the New York Stock Exchange ("NYSE") under the symbol “SAIL.”
Holders of Record
As of February 18, 2021, there were 23 holders of record of our common stock including Cede & Co, a nominee for The Depository Trust Company, or DTC, which holds shares of our common stock on behalf of an indeterminate number of beneficial owners. All of the shares of common stock held by brokerage firms, banks and other financial institutions as nominees for beneficial owners are deposited into participant accounts at DTC and are considered to be held of record by Cede & Co. as one stockholder. Because many of our shares of common stock are held by brokers and other institutions on behalf of stockholders, we are unable to estimate the total number of beneficial stockholders represented by these record holders.
Dividend Policy
We have never declared or paid any cash dividends on our common stock. We currently intend to retain all of our earnings to finance the growth and development of our business. Any further determination to pay dividends on our common stock will be at the discretion of our board of directors, subject to applicable laws, and will depend on our financial condition, results of operations, capital requirements, general business conditions and other factors that our board of directors considers relevant. In addition, our Credit Agreement places restrictions on our ability to pay cash dividends. See Note 9 “Line of Credit and Long-Term Debt” in our notes to our consolidated financial statements included in this Annual Report for more information regarding terms and conditions of the Credit Agreement.
Stock Performance Graph
The following is not “soliciting material,” shall not be deemed “filed” for purposes of Section 18 of the Exchange Act or incorporated by reference into any of our other filings under the Exchange Act or the Securities Act, except to the extent we specifically incorporate it by reference into such filing.
The graph assumes that $100 was invested (i) in the Company’s common stock on November 17, 2017 (the date on which initial trading in the Company’s common stock commenced), and (ii) on October 31, 2017, in the NYSE Composite Index, S&P Mid Cap 400 and the S&P 600 Information Technology Index, and in each case, that all dividends were reinvested. The stock price performance on the following graph is required by the SEC and is not necessarily intended to forecast or be indicative of future stock price performance. On October 5, 2020, our common stock was added to the S&P MidCap 400 Index. As a result, we have added the S&P MidCap 400 Index to our stock performance graph, and we intend to discontinue presentation of the NYSE Composite Index in future stock performance graphs, as we believe the S&P MidCap 400 Index is a more appropriate benchmark for comparative purposes.

28

sail-20201231_g1.jpg
Company/Index11/17/201712/31/20173/31/20186/30/20189/30/201812/31/20183/31/20196/30/20199/30/201912/31/2019
SAIL$100.00 $111.54 $159.15 $188.77 $261.69 $180.69 $220.92 $154.15 $143.77 $181.54 
NYSE Composite$100.00 $104.23 $101.92 $103.08 $108.50 $94.91 $106.64 $110.37 $110.69 $119.11 
S&P MidCap 400$100.00 $103.90 $103.10 $107.53 $111.68 $92.39 $105.77 $108.99 $108.90 $116.59 
S&P 600 IT Index$100.00 $94.32 $93.53 $97.94 $102.12 $82.13 $97.71 $99.70 $101.86 $112.95 

Company/Index3/31/20206/30/20209/30/202012/31/2020
SAIL$117.08 $203.62 $304.38 $409.54 
NYSE Composite$88.80 $103.20 $110.85 $127.44 
S&P MidCap 400$81.96 $101.69 $106.55 $132.52 
S&P 600 IT Index$81.70 $101.16 $100.74 $142.41 
29

Recent Sales of Unregistered Securities
On December 29, 2020, we received a conversion notice relating to $10.2 million of our 0.125% Convertible Senior Notes due 2024 (the “Converting Notes”). We have elected to settle the principal amount of the Converting Notes with cash and the conversion value in excess of the principal amount of the Converting Notes in shares of our common stock. Such shares will be issued following the observation period set forth in the Indenture governing the Converting Notes (which will occur during the first quarter of 2021) in reliance on the exemption from registration provided by Section 3(a)(9) of the Securities Act.
Purchase of Equity Securities by the Issuer and Affiliated Purchasers
In connection with the settlement of the Converting Notes, as described above, we intend to unwind a pro rata portion of the Capped Call Transactions, which settlement is expected to occur in conjunction with the settlement of the Converting Notes (i.e., during the first quarter of 2021) in the form of shares of our common stock delivered to us by the capped call counterparties.
Use of Proceeds from Initial Public Offering of Common Stock
On November 16, 2017, the Registration Statement on Form S-1 (File No. 333-221036) relating to our initial public offering was declared effective by the SEC and we priced our initial public offering. Pursuant to the Registration Statement, we registered an aggregate of 23.0 million shares of our common stock, of which 15.8 million shares were sold by us and 7.2 million shares were sold by certain selling stockholders named therein at a price to the public of $12.00 per share (for an aggregate offering price of $276.0 million). We received net proceeds of approximately $172.0 million, after deducting underwriting discounts and commissions of approximately $13.3 million and offering-related expenses of $4.4 million.
As of December 31, 2020, we have used $160.0 million of the proceeds from our initial public offering to repay borrowings under our previous term loan facility and approximately $1.8 million of such proceeds to pay a related prepayment premium; the remaining net proceeds are held in cash and have not been deployed.
Item 6. Selected Financial Data
None.
Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations
You should read the following discussion and analysis of our financial condition and results of operations together with the consolidated financial statements and related notes that are included elsewhere in this Annual Report on Form 10-K. This discussion contains forward-looking statements that involve risks and uncertainties. Our actual results may differ materially from those anticipated in these forward-looking statements as a result of various factors, including, but not limited to, those set forth in the section titled “Risk Factors” in Part I, Item 1A and in other parts of this Annual Report on Form 10-K. Our historical results are not necessarily indicative of the results that may be expected for any period in the future, and our interim results are not necessarily indicative of the results we expect for the full fiscal year or any other period.
The Company has elected to omit a discussion and analysis of the financial condition and results of operations of certain 2018 items and year-to-year comparisons between 2019 and 2018. Such discussion and analysis can be found in “Management’s Discussion and Analysis of Financial Condition and Results of Operations” in Part II, Item 7 of the Company’s Annual Report on Form 10-K for the year ended December 31, 2019, which was filed with the SEC on February 24, 2020.
Overview
SailPoint (“we,” “our,” “the Company” or “SailPoint”) is the leading provider of enterprise identity security solutions. Our identity security solutions provide organizations with critical visibility into who currently has access to which resources, who should have access to those resources and how that access is being used.
We offer both software as a service (“SaaS”) and software solutions, which provide organizations with the intelligence required to empower users and govern their access to systems, applications and data across hybrid IT environments, spanning on-premises, cloud and mobile applications and file storage platforms. We help customers enable their businesses with more agile and innovative IT, streamline delivery of access to their businesses, enhance their security posture and better meet
30

compliance and regulatory requirements. Our customers include many of the world’s largest and most complex organizations, including commercial enterprises, financial institutions and governments.
Our set of identity security solutions currently consists of:
IdentityNow: our cloud-based, multi-tenant identity security platform, which provides customers with a set of fully integrated services for compliance, provisioning and password management for applications and data hosted on-premises or in the cloud;
IdentityIQ: our on-premises identity security solution, which can be hosted in the public cloud or deployed in a customer’s data center provides large, complex enterprise customers a unified and highly configurable identity security solution; and
SailPoint Identity Services: delivered as multi-tenant SaaS subscription services that can be utilized in conjunction with IdentityNow and IdentityIQ and currently consisting of:
Access Insights: collects a wealth of identity information and turns that information into actionable insights and provides business-oriented dashboards and reports to track the effectiveness of your identity program;
Recommendation Engine: uses artificial intelligence (“AI”), machine learning (“ML”), peer group analysis, identity attributes and access activity to help you decide whether access should be granted or removed;
Access Modeling: uses AI and ML to suggest roles based on similar access between users and gives you insights to confirm the correct access for each role; and
Cloud Access Management: uses AI and ML to automatically learn, monitor and secure access to cloud infrastructure.
Our solutions address the complex needs of global enterprises and mid-market organizations. Our success is principally dependent on our ability to deliver compelling solutions to attract new customers and retain existing customers. Rising security threats and evolving regulations and compliance standards for cyber security, data protection, privacy and internal IT controls create new opportunities for our industry and require us to adapt our solutions to be successful. Maintaining our historical growth rates is also challenging because our growth strategy depends in part on our ability to drive new customer growth within existing geographic markets, further penetrate our existing customer base, continue to invest in our platform, leverage and expand our network of partners, expand market and product investment across existing vertical markets, and continuing to expand our global presence, while competing against much larger companies with more recognizable brands and financial resources. Although we seek to grow rapidly, we also focus on managing our net cash provided by operations while continuing to invest in our platform and to deliver innovative solutions to our customers.
We believe enterprises are increasingly embracing the cloud to house their critical security infrastructure. As a result, a growing number of enterprises are changing their approach to identity security and now prefer to use a SaaS solution rather than purchase software outright and install it in their own infrastructure. This industry shift aligns well with our current product strategy. Our product strategy is to (1) accelerate innovation within our core identity security SaaS offerings, (2) deliver continued innovation as we execute against our vision for SailPoint identity security, and (3) ensure that as we deliver these new innovations, they work in concert with our SaaS offerings in addition to our on-premises offerings. We believe that continued growth of SaaS, term-based license and maintenance and support revenue will lead to a more predictable revenue model and increase our visibility to future period total revenues. Nevertheless, our revenue and our gross margins vary depending on the type of solution we sell. As a result, a shift in the sales mix of our solutions could affect our performance relative to historical results.
IdentityNow and our SailPoint Identity Services are provided in exchange for a subscription fee and offers customers access to these solutions and infrastructure support for the duration of their subscription agreement. Our standard subscription agreement for our SaaS offerings has a duration of three years. For our IdentityIQ solutions, our customers typically purchase a perpetual software license, which includes one year of maintenance and support. Our maintenance provides software maintenance as well as access to our technical support services during the maintenance term. After the initial maintenance period, customers with perpetual licenses may renew their maintenance and support agreement for an additional fee.
Pricing for each of our solutions is dependent on the number of digital identities of employees, contractors, business partners, software bots and other human and non-human users that the customer is entitled to govern with the solution. We also package and price our IdentityNow and IdentityIQ solutions into modules. Each module has unique functionalities, and our customers are able to purchase one or more modules, depending on their needs. We also offer advanced integration modules for key applications and systems which can be purchased in addition to our base solution modules. They are also priced based on
31

the total number of identities, as are our SailPoint Identity Services. Thus, our revenue from any customer is generally determined by the number of identities that the customer is entitled to govern as well as the number of modules purchased by the customer for our IdentityIQ and IdentityNow solutions and which, if any, of the SailPoint Identity Services that the customer purchases.
In addition to our solutions, we offer professional services to our customers and partners to configure and optimize the use of our solutions as well as training services related to the configuration and operation of our platform. Most of our professional services activity is in support of our partners, who perform a significant majority of all initial and follow-on implementation work for our customers. Most of our consulting services are priced on a time-and-materials basis; our training services are provided through multiple pricing models, including on a per-person basis for instructor led courses and a flat-rate basis for our e-learning courses.
As part of our growth strategy, on February 22, 2021, we acquired Intello Inc. (“Intello”), which is an early-stage SaaS management company that helps organizations to discover, manage, and secure SaaS applications. See Note 19 “Subsequent Events” in our notes to our consolidated financial statements included in this Annual Report for more information.
Key Factors Affecting Our Performance
Our historical financial performance has been, and we expect our financial performance in the future to be, driven by our ability to:
Add New Customers Within Existing Markets. There is significant opportunity to expand our footprint in our existing markets through new, greenfield deployments and displacement of our competitors’ legacy solutions. We plan to grow our sales organization, expand and leverage our channel partners and enhance our marketing efforts.
Generate Additional Sales to Existing Customers. We believe that our existing customer base provides us with a significant opportunity to drive incremental sales. In most cases, our customers initially purchase a subset of the modules or offerings we provide based on their immediate need. We focus on generating more revenue from the modules that our customers have already purchased from us as our customers grow the number of identities our solutions manage and govern and as our customers deploy our solutions across other business units or geographies within their organizations. This is especially true when it comes to our new and expanded SaaS offerings, including AI and cloud governance. Over time, we also identify up-selling and cross-selling opportunities and seek to sell additional modules and offerings to our existing customers.
Retain Customers. We believe that our ability to retain our subscription-based customer contracts is an important component of our growth strategy and reflects the long-term value of our customer relationships. In order to maintain high renewal rates, we invest in the quality and reliability of our solutions and our customer service and support functions to help drive high levels of customer success.
Expand into New Markets. We expect to continue to invest significantly in sales, marketing and customer service, as well as our indirect channel partner network, to expand into new geographies and vertical markets. We believe that our market opportunity is large and growing and that the global cyber security market represents a significant growth opportunity for us. In 2020, we generated only 28% of our revenue outside of the United States. We plan to leverage our existing strong relationships with global system integrators and channel partners to grow our presence in Europe, Asia Pacific and other international markets.
Impact of COVID-19
In light of the ongoing spread of COVID-19 in the United States and abroad, including the emergence of new variants of the coronavirus, government and public health authorities continue to recommend social distancing and impose various quarantine and isolation measures on large portions of the population, including measures directed at businesses. While intended to protect human life, these restrictions have had and are expected to continue to have serious adverse impacts on domestic and foreign economies of uncertain duration. We have made certain adjustments to our operations as we continue to provide our offerings to new and existing customers in response to these measures. For example, as a result of the COVID-19 pandemic, we shifted all customer events to virtual-only experiences beginning in early 2020 and expect this trend to continue for the foreseeable future, and we have transitioned to providing consulting services virtually as well.
While we believe that the pandemic has not had an immediate material adverse impact on our financial performance, our business may yet be negatively impacted by the COVID-19 pandemic as the duration of the pandemic and the scope of its effects ultimately remain unknown. For example, the conditions caused by the COVID-19 pandemic may materially adversely affect the rate of IT spending by our current and prospective customers, including our customers’ ability or willingness to
32

purchase our offerings, delay prospective customers’ purchasing decisions, delay the provisioning of our offerings, or cause customers to fail to make timely payments. We have seen an immaterial number of customer requests, and may continue to see similar requests, to lengthen payment terms or reduce the value or duration of subscription contracts, but this has not resulted in a material adverse impact on our renewal rates. While we have not been able to provide on-site consulting services to our customers during the pandemic due to local and regional restrictions, this has not resulted in any meaningful adverse impact on our ability to deliver such services because a significant portion of our consulting services have historically been provided remotely and most on-site projects transitioned to a remote delivery model.
Notwithstanding the potential and actual adverse impacts described above, as the pandemic has caused more of our customers to shift to a virtual workforce, we believe the value and scalability of our identity platform has become even more evident. We believe that the pandemic has not had a material adverse impact on our financial performance, and indeed, our revenue and customer base grew throughout 2020 and our travel and facilities expenses for the year were down. While we expect to see a return to higher levels of travel and facilities expenses in 2021, we also expect to continue to see healthy demand for our solutions for the near-term given the aforementioned virtual workforce shift. Nevertheless, we recognize that the uncertainty related to COVID-19 may result in increased volatility in the financial projections we use as the basis for estimates and assumptions used in our financial statements.
The challenges posed by COVID-19 on our business and our customers’ businesses may evolve rapidly, and the speed, trajectory and strength of a recovery in general economic conditions remains highly uncertain and could be slowed or reversed by a number of factors, including the recent emergence of new strains of the coronavirus and the effectiveness of vaccines for the disease as they continue to be developed and distributed. Consequently, we will continue to evaluate our financial position and results of operations in light of future developments, particularly those relating to COVID-19. See the section titled “Risk Factors” elsewhere in this Annual Report on Form 10-K for information regarding the possible effects of COVID-19 on our business.
Key Business Metrics
In addition to our financial information prepared in accordance with accounting principles generally accepted in the United States of America ("GAAP"), we monitor the following key metrics to help us measure and evaluate the effectiveness of our operations: 
Year Ended December 31,
202020192018
Number of customers (at period end)1,753 1,469 1,173 
Total annual recurring revenue250,951 178,953 131,483 
Number of Customers. We believe that the size of our customer base is an indicator of our market penetration and that our net customer additions are an indicator of the growth of our business and our future revenue opportunity. We define a customer as a distinct entity, division or business unit of an organization that receives support or has the right to use our cloud-based solutions as of the specified measurement date. Revenue from any single customer is determined by the number of identities the customer is entitled to govern as well as the number of modules and solutions purchased. Our customer base increased by 284, or 19%, from 1,469 customers at December 31, 2019 to 1,753 customers at December 31, 2020.
Total Annual Recurring Revenue (“Total ARR”). We use Total ARR to monitor the growth of our recurring business as we continue to shift to a subscription model. Total ARR represents the annualized value of the active portion of SaaS, term-based license, maintenance and support contracts and other subscription services at the end of the reporting period. We calculate Total ARR by dividing the active contract value by the number of days in the active portion of the overall contract term and then multiplying by 365. Total ARR should be viewed independently of revenue and deferred revenue as Total ARR is an operating metric and is not intended to be combined with or replace these items. Total ARR is not a forecast of future revenue, which can be impacted by contract start and end dates and renewal rates, and does not include revenue from perpetual licenses, training, professional services or other sources of revenue that are not deemed to be recurring in nature.
We no longer consider subscription revenue as a percentage of total revenue to be a key metric, and accordingly we do not expect to disclose this metric going forward. While we continue to place a considerable focus on the aggregate performance of subscription revenues, we believe that Total ARR is a more complete measure of the value of the Company’s recurring contracts. Subscription revenue as a percentage of total revenue was 54%, 50% and 42% for the years ended December 31, 2020, 2019 and 2018, respectively.
33

Components of Results of Operations
Revenue
License Revenue. We generate license revenue through the sale of our on-premises software license agreements to new customers and sales of additional licenses to the existing customers who can purchase additional users for existing licenses or purchase new licenses. Customers may also purchase term license agreements, under which we recognize the amount allocated to the licenses upfront. Perpetual license transactions generally include an amount for first-year maintenance and support, which we recognize as subscription revenue. We typically recognize license revenue upon delivering the applicable license. Over time, we will continue to expect license revenue to decrease as a percentage of our total revenue as we continue to focus on increasing our subscription revenue as a key growth initiative.
Subscription Revenue. Our subscription revenue consists of (i) fees for access to, and related support for, our SaaS offerings, (ii) fees for ongoing maintenance and support of our licensed solutions and (iii) other subscription services, which includes our cloud managed services. We typically invoice subscription fees in advance, in annual installments, and recognize subscription revenue ratably over the term of the applicable agreement. Over time, we expect subscription revenue will increase as a percentage of total revenue as we continue to focus on increasing subscription revenue as a key growth initiative.
Services and Other Revenue. Services and other revenue consists primarily of fees from professional services provided to our customers and partners to configure and optimize the use of our solutions as well as training services related to the configuration and operation of our platform. Most of our professional services are priced on a time-and-materials basis and we generally invoice customers monthly as the work is performed. We generally have standalone value for our professional services and recognize revenue as services are performed based on an estimated fair value as a separate unit of accounting. Most of our professional services activity is in support of our partners, who perform the significant majority of all initial and follow-on configuration and optimization work for our customers. Over time, we expect our professional services revenue as a percentage of total revenue to decrease as we increasingly rely on partners to help our customers deploy our software.
Cost of Revenue
Cost of License Revenue. Cost of license revenue consists of amortization expense for developed technology acquired and third-party royalties.
Cost of Subscription Revenue. Cost of subscription revenue consists primarily of employee-based costs (which consists of employee compensation and allocated overhead), costs of our customer support organization, contractor costs to supplement our staff levels, amortization expense for developed technology acquired and third-party cloud-based hosting costs.
Cost of Services and Other Revenue. Cost of services and other revenue consists primarily of employee-based costs of our professional services and training organizations, travel-related costs and contractor costs to supplement our staff levels.
Impairment of Intangible Assets. Impairment of intangible assets consists of impairments charges for developed technology acquired. This is a component of cost of subscription revenue that was broken out for financial statement purposes.
Gross Profit and Gross Margin
Gross profit is revenue less cost of revenue, and gross margin is gross profit as a percentage of total revenue. Gross profit has been and will continue to be affected by various factors, including the mix of our license, subscription, and services and other revenue, the costs associated with third-party cloud-based hosting services for our SaaS offerings, contractor costs to supplement our staff levels and the extent to which we expand our customer support and professional services and training organizations. We expect that our overall gross margin will fluctuate from period to period depending on the interplay of these various factors. Also, we expect our investment in technology to expand the capability of our services, enabling us to improve our gross margin over time.
Operating Expenses
Research and Development Expenses. Research and development expenses consist primarily of employee-based costs, software and hosting arrangement expenses (which includes cloud-based hosting costs related to the development of our cloud-based solution), professional services expense and amortization expense for acquired intangible assets. We believe that continued investment in our offerings is vital to the growth of our business, and we intend to continue to invest in product
34

development. We expect our research and development expenses to continue to increase on a dollar basis for the foreseeable future, as our business grows.
General and Administrative Expenses. General and administrative expenses consist primarily of employee-based costs for corporate personnel. In addition, general and administrative expenses include professional services expense, software and hosting arrangement expenses, sponsor-related costs and all other corporate expenses not allocated to other departments. While we experienced a decrease in our general and administrative expenses in 2020, we expect our general and administrative expenses to increase on a dollar basis for the foreseeable future, as our business grows.
Sales and Marketing Expenses. Sales and marketing expenses consist primarily of employee-based costs, costs of general marketing and promotional activities, professional services expense, software and hosting arrangement expenses, amortization expense for acquired intangible assets and travel-related expenses. Sales commissions earned by our sales force and the related payroll taxes, a primary component of “deferred contract acquisition costs”, are considered incremental and recoverable costs of obtaining a contract with a customer are deferred and then amortized on a straight-line basis over a period of benefit that we have determined to be generally five years. We expect our sales and marketing expenses to increase on a dollar basis for the foreseeable future continue to invest in our sales force for expansion to new geographic and vertical markets as sales and marketing expenses continue to be our largest operating expense category.
Allocated Overhead. We allocate shared costs, such as facilities costs (including rent, utilities and depreciation on assets shared by all departments), information technology costs and recruiting costs, to all departments based on headcount. As such, allocated shared costs are reflected in each cost of revenue and operating expense category.
Other Income (Expense), Net
Other income (expense), net consists primarily of interest income, interest expense and foreign currency transaction gains and losses related to the impact of transactions denominated in a foreign currency. Interest income consists of interest earned on our cash equivalents, which we expect to fluctuate due to cash balance and interest rates.
Interest expense consists primarily of contractual interest expense, amortization of debt discount and issuance costs, loss on the modification and extinguishment of debt and prepayment penalties on our current and prior credit agreements and Notes. We expect our non-cash components of interest expense to decrease on a dollar basis for the foreseeable future due to the planned early adoption of ASU 2020-06. For more information on the early adoption of ASU 2020-06, refer to Note 1, "Description of Business and Summary of Significant Accounting Policies" in our notes to our consolidated financial statements included in this Annual Report.
As we have expanded our international operations, our exposure to fluctuations in foreign currencies has increased and we expect this trend to continue.
Income Tax (Expense) Benefit
Our provision for income taxes consists of U.S. and state income taxes and income taxes in certain foreign jurisdictions in which we conduct business. Our income tax rate varies from the federal statutory rate due to foreign withholding taxes; changing tax laws, regulations and interpretations in multiple jurisdictions in which we operate; changes to the financial accounting rules for income taxes; unanticipated changes in tax rates; differences in accounting and tax treatment of our stock-based compensation and research and development credits. We expect this fluctuation in income tax rates, as well as its potential impact on our results of operations, to continue.
Seasonality
We generally experience seasonal fluctuations in demand for our products and services. Our quarterly sales are impacted by industry buying patterns. As a result, our sales have generally been highest in the fourth quarter of a calendar year and lowest in the first quarter. Although these seasonal factors are common in the technology industry, historical patterns should not be considered a reliable indicator of our future sales activity or performance.
Our revenue mix demand is shifting from sales of perpetual licenses to sales of term licenses and subscriptions and we expect this demand shift to continue and, over time, that sales to new customers will be exclusively comprised of term licenses and subscriptions. Our transition to a subscription model has impacted, and it will continue to impact, the timing of our recognition of revenue as an increasing percentage of our sales become recognized ratably, as well as impact our operating
35

margins as subscription revenue becomes a larger percentage of our sales. Our shift to a subscription model has fluctuated between periods, and our ability to predict our revenue and margins in any particular period has been, and may continue to be, more limited.
Results of Operations
The following table sets forth our results of operations for the periods presented:
Year Ended December 31,
202020192018
(In thousands)
Revenue
Licenses$120,874 $102,800 $105,000 
Subscription196,817 143,390 104,033 
Services and other47,563 42,325 39,887 
Total revenue365,254 288,515 248,920 
Cost of revenue
Licenses4,467 4,239 4,634 
Subscription (1)
37,644 26,877 20,734 
Services and other (1)
38,517 34,359 29,302 
Impairment of intangible assets5,119 — — 
Total cost of revenue85,747 65,475 54,670 
Gross profit279,507 223,040 194,250 
Operating expenses
Research and development (1)
71,191 56,120 43,154 
General and administrative (1)
37,783 39,816 34,781 
Sales and marketing (1)
169,656 136,537 105,402 
Total operating expenses278,630 232,473 183,337 
Income (loss) from operations877 (9,433)10,913 
Other income (expense), net
Interest income2,019 2,468 10 
Interest expense(18,612)(5,041)(4,717)
Other income (expense), net33 (1,082)(1,446)
Total other expense, net(16,560)(3,655)(6,153)
Income (loss) before income taxes(15,683)(13,088)4,760 
Income tax (expense) benefit4,920 4,588 (1,090)
Net income (loss)$(10,763)$(8,500)$3,670 
36

(1)Includes stock-based compensation expense as follows:
Year Ended December 31,
202020192018
(In thousands)
Cost of revenue - subscription$1,758 $1,142 $945 
Cost of revenue - services and other1,963 1,379 1,504 
Research and development6,282 3,517 3,026 
General and administrative6,802 5,990 7,798 
Sales and marketing12,252 6,686 5,702 
Total stock-based compensation expense$29,057 $18,714 $18,975 
The following table sets forth the results of operations for each of the periods presented as a percentage of total revenue:
Year Ended December 31,
202020192018
Revenue
Licenses33 %35 %42 %
Subscription54 50 42 
Services and other13 15 16 
Total revenue100 100 100 
Cost of revenue
Licenses
Subscription10 
Services and other11 12 12 
Impairment of intangible assets— — 
Total cost of revenue23 23 22 
Gross profit77 77 78 
Operating expenses
Research and development19 20 17 
General and administrative10 14 14 
Sales and marketing47 47 42 
Total operating expenses76 81 73 
Income (loss) from operations(4)
Other income (expense), net
Interest income— 
Interest expense(6)(2)(2)
Other income (expense), net— — (1)
Total other expense, net(5)(1)(3)
Income (loss) before income taxes(4)(5)
Income tax (expense) benefit— 
Net income (loss)(3)%(3)%%
37

Comparison of the Years Ended December 31, 2020 and 2019
Revenue
Year Ended December 31,
20202019variance $variance %
(In thousands, except percentages)
Revenue
Licenses$120,874 $102,800 $18,074 18 %
Subscription
SaaS66,913 42,432 24,481 58 %
Maintenance and support126,792 100,435 26,357 26 %
Other subscription services3,112 523 2,589 495 %
Total subscription196,817 143,390 53,427 37 %
Services and other47,563 42,325 5,238 12 %
Total revenue$365,254 $288,515 $76,739 27 %
License Revenue. License revenue increased by $18.1 million, or 18%, for the year ended December 31, 2020 compared to the year ended December 31, 2019. During the years ended December 31, 2020 and 2019, license revenue from new customers was $76.8 million and $63.6 million, and license revenue from existing customers was $44.1 million and $39.2 million for the respective periods. Our customer base increased by 284, or 19%, from 1,469 customers at December 31, 2019 to 1,753 customers at December 31, 2020.
Subscription Revenue. Subscription revenue increased by $53.4 million, or 37%, for the year ended December 31, 2020 compared to the year ended December 31, 2019 primarily due to an increase in SaaS revenue as we continue to see strong momentum in our SaaS business and an increase in ongoing maintenance and support revenue from our increased installed base. During the years ended December 31, 2020 and 2019, SaaS and other subscription services revenue from new customers was $13.7 million and $11.1 million, and SaaS and other subscription services revenue from existing customers was $56.4 million and $31.9 million for the respective periods. During the years ended December 31, 2020 and 2019, maintenance and support revenue from new customers was $8.3 million and $7.4 million, and maintenance and support revenue from existing customers was $118.5 million and $93.0 million for the respective periods.
Services and Other Revenue. Services and other revenue increased by $5.2 million, or 12% for the year ended December 31, 2020 compared to the year ended December 31, 2019. This increase is primarily a result of an increase in the number of customers using our consulting and training services.
Geographic Regions. Our customers in the United States contributed the largest portion of our revenue in each year ended December 31, 2020 and 2019 because we have more market momentum related to our larger and more established sales force, sales pipeline and brand recognition and awareness in the United States as compared to our other regions. Revenue is classified by the following major geographic areas: (i) United States, (ii) Europe, the Middle East and Africa (“EMEA”) and (iii) rest of the world. We continue to invest in increasing the size of our international sales force and strengthening partnerships with global system integrators and resellers worldwide. For the year ended December 31, 2020, revenue in the United States, EMEA and the rest of the world increased year-over-year.
38

The following table sets forth our consolidated total revenue by geography and the respective percentage of total revenue for the periods presented:
Year Ended December 31,
20202019
$% of revenue$% of revenue
(In thousands, except percentages)
United States$263,332 72 %$204,500 71 %
EMEA (1)
62,249 17 %54,315 19 %
Rest of the World (1)
39,673 11 %29,700 10 %
Total revenue$365,254 100 %$288,515 100 %

(1)No single country outside of the United States represented more than 10% of our revenue.
Gross Profit and Gross Margin
Year Ended December 31,
20202019variance $variance %
(In thousands, except percentages)
Gross profit
Licenses$116,407 $98,561 $17,846 18 %
Subscription
Subscription159,173 116,513 42,660 37 %
Impairment of intangible assets(5,119)— (5,119)(100)%
Total subscription154,054 116,513 37,541 32 %
Services and other9,046 7,966 1,080 14 %
Total gross profit$279,507 $223,040 $56,467 25 %
Gross margin
Licenses96 %96 %
Subscription78 %81 %
Services and other19 %19 %
Total gross margin77 %77 %
Licenses. License gross profit increased by $17.8 million, or 18%, during the year ended December 31, 2020 compared to the year ended December 31, 2019. The increase in gross profit was the result of increased license revenues with only minor increases in third party royalties.
Subscription. Subscription gross profit increased by $37.5 million, or 32%, during the year ended December 31, 2020 compared to the year ended December 31, 2019. The increase was primarily the result of increased subscription revenues, as described above, partially offset by approximately $15.9 million increase in cost in revenue compared to the prior period. The increase in cost of revenue during the year ended December 31, 2020 was primarily driven by a $5.1 million impairment of intangible assets, a $5.1 million increase in employee-based costs due to increases in headcount and related allocated overhead to primarily support the growth of our SaaS offerings and ongoing maintenance and support for our expanding installed customer base, a $3.4 million increase in cloud-based hosting costs to further support the scalability of our SaaS offerings and a $2.5 million increase in amortization expense for developed technology acquired. Gross margin decreased by 3% compared to the prior period primarily due to the impairment of intangible assets.
Services and Other. Services and other gross profit increased by $1.1 million, or 14%, during the year ended December 31, 2020 compared to the year ended December 31, 2019. The increase in gross profit is primarily attributable to the increased revenues due to customer growth, partially offset by approximately $4.2 million increase in cost in revenue compared to the prior period. The increase in cost of revenue during the year ended December 31, 2020 was primarily driven by a $3.2 million increase in partner costs due to higher partner utilization in our professional services and training organization and $1.8
39

million in employee-based costs to support an increasing number of customers and related allocated overhead, partially offset by a $0.9 million decrease in travel expense due to COVID-19 related limitations.
Operating Expenses
Year Ended December 31,
20202019variance $variance %
(In thousands, except percentages)
Operating expenses
Research and development$71,191 $56,120 $15,071 27 %
General and administrative37,783 39,816 (2,033)(5)%
Sales and marketing169,656 136,537 33,119 24 %
Total operating expenses$278,630 $232,473 $46,157 20 %
Research and Development Expenses. Research and development expenses increased by $15.1 million, or 27%, for the year ended December 31, 2020 compared to the year ended December 31, 2019. This increase was primarily driven by a $13.9 million increase in employee-based costs to optimize and expand our product offerings as well as pursue innovation in identity security. Substantially all of the remaining increase in research and development expenses was the result of a $0.9 million increase in software and hosting arrangement expenses and a $0.6 million increase in professional services expense.
General and Administrative Expenses. General and administrative expenses decreased by $2.0 million, or 5%, for the year ended December 31, 2020 compared to the year ended December 31, 2019. This decrease was primarily driven by a $4.8 million decrease in professional services expense relating primarily to legal fees and consulting fees associated with the issuance and sale of the Notes and Capped Call Transactions and acquisition related costs in the prior year, a $0.6 million decrease in travel expense due to COVID-19 related limitations, partially offset by a $2.6 million increase in employee-based costs, a $0.6 million increase in provision of credit losses and a $0.4 million increase in software maintenance and support and SaaS subscription expenses.
Sales and Marketing Expenses. Sales and marketing expenses increased by $33.1 million, or 24%, for the year ended December 31, 2020 compared to the year ended December 31, 2019. This increase was primarily driven by a $36.9 million increase in employee-based costs to support increased penetration into our existing customer base as well as expansion into new industry verticals and geographic markets. We also experienced a $1.7 million increase in professional services expense relating primarily to staff augmentation and advisory services and a $1.7 million increase in software and hosting arrangement expenses, partially offset by a $6.4 million decrease in travel expense and a $0.6 million decrease in events expense, both due to COVID-19 related limitations.
Interest Income and Interest Expense 
Interest Income
Interest income decreased by $0.4 million for the year ended December 31, 2020 compared to the year ended December 31, 2019. This decrease was primarily due to a significant decrease in interest rates earned on our interest earned on our cash balance, offset by the increase in our cash balance.
Interest Expense
Interest expense increased by $13.6 million for the year ended December 31, 2020 compared to the year ended December 31, 2019. This increase was primarily due to the amortization of debt discount and issuance costs related to the Notes of $17.6 million for the year ended December 31, 2020 compared to $4.6 million for the year ended December 31, 2019.
Income Tax (Expense) Benefit
The Company recorded an income tax benefit of $4.9 million for the year ended December 31, 2020 compared to an income tax benefit of $4.6 million for the year ended December 31, 2019, leading to a net benefit of $0.3 million year-over-year. This is primarily due to research and development credits and the tax impact of stock compensation. Provision for income taxes consists of U.S. federal and state income taxes and income taxes in certain foreign jurisdictions in which we conduct business. While we are still in an overall deferred tax liability position for federal and state tax purposes, we have established a
40

partial valuation allowance for federal tax purposes as we expect some of our tax credits to expire prior to utilization. We still maintain a full valuation allowance for our Israel tax position due its lack of taxable earnings for the foreseeable future.
We operate in several tax jurisdictions and are subject to taxes in each country or jurisdiction in which we conduct business. Earnings from our non-U.S. activities are subject to local country income tax and may be subject to U.S. income tax if such earnings are distributed to the U.S. Prior to 2018, we have incurred net operating losses for federal income tax purposes each year since our inception. We have since begun to utilize some of our net operating losses for federal income tax purposes. Thus, our tax expense to date relates primarily to state as well as foreign income taxes. The effective tax rate for years ended December 31, 2020, 2019 and 2018 are 31.4%, 35.1% and 22.9%, respectively. The main drivers for the differences in the rates from the prior period to the current period are related to an increase in pre-tax book loss, the impact of stock compensation and a decrease in state tax liabilities. For further information, refer to Note 15, "Income Taxes" in our notes to our consolidated financial statements included in this Annual Report.
We do not consider the earnings of our foreign subsidiaries, with the exception of India, to be permanently reinvested in foreign jurisdictions. The global intangible low-taxed income (“GILTI”) provisions require the Company to include in its U.S. income tax return foreign subsidiary earnings in excess of an allowable return on the foreign subsidiary’s tangible assets. The Company is currently in a tested loss and does not incur a GILTI tax. In India, we continue to invest and grow our research and development activities and have no plans to repatriate undistributed earnings held in India back to the U.S. parent company, and therefore consider earnings in India to be permanently reinvested.
Liquidity, Capital Resources and Cash Requirements
As of December 31, 2020, we had $510.3 million of cash and cash equivalents (of which $4.8 million is held in our foreign subsidiaries) and $75.0 million of availability under the Credit Agreement (as defined below). As of December 31, 2020, we had $278.7 million in net working capital, which we define as current assets less current liabilities, excluding deferred revenue.
On March 11, 2019, SailPoint Technologies, Inc., as borrower, and certain of our other wholly owned subsidiaries entered into a credit agreement (as amended, the “Credit Agreement”). In September 2019, the Company amended the Credit Agreement in connection with the issuance and sale of the Notes. Such amendment included a decrease in the commitments for revolving credit loans from an initial $150.0 million to $75.0 million, with a $15.0 million letter of credit sublimit, which amount can be increased or decreased under specified circumstances and is subject to certain financial covenants. Borrowings pursuant to the Credit Agreement may be used for working capital and other general corporate purposes, including for acquisitions permitted under the Credit Agreement. The Credit Agreement is scheduled to mature on March 11, 2024. We had no outstanding revolving credit loan balance as of December 31, 2020. We were in compliance with all applicable covenants as of December 31, 2020. See Note 9 “Line of Credit and Long-Term Debt” in our notes to our consolidated financial statements included in this Annual Report for more information regarding terms and conditions of the Credit Agreement.
In September 2019, we issued $400.0 million aggregate principal amount of 0.125% convertible senior notes (the “Notes”) due 2024 in a private offering (the "Offering") to qualified institutional buyers. The net proceeds from the Offering were approximately $391.2 million, after deducting discounts and commissions and other fees and expenses payable by the Company in connection with the Offering. In conjunction with the issuance of the Notes, and exercise in full of the initial purchasers’ option, the Company used approximately $37.1 million of the net proceeds to pay the cost of the privately negotiated capped call transactions (the “Capped Call Transactions”) to reduce our exposure to additional cash payments above principal balances in the event of a cash conversion of the Notes. The Notes will mature on September 15, 2024, unless earlier redeemed, repurchased or converted. The Notes bear interest at a fixed rate of 0.125% per year payable semiannually in arrears on March 15 and September 15 of each year. As of December 31, 2020, we had in aggregate $2.2 million in contractual interest payments, of which $0.8 million are due within the next 12 months.
As of December 31, 2020, the Notes are convertible at the option of the holders. We have the ability to settle the Notes in cash, shares of our common stock, or a combination of cash and shares of our common stock at our own election. The impact of the Notes on our liquidity will depend on whether we elect to settle any conversion in shares of our common stock or a combination of cash and shares. It is our current intent to settle conversions of the Notes through combination settlement, which involves repayment of the principal portion in cash and any excess of the conversion value over the principal amount in shares of our common stock. During the year ended December 31, 2020, we have received requests for conversion that we expect to settle in cash the aggregate amount of $10.2 million in principal of the 2024 Notes during the fiscal quarter ending March 31, 2021. As of the date of this filing, no other holders of the Notes have submitted requests for conversion.
41

See Note 10 “Convertible Senior Notes and Capped Call Transactions” in our notes to our consolidated financial statements included in this Annual Report for more information regarding terms and conditions of the Notes and Capped Call Transactions.
As of December 31, 2020, we had in aggregate $13.3 million in contractual commitments associated with agreements that are enforceable and legally binding, including hosting service agreements, of which $9.8 million are due within the next 12 months. Such amounts do not include obligations under contracts that we can cancel without significant penalty and purchase orders as the purchase orders represent authorizations to purchase rather than binding agreements.
As of December 31, 2020, we had $2.5 million of tax liabilities related to its uncertain tax positions. We cannot reasonably estimate the period which this obligation may be incurred, if at all.
The Company has operating lease obligations for our offices, primarily our corporate headquarters in Austin, Texas, that consists of future non-cancelable minimum rental payments. As of December 31, 2020, we had an outstanding letter of credit in the amount of $6.0 million, which is classified as restricted cash, primarily related to our corporate headquarters. For more information on our operating leases, refer to Note 7 “Leases” of our accompanying notes to our consolidated financial statements included elsewhere in this Annual Report on Form 10-K.
We believe that existing cash and cash equivalents, any positive cash flows from operations and available borrowings under our Credit Agreement will be sufficient to support working capital, capital expenditure and other cash requirements for at least the next 12 months and, based on our current expectations, for the foreseeable future thereafter. Our future capital requirements, both near-term and long-term, will depend on many factors, including our growth rate, the timing and extent of spending to support research and development efforts, the continued expansion of sales and marketing activities, the introduction of new solutions and product enhancements, the continuing market acceptance of our offerings and services, the costs of any future acquisitions in complementary businesses and technologies and the impact of the COVID-19 pandemic to our and our customers', vendors' and partners' businesses. To the extent existing cash and cash equivalents are not sufficient to fund future activities, we may borrow under our Credit Agreement or seek to raise additional funds through equity, equity-linked or debt financings. Any additional equity financing may be dilutive to our existing stockholders. We may enter into agreements or letters of intent with respect to potential investments in, or acquisitions of, complementary businesses, services or technologies, which could also require us to seek additional equity financing, incur indebtedness or use cash resources. In the event that additional financing is required from outside sources, we may not be able to raise it on terms acceptable to us or at all. If we are unable to raise additional capital when desired, or if we cannot expand our operations or otherwise capitalize on our business opportunities because we lack sufficient capital, our business, operating results and financial condition would be adversely affected.
Since inception, we have financed operations primarily through license fees, SaaS subscription fees, maintenance and support fees, consulting and training fees, borrowings under our prior credit agreement and, to a lesser degree, the sale of equity securities. Our principal uses of cash are funding operations and capital expenditures. Over the past several years, revenue has increased significantly from year to year and, as a result, cash flows from customer collections have increased. However, operating expenses have also increased as we have invested in growing our business. Our operating cash requirements may increase in the future as we continue to invest in key initiatives to drive the Company’s long-term growth.
Summary of Cash Flows
The following table summarizes our cash flows for the periods presented:
Year Ended December 31,
202020192018
(In thousands)
Net cash provided by operating activities$57,949 $50,091 $37,540 
Net cash used in investing activities(3,973)(38,906)(10,856)
Net cash provided by (used in) financing activities12,548 361,699 (65,575)
Net increase (decrease) in cash, cash equivalents and restricted cash$66,524 $372,884 $(38,891)
42

Cash Flows from Operating Activities
During 2020, cash provided by operating activities was $57.9 million, which consisted of a net loss of $10.8 million, adjusted by non-cash charges of $76.7 million and a net decrease of $8.0 million in our net operating assets and liabilities. The non-cash charges are primarily comprised of depreciation and amortization expense of $18.3 million, amortization of debt discount and issuance costs of $17.8 million, amortization of contract acquisition costs of $13.7 million, loss on disposal of fixed assets of $0.2 million, provision for credit losses of $0.6 million, impairment of intangible assets of $5.1 million and stock-based compensation of $29.1 million, partially offset by a net decrease in operating leases of $0.4 million and a reduction in deferred tax liabilities of $7.6 million. The decrease in our net operating assets and liabilities was primarily a result of an increase in deferred contract acquisition costs $32.6 million, an increase in prepayments and other assets of $18.1 million, an increase in accounts receivable of $6.8 million due to the timing of receipts of payments from customers and a decrease in income taxes payable of $1.0 million, partially offset by an increase in deferred revenue of $32.7 million due to the timing of billings and cash received in advance of revenue recognition primarily for subscription and support services, an increase in accrued expenses of $16.3 million due primarily to accrual of additional commissions and bonuses and an increase in accounts payable of $1.5 million due to timing of cash disbursements.
During 2019, cash provided by operating activities was $50.1 million, which consisted of a net loss of $8.5 million, adjusted by non-cash charges of $41.9 million and a net increase of $16.7 million in our net operating assets and liabilities. The non-cash charges are primarily comprised of depreciation and amortization expense of $15.0 million, amortization of debt discount and issuance costs of $4.7 million, amortization of contract acquisition costs of $10.1 million, bad debt expense of $0.2 million, stock-based compensation of $18.7 million, and a net increase in operating leases of $0.5 million, partially offset by a reduction in deferred tax liabilities of $7.3 million. The increase in our net operating assets and liabilities was primarily a result of an increase in deferred revenue of $37.3 million due to the timing of billings and cash received in advance of revenue recognition primarily for subscription and support services and an increase in accrued expenses of $11.8 million due primarily to accrual of additional commissions and bonuses, partially offset by a decrease in accounts payable of $1.6 million due to timing of cash disbursements, a decrease in income taxes payable of $0.1 million, an increase in deferred contract acquisition costs of $17.3 million, an increase in prepayments and other assets of $8.2 million and an increase in accounts receivable of $5.1 million due to the timing of receipts of payments from customers.
Cash Flows used in Investing Activities
During 2020, cash used in investing activities was $4.0 million, consisting primarily of $3.9 million in purchases of property and equipment.
During 2019, cash used in investing activities was $38.9 million, consisting of $6.2 million in purchases of property and equipment, $0.4 million in acquisitions of intangibles and $32.4 million in cash paid for business acquisitions, net, partially offset by proceeds from sales of property and equipment.
Cash Flows from Financing Activities
During 2020, cash provided by financing activities was $12.5 million, consisting of $7.4 million of proceeds from issuance of equity related to share issues pursuant to our Employee Stock Purchase Plan and $6.0 million of the proceeds from exercise of stock options, partially offset by $0.8 million in vesting of restricted stock units, primarily related to tax payments funded in the form of net issuances for certain executive officers.
During 2019, cash provided by financing activities was $361.7 million, consisting of $400.0 million of proceeds from issuance of the Notes, $5.6 million of proceeds from issuance of equity related to share issues pursuant to our Employee Stock Purchase Plan and $3.1 million of the proceeds from exercise of stock options, partially offset by payments of debt issuance costs of $9.6 million associated with the Credit Agreement and issuance of the Notes, $37.1 million of purchases of capped calls associated with the issuance of the Notes and $0.4 million in vesting of restricted stock units, primarily related to tax payments funded in the form of net issuances for certain executive officers.
Critical Accounting Estimates
Our consolidated financial statements are prepared in accordance with GAAP. The preparation of these financial statements requires our management to make estimates and assumptions that affect the reported amounts of assets, liabilities, revenue, costs and expenses and related disclosures. Our estimates are based on our historical experience and on various other factors that we believe are reasonable under the circumstances, the results of which form the basis for making judgments about the carrying value of assets and liabilities that are not readily apparent from other sources. Actual results may differ from these
43

judgments and estimates under different assumptions or conditions and any such differences may be material. To the extent that there are differences between our estimates and actual results, our future financial statement presentation, financial condition, results of operations and cash flows will be affected.
We believe that the accounting policies associated with fair value allocation of multiple performance obligation in revenue recognition, the expected period of benefit of deferred contract acquisition costs, income taxes, and the valuation, impairment and estimated useful lives of long-lived assets and goodwill arising from business combinations are the most significant areas involving management's judgments and estimates. Therefore, these are considered to be our critical accounting policies and estimates. For further information on all of our significant accounting policies, see Note 1 “Description of Business and Summary of Significant Accounting Policies” in our notes to our consolidated financial statements included in this Annual Report.
Revenue Recognition
Revenue consists of fees for perpetual and term licenses for our software products, SaaS subscriptions, post-contract customer support (referred to as maintenance and support), other subscription services, professional services which includes training and other revenue. We derive license revenue through the sale of our on-premises software license agreements. We typically recognize license revenue upon delivering the applicable license. We derive subscription revenue through the sale of our SaaS subscription, maintenance and support and other subscription services offerings. We typically recognize subscription revenue ratably over the contract term. We derive services and other revenue primarily through the sale of professional services. We typically recognize services and other revenue over time as the services are performed.
We apply judgment regarding contracts with multiple product and service obligations to determine whether each product or service is capable of being a distinct performance obligation in the contract. If products and services are not distinct, they are combined until a single distinct obligation is created. Determining whether products and services are considered distinct performance obligations that should be accounted for separately versus together may require significant judgment. We have contracts with customers that may have multiple performance obligations, including some or all of the following: software licenses, SaaS subscriptions, maintenance and support, other subscription services and professional services.
Judgment is required to determine the standalone selling price (“SSP") for each distinct performance obligation. We use a single amount to estimate SSP for items that are not sold separately. We use a range to determine SSP based on the selling price of the products and services when sold separately. The SSP range is used to allocate each performance obligation in a contract to the transaction price and to apply a discount that will be allocated based on the relative SSP of the various products and services.
When we do not have a directly observable SSP for a particular product or service, we estimate SSP by our overall pricing objectives, taking into consideration market factors, pricing practices including historical discounting, historical standalone sales of similar products, customer demographics, geographic locations, and the number and types of users within our contracts. The determination of SSP using the adjusted market assessment approach is made by the Company’s management.
The Company generally has standalone value for our professional services and recognize revenue as services are performed based on an estimated fair value as a separate performance obligation.
We allocate the transaction price to each performance obligation identified in the contract on a relative SSP and recognizes revenue when or as it satisfies a performance obligation by transferring control of a product or service to a customer.
Deferred Contract Acquisition Costs
Sales commissions paid to our sales force and the related employer payroll taxes, collectively “deferred contract acquisition costs,” are considered incremental and recoverable costs of obtaining a contract with a customer. The Company capitalizes and amortizes deferred contract acquisition costs over the remaining contractual term or over an expected period of benefit. Commissions allocated to the remaining elements are capitalized and amortized over an expected period of benefit. The Company has determined the expected period of benefit to be five years. The expected period of benefit was determined by taking into consideration our customer contracts, customer turnover rates, the life of our technology and other factors. In addition, the Company pays sales commissions for renewals of term licenses and subscription offerings at a lower rate, which is therefore not commensurate with commissions paid on an initial sale and are amortized over each renewal’s contractual term. The Company periodically reviews the amortization periods of its deferred contract acquisition costs and will update such
44

amortization period when there is a significant change in its expected timing of transfer to the customer of the products or services.
Income Taxes
We are subject to federal, state and local taxes in the United States as well as in other tax jurisdictions or countries in which we conduct business. Earnings from our non-U.S. activities are subject to local country income tax and may be subject to current federal and state income tax in the United States.
We account for uncertain tax positions based on those positions taken or expected to be taken in a tax return. We determine if the amount of available support indicates that it is more likely than not that the tax position will be sustained on audit, including resolution of any related appeals or litigation processes. We then measure the tax benefit as the largest amount that is more than 50% likely to be realized upon settlement. We adjust reserves for our uncertain tax positions due to changing facts and circumstances. To the extent that the final outcome of these matters is different than the amounts recorded, such differences will impact our tax provision in our consolidated statements of operations in the period in which such determination is made.
Goodwill, Intangibles, and Other Long-Lived Assets
We allocate the fair value of purchase consideration to the tangible assets acquired, liabilities assumed, and intangible assets acquired based on their estimated fair values on the acquisition date. The excess of the fair value of purchase consideration over the fair values of these identifiable assets and liabilities is recorded as goodwill. Such valuations require management to make significant estimates and assumptions, especially with respect to intangible assets. Significant estimates in valuing certain intangible assets may include, but are not limited to, future expected cash flows from acquired users, acquired technology, and trade names from a market participant perspective, useful lives and discount rates. Management’s estimates of fair value are based upon assumptions believed to be reasonable, but which are inherently uncertain and unpredictable and, as a result, actual results may differ from estimates.
We use estimates, assumptions, and judgments when assessing the recoverability of goodwill and acquired intangible assets. We test for impairment on an annual basis, or more frequently if a significant event or circumstance indicates impairment. We also evaluate the estimated remaining useful lives of acquired intangible assets for changes in circumstances that warrant a revision to the remaining periods of amortization. For purposes of assessing potential impairment of goodwill, we estimate the fair value of the reporting unit, based on our market capitalization, and compare this amount to the carrying value of the reporting unit. If we determine that the carrying value of the reporting unit exceeds its fair value, an impairment charge would be required. We have determined that we operate as one reporting unit and may first assess qualitative factors to determine whether the existence of events or circumstances indicate that an impairment test on goodwill is required. Goodwill is tested on an annual basis as of October 31st, or sooner if an indicator of impairment occurs. The Company internally monitors business and market conditions for evidence of triggering events for goodwill and acquired intangible assets. Such events or changes in circumstances include, but are not limited to, a significant decrease in the fair value of the underlying asset or asset group, a significant adverse change in the extent or manner in which a long-lived asset or asset group is being used or in its physical condition, an accumulation of costs and resources in excess of the original expectation, or a significant change in the operations of the acquired assets or use of an asset or asset group.
During the year ended December 31, 2020, the Company recorded an impairment charge of $5.1 million related to certain developed technology assets due to our strategic decision to discontinue further investment and enhancements in the standalone existing technology.
Recent Accounting Pronouncements
For a description of our recently adopted accounting pronouncements and recently issued accounting standards not yet adopted, see Note 1 “Description of Business and Summary of Significant Accounting Policies” in our notes to our consolidated financial statements included in this Annual Report.
Item 7A. Quantitative and Qualitative Disclosures About Market Risk
We are exposed to market risk in the ordinary course of our business. Market risk represents the risk of loss that may impact our financial position due to adverse changes in financial market prices and rates. Our market risk exposure is primarily
45

a result of fluctuations in interest rates and foreign currency exchange rates. We do not hold or issue financial instruments for trading purposes.
Interest Rate Risk
We had cash and cash equivalents and restricted cash of $516.6 million as of December 31, 2020, which are held in cash deposits and money market funds. Due to the short-term nature of these instruments, we believe that we do not have material risk of exposure to changes in the fair value of our cash and cash equivalents as a result of changes in interest rates. As of December 31, 2020, we do not believe a hypothetical 10% relative change in interest rates would have a material impact on the value of our cash equivalents.
We did not have any investments in marketable securities as of December 31, 2020.
In September 2019, we issued and sold $400.0 million aggregate principal amount of 0.125% convertible senior notes due 2024 in a private offering to qualified institutional buyers. The fair value of the Notes is subject to interest rate risk, market risk and other factors due to the conversion feature. The fair value of the Notes will generally increase as our common stock price increases and will generally decrease as our common stock price decreases. The interest and market value changes affect the fair value of the Notes but do not impact our financial position, cash flows or results of operations due to the fixed nature of the debt obligation. Additionally, we carry the Notes at face value less unamortized discount and debt issuance costs on our balance sheets, and we present the fair value for required disclosure purposes only.
Foreign Currency Exchange Risk
Our reporting currency is the U.S. dollar. Due to our international operations, we have foreign currency risk related to operating expenses denominated in currencies other than the U.S. dollar, primarily the British pound, Euro, Israeli shekel, Indian rupee, Australian dollar, Singapore dollar and Canadian dollar. As of December 31, 2020, our cash and cash equivalents included $4.8 million held in currencies other than the U.S. dollar. Decreases in the relative value of the U.S. dollar to other currencies may negatively affect our operating results as expressed in U.S. dollars. These amounts are included in other income (expense), net on our consolidated statements of operations.
Our results of operations and cash flows are subject to fluctuations due to changes in foreign currency exchange rates because, although substantially all of our revenue is generated in U.S. dollars, our expenses are generally denominated in the currencies of the jurisdictions in which we conduct our operations, which are primarily in the United States, Europe and Asia. Our results of operations and cash flows could therefore be adversely affected in the future due to changes in foreign exchange rates. We do not believe that a hypothetical 10% relative change in the value of the U.S. dollar to other currencies would have a material effect on our results of operations or cash flows, and to date, we have not engaged in any hedging strategies with respect to foreign currency transactions. As our international operations grow, we will continue to reassess our approach to manage our risk relating to fluctuations in currency rates, and we may choose to engage in the hedging of foreign currency transactions in the future.
46

Item 8. Financial Statements and Supplementary Data
INDEX TO CONSOLIDATED FINANCIAL STATEMENTS

47

REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM
Board of Directors and Stockholders
SailPoint Technologies Holdings, Inc.
Opinion on the financial statements
We have audited the accompanying consolidated balance sheets of SailPoint Technologies Holdings, Inc. (a Delaware corporation) and subsidiaries (the “Company”) as of December 31, 2020 and 2019, the related consolidated statements of operations, stockholders’ equity, and cash flows for each of the three years in the period ended December 31, 2020, and the related notes (collectively referred to as the “financial statements”). In our opinion, the financial statements present fairly, in all material respects, the financial position of the Company as of December 31, 2020 and 2019, and the results of its operations and its cash flows for each of the three years in the period ended December 31, 2020, in conformity with accounting principles generally accepted in the United States of America.
We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (“PCAOB”), the Company’s internal control over financial reporting as of December 31, 2020, based on criteria established in the 2013 Internal Control—Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (“COSO”), and our report dated February 25, 2021 expressed an unqualified opinion.
Basis for opinion
These financial statements are the responsibility of the Company’s management. Our responsibility is to express an opinion on the Company’s financial statements based on our audits. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.
We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether due to error or fraud. Our audits included performing procedures to assess the risks of material misstatement of the financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the financial statements. Our audits also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe that our audits provide a reasonable basis for our opinion.
Critical audit matter
The critical audit matter communicated below is a matter arising from the current period audit of the financial statements that was communicated or required to be communicated to the audit committee and that: (1) relates to accounts or disclosures that are material to the financial statements and (2) involved our especially challenging, subjective, or complex judgments. The communication of critical audit matters does not alter in any way our opinion on the financial statements, taken as a whole, and we are not, by communicating the critical audit matter below, providing a separate opinion on the critical audit matter or on the accounts or disclosures to which it relates.
Revenue Recognition – Identification of Performance Obligations and Allocation of the Transaction Price to Multiple Performance Obligations
As described in Notes 1 and 2 to the consolidated financial statements, the Company’s revenues consist of fees for perpetual and term licenses for software products, post-contract customer support (referred to as maintenance and support), software as a service (“SaaS”) subscriptions, other subscription services and professional services including training and other revenue. The Company has contracts with customers that may have multiple performance obligations including some or all of the following: software licenses, maintenance and support, SaaS, other subscription services and professional services. When multiple promised products and services are included within one contract, management applies judgment to determine whether promised products and services are capable of being distinct and distinct in the context of the contract. Additionally, the Company establishes the standalone selling price for each of its performance obligations to allocate transaction price in contracts including multiple performance obligations. If a standalone selling price is not directly observable, the Company estimates the standalone selling price, maximizing the use of observable inputs in making the estimate. Management applies judgment and considers many factors including past transactions, market conditions and internally approved pricing guidelines related to the
48

performance obligations. We identified revenue recognition specifically related to management’s identification of distinct performance obligations and its allocation of transaction price based on the established standalone selling price as a critical audit matter.
The principal consideration for our determination that these aspects of revenue recognition represent a critical audit matter are that, given the volume of contracts and that they may contain multiple products or services combined with the complexity and estimation involved in management’s identification of distinct performance obligations and determination of appropriate allocation of transaction price based on the established standalone selling prices for all distinct performance obligations, auditing the related revenue required both extensive audit effort and a high degree of auditor judgement when performing audit procedures and evaluating results of those procedures.
Our audit procedures related to the identification of performance obligations and allocation of total transaction price included the following, among others:
We tested the design and operating effectiveness of controls over revenue recognition, including the Company’s controls over the identification of performance obligations and determination of standalone selling price.
We obtained an understanding and evaluated the appropriateness of management’s process and methodology for revenue recognition including identifying distinct performance obligations. This included evaluating management’s determination of whether or not to combine multiple products or services into a single distinct performance obligation.
For each distinct performance obligation, we obtained management’s analysis to establish standalone selling price and performed the following procedures:
Evaluated the reasonableness of available data and factors used in management’s determination, including considering other sources of information that would be relevant to the analysis
Tested the completeness and accuracy of the source data used in management’s calculations.
We selected a sample of contracts and performed the following procedures:
Reperformed and evaluated management’s identification of the performance obligations within the contract with the customer, including whether management identified options to acquire additional goods or services that gave rise to a performance obligation.
Recalculated the appropriate allocation of transaction price based on the established standalone selling price for each distinct performance obligation.
/s/ GRANT THORNTON LLP
We have served as the Company’s auditor since 2010.
Denver, Colorado
February 25, 2021
49

REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM
Board of Directors and Stockholders
SailPoint Technologies Holdings, Inc.
Opinion on internal control over financial reporting
We have audited the internal control over financial reporting of SailPoint Technologies Holdings, Inc. (a Delaware corporation) and subsidiaries (the “Company”) as of December 31, 2020, based on criteria established in the 2013 Internal Control—Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (“COSO”). In our opinion, the Company maintained, in all material respects, effective internal control over financial reporting as of December 31, 2020, based on criteria established in the 2013 Internal Control—Integrated Framework issued by COSO.
We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (“PCAOB”), the consolidated financial statements of the Company as of and for the year ended December 31, 2020, and our report dated February 25, 2021 expressed an unqualified opinion on those financial statements.
Basis for opinion
The Company’s management is responsible for maintaining effective internal control over financial reporting and for its assessment of the effectiveness of internal control over financial reporting, included in the accompanying Management’s Report on Internal Control over Financial Reporting. Our responsibility is to express an opinion on the Company’s internal control over financial reporting based on our audit. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.
We conducted our audit in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects. Our audit included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, testing and evaluating the design and operating effectiveness of internal control based on the assessed risk, and performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinion.
Definition and limitations of internal control over financial reporting
A company’s internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company’s internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements.
Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.
/s/ GRANT THORNTON LLP
Denver, Colorado
February 25, 2021
50

SAILPOINT TECHNOLOGIES HOLDINGS, INC. AND SUBSIDIARIES
CONSOLIDATED BALANCE SHEETS
As of
December 31, 2020December 31, 2019
(In thousands, except per share data)
Assets
Current assets
Cash and cash equivalents$510,289 $443,795 
Restricted cash6,355 6,325 
Accounts receivable, net of allowance112,255 106,428 
Deferred contract acquisition costs, current15,592 10,905 
Prepayments and other current assets26,027 16,965 
Total current assets670,518 584,418 
Property and equipment, net19,443 21,300 
Right-of-use assets, net27,048 31,104 
Deferred contract acquisition costs, non-current38,510 24,247 
Other non-current assets, net of allowance15,016 6,307 
Goodwill241,103 241,051 
Intangible assets, net63,962 81,651 
Total assets$1,075,600 $990,078 
Liabilities and stockholders’ equity
Current liabilities
Accounts payable$4,753 $3,224 
Accrued expenses and other liabilities59,460 40,214 
Income taxes payable978 1,994 
Convertible senior notes, net326,672  
Deferred revenue165,995 127,132 
Total current liabilities557,858 172,564 
Deferred tax liability - non-current1,329 8,900 
Convertible senior notes, net - non-current 309,051 
Long-term operating lease liabilities33,080 38,035 
Other long-term liabilities 2,500 
Deferred revenue - non-current18,723 24,901 
Total liabilities610,990 555,951 
Commitments and contingencies (Note 8)
Stockholders’ equity
Common stock, $0.0001 par value, authorized 300,000 shares, issued and outstanding 91,386 shares as of December 31, 2020 and 89,676 shares as of December 31, 2019
9 9 
Preferred stock, $0.0001 par value, authorized 10,000 shares, no shares issued and outstanding as of December 31, 2020 and December 31, 2019
  
Additional paid in capital484,012 442,407 
Accumulated deficit(19,411)(8,289)
Total stockholders' equity464,610 434,127 
Total liabilities and stockholders’ equity$1,075,600 $990,078 
See accompanying notes to consolidated financial statements.
51

SAILPOINT TECHNOLOGIES HOLDINGS, INC. AND SUBSIDIARIES
CONSOLIDATED STATEMENTS OF OPERATIONS
Year Ended December 31,
202020192018
(In thousands, except per share data)
Revenue
Licenses$120,874 $102,800 $105,000 
Subscription196,817 143,390 104,033 
Services and other47,563 42,325 39,887 
Total revenue365,254 288,515 248,920 
Cost of revenue
Licenses4,467 4,239 4,634 
Subscription37,644 26,877 20,734 
Services and other38,517 34,359 29,302 
Impairment of intangible assets5,119   
Total cost of revenue85,747 65,475 54,670 
Gross profit279,507 223,040 194,250 
Operating expenses
Research and development71,191 56,120 43,154 
General and administrative37,783 39,816 34,781 
Sales and marketing169,656 136,537 105,402 
Total operating expenses278,630 232,473 183,337 
Income (loss) from operations877 (9,433)10,913 
Other income (expense), net
Interest income2,019 2,468 10 
Interest expense(18,612)(5,041)(4,717)
Other income (expense), net33 (1,082)(1,446)
Total other expense, net(16,560)(3,655)(6,153)
Income (loss) before income taxes(15,683)(13,088)4,760 
Income tax (expense) benefit4,920 4,588 (1,090)
Net income (loss)$(10,763)$(8,500)$3,670 
Net income (loss) available to common stockholders$(10,763)$(8,500)$3,641 
Net income (loss) per share
Basic$(0.12)(0.10)$0.04 
Diluted$(0.12)$(0.10)$0.04 
Weighted average shares outstanding
Basic90,512 88,907 86,495 
Diluted90,512 88,907 90,003 
See accompanying notes to consolidated financial statements.
52

SAILPOINT TECHNOLOGIES HOLDINGS, INC. AND SUBSIDIARIES
CONSOLIDATED STATEMENTS OF STOCKHOLDERS’ EQUITY
Common StockAdditional
paid in
capital