0001720671FY2021-02-01three yearfalse--01-31one year00017206712022-01-3100017206712021-12-310001720671hcp:LicenseRevenueMemberus-gaap:SalesRevenueNetMemberhcp:SubscriptionArrangementsMemberus-gaap:ProductConcentrationRiskMember2021-02-012022-01-310001720671hcp:TwoThousandFourteenAndTwoThousandTwentyOneStockPlanMember2020-02-012021-01-310001720671us-gaap:SeriesBPreferredStockMember2022-01-310001720671hcp:SecondarySalesMember2019-02-012020-01-310001720671hcp:TwoThousandFourteenStockPlanMemberus-gaap:RestrictedStockUnitsRSUMember2021-01-310001720671us-gaap:FairValueInputsLevel1Memberus-gaap:FairValueMeasurementsRecurringMember2021-01-310001720671srt:MaximumMember2021-02-012022-01-310001720671hcp:ProfessionalServicesMember2020-02-012021-01-310001720671hcp:ProfessionalServicesMember2019-02-012020-01-310001720671hcp:SecondaryTransactionsMemberus-gaap:ResearchAndDevelopmentExpenseMember2020-02-012021-01-310001720671us-gaap:SellingAndMarketingExpenseMemberhcp:SecondarySalesMember2021-02-012022-01-310001720671us-gaap:RedeemableConvertiblePreferredStockMember2021-01-310001720671hcp:TwoThousandTwentyOneEmployeeStockPurchasePlanMember2021-02-012022-01-310001720671us-gaap:DomesticCountryMemberus-gaap:ResearchMember2022-01-310001720671hcp:RestOfTheWorldMemberus-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMember2021-02-012022-01-310001720671us-gaap:SellingAndMarketingExpenseMember2019-02-012020-01-3100017206712020-11-012020-11-010001720671hcp:SupportMemberhcp:CostOfRevenueMemberhcp:SecondarySalesMember2020-02-012021-01-310001720671hcp:SeriesSeedPreferredStockMember2021-01-310001720671us-gaap:SalesRevenueNetMemberhcp:SubscriptionArrangementsMemberus-gaap:ProductConcentrationRiskMember2021-02-012022-01-310001720671us-gaap:RestrictedStockUnitsRSUMember2021-11-012021-11-3000017206712021-02-012022-01-310001720671hcp:SeriesBConvertiblePreferredStockMember2021-01-310001720671us-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMembercountry:US2020-02-012021-01-310001720671us-gaap:FurnitureAndFixturesMember2021-02-012022-01-310001720671us-gaap:FairValueInputsLevel2Memberus-gaap:MoneyMarketFundsMemberus-gaap:FairValueMeasurementsRecurringMember2021-01-310001720671us-gaap:RedeemableConvertiblePreferredStockMemberus-gaap:IPOMember2021-12-012021-12-310001720671us-gaap:AdditionalPaidInCapitalMember2019-01-310001720671hcp:SeriesARedeemableConvertiblePreferredStockMember2022-01-310001720671us-gaap:ConvertiblePreferredStockMember2022-01-310001720671hcp:SeriesAConvertiblePreferredStockMember2021-01-310001720671us-gaap:IPOMemberus-gaap:CommonClassAMember2021-12-310001720671us-gaap:RetainedEarningsMember2020-01-310001720671us-gaap:RedeemableConvertiblePreferredStockMember2020-02-012021-01-310001720671hcp:EarlyExerciseOfEmployeeOptionsMember2021-02-012022-01-310001720671us-gaap:CommonClassAMember2021-01-310001720671us-gaap:IPOMember2021-12-012021-12-310001720671us-gaap:SellingAndMarketingExpenseMember2021-02-012022-01-310001720671hcp:SeriesCRedeemableConvertiblePreferredStockMember2021-01-310001720671us-gaap:GeneralAndAdministrativeExpenseMemberhcp:SecondarySalesMember2019-02-012020-01-310001720671hcp:CostOfRevenueMemberhcp:ProfessionalServicesMember2020-02-012021-01-310001720671us-gaap:AdditionalPaidInCapitalMember2021-02-012022-01-310001720671hcp:RestOfTheWorldMember2020-02-012021-01-310001720671hcp:LicenseRevenueMemberus-gaap:SalesRevenueNetMemberhcp:SubscriptionArrangementsMemberus-gaap:ProductConcentrationRiskMember2019-02-012020-01-310001720671us-gaap:CertificatesOfDepositMember2021-01-310001720671us-gaap:LeaseholdImprovementsMember2021-01-310001720671us-gaap:SoftwareDevelopmentMember2021-01-310001720671hcp:SupportMemberhcp:CostOfRevenueMember2020-02-012021-01-310001720671hcp:TwoThousandTwentyOneEquityIncentivePlanMember2022-01-310001720671us-gaap:IPOMemberus-gaap:CommonClassAMember2021-12-012021-12-310001720671hcp:SecondarySalesMemberus-gaap:ResearchAndDevelopmentExpenseMember2020-02-012021-01-310001720671us-gaap:RevolvingCreditFacilityMember2020-11-232020-11-230001720671us-gaap:RetainedEarningsMember2020-02-012021-01-310001720671us-gaap:SalesRevenueNetMemberhcp:ProfessionalServicesMemberus-gaap:ProductConcentrationRiskMember2019-02-012020-01-310001720671hcp:SeriesARedeemableConvertiblePreferredStockMember2021-01-310001720671srt:MinimumMember2022-01-310001720671hcp:TwoThousandTwentyOneEquityIncentivePlanMemberus-gaap:RestrictedStockUnitsRSUMember2022-01-310001720671us-gaap:ResearchAndDevelopmentExpenseMember2021-02-012022-01-310001720671us-gaap:CommonClassAMember2022-03-210001720671us-gaap:RedeemableConvertiblePreferredStockMember2022-01-310001720671hcp:ProfessionalServicesMember2021-02-012022-01-310001720671srt:MaximumMemberhcp:TwoThousandTwentyOneEmployeeStockPurchasePlanMember2021-02-012022-01-310001720671hcp:CostOfRevenueMemberhcp:ProfessionalServicesMember2019-02-012020-01-310001720671hcp:SubscriptionArrangementsMemberhcp:CloudHostedServicesMember2019-02-012020-01-310001720671us-gaap:ConstructionInProgressMember2022-01-310001720671srt:BoardOfDirectorsChairmanMember2022-01-310001720671hcp:SecondarySalesMember2020-02-012021-01-310001720671us-gaap:RestrictedStockUnitsRSUMemberhcp:TwoThousandFourteenAndTwoThousandTwentyOneStockPlanMember2021-01-310001720671us-gaap:FairValueInputsLevel1Memberus-gaap:FairValueMeasurementsRecurringMember2022-01-310001720671us-gaap:StateAndLocalJurisdictionMember2021-02-012022-01-310001720671hcp:SupportMemberhcp:CostOfRevenueMember2019-02-012020-01-310001720671us-gaap:LondonInterbankOfferedRateLiborSwapRateMember2020-11-232020-11-230001720671hcp:TwoThousandTwentyOneEquityIncentivePlanMember2021-02-012022-01-310001720671hcp:SecondaryTransactionsMemberus-gaap:GeneralAndAdministrativeExpenseMember2019-02-012020-01-310001720671us-gaap:AdditionalPaidInCapitalMember2021-01-310001720671us-gaap:ResearchMemberus-gaap:StateAndLocalJurisdictionMember2022-01-310001720671us-gaap:CommonClassBMember2021-02-012022-01-310001720671us-gaap:RedeemableConvertiblePreferredStockMember2019-01-310001720671us-gaap:MoneyMarketFundsMemberus-gaap:FairValueInputsLevel1Memberus-gaap:FairValueMeasurementsRecurringMember2021-01-310001720671srt:MinimumMember2021-02-012022-01-310001720671us-gaap:CommonClassBMember2022-01-310001720671us-gaap:MoneyMarketFundsMemberus-gaap:FairValueInputsLevel3Memberus-gaap:FairValueMeasurementsRecurringMember2021-01-310001720671us-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMember2022-01-310001720671hcp:ClassAAndBCommonStockMember2021-01-310001720671hcp:TwoThousandFourteenStockPlanMemberus-gaap:RestrictedStockUnitsRSUMember2022-01-310001720671us-gaap:CommonClassAMember2022-01-310001720671us-gaap:RevolvingCreditFacilityMember2021-01-310001720671hcp:SubscriptionArrangementsMember2019-02-012020-01-310001720671hcp:RestOfTheWorldMember2019-02-012020-01-310001720671hcp:SeriesBRedeemableConvertiblePreferredStockMember2021-01-310001720671us-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMember2020-02-012021-01-310001720671hcp:CostOfRevenueMemberhcp:ProfessionalServicesMember2021-02-012022-01-310001720671us-gaap:CommonClassBMember2021-01-310001720671hcp:SeriesERedeemableConvertiblePreferredStockMember2022-01-3100017206712019-01-310001720671us-gaap:RevolvingCreditFacilityMember2020-11-230001720671hcp:SeriesSeedPreferredStockMember2022-01-310001720671us-gaap:LeaseholdImprovementsMember2021-02-012022-01-310001720671hcp:SeriesERedeemableConvertiblePreferredStockMember2021-02-012022-01-310001720671us-gaap:FairValueInputsLevel2Memberus-gaap:MoneyMarketFundsMemberus-gaap:FairValueMeasurementsRecurringMember2022-01-310001720671hcp:SeriesDRedeemableConvertiblePreferredStockMember2022-01-310001720671hcp:TwoThousandFourteenAndTwoThousandTwentyOneStockPlanMember2021-02-012022-01-310001720671us-gaap:ComputerEquipmentMember2021-01-310001720671hcp:ClassAAndBCommonStockMember2019-01-310001720671us-gaap:GeneralAndAdministrativeExpenseMemberhcp:SecondarySalesMember2020-02-012021-01-310001720671hcp:SecondarySalesMember2021-02-012022-01-310001720671hcp:ClassAAndBCommonStockMember2021-02-012022-01-310001720671hcp:SecondaryTransactionsMemberus-gaap:GeneralAndAdministrativeExpenseMember2020-02-012021-01-310001720671hcp:SeriesDConvertiblePreferredStockMember2021-01-310001720671hcp:TwoThousandFourteenStockPlanMember2021-01-310001720671us-gaap:ResearchAndDevelopmentExpenseMember2020-02-012021-01-310001720671hcp:SecondaryTransactionsMemberhcp:CostOfRevenueMemberhcp:ProfessionalServicesMember2020-02-012021-01-310001720671srt:MinimumMember2020-01-310001720671hcp:SeriesCRedeemableConvertiblePreferredStockMember2021-02-012022-01-310001720671hcp:RestrictedStockAwardsMember2021-03-012021-03-310001720671hcp:LicenseRevenueMemberus-gaap:SalesRevenueNetMemberhcp:SubscriptionArrangementsMemberus-gaap:ProductConcentrationRiskMember2020-02-012021-01-310001720671hcp:SecondarySalesMemberus-gaap:ResearchAndDevelopmentExpenseMember2019-02-012020-01-310001720671srt:MaximumMember2020-01-310001720671us-gaap:RetainedEarningsMember2021-01-310001720671hcp:EarlyExerciseOfEmployeeOptionsMember2020-02-012021-01-310001720671hcp:RestOfTheWorldMemberus-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMember2020-02-012021-01-310001720671hcp:TwoThousandFourteenAndTwoThousandTwentyOneStockPlanMember2021-01-310001720671hcp:TwoThousandTwentyOneEmployeeStockPurchasePlanMemberus-gaap:CommonClassAMember2021-12-012021-12-310001720671hcp:SecondaryTransactionsMember2020-02-012021-01-310001720671us-gaap:RevolvingCreditFacilityMember2022-01-310001720671hcp:RestOfTheWorldMemberus-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMember2019-02-012020-01-310001720671hcp:SupportMemberhcp:SecondarySalesMemberhcp:CostOfRevenueMember2019-02-012020-01-310001720671hcp:SecondaryTransactionsMember2019-02-012020-01-3100017206712021-01-310001720671us-gaap:StockCompensationPlanMember2019-02-012020-01-310001720671us-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMember2021-02-012022-01-310001720671hcp:ClassAAndBCommonStockMember2020-01-310001720671hcp:TwoThousandFourteenAndTwoThousandTwentyOneStockPlanMember2020-01-310001720671us-gaap:GeneralAndAdministrativeExpenseMember2021-02-012022-01-310001720671hcp:TwoThousandTwentyOneEquityIncentivePlanMemberus-gaap:CommonClassAMember2022-01-310001720671us-gaap:SellingAndMarketingExpenseMember2020-02-012021-01-310001720671hcp:RestOfTheWorldMember2021-02-012022-01-310001720671us-gaap:SalesRevenueNetMemberus-gaap:ProductConcentrationRiskMember2020-02-012021-01-310001720671hcp:SubscriptionArrangementsMemberhcp:CloudHostedServicesMember2020-02-012021-01-310001720671hcp:SeriesBRedeemableConvertiblePreferredStockMember2021-02-012022-01-310001720671hcp:SeriesSeedPreferredStockMember2021-02-012022-01-310001720671hcp:SeriesBRedeemableConvertiblePreferredStockMember2022-01-310001720671us-gaap:SalesRevenueNetMemberhcp:ProfessionalServicesMemberus-gaap:ProductConcentrationRiskMember2021-02-012022-01-310001720671us-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMembercountry:US2021-02-012022-01-310001720671hcp:TwoThousandTwentyOneEquityIncentivePlanMemberus-gaap:SubsequentEventMember2022-02-2800017206712021-09-300001720671us-gaap:RetainedEarningsMember2019-02-012020-01-310001720671us-gaap:ComputerEquipmentMember2021-02-012022-01-310001720671us-gaap:SalesRevenueNetMemberhcp:SubscriptionArrangementsMemberus-gaap:ProductConcentrationRiskMember2019-02-012020-01-310001720671hcp:RestrictedStockAwardsMember2021-08-012021-08-310001720671hcp:SeriesCRedeemableConvertiblePreferredStockMember2022-01-310001720671srt:MinimumMemberhcp:TwoThousandTwentyOneEmployeeStockPurchasePlanMember2021-02-012022-01-310001720671hcp:SeriesCConvertiblePreferredStockMember2021-01-3100017206712021-09-012021-09-300001720671hcp:NonemployeesMember2020-02-012021-01-3100017206712021-12-012021-12-3100017206712019-02-012020-01-310001720671hcp:CostOfRevenueMemberhcp:CloudHostedServicesMember2021-02-012022-01-310001720671us-gaap:ResearchAndDevelopmentExpenseMember2019-02-012020-01-310001720671hcp:SeriesEConvertiblePreferredStockMember2021-01-310001720671hcp:TwoThousandFourteenStockPlanMember2021-02-012022-01-310001720671us-gaap:SoftwareDevelopmentMember2021-02-012022-01-3100017206712022-02-012022-01-310001720671hcp:SubscriptionArrangementsMember2021-02-012022-01-310001720671srt:MinimumMember2021-01-310001720671us-gaap:RetainedEarningsMember2022-01-310001720671us-gaap:SubsequentEventMemberhcp:TwoThousandTwentyOneEmployeeStockPurchasePlanMember2022-02-280001720671us-gaap:IPOMember2021-02-012022-01-310001720671us-gaap:RedeemableConvertiblePreferredStockMember2020-01-310001720671us-gaap:FairValueInputsLevel3Memberus-gaap:FairValueMeasurementsRecurringMember2022-01-310001720671us-gaap:SalesRevenueNetMemberus-gaap:ProductConcentrationRiskMember2021-02-012022-01-310001720671us-gaap:RedeemableConvertiblePreferredStockMember2019-02-012020-01-310001720671us-gaap:AdditionalPaidInCapitalMember2022-01-310001720671us-gaap:RestrictedStockUnitsRSUMemberus-gaap:SubsequentEventMember2022-03-012022-03-250001720671hcp:SeriesERedeemableConvertiblePreferredStockMember2021-01-310001720671hcp:SupportMemberhcp:SubscriptionArrangementsMember2021-02-012022-01-310001720671hcp:LicenseRevenueMemberhcp:SubscriptionArrangementsMember2019-02-012020-01-310001720671hcp:TwoThousandTwentyOneEmployeeStockPurchasePlanMember2021-02-012022-01-310001720671hcp:SeriesERedeemableConvertiblePreferredStockMember2020-03-012020-03-310001720671us-gaap:SalesRevenueNetMemberhcp:SupportMemberhcp:SubscriptionArrangementsMemberus-gaap:ProductConcentrationRiskMember2021-02-012022-01-310001720671us-gaap:SalesRevenueNetMemberhcp:SubscriptionArrangementsMemberus-gaap:ProductConcentrationRiskMember2020-02-012021-01-310001720671hcp:TwoThousandFourteenAndTwoThousandTwentyOneStockPlanMember2022-01-310001720671us-gaap:CommonClassAMember2021-02-012022-01-3100017206712021-02-012021-01-310001720671hcp:SecondaryTransactionsMember2021-02-012022-01-310001720671us-gaap:AccountingStandardsUpdate201912Member2022-01-310001720671us-gaap:RedeemableConvertiblePreferredStockMember2021-02-012022-01-310001720671srt:MaximumMember2021-01-310001720671us-gaap:ComputerEquipmentMember2022-01-310001720671us-gaap:CommonClassBMember2022-03-210001720671country:US2020-02-012021-01-310001720671us-gaap:CommonClassBMember2021-12-310001720671hcp:SupportMemberhcp:SubscriptionArrangementsMember2020-02-012021-01-310001720671us-gaap:SalesRevenueNetMemberhcp:SubscriptionArrangementsMemberhcp:SupportMemberus-gaap:ProductConcentrationRiskMember2019-02-012020-01-310001720671hcp:SecondarySalesMemberhcp:CostOfRevenueMemberhcp:ProfessionalServicesMember2021-02-012022-01-310001720671us-gaap:StockCompensationPlanMember2021-02-012022-01-310001720671hcp:SubscriptionArrangementsMember2020-02-012021-01-310001720671us-gaap:SalesRevenueNetMemberhcp:SubscriptionArrangementsMemberhcp:CloudHostedServicesMemberus-gaap:ProductConcentrationRiskMember2019-02-012020-01-310001720671hcp:SecondaryTransactionsMemberus-gaap:SellingAndMarketingExpenseMember2020-02-012021-01-310001720671hcp:ClassAAndClassBCommonStockSubjectToRepurchaseMember2021-02-012022-01-310001720671us-gaap:AdditionalPaidInCapitalMember2020-01-310001720671us-gaap:MoneyMarketFundsMemberus-gaap:FairValueMeasurementsRecurringMember2022-01-310001720671hcp:LicenseRevenueMemberhcp:SubscriptionArrangementsMember2020-02-012021-01-310001720671hcp:TwoThousandFourteenStockPlanMemberus-gaap:EmployeeStockOptionMember2021-01-310001720671us-gaap:MoneyMarketFundsMemberus-gaap:FairValueInputsLevel1Memberus-gaap:FairValueMeasurementsRecurringMember2022-01-3100017206712020-01-310001720671us-gaap:FairValueMeasurementsRecurringMember2022-01-310001720671us-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMember2019-02-012020-01-310001720671us-gaap:SellingAndMarketingExpenseMemberhcp:SecondarySalesMember2019-02-012020-01-310001720671us-gaap:SellingAndMarketingExpenseMemberhcp:SecondarySalesMember2020-02-012021-01-310001720671us-gaap:FurnitureAndFixturesMember2022-01-310001720671srt:BoardOfDirectorsChairmanMember2021-02-012022-01-310001720671hcp:CostOfRevenueMemberhcp:SecondarySalesMemberhcp:ProfessionalServicesMember2020-02-012021-01-310001720671us-gaap:SeriesAPreferredStockMember2022-01-310001720671hcp:TwoThousandTwentyOneEmployeeStockPurchasePlanMemberus-gaap:CommonClassAMember2022-01-310001720671hcp:SupportMemberhcp:CostOfRevenueMember2021-02-012022-01-310001720671hcp:ClassAAndClassBCommonStockSubjectToRepurchaseMember2020-02-012021-01-310001720671us-gaap:AdditionalPaidInCapitalMember2019-02-012020-01-310001720671hcp:SecondarySalesMemberhcp:CostOfRevenueMemberhcp:ProfessionalServicesMember2019-02-012020-01-310001720671hcp:SecondarySalesMemberus-gaap:ResearchAndDevelopmentExpenseMember2021-02-012022-01-310001720671us-gaap:SalesRevenueNetMemberhcp:SubscriptionArrangementsMemberhcp:CloudHostedServicesMemberus-gaap:ProductConcentrationRiskMember2020-02-012021-01-310001720671hcp:ClassAAndBCommonStockMember2020-02-012021-01-310001720671us-gaap:LeaseholdImprovementsMember2022-01-310001720671hcp:TwoThousandFourteenStockPlanMemberus-gaap:RestrictedStockUnitsRSUMember2021-02-012022-01-310001720671hcp:LicenseRevenueMemberhcp:SubscriptionArrangementsMember2021-02-012022-01-310001720671us-gaap:DomesticCountryMember2021-02-012022-01-310001720671us-gaap:RestrictedStockUnitsRSUMemberhcp:TwoThousandFourteenAndTwoThousandTwentyOneStockPlanMember2021-02-012022-01-310001720671us-gaap:RestrictedStockUnitsRSUMemberhcp:TwoThousandFourteenAndTwoThousandTwentyOneStockPlanMember2022-01-310001720671us-gaap:RestrictedStockUnitsRSUMember2021-01-310001720671country:US2019-02-012020-01-310001720671hcp:EarlyExerciseOfEmployeeOptionsMember2019-02-012020-01-310001720671us-gaap:RestrictedStockUnitsRSUMember2021-02-012022-01-310001720671hcp:ClassAAndClassBCommonStockSubjectToRepurchaseMember2019-02-012020-01-310001720671hcp:SupportMemberhcp:SecondaryTransactionsMemberhcp:CostOfRevenueMember2020-02-012021-01-310001720671hcp:SubscriptionArrangementsMemberhcp:SupportMember2019-02-012020-01-310001720671us-gaap:RestrictedStockUnitsRSUMember2022-01-310001720671hcp:SeriesDRedeemableConvertiblePreferredStockMember2021-01-310001720671hcp:SeriesSeedConvertiblePreferredStockMember2021-01-310001720671srt:BoardOfDirectorsChairmanMember2019-02-012020-01-310001720671srt:BoardOfDirectorsChairmanMember2020-02-012021-01-310001720671hcp:TwoThousandTwentyOneEquityIncentivePlanMemberus-gaap:EmployeeStockOptionMember2022-01-310001720671srt:BoardOfDirectorsChairmanMember2021-01-310001720671hcp:NonemployeesMember2021-02-012022-01-310001720671us-gaap:FurnitureAndFixturesMember2021-01-310001720671us-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMember2021-01-310001720671hcp:SubscriptionArrangementsMemberhcp:CloudHostedServicesMember2021-02-012022-01-310001720671hcp:ClassAAndBCommonStockMember2019-02-012020-01-310001720671us-gaap:GeneralAndAdministrativeExpenseMember2020-02-012021-01-310001720671us-gaap:SalesRevenueNetMemberhcp:SubscriptionArrangementsMemberhcp:SupportMemberus-gaap:ProductConcentrationRiskMember2020-02-012021-01-310001720671us-gaap:RestrictedStockUnitsRSUMember2020-02-012021-01-310001720671country:US2021-02-012022-01-310001720671us-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMembercountry:US2019-02-012020-01-310001720671hcp:TwoThousandFourteenStockPlanMemberus-gaap:RestrictedStockUnitsRSUMember2019-11-202019-11-200001720671srt:MaximumMember2022-01-310001720671hcp:TwoThousandTwentyOneEmployeeStockPurchasePlanMember2022-01-310001720671us-gaap:StateAndLocalJurisdictionMember2022-01-310001720671us-gaap:DomesticCountryMember2022-01-310001720671hcp:SecondarySalesMemberhcp:CloudHostedServicesMemberhcp:CostOfRevenueMember2021-02-012022-01-310001720671hcp:SeriesARedeemableConvertiblePreferredStockMember2021-02-012022-01-310001720671us-gaap:RetainedEarningsMember2019-01-310001720671us-gaap:FairValueInputsLevel3Memberus-gaap:FairValueMeasurementsRecurringMember2021-01-310001720671us-gaap:IPOMember2022-01-310001720671hcp:NonemployeesMember2019-02-012020-01-310001720671us-gaap:MoneyMarketFundsMemberus-gaap:FairValueInputsLevel3Memberus-gaap:FairValueMeasurementsRecurringMember2022-01-310001720671us-gaap:GeneralAndAdministrativeExpenseMember2019-02-012020-01-310001720671us-gaap:SalesRevenueNetMemberhcp:SubscriptionArrangementsMemberhcp:CloudHostedServicesMemberus-gaap:ProductConcentrationRiskMember2021-02-012022-01-310001720671us-gaap:FairValueMeasurementsRecurringMember2021-01-3100017206712020-02-012021-01-310001720671us-gaap:MoneyMarketFundsMemberus-gaap:FairValueMeasurementsRecurringMember2021-01-310001720671us-gaap:StockCompensationPlanMember2020-02-012021-01-310001720671us-gaap:GeneralAndAdministrativeExpenseMemberhcp:SecondarySalesMember2021-02-012022-01-310001720671us-gaap:SoftwareDevelopmentMember2022-01-310001720671us-gaap:SubsequentEventMember2022-03-012022-03-250001720671us-gaap:SalesRevenueNetMemberus-gaap:ProductConcentrationRiskMember2019-02-012020-01-310001720671hcp:TwoThousandTwentyOneEmployeeStockPurchasePlanMemberus-gaap:CommonClassAMember2021-12-310001720671hcp:SupportMemberhcp:SecondarySalesMemberhcp:CostOfRevenueMember2021-02-012022-01-310001720671us-gaap:RetainedEarningsMember2021-02-012022-01-310001720671hcp:SeriesDRedeemableConvertiblePreferredStockMember2021-02-012022-01-310001720671hcp:ClassAAndBCommonStockMember2022-01-310001720671hcp:SeriesERedeemableConvertiblePreferredStockMember2020-03-310001720671us-gaap:AdditionalPaidInCapitalMember2020-02-012021-01-310001720671us-gaap:SalesRevenueNetMemberhcp:ProfessionalServicesMemberus-gaap:ProductConcentrationRiskMember2020-02-012021-01-31xbrli:purehcp:Purchaseperiodiso4217:USDxbrli:sharesxbrli:shareshcp:Customerhcp:Segmentiso4217:USD

Table of Contents

 

 

 

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

 

Washington, D.C. 20549

 

 

FORM 10-K

(Mark One)

 

 

 

 

 

 

   ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

 

For the fiscal year ended January 31, 2022

 

OR

 

   TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

 

FOR THE TRANSITION PERIOD FROM TO

 

Commission File Number: 001-41121

 

 

 

HashiCorp, Inc.

(Exact name of Registrant as specified in its charter)

 

 

Delaware

 

32-0410665

(State or other jurisdiction of

 incorporation or organization)

 

(I.R.S. Employer
Identification Number)

101 Second Street, Suite 700

San Francisco, CA 94105

(Address of principal executives offices, including zip code)

Registrant's telephone number including area code: (415) 301-3227

 

 

Securities registered pursuant to Section 12(b) of the Act:

 

 

(Title of each class)

Trading Symbol(s)

(Name of each exchange on which registered)

 

Class A Common Stock, par value $0.000015 per share

HCP

The Nasdaq Global Select Market

 

Securities registered pursuant to Section 12(g) of the Act: None

 

Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes ☐ No

Indicate by check mark if the registrant is not required to file reports pursuant to Section 13b or 15(d) of the Act. Yes ☐ No

Indicate by check mark whether the registrant: (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes ☒ No ☐

Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). Yes ☒ No ☐

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.

Large accelerated filer

Accelerated filer

Non-accelerated filer

Smaller reporting company

 

 

Emerging growth company

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act.

Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report.

Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act). Yes No ☒

The aggregate market value of voting and non-voting common equity held by non-affiliates of the registrant, based on the closing price of $66.39 for shares of the registrant’s Class A common stock on January 31, 2022, as reported by the Nasdaq Global Select Market on such date, was approximately $2,031.3 million. The registrant has elected to use January 31, 2022 as the calculation date because on July 31, 2021 (the last business day of the registrant’s second fiscal quarter), the registrant was a privately held company.

As of March 21, 2022 the number of registrant’s issued and outstanding shares of Class A common stock and Class B common stock was 31,821,103 and 151,658,266, respectively.

 

DOCUMENTS INCORPORATED BY REFERENCE

 

Portions of the registrant’s definitive Proxy Statement relating to its fiscal year 2022 Annual Meeting of Stockholders are incorporated by reference into Part III of this Annual Report on Form 10-K where indicated. Such Proxy Statement will be filed with the United States Securities and Exchange Commission within 120 days after the end of the fiscal year to which this Annual Report on Form 10-K relates.

 

 

 


Table of Contents

HashiCorp, Inc.

Form 10-K

For the Fiscal year Ended January 31, 2022

 

TABLE OF CONTENTS

 

 

PART I

Page

Item 1.

Business

3

Item 1A.

Risk Factors

15

Item 1B.

Unresolved Staff Comments

50

Item 2

Properties

50

Item 3

Legal Proceedings

50

Item 4

Mine Safety Disclosures

50

 

 

 

 

 

PART II

Page

Item 5.

Market for Registrant's Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities

51

Item 6.

[Reserved]

52

Item 7.

Management's Discussion and Analysis of Financial Condition and Results of Operations

53

Item 7A.

Quantitative and Qualitative Disclosures about Market Risk

73

Item 8.

Financial Statements and Supplementary Data

74

Item 9.

Changes in and Disagreements with Accountants on Accounting and Financial Disclosure

108

Item 9A.

Controls and Procedures

108

Item 9B.

Other Information

109

 

 

PART III

Page

Item 10.

Directors, Executive Officers and Corporate Governance

110

Item 11.

Executive Compensation

110

Item 12.

Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters

110

Item 13.

Certain Relationships and Related Transactions and Director Independence

110

Item 14.

Principal Accountant Fees and Services

110

 

 

PART IV

Page

Item 15.

Exhibits, Financial Statement Schedules

111

Item 16.

Form 10-K Summary

113

 

Signatures

114

 

 


Table of Contents

SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS

This Annual Report on Form 10-K contains forward-looking statements about us and our industry that involve substantial risks and uncertainties, some of which cannot be predicted or quantified. All statements other than statements of historical fact contained in this Annual Report on Form 10-K, including statements regarding our future results of operations or financial condition, business strategy and plans, and objectives of management for future operations, are forward-looking statements. In some cases, you can identify forward-looking statements because they contain words such as “anticipate,” “believe,” “contemplate,” “continue,” “could,” “estimate,” “expect,” “hope,” “intend,” “may,” “might,” “objective,” “ongoing,” “plan,” “potential,” “predict,” “project,” “should,” “target,” “will,” or “would” or the negative of these words or other similar terms or expressions. In particular, information appearing under the sections titled “Business,” “Risk Factors,” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and other portions of this Annual Report on Form 10-K include forward-looking statements. These forward-looking statements include, but are not limited to, statements concerning the following:

our future operating and financial performance, ability to generate positive cash flow and ability to achieve and sustain profitability;
our ability to attract and retain customers to use our products;
our ability to successfully anticipate and satisfy customer demands, including through the introduction of new features, products or services and the provision of professional services;
our ability to increase usage of our platform and sell additional products to existing customers;
future investments in our business, our anticipated capital expenditures, and our estimates regarding our capital requirements;
the costs and success of our sales and marketing efforts, and our ability to promote our brand;
the estimated addressable market opportunity for our products and growth rate of those markets;
our reliance on key personnel and our ability to identify, recruit, and retain skilled personnel;
our ability to continue to build and maintain credibility with the developer community;
our ability to form new and expand existing strategic partnerships;
our ability to maintain the security of our software and adequately address privacy concerns;
our ability to accurately forecast our sales cycle and make changes to our pricing model;
our ability to effectively manage our growth, including any international expansion;
our ability to protect our intellectual property rights and any costs associated therewith;
the future trading prices of shares of our Class A common stock;
the effects of COVID-19 or other public health crises;
our ability to compete effectively with existing competitors and new market entrants;
the effects of any existing or future claims or litigation;
the effects of a rising rate of inflation; and
our ability to comply with modified or new laws and regulations applying to our business.

1


Table of Contents

Actual events or results may differ from those expressed in forward-looking statements. Consequently, you should not rely on forward-looking statements as predictions of future events. We have based the forward-looking statements contained in this Annual Report on Form 10-K primarily on our current expectations and projections about future events and trends that we believe may affect our business, financial condition, results of operations, prospects, strategy, and financial needs. The outcome of the events described in these forward-looking statements is subject to risks, uncertainties, assumptions, and other factors described in the section titled “Risk Factors” and elsewhere in this Annual Report on Form 10-K. Moreover, we operate in a highly competitive and rapidly changing environment. New risks and uncertainties emerge from time to time, and it is not possible for us to predict all risks and uncertainties that could have an impact on the forward-looking statements contained in this Annual Report on Form 10-K. The results, events, and circumstances reflected in the forward-looking statements may not be achieved or occur, and actual results, events, or circumstances could differ materially from those described in the forward-looking statements.

In addition, statements that “we believe” and similar statements reflect our beliefs and opinions on the relevant subject. These statements are based on information available to us as of the date of this Annual Report on Form 10-K. While we believe that such information provides a reasonable basis for these statements, such information may be limited or incomplete. Our statements should not be read to indicate that we have conducted an exhaustive inquiry into, or review of, all relevant information. These statements are inherently uncertain, and investors are cautioned not to unduly rely on these statements.

The forward-looking statements made in this Annual Report on Form 10-K relate only to events as of the date on which the statements are made. We undertake no obligation to update any forward-looking statements made in this Annual Report on Form 10-K to reflect events or circumstances after the date of this Annual Report on Form 10-K, or to reflect new information, actual results, revised expectations, or the occurrence of unanticipated events, except as required by law. We may not actually achieve the plans, intentions, or expectations disclosed in our forward-looking statements, and you should not place undue reliance on our forward-looking statements.

 

2


Table of Contents

Part I

ITEM 1. Business

Overview

At HashiCorp, we believe that infrastructure enables innovation.

Our foundational technologies solve the core infrastructure challenges of cloud adoption by enabling an operating model that unlocks the full potential of modern public and private clouds. Our cloud operating model provides consistent workflows and a standardized approach to automating the critical processes involved in delivering applications in the cloud: infrastructure provisioning, security, networking, and application deployment. With our solutions, companies of all sizes and in all industries can accelerate their time to market, reduce their cost of operations, and improve their security and governance of complex infrastructure deployments.

Organizations today are undergoing a digital transformation across every business function, driven by competition and ever-increasing consumer expectations. Underlying this digital transformation is a re-platforming of static on-premises infrastructure to dynamic and distributed cloud infrastructure. In this dynamic world, existing procedures are too inefficient to scale with distributed, multi-cloud infrastructure. Inconsistent, fragmented technologies and processes are time consuming and resource intensive to manage, exacerbated by inefficient, linear ticket-driven workflows that cannot facilitate scaled, real-time operations. This digital transformation demands a new cloud operating model for enterprise information technology, or IT, requiring automation to provision, secure, connect, and run infrastructure at scale and in real time. At HashiCorp, we build industry-leading products that enable this cloud operating model and accelerate cloud adoption. Our primary commercial products are Terraform, Vault, Consul, and Nomad:

Terraform is our infrastructure provisioning product that allows users to easily set up and manage IT infrastructure. Terraform enables IT operations teams to apply an Infrastructure-as-Code approach, where processes and configuration required to support applications are codified and automated instead of being manual and ticket-based. Terraform is cloud-neutral, supporting all major public and private clouds, and has a broad ecosystem of more than a thousand integrations with multiple cloud, software, and hardware platforms.
Vault is our secrets management and data protection product. Using Vault, security teams can apply policies based on application and user identity, integrating with both on-premises and cloud-native identity providers, to govern access to credentials and secure sensitive data. Vault makes it simple for practitioners to deploy zero-trust security and automate complex workflows.
Consul is our application-centric networking automation product. It enables practitioners to manage application traffic, security teams to secure and restrict access between applications, and operations teams to automate the underlying network infrastructure.
Nomad is our scheduler and workload orchestrator that enables organizations to deploy and manage applications. It provides practitioners with a self-service interface to manage the application lifecycle.

Our products can be adopted individually and are also designed to work together as a stack in order to solve larger, more complex challenges. For instance, deploying Vault and Consul is the basis for a complete Zero Trust security architecture with identity-driven controls, offering a full range of authentication, authorization, and access management for human users or machines, like servers or applications. We continue to innovate and deliver additional emerging products to supplement these core capabilities and provide adjacent solutions.

Today, our software is predominantly self-managed by users and customers who deploy it across public, private, and hybrid cloud environments. We also offer our HashiCorp Cloud Platform, or HCP, our fully-managed cloud platform for multiple products that further accelerates enterprise cloud migration by addressing resource and skills gaps, improving operational efficiency, and speeding up deployment time for customers.

We have deliberately built our products using an open-core software development model. All of our products are developed as open-source projects, with large communities of users, contributors, and partners collaborating on their development. We sell proprietary, commercial software that builds on our open-source products with additional enterprise capabilities. Our products are available in a non-commercial form for users to download, learn, and adopt, leading to market standardization of our products. Developers now play a larger role in deciding which technology is used within the

3


Table of Contents

companies for which they work, and this broad community engagement assists our go-to-market strategy by enabling technical knowledge and adoption inside our customers’ organizations. As a result, companies of all sizes and industries use our products, which were downloaded over 250 million times during the fiscal year ended January 31, 2022, or fiscal 2022. While we are pleased with this result, we also note that the number of downloads of our open-source products can fluctuate significantly from year-to-year due to various factors, including the timing of new product and feature releases.

Our sales efforts build on our broad open-source reach and are driven by an enterprise sales force that focuses on large organizations. In addition, HCP supplements our direct sales motion with a self-serve offering that enables us to serve small- and medium-sized businesses, or SMBs, through a low-touch solution. HCP is increasingly addressing the needs of our largest enterprise customers who are looking for fully managed, cloud-native solutions.

Our open-core software development model and sales efforts are further strengthened by our ecosystem of partners. Our partners, including cloud service providers and independent software vendors, or ISVs, build direct integrations for our mutual customers, playing a critical role in amplifying the reach and access of our products. We partner with global and regional systems integrators and resellers to facilitate transactions and provide scalable service engagements to ensure successful customer implementations. Chief Information Officers, or CIOs, as a key IT deployment decision maker at many enterprises, standardize on our platform over time as they build their cloud adoption strategies and programs around their chosen cloud vendors and HashiCorp in concert with their cloud service providers of choice and existing ISVs. Enabling users to work within their existing infrastructure vendors creates a strong network effect with our products. We had over 2,000 providers and integrations and more than 850 partners, including over 200 ISVs, as of January 31, 2022, and these numbers continue to grow as we become mission critical to our customers and increasingly integral to their entire ecosystem.

The combination of our open-core, self-service, direct sales, and partner ecosystem components enables our powerful adopt, land, expand, and extend motion. Our open-source engagement and self-serve cloud model help us identify and accelerate initial product adoption and use cases. This broad footprint then allows our enterprise sales teams to target and sign these customers with subscription contracts for our software. Our expansion motion focuses on up-selling additional modules and increasing the footprint of usage of a given product, including across multiple buying centers within our customers’ organizations. Importantly, the multiple capabilities of our deep product portfolio allow us to extend our reach by cross-selling additional products to customers. Our adopt, land, expand, and extend motion affords us many growth opportunities within our customer base as we focus our go-to-market strategy on developing and cultivating long-term customer relationships. As of January 31, 2022 and January 31, 2021 our last four quarter average net dollar retention rate was 131% and 123%, respectively. We are still in the early stages of our expansion and extension journey with our customers. Our focus on winning lighthouse accounts in the Forbes Global 2000 accelerates our practitioner adoption by adding new users and driving partners to integrate our ecosystem, creating a powerful flywheel helping to drive our business.

Our transformative technologies, open-source reach, and market leadership have led us to experience rapid growth. We had 655, 500 and 338 customers with $100,000 or greater annual recurring revenue, or ARR as of January 31, 2022, 2021 and 2020, respectively. We served over 375 of the Forbes Global 2000 companies as of January 31, 2022. Our revenue was $320.8 million, $211.9 million, and $121.3 million for the fiscal year ended January 31, 2022, or fiscal 2022, the fiscal year ended January 31, 2021, or fiscal 2021, and the fiscal year ended January 31, 2020, or fiscal 2020, respectively, representing period-over-period growth of 51% and 75%, respectively. Customers with $100,000 or greater ARR represented 88%, 83%, and 71% of revenue for fiscal 2022, 2021, and 2020, respectively. We incurred net losses of $290.1 million, $83.5 million, and $53.4 million for fiscal 2022, 2021, and 2020, respectively. We expect we will incur net losses for the foreseeable future as we continue to invest into the market opportunity ahead of us.

Our Solution

HashiCorp products were all built with common design principles around the need to enable automation in infrastructure, broad ecosystem support, and self-service for practitioners. Our products embody those principles at every layer of infrastructure needed for enterprises to successfully operate in the cloud.

Our broader portfolio includes numerous other products solving adjacent challenges in achieving a cloud operating model.

4


Table of Contents

Our solution has the following key characteristics that define our products and approach:

Purpose-Built for Cloud. HashiCorp products are built for modern cloud-native architectures. To fully realize the value of cloud, HashiCorp enables infrastructure to be highly automated across provisioning, security, networking, and application deployment. Customers are able to leverage the differentiating capabilities of cloud services, while maintaining a consistency of management and governance.
Cloud Platform- and Technology-Neutral. A key element of our design ethos is the focus on solving user workflows rather than specific technologies or platforms. All of our solutions are built to be cloud platform- and technology-neutral, which allows a common approach to be extended to any cloud platform or on-premises technology. Our products are used in all major public clouds and also in private data centers and in edge environments such as in retail, manufacturing, hospitality, and more.
User-Centric Design. HashiCorp products are built by practitioners for practitioners. Traditional infrastructure management software was historically sold top-down to executives and was less focused on the experience of end users. We use the guiding principle of building tools that we would want to use ourselves to build our products. We invest heavily in product design and user research to make our products convenient and easy to use at initial adoption and in ongoing operations.
Enabling Self-Service Use. HashiCorp products are designed to enable self-service use. Traditional ticket-based processes forced development teams to use a linear workflow to provision infrastructure, request credentials, deploy applications, update networks, and more. HashiCorp products allow platform teams to define the blueprints and set up guardrails while also empowering developers without ticketing workflows. This can result in saving development teams days, weeks, or months of effort when building or deploying new applications.
Open-Source Community. Unlike traditional proprietary software, the core of all HashiCorp products is developed in open-source. This allows a large and vibrant community of users, contributors, and partners to participate. Users are able to give feedback directly, report issues, contribute features, and fix bugs. Partners are able to integrate their technology solutions and validate their integrations with continuous development. The community of users and partners creates a powerful network effect that drives further adoption and standardization of our open-source and paid solutions.
Broad User Base. The open-source nature of our products means they are free to download and widely distributed. This broad, global usage extends from small startup organizations to Fortune 100 companies across industries. Our HashiCorp User Groups, or HUGs, are self-organizing chapters of users that advocate for our products, which include over 38,000 members in more than 140 chapters across over 50 countries as of January 31, 2022.
Deep and Broad Ecosystem. Most enterprises have a large set of existing technology investments and platforms. It is critical that any new technologies are able to integrate into their environment. HashiCorp products are built with extensibility in mind, and we work closely with hundreds of partners to ensure interoperability of our solutions. A key component of our ecosystem is our collection of “providers.” Our providers are connections to integrate products like Terraform with cloud players, software applications, and hardware vendors using application programming interfaces, or APIs. These companies often build providers for their own technologies to connect with HashiCorp. We have certification programs for our major products so that users can be assured the integrations are validated.
Self-Managed and Cloud Delivery. The adoption of cloud infrastructure is accelerating, and the future of most services will be cloud delivered. However, the world’s largest organizations have substantial investments in on-premises and private cloud environments and will continue to have a large footprint for many years to come. HashiCorp products were initially built as self-managed, allowing them to be adopted in private clouds and by customers with a reluctance to offload critical infrastructure. As customers gain comfort and become increasingly cloud native, HCP enables the consumption of our products as a fully-managed service. This bi-modal delivery allows us to service the entire market with solutions that fit each customer's needs.
Focused Products. Large organizations have many silos where independent technology and buying decisions are made. HashiCorp has purposely built a portfolio of products rather than a monolithic platform, so that individual products can be sold to relevant stakeholders. This provides us multiple opportunities to engage customers and reduces the complexity of a sale by avoiding the need for a top-down mandate or broad consensus within an organization.

5


Table of Contents

End-to-End Solution. While our individual products solve specific problems, the broader HashiCorp portfolio provides a holistic approach to enabling a consistent cloud operating model. This integrated set of solutions enables us to become a strategic partner to customers, helping them define their technology strategy as they adopt a multi-cloud infrastructure.

Key Benefits to Customers

The key benefits of our solutions to our customers include:

Accelerate time to delivery. HashiCorp customers use our products to automate the key processes involved in application delivery and enable self-service for application teams. This can result in saving such teams days, weeks, or months of effort when building or deploying new applications. This improved agility improves their time to market and allows for rapid iteration on products and services.
Reduce risk and improve security and governance. While enabling self-service is a critical goal for most of our customers, it is equally important to maintain strong security and governance controls. Our products are designed with those needs in mind and enable security and compliance teams to set policies and audit interactions, while operations teams define consistent blueprints and templates to ensure standardization of best practices. This reduces total complexity and ensures that security controls are baked into the automation and consistently enforced.
Business agility, flexibility, and resilience. Organizations that depend heavily on manual process become inflexible and their agility is impaired by the speed of human operations. HashiCorp customers have codified and automated their processes, which enables them to make changes rapidly at scale. This allows them to quickly respond to market opportunities, security incidents, technology failures, and other critical operational events.
Improved operational efficiency. As organizations adopt a multi-cloud infrastructure, they are confronted with many different interfaces and workflows native to each environment. HashiCorp customers standardize their workflows and implement a consistent cloud operating model with our products and platform. This allows them to have a single set of workflows, reduce the employee training and onboarding burden, and simplify their security and governance challenges. This consistency improves the operational efficiency of managing infrastructure at scale.
Access to talent. HashiCorp products represent an industry standard in infrastructure management. We believe our community has hundreds of thousands of users, over 16,000 of whom have completed our certification programs as of January 31, 2022. By leveraging our products, customers can more easily hire new employees, train and certify existing employees, and ensure their organizations retain expertise in managing their systems.

Our Growth Strategy

We intend to pursue the following growth strategies:

Grow our customer base by acquiring new customers. We served 2,715 total customers as of January 31, 2022, including over 375 of the Forbes Global 2000. We believe that nearly all organizations will adopt a cloud strategy, resulting in a substantial opportunity to continue growing our customer base. Nearly all of our paid product adoption began with open-source usage. As we continue to cultivate those users and turn them into paid customers, we also intend to drive new paying customer additions by expanding our sales and marketing efforts and our product portfolio.
Expand and extend within our existing customer base through increased usage, extensions to new products, and new use cases. Our customer base represents a significant growth opportunity as we enable customers' cloud adoption journeys. Our model is aligned with our customers’ usage in the cloud. As cloud adoption continues and our customers look to build more scalable and dynamic cloud architectures, they will likely move from adopting bare-necessities use cases to more complex deployments, expanding their usage of a given product. Additionally, our modular portfolio of products is structured to allow customers to extend usage of our offerings by adopting additional products and features over time as new needs arise. As a result, we expect to expand in both scale and scope within our existing customer base, with extensions in horizontal use cases and cross-sell contributing to growth. We plan to continue to invest in sales and marketing to expand our relationships with existing customers.

6


Table of Contents

Unlock additional value and market share through HashiCorp Cloud Platform. HCP, released in 2020, addresses the needs of our largest enterprise customers and also enables us to serve SMBs through a low-touch solution. HCP enables organizations that previously had no capacity or ability to self-manage HashiCorp products to benefit from our industry-leading product portfolio. Additionally, HCP not only increases the number and type of organizations we can serve, it also enables us to offer consumption-based pricing. Consumption-based pricing allows customers to align spend with usage, and also provides an organic way to increase monetization with the adoption and usage of our products.
Extend our technology leadership through new products and continued investment in our platform and open-source community. We have a history of technological innovation, launching new innovative products, releasing new features on a regular basis, and making frequent updates to our products. We intend to continue making significant investments in research and development and hiring top technical talent to enable new use cases and increase our product differentiation. As we continually release new products, our open-source community drives adoption, maturity, and ecosystem development upon which additional enterprise functionality is built. Over time, we believe our focus on innovation will provide new avenues for growth and allow us to continually deliver meaningful, differentiated value to our customers.
Expand and develop our technology partner and reseller ecosystem. Our HashiCorp Partner Network, which consists of the top systems integrators and resellers around the world, helps accelerate the adoption of our products and platform. In addition, we maintain and manage hundreds of integrations, like our Terraform Providers. These include more than 30 official providers (created by us), more than 180 verified providers (created by our community and verified by us), and more than 1,600 community providers (created by our community) as of January 31, 2022. We plan to continue investing in building out our partner program to drive more consumption through our platform, broaden our distribution footprint, and create greater awareness of our platform.
Expand our global reach. As organizations around the world increase their public cloud adoption, we believe there is a significant opportunity to expand the use of our products and platform even further outside of North America. Sales outside of the United States constituted 27% of our revenue and 25% of our revenue for fiscal 2022 and 2021, respectively. We plan to make investments in sales and marketing and customer support in geographic areas of focus, and we believe there is a large opportunity to increase our global presence over time.

Our Products & Technology

Overview

HashiCorp products enable customers to implement a cloud operating model that provides consistent workflows and a standardized approach to automating the critical processes involved in delivering applications to any environment. Our offerings require multiple foundational capabilities that span all environments. We organize our products around four primary functionalities:

Provisioning. The underlying infrastructure that supports applications needs to be highly automated, scalable, and integrated with security and compliance controls. Our approach is focused on enabling at scale automation by codifying how infrastructure is configured and deployed, along with the security and governance controls that provide guardrails.
Security. The emergence of “Zero Trust” architectures changed the focus from traditional network perimeter security to identity-based controls, and strong enforcement of authentication and authorization everywhere. We are focused on enabling identity-based controls, managing application identity, securing machine-to-machine communication, and human-to-machine interactions.
Networking. Modern networking is software-defined and driven by a proliferation in microservices, creating a need for service-to-service networking capable of responding to rapid and dynamic change. Organizations need a consistent approach to network automation that spans multiple platforms and multiple clouds, including public and private environments.

7


Table of Contents

Application Delivery. Internal development teams are limited by the speed by which they can deploy to the cloud. Increasingly enterprises are building shared service platform teams to simplify and accelerate the process of deployment. Tooling that enables application teams to centrally manage infrastructure, while enabling self-service to developers is key. We focus on application deployment tooling and platform abstractions to enable that developer self-service.

Our Principles (Tao) For Products and Technology

 

While the products are developed independently as part of a portfolio, they apply a shared ethos, described by the Tao of HashiCorp, that is consistent between them. Some of these guiding principles include:

Build for workflows, not technology. We believe in solving for fundamental user workflows, rather than building capabilities around specific technologies. Workflows tend not to evolve, while technology continues to change at a blistering pace. Making the products extensible and pluggable to support new technologies as they evolve keeps our products relevant and increases their utility for customers who can embrace legacy and modern systems today and hedge against new systems emerging in the future.
Codification to enable automation. There are many different processes required to manage infrastructure and deliver cloud-based applications. Codification of those processes enables automation, but also allows for versioning and applying the best practices from software development to infrastructure management.
Composability over complexity. Software applications often solve adjacent problems by expanding on their features and capabilities typically at the cost of complexity. We prefer to build tools that are focused on a specific set of problems, and design them to work together as a stack. This clarity of scope allows for a simpler and better user experience.
Pragmatism. We have strong convictions about how to best manage infrastructure in cloud environments. However, we understand that many organizations have existing investments in systems and processes that are difficult to change. We embrace that complexity with pragmatism in our solutions and ensure our products can integrate with existing legacy environments while being opinionated about best practices for operating in the cloud.

HashiCorp Cloud Platform

HCP is a common foundation for delivering our products through our fully-managed cloud platform across the public cloud providers. All of our products can be self-managed; our Terraform, Consul, and Vault products are available as managed services through HCP, while our Packer product is available as a beta service through HCP. We believe enterprise customers will become increasingly comfortable, over the long term, with infrastructure services being provided by a third party, and SMB customers will benefit from the ease of adopting fully-managed products. Our ability to reduce operational complexity, speed up deployment and adoption times, provide multi-cloud consistency, and address the skills gap will be a critical driver of adoption. The shared identity and unified experience provided by the platform enable us to deeply integrate our products, creating a more powerful experience that drives additional usage of each product, as well as adoption of new products and services.

HCP also has significant implications for our go-to-market strategy. Through HCP we are able to offer a faster and more flexible solution with less upfront expenditure, which enables us to address SMB customers as well as our enterprise customers looking for a fully-managed offering. Customers can self-serve and pay based on consumption-based pricing. Product instrumentation allows us to discover qualified leads and use an inside sales lead motion to drive high velocity deals. Cloud customers can spend significantly less time focused on product deployment and immediately start product adoption, which enables higher retention and expansion.

Our Products

Across our portfolio of products, we have offerings at different stages of commercialization. Our core products, Terraform and Vault, are well established with commercial offerings at scale, and make up the majority of our current revenues. Emerging products, such as Consul and Nomad, are earlier in the commercialization process, while our community products are focused on product development, market maturity, and community adoption. This framework enables us to continue innovating and adding new products to our portfolio while simultaneously executing on a go-to-market strategy for our commercial products.

8


Table of Contents

 

 

Infrastructure Provisioning Products

Terraform. Operators and developers are increasingly overwhelmed by the need to manage infrastructure as organizations transition from running dedicated servers at limited scale to spinning up and down thousands of servers on-demand in dynamic, multi-cloud environments. Terraform is our foundational infrastructure provisioning product and empowers practitioners to create and manage infrastructure at scale for any public cloud and private cloud environment. Terraform takes an infrastructure-as-code approach to provisioning and lifecycle management, transforming these workflows from ticket-based manual processes into end-to-end self-service infrastructure automation.

Terraform has a broad ecosystem of providers. Our providers are connections to integrate Terraform with cloud players, software applications, and hardware vendors using APIs. These companies often build providers for their own technologies to connect with HashiCorp. As of January 31, 2022, Terraform has more than 30 official providers (created by us), more than 180 verified providers (created by our community and verified by us), and more than 1,600 community providers (created by our community).

Terraform Cloud and Terraform Enterprise are commercial offerings that provide a centralized way for users to collaborate on infrastructure, define and share reusable modules, provide central visibility, and enforce policy controls. The open-source Terraform product is focused on solving the technical challenge of provisioning, and our HashiCorp community provides thousands of provider integrations and shared blueprints in a public registry, allowing for the advancement of these products. Terraform Cloud and Terraform Enterprise, our commercial offerings, enable enterprises to operationalize Terraform, and pricing is based on the number of workspaces managed by our product. Key use cases include enabling self-service infrastructure, enabling multi-cloud consistency, and enforcing policy and governance.

Packer. As application teams move from development phases toward production environments, they must transform raw source code, application and system configuration, and security controls into a production worthy artifact. Depending on the environment, that artifact could be a virtual machine, or VM, image for an on-premises infrastructure, a Cloud VM image, a container, or serverless package. Packer provides a consistent way to define the process of transforming the raw source inputs into a production worthy artifact, across any environment or packaging format. This allows for a consistent approach to packaging that handles the nuances and variations in packaging for each environment.

Vagrant. When application teams are developing software, they must set up development environments that provide all the software tools, libraries, packages, operating system, and dependencies required for their application. Vagrant allows teams to define how development environments are set up, so that applications teams can automatically provision them and quickly get started with the actual development rather than spend time on setup. The codified definitions can be easily maintained and kept in parity with production environments, to ensure a parity between development and production environments and avoiding the risks inherent in mismatched environments.

Security Products

Vault. Vault was designed around the premise that modern security needs to be identity based, rather than traditional approaches based in IP controls and network perimeters. Vault is used to authenticate applications using a set of extensible plugins, which allows it to support a broad range of platforms, including public cloud providers such as AWS, on-premises systems such as Active Directory, and applications platforms such as Kubernetes. Human users similarly authenticate with Vault using pluggable mechanisms, supporting traditional on-premises and modern cloud-based identity providers, or IDPs. Based on the identity of the client, Vault provides a consistent mechanism for authorizing access to secrets, performing administrative operations, and invoking cryptographic capabilities on sensitive data.

Vault has an extensible set of integrations which allow it to dynamically manage the lifecycle of credentials. For example, native database integrations with Oracle, MongoDB, or Snowflake allow users to be provisioned on demand, with restricted access, and a limited time to live. Vault manages the entire lifecycle of generation, scoping of permissions, and revocation. This allows developers to self-service credentials while security teams define the controls and policies. The dynamic credentials reduce the risk of a compromise and reduce the operational burden of frequent credential rotation.

As data protection becomes increasingly critical, Vault addresses the challenges of key management and cryptography. Vault allows security teams to define keys and grant the right to perform cryptographic operations, such as encrypting or decrypting data, to applications. Application teams can leverage a high-level API to integrate with Vault and offload key management and cryptography. This minimizes the risk of a key compromise or improper implementation of cryptography, which has many subtle nuances with which most developers are unfamiliar.

9


Table of Contents

Our commercial Vault offering expands on open-source capabilities to solve for multi-tenancy of application teams, operational challenges of scale, additional security and governance needs of enterprises, and deeper sets of advanced data protection capabilities, such as tokenization and interoperability with the Key Management Interoperability Protocol, or KMIP. Vault is priced based on the number of clients (users, servers, applications etc.).

Boundary. Traditional approaches to Privileged Access Management, or PAM, have required users to interact with multiple systems, such as virtual private networks, to access private networks and PAM solutions to retrieve credentials and broker access to sensitive systems. This adds complexity for users, and for operations and security teams, makes administration more complex as controls are fragmented across multiple systems. Additionally, cloud infrastructure is more dynamic and ephemeral, making management of static IPs and hosts brittle. Boundary applies an identity-based approach to PAM and unifies the controls to a single system. User access is simplified to only using Boundary to establish sessions to sensitive systems. Security and operations teams only need to manage a single set of controls, which are based on the logical identity of users and applications, allowing for dynamic and ephemeral cloud infrastructure to be supported without an outsized burden.

Networking Products

Consul. Consul provides a central dynamic catalog of all applications, their locations, metadata, and current health status. This real-time view of applications provided by the catalog allows for dynamic applications and network automation. As application teams move from monolithic to microservices architectures, there is a proliferation of services that need to register and discover each other. Consul enables those application teams to have autonomy in managing the incoming traffic to their services. Applications can query Consul to determine how to connect to any services they depend on. For example, Consul can be used by a web server to query how to connect to a database. Consul’s real-time catalog allows applications and infrastructure to be dynamic and ephemeral, without the fragility and brittleness of static IPs or hostnames.

Consul also enables a modern service mesh architecture. Every application participates in actively authenticating and authorizing every connection. This enables a fine-grained approach to microsegmentation, reducing the risk of a network compromise through lateral attacker movement. This focus on identity-based controls reduces the total number of controls that need to be managed and reduces the operational burden of static controls in dynamic cloud environments. Security teams can apply a consistent approach to network segmentation across all their environments regardless of the hardware or network fabric.

Integration with Terraform allows networking appliances, such as load balancers, firewalls, and API gateways to be automatically updated based on application changes. This enables an end-to-end automation without manual ticket processes. This automation allows for policies to be defined using application identity, and to have the underlying IP addresses be managed dynamically. This lets security teams focus on identity-based controls rather than managing static IP controls in a dynamic environment.

Our commercial Consul offering expands on open-source capabilities to solve the challenges of multiple teams collaborating and integrating infrastructure, operational challenges of scale, and the security and governance needs of enterprises. Consul is priced based on the number of server instances used.

Application Delivery Products

Nomad. With traditional VM-based applications, there is typically a tight coupling of the application with the underlying VM and operating system. This creates an organizational challenge where developers are not able to self-serve application deployments or manage application lifecycles because ownership is shared or owned by operations teams. Nomad decouples the underlying infrastructure from the application lifecycle. This allows operations teams to manage the infrastructure and provides a self-service interface for developers to manage application lifecycle. Nomad supports a broad range of technologies, including VM-based, containerized, and serverless applications spanning Linux, Windows, and other operating systems.

The commercial version of Nomad is differentiated by solving the challenges of teams being multi-tenant, operational challenges of scale, security and governance needs of enterprises, and a deeper set of functionalities around auto-scaling and capacity management. Nomad is priced based on the number of nodes used.

Waypoint. Waypoint provides a simple developer-focused workflow for the build, deploy, and release process. Developers typically start their development lifecycle by writing code, using version control to collaborate, and using

10


Table of Contents

continuous integration systems to test code. Once a developer is ready to push a change to production, there is a highly fragmented ecosystem of tools, and organizations often have custom-built solutions to manage the remaining lifecycle. Waypoint provides a standard workflow that is designed to be simple and prescriptive for developers, while being highly extensible to enable platform operators to integrate their existing tools and systems. This enables platform teams to hide the complexity of the underlying infrastructure and enable developers to have a consistent workflow for application delivery across environments.

Our Customers

Our products are used across the globe by organizations of all sizes, across a vast range of industries. We are used by practitioners at the most complex large enterprises. As of January 31, 2022, we had 2,715 total customers, including over 375 of the Forbes Global 2000. As of January 31, 2022, we had 655 customers with $100,000 or greater in ARR and 72 customers with $1.0 million or greater in ARR. For fiscal 2022, no single customer accounted for more than 10% of our total revenue. Our percentage of revenue generated by customers outside of the U.S. was 27%, 25%, and 23% for fiscal 2022, 2021, and 2020, respectively.

We also have a large and growing base of developers that contributes to our open-source community. As of January 31, 2022, we had more than 38,000 members in our user groups spanning over 50 countries.

Marketing

We focus our marketing efforts on two core priorities:

community adoption by building awareness and relationships across user communities; and
sales support with demand generation, pipeline acceleration and partner activation.

Community adoption. Users can download our open-source software products or sign up for cloud services for free and begin engaging with our software and the active user community immediately. We empower users to solve a wide array of cloud infrastructure automation tasks. As technology challenges are being recast to the cloud, the roles and skill sets of developers and operators solving those challenges are also migrating to the cloud. We provide free learning material, documentation, and forums alongside instructor-led training, and certification programs. In a recent survey, approximately 32% of those who took certification exams stated they were required to by their employer. We also provide experiences, such as our annual HashiConf community conferences in Europe and the United States, with online viewership of approximately 7,000 at the Europe event in June 2021 and approximately 9,000 at the U.S.-based global event in October 2021. We also support our HUGs and other community efforts globally.

Sales support. Community adoption provides a highly efficient channel for demand generation, due to the mission-critical nature of our platform. On our platform, users naturally demonstrate the value of our products to their organizations, as use of our platform scales with their cloud-adoption journeys. In this process, users drive further awareness and expansion of our products and their features. Our commercial marketing team also provides an array of broad and deep campaigns, in-field marketing, and through- and to-partner marketing to support our adopt, land, expand, and extend business model.

Additionally, our marketing team provides the necessary brand, communications, product, and digital marketing capabilities to support community and commercial growth.

Sales

Our go-to-market strategy combines a viral bottom-up adoption model with a targeted top-down sales model. All of our products are developed as open-source offerings so that users can freely download, learn, and adopt them, improving the general market standardization of our products by removing barriers to use. Developers today have greater control of technology decision-making inside the companies where they work, and this broad community engagement assists our go-to-market model by enabling technical knowledge and adoption inside our customers’ organization.

11


Table of Contents

Our sales efforts build on our wide open-source reach and are driven by an enterprise sales force that focuses on the world’s largest organizations. Our inside sales team also provides high velocity engagement for smaller customers. In addition, HCP supplements this direct sales motion with a self-service offering that addresses the needs of our largest enterprise customers and enables us to serve SMB and mid-market businesses through a low-touch solution.

In addition, we partner with global and regional systems integrators and resellers to facilitate transactions and provide scalable service engagements to ensure successful customer implementations. CIOs standardize on our platform over time as they build their cloud adoption strategies and programs based on their chosen cloud vendors and HashiCorp in concert with their cloud service providers of choice and existing ISVs.

Our sales organization comprises sales development, sales engineering, inside sales, and field sales personnel and is segmented both geographically, and by the size of prospective customers. As of January 31, 2022, we had more than 850 employees in our sales and marketing organizations.

Research and Development

Our research and development efforts are focused on innovation to solve the challenges of adopting a cloud operating model through the development of new products as well as enhancements and new functionalities applicable to existing products. We believe rapid development of new products and enhancement of existing products and features is essential to maintaining our competitive position. We continuously incorporate feedback from our community and our customers in our software development efforts. Our multi-faceted approach to research and development allows us to continuously meet the changing demands of our customers.

As of January 31, 2022, we had more than 500 employees in our research and development organization. We intend to continue to invest in our research and development capabilities to extend our platform. Research and development expenses totaled $165.0 million, $65.2 million, and $40.1 million for fiscal 2022, 2021, and 2020, respectively.

Our Competition

Our market is highly competitive and characterized by rapid changes in technology, customer needs, frequent introductions of new offerings, and improvements to existing service offerings.

Internal IT teams sometimes attempt to “do it themselves” using open-source software. While individuals and small teams can sometimes use our open-source products to solve their technical problems, larger enterprises face more complex needs that require our commercial products. Our commercial products are substantially differentiated from their open-source versions and therefore companies using only open-source tools do not benefit from our full product offering.

For select companies adopting a single-cloud solution, we compete with the well-established public cloud providers such as AWS and their in-house offerings. We also compete with similar in-house offerings from Microsoft Azure, Google Cloud Platform, and other cloud providers.

We also compete with legacy providers with point products such as Red Hat, CyberArk, VMware, and IBM. We also compete with alternative open-source projects such as Google Istio.

We believe we compete favorably based on the following competitive factors:

ability to offer consistency across clouds;
ability to implement multi-cloud provisioning, security, networking, and application deployment;
ability to integrate with existing cloud platforms;
ability to engage community of open-source users and partners;
ability to integrate with existing on-premises environments;
ability to innovate around a cloud-delivered architecture;
ability to offer ecosystem of vendors integrated with our products;
ability to create new products and expand our existing platform;

12


Table of Contents

ability to scale up and down dynamically on demand;
ease of use;
speed of implementation and time to achieving value;
product capabilities, including flexibility, scalability, performance and security; and
brand recognition and reputation, particularly within the open-source community.

Our Employees and Human Capital Management

Our human capital resources objectives include identifying, recruiting, retaining, incentivizing and integrating our existing and new employees and consultants. In addition to competitive base salaries and cash compensation, the principal purpose of our share incentive plans is to attract, retain, and reward personnel through the granting of share-based compensation awards in order to increase stockholder value and the success of our company by motivating such individuals to perform to the best of their abilities and achieve our objectives.

As of January 31, 2022, we had over 1,850 employees operating across the world. We recognize that everyone deserves respect and equal treatment, regardless of gender, race, ethnicity, age, disability, sexual orientation, gender identity, cultural background, or religious belief and we strive to emphasize this equality as part of our core values to create a diverse, equitable, and inclusive work environment. We believe that kindness should be extended at every opportunity, to our peers, users, partners, and customers. An internal environment that is friendly, kind, and forgiving of mistakes is positive and productive. None of our employees are represented by a labor union. In certain countries in which we operate, such as France, we are subject to, and comply with, local labor law requirements, which may automatically make our employees subject to industry-wide collective bargaining agreements. We have not experienced any work stoppages, and we consider our relations with our employees to be good.

Intellectual Property

We rely on a combination of patent, copyright, trademark and trade secret laws in the United States and other jurisdictions, as well as license agreements and other contractual protections, to protect our proprietary technology. We also rely on a number of registered and unregistered trademarks to protect our brand.

As of January 31, 2022, we held six issued U.S. patents, had one other U.S. patent application allowed, and had at least 22 pending U.S. patent applications, with several more patent applications in the pipeline. We have no pending or issued patents in any jurisdiction outside of the United States. Our issued patents are scheduled to expire between 2039-2040. As of January 31, 2022, we held nine registered trademarks in the United States, and also held 57 registered trademarks in foreign jurisdictions. As of January 31, 2022, we held three pending U.S. trademark applications and 28 pending foreign trademark applications. We continually review our development efforts to assess the existence and patentability of new intellectual property.

We seek to protect our intellectual property rights by implementing a policy that requires our employees and independent contractors involved in development of intellectual property on our behalf to enter into agreements acknowledging that all works or other intellectual property generated or conceived by them on our behalf are our property, and assigning to us any rights, including intellectual property rights, they may claim or otherwise have in those works or property, to the extent allowable under applicable law.

Technology Infrastructure

We outsource substantially all of our cloud infrastructure to public cloud operators that host our products and platform, primarily AWS, Google Cloud, and Microsoft Azure. Because of the significant use of our platform on public clouds, our solutions must remain interoperable with them. Further, we are subject to the standard agreements, policies, and terms of service of these public clouds, as well as agreements, policies, and terms of service of the various application stores that make our solutions available to our developers, creators, customers, and users. These agreements, policies, and terms of service govern the availability, promotion, distribution, content, and operation generally of applications and experiences on such public clouds.

13


Table of Contents

The substantial majority of the services for which we use public cloud operators are cloud-based server capacity and, to a lesser extent, storage and other optimization offerings. Public cloud operators allow us to order and reserve server capacity in varying amounts and sizes distributed across multiple regions. We access public cloud operator infrastructure through standard IP connectivity. Public cloud operators provide us with computing and storage capacity under agreements that continue until terminated by either party. Public cloud operators may terminate the agreements by providing 30 days’ prior written notice and may in some cases terminate the agreement immediately for cause upon notice.

Available Information

Our Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, and amendments to reports filed pursuant to Sections 13(a) and 15(d) of the Securities Exchange Act of 1934, as amended, the Exchange Act, are filed with the U.S. Securities and Exchange Commission, or the SEC. Such reports and other information filed by us with the SEC are available free of charge at ir.hashicorp.com/financial-information/sec-filings as soon as reasonably practicable after such reports are available on the SEC’s website, www.sec.gov. We periodically provide other information for investors on our corporate website, www.hashicorp.com, and our investor relations website, ir.hashicorp.com. This includes press releases and other information about financial performance, information on corporate governance, and details related to our annual meeting of stockholders. The information contained on, or that can be accessed through, the websites referenced in this Annual Report on Form 10-K is not incorporated by reference into this Annual Report on Form 10-K or any other filings we make with the SEC. Further, our references to website URLs are intended to be inactive textual references only.

14


Table of Contents

Risk Factors

A description of the risks and uncertainties associated with our business is set forth below. You should carefully consider the risks and uncertainties described below, together with all of the other information in this Annual Report on Form 10-K, including the section titled “Management’s Discussion and Analysis of Financial Condition and Result of Operations” and our consolidated financial statements and the related notes thereto. Our business, results of operations, financial condition, or prospects could also be harmed by risks and uncertainties that are not presently known to us or that we currently believe are not material. If any of the risks actually occur, our business, results of operations, financial condition, and prospects could be materially and adversely affected. In that event, the market price of our Class A common stock could decline, and you could lose all or part of your investment.

Risk Factors Summary

This risk factor summary contains a high-level summary of risks associated with our business. It does not contain all of the information that may be important to you, and you should read this risk factor summary together with the more detailed discussion of risks and uncertainties set forth following this summary. A summary of our risks includes, but is not limited to, the following:

Our business and operations have experienced rapid growth, and if we do not appropriately manage future growth, if any, or are unable to improve our systems and processes, our business, financial condition, results of operations, and prospects will be adversely affected.
We have a history of net losses and may not be able to achieve or sustain profitability or positive cash flows in the future. If we cannot achieve or sustain profitability or positive cash flows, our business, financial condition, and results of operations may suffer.
Our limited operating history makes it difficult to evaluate our current business and prospects, and may increase the risk that we will not be successful.
Our future quarterly results of operations may fluctuate significantly, and our recent results of operations may not be a good indication of our future performance.
We rely significantly on revenue from subscriptions and, because we recognize a significant portion of the revenue from subscriptions over the term of the relevant subscription period, downturns or upturns in sales are not immediately reflected in full in our results of operations.
Because of the permissive rights accorded to third parties under our open-source and source available licenses, there are limited technological barriers to entry into the markets in which we compete and it is, and may continue to be, relatively easy for competitors, including public cloud operators, to enter our markets and compete with us.
We expect our revenue mix to vary over time, which could harm our gross margin and operating results.
If we are unable to increase sales of subscriptions to our products to new customers, sell additional subscriptions to our products to our existing customers, or expand the value of our existing customers’ subscriptions to our products, our future revenue and results of operations will be harmed.
If our existing customers do not continue to use our products and renew their subscriptions, it could have an adverse effect on our business and results of operations.
Our ability to increase sales of our products is highly dependent on the quality of our customer support, and our failure to offer high-quality support would have an adverse effect on our business, reputation, and results of operations.
If we do not effectively focus our product development efforts, our business, results of operations, and financial condition could be adversely affected.
We have limited experience with respect to determining the optimal prices for our products.
We target enterprise customers, and sales to these customers involve risks that differ from risks associated with sales to smaller entities.
The length of our sales cycles can be unpredictable, and our sales efforts may require considerable time and expense.

15


Table of Contents

Our revenue growth depends in part on the success of our strategic relationships with our ecosystem of partners and the continued performance of these partners.
The estimates of market opportunity and forecasts of market growth included in our public disclosures may prove to be inaccurate, and even if the market in which we compete achieves the forecasted growth, our business could fail to grow at similar rates, if at all.
The markets for some of our products are new, unproven, and evolving, and our future success depends on the growth and expansion of these markets and our ability to adapt and respond effectively to evolving markets.
We face competition that we expect to become more intense over time, and which could adversely affect our business, financial condition, and results of operations.
Problems with our internal systems, networks, or data, including actual or perceived breaches or failures by us or our partners, could cause our products to be perceived as insecure, underperforming, or unreliable, our reputation to be damaged, and our financial results to be negatively impacted.
If our self-managed offerings do not meet our customers’ performance or support expectations or if we fail to meet service-level availability commitments made to our cloud platform customers, we could face subscription terminations and a reduction in renewals, which could significantly affect our current and future revenue.
If we are not able to keep pace with technological and competitive developments or fail to integrate our products with a variety of technologies that are developed by others, our products may become less marketable, less competitive, or obsolete, and our results of operations may be adversely affected.
Failure of our products to satisfy customer demands or to achieve increased market acceptance could adversely affect our business, results of operations, financial condition, and growth prospects.
Unfavorable conditions in our industry or the global economy or reductions in spending for products like ours could limit our ability to grow our business and negatively affect our results of operations.
Uncertainty regarding ongoing hostility between Russia and Ukraine and the related impact on macroeconomic conditions as a result of such conflict.
If we are not able to maintain and enhance our brand, especially among practitioners, our business and operating results may be adversely affected.
We depend on cooperating with public cloud operators. Changes to arrangements with such operators may significantly harm our customer retention, new customer acquisition, and product extension or expansion, or require us to change our business models, operations, practices, or advertising activities, which could restrict our ability to maintain our platform through these clouds and would adversely impact our business.
We rely upon public cloud operators to operate our platform and any disruption of or interference with our use of these operators’ services would adversely affect our business, results of operations, and financial condition.
Interruptions or performance problems associated with our technology and infrastructure, and our reliance on technologies from third parties, may adversely affect our business operations and financial results.

16


Table of Contents

Risks Related to Our Business and Operations

Our business and operations have experienced rapid growth, and if we do not appropriately manage future growth, if any, or are unable to improve our systems and processes, our business, financial condition, results of operations, and prospects will be adversely affected.

We have experienced rapid growth and increased demand for our offerings. Our total revenues for fiscal 2022, 2021, and 2020 were $320.8 million, $211.9 million, and $121.3 million, respectively, representing an annual growth rate of 51% from fiscal 2021 to fiscal 2022, and 75% from fiscal 2020 to fiscal 2021. You should not rely on the revenue growth of any prior quarterly or annual period or combined periods as an indication of our future performance. Even if our revenue continues to increase, we expect our revenue growth rate to decline in future periods. We expect to continue growing our headcount significantly for the near future. The growth and expansion of our business and products place a continuous significant strain on our management, operational, and financial resources. In addition, as customers use more of our products for an increasing number of use cases, we have had to support more complex commercial relationships. We must continue to improve and expand our information technology and financial infrastructure, our operating and administrative systems, our relationships with various partners and other third parties, and our ability to manage headcount and processes in an efficient manner to manage any future growth effectively.

We may not be able to sustain the diversity and pace of improvements to our products or implement systems, processes, and controls in an efficient or timely manner or in a manner that does not negatively affect our results of operations. Our failure to improve our systems, processes, and controls, or their failure to operate in the intended manner, may result in our inability to manage the growth of our business and to forecast our revenue, expenses, and earnings accurately, or to prevent losses.

In addition, our rapid growth may make it difficult to evaluate our future prospects. Our ability to forecast our future results of operations is subject to a number of uncertainties, including our ability to effectively plan for and model future growth. We have encountered in the past, and may encounter in the future, risks and uncertainties frequently experienced by growing companies in rapidly changing industries. If we fail to achieve the necessary level of efficiency in our organization as it grows, or if we are not able to accurately forecast future growth, our business would be harmed. Moreover, if the assumptions that we use to plan our business are incorrect or change in reaction to changes in our market or business, or we are unable to maintain consistent revenue or revenue growth, our share price could be volatile, and it may be difficult to achieve and maintain profitability.

We have a history of net losses and may not be able to achieve or sustain profitability or positive cash flows in the future. If we cannot achieve or sustain profitability or positive cash flows, our business, financial condition, and results of operations may suffer.

We incurred a net loss of $290.1 million, $83.5 million, and $53.4 million, in fiscal 2022, 2021, and 2020, respectively. We had an accumulated deficit of $506.1 million as of January 31, 2022 and $216.0 million as of January 31, 2021. We anticipate that our operating expenses will increase in the foreseeable future as we continue to enhance our products, grow our relationships with existing customers, broaden our customer base, expand our sales and marketing activities, expand our operations, hire additional employees, and continue to develop our technology. These efforts may prove more expensive than we currently anticipate, and we may not succeed in increasing our revenue sufficiently, or at all, to offset these higher expenses. Because the markets for our products are rapidly evolving, it is difficult for us to predict our future results of operations. Revenue growth may slow or revenue may decline for a number of possible reasons, including slowing demand for our products or increasing competition. Any failure to increase our revenue as we grow our business could prevent us from achieving profitability or positive cash flow at all or on a consistent basis, which could cause our business, financial condition, and results of operations to suffer.

Our limited operating history makes it difficult to evaluate our current business and prospects, and may increase the risk that we will not be successful.

We were incorporated in Delaware in 2013. We began commercializing our software in 2016, so much of our growth has occurred in recent years. Our limited operating history makes it difficult to evaluate our current business and our future prospects, including our ability to plan for and model future growth. We have encountered and will continue to encounter risks and difficulties frequently experienced by rapidly growing companies in evolving industries. If we do not address these risks successfully, our business and results of operations will be adversely affected.

17


Table of Contents

Further, we operate in a rapidly evolving market. Any predictions about our future revenue and expenses may not be as accurate as they would be if we had a longer operating history or operated in a more predictable market. We have a limited history with our products and pricing model and if, in the future, we are forced to change our pricing model or reduce prices for our products, our revenue and results of operations may be harmed.

As the market for our products evolves, or as new competitors introduce new products or services that compete with ours, we may be unable to attract new customers or convert open-source users to paying customers on terms or based on pricing models that we have used historically. In the future, we may be required to reduce our prices or be unable to increase our prices, or it may be necessary for us to increase our products without additional revenue to remain competitive, all of which could harm our results of operations and financial condition.

Our future quarterly results of operations may fluctuate significantly, and our recent results of operations may not be a good indication of our future performance.

Our results of operations, including our revenue, cost of revenue, gross margin, operating expenses, cash flow, and deferred revenue have fluctuated from quarter-to-quarter in the past and may continue to vary significantly in the future so that period-to-period comparisons of our results of operations may not be meaningful. Accordingly, our financial results in any one quarter should not be relied upon as indicative of future performance. Our quarterly financial results may fluctuate as a result of a variety of factors, many of which are outside of our control, may be difficult to predict, and may or may not fully reflect the underlying performance of our business. Factors that may cause fluctuations in our quarterly financial results include:

our ability to attract and retain new customers;
the loss of existing customers;
customer renewal rates;
our ability to successfully expand our business in the United States and internationally;
our ability to foster an ecosystem of developers and users to expand the use cases of our products;
our ability to gain new partners and retain existing partners;
fluctuations in our number of customers, including those with $100,000 or greater in ARR;
fluctuations in the mix of our revenue, which may impact our gross margins and operating income;
the amount and timing of operating expenses related to the maintenance and expansion of our business and operations, including investments in sales and marketing, research and development, and general and administrative resources;
network outages or performance degradation of our products;
breaches of, or failures relating to, security, privacy, or data protection;
general economic, industry, and market conditions;
increases or decreases in the number of elements of our subscriptions or pricing changes upon any renewals of customer agreements;
changes in our pricing policies or those of our competitors;
the budgeting cycles and purchasing practices of customers;
decisions by potential customers to purchase alternative solutions;
decisions by potential customers to develop in-house solutions as alternatives to our products;
insolvency or credit difficulties confronting our customers, which could adversely affect their ability to purchase or pay for our products;
our ability to process all of the orders we receive late in our quarters before the quarters expire;
our ability to collect timely on invoices or receivables;
the cost and potential outcomes of future litigation or other disputes;

18


Table of Contents

future accounting pronouncements or changes in our accounting policies;
our overall effective tax rate, including impacts caused by any reorganization in our corporate tax structure and any new legislation or regulatory developments;
fluctuations in stock-based compensation expense;
the timing and success of new products introduced by us or our competitors or any other change in the competitive dynamics of our industry, including consolidation among competitors, customers, or partners;
the timing of expenses related to the development or acquisition of technologies or businesses and potential future charges for impairment of goodwill from acquired companies; and
other risk factors described in this Annual Report on Form 10-K.

The impact of one or more of the foregoing or other factors may cause our operating results to vary significantly. Such fluctuations could cause us to fail to meet the expectations of investors.

We rely significantly on revenue from subscriptions and, because we recognize a significant portion of the revenue from subscriptions over the term of the relevant subscription period, downturns or upturns in sales are not immediately reflected in full in our results of operations.

Subscription revenue accounts for the substantial majority of our revenue. We recognize a significant portion of our subscription revenue monthly over the term of the relevant time period. As a result, much of the subscription revenue we report each fiscal quarter is the recognition of deferred revenue from subscription contracts entered into during previous fiscal quarters. Consequently, a decline in new or renewed subscriptions in any one fiscal quarter will not be fully or immediately reflected in revenue in that fiscal quarter and will negatively affect our revenue in future fiscal quarters. Accordingly, the effect of significant downturns in new or renewed sales of our subscriptions will not be reflected in full in our results of operations until future periods.

Because of the permissive rights accorded to third parties under our open-source and source available licenses, there are limited technological barriers to entry into the markets in which we compete and it is, and may continue to be, relatively easy for competitors, including public cloud operators, to enter our markets and compete with us.

One of the characteristics of open-source is that the governing license terms generally allow liberal modifications of the code and distribution thereof to a wide group of companies and/or individuals. Our open-source licenses allow anyone, subject to compliance with the conditions of the applicable license, to redistribute our software and share certain source code components in modified or unmodified form and use it to compete in our markets. Such competition can develop without the degree of overhead and lead time required by traditional proprietary software companies, due to the rights granted to licensees of open-source and source available software. It is possible for competitors and new entrants to develop their own software, including software based on open-source or our products, and for public cloud operators to expand their offerings to compete directly with ours, potentially reducing the demand for our products and putting pricing pressure on our subscriptions. For example, a new or existing competitor may dedicate its developers to building competing offerings based on open-source and source-available software provided by us or third parties, and such offerings may reduce the demand for our offerings. We cannot guarantee we will be able to compete successfully against current and future competitors that use the open-source nature of our products to compete against us, or that competitive pressure or the availability of new software will not result in price reductions, reduced operating margins and loss of market share, any one of which would harm our business, financial condition, results of operations, and cash flows.

We expect our revenue mix to vary over time, which could harm our gross margin and operating results.

We expect our revenue mix to vary over time due to a number of factors, including the mix of our subscriptions for different products and our professional services revenue. For example, while Terraform and Vault are our most established products with commercial offerings at scale and make up the majority of our revenues, generating collectively over 85% of our revenues for each of fiscal 2022 and 2021, we believe that our emerging and community products represent a significant growth opportunity. Currently, our self-managed offerings represent the majority of our revenues. However, we believe that HCP, our fully managed cloud platform, represents a significant growth opportunity for our business, particularly as an increasing number of our customers look for a fully managed offering. Shifts in our business mix from quarter to quarter could produce substantial variation in the revenue we recognize. Further, our gross margins and operating results could be harmed by changes in revenue mix and costs as we shift further to cloud models, together with numerous other factors,

19


Table of Contents

including entry into new markets or growth in lower margin markets; entry into markets with different pricing and cost structures; pricing discounts; and increased price competition. Any one of these factors or the cumulative effects of certain of these factors may result in significant fluctuations in our gross margin and operating results. This variability and unpredictability could result in our failure to meet internal expectations or those of investors for a particular period.

If we are unable to increase sales of subscriptions to our products to new customers, sell additional subscriptions to our products to our existing customers, or expand the value of our existing customers’ subscriptions to our products, our future revenue and results of operations will be harmed.

We offer certain features of our products as open-source software with no payment required. Customers purchase subscriptions to our products in order to gain access to additional functionality and support. Our future success depends on our ability to sell our subscriptions to new customers and to extend the deployment of our products with existing customers by selling paid subscriptions to our existing users and expanding the value and number of existing customers’ subscriptions. Our ability to sell new subscriptions depends on a number of factors, including the prices of our products, prices offered by our competitors, and the budgets of our customers, as well as their desire and ability to create new features and perform their own support relying on our publicly available open-source software products. We also face competition from public cloud operators, who may use our open-source software products to provide and support hosted offerings that compete with our own. We rely in large part on our customers to identify new use cases for our products and new products to meet a broader set of their needs in order to expand such deployments and grow our business. If our customers do not recognize the potential of our products, our business would be materially and adversely affected. If our efforts to sell subscriptions to new customers and to expand deployments at existing customers are not successful, our total revenue and revenue growth rate may decline and our business will suffer.

If our existing customers do not continue to use our products and renew their subscriptions, it could have an adverse effect on our business and results of operations.

We expect to derive a significant portion of our revenue from renewals of existing subscriptions for our products. As a result, achieving a high renewal rate of our subscriptions will be critical to our business. Our customers have no contractual obligation to renew their subscriptions after the completion of their subscription term. Terms of our subscriptions typically range from one to three years.

Our customers’ usage of our products and renewal rates may decline or fluctuate as a result of a number of factors, including their satisfaction with our products and our customer support, our products’ ability to integrate with new and changing technologies, the frequency and severity of product outages, our product uptime or latency, the pricing of our, or competing, products, and our customers’ own budget priorities and fluctuations in spending. Even if our customers renew their subscriptions, they may renew for shorter subscription terms or on other terms that are less economically beneficial to us. We have limited historical data with respect to rates of customer renewals, so we may not accurately predict future renewal trends. If our customers do not renew their subscriptions, or renew on less favorable terms, our revenue may grow slower than expected or decline and our net expansion rate may decline.

Our ability to increase sales of our products is highly dependent on the quality of our customer support, and our failure to offer high-quality support would have an adverse effect on our business, reputation, and results of operations.

Our customers depend on our technical support services to resolve issues relating to our products. If we do not succeed in helping our customers quickly resolve post-deployment issues or provide effective ongoing support and education on our products, our existing customers may not renew their subscriptions, our ability to sell additional subscriptions to existing customers or expand the value of existing customers’ subscriptions would be adversely affected, and our reputation with potential customers could be damaged. Many larger enterprise and government entity customers have more complex IT environments and require higher levels of support than smaller customers. If we fail to meet the requirements of these enterprise customers, it may be more difficult to grow sales with them.

Additionally, it can take several months to recruit, hire, and train qualified technical support employees. We may not be able to hire such resources fast enough to keep up with demand, particularly if the sales of our products exceed our internal forecasts. To the extent we are unsuccessful in hiring, training, and retaining adequate support resources, our ability to provide adequate and timely support to our customers, and our customers’ satisfaction with our products, will be adversely affected. Our failure to provide and maintain high-quality support services would have an adverse effect on our business, financial condition, and results of operations.

20


Table of Contents

If we do not effectively focus our product development efforts, our business, results of operations, and financial condition could be adversely affected.

We are a multi-product company. Our primary commercial products are Terraform, Vault, Consul, and Nomad, and our significant investments in research and development have resulted in a strong product pipeline. Our ability to attract new customers and increase revenue from existing customers depends in part on our ability to enhance and improve our existing products, increase adoption and usage of our products, and introduce new products. The success of any enhancements or new products depends on several factors, including timely completion, adequate quality testing, actual performance quality, market-accepted pricing levels, and overall market acceptance. Continuously enhancing the significant number of our current products and advancing the new product pipeline may overextend our workforce and negatively affect product quality and development schedules. Enhancements and new products that we develop may not be introduced in a timely or cost-effective manner, may contain errors or defects, may require reworking features and capabilities, may have interoperability difficulties with our platform or other products, or may not achieve the broad market acceptance necessary to generate significant revenue. Not all new products we develop may become commercially successful, and we may prioritize the development of products that do not become commercially successful over products which may have had a better chance of attaining commercial success. Workforce productivity spent on these product development efforts may not be recouped in the form of sales to customers. Furthermore, our ability to increase the usage of our products depends, in part, on the development of new use cases for our products, which is typically driven by our developer community and may be outside of our control. In addition, adoption of new products or enhancements may put additional strain on our customer support team, which could shift the team’s resources away from supporting our current products or require us to make additional expenditures related to further hiring and training. If we are unable to timely and successfully enhance our existing products to meet evolving customer requirements, increase adoption and usage of our products, develop new products, or if our efforts do not render the outcomes we expect, then our business, results of operations, and financial condition would be adversely affected.

We have limited experience with respect to determining the optimal prices for our products.

We charge our customers subscription fees for use of our products. We expect that we may need to change our pricing from time to time. For example, we may need to adjust our fees based on customer usage of our products. In the past, we have sometimes reduced our prices either for individual customers in connection with long-term agreements or for a particular product. We may also face increasing costs which we may be unable or unwilling to pass through to our customers given pricing pressure, which could adversely impact our business, results of operations, and financial condition.

Further, as competitors introduce new products or services that compete with ours or reduce their prices, we may be unable to attract new customers or retain existing customers based on our historical pricing. As we expand internationally, we also must determine the appropriate price to enable us to compete effectively in different locations. Moreover, enterprises, which are a primary focus for our direct sales efforts, may demand substantial price concessions. In addition, if the mix of our product sold changes, then we may need to, or choose to, revise our pricing. As a result, in the future we may be required or choose to reduce our prices or change our pricing model, which could adversely affect our business, results of operations, and financial condition.

We target enterprise customers, and sales to these customers involve risks that differ from risks associated with sales to smaller entities.

We generally target large enterprise customers. Sales to large enterprise customers involve risks that may not be present or that are present to a lesser extent with sales to smaller entities, such as longer sales cycles, more complex customer requirements and contract negotiations, substantial upfront sales costs, and less predictability in completing some of our sales. For example, enterprise customers may require considerable time to evaluate and test our solutions and those of our competitors prior to making a purchase decision and placing an order. A number of factors influence the length and variability of our sales cycle, including the need to educate potential customers about the uses and benefits of our solutions, the discretionary nature of purchasing and budget cycles, and the competitive nature of evaluation and purchasing approval processes. As a result, the length of our sales cycle, from identification of the opportunity to deal closure, may vary significantly from customer to customer, with sales to large enterprises typically taking longer to complete. Moreover, large enterprise customers often begin to deploy our products on a limited basis, but nevertheless demand integration services and pricing negotiations, with no guarantee that they will deploy our products widely across their organization.

21


Table of Contents

The length of our sales cycles can be unpredictable, and our sales efforts may require considerable time and expense.

Our results of operations may fluctuate, in part, because of the length and variability of the sales cycle of our subscriptions to our products and the difficulty in making short-term adjustments to our operating expenses. Our results of operations depend in part on sales to large subscription customers and increasing sales to existing customers. The length of our sales cycle, from initial contact with our sales team to contractually committing to our subscriptions can vary substantially from customer to customer based on deal complexity. It is difficult to predict exactly when, or even if, we will make a sale to a potential customer or if we can increase sales to an existing customer. As a result, large individual sales have, in some cases, occurred in quarters subsequent to those we anticipated, or have not occurred at all. The loss or delay of one or more large transactions in a quarter could affect our cash flows and results of operations for that quarter and for future quarters. Customers often view a subscription to our products as a strategic decision and significant investment and, as a result, frequently require considerable time to evaluate, test, and qualify our products before entering into or expanding a subscription. During the sales cycle, we expend significant time and money on sales and marketing and contract negotiation activities which may not result in a sale. Because a substantial proportion of our expenses are relatively fixed in the short term, our results of operations will suffer if revenue falls below our expectations in a particular quarter.

Our revenue growth depends in part on the success of our strategic relationships with our ecosystem of partners and the continued performance of these partners.

We maintain partnership relationships with a variety of partners, including public cloud providers, systems integrators, independent software vendors, channel partners, referral partners, and technology partners to jointly deliver offerings to our end customers and complement our broad community of users. Our agreements with our partners are generally non-exclusive, meaning our partners may offer customers the offerings of several different companies, including offerings that compete with ours, or may themselves be or become competitors. If our partners do not effectively market and sell our offerings, choose to use greater efforts to market and sell their own offerings or those of our competitors, or fail to meet the needs of our customers, our ability to grow our business and sell our offerings may be harmed. Our partners may cease marketing our offerings with limited or no notice and with little or no penalty. The loss of a substantial number of our partners, our possible inability to replace them, or the failure to recruit additional partners could harm our results of operations. Likewise, because the success of our products depends on integrations with partners’ technologies, if partners decide to no longer implement or support such integrations, or if they partner with our competitors and devote greater resources to implement and support the products of competitors, our business may be harmed.

Our ability to achieve revenue growth in the future will depend in part on our success in developing and maintaining successful relationships with our partners and in helping our partners enhance their ability to market and sell our subscriptions. If we are unable to maintain our relationships with these partners, our business, results of operations, financial condition, or cash flows could be harmed.

Our estimates of market opportunity and forecasts of market growth included in our public disclosures may prove to be inaccurate, and even if the market in which we compete achieves the forecasted growth, our business could fail to grow at similar rates, if at all.

Market opportunity estimates and growth forecasts included in our public disclosure, including those we have generated ourselves, and those provided by third parties, such as the 650 Group, Gartner, or IDC, are subject to significant uncertainty and are based on assumptions and estimates that may not prove to be accurate, including the risks described herein. Even if the market in which we compete achieves the forecasted growth, our business could fail to grow at similar rates, if at all.

The variables that go into the calculation of our market opportunity are subject to change over time, and there is no guarantee that any particular number or percentage of addressable users or companies covered by our market opportunity estimates will purchase our products at all or generate any particular level of revenue for us. Any expansion in our market depends on a number of factors, including the cost, performance, and perceived value associated with our products and the products provided by our competitors. Even if the market in which we compete meets the size estimates and growth forecasted included in our public disclosures, our business could fail to grow at similar rates, if at all. Our growth is subject to many factors, including our success in implementing our business strategy, which is subject to many risks and uncertainties. Accordingly, the forecasts of market growth included in our public disclosures should not be taken as indicative of our future growth.

22


Table of Contents

The markets for some of our products are new, unproven, and evolving, and our future success depends on the growth and expansion of these markets and our ability to adapt and respond effectively to evolving markets.

The markets for certain of our products are relatively new, rapidly evolving, and unproven. Accordingly, it is difficult to predict customer adoption and renewals for these products, customers’ demand for these products, the size, growth rate, expansion, and longevity of these markets, the entry of competitive products, or the success of existing competitive products. Our ability to penetrate these new and evolving markets depends on a number of factors, including the cost, performance, and perceived value associated with our products. If these markets do not continue to grow as expected, or if we are unable to anticipate or react to changes in these markets, our competitive position would weaken, which would adversely affect our business and results of operations.

We face competition that we expect to become more intense over time, and which could adversely affect our business, financial condition, and results of operations.

The market for our products is developing and our competition is expected to increase over time. Our business is impacted by rapid changes in technology, customer needs, frequent introductions of new offerings, and improvements to existing offerings, all of which may increase the competitive pressures that we face. We provide offerings to address the needs of a wide variety of prospective customers that compete with other approaches and solutions. For example, internal IT teams sometimes attempt to “do it themselves” using open-source software. While individuals and small teams can sometimes use our open-source products to solve their technical problems, larger enterprises face more complex needs that require our commercial products. For select companies adopting a single-cloud solution, we compete with the well-established public cloud providers such as Amazon Web Services, or AWS, and their in-house offerings. We also compete with similar in-house offerings from Microsoft Azure, Google Cloud Platform, and other cloud providers; legacy providers with point products such as Red Hat, CyberArk, VMware, and IBM; and alternative open-source projects, such as Google Istio.

As the market for our products develops, the principal competitive factors in our market may include: product capabilities, including flexibility, scalability, performance, and security; ease of use; breadth of use cases supported; ability to integrate with existing IT infrastructure, cloud platforms, and on-premises environments; offering consistency across clouds; ability to implement multi-cloud provisioning, security, networking, and application deployment; speed of implementation and time to achieving value; ability to scale up and down dynamically on demand; robustness of professional services and customer support; price and total cost of ownership; adherence to certifications; size of customer base and level of user adoption; strength of sales and marketing efforts; offering an ecosystem of vendors integrated with the products; creating new products and expanding the existing platform; ability to innovate around a cloud-delivered architecture; brand awareness, recognition, and reputation, particularly within the open-source community; and ability to engage the community of open-source users and partners. If we fail to innovate and improve our products and professional services to address these factors, we may become vulnerable to increased competition and therefore fail to attract new customers or lose or fail to renew existing customers, which would cause our business and results of operations to suffer.

Some of our actual and potential competitors, especially more established companies, may expand their offerings to compete with our offerings. These companies may have advantages over us, such as longer operating histories, more established relationships with current and potential customers and commercial partners, significantly greater financial, technical, marketing or other resources, stronger brand recognition, larger intellectual property portfolios, and broader global distribution and presence. Our business model also assumes that our customers are committed to a multi-cloud strategy and will not bundle their cloud services. However, if this assumption does not accurately reflect the decisions of our customers, our business may suffer. Some of our larger potential competitors and other cloud providers have substantially greater resources than we do and therefore may afford to bundle competitively priced related products and services, which may allow them to leverage existing commercial relationships, incorporate functionality into existing products, sell products with which we compete at zero or negative margins, offer fee waivers and reductions or other economic and non-economic concessions, maintain closed technology platforms, or render our products unable to interoperate with such platforms. Our actual or potential customers may prefer to bundle their cloud services with one of our potential competitors even if such competitors’ individual products have more limited functionality compared to our software. These larger potential competitors are also often in a better position to withstand any significant reduction in technology spending and will therefore not be as susceptible to competition or economic downturns. Our potential competitors may also be able to respond more quickly and effectively than we can to new or changing opportunities, technologies, standards, or customer requirements. In addition, some potential competitors may offer products or services that address one or a limited number of functions at lower prices, with greater depth than our products or in geographies where we do not operate. With the introduction of new technologies and new market entrants, we expect competition to grow in the future.

23


Table of Contents

Furthermore, our actual and potential competitors may establish cooperative relationships among themselves or with third parties that may further enhance their resources and offerings in the markets we address. In addition, third parties with greater available resources may acquire current or potential competitors. As a result of such relationships and acquisitions, our actual or potential competitors might be able to adapt more quickly to new technologies and customer needs, devote greater resources to the promotion or sale of their products, initiate or withstand substantial price competition, take advantage of other opportunities more readily, or develop and expand their offerings more quickly than we do. For all of these reasons, we may not be able to compete successfully against our current or potential competitors.

Problems with our internal systems, networks, or data, including actual or perceived breaches or failures by us or our partners, could cause our products to be perceived as insecure, underperforming, or unreliable, our reputation to be damaged, and our financial results to be negatively impacted.

Our offerings involve the transmission and processing of data, which can include personal information and our or our customers’ or other third parties’ highly sensitive, proprietary, and confidential information. In addition to threats from traditional attackers and insider threats, we also face security threats from malicious third parties, including individual hackers, sophisticated criminal groups, nation states, and state-sponsored organizations, that could disrupt or interrupt, or introduce ransomware, viruses, or other malicious code into our products, services, systems, or networks, obtain unauthorized access to our internal systems, networks, and data, as well as systems of organizations using our cloud products and services, and the information they store and process. Users and organizations using our services may also disclose or leak their passwords, API keys, or secrets that could lead to unauthorized access to their accounts and data within our products. Such incidents have become more prevalent in our industry, particularly against cloud services, and may in the future result in unauthorized, unlawful, or inappropriate access to, inability to access, disclosure of, or loss or other unauthorized processing of the sensitive, proprietary, and confidential information that we own, process, or control, such as customer information and proprietary data and information, including source code and trade secrets. It is virtually impossible for us to entirely mitigate the risk of these security threats. While we have implemented security measures internally and have integrated security measures into our products, these measures may not function as expected and may not detect or prevent all unauthorized activity, prevent all security breaches and incidents, mitigate all security breaches or incidents, or protect against all attacks or incidents. Moreover, our products incorporate a variety of third-party components (including open-source software components) which may expose us to additional security threats, and vulnerabilities in those components may be difficult or impossible to detect, control, and manage. We may also experience security breaches and other incidents that may remain undetected for an extended period and, therefore, may have a greater impact on our products, the networks and systems used in our business, and the proprietary and other confidential data contained on such networks and systems. We expect to incur significant costs in our efforts to detect and prevent security breaches and other security-related incidents, and we may face increased costs in the event of an actual or perceived security breach or other security-related incident. These cybersecurity risks pose a particularly significant risk to a business like ours that is focused on providing highly secure products to customers. Additionally, as a remote-first company, our workforce functions in a remote work environment that requires remote access to our corporate network, which in turn imposes additional risks to our business, including increased risk of industrial espionage, theft of assets, phishing, and other cybersecurity attacks, and inadvertent or unauthorized access to or dissemination of sensitive, proprietary, or confidential information.

We also engage third-party vendors and service providers to store and otherwise process some of our and our customers’ data, including sensitive and personal information. Our vendors and service providers may also be the targets of cyberattacks, malicious software, phishing schemes, fraud, and may face other cybersecurity threats and may suffer cybersecurity breaches and incidents from these and other causes. Our ability to monitor these parties’ data security is limited. There can be no assurance that any security measures that we or our third-party service providers, including third-party providers of cloud infrastructure services, have implemented will be effective against current or future security threats, and we cannot guarantee that our systems and networks or those of our third-party service providers have not been breached or that they do not contain exploitable defects or bugs that could result in a breach of or disruption to our systems and networks or the systems and networks of third parties that support us and our products. While we maintain measures designed to protect the integrity, confidentiality, and security of our data and other data we maintain or otherwise process, our security measures or those of our third-party service providers could fail and result in unauthorized access to or disclosure, unavailability, modification, misuse, loss, destruction, or other processing of such data. Unauthorized access to, other security breaches of, or security incidents affecting, systems, networks, and data of our vendors, contractors, or those with which we have strategic relationships, even if not resulting in an actual or perceived breach of our customers’ networks, systems, or data, could result in the loss, compromise, unavailability, corruption, or other unauthorized processing of data, loss of business, reputational damage adversely affecting customer or investor confidence, regulatory investigations and orders, litigation, indemnity obligations, damages for contract breach, penalties for violation of applicable laws or regulations, significant costs for remediation, and other liabilities.

24


Table of Contents

Our products may experience errors, failures, vulnerabilities, or bugs that cause our products not to perform as intended. Any such errors, failures, vulnerabilities, or bugs may not be found until after they are deployed to our customers and may create the perception that our platform and products are insecure, underperforming, or unreliable. We also provide frequent updates and fundamental enhancements to our platform and products, which increase the possibility of errors. Our quality assurance procedures and efforts to report, track, and monitor issues with our products may not be sufficient to ensure we detect any such defects in a timely manner. There can be no assurance that our software code is or will remain free from actual or perceived errors, failures, vulnerabilities, or bugs.

Many of our customers may use our software for controlling their infrastructure and processing, transmitting, and protecting their sensitive and proprietary information, including business strategies, financial and operational data, personal or identifying information, and other related data. Our Vault product is specifically designed to assist our customers with management of their private and sensitive information. Actual or perceived breaches or other security incidents from actual or perceived errors, failures, vulnerabilities, or bugs in our products or other causes could lead to claims and litigation, indemnity obligations, regulatory audits, proceedings, investigations and significant legal fees, significant costs for remediation, the expenditure of significant financial resources in efforts to analyze, correct, eliminate, remediate, or work around errors or defects, to address and eliminate vulnerabilities, and to address any applicable legal or contractual obligations relating to any actual or perceived security breach or incident. They could damage our relationships with our existing customers and have a negative impact on our ability to attract and retain new customers. Because our business is focused in part on providing security to our customers with our Vault and other products, we believe that such products could be targets for hackers and others, and that an actual or perceived breach of, or security incident affecting, our security products and customers, could be especially detrimental to our reputation, customer confidence in our security products, and our business. The potential for an attack is compounded now that our Vault product is included as a cloud offering. Additionally, our products are designed to operate with little or no downtime. If a breach or security incident were to impact the availability of our products, our business, results of operations, and financial condition, as well as our reputation, could be adversely affected.

While we have taken steps designed to protect the confidentiality, integrity, and availability of our systems and the sensitive, proprietary, and confidential information that we own, process, or control, our security measures or those of third parties who we work with have been, and could from time to time in the future be, breached or otherwise not effective against security threats or preventing inadvertent or unauthorized access to or dissemination of sensitive, proprietary, or confidential information.

These risks are likely to increase as we continue to grow and process, control, store, and transmit increasingly large amounts of data.

Additionally, we cannot be certain that our insurance coverage will be adequate or otherwise protect us with respect to claims, expenses, fines, penalties, business loss, data loss, litigation, regulatory actions, or other impacts arising from security breaches, or that such coverage will continue to be available on acceptable terms or at all. Any of these results could adversely affect our business, financial condition, and results of operations.

If our self-managed offerings do not meet our customers’ performance or support expectations or if we fail to meet service-level availability commitments made to our cloud platform customers, we could face subscription terminations and a reduction in renewals, which could significantly affect our current and future revenue.

If we fail to meet the performance or support expectations that our self-managed customers have for our products, or the service-level availability commitments made to our cloud platform customers, then we may not retain our customers or renew them expected rates. With respect to service-level availability commitments, we may be obligated to pay monetary penalties to the impacted cloud customers. Additionally, we may be contractually obligated to provide cloud customers with additional capacity and reputationally obligated to provide self-managed customers with additional support, each of which could significantly affect our revenue.

Our reliance on public cloud providers may impact our ability to meet service-level targets or performance targets, as any interruption in all or any portion of the public cloud could result in negative impacts to the service we are able to provide. In some cases, we may not have a contractual right with our public cloud providers that compensates us for any losses due to interruptions.

25


Table of Contents

Further, the failure to meet our service-level commitments or performance targets on a chronic basis could result in damage to our reputation and we could face loss of revenue from reduced subscription levels from existing and prospective customers. Any service-level or performance failures could adversely affect our business, financial condition, and results of operations and, if made public, could harm our brand.

If we are not able to keep pace with technological and competitive developments or fail to integrate our products with a variety of technologies that are developed by others, our products may become less marketable, less competitive, or obsolete, and our results of operations may be adversely affected.

The success of our new product introductions depends on a number of factors including, but not limited to, timely and successful product development, market acceptance, our ability to manage the risks associated with new product releases, the effective management of development and other spending in connection with anticipated demand for new products, and the availability of newly developed products. As with many software companies, we have in the past experienced bugs, errors, or other defects or deficiencies in new products and product updates and delays in releasing new products, deployment options, and product enhancements and may have similar experiences in the future. As a result, some of our customers may either defer purchasing our products until we release new enhancements or switch to a competitor if we are not able to keep up with technological developments. If we are unable to successfully enhance our existing products to meet evolving customer requirements, increase adoption and use cases of our products, develop new products, quickly resolve security vulnerabilities, or if our efforts to increase the use cases of our products are more expensive than we expect, then our business, results of operations, and financial condition would be adversely affected.

In addition, our success depends on our ability to integrate our products with a variety of third-party technologies across any public or private platform or on-premises technology. Our technology partnership ecosystem powers significant extensibility of our products and offers our customers the ability to use external tools of their choice with our products and to deploy our products in their preferred environments and successfully support new package technologies as they arise. Further, our products must be compatible with the major cloud service providers in order to support local hosting of our products in geographies chosen by our customers. We also benefit from access to public and private vulnerability databases.

 

Changes in our relationship with any provider, the instability or vulnerability of any third-party technology, or the inability of our products to successfully integrate with third-party technology may adversely affect our business and results of operations. Any losses or shifts in the market position of these providers in general, in relation to one another or to new competitors or new technologies, could lead to losses in our relationships or customers, or to our need to identify and develop integrations with new third-party technologies. Such changes could consume substantial resources and may not be effective. Further, any expansion into new geographies may require us to integrate our products with new third-party technology and invest in developing new relationships with providers. If we are unable to respond to changes in a cost-effective manner, our products may become less marketable, less competitive, or obsolete and our results of operations may be negatively impacted.

Failure of our products to satisfy customer demands or to achieve increased market acceptance could adversely affect our business, results of operations, financial condition, and growth prospects.

We derive and expect to continue to derive substantially all of our revenue from our products. As a result, market acceptance of our products is critical to our continued success. Demand for our products is affected by numerous factors beyond our control, including continued market acceptance, the timing of development and release of new products by our competitors, technological change, any developments or disagreements with the open-source community, and growth or contraction in our market or the overall economy. We expect the growth and proliferation of data to lead to an increase in the data analyses demands of our customers and we may not be able to scale and perform to meet those demands or may not be chosen by users for those needs. If we are unable to continue to meet customer demands or to achieve more widespread market acceptance of our products, our business operations, financial results, and growth prospects will be materially and adversely affected.

Unfavorable conditions in our industry or the global economy or reductions in spending for products like ours could limit our ability to grow our business and negatively affect our results of operations.

Our results of operations may vary based on the impact of changes in our industry or the global economy on us or our customers. Current or future economic uncertainties or downturns could adversely affect our business and results of operations. Negative conditions in the general economy both in the United States and abroad, including conditions resulting

26


Table of Contents

from changes in gross domestic product growth, financial and credit market fluctuations, political turmoil, natural catastrophes, warfare, and terrorist attacks on the United States, Europe, the Asia-Pacific region, or elsewhere, could cause a decrease in business investments by our customers and potential customers, including spending on information technology, and negatively affect the growth of our business. To the extent our offerings are perceived by customers and potential customers as discretionary, our revenue may be disproportionately affected by delays or reductions in general information technology spending. Also, customers may choose to develop in-house software as an alternative to using our products. Moreover, competitors may respond to market conditions by lowering prices. We cannot predict the timing, strength, or duration of any economic slowdown, instability, or recovery, generally or within any particular industry. If the economic conditions of the general economy or markets in which we operate do not improve, or worsen from present levels, our business, results of operations, and financial condition could be adversely affected.

If we are not able to maintain and enhance our brand, especially among practitioners, our business and operating results may be adversely affected.

We believe that developing and maintaining widespread awareness of our brand, especially with practitioners, is critical to achieving widespread acceptance of our products and attracting new users and customers. Brand promotion activities may not generate user or customer awareness or increase revenue, and even if they do, any increase in revenue may not offset the expenses we incur in building our brand. Expenditures intended to maintain and enhance our brand may not be cost-effective or effective at all. If we do not successfully maintain and enhance our brand, we may have reduced pricing power relative to our competitors, we could lose customers, or we could fail to attract potential new customers or expand sales to our existing customers, all of which could materially and adversely affect our business, results of operations, and financial condition.

Our international operations expose us to significant risks, and failure to manage those risks could materially and adversely impact our business.

Our customers and employees are located worldwide, and our strategy is to continue to expand internationally. Our future results of operations depend, in part, on our ability to sustain and expand our penetration of the international markets in which we currently operate and to expand into additional international markets. We generated 27% and 25% of our revenue outside of the United States in fiscal 2022 and 2021, respectively. Our ability to expand internationally involves various risks, including the need to invest significant resources in such expansion, and the possibility that returns on such investments will not be achieved in the near future or at all in these less familiar competitive environments. We may also choose to conduct our international business through partnerships. If we are unable to identify partners or negotiate favorable terms, our international growth may be limited. In addition, we have incurred and may continue to incur significant expenses in advance of generating material revenue as we attempt to establish our presence in particular international markets. Additional risks associated with our international operations include:

geopolitical conflicts, including military conflicts, that could damage the global economy;
unexpected changes in regulatory requirements, taxes, trade laws, tariffs, export quotas, custom duties, or other trade restrictions;
different labor regulations, especially in the European Union, where labor laws are generally more advantageous to employees as compared to the United States, including deemed hourly wage and overtime regulations in these locations;
exposure to many stringent and potentially inconsistent laws and regulations relating to privacy, data protection, and data security, particularly in the European Union;
changes in a specific country’s or region’s political or economic conditions;
challenges inherent to efficiently managing an increased number of employees over large geographic distances, including the need to implement appropriate systems, policies, benefits, and compliance programs;
risks relating to the implementation of exchange controls and trade protection regulations and measures in the United States or in other jurisdictions;
risks relating to enforcement of U.S. export control laws and regulations including the Export Administration Regulations, or EAR, and trade and economic sanctions, including restrictions promulgated by the Office of Foreign Assets Control, or OFAC, and other similar trade protection regulations and measures in the United States or in other jurisdictions;

27


Table of Contents

greater difficulty in enforcing contracts and accounts receivable collection, and longer collection periods;
limitations on our ability to reinvest earnings from operations derived from one country to fund the capital needs of our operations in other countries;
limited or unfavorable intellectual property protection; and
exposure to liabilities under anti-corruption and anti-money laundering laws, including the U.S. Foreign Corrupt Practices Act of 1977, as amended, or FCPA, and similar applicable laws and regulations in other jurisdictions.

The expansion of our existing international operations and entry into additional international markets will require significant management attention and financial resources. Our failure to successfully manage our international operations and the associated risks could limit the future growth of our business. If we are unable to address these difficulties and challenges or other problems encountered in connection with our international operations and expansion, we might incur unanticipated liabilities or we might otherwise suffer harm to our business generally.

Incorrect implementation or use of, or our customers’ failure to update, our products could result in customer dissatisfaction and negatively affect our business, operations, financial results, and growth prospects.

Our products are often operated in large scale, complex IT environments. Our customers and some partners require training and experience in the proper use of and the benefits that can be derived from our products to maximize their potential. If our customers do not implement, update or use our products correctly or as intended, inadequate performance, and/or security vulnerabilities may result. Because our customers rely on our software to manage a wide range of operations, the incorrect implementation, use of, or our customers’ failure to update, our software or our failure to train customers on how to use our software productively may result in customer dissatisfaction, negative publicity and may adversely affect our reputation and brand. Failure by us to effectively provide training and implementation services to our customers could result in lost opportunities for follow-on sales to these customers and decrease subscriptions by new customers, and adversely affect our business and growth prospects.

We depend on cooperating with public cloud operators. Changes to arrangements with such operators may significantly harm our customer retention, new customer acquisition, and product extension or expansion, or require us to change our business models, operations, practices, or advertising activities, which could restrict our ability to maintain our platform through these clouds and would adversely impact our business.

We depend upon the public cloud operators, primarily AWS, Google Cloud, and Microsoft Azure, to offer our products to our customers. Because of the significant use of our platform on public clouds, our solutions must remain interoperable with them. Further, we are subject to the standard agreements, policies, and terms of service of these public clouds, as well as agreements, policies, and terms of service of the various application stores that make our solutions available to our developers, creators, customers, and users. These agreements, policies, and terms of service govern the availability, promotion, distribution, content, and operation generally of applications and experiences on such public clouds. As a result, we may not successfully cultivate relationships with key industry participants or develop products that operate effectively with these technologies, systems, networks, regulations, or standards. If it becomes more difficult for our customers or users to access and engage with our platform on the public clouds they are already using, if our customers choose not to access or use our platform application on their cloud accounts, or if our customers or users choose to use public clouds that do not offer or discontinue access to our platform, our business and customer retention, new customer acquisition, and product extension or expansion could be significantly harmed.

28


Table of Contents

The owners and operators of these public clouds each have approval authority over our platform’s deployment on their systems and offer products that compete with ours. We have no control over these public clouds, and any changes to these clouds that degrade our platform’s functionality, or give preferential treatment to competitive products, could significantly harm our platform. Those companies have no obligation to test the interoperability of their clouds with our platform. If any of these companies introduced modifications to their clouds that purposefully or inadvertently made them incompatible with or not optimal for use of our platform, such disruption to our platform would harm our business. Additionally, such operators could make our platform, or certain features of our platform, inaccessible on their public clouds for a potentially significant period of time. An operator could also limit or discontinue our access to its public cloud if it establishes more favorable relationships with one or more of our competitors, launches a competing product itself, or it otherwise determines that it is in its business interests to do so. Such operators could display their competitive offerings more prominently than ours. We plan to continue to introduce new technologies on our platform regularly and have experienced that it takes time to adjust such technologies to function with these public clouds, impacting the adoption of our new technologies and features, and we expect this trend to continue.

Each public cloud operator has broad discretion to change and interpret its agreements, terms of service, and policies with respect to our platform, and those changes may be unfavorable to us and our customers’ use of our platform. If we were to violate, or a public cloud operator believes that we have violated, its agreements, terms of service, or policies, that public cloud operator could limit or discontinue our access to its cloud. In some cases these requirements may not be clear or our interpretation of the requirements may not align with the interpretation of the public cloud operator, which could lead to inconsistent enforcement of these agreements, terms of service, or policies against us, and could also result in the public cloud operator’s limiting or discontinuing access to its cloud. Any limitation on or discontinuation of our access to any public cloud could adversely affect our business, financial condition or results of operations.

We rely upon public cloud operators to operate our platform and any disruption of or interference with our use of these operators’ services would adversely affect our business, results of operations, and financial condition.

We outsource substantially all of our cloud infrastructure to public cloud operators that host our products and platform, and our dependence will increase as we introduce new cloud products. Customers of our products need to be able to access our platform at any time, without interruption or degradation of performance. Public cloud operators run their own platforms that we access, and we are, therefore, vulnerable to service interruptions of these platforms. We have experienced, and expect that in the future we may experience interruptions, delays, and outages in service and availability from time to time due to a variety of factors, including infrastructure changes, human or software errors, website hosting disruptions, and capacity constraints. Capacity constraints could be due to a number of potential causes including technical failures, natural disasters, fraud, or security attacks. In addition, if our security, or that of public cloud operators, is or is perceived to have been compromised, our products or platform are unavailable or our users are unable to use our products within a reasonable amount of time or at all, then our business, results of operations, and financial condition could be adversely affected. In some instances, we may not be able to identify the cause or causes of these performance problems within a period of time acceptable to our customers. It may become increasingly difficult to maintain and improve our platform performance, especially during peak usage times, as our products become more complex and the usage of our products increases. To the extent that we do not effectively address capacity constraints through our public cloud operators, our business, results of operations, and financial condition may be adversely affected. In addition, any changes in service levels from our public cloud operators may adversely affect our ability to meet our customers’ requirements.

The substantial majority of the services we use cloud service providers for are cloud-based server capacity and, to a lesser extent, storage and other optimization offerings. Public cloud operators allow us to order and reserve server capacity in varying amounts and sizes distributed across multiple regions. We access public cloud operator infrastructure through standard IP connectivity. Public cloud operators provide us with computing and storage capacity pursuant to an agreement that continues until terminated by either party. Public cloud operators may terminate the agreement by providing 30 days’ prior written notice and may in some cases terminate the agreement immediately for cause upon notice. Although we expect that we could receive similar services from other third parties, if any of our arrangements with public cloud operators are terminated, we could experience interruptions on our platform and in our ability to make our products available to customers, as well as delays and additional expenses in arranging alternative cloud infrastructure services.

Any of the above circumstances or events may harm our reputation, cause customers to stop using our products, impair our ability to increase revenue from existing customers, impair our ability to grow our customer base, subject us to financial penalties and liabilities under our service-level agreements, and otherwise harm our business, results of operations, and financial condition.

29


Table of Contents

Interruptions or performance problems associated with our technology and infrastructure, and our reliance on technologies from third parties, may adversely affect our business operations and financial results.

Our website and internal technology infrastructure may experience performance issues due to a variety of factors, including infrastructure changes, human or software errors, website or third-party hosting disruptions, capacity constraints, technical failures, natural disasters, or fraud or security attacks. Our use and distribution of third-party open-source software and reliance on other third-party services may increase this risk. For example, we are dependent on our relationship with a third-party processor for installation and packaging solutions in one of our products. If our website is unavailable or our users are unable to download our products or order subscriptions or services within a reasonable amount of time or at all, our business could be harmed. We expect to continue to make significant investments to maintain and improve website performance and to enable rapid releases of new features and applications for our products. To the extent that we do not effectively upgrade our systems as needed and continually develop our technology to accommodate actual and anticipated changes in technology, our business and results of operations may be harmed.

If we experience an interruption in service for any reason, our cloud offerings would similarly be interrupted. An interruption in our services to our customers could cause our customers’ internal and consumer-facing applications to fail to function properly, which could have a material adverse effect on our business, operations, financial results, customer relationships, and reputation. In addition, we rely on cloud technologies from third parties in order to operate critical functions of our business, including financial management services, customer relationship management services, and lead generation management services. Accordingly, if these services become unavailable due to extended outages or interruptions or because they are no longer available on commercially reasonable terms or prices, our expenses could increase, our ability to manage our finances could be interrupted, our processes for managing sales of our products and supporting our customers could be impaired, and our ability to generate and manage sales leads could be weakened until equivalent services, if available, are identified, obtained, and implemented, all of which could harm our business and results of operations.

A real or perceived defect, security vulnerability, error, or performance failure in our products could cause us to lose revenue, damage our reputation, and expose us to liability.

Our products are inherently complex and, like all software, despite extensive testing and quality control, have in the past and may in the future contain defects or errors, especially when first introduced, or not perform as contemplated. These defects, security vulnerabilities, errors, or performance failures could cause damage to our reputation, loss of customers or revenue, product returns, order cancellations, service terminations, or lack of market acceptance of our software, which could expose us to liability. Because our products involve sensitive, secure and/or mission-critical uses by our customers, we may be subject to increased scrutiny, potential reputational risk, or potential liability should our software fail to perform as contemplated in such deployments. We have in the past and may in the future need to issue corrective releases of our software to fix these defects, errors, or performance failures, which could require us to allocate significant research and development and customer support resources to address these problems.

Techniques used to sabotage or obtain unauthorized access to systems or networks are constantly evolving and, in some instances, are not identified until launched against a target. We and our service providers may be unable to anticipate these techniques, react in a timely manner, or implement adequate preventative measures.

Further, there can be no assurance that any limitations of liability provisions in our customer and user agreements, contracts with third-party vendors and service providers, or other contracts would be enforceable or adequate or would otherwise protect us from any liabilities or damages with respect to any particular claim relating to a security breach or other security-related matter. Any cybersecurity insurance that we carry may be insufficient to cover all liabilities incurred by us in connection with any privacy or cybersecurity incidents or may not cover the kinds of incidents for which we submit claims. For example, insurers may consider cyberattacks by a nation-state as an “act of war” and any associated damages as uninsured. We also cannot be certain that our insurance coverage will be adequate for data handling or data security liabilities actually incurred, that insurance will continue to be available to us on economically reasonable terms, or at all, or that any insurer will not deny coverage as to any future claim. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could have a material adverse effect on our business, results of operations, and financial condition, as well as our reputation.

30


Table of Contents

We depend on our senior management and other key employees, and the loss of one or more of these employees or an inability to attract, train, and retain highly skilled employees could harm our business.

Our future success is substantially dependent on our ability to continue to attract and retain highly skilled personnel. The loss of the services of any of our key personnel, the inability to attract or retain qualified personnel, or delays in hiring required personnel, particularly in engineering and sales, may seriously harm our business, financial condition, and results of operations. We are also substantially dependent on the continued service of our existing engineering personnel because of the complexity of our products. Although we have entered into employment offer letters with our key personnel, these agreements have no specific duration and constitute at-will employment. The loss of one or more of our executive officers or key employees could seriously harm our business.

Our future performance also depends on the continued services and continuing contributions of our senior management to execute on our business plan and to identify and pursue new opportunities and product innovations. The loss of services of senior management could significantly delay or prevent the achievement of our development and strategic objectives, which could adversely affect our business, financial condition, and results of operations.

Both the industry in which we operate and the San Francisco Bay Area, where our headquarters is located, are generally characterized by significant competition for skilled personnel as well as high employee attrition. Additionally, many of the companies with which we compete for experienced personnel have greater resources than we have and may provide higher levels of compensation. We have from time to time experienced, and we expect to continue to experience, difficulty in hiring and retaining employees with appropriate qualifications. Also, to the extent we hire personnel from competitors, we may be subject to allegations that they have been improperly solicited, that they have divulged proprietary or other confidential information, or that their former employers own their inventions or other work product.

In addition, a large percentage of our sales force is new to our company. New hires require significant training and may take significant time before they achieve full productivity. Our recent hires and planned hires may not become productive as quickly as we expect, and we may be unable to hire or retain sufficient numbers of qualified individuals in the markets where we do business or plan to do business. In addition, the growth of our direct sales force leads to increasing difficulty and complexity in its organization, management, and leadership, at which we may prove unsuccessful. If we are unable to hire and train a sufficient number of effective sales personnel, we are ineffective at overseeing a growing sales force, or the sales personnel we hire are otherwise unsuccessful in obtaining new customers or increasing sales to our existing customer base, our business will be adversely affected.

Any failure to successfully attract, integrate, train, or retain qualified personnel to fulfill our current or future needs could materially and adversely affect our business, results of operations, and financial condition.

Our corporate culture has contributed to our success, and if we cannot maintain this culture as we grow, we could lose the innovation, creativity, and entrepreneurial spirit we have worked to foster, which could harm our business.

We believe that our culture has been and will continue to be a key contributor to our success. If we do not continue to maintain our corporate culture as we grow, we may be unable to foster the innovation, creativity, and entrepreneurial spirit we believe we need to support our growth. Any failure to preserve our culture also could further harm our ability to retain and recruit personnel, innovate and create new products, operate effectively, and execute on our business strategy.

Operating as a remote-first company may make it difficult for us to preserve our corporate culture, have a negative impact on workforce morale and productivity, and harm our future success, including our ability to retain and recruit personnel, innovate and operate effectively, and execute on our business strategy.

We have been a remote-first company since incorporation. This subjects us to heightened operational risks. For example, technologies in our employees’ and service providers’ homes may not be as robust as in our offices and could cause the networks, information systems, applications, and other tools available to employees and service providers to be more limited or less reliable than in our offices. Further, because the security systems in place at our employees’ and service providers’ homes may be less secure than those used in our offices, we may be subject to increased cybersecurity risk, which could expose us to risks of data or financial loss and disrupt our business operations. There is no guarantee that our data security and privacy safeguards will be completely effective or that we will not encounter risks associated with employees and service providers accessing company data and systems remotely.

31


Table of Contents

Operating as a remote-first company as an increasing number of our employees choose to work remotely due to the COVID-19 pandemic may make it more difficult for us to preserve our corporate culture, and our employees may have decreased opportunities to collaborate in meaningful ways. Further, we cannot guarantee that an increasing number of employees working remotely will not have a negative impact on workforce morale and productivity. Any failure to preserve our corporate culture and foster collaboration could harm our future success, including our ability to retain and recruit personnel, innovate and operate effectively, and execute on our business strategy.

Additionally, providing services to a remote-first company allows employees to move freely while undertaking their work responsibilities. On occasion, employees have and may continue to fail to inform us of changes to their work location in a timely manner. Conducting business in certain geographies may expose use to risks associated with that location, including compliance with local laws and regulations or exposure to compromised internet infrastructure. If employees fail to inform us of changes in their work location, we may be exposed to various risks without our knowledge. For example, if employees create intellectual property on our behalf while residing in a jurisdiction with weak or uncertain intellectual property laws, our ownership of such intellectual property may be questioned. Similarly, if employees access our resources through unsecured internet infrastructure, they may expose us to a heightened risk of data theft or cyberattack.

Our business is affected by seasonal demands, and our quarterly operations results fluctuate as a result.

Historically our business has been highly seasonal, with the highest percentage of our sales occurring in our fiscal fourth quarter due to increased buying patterns of our enterprise customers prior to the end of the year and a lower percentage of our sales in our second fiscal quarter due to the summer vacation slowdown that impacts many of our customers. We expect these seasonal trends to continue. We may also experience fluctuations due to factors that may be outside of our control that affect customer engagement with our platform. Additionally, activity levels may remain unpredictable due to the COVID-19 pandemic and uncertainties about the future, including the effectiveness of vaccines against various strains of the virus and macroeconomic impacts of the Russia/Ukraine military conflict. Episodic experiences may also contribute to fluctuations in our quarterly results of operations. As our business matures, other seasonal trends may develop or existing seasonal trends may become more extreme.

A portion of our self-managed product revenue is recognized at the time we sell and deliver our software rather than on a ratable basis, and the amount we recognize can differ by product and contract length, which adds variability to our forecasting and could have a material negative impact on our revenue results.

More specifically, a portion of our self-managed license revenue is recognized upfront upon delivery of our software, particularly for multi-year agreements that are paid by customers on an annual basis. Generally, our multi-year self-managed contracts tend to have license revenue recognized upfront, while one-year self-managed contracts tend to have license revenue recognized ratably in one-month increments. In addition, the amount of revenue we recognize varies by product based on the allocation of value—from an accounting standpoint—between the license and support components of our product offerings.

We believe the benefit of securing multi-year customer commitments for our self-managed offerings far outweighs the resulting variability in forecasting revenue. Accordingly, we sell multi-year agreements whenever possible, but we also sell one-year agreements when our customers require them. The result is that in any given quarter, we can have a mix of one-year and multi-year agreements for our self-managed offerings, and that mix of contract lengths impacts the amount of revenue we recognize upfront versus over time. This variability is compounded by the fact that the amount of revenue we recognize at delivery also differs by product. We face challenges forecasting the percentage of customers who will choose multi-year agreements versus single-year subscriptions, as well as the final mix of products we will sell in each quarter. Any failure to make those forecasts with reasonable accuracy could cause us to miss our revenue forecasts and result in a decline in our stock price.

A high percentage of our sales often occur near the end of each quarter, which can create a processing backlog and negatively impact our revenue recognition and, consequently, our quarterly results.

Like many software companies, we transact many of our sales late in each quarter. For our self-managed offerings, this timing can affect our revenue recognition because delivery of the software is a pre-requisite to recognizing revenue under applicable software accounting rules. If we are unable to deliver our software to a new customer before the quarter ends, we cannot recognize any revenue from the sale during the quarter in which the customer placed its order. Instead, we must wait until the quarter in which we actually delivered the software to begin recognizing revenue. In quarters where we have a high volume of late-quarter sales, we may be unable to sign or process a significant number of the orders we

32


Table of Contents

receive or deliver the purchased software before the quarter ends. As a result, we may need to prioritize some orders over others and wait until the following quarter to recognize revenue for those orders we are unable to complete on time. In such cases, we will not be able to recognize as much revenue for the quarter as we otherwise would have if we had processed and delivered software for all orders we received before the quarter ended, which may lower our revenue results for the quarter. This in turn may harm our business by consistently underreporting our quarterly revenues to investors.

Sales to government entities are subject to a number of challenges and risks.

We have recently started selling to U.S. federal governmental agency customers. Sales to such entities currently constitute a small portion of our revenue. Selling to such entities can be highly competitive, expensive, and time-consuming, often requiring significant upfront time and expense without any assurance that these efforts will generate meaningful sales. Government certification requirements for products like ours may change, thereby restricting our ability to sell into the government sector until we have attained such revised certification or certifications. Government demand and payment for our products may be affected by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our products. Additionally, any actual or perceived privacy, data protection, or data security incident, or even any perceived defect with regard to our practices or measures in these areas, may negatively impact public sector demand for our products.

Government contracting requirements may change and in doing so restrict our ability to sell into the government sector until we have met government-mandated requirements, which may require significant upfront cost, time, and resources. If we do not achieve and maintain government requirements, it may harm our competitive position against larger enterprises whose competitive offerings are able to meet these requirements. There can also be no assurance that we will secure commitments or contracts with government entities even following efforts to meet government requirements, which could harm our margins, business, financial condition, and results of operations. Further, government demand and payment for our offerings are affected by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our offering.

Additionally, we rely on certain partners to provide technical support services to certain of our government entity customers to resolve any issues relating to our products. If our partners do not effectively assist our government entity customers in deploying our products, succeed in helping our government entity customers quickly resolve post-deployment issues, or provide effective ongoing support, our ability to sell additional products to new and existing government entity customers would be adversely affected and our reputation could be damaged.

Further, governmental entities may demand contract terms that differ from our standard arrangements and are less favorable than terms agreed with private sector customers. Such entities may have statutory, contractual or other legal rights to terminate contracts with us or our partners for convenience or for other reasons. Any such termination may adversely affect our ability to contract with other government customers as well as our reputation, business, financial condition, and results of operations. Governments routinely investigate and audit government contractors’ administrative processes, and any unfavorable audit could result in the government refusing to continue buying our subscriptions, a reduction of revenue, or fines or civil or criminal liability if the audit uncovers improper or illegal activities, which could adversely affect our results of operations and reputation.

Risks Related to Our Intellectual Property

Some of our technology incorporates third-party open-source software, which could negatively affect our ability to sell our products, and subject us to possible litigation.

Our open-source and proprietary technologies incorporate third-party open-source software, and we expect to continue to incorporate third-party open-source software in our products in the future and it may be necessary to utilize new and upgraded versions of these software applications. There can be no assurance that new versions of the third-party open-source projects we currently use will continue to be licensed under open-source licenses, or that necessary licenses will be available on acceptable terms or under open-source licenses permitting redistribution in our open-source and proprietary offerings, if at all. The inability to obtain certain licenses or other rights or to obtain such licenses or rights on favorable terms, could result in delays in product releases until equivalent technology can be identified, licensed or developed, if at all, and integrated into our products and may have a material adverse effect on our business, results of operations, and financial condition. In addition, third parties may allege that additional licenses are required for our use of their software or intellectual property, and we may be unable to obtain such licenses on commercially reasonable terms or at all.

33


Table of Contents

In addition, few of the licenses applicable to open-source software have been interpreted by courts, and there is a risk that these licenses could be construed in a manner that could adversely impact our interests and the interests of our customers, both with respect to our use of third-party open-source as well as our distribution of our own software under open-source licenses, including by imposing unanticipated conditions or restrictions on our ability to commercialize our products, or limiting our ability to enforce our rights in the manner we had anticipated. Moreover, we cannot ensure that our software does not include open-source software that we are unaware of, or that we have not incorporated additional open-source software in our software in a manner that is inconsistent with the terms of the applicable license or our current policies and procedures, including requiring us to make some or all of our software available under an open-source license that is unacceptable to us or to our customers. If we incorporate third-party open-source software into our software products, then certain circumstances, we and our customers may be subject to certain requirements, including requirements that we offer our solutions that incorporate such third-party open-source software under license terms that are inconsistent with our intended license, such as requiring portions of our products we create based upon, derived from, incorporating, or using such open-source software (and in turn, portions of our customers’ products that they create which are based upon, derived from, incorporating, or using our products) be made available for no cost and for the purpose of making and redistributing such software (including in source code form) and derivatives thereof. If an author or other third party that distributes such open-source software were to allege that we had not complied with the conditions of one or more of these licenses, we could be required to incur significant legal expenses defending against such allegations and could be subject to significant damages, enjoined from the sale of our products that contained the open-source software, and required to comply with onerous conditions or restrictions on these products, which could disrupt the distribution and sale of these products.

Moreover, there have been claims challenging the ownership rights in open-source software against companies that incorporate open-source software into their products, and the licensors of such open-source software provide no warranties or indemnities with respect to such claims. In the event such a claim were made with respect to a third-party open-source component included in our products, we and our customers could be required to seek licenses from third parties in order to continue offering our products, and to re-engineer our respective products or discontinue the sale of our respective products in the event re-engineering cannot be accomplished on a timely basis. We and our customers may also be subject to suits by parties claiming infringement, misappropriation or violation due to the reliance by our solutions on certain open-source software, and such litigation could be costly for us to defend or subject us to certain types of equitable remedies, such as an injunction. Some open-source projects have known vulnerabilities and architectural instabilities and are provided on an as-is basis, which, if not properly addressed, could negatively affect the performance of our product. Any of the foregoing could require us to devote additional research and development resources to re-engineer our solutions, provide an advantage to our competitors or other entrants to the market, create new security vulnerabilities, or highlight existing security vulnerabilities in products, result in customer dissatisfaction, and may adversely affect our business, results of operations, and financial condition. We cannot ensure that our processes for identifying and controlling our use of open-source software in our platform and products will be effective.

We use third-party open-source software, which could negatively affect our ability to sell our offerings, or make it easier for competitors, some of whom may have greater resources than we have, to enter our markets and compete with us.

Unlike traditional proprietary software, the core of all of our products is developed in open-source, allowing our partners and third parties to give feedback directly, report issues, contribute features, and fix bugs, which we accept and integrate into our products. Our partners are able to integrate their technology solutions and validate their integrations with continuous development. We plan to continue to develop our products in this open-source environment, and enabling third-party contributions, and the integration of open-source software from third parties into our codebase. While these open-source software licenses state that any work of authorship licensed under it may be reproduced and distributed provided that certain conditions are met, we may nevertheless be subject to suits by parties claiming ownership rights in what we believe to be permissively licensed open-source software or claiming non-compliance with the applicable open-source licensing terms.

In addition, the use of third-party open-source software may expose us to greater risks than the use of third-party commercial software because open-source licensors generally do not provide warranties or controls on the functionality or origin of the software. Use of open-source software may also present additional security risks because the public availability of such software may publicize vulnerabilities or otherwise make it easier for hackers and other third parties to determine how to compromise our platform. Any of the foregoing could be harmful to our business, results of operations, financial condition, and cash flows and could help our competitors develop products that are similar to or better than ours.

34


Table of Contents

Failure to obtain, maintain, protect, and enforce our proprietary technology and intellectual property rights could harm our business and results of operations.

Our success depends to a significant degree on our ability to obtain, maintain, protect, and enforce our intellectual property rights, including proprietary technology, methodologies, know-how, and brand. We rely on a combination of trademarks, copyrights, service marks, trade secret laws, patents, contractual restrictions, and other intellectual property laws and confidentiality procedures to establish and protect our proprietary rights. However, the steps we take to obtain, maintain, protect, and enforce our intellectual property rights may be inadequate. Our intellectual property rights may not protect our competitive position if we are unable to enforce our rights or if we do not detect unauthorized use of our intellectual property rights, or if others are successful in designing around the protections our intellectual property rights afford. If we fail to protect our intellectual property rights adequately, our competitors may gain access to our proprietary technology, develop and commercialize substantially identical products, services, or technologies, and our business may be harmed. In addition, defending our intellectual property rights might entail significant expense.

Any patents, trademarks, or other intellectual property rights that we have or may obtain may be challenged or circumvented by others or held unenforceable or invalidated through administrative process, including re-examination inter partes review, interference and derivation proceedings, and equivalent proceedings in foreign jurisdictions (e.g., opposition proceedings), or litigation. There can be no assurance that our patent applications will result in issued patents. Even if we continue to seek patent protection in the future, we may be unable to obtain further patent protection for our technology. In addition, any patents issued in the future may not provide us with competitive advantages or may be successfully challenged by third parties. There may be issued patents of which we are not aware, held by third parties that, if found to be valid and enforceable, could be alleged to be infringed by our current or future technologies or offerings. There also may be pending patent applications of which we are not aware that may result in issued patents, which could be alleged to be infringed by our current or future technologies or offerings.

Furthermore, legal standards relating to the validity, enforceability, and scope of protection of intellectual property rights are uncertain. Despite our precautions, it may be possible for unauthorized third parties to copy our products and use information that we regard as proprietary to create offerings that compete with ours. Effective patent, trademark, copyright, and trade secret protection may not be available to us in every country in which our products are available. We may be unable to prevent third parties from acquiring domain names or trademarks that are similar to, infringe upon, or diminish the value of our trademarks and other proprietary rights. We may be unable to successfully resolve these types of conflicts to our satisfaction. In some cases, litigation or other actions may be necessary to protect or enforce our trademarks and other intellectual property rights. Furthermore, third parties may assert intellectual property claims against us, and we may be subject to liability, required to enter into costly license agreements, or required to rebrand our offering or prevented from selling our offering if third parties successfully oppose or challenge our trademarks or successfully claim that we infringe, misappropriate or otherwise violate their trademarks or other intellectual property rights. The laws of some countries may not be as protective of intellectual property rights as those in the United States, and mechanisms for enforcement of intellectual property rights may be inadequate. As we expand our international activities, our exposure to unauthorized copying and use of our products and proprietary information will likely increase. Accordingly, despite our efforts, we may be unable to prevent third parties from infringing upon or misappropriating our intellectual property.

We enter into confidentiality and invention assignment agreements with our employees and consultants and enter into confidentiality agreements with other parties. No assurance can be given that these agreements will be effective in controlling access to and distribution of our proprietary information. Further, these agreements may not prevent our competitors from independently developing technologies that are substantially equivalent or superior to our products. These agreements may be breached, and we may not have adequate remedies for any such breach.

In order to protect our intellectual property rights, we may be required to spend significant resources to monitor and protect our intellectual property rights. Litigation may be necessary in the future to enforce our intellectual property rights and to protect our trade secrets. Litigation brought to protect and enforce our intellectual property rights could be costly, time-consuming, and distracting to management, and could result in the impairment or loss of portions of our intellectual property. Further, our efforts to enforce our intellectual property rights may be met with defenses, counterclaims, and countersuits attacking the validity and enforceability of our intellectual property rights and if such defenses, counterclaims, or countersuits are successful, we could lose valuable intellectual property rights. Our inability to protect our proprietary technology against unauthorized copying or use, as well as any costly litigation or diversion of our management’s attention and resources, could delay further sales or the implementation of our products, impair the functionality of our products, delay introductions of new products, result in our substituting inferior or more costly technologies into our products, or injure our reputation.

35


Table of Contents

We could incur substantial costs as a result of any claim of infringement, misappropriation, or violation of another party’s intellectual property rights.

In recent years, there has been significant litigation involving patents and other intellectual property rights in the software industry. Companies providing software are increasingly bringing and becoming subject to suits alleging infringement, misappropriation, or violation of proprietary rights, particularly patent rights, and to the extent we gain greater market visibility, we face a higher risk of being the subject of intellectual property infringement, misappropriation, or violation claims. For example, recently we and a number of other companies were sued by a non-practicing entity in Delaware federal court alleging patent infringement with respect to certain patents relating to power savings in data centers and cloud networking management, and we are vigorously defending against this lawsuit. Further, the software industry is characterized by the existence of a large number of patents, copyrights, trademarks, trade secrets, and other intellectual and proprietary rights. Companies in the software industry are often required to defend against litigation claims based on allegations of infringement, misappropriation, or other violations of intellectual property rights. Our technologies may not be able to withstand any third-party claims against their use. In addition, many companies have the capability to dedicate substantially greater resources to enforce their intellectual property rights and to defend claims that may be brought against them.

We cannot predict the outcome of lawsuits and cannot ensure that the results of any such actions will not have an adverse effect on our business, financial condition, or results of operations. Accordingly, we could incur substantial costs in prosecuting or defending any current or future intellectual property litigation. Any such intellectual property litigation could be expensive and could divert our management resources possibly leading to delays in development or commercialization of our products.

Any intellectual property litigation to which we might become a party, or for which we are required to provide indemnification, may require us to do one or more of the following:

cease selling or using products that incorporate the intellectual property rights that we allegedly infringe, misappropriate, or violate;
make substantial payments for legal fees, settlement payments, license fees, royalties, or other costs or damages;
obtain a license, which may not be available on reasonable terms or at all, to sell or use the relevant technology; or
redesign the allegedly infringing products to avoid infringement, misappropriation, or violation, which could be costly, time-consuming, or impossible.

Even if the claims do not result in litigation or are resolved in our favor, these claims, and the time and resources necessary to resolve them, could divert the resources of our management and harm our business and results of operations. We expect that the occurrence of infringement claims is likely to grow as the market for our platform for data in motion and our offering grows. Accordingly, our exposure to damages resulting from infringement claims could increase, and this could further exhaust our financial and management resources.

If we are required to make substantial payments or undertake any of the other actions noted above as a result of any intellectual property infringement, misappropriation, or violation claims against us or any obligation to indemnify our customers for such claims, such payments or actions could harm our business.

Indemnity provisions in various agreements potentially expose us to substantial liability for intellectual property infringement, misappropriation, violation, and other losses.

Our agreements with customers and other third parties may include indemnification provisions under which we agree to indemnify them for losses suffered or incurred as a result of claims of intellectual property infringement, misappropriation, or violation, damages caused by us to property or persons, or other liabilities relating to or arising from our software, services, or other contractual obligations. Large indemnity obligations and payments could disrupt and harm our business, results of operations, and financial condition. Although we generally attempt to contractually limit our liability with respect to such indemnity obligations, our efforts may not always be successful, and we may still incur substantial liability related to them even when subject to limitations. Any dispute with a customer with respect to such obligations could have adverse effects on our relationship with that customer and other existing customers and new customers and harm our business and results of operations.

36


Table of Contents

Risks Related to our Regulatory, Legal, Tax, and Accounting Environment

In connection with the operation of our business, we may collect, store, transfer, and otherwise process certain personal data and personally identifiable information, and our products help our customers do so as well. As a result, our business is subject to a variety of government and industry regulations, as well as other obligations, related to privacy, data protection, and data security.

Privacy, data protection, and data security have become significant issues in various jurisdictions where we offer our products and increasingly so as we gain more traction with our cloud offerings. We process certain personal data as part of our business operations, and our Vault product is specifically designed to assist our customers with management of their private and sensitive information. As we develop our cloud offerings and are able to process more data in the cloud, these issues become more significant. The regulatory frameworks for privacy, data protection, and data security issues worldwide are rapidly evolving and are likely to remain uncertain for the foreseeable future, particularly for data processed in the cloud. Federal, state, and non-U.S. government bodies or agencies have in the past adopted, and may in the future adopt, new laws and regulations or may make amendments to existing laws and regulations affecting data protection, data privacy, and/or data security and/or regulating the use of the internet as a commercial medium. Industry organizations also regularly adopt and advocate for new standards in these areas, and we are bound by certain contractual obligations relating to our use, storage, security, and other processing of personal data and other personally identifiable information. We also post privacy policies and have made, and may make, other representations regarding our privacy and data security practices. If we fail to comply with any of these laws, regulations, standards, or other obligations, or such public representations, or are alleged to have done so, we may be subject to investigations, enforcement actions, civil litigation, fines, and other penalties, all of which may generate negative publicity and have a negative impact on our business.

In the United States, we may be subject to investigation and/or enforcement actions brought by federal agencies and state attorneys general and consumer protection agencies. We publicly post policies and other documentation regarding our practices concerning the processing, use, and disclosure of personally identifiable information. Although we endeavor to comply with our published policies and documentation, we may at times fail to do so or be alleged to have failed to do so. The publication of our privacy policy and other documentation that provide promises and assurances about privacy and security can subject us to potential state and federal action if they are found to be deceptive, unfair, or misrepresentative of our actual practices.

Many states have enacted privacy and data security laws. For example, the California Consumer Privacy Act, or CCPA, which took effect on January 1, 2020, gives California residents expanded rights to access and delete their personal information, opt-out of certain personal information sharing, and receive detailed information about how their personal information is used. The CCPA provides for civil penalties for violations, as well as a private right of action for data breaches that is expected to increase data breach litigation. Some observers have noted that the CCPA could mark the beginning of a trend toward more stringent privacy legislation in the United States. California has already adopted a new law, the California Privacy Rights Act of 2020, or CPRA, that will substantially expand the CCPA effective January 1, 2023. Additionally, other U.S. states continue to propose, and in certain cases adopt, privacy-focused legislation such as Colorado and Virginia. Aspects of these state laws remain unclear, resulting in further uncertainty and potentially requiring us to modify our data practices and policies and to incur substantial additional costs and expenses in an effort to comply. A patchwork of differing state privacy and data security requirements would increase the cost and complexity of operating our business and increase our exposure to liability.

Internationally, we or our customers must comply with the data security, privacy, and data protection requirements of each of the jurisdictions we operate in. Within the European Union, the European General Data Protection Regulation, or the GDPR, became fully effective on May 25, 2018, and applies to the processing (which includes the collection and use) of certain personal data. The GDPR imposes substantial obligations and risk upon our business. Administrative fines under the GDPR can amount up to 20 million Euros or four percent of the group’s annual global turnover, whichever is highest. We may be required to incur substantial expense and to make significant changes to our business operations in an effort to comply with the obligations imposed by the GDPR, all of which may adversely affect our revenue and our business overall. Additionally, because the GDPR lacks a long enforcement history, we are unable to predict fully how the GDPR may be applied to us. Despite our efforts to attempt to comply with the GDPR, a regulator may determine that we have not done so and subject us to fines and public censure, which could harm our company.

European privacy, data security, and data protection laws, including the GDPR, regulate and generally restrict the transfer of the personal data subject from Europe, including the European Economic Area, or EEA, the United Kingdom, and Switzerland, to third countries that have not been found to provide adequate protection to such personal data, including

37


Table of Contents

the United States unless the parties to the transfer have implemented specific safeguards to protect the transferred personal data. The safeguard on which we have primarily relied for such transfers has been implementation of the European Commission’s Standard Contractual Clauses, or SCCs, in our relevant data transfer agreements. We have undertaken certain efforts to conform transfers of personal data from the European Economic Area, or the EEA, to the United States and other jurisdictions based on our understanding of current regulatory obligations and the guidance of data protection authorities. The EU-U.S. Privacy Shield program administered by the U.S. Department of Commerce, to which we have self-certified, was invalidated in the “Schrems II” decision issued by the Court of Justice of the European Union, or CJEU, on July 16, 2020. On September 8, 2020, the Swiss Federal Data Protection and Information Commissioner invalidated the Swiss-U.S. Privacy Shield on similar grounds. In its July 16, 2020 opinion, the CJEU imposed additional obligations on companies when relying on SCCs to transfer personal data. The CJEU decision may result in European data protection regulators applying differing standards for, and requiring ad hoc verification of, transfers of personal data from Europe to the U.S. The European Commission has published revised SCCs addressing the CJEU concerns on June 4, 2021, that are required to be implemented over time. The United Kingdom also has adopted new standard contractual clauses, or the UK SCCs, that are anticipated to become effective as of March 21, 2022, and which are required to be implemented over time. The CJEU’s Schrems II decision, the revised SCCs and UK SCCs, guidance and opinions of regulators, and other developments relating to cross-border data transfer may require us to implement additional contractual and technical safeguards for any personal data transferred out of Europe, which may increase compliance costs, lead to increased regulatory scrutiny or liability, and which may adversely impact our business, financial condition and operating results.

We may also experience hesitancy, reluctance, or refusal by European or multi-national customers to continue to use our products, or by current or potential new customers to consider or adopt our fully managed HCP cloud offerings, due to the potential risk exposure to such customers as a result of shifting business sentiment in Europe regarding international data transfers and the data protection obligations imposed on them. We may find it necessary to establish systems to maintain personal data originating from Europe in Europe, which may involve substantial expense and may cause us to need to divert resources from other aspects of our business, all of which may adversely affect our business. We may be unsuccessful in maintaining the conforming means of transferring personal data from Europe to other jurisdictions. We, and our customers, may face a risk of enforcement actions taken by European data protection authorities relating to cross-border personal data transfers.

In addition to the GDPR, the European Commission has another draft regulation in the approval process that focuses on a person’s right to conduct a private life. The proposed legislation, known as the Regulation of Privacy and Electronic Communications, or the ePrivacy Regulation, would replace the current ePrivacy Directive. Originally planned to be adopted and implemented at the same time as the GDPR, the ePrivacy Regulation is still being negotiated. Most recently, on February 10, 2021, the Council of the EU agreed on its version of the draft ePrivacy Regulation. If adopted, the earliest date for entry into force is in 2023, with broad potential impacts on the use of internet-based services and tracking technologies, such as cookies. Aspects of the ePrivacy Regulation remain for negotiation between the European Commission and the Council. We expect to incur additional costs to comply with the requirements of the ePrivacy Regulation as it is finalized for implementation.

Further, the United Kingdom enacted a Data Protection Act in May 2018 that substantially implements the GDPR, and has implemented legislation referred to as the “UK GDPR” that generally provides for the GDPR to be implemented in the United Kingdom following Brexit and the transition period that ended on December 31, 2020. This legislation provides for substantial penalties for noncompliance of up to the greater of £17.5 million or four percent of worldwide revenues. While the EU has deemed the United Kingdom an “adequate country” to which personal data could be exported from the EEA, this decision is required to be renewed after four years of being in effect and may be modified, revoked, or challenged in the interim, creating uncertainty regarding transfers of personal data to the United Kingdom from the EEA. Some countries also are considering or have passed legislation requiring local storage and processing of data, or similar requirements, which could increase the cost and complexity of delivering our products.

Finally, we publish privacy policies and other documentation regarding our collection, use, disclosure, and other processing of personal information. Although we endeavor to adhere to these policies and documentation, we and the third parties on which we rely may at times fail to do so or may be perceived to have failed to do so. Such failures could subject us to regulatory enforcement action as well as costly legal claims by affected individuals or our customers.

Because the interpretation and application of many laws and regulations relating to privacy, data protection, and data security, along with industry standards, are uncertain, particularly as they relate to our cloud offerings, it is possible that these laws and regulations may be interpreted and applied in a manner that is inconsistent with our existing data management practices or the features of our products, and we could face fines, lawsuits, regulatory investigations, and

38


Table of Contents

other claims and penalties, and we could be required to fundamentally change our products or our business practices, which could have an adverse effect on our business. Any inability to adequately address privacy, data protection, and data security concerns, even if unfounded, or any actual or perceived failure to comply with applicable privacy, data protection, and data security laws, regulations, and other obligations, could result in additional cost and liability to us, damage our reputation, inhibit sales, and adversely affect our business. Furthermore, the costs of compliance with, and other burdens imposed by, the laws, regulations, and policies that are applicable to the businesses of our customers may limit the use and adoption of, and reduce the overall demand for, our products. Privacy, data protection, and data security concerns, whether valid or not valid, may inhibit market adoption of our products, particularly in certain industries and countries outside of the United States. If we are not able to adjust to changing laws, regulations, and standards related to the internet, our business may be harmed.

We are subject to governmental export and import controls that could impair our ability to compete in international markets or subject us to liability if we violate these controls.

Our software may be subject to U.S. export control laws and regulations including the Export Administration Regulations, or EAR, and trade and economic sanctions maintained by the Office of Foreign Assets Control, or OFAC. As such, an export license may be required to export or re-export our products to certain countries, end-users, and end-uses. Because we incorporate encryption functionality into our products, we also are subject to certain U.S. export control laws that apply to encryption items. If we were to fail to comply with such U.S. export controls laws and regulations, U.S. economic sanctions, or other similar laws, we could be subject to both civil and criminal penalties, including substantial fines, possible incarceration for employees and managers for willful violations, and the possible loss of our export or import privileges. Obtaining the necessary export license for a particular sale or offering may not be possible and may be time-consuming and may result in the delay or loss of sales opportunities. Furthermore, U.S. export control laws and economic sanctions prohibit the export of products to certain U.S. embargoed or sanctioned countries, governments and persons, as well as for prohibited end-uses. For example, following Russia’s invasion of Ukraine, the United States and other countries imposed economic sanctions and severe export control restrictions against Russia and Belarus and could impose wider sanctions and export restrictions and take other actions should the conflict continue to escalate. While we currently do not have any significant exposure, any exports or sales of our software or services into Russia and Belarus may be impacted by these restrictions. Monitoring and ensuring compliance with these complex U.S. export control laws is particularly challenging because our offerings are widely distributed throughout the world and are available for download without registration. Even though we take precautions to ensure that we and our partners comply with all relevant export control laws and regulations, any failure by us or our partners to comply with such laws and regulations could have negative consequences for us, including reputational harm, government investigations, and penalties.

In addition, various countries regulate the import of certain encryption technology, including through import permit and license requirements, and have enacted laws that could limit our ability to distribute our products or could limit our end-customers’ ability to implement our products or services in those countries. Additionally, export restrictions recently imposed on Russia and Belarus limit the export of encryption software and related source code and technology to these locations which limits our ability to provide our software and, in some cases services, to these countries. Changes in our products or changes in export and import regulations in such countries may create delays in the introduction of our products into international markets, prevent our end-customers with international operations from deploying our products globally, or, in some cases, prevent or delay the export or import of our products to certain countries, governments, or persons altogether. Any change in export or import laws or regulations, economic sanctions, or related legislation, shift in the enforcement or scope of existing export, import, or sanctions laws or regulations, or change in the countries, governments, persons, or technologies targeted by such export, import, or sanctions laws or regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential end-customers with international operations. Any decreased use of our products or limitation on our ability to export to or sell our products in international markets could adversely affect our business, financial condition, and operating results.

Failure to comply with anti-bribery, anti-corruption, and anti-money laundering laws could subject us to penalties and other adverse consequences.

We are subject to the FCPA, the U.K. Bribery Act, and other anti-corruption, anti-bribery, and anti-money laundering laws in various jurisdictions, both domestic and abroad. We leverage third parties, including channel partners, to sell our offerings and conduct our business abroad. We and our third-party intermediaries may have direct or indirect interactions with officials and employees of government agencies or state-owned or affiliated entities and may be held liable for the corrupt or other illegal activities of these third-party business partners and intermediaries, our employees, representatives, contractors, partners, and agents, even if we do not explicitly authorize such activities. While we have policies and

39


Table of Contents

procedures to address compliance with such laws, we cannot assure you that all of our employees and agents will not take actions in violation of our policies and applicable law, for which we may be ultimately held responsible. Any violation of the FCPA or other applicable anti-bribery, anti-corruption laws, and anti-money laundering laws could result in whistleblower complaints, adverse media coverage, investigations, loss of export privileges, severe criminal or civil sanctions, or suspension or debarment from U.S. government contracts, all of which may have an adverse effect on our reputation, business, operating results, and prospects.

Changes in laws and regulations related to the internet or changes in the internet infrastructure itself may diminish the demand for our products, and could adversely affect our business, results of operations, and financial condition.

The future success of our business depends upon the continued use of the internet as a primary medium for commerce, communications, and business applications. Federal, state, or foreign government bodies or agencies have in the past adopted, and may in the future adopt, laws or regulations affecting the use of the internet as a commercial medium. Changes in these laws or regulations could require us to modify our products and platform in order to comply with these changes. In addition, government agencies or private organizations have imposed and may impose additional taxes, fees, or other charges for accessing the internet or commerce conducted via the internet. These laws or charges could limit the growth of internet-related commerce or communications generally, or result in reductions in the demand for internet-based products such as our products and platform. In addition, the use of the internet as a business tool could be adversely affected due to delays in the development or adoption of new standards and protocols to handle increased demands of internet activity, security, reliability, cost, ease of use, accessibility, and quality of service. The performance of the internet and its acceptance as a business tool has been adversely affected by “viruses,” “worms,” and similar malicious programs. If the use of the internet is reduced as a result of these or other issues, then demand for our products could decline, which could adversely affect our business, results of operations, and financial condition.

Any legal proceedings or claims against us could be costly and time consuming to defend and could harm our reputation regardless of the outcome.

We are and may in the future become subject to legal proceedings and claims that arise in the ordinary course of business, including patent infringement, other intellectual property, privacy and data protection, data security, torts, securities, employment, contractual rights, or other legal claims. Such matters can be time-consuming, divert management’s attention and resources, cause us to incur significant expenses or liability, or require us to change our business practices. In addition, the expense of litigation and the timing of this expense from period to period are difficult to estimate, subject to change, and could adversely affect our financial condition and results of operations. Because of the potential risks, expenses, and uncertainties of litigation, we may, from time to time, settle disputes, even where we have meritorious claims or defenses, by agreeing to settlement agreements. Any of the foregoing could adversely affect our business, financial condition, and results of operations.

Unanticipated changes in effective tax rates or adverse outcomes resulting from examination of our income or other tax returns could expose us to greater than anticipated tax liabilities.

Our income tax obligations are based in part on our corporate structure and intercompany arrangements, including the manner in which we develop, value, and use our intellectual property and the valuations of our intercompany transactions. The tax laws applicable to our business, including the laws of the United States and other jurisdictions, are subject to interpretation and certain jurisdictions may aggressively interpret their laws in an effort to raise additional tax revenue. The taxing authorities of the jurisdictions in which we operate may challenge our methodologies for valuing developed technology or intercompany arrangements, which could increase our worldwide effective tax rate and harm our financial position and results of operations. It is possible that tax authorities may disagree with certain positions we have taken and any adverse outcome of such a review or audit could have a negative effect on our financial position and results of operations. Further, the determination of our worldwide provision for income taxes and other tax liabilities requires significant judgment by management, and there are transactions where the ultimate tax determination is uncertain. Although we believe that our estimates are reasonable, the ultimate tax outcome may differ from the amounts recorded in our consolidated financial statements and may materially affect our financial results in the period or periods for which such determination is made.

40


Table of Contents

Our ability to use our net operating loss carryforwards to offset future taxable income may be subject to certain limitations.

As of January 31, 2022, we had U.S. federal and state net operating loss carryforwards of $647.8 million and $498.3 million, respectively, which may be utilized against future income taxes and begin to expire in 2034 and 2025 for federal and state purposes, respectively. Limitations imposed by the applicable jurisdictions on our ability to utilize net operating loss carryforwards could cause income taxes to be paid earlier than would be paid if such limitations were not in effect and could cause such net operating loss carryforwards to expire unused, in each case reducing or eliminating the benefit of such net operating loss carryforwards. Furthermore, we may not be able to generate sufficient taxable income to utilize our net operating loss carryforwards before they expire. If any of these events occur, we may not derive some or all of the expected benefits from our net operating loss carryforwards.

Utilization of our net operating loss carryforwards and other tax attributes, such as research and development tax credits, may be subject to annual limitations, or could be subject to other limitations on utilization or benefit due to the ownership change limitations provided by Sections 382 and 383 of the U.S. Internal Revenue Code of 1986, as amended, or the Code, and other similar provisions. Under Sections 382 and 383 of the Code, if a corporation undergoes an “ownership change,” the corporation’s ability to use its pre-change net operating loss carryforwards and other pre-change attributes, such as research tax credits, to offset its post-change income may be limited. In general, an “ownership change” will occur if there is a cumulative change in our ownership by “5-percent stockholders” that exceeds 50 percentage points over a rolling three-year period. Similar rules may apply under state tax laws. We may have experienced various ownership changes, as defined by the Code, as a result of past financing transactions (or other activities), and we may experience ownership changes in the future as a result of subsequent changes in our stock ownership, some of which may be outside our control. Accordingly, our ability to utilize the aforementioned carryforwards may be limited.

Further, the Tax Cuts and Jobs Act of 2017, or the Tax Act, changed the federal rules governing net operating loss carryforwards. For net operating loss carryforwards arising in tax years beginning after December 31, 2017, the Tax Act limits a taxpayer’s ability to utilize such carryforwards in tax years beginning after December 31, 2020 to 80% of taxable income for tax years beginning after December 31, 2020. Net operating loss carryforwards generated before January 1, 2018 (which represent the substantial majority of our net operating losses as of January 31, 2021) will not be subject to the Tax Act’s 80% taxable income limitation and will continue to have a twenty-year carryforward period. Nevertheless, our net operating loss carryforwards and other tax assets could expire before utilization and could be subject to limitations, which could harm our business, revenue, and financial results.

Our corporate structure and intercompany arrangements are subject to the tax laws of various jurisdictions, and we could be obligated to pay additional taxes, which would harm our results of operations.

Based on our current corporate structure, we may be subject to taxation in several jurisdictions around the world with increasingly complex tax laws, the application of which can be uncertain. The amount of taxes we pay in these jurisdictions could increase substantially as a result of changes in the applicable tax principles, including increased tax rates, new tax laws, or revised interpretations of existing tax laws and precedents. In addition, the authorities in the jurisdictions in which we operate through our subsidiaries could review our tax returns or require us to file tax returns in jurisdictions in which we are not currently filing, and could impose additional tax, interest, and penalties. These authorities could also claim that various withholding requirements apply to us or our subsidiaries, assert that benefits of tax treaties are not available to us or our subsidiaries, or challenge our methodologies for valuing developed technology or intercompany arrangements, including our transfer pricing. The relevant taxing authorities may determine that the manner in which we operate our business does not achieve the intended tax consequences. If such a disagreement was to occur, and our position was not sustained, we could be required to pay additional taxes, and interest and penalties. Such authorities could claim that various withholding requirements apply to us or our subsidiaries or assert that benefits of tax treaties are not available to us or our subsidiaries. Any increase in the amount of taxes we pay or that are imposed on us could increase our worldwide effective tax rate and harm our business and results of operations.

41


Table of Contents

The enactment of legislation implementing changes in the United States of taxation of international business activities or the adoption of other tax reform policies could materially impact our financial position and results of operations.

Legislation or other changes to U.S. tax laws, including those that increase the U.S. corporate tax rate, could impact the tax treatment of our earnings. Due to expansion of our international business activities, such proposed changes, as well as regulations and legal decisions interpreting and applying these changes may increase our worldwide effective tax rate and adversely affect our financial position and results of operations.

Taxing authorities may successfully assert that we should have collected or in the future should collect sales and use, value added, or similar taxes, and we could be subject to liability with respect to past or future sales, which could adversely affect our results of operation.

We may not collect sales and use, value added, or similar taxes in all jurisdictions in which we are deemed to have sales, and we have been advised that such taxes are not applicable to our products in certain jurisdictions. Sales and use, value added, and similar tax laws and rates vary greatly by jurisdiction. Certain jurisdictions in which we do not collect such taxes may assert that such taxes are applicable, which could result in tax assessments, penalties, and interest, to us or our end-customers for the past amounts, and we may be required to collect such taxes in the future. If we are unsuccessful in collecting such taxes from our end-customers, we could be held liable for such costs. Such tax assessments, penalties and interest, or future requirements may adversely affect our results of operations.

If our estimates or judgments relating to our critical accounting policies are based on assumptions that change or prove to be incorrect, our results of operations could fall below expectations of investors.

The preparation of our consolidated financial statements requires management to make estimates and assumptions that affect the amounts reported in those consolidated financial statements. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, the results of which form the basis for making judgments about the carrying values of assets, liabilities, equity, revenue, and expenses that are not readily apparent from other sources. Our results of operations may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our results of operations to fall below our publicly announced guidance or the expectations of investors. Significant assumptions and estimates used in preparing our consolidated financial statements include those related to the determination of stand-alone selling prices of our performance obligations in revenue agreements, measurement of stock-based compensation expense, the capitalization and estimated period of benefit of deferred contract acquisition costs, and accounting for income taxes including deferred tax assets and liabilities.

Changes in accounting principles and guidance could result in unfavorable accounting charges or effects.

We prepare our consolidated financial statements in accordance with principles generally accepted in the United States. These principles are subject to interpretation by the SEC and various bodies formed to create and interpret appropriate accounting principles and guidance. Changes in existing accounting rules or practices, new accounting pronouncements rules, or varying interpretations of current accounting pronouncements practice could harm our results of operations or the manner in which we conduct our business. Further, such changes could potentially affect our reporting of transactions completed before such changes are effective. GAAP is subject to interpretation by the Financial Accounting Standards Board, or FASB, the SEC, and various bodies formed to promulgate and interpret appropriate accounting principles. A change in these principles or interpretations could have a significant effect on our reported financial results, and could affect the reporting of transactions completed before the announcement of a change. Additionally, if there are changes to certain of our facts-and-circumstances or if regulators changed their interpretation, we might be required to change the way we report our financial results.

General Risks Related to Us

Acquisitions, strategic investments, partnerships, or alliances could be difficult to identify, pose integration challenges, divert the attention of management, disrupt our business, dilute stockholder value, and adversely affect our business, financial condition, and results of operations.

We expect in the future seek to acquire or invest in businesses, joint ventures, and platform technologies that we believe could complement or expand our platform, enhance our technology, or otherwise offer growth opportunities. We

42


Table of Contents

may devote resources to exploring larger and more complex acquisitions and investments than we have previously attempted. Any such acquisitions or investments may divert the attention of management and cause us to incur various expenses in identifying, investigating, and pursuing suitable opportunities, whether or not the transactions are completed, and may result in unforeseen operating difficulties and expenditures. In particular, we may encounter difficulties assimilating or integrating the businesses, technologies, products, personnel, or operations of any acquired companies, particularly if the key personnel of an acquired company choose not to work for us, their software is not easily adapted to work with our platform, or we have difficulty retaining the customers of any acquired business due to changes in ownership, management, or otherwise. In addition, we have limited experience in acquiring other businesses. If an acquired business fails to meet our expectations, our operating results, and business and financial position may suffer. We may not be able to find and identify desirable acquisition targets, we may incorrectly estimate the value of an acquisition target, and we may not be successful in entering into an agreement with any particular target. Further, any such transactions that we are able to complete may not result in the synergies or other benefits we expect to achieve, including the introduction of new products or enhancements to existing products, which could result in substantial impairment charges. These transactions could also result in dilutive issuances of equity securities or the incurrence of debt, which could adversely affect our results of operations.

If we fail to maintain an effective system of internal control over financial reporting, we may be unable to maintain accurate financial records or prevent fraud, and investor confidence may, therefore, be adversely affected.

We maintain internal control over financial reporting designed to provide reasonable assurance regarding the preparation of financial statements in accordance with generally accepted accounting principles. Because of its inherent limitations, internal control over financial reporting may not prevent or detect all misstatements or prevent all fraud. Moreover, we may be subject to material weaknesses in such internal controls. Our design and implementation of internal controls is time-consuming, costly, and complicated. If we fail to maintain adequate internal control over financial reporting, we may suffer inaccuracies in our financial statements, we may be subject to increased likelihood of fraud, and investors may lose confidence in the accuracy and completeness of our financial statements, any of which could require additional financial and management resources.

Our failure to maintain capital at our current level, raise additional capital, or generate the capital necessary to expand our operations and invest in new products could reduce our ability to compete and could harm our business.

Historically, we have financed our operations primarily through the sale of our equity securities as well as payments received from customers using our products and services. We intend to continue to make investments to support our business growth and may require additional funds to respond to business challenges, including the need to develop new features or otherwise enhance our offerings, improve our operating infrastructure, or acquire complementary businesses and technologies. Accordingly, we may need to engage in equity or debt financings to secure additional funds. If we raise additional funds through future issuances of equity or convertible debt securities, our existing stockholders could suffer significant dilution, and any new equity securities we issue could have rights, preferences, and privileges superior to current holders of our securities. Any debt financing that we may secure in the future could involve restrictive covenants relating to our capital raising activities and other financial and operational matters, which may make it more difficult for us to obtain additional capital and to pursue business opportunities, including potential acquisitions. We may not be able to obtain additional financing on terms that are favorable to us, if at all.

Our credit facility provides our lender with a first-priority lien against substantially all of our assets and contains restrictive covenants which could limit our operational flexibility and otherwise adversely affect our financial condition.

Our revolving credit facility allows us to borrow up to $50.0 million, and we have not borrowed any amounts under this agreement. In the event we borrow amounts under our credit facility, we will become subject to a number of covenants that may limit our ability to, among other things, transfer or dispose of assets, pay dividends or make distributions, incur additional indebtedness, create liens, make investments, loans and acquisitions, engage in transactions with affiliates, merge or consolidate with other companies, and sell substantially all of our assets. Our credit facility is secured by substantially all of our assets. The terms of our credit facility may restrict our current and future operations and could adversely affect our ability to finance our future operations or capital needs, execute preferred business strategies, make it more difficult for us to successfully execute our business strategy, and compete against companies who are not subject to such restrictions. Additionally, any obligations to repay principal and interest on our indebtedness make us vulnerable to economic or market downturns.

43


Table of Contents

Our failure to comply with the covenants or payment requirements, or other events specified in our credit facility, could result in an event of default and our lender may accelerate our obligations under our credit facility and foreclose upon the collateral, or we may be forced to sell assets, restructure our indebtedness, or seek additional equity capital, which would dilute our stockholders’ interests. Our failure to comply with any covenant could result in an event of default under the agreement and the lender could make the entire debt immediately due and payable. If this occurs, we might not be able to repay our debt or borrow sufficient funds to refinance it. Even if new financing is available, it may not be on terms that are acceptable to us.

If our goodwill or intangible assets become impaired, we may be required to record a significant charge to earnings.

We review our intangible assets for impairment when events or changes in circumstances indicate the carrying value may not be recoverable. Goodwill is required to be tested for impairment at least annually. An adverse change in market conditions, particularly if such change has the effect of changing one of our critical assumptions or estimates, could result in a change to the estimation of fair value that could result in an impairment charge to our goodwill or intangible assets. Any such charges may adversely affect our results of operations.

We are exposed to fluctuations in currency exchange rates, and interest rates, and inflation, which could negatively affect our results of operations and our ability to invest and hold our cash.

Our sales are denominated in U.S. dollars, and therefore our revenue is not subject to foreign currency risk. However, a strengthening of the U.S. dollar could increase the real cost of our platform to our customers outside of the United States, which could adversely affect our results of operations. In addition, an increasing portion of our operating expenses is incurred outside of the United States.

These operating expenses are denominated in foreign currencies and are subject to fluctuations due to changes in foreign currency exchange rates. In the future, we expect to have sales denominated in currencies other than the U.S. dollar, which will subject our revenue to foreign currency risk. If we are not able to successfully hedge against the risks associated with currency fluctuations, our results of operations could be adversely affected.

The United States has recently experienced historically high levels of inflation. According to the U.S. Department of Labor, the annual inflation rate for the United States was approximately 7.0% for the 12 months ended December 31, 2021. If the inflation rate continues to increase, such as increases in the costs of labor and supplies, it will affect our expenses, such as employee compensation which accounts for a significant portion of our operating expenses. Additionally, the United States is experiencing an acute workforce shortage, which in turn, has created a hyper-competitive wage environment that may increase our operating costs. To the extent inflation results in rising interest rates and has other adverse effects on the market, it may adversely affect our consolidated financial condition and results of operations.

Catastrophic events, or man-made problems such as terrorism or climate change, may disrupt our business.

A significant natural disaster, such as an earthquake, fire, flood, or significant power outage, and the risks associated with climate change could have an adverse impact on our business, results of operations, and financial condition. We have a number of our employees and executive officers located in the San Francisco Bay Area, a region known for seismic activity, drought, and wildfires, and the resultant air quality impacts and power outages associated with such wildfires. Furthermore, it is more difficult to mitigate the impact of these events on our employees while they work from home as a result of the COVID-19 pandemic.

In addition, acts of terrorism, pandemics, such as the outbreak of the novel coronavirus or another public health crisis, protests, riots, and the increasing frequency and impact of extreme weather events on critical infrastructure in the U.S. and elsewhere have the potential to disrupt our business, the business of our third-party suppliers, and the business of our customers, and may cause us to experience higher attrition, losses, and additional costs to maintain or resume operations. Additionally, any disruption in the business of our partners or customers that affects sales in a given fiscal quarter could have a significant adverse impact on our quarterly results for that and future quarters. All of the aforementioned risks may be further increased if our course of action in response to catastrophic events prove to be inadequate.

In February 2022, armed conflict escalated between Russia and Ukraine. The sanctions announced by the U.S. and other countries against Russia, following Russia’s invasion of Ukraine, to date include restrictions on selling or importing goods, services, or technology in or from affected regions and travel bans and asset freezes impacting connected individuals and political, military, business, and financial organizations in Russia. The United States and other countries could impose

44


Table of Contents

wider sanctions and take other actions should the conflict further escalate. It is not possible to predict the broader consequences of this conflict, which could include further sanctions, embargoes, regional instability, prolonged periods of higher inflation, geopolitical shifts, and adverse effects on macroeconomic conditions, currency exchange rates, and financial markets, all of which could have a material adverse effect on our business, financial condition, and results of operations.

Health epidemics, including the COVID-19 pandemic, have had, and could in the future have, an adverse impact on our business, operations, and the markets and communities in which we, our partners, and customers operate.

Our business and operations could be adversely affected by health epidemics, including the COVID-19 pandemic, impacting the markets and communities in which we, our partners, and customers operate. The ongoing global COVID-19 pandemic has adversely impacted, and may continue to adversely impact, certain parts of our business. In industries that were heavily impacted by the pandemic, such as travel and hospitality, we experienced a slowdown in customer spending on our products. Additionally, we also took responsive measures to the pandemic that impacted our business. For example, we suspended non-essential travel by our employees, required events to be held virtually, and temporarily closed our offices. These responsive measures negatively impacted our in-person conferences, the length and variability of our sales cycles, the rate of sales to new customers, our international operations, and the hiring and onboarding of new employees across the organization.

The pandemic was also a contributing factor that also led to existing and potential customers accelerating transitions for some customers to the cloud. As a result, we believe the value of our offering has become increasingly relevant during the course of the pandemic, which may result in a positive impact on our business over the long term. However, if customers do not transition to the cloud at anticipated rates, we may not experience these anticipated benefits.

The extent of the impact of the COVID-19 pandemic on our customers and our customers’ response to the COVID-19 pandemic is difficult to assess or predict, and we may be unable to accurately forecast our revenues or financial results, especially given that the long-term impact of the pandemic remains uncertain. Our results of operations could be materially above or below our forecasts, which could adversely affect our results of operations, disappoint analysts and investors, and/or cause our stock price to decline.

The global impact of COVID-19 continues to evolve, and we will continue to monitor the situation closely. The ultimate impact of the COVID-19 pandemic or a similar health epidemic is highly uncertain and subject to change. We do not yet know the full extent of potential delays or impacts on our business, operations, ability to access capital, or the global economy as a whole. While the spread of COVID-19 may be contained or mitigated, there is no guarantee that a future outbreak of this or any other widespread epidemics will not occur, or that the global economy will recover, either of which could harm our business.

Risks Related to the Ownership of our Common Stock

The market price for our Class A common stock may be volatile or may decline regardless of our operating performance.

The market price of our Class A common stock may be highly volatile and may fluctuate or decline substantially as a result of a variety of factors, many of which are beyond our control, including:

actual or anticipated changes or fluctuations in our results of operations;
the financial projections we may provide to the public, any changes in these projections or our failure to meet these projections;
announcements by us or our competitors of new offerings or new or terminated significant contracts, commercial relationships, or capital commitments;
industry or financial analyst or investor reaction to our press releases, other public announcements, and filings with the SEC;
rumors and market speculation involving us or other companies in our industry;
future sales or expected future sales of shares of our Class A common stock;
investor perceptions of us and the industries in which we operate;

45


Table of Contents

price and volume fluctuations in the overall stock market from time to time;
changes in operating performance and stock market valuations of other technology companies generally, or those in our industry in particular;
the expiration of contractual lock-up agreements and sales of shares of our Class A common stock by us or our stockholders;
failure of industry or financial analysts to maintain coverage of us, changes in financial estimates by any analysts who follow our company, or our failure to meet these estimates or the expectations of investors;
actual or anticipated developments in our business or our competitors’ businesses or the competitive landscape generally;
litigation involving us, our industry or both, or investigations by regulators into our operations or those of our competitors;
developments or disputes concerning our intellectual property rights or our solutions, or third-party proprietary rights;
announced or completed acquisitions of businesses or technologies by us or our competitors;
actual or perceived breaches of, or failures relating to, privacy, data protection, or data security;
interruptions, delays, or outages of our platform;
new laws or regulations or new interpretations of existing laws or regulations applicable to our business;
any major changes in our management or our board of directors;
general economic conditions and slow or negative growth of our markets; and
other events or factors, including those resulting from war, incidents of terrorism, or responses to these events.

The dual-class structure of our common stock as contained in our amended and restated certificate of incorporation has the effect of concentrating voting control with those stockholders who held our stock prior to the initial public offering, including our executive officers, employees, and directors and their affiliates, and limiting your ability to influence corporate matters, which could adversely affect the trading price of our Class A common stock.

Our Class B common stock has 10 votes per share, and our Class A common stock has one vote per share. As of January 31, 2022, our executive officers and directors and their affiliates together hold and/or control approximately 37.6% of the voting power of our outstanding common stock, and Armon Dadgar and Mitchell Hashimoto, our co-founders, together hold and/or control approximately 22.4% of the voting power of our outstanding common stock. As a result, our executive officers, directors, and other affiliates have significant influence over our management and affairs and over all matters requiring stockholder approval, including election of directors and significant corporate transactions, such as a merger or other sale of the company or our assets, for the foreseeable future.

In addition, the holders of Class B common stock collectively will continue to be able to control all matters submitted to our stockholders for approval even if their stock holdings represent less than 50% of the outstanding shares of our common stock. Because of the 10-to-1 voting ratio between our Class B common stock and Class A common stock, the holders of our Class B common stock collectively will continue to control a majority of the combined voting power of our common stock even when the shares of Class B common stock represent as little as 10% of all outstanding shares of our Class A common stock and Class B common stock. This concentrated control will limit your ability to influence corporate matters for the foreseeable future, and, as a result, the market price of our Class A common stock could be adversely affected.

Future transfers or voluntary conversions by holders of shares of Class B common stock will generally result in those shares converting to shares of Class A common stock, which will have the effect, over time, of increasing the relative voting power of those holders of Class B common stock who retain their shares in the long term. Certain permitted transfers, as specified in our amended and restated certificate of incorporation, will not result in shares of Class B common stock automatically converting to shares of Class A common stock, including certain estate planning transfers as well as transfers to our founders or our founders’ estates or heirs upon death or incapacity of such founder.

46


Table of Contents

FTSE Russell and Standard & Poor’s do not allow most newly public companies utilizing dual or multi-class capital structures to be included in their indices. Affected indices include the Russell 2000 and the S&P 500, S&P MidCap 400, and S&P SmallCap 600, which together make up the S&P Composite 1500. Also, in 2017, MSCI, a leading stock index provider, opened public consultations on its treatment of no-vote and multi-class structures and temporarily barred new multi-class listings from certain of its indices; however, in October 2018, MSCI announced its decision to include equity securities “with unequal voting structures” in its indices and to launch a new index that specifically includes voting rights in its eligibility criteria. Under the announced policies, our dual-class capital structure makes us ineligible for inclusion in certain indices, and as a result, mutual funds, exchange-traded funds, and other investment vehicles that attempt to passively track these indices will not be investing in our stock. In addition, we cannot assure you that other stock indices will not take similar actions. Given the sustained flow of investment funds into passive strategies that seek to track certain indices, exclusion from certain stock indices would likely preclude investment by many of these funds and would make our Class A common stock less attractive to other investors. As a result, the trading price, volume, and liquidity of our Class A common stock could be adversely affected.

Future sales of substantial amounts of our Class A common stock in the public market, or the perception that they might occur, could reduce the price that our Class A common stock might otherwise attain.

Future sales of a substantial number of shares of Class A common stock in the public market, particularly sales by our directors, executive officers, and significant stockholders, or the perception that these sales could occur, could adversely affect the market price of our Class A common stock and may make it more difficult for you to sell your shares of Class A common stock at a time and price that you deem appropriate. Many of our equity holders who held our capital stock prior to completion of the IPO have substantial unrecognized gains on the value of the equity they hold based on recent market prices of our shares of Class A common stock, and therefore, they may take steps to sell their shares or otherwise secure the unrecognized gains on those shares. We are unable to predict the timing of or the effect that such sales may have on the prevailing market price of our Class A common stock.

Further, as of January 31, 2022, up to 7,017,920 shares of our Class B common stock and up to 15,769,508 shares of our Class A common stock may be issued upon exercise of outstanding stock options or vesting and settlement of outstanding restricted stock units, or RSUs, and 17,560,879 shares of our Class A common stock are available for future issuance under our 2021 Equity Incentive Plan, 2021 Employee Stock Purchase Plan, and 2014 Stock Plan, and will become eligible for sale in the public market to the extent permitted by the provisions of various vesting schedules, exercise limitations, and Rule 144 and Rule 701 under the Securities Act of 1933, as amended, or the Securities Act. We have registered all of the shares of Class A common stock issuable upon exercise of outstanding options and all of the shares of Class A common stock issuable upon vesting and settlement of RSUs, as well as other equity incentive awards we may grant in the future for public resale under the Securities Act. Shares of Class A common stock will become eligible for sale in the public market to the extent such options are exercised and RSUs settle, subject to compliance with applicable securities laws. If these additional shares of Class A common stock are sold, or if it is perceived that they will be sold, in the public market, the trading price of our Class A common stock could decline.

Additional stock issuances could result in significant dilution to our stockholders and additional issuances of debt or senior equity securities could impair the value of our Class A common stock.

We may issue common stock or securities convertible into common stock from time to time in connection with a financing, acquisition, investment, our share incentive plans, or otherwise. Any such issuance could result in dilution to our existing stockholders unless pre-emptive rights exist. The amount of dilution could be substantial depending upon the size of the issuances or exercises.

47


Table of Contents

Delaware law and provisions in our amended and restated certificate of incorporation and amended and restated bylaws could make a merger, tender offer, or proxy contest difficult, thereby depressing the market price of our Class A common stock.

Our status as a Delaware corporation and the anti-takeover provisions of the Delaware General Corporation Law may discourage, delay, or prevent a change in control by prohibiting us from engaging in a business combination with an interested stockholder for a period of three years after the date of the transaction in which the person became an interested stockholder, even if a change of control would be beneficial to our existing stockholders. In addition, our amended and restated certificate of incorporation and amended and restated bylaws contains provisions that may make the acquisition of our company more difficult, including the following:

any amendments to our amended and restated certificate of incorporation or our amended and restated bylaws requires the approval of at least 66-2/3% of our then-outstanding voting power;
our board of directors is classified into three classes of directors with staggered three-year terms and stockholders will only be able to remove directors from office for cause;
our stockholders will only be able to take action at a meeting of stockholders and will not be able to take action by written consent for any matter;
our amended and restated certificate of incorporation does not provide for cumulative voting;
vacancies on our board of directors will be able to be filled only by our board of directors and not by stockholders;
a special meeting of our stockholders may only be called by an officer pursuant to a resolution adopted by our board of directors, the chairperson of our board of directors, our Chief Executive Officer, or our President (in the absence of a chief executive officer);
certain litigation against us can only be brought in Delaware, unless we consent in writing to the selection of an alternative forum;
our amended and restated certificate of incorporation authorizes 100,000,000 shares of undesignated preferred stock, the terms of which may be established and shares of which may be issued without further action by our stockholders; and
advance notice procedures apply for stockholders to nominate candidates for election as directors or to bring matters before an annual meeting of stockholders.

These provisions, alone or together, could discourage, delay or prevent a transaction involving a change in control of our company. These provisions could also discourage proxy contests and make it more difficult for stockholders to elect directors of their choosing and to cause us to take other corporate actions they desire, any of which, under certain circumstances, could limit the opportunity for our stockholders to receive a premium for their shares of our Class A common stock, and could also affect the price that some investors are willing to pay for our Class A common stock.

Our amended and restated bylaws provide that the Court of Chancery of the State of Delaware and the federal district courts of the United States will be the exclusive forums for substantially all disputes between us and our stockholders, which could limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us or our directors, officers, or employees.

Our amended and restated bylaws provide that the Court of Chancery of the State of Delaware (or, if the Court of Chancery does not have jurisdiction, another State court in Delaware or the federal district court for the District of Delaware) is the exclusive forum for the following (except for any claim as to which such court determines that there is an indispensable party not subject to the jurisdiction of such court (and the indispensable party does not consent to the personal jurisdiction of such court within ten days following such determination), which is vested in the exclusive jurisdiction of a court or forum other than such court or for which such court does not have subject matter jurisdiction):

any derivative action or proceeding brought on behalf of us;

48


Table of Contents

any action asserting a claim of breach of a fiduciary duty;
any action asserting a claim against us arising under the Delaware General Corporation Law, our amended and restated certificate of incorporation, or our amended and restated bylaws (as either may be amended from time to time); and
any action asserting a claim against us that is governed by the internal affairs doctrine.

This provision would not apply to suits brought to enforce a duty or liability created by the Securities Exchange Act of 1934, as amended, or the Exchange Act, or any other claim for which the U.S. federal courts have exclusive jurisdiction.

Our amended and restated bylaws further provide that the federal district courts of the U.S. will be the exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act.

These exclusive-forum provisions may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or our directors, officers, or other employees, which may discourage lawsuits against us and our directors, officers, and other employees. Any person or entity purchasing or otherwise acquiring any interest in any of our securities shall be deemed to have notice of and consented to these provisions. There is uncertainty as to whether a court would enforce such provisions, and the enforceability of similar choice of forum provisions in other companies’ charter documents has been challenged in legal proceedings. We also note that stockholders cannot waive compliance (or consent to noncompliance) with the federal securities laws and the rules and regulations thereunder. It is possible that a court could find these types of provisions to be inapplicable or unenforceable, and if a court were to find either exclusive-forum provision in our amended and restated bylaws to be inapplicable or unenforceable in an action, we may incur additional costs associated with resolving the dispute in other jurisdictions, which could significantly harm our business.

If industry or financial analysts do not publish research or reports about our business, or if they issue inaccurate or unfavorable research about our business, the market price and trading volume of our Class A common stock could decline.

The market price and trading volume of our Class A common stock is heavily influenced by the way analysts interpret our financial information and other disclosures. We do not control these analysts, or the content and opinions included in their reports. If industry analysts cease coverage of us, our stock price would be negatively affected. Further, if any of the analysts who cover us do not publish research or reports about our business, downgrade our Class A common stock, or issue an inaccurate or unfavorable opinion regarding our company, our share price would likely decline. In addition, the share prices of many companies in the technology industry have declined significantly after those companies have failed to meet, or significantly exceed, the financial guidance publicly announced by the companies or the expectations of analysts. If our financial results fail to meet, or significantly exceed, our announced guidance or the expectations of analysts or public investors, analysts could downgrade our Class A common stock or publish unfavorable research about us. If one or more of these analysts cease coverage of our company or fail to publish reports on us regularly, our visibility in the financial markets could decrease, which in turn could cause our share price or trading volume to decline.

We are an “emerging growth company” and we cannot be certain if the reduced disclosure requirements applicable to emerging growth companies will make our Class A common stock less attractive to investors.

We are an “emerging growth company,” as defined in the JOBS Act, and have the option to utilize certain exemptions from various reporting requirements that are applicable to other public companies that are not emerging growth companies including, but not limited to, not being required to comply with the auditor attestation requirements of Section 404, reduced disclosure obligations regarding executive compensation in our periodic reports and proxy statements, and exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved. We may take advantage of these reporting exemptions until we are no longer an emerging growth company. We will remain an emerging growth company until the earlier of (i) the last day of the fiscal year (A) following the fifth anniversary of our IPO, (B) in which we have total annual revenue of at least $1.07 billion, or (C) in which we are deemed to be a large accelerated filer, with at least $700 million of equity securities held by non-affiliates as of the prior June 30th, and (ii) the date on which we have issued more than $1 billion in non-convertible debt during the prior three-year period.

Under the JOBS Act, emerging growth companies can also delay adopting new or revised accounting standards until such time as those standards apply to private companies. We have irrevocably elected not to avail ourselves of this exemption from new or revised accounting standards and, therefore, we will be subject to the same new or revised

49


Table of Contents

accounting standards as other public companies that are not emerging growth companies. However, we may take advantage of some of the other reduced regulatory and reporting requirements that will be available to us so long as we qualify as an emerging growth company.

Among other things, this means that our independent registered public accounting firm will not be required to provide an attestation report on the effectiveness of our internal control over financial reporting so long as we qualify as an emerging growth company, which may increase the risk that weaknesses or deficiencies in our internal control over financial reporting go undetected. Likewise, so long as we qualify as an emerging growth company, we may elect not to provide you with certain information, including certain financial information and certain information regarding compensation of our executive officers, that we would otherwise have been required to provide in filings we make with the SEC, which may make it more difficult for investors and securities analysts to evaluate our company. As a result, investor confidence in our company and the market price of our Class A common stock may be adversely affected. Further, we cannot predict if investors will find our Class A common stock less attractive because we will rely on these exemptions. If some investors find our Class A common stock less attractive as a result, there may be a less active trading market for our Class A common stock and our stock price may be more volatile.

We do not intend to pay dividends in the foreseeable future.

We have never declared or paid cash dividends on our capital stock. We currently intend to retain all available funds and any future earnings for use in the operation of our business and do not anticipate paying any dividends in the foreseeable future. Any future determination to declare dividends will be made at the discretion of our board of directors and will depend on our financial condition, operating results, contractual restrictions, capital requirements, general business conditions and other factors that our board of directors may deem relevant. As a result, stockholders must rely on sales of their capital stock after price appreciation as the only way to realize any future gains on their investment; because there is no market for any of our equity securities, stockholders may not be able to sell their capital stock when desired, or at all.

Item 1B. Unresolved Staff Comments.

 

None

Item 2. Properties

Our principal executive office and world headquarters is located in San Francisco, California and consists of approximately 37,000 square feet of space under a lease that expires in May 2027. We are a remote-first company with a global distributed workforce.

We lease all of our facilities and do not own any real property. We believe our facilities are adequate and suitable for our current needs and that, should it be needed, suitable additional or alternative space will be available to accommodate our operations.

 

The information called for by this Item is incorporated herein by reference to Item 8, "Financial Statements and Supplementary Data," and Note 7, "Commitments and Contingencies" each included elsewhere in this Annual Report on Form 10-K.

Item 4. Mine Safety Disclosures

Not applicable.

50


Table of Contents

PART II

Item 5. Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities

 

Market Information for Common Stock

 

Our Class A common stock shares began trading on the Nasdaq Global Select Market, or Nasdaq, under the symbol “HCP” on December 9, 2021. Prior to that date, there was no public trading market for our Class A common stock.

 

Holders of Record

 

As of March 21, 2022, there were 597 stockholders of record of our common stock, and the closing price of our common stock was $48.44 per share as reported on the Nasdaq Global Select Market. Because many shares of our Class A common stock are held by brokers and other institutions as record holders and on behalf of stockholders, we are unable to estimate the total number of stockholders represented by these record holders.

 

Dividend Policy

 

We have never declared or paid any dividends on our Class A common stock, and we do not anticipate declaring or paying dividends in the foreseeable future.

 

Use of Proceeds

 

On December 13, 2021, we closed our IPO of 15,300,000 shares of Class A common stock at a public offering price of $80.00 per share, and of an additional 1,230,000 shares of Class A common stock pursuant to the exercise of the underwriters' option to purchase additional shares of our Class A common stock, resulting in gross proceeds to us of $1.2 billion, net of the underwriting discounts, commissions and offering expenses. All of the shares issued and sold in our IPO were registered under the Securities Act pursuant to a registration statement on Form S-1 (File No. 333-260757), which was declared effective by the SEC on December 8, 2021. Morgan Stanley & Co. LLC, Goldman Sachs & Co. LLC, and J.P. Morgan Securities LLC acted as representatives of the underwriters. There has been no material change in the planned use of proceeds from our IPO as described in our prospectus relating to our IPO, dated as of December 8, 2021 and filed with the SEC pursuant to Rule 424(b)(4) on December 9, 2021.

 

Recent Sales of Unregistered Securities

 

None.

 

Stock Performance Graph

The performance graph below shall not be deemed “filed” with the SEC for purposes of Section 18 of the Exchange Act or incorporated by reference into any of our filings under the Securities Act.

The performance graph below compares the cumulative total stockholder return on our Class A common stock with the cumulative total return on the S&P 500 Index and the S&P 500 Information Technology Index. The graph assumes $100 was invested at the market close on December 9, 2021, which was our initial trading day, in our Class A common stock. Data for the S&P 500 Index and the S&P 500 Information Technology Index assume reinvestment of dividends. Our offering price of our Class A common stock in our IPO, which had a closing stock price of $85.19 on December 9, 2021, was $80.00 per share.

 

51


Table of Contents

Comparison of Cumulative Total Returns

img34907669_0.jpg 

The comparisons in the graph above are based upon historical data and are not indicative of, nor intended to forecast, future performance of our Class A common stock.

 

Purchases of Equity Securities by the Issuer and Affiliated Purchasers

None.

Item 6. [Reserved].

52


Table of Contents

MANAGEMENT’S DISCUSSION AND ANALYSIS

OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS

The following discussion and analysis of our financial condition and results of operations should be read in conjunction with our consolidated financial statements and related notes included elsewhere in this Annual Report on Form 10-K. This discussion contains forward-looking statements that involve risks and uncertainties. Our actual results could differ materially from those discussed below. Factors that could cause or contribute to such difference include, but are not limited to, those identified below and those discussed in the section titled “Risk Factors” included elsewhere in this Annual Report on Form 10-K. Our fiscal year end is January 31, and our fiscal quarters end on April 30, July 31, October 31, and January 31.

Overview

Our foundational technologies solve the core infrastructure challenges of cloud adoption by enabling an operating model that unlocks the full potential of modern public and private clouds. Our cloud operating model provides consistent workflows and a standardized approach to automating the critical processes involved in delivering applications in the cloud: infrastructure provisioning, security, networking, and application deployment. With our solutions, companies of all sizes and in all industries can accelerate their time to market, reduce their cost of operations, and improve their security and governance of complex infrastructure deployments.

 

Organizations today are undergoing a digital transformation across every business function, driven by competition and ever-increasing consumer expectations. Underlying this digital transformation is a re-platforming of static on-premises infrastructure to dynamic and distributed cloud infrastructure. In this dynamic world, existing procedures are too inefficient to scale with distributed, multi-cloud infrastructure. Inconsistent, fragmented technologies and processes are time consuming and resource intensive to manage, exacerbated by inefficient, linear ticket-driven workflows that cannot facilitate scaled, real-time operations. This digital transformation demands a new cloud operating model for enterprise IT requiring automation to provision, secure, connect, and run infrastructure at scale and in real time. At HashiCorp, we build industry-leading products that enable this cloud operating model and accelerate cloud adoption. Our primary commercial products are Terraform, Vault, Consul, and Nomad.

Our products can be adopted individually and are also designed to work together as a stack in order to solve larger, more complex challenges. For instance, deploying Vault and Consul is the basis for a complete Zero Trust security architecture with identity-driven controls, offering a full range of authentication, authorization, and access management for human users or machines, like servers or applications. We continue to innovate and deliver additional emerging products to supplement these core capabilities and provide adjacent solutions.

Our Business Model

Our primary products are based on a combination of our open-source and proprietary software. We are committed to an open-source model in which we maintain free open-source offerings while developing proprietary features for paid tiers of our software. These proprietary features include collaboration modules, governance and policy modules, enterprise use cases, and premium support and services. We provide our software under a licensing model that protects our intellectual property, grows our adoption, and supports our business.

We generate revenue primarily from sales of subscriptions to our software. We offer an enterprise-ready, self-managed software offering that can be deployed in our customers’ public cloud, private cloud, and on-premises environments. HCP is our fully-managed cloud platform, available on all of the leading cloud providers. These two core offerings can be leveraged independently or together, spanning the various public cloud, private cloud, and on-premises environments in which our customers operate.

For our self-managed offerings, we offer various tiers that provide different levels of access to our proprietary products, modules, and support. Our licenses for self-managed deployments typically have terms of one to three years. We bill for one-year licenses upfront, and we primarily bill for multi-year term licenses annually in advance, with a multi-year payment schedule. The substantial majority of our revenue is recognized ratably over the subscription term. Each product is sold as a base module, with additional optional modules available that address needs like governance and policy, and a tiered pricing system that scales pricing with increased product usage. The unit of value for product usage varies by product, and generally scales with customer cloud adoption as workloads managed by our products move to cloud-based infrastructure.

53


Table of Contents

Customers of our fully-managed cloud platform, HCP, can either use our offering with no minimum commitment where they pay based on the consumption of resources, or can purchase annual subscription contracts with a minimum commitment. Customers who are on no-minimum commitment contracts are billed, and revenue from them is recognized, based on usage. Today, customers with minimum commitments are typically billed annually in advance for their subscriptions and we recognize all revenue from such subscriptions ratably over the subscription term. We intend to transition a segment of our new contracts to a usage-based model. Our pricing schedule lists the hourly rate when deploying HCP for our various products, and actual usage is metered and calculated on a per-hour basis for increased accuracy.

We sell to organizations of all sizes across a broad range of industries, with a particular focus on enterprises that are managing and moving an increasing amount of business-critical processes, applications, and large volumes of data to the cloud. Ultimately, we believe all enterprises will need to transition to the cloud to reduce operational burden, improve scalability and elasticity, and increase agility. We plan to continue to invest in our direct sales force to grow our large enterprise base both domestically and internationally.

Our sales and marketing strategy combines the best of customer self-service with our direct sales approach. Our open-source model allows developers and individuals focused on operations, IT, and security, or practitioners, to engage with and evaluate our software in a frictionless manner, which we believe has contributed to our software’s popularity. This open-source leadership and the wider ecosystem around us, compels practitioners to adopt and implement our software in the enterprise. As organizations recognize the value of our products, our inside and field sales teams can nurture leads and develop direct relationships with key stakeholders across all segments. HCP has accelerated our self-service approach, as practitioners can now quickly deploy and experiment with our paid offering with a fully-managed cloud solution and no minimum commitments.

As adoption grows, our marketing organization is focused on building our brand reputation and awareness, and engages with prospective customers through our user conferences, email marketing, digital advertising, and other public relations activities. This sales and marketing strategy allows us to not only acquire new customers, but also drive increased usage within existing customers.

We operate an adopt, land, expand, and extend motion. Our open-source engagement and self-serve cloud motion help us identify and accelerate initial product adoption and use cases in an account. Our enterprise sales teams land these customers with subscription contracts for our software. Our expansion motion focuses on up-selling additional modules and increasing the footprint of usage of a given product, including across multiple buying centers within our customers’ organizations. The multiple capabilities of our deep product portfolio allow us to extend by cross-selling additional integrated products to our customers. For example, a company may initially adopt an open-source use case of Terraform. After initial use of the open-source product, we frequently land their first paid use of Terraform to add enterprise functionality and support mission-critical cloud workloads. As customers grow their cloud presence to support additional cloud-based workloads, they frequently expand the amount of Terraform they consume. In addition to this increased Terraform usage, customers also frequently extend into additional products such as Vault or Consul. This combination of adopt, land, expand, and extend affords us considerable growth opportunities within our customer base, and we focus our go-to-market strategy on developing and cultivating long-term customer relationships. The increased use of our platform by our customers is evidenced by our high net dollar retention rate. As of January 31, 2022, January 31, 2021, and January 31, 2020, our last four quarter average net dollar retention rate was 131%, 123%, and 131%, respectively.

Factors Affecting Our Performance

We believe that the growth and future success of our business depends on a number of key factors. While each of these factors presents significant opportunities for our business, they also pose important challenges that we must successfully address in order to sustain our growth and improve our results of operations.

Adoption of Our Products and Landing New Customers

We believe there is substantial opportunity to continue to grow our product adoption and our customer base. We intend to drive product adoption through our open-source distribution model and by continuing to cultivate our open-source community. We estimate that approximately 12,000 organizations have downloaded at least one of our products since HashiCorp’s inception.

54


Table of Contents

We intend to drive paid customer growth by continuing to invest significantly in sales and marketing and to increase brand awareness. HCP has also improved our self-service model, and we expect HCP to continue to support our sales model and drive paid adoption. As of January 31, 2022, we served over 2,700 customers spanning organizations of a broad range of sizes and industries, compared to over 1,400 and over 800 customers as of January 31, 2021 and 2020, respectively.

We also intend to continue to grow our base of large enterprises around the world.

Our ability to attract new customers will depend on a number of factors, including the effectiveness and pricing of our products, development of new products and features, offerings of our competitors, engagement with the open-source community, and effectiveness of our marketing and community-building efforts. As of January 31, 2022, over 375 of the Forbes Global 2000 were our customers. We believe this demonstrates that our products have been adopted by many of the largest enterprises, and that there is substantial opportunity to further cultivate these large customers.

Expanding and Extending Within Existing Customer Base

Our large base of customers represents a significant opportunity for further sales growth. Our customers often expand the deployment of our products across larger teams and more broadly within the enterprise as they both do more with existing use cases and realize new use cases. At the same time, we often see customers extend to multiple products across our wider product portfolio as they realize the potential of integrating more of our products to better solve use cases. We intend to continue to invest in enhancing awareness of our brand and developing more products, features, and functionality, which we believe are important factors in achieving widespread adoption of our offerings. Our ability to increase sales to existing customers will depend on a number of factors, including our customers’ satisfaction with our products, the technical capabilities and security of our products, our customers’ progress on their cloud journey, competition, pricing, and overall changes in our customers’ spending levels.

Historically, we have experienced significant expansion after initial deployment of our products by our customers, with customers expanding usage as well as extending to additional products. We define ARR as the annualized value of all recurring subscription contracts with active entitlements as of the end of the applicable period, and in the case of our monthly, or consumption-based customers the annual value of their last month’s spend. A further indication of the propensity of customer relationships to expand over time is our dollar-based net retention rate, which compares ARR from the same set of customers in one period relative to the prior year period. We define dollar-based net retention rate as the ARR at the end of a period for a base set of customers from which we generated ARR in the year prior to the date of calculation, divided by the ARR one year prior to the date of the calculation for that same set of customers. As of January 31, 2022, January 31, 2021, and January 31, 2020, our last four quarter average net dollar retention rate was 131%, 123%, and 131%, respectively. We believe this demonstrates the stickiness of our products, and our offerings as a whole.

Increasing Adoption of HashiCorp Cloud Platform

We believe HCP represents a significant growth opportunity for our business. Since launching HCP in fiscal 2021, usage and sales of HCP have grown rapidly and has allowed us to better address the needs of potential customers looking for a fully-managed offering. We believe that as organizations increasingly look for a fully-managed cloud infrastructure platform, they will continue to adopt HCP. We expect HCP to continue to grow and represent an increasing percentage of our total revenue over time. For the fiscal year ended January 31, 2022, HCP subscription revenue was $18.5 million.

Accelerating Technology Leadership and Product Expansion

Our success is dependent on our ability to sustain innovation and technology leadership in order to maintain our competitive advantage. We have built highly differentiated products that we believe have the ability to adapt and evolve with the support of our engineering expertise, our approach to innovation, our open-source community, and our ecosystem of partners. HashiCorp is a critical part of the daily operations of practitioners and our free products make HashiCorp frictionless to adopt. We have proven initial success of our modular approach with multiple innovations and product launches, including the launch of HCP in fiscal 2021, and launch of Boundary and Waypoint in September 2020. We see continued adoption from our customers in our new products and innovations and, as of January 31, 2022, 45% of our customers with $100,000 or greater ARR were licensing more than one product.

55


Table of Contents

We intend to continue to invest in building additional products, features, and functionality to expand our products to new use cases. Our future success is dependent on our ability to successfully develop, market, and sell existing and new products to new and existing customers.

Expanding Internationally

We believe there is a significant opportunity to expand usage of our products outside of the United States as enterprises globally look to take advantage of cloud computing and look to adopt a cloud operating model across multiple clouds. For fiscal 2022, 2021 and 2020, 27%, 25%, and 23% of our revenue, respectively, was generated by customers outside of the United States. In addition, we have made and plan to continue to make investments in geographic expansion in Europe, the Middle East, Africa, and the Asia-Pacific region.

Key Business Metrics

We review a number of operating and financial metrics, including the following key metrics, to measure our performance, identify trends, formulate business plans, and make strategic decisions. The calculation of the key metrics discussed below may differ from other similarly titled metrics used by other companies, securities analysts, or investors. We monitor the key business metrics set forth below to help us evaluate our business and growth trends, establish budgets, measure our performance, and make strategic decisions. The calculation of the key metrics discussed below may differ from other similarly titled metrics used by other companies, securities analysts, or investors.

 

 

As of January 31,

 

 

 

2022

 

 

 

2021

 

 

 

2020

 

 

 

(dollars in millions)

 

 

Total customers

 

2,715

 

 

 

 

1,473

 

 

 

831

 

 

Total customers with $100,000 or greater ARR

 

655

 

 

 

500

 

 

 

338

 

 

Subscription revenue from HCP (and its predecessor cloud offerings)

$

18.5

 

 (1)

 

$

2.9

 

 (1)

 

$

0.3

 

 (1)

Remaining performance obligations (RPOs)

$

428.8

 

 

 

$

263.9

 

 

 

$

152.1

 

 

Non-GAAP RPOs(2)

$

452.2

 

 

 

$

286.1

 

 

 

$

171.0

 

 

 

(1)
Represents subscription revenue for the year ended January 31, 2022, January 31, 2021, and January 31, 2020
(2)
Non-GAAP RPOs is a non-GAAP financial measure. For more information regarding our use of this measure and a reconciliation to the most directly comparable financial measure calculated in accordance with GAAP, see the subsection titled “Non-GAAP Remaining Performance Obligations” elsewhere in this section.

Total Customers

We define total customers as the number of customers we have at the end of each fiscal quarter. We define the number of customers we have at the end of each fiscal quarter as the number of accounts with a unique account identifier for which we have an active contract in the period indicated. Users of our free products are not included in total customers. A single organization with multiple divisions, segments, or subsidiaries is counted as a single customer. Our customer count may also fluctuate due to acquisitions, consolidations, spin-offs, and other market activity.

Total Customers with $100,000 or Greater ARR

We define ARR as the annualized value of all recurring subscription contracts with active entitlements as of the end of the applicable period, and in the case of our monthly, or consumption-based customers, the annual value of their last month’s spend. Relationships with large enterprise customers lead to scale and operating leverage in our business model, as large enterprise customers present a greater opportunity for us to sell additional usage and modules because they have larger budgets, a wider range of potential use cases, and greater potential for expanding to other products in our offering. As such, we count the number of customers contributing $100,000 or greater ARR as a measure of our ability to scale with our customers and attract large enterprise customers to our product offerings. For each applicable financial reporting period, we calculate revenue from customers with $100,000 or greater ARR by aggregating the quarterly revenue attributable to such customers within such period. Customers with $100,000 or greater ARR represented 88%, 83%, and 71% of revenue for fiscal 2022, 2021, and 2020, respectively.

56


Table of Contents

Quarterly Revenue from HCP

We believe that HCP represents an important growth opportunity for our business. As organizations continue their transition to the cloud, many will begin seeking fully-managed platforms and will begin to adopt HCP. We will continue to track the revenue generated by HCP (and its predecessor cloud offerings) as a way of measuring the adoption of our platform.

Non-GAAP Remaining Performance Obligations

Remaining performance obligations, or RPOs, represent the amount of contracted future revenue that has not yet been recognized, including both deferred revenue and non-cancelable contracted amounts that will be invoiced and recognized as revenue in future periods. RPOs exclude customer deposits, which are refundable amounts that are expected to be recognized as revenue in future periods. As of January 31, 2022 and January 31, 2021, our RPOs were $428.8 million, and $263.9 million, respectively. As of January 31, 2022, we expect to recognize approximately 63% of RPOs as revenue over the next 12 months, and the remainder thereafter. The portion of RPOs that is expected to be recognized as revenue over the next 12 months represents an estimated minimum level of revenue for the applicable period and is not necessarily indicative of future product revenue growth because it does not account for revenue from customer renewals or new customer contracts. Moreover, RPOs are influenced by a number of factors, including the timing of renewals, average contract terms, seasonality and dollar amounts of customer contracts. Due to these factors, it is important to review RPOs in conjunction with revenue and other financial metrics disclosed elsewhere herein. For a further discussion of RPOs, see Note 3 to our consolidated financial statements included elsewhere in Annual Report on Form 10-K.

We calculate non-GAAP RPOs as RPOs plus customer deposits, which are refundable pre-paid amounts, based on the timing of when these customer deposits are expected to be recognized as revenue in future periods. As of January 31, 2022 and January 31, 2021, non-GAAP RPOs were $452.2 million, and $286.1 million, respectively. As of January 31, 2022, we expect to recognize 64% of our non-GAAP RPOs as revenue over the next 12 months, and the remainder thereafter.

 

57


Table of Contents

We use non-GAAP RPOs in conjunction with RPOs as part of our overall assessment of our performance, to evaluate the effectiveness of our business strategies and to communicate with our board of directors concerning our business and financial performance. Our management believes that presenting non-GAAP RPOs is useful to investors because the portion of non-GAAP RPOs that is expected to be recognized as revenue over the next 12 months represents an estimated minimum level of revenue for the applicable period, including customer deposits that are expected to be recognized as revenue in future periods but are not included in GAAP RPOs. Our definitions of non-GAAP RPOs may differ from the definitions used by other companies and therefore comparability may be limited. In addition, other companies may not publish these or similar metrics. Non-GAAP RPOs should be considered in addition to, not as substitutes for, or in isolation from, RPOs prepared in accordance with GAAP. We compensate for the limitations in the use of non-GAAP RPOs by providing a reconciliation of non-GAAP RPOs to RPOs. We encourage investors and others to review our results of operations and financial information in its entirety, not to rely on any single financial measure, and to view non-GAAP RPOs with RPOs and revenue.

The following table presents a reconciliation of our non-GAAP RPOs to our GAAP RPOs for the periods presented (in thousands):

 

 

 

As of

 

 

 

January 31, 2022

 

 

January 31, 2021

 

GAAP RPOs

 

 

 

 

 

 

   GAAP short-term RPOs

 

$

268,911

 

 

$

165,798

 

   GAAP long-term RPOs

 

 

159,923

 

 

 

98,131

 

Total GAAP RPOs

 

$

428,834

 

 

$

263,929

 

Add:

 

 

 

 

 

 

Customer deposits

 

 

 

 

 

 

Customer deposits expected to be recognized within the next 12 months

 

$

20,324

 

 

$

20,421

 

Customer deposits expected to be recognized after the next 12 months

 

 

3,059

 

 

 

1,798

 

Total customer deposits

 

$

23,383

 

 

$

22,219

 

Non-GAAP RPOs

 

 

 

 

 

 

   Non-GAAP short-term RPOs

 

$

289,235

 

 

$

186,219

 

   Non-GAAP long-term RPOs

 

 

162,982

 

 

 

99,929

 

Total Non-GAAP RPOs

 

$

452,217

 

 

$

286,148

 

 

Free Cash Flow and Free Cash Flow Margin

Free cash flow is a non-GAAP financial measure that we define as net cash provided by (used in) operating activities less purchases of property and equipment and capitalized internal-use software costs. Free cash flow margin is calculated as free cash flow divided by total revenue. We believe that free cash flow and free cash flow margin are useful indicators of liquidity that provide information to management and investors about the amount of cash generated from our core operations that, after the purchases of property and equipment, can be used for strategic initiatives, including investing in our business and selectively pursuing acquisitions and strategic investments. We further believe that historical and future trends in free cash flow and free cash flow margin, even if negative, provide useful information about the amount of net cash provided by (used in) operating activities that is available (or not available) to be used for strategic initiatives. For example, if free cash flow is negative, we may need to access cash reserves or other sources of capital to invest in strategic initiatives. One limitation of free cash flow and free cash flow margin is that they do not reflect our future contractual commitments. Additionally, free cash flow does not represent the total increase or decrease in our cash balance for a given period.

The following table presents our cash flows for the periods presented and a reconciliation of free cash flow and free cash flow margin to net cash provided by (used in) operating activities, the most directly comparable financial measure calculated in accordance with GAAP:

 

 

Year Ended January 31,

 

2022

 

 

2021

 

 

2020

 

 

 

(in thousands)

GAAP net cash used in operating activities

$

(56,215

)

 

$

(39,623

)

 

$

(28,365

)

 

Add: purchases of property and equipment

 

(214

)

 

 

(4,304

)

 

 

(980

)

 

Add: capitalized internal-use software

 

(6,382

)

 

 

(2,920

)

 

 

-

 

 

Free cash flow (used in)

$

(62,811

)

 

$

(46,847

)

 

$

(29,345

)

 

GAAP net cash used in operating activities as a percentage of revenue

 

(18

)

%

 

(19

)

%

 

(23

)

%

Free cash flow as a % of revenue

 

(20

)

%

 

(22

)

%

 

(24

)

%

 

58


Table of Contents

 

Impact of COVID-19

The ongoing COVID-19 pandemic has caused business disruption worldwide. The extent to which the COVID-19 pandemic will directly or indirectly impact our business, results of operations, cash flows, financial condition or our customers will depend on many factors, including the duration and continued spread of COVID-19; public health measures; national, state, and local government responses; and the impact of the pandemic on the global economy, all of which remain uncertain.

During 2020, 2021, and through the date of this Annual Report on Form 10-K, we experienced, and may continue to experience, adverse impacts on certain parts of our business as a result of the pandemic and our responsive measures. In industries that were heavily impacted by the pandemic, such as travel and hospitality, we experienced a slowdown in customer spending on our products. Additionally, we also took responsive measures to the pandemic that impacted our business. For example, we suspended non-essential travel by our employees, required events to be held virtually, and temporarily closed our offices. These responsive measures negatively impacted our in-person conferences, the length and variability of our sales cycles, the rate of sales to new customers, our international operations, and the hiring and onboarding of new employees across the organization.

The pandemic was a contributing factor that also led to existing and potential customers accelerating transitions to the cloud. As a result, we believe the value of our offering has become increasingly relevant during the course of the pandemic, which may result in a positive impact on our business over the long term. The global impact of COVID-19 continues to rapidly evolve, and while the broader implications of the ongoing COVID-19 pandemic remain uncertain, we will continue to monitor the situation and the effects on our business and operations.

Key Components of Results of Operations

Revenue

We generate revenue primarily from subscriptions and, to a lesser extent, professional services.

Subscription revenue. We generate revenue primarily from subscriptions which include licenses of proprietary features, support and maintenance revenue, and cloud-hosted services. Licenses for self-managed software consist of term licenses and provide the customer with a right to use the software for a fixed term commencing upon delivery to the customer. Support and maintenance revenue (collectively referred to as Support Revenue in the consolidated statements of operations) are bundled with each license subscription for the term of the license period. Cloud-hosted services are provided on a subscription basis and give customers access to our cloud solutions, which include related customer support.

Subscription revenue on self-managed software includes both upfront revenue recognized when the license is delivered as well as revenue recognized ratably over the contract period for support and maintenance. The substantial majority of our revenue is recognized ratably over the subscription term. Revenue on committed cloud-hosted services is recognized ratably when we satisfy the performance obligation over the contract period, whereas revenue from non-committed, pay-as-you-go cloud-hosted services are recognized when usage occurs.

We generate subscription revenue from contracts with typical durations ranging from one to three years. We typically invoice our customers annually in advance and, to a lesser extent, multi-year in advance. Amounts that have been invoiced and are nonrefundable are recorded in deferred revenue, or they are recorded in revenue if the revenue recognition criteria have been met. Our current and non-current deferred revenue represents contracts that are invoiced annually in advance or multi-year in advance. Customer payments that are contractually refundable are recorded as customer deposits.

Professional services. Professional services revenue consists of revenue from professional services and training services, which were generally sold on a time-and-materials basis prior to fiscal 2021. Commencing in fiscal 2021 we began to sell professional services on a predominantly fixed-fee basis. Revenue for professional services and training services is recognized as these services are delivered. Professional services are services utilized by some of our self-managed customers to accelerate the deployment of our products.

Support and maintenance revenue and cloud-hosted services make up the majority of our revenue and are typically recognized ratably over the terms of our subscription contracts. Therefore, a substantial portion of the revenue that we report in each period is attributable to the recognition of deferred revenue relating to agreements that we entered into during

59


Table of Contents

previous periods. Consequently, increases or decreases in new sales or renewals in any one period may not be immediately reflected as revenue for that period. Any downturn in sales, however, may negatively affect our revenue in future periods. Accordingly, the effect of downturns in sales and market acceptance of our products, and potential changes in our rate of renewals, may not be fully reflected in our results of operations until future periods.

Cost of Revenue

Cost of Subscription Revenue. Cost of subscription revenue primarily includes personnel-related costs, such as salaries, bonuses and benefits, and stock-based compensation for employees associated with customer support and maintenance, third-party cloud infrastructure costs, amortization of internal-use software, and allocated overhead. We expect our cost of subscription revenue to increase as our subscription revenue increases.

Cost of Professional Services. Cost of professional services primarily includes personnel-related costs, such as salaries, bonuses and benefits, and stock-based compensation for employees associated with our professional services, costs of third-party contractors, and allocated overhead. We expect our cost of professional services to increase as our professional services revenue increases.

Gross Profit and Margin

Gross profit is revenue less cost of revenue.

Gross margin is gross profit expressed as a percentage of revenue. Our gross margin has been, and will continue to be affected by, a number of factors, including the average sales price of our subscriptions and professional services, changes in our revenue mix, the timing and extent of our investments in our global customer support personnel, hosting-related costs, and the amortization of internal-use software. We expect our gross margin to fluctuate over time depending on the factors described above. We expect our revenue from cloud-hosted services to increase as a percentage of total revenue, which we expect to lead to an increase in associated hosting and managing costs, which, in turn, would be expected to adversely impact our gross margin.

Operating Expenses

Our operating expenses consist of research and development, sales and marketing, and general and administrative expenses. Personnel costs, which consist of salaries, bonuses, benefits, stock-based compensation and, with regard to sales and marketing expenses, sales commissions, are the most significant component of our operating expenses. We also incur other non-personnel costs such as software and subscription services and an allocation of our general overhead costs for facilities, IT, and depreciation expenses.

Sales and Marketing. Sales and marketing expenses consist primarily of personnel-related costs, such as salaries, sales commissions that are recognized as expenses over the period of benefit, bonuses, benefits, stock-based compensation, costs related to marketing programs, travel-related costs, software and subscription services, and allocated overhead. Marketing programs consist of advertising, events, corporate communications, brand-building, and developer-community activities. We expect our sales and marketing expenses will increase over time and continue to be our largest operating expense for the foreseeable future as we expand our sales force, increase our marketing efforts, and expand into new markets. While we expect our sales and marketing expenses to decrease as a percentage of revenue over the long term due to business growth, our sales and marketing expenses may fluctuate as a percentage of revenue from period to period due to the timing and extent of these expenses.

Research and Development. Research and development expenses consist primarily of personnel-related costs, such as salaries, bonuses, benefits, and stock-based compensation, net of capitalized amounts, contractor and professional services fees, software and subscription services dedicated for use by our research and development organization and allocated overhead. We continue to focus our research and development efforts on the addition of new features and products and enhancing the functionality and ease of use of our existing products. We expect our research and development expenses will continue to increase as our business grows and we continue to invest in our offering. While we expect our research and development expenses to decrease as a percentage of revenue over the long term due to this business growth, our research and development expenses may fluctuate as a percentage of revenue from period to period due to the timing and extent of these expenses.

60


Table of Contents

General and Administrative. General and administrative expenses for administrative functions including finance, legal, and human resources, consist primarily of personnel-related costs, such as salaries, bonuses, benefits, and stock-based compensation, as well as software and subscription services, and legal and other professional fees. We incur additional general and administrative expenses as a result of operating as a public company, including costs to comply with the rules and regulations applicable to companies listed on a national securities exchange, costs related to compliance and reporting obligations, and increased expenses for investor relations and professional services. We expect that our general and administrative expenses will increase as our business grows. However, we expect our general and administrative expenses to decrease as a percentage of revenue over the long term due to this business growth, our general and administrative expenses may fluctuate as a percentage of revenue from period to period due to the timing and extent of these expenses.

Other Income, Net

Other income, net consists primarily of interest income, interest expense, and foreign exchange gains and losses.

Provision for Income Taxes

Provision for income taxes consists primarily of income taxes in certain foreign jurisdictions in which we conduct business, as well as state income taxes in the United States. We have recorded deferred tax assets and we provide a full valuation allowance on our U.S. deferred tax assets, which includes net operating loss carryforwards and tax credits. We expect to maintain this full valuation allowance on our U.S. deferred tax assets for the foreseeable future as it is more likely than not that some or all of those deferred tax assets may not be realized based on our history of losses.

Results of Operations

The following tables summarize our consolidated statements of operations data for the periods presented. The period-to-period comparison of results is not necessarily indicative of results for future periods.

 

 

Year Ended January 31,

 

 

 

2022

 

 

2021

 

 

2020

 

 

 

(in thousands)

 

 

Consolidated Statements of Operations Data:

 

 

 

 

 

 

 

 

 

Revenue:

 

 

 

 

 

 

 

 

 

License

$

47,504

 

 

$

36,208

 

 

$

18,503

 

 

Support

 

247,566

 

 

 

165,607

 

 

 

96,820

 

 

Cloud-hosted services