|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Cybersecurity Risk Management and Strategy
We have developed and implemented a cybersecurity risk management program designed to protect the confidentiality, integrity, and availability of our IT Systems and information.
Our cybersecurity risk management program is based on various cybersecurity standards in which we are certified, including ISO 27001:2013, ISO 27017, ISO 27018, SOC 1, SOC 2 Type 2 and SOC 3. This does not imply that we meet technical specifications or requirements at all times, but that these frameworks help us identify, assess, and manage cybersecurity risks relevant to our business.
Our cybersecurity risk management aligns with and shares common methodologies and reporting channels with our broader risk management.
Key features of our cybersecurity risk management program include, but are not limited to, the following:
•risk assessments designed to help identify material cybersecurity risks to our critical IT Systems, information, including Personal Information and Confidential Information, products, services, and our broader enterprise IT Systems environment;
•a security team principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents;
•processes for monitoring for vulnerabilities of our technology which includes code review (as necessary), testing and analysis of software across the software lifecycle;
•the use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security controls;
•physical and technical security measures, including encryption, authentication, and access controls;
•a bug bounty program to incentivize third-party assistance in detecting bugs, vulnerabilities or other issues in our systems or software;
•cybersecurity awareness training and internal cybersecurity resources for our employees;
•a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents; and
•a third-party risk management process for service providers, suppliers, and vendors who access our system and information.
We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, including our operations, business strategy, results of operations, or financial condition. We face risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. See Part I, Item 3.D. “Risk Factors—Our products enable the collection and storage of Personal Information, as well as confidential or proprietary information of our merchants and their consumers, and security concerns could result in liability to us or inhibit sales of our products.”
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We have developed and implemented a cybersecurity risk management program designed to protect the confidentiality, integrity, and availability of our IT Systems and information.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Cybersecurity Governance
Our board of directors considers cybersecurity risk as part of its risk oversight function and has delegated to our audit committee overall risk management, including oversight of cybersecurity and other information technology risks.
Our audit committee receives periodic reports from management on our cybersecurity risks. In addition, management updates our audit committee, as necessary, regarding any significant cybersecurity incidents.
Our audit committee also receives briefings from management on our cyber risk management program. Our audit committee reports to our board of directors regarding its activities, including those related to cybersecurity, as it deems necessary.
Our management has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. Our management team, including our Chief Information Officer (who reports to our Chief Technology Officer) and our VP, Information Security, is responsible for assessing and managing our material risks from cybersecurity threats. Our Chief Information Officer has almost two decades of information security and information technology strategy and management experience, including consulting on cloud security and adoption for several technology companies. Our VP, Information Security, has over 25 years of information technology and cybersecurity experience, including security leadership roles across several industries, including financial services and advertising technology.
Our management oversees efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal security personnel; information obtained from governmental, public or private sources, including external consultants engaged by us; and alerts and reports produced by security tools deployed in our IT Systems environment.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Our board of directors considers cybersecurity risk as part of its risk oversight function and has delegated to our audit committee overall risk management, including oversight of cybersecurity and other information technology risks.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Our audit committee receives periodic reports from management on our cybersecurity risks. In addition, management updates our audit committee, as necessary, regarding any significant cybersecurity incidents.
|Cybersecurity Risk Role of Management [Text Block]
|Our management has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. Our management team, including our Chief Information Officer (who reports to our Chief Technology Officer) and our VP, Information Security, is responsible for assessing and managing our material risks from cybersecurity threats.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our management team, including our Chief Information Officer (who reports to our Chief Technology Officer) and our VP, Information Security, is responsible for assessing and managing our material risks from cybersecurity threats.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our Chief Information Officer has almost two decades of information security and information technology strategy and management experience, including consulting on cloud security and adoption for several technology companies. Our VP, Information Security, has over 25 years of information technology and cybersecurity experience, including security leadership roles across several industries, including financial services and advertising technology.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
Our management oversees efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal security personnel; information obtained from governmental, public or private sources, including external consultants engaged by us; and alerts and reports produced by security tools deployed in our IT Systems environment.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef