S-1/A 1 d885522ds1a.htm S-1/A S-1/A
Table of Contents

As filed with the Securities and Exchange Commission on February 4, 2025.

No. 333-284339

 

 

 

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

 

 

AMENDMENT NO. 1

TO

FORM S-1

REGISTRATION STATEMENT

UNDER

THE SECURITIES ACT OF 1933

 

 

SailPoint Parent, LP

to be converted as described herein to a corporation named

SailPoint, Inc.

(Exact name of registrant as specified in its charter)

 

 

 

Delaware   7372   88-2001765

(State or other jurisdiction of

incorporation or organization)

 

(Primary Standard Industrial

Classification Code Number)

 

(I.R.S. Employer

Identification Number)

11120 Four Points Drive, Suite 100

Austin, TX 78726

(512) 346-2000

(Address, including zip code, and telephone number, including area code, of registrant’s principal executive offices)

 

 

Chris Schmitt

Executive Vice President, General Counsel, and Secretary

11120 Four Points Drive, Suite 100

Austin, TX 78726

(512) 346-2000

(Name, address, including zip code, and telephone number, including area code, of agent for service)

 

 

Copies of all communications, including communications sent to agent for service, should be sent to:

 

Bradley C. Reed, P.C.
Michael P. Keeley, P.C.

Lanchi D. Huynh

Kirkland & Ellis LLP
333 West Wolf Point Plaza
Chicago, IL 60654
(312) 862-2000

 

Nicole Brookshire

Roshni Banker Cariello
Davis Polk & Wardwell LLP

450 Lexington Avenue

New York, New York 10017
(212) 450-4000

 

 

Approximate date of commencement of proposed sale to the public: As soon as practicable after this registration statement becomes effective.

If any of the securities being registered on this Form are to be offered on a delayed or continuous basis pursuant to Rule 415 under the Securities Act of 1933, check the following box: ☐

If this Form is filed to register additional securities for an offering pursuant to Rule 462(b) under the Securities Act, please check the following box and list the Securities Act registration statement number of the earlier effective registration statement for the same offering. ☐

If this Form is a post-effective amendment filed pursuant to Rule 462(c) under the Securities Act, check the following box and list the Securities Act registration statement number of the earlier effective registration statement for the same offering. ☐

If this Form is a post-effective amendment filed pursuant to Rule 462(d) under the Securities Act, check the following box and list the Securities Act registration statement number of the earlier effective registration statement for the same offering. ☐

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.

 

Large accelerated filer  

   Accelerated filer  

Non-accelerated filer  

   Smaller reporting company  

     Emerging growth company  

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 7(a)(2)(B) of the Securities Act. ☐

 

 

The registrant hereby amends this registration statement on such date or dates as may be necessary to delay its effective date until the registrant shall file a further amendment which specifically states that this registration statement shall thereafter become effective in accordance with Section 8(a) of the Securities Act of 1933 or until this registration statement shall become effective on such date as the Securities and Exchange Commission, acting pursuant to said Section 8(a), may determine.

 

 

 


Table of Contents

EXPLANATORY NOTE

SailPoint Parent, LP, the registrant whose name appears on the cover of this registration statement, is a Delaware limited partnership. Prior to effectiveness of this registration statement, SailPoint Parent, LP intends to convert into a Delaware corporation pursuant to a statutory conversion and change its name to SailPoint, Inc. as described in the section titled “Corporate Conversion” in the accompanying prospectus. In the accompanying prospectus, we refer to all of the transactions related to SailPoint Parent, LP’s conversion to a corporation as the Corporate Conversion. As a result of the Corporate Conversion, the partners of SailPoint Parent, LP will become holders of shares of common stock of SailPoint, Inc. Shares of common stock of SailPoint, Inc. are being offered by the accompanying prospectus.

Unless the context otherwise requires, all references in the accompanying prospectus to the “Company,” “SailPoint,” “we,” “us,” “our” and similar terms refer to SailPoint Parent, LP and, where appropriate, its consolidated subsidiaries before the Corporate Conversion, and SailPoint, Inc. and, where appropriate, its consolidated subsidiaries from and after the Corporate Conversion.

Except as disclosed in the accompanying prospectus, the consolidated financial statements and other financial information included elsewhere in this registration statement are those of SailPoint Parent, LP and its consolidated subsidiaries and do not give effect to the Corporate Conversion. We do not expect that the Corporate Conversion will have a material effect on the results of our operations.


Table of Contents

The information in this prospectus is not complete and may be changed. We may not sell these securities until the registration statement filed with the Securities and Exchange Commission is effective. This prospectus is not an offer to sell these securities, and it is not soliciting offers to buy these securities, in any jurisdiction where the offer or sale is not permitted.

 

PROSPECTUS (Subject to Completion)

Issued February 4, 2025

50,000,000 Shares

 

 

LOGO

COMMON STOCK

 

 

This is the initial public offering of common stock of SailPoint, Inc. We are offering 47,500,000 shares of our common stock, and the selling stockholders identified in this prospectus are offering 2,500,000 shares of common stock. We will not receive any of the proceeds from the sale of shares by the selling stockholders. No public market currently exists for our shares. We anticipate that the initial public offering price of our common stock will be between $19.00 and $21.00 per share.

We have applied to list our common stock on the Nasdaq Global Select Market (“Nasdaq”) under the symbol “SAIL.” However, no assurance can be given that our listing application will be approved. If our listing application is not approved by Nasdaq, we will not be able to consummate this offering.

 

 

Investing in our common stock involves risks. See “Risk Factors” beginning on page 22.

 

 

PRICE $    A SHARE

 

 

 

      

Price to
Public

      

Underwriting
Discounts

and
Commissions(1)

      

Proceeds to
SailPoint, Inc.,
before expenses

      

Proceeds to
Selling
Stockholders,
before
expenses

 

Per Share

       $               $               $               $       

Total

       $               $               $               $       

 

(1)

See “Underwriting” for a description of the compensation payable to the underwriters.

We have granted the underwriters the right to purchase up to an additional 7,500,000 shares of common stock at the initial public offering price less underwriting discounts and commissions solely to cover over-allotments, if any.

Immediately after this offering, assuming an offering size as set forth above, participation in this offering as set forth above and an initial public offering price of $20.00 (the midpoint of the estimated price range set forth above), funds controlled by our principal stockholder, Thoma Bravo, will own approximately 88.5% of our outstanding common stock (or 87.3% of our outstanding common stock if the underwriters exercise their option to purchase additional shares in full). See “Risk Factors—Risks Related to This Offering and Ownership of Our Common Stock—Thoma Bravo controls us, and its interests may conflict with ours or yours in the future.” As a result, we expect to be a “controlled company” within the meaning of the corporate governance standards of Nasdaq. See “Management—Corporate Governance—Controlled Company Status.”

One or more entities affiliated with AllianceBernstein L.P. and one or more entities affiliated with Dragoneer Investment Group, LLC (collectively, the “cornerstone investors”) have, severally and not jointly, indicated an interest in purchasing up to an aggregate of 20% of the shares of common stock in this offering (excluding the underwriters’ option to purchase additional shares) at the initial public offering price. The shares to be purchased by the cornerstone investors will not be subject to a lock-up agreement with the underwriters. Because these indications of interest are not binding agreements or commitments to purchase, the cornerstone investors may determine to purchase more, less, or no shares in this offering or the underwriters may determine to sell more, less, or no shares to the cornerstone investors. The underwriters will receive the same discount on any shares of common stock purchased by the cornerstone investors as they will from any other shares of common stock sold to the public in this offering.

Neither the Securities and Exchange Commission nor any other regulatory body has approved or disapproved of these securities or passed upon the accuracy or adequacy of this prospectus. Any representation to the contrary is a criminal offense.

The underwriters expect to deliver the shares of common stock against payment in New York, New York on    , 2025.

 

 

 

MORGAN STANLEY   GOLDMAN SACHS & CO. LLC

J.P. MORGAN

  EVERCORE ISI
BOFA SECURITIES   BARCLAYS   JEFFERIES   RBC CAPITAL MARKETS   BMO CAPITAL MARKETS
BTIG   MIZUHO   PIPER SANDLER   TD COWEN   TRUIST SECURITIES
NETREX CAPITAL MARKETS   ACADEMY SECURITIES   CASTLEOAK SECURITIES, L.P.   PENSERRA SECURITIES LLC   R. SEELAUS & CO., LLC

     , 2025

 


Table of Contents

LOGO

The core of enterprise security is identity SailPoint®


Table of Contents

LOGO

MISSION Manage and secure dynamic access to critical applications and data for every enterprise identity with an intelligent and unified platform


Table of Contents

LOGO

$813MM ARR 30% ARR YoY Growth2 2,895 Customers3 67% YoY Growth of $1MM+ ARR Customers2 44 Rule of Metric4 114 Dollar-Based Net Retention Rate Note: All data as of October 31, 2024 (1) 1. For our definitions of Annual Recurring Revenue and Dollar-Based Net Retention Rate, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Key Business Metrics.” 2. “YoY Growth” is defined as the year-over-year growth of the applicable metric as compared to the metric at the same time in the prior fiscal year. 3. Customer count rounded down to nearest 5. 4. Based on the sum of ARR YoY Growth and LTM Adjusted Operating Margin as of FQ3 2025 ended October 31, 2024 .


Table of Contents

LOGO

(Re)introducing SailPoint WHAT IS THE SAME Our mission Our culture and values Strength of the identity market Market leading product and platform innovation WHAT IS DIFFERENT Explosion in data, applications, and types of identities Evolution from governance product to security platform Software to SaaS transformation Expanded AI-enabled product portfolio Our strategic milestones SailPoint founded SailPoint pioneers identity governance First to market SaaS based identitygovernance1 Acquired by ThomaBravo Enhanced Data Access Security offering through acquisition of Whitebox Security Completed first IPO;First in industry to incorporate AI and ML1 Strengthened Cloud Infrastructure Entitlement Management (CIEM); Acquisition of Orkus Reacquired by ThomaBravo; Launched SailPoint Identity Security Cloud SailPoint Atlas platform launched; Acquisition of SecZetta; Acquired Osirium to enhance privileged offering Acquired Double Zero to enhance threat offering Pioneered identity governance and evolved into identity security 2005 2007 2013 2014 2015 2017 2020 2023 2024 1.Based on management's beliefs.


Table of Contents

LOGO

Extensible architecture redesigned to support future innovation Identity Security Cloud Employees Non-Employees Machines Providing comprehensive coverage of all enterprise identities Lifecycle Management Compliance Management Access Modeling Analytics Non-Employee Risk Management Data Access Security Access Risk Management Cloud Infrastructure Entitlement Management Password Management Machine Identity Security Privileged Task Automation Artificial Intelligence Atlas Platform Orchestration Insights & Reporting Machine Learning Data Model Layer Unified data model establishing visibility and context Connectivity and Extensibility Layer Data from applications, security systems, third-party sources Artificial Intelligence


Table of Contents

TABLE OF CONTENTS

 

 

 

 

We, the selling stockholders, and the underwriters have not authorized anyone to provide any information or to make any representations other than those contained in this prospectus or in any free writing prospectuses we have prepared. We, the selling stockholders, and the underwriters take no responsibility for, and can provide no assurance as to the reliability of, any other information that others may provide you.

We and the selling stockholders are offering to sell, and seeking offers to buy, shares of our common stock only in jurisdictions where offers and sales are permitted. The information contained in this prospectus is accurate only as of the date of this prospectus, regardless of the time of delivery of this prospectus or of any sale of our common stock. Our business, financial condition, results of operations and prospects may have changed since that date.

For investors outside of the United States: neither we, the selling stockholders, nor any of the underwriters have done anything that would permit this offering or possession or distribution of this prospectus in any jurisdiction where action for that purpose is required, other than in the United States. You are required to inform yourselves about, and to observe any restrictions relating to, this offering and the distribution of this prospectus outside of the United States.

Through and including     , 2025 (the 25th day after the date of this prospectus), all dealers effecting transactions in these securities, whether or not participating in this offering, may be required to deliver a prospectus. This is in addition to a dealer’s obligation to deliver a prospectus when acting as an underwriter and with respect to an unsold allotment or subscription.

 

i


Table of Contents

BASIS OF PRESENTATION

SailPoint Parent, LP, the registrant whose name appears on the cover of the registration statement of which this prospectus forms a part, is a Delaware limited partnership. Prior to effectiveness of such registration statement, SailPoint Parent, LP intends to convert into a Delaware corporation pursuant to a statutory conversion and change its name to SailPoint, Inc. as described in the section titled “Corporate Conversion.” As a result of such conversion, the partners of SailPoint Parent, LP will become holders of shares of common stock of SailPoint, Inc. Shares of common stock of SailPoint, Inc. are being offered by this prospectus.

SailPoint Parent, LP indirectly owns all of the capital stock of SailPoint Technologies Holdings, Inc. (“STHI”), a Delaware corporation that was previously traded on the New York Stock Exchange under the symbol “SAIL” from November 2017 until it was acquired by Thoma Bravo in the Take-Private Transaction in August 2022. SailPoint Parent, LP was formed in connection with the Take-Private Transaction to serve as a holding company and did not have previous operations. Accordingly, STHI is viewed as the predecessor to SailPoint Parent, LP, and this prospectus includes certain historical consolidated financial and other data for STHI for periods prior to the Take-Private Transaction. The consolidated financial statements included elsewhere in this prospectus present consolidated financial information of (i) STHI as the predecessor for periods prior to the Take-Private Transaction and (ii) SailPoint, LP as the successor for periods from and after the Take-Private Transaction. Except as otherwise disclosed, the consolidated financial statements and other financial information included elsewhere in this prospectus do not give effect to the Corporate Conversion. We do not expect that the Corporate Conversion will have a material effect on the results of our operations.

Following this offering, the Company will continue to be a holding company and, after the application of the net proceeds from this offering, its sole material asset will be the capital stock of its wholly owned direct and indirect subsidiaries, including STHI.

Unless otherwise noted or the context otherwise requires, as used in this prospectus:

 

   

the “Company,” “our company,” “SailPoint,” “we,” “us” and “our” (i) for periods prior to the Take-Private Transaction, refer to STHI and, where appropriate, its consolidated subsidiaries, (ii) for periods from and after the Take-Private Transaction but prior to the Corporate Conversion, refer to SailPoint Parent, LP and, where appropriate, its consolidated subsidiaries, and (iii) after giving effect to the Corporate Conversion, refer to SailPoint, Inc. and, where appropriate, its consolidated subsidiaries;

 

   

“common stock” refers to the common stock of the issuer;

 

   

the “Corporate Conversion” refers to all of the transactions related to SailPoint Parent, LP’s conversion from a Delaware limited partnership to a Delaware corporation, which will happen prior to the effectiveness of the registration statement of which this prospectus forms a part;

 

   

the “issuer” refers to SailPoint, Inc.;

 

   

the “Predecessor” refers to the Company in the periods prior to the Take-Private Transaction;

 

   

the “Successor” refers to the Company in the periods from and after the Take-Private Transaction but prior to the Corporate Conversion;

 

   

the “Take-Private Transaction” refers to Thoma Bravo’s acquisition of STHI on August 16, 2022;

 

   

“Thoma Bravo” refers to Thoma Bravo UGP, LLC, the ultimate general partner of the Thoma Bravo Funds, and, unless the context otherwise requires, its affiliated entities, including Thoma Bravo, L.P., the management company of the Thoma Bravo Funds; and

 

   

the “Thoma Bravo Funds” refers to Thoma Bravo Executive Fund XIII, L.P., Thoma Bravo Fund XIII, L.P., Thoma Bravo Fund XIII-A, L.P., Thoma Bravo Executive Fund XV, L.P., Thoma Bravo Fund XV, L.P., Thoma Bravo Fund XV-A, L.P., Thoma Bravo Employee Fund, L.P., Project Hotel

 

ii


Table of Contents
 

California Co-Invest Fund, L.P., Thoma Bravo Co-Invest Opportunities XV-1, L.P., Thoma Bravo Co-Invest Opportunities XV-3, L.P., and Project Quail Opportunities, L.P.

All information in this prospectus assumes or gives effect to the following unless otherwise indicated:

 

   

an approximately 60.91-for-1 forward unit split of the Class A units representing limited partner interests of the Company (“Class A Units”) and an approximately 0.45-for-1 reverse unit split of the Class B units representing limited partner interests of the Company (“Class B Units”) that were effected on January 31, 2025 (the “Unit Split”), with all units, share, and per unit or per share information for all periods presented in this prospectus adjusted to reflect the Unit Split on a retroactive basis;

 

   

the effectiveness of the Corporate Conversion prior to the consummation of this offering;

 

   

an initial public offering price of $20.00 per share, which is the midpoint of the estimated price range set forth on the cover of this prospectus; and

 

   

no exercise by the underwriters of their option to purchase up to 7,500,000 additional shares of common stock from us.

 

iii


Table of Contents

for link

LOGO

Letter from our CEO and founder Not many founding CEOs find themselves in a position to introduce their company to the public market for a second time, but I am grateful to be able to do precisely that and want to again thank you for considering an investment in our company. SailPoint has evolved as a company, as has the market we operate in, so I thought it would be helpful to share not just who SailPoint is today, but how we have evolved and enhanced our business and our offerings since our first IPO in 2017. Let’s start with what remains the same: Our mission: While we might use different words to capture our company ethos, the belief underpinning our mission remains the same. We believe that identity security is at the absolute core of enterprise security. To that end, we exist to help enterprises around the globe simplify and automate the process of managing and securing all enterprise identities and their access to critical applications and data. Our culture and values: I feel immense pride that in our nearly twenty years in business, SailPoint’s culture has proven to be meaningful and resilient. We are well-known in the industry for our integrity, our innovation, our impact, and our focus on individuals. These words form our “Four I” core values, and we strive to live them out every day in our interactions with our entire ecosystem, including customers, partners, industry influencers, investors, and each other. Successful strategy and strong execution: We understand the sophisticated and complex identity challenges that enterprises face worldwide and have demonstrated our adaptability in pivoting to address emerging threats. From the evolution of what defines an “identity” (moving beyond our initial focus on employees to embrace non-employees and even machine identities), to understanding the criticality of protecting not only access to applications but also the rapidly growing amount of enterprise data that emanates from those applications, we have continued to evolve in our ability to help our customers keep pace with the velocity of change they face every day in their businesses. Because of our deep understanding of this market, our commitment to building world-class enterprise-class technology, and our consistently strong execution, we have become a clear leader in our market. Strength of the identity market: At the time of our last IPO, identity security was increasingly being seen as essential to securing the enterprise. Today, we believe that view among CIOs and CISOs worldwide has amplified considerably. According to the Identity Defined Security Alliance, 90% of organizations surveyed experienced an identity-related incident in 2023. Enterprises now recognize that taking an “inside out” or “identity centric” approach to enterprise security is critical. As a result of this new reality, we believe demand for identity security solutions has continued to build in the years since our first IPO. Now, what’s different about the SailPoint of today versus the SailPoint of 2017? Software to SaaS transformation: We were in the early stages of our SaaS transformation during our first foray into the public markets. This SaaS transformation accelerated during the pandemic as organizations needed to digitize their operations quickly. We believe that embracing identity security enabled our customers to adopt new technologies including “work from anywhere, from any device” tools in a secure, efficient way. Today, our SaaS transformation is substantially complete, with the majority of our customer base using our SaaS solution, the bulk of all new customers choosing our SaaS solution, and many of our self-hosted customers in the process of or considering migrating to our SaaS solution.


Table of Contents

LOGO

Transformation from governance to security: When we founded SailPoint in 2005, our initial product offering was primarily focused on governance. Customers were asking “How do I manage the ‘who has access to what’ question across the business?” It wasn’t so much about protecting that access but understanding and managing or “governing” that access. The predominant belief today is that not just managing but securing identities and their access to applications and data is critical to enterprise security. It takes just one compromised identity or access point to unravel the security of a business – and we believe that this market, and the perception of its criticality, has evolved substantially in the last handful of years. Explosion in AI: Enterprises today are adopting AI to accelerate decision making, drive operational efficiency and reduce headcount demands. AI wasn’t nearly as prevalent back in 2017, yet we at SailPoint were an early-mover in our industry. We recognized the power that AI could have on identity security, from speeding up and streamlining the administration of identity security policy to infusing analytics and intelligence into identity and access decisions. Today, we believe that AI-enabled identity security is the best path forward for enterprises that can no longer keep up with the speed and complexity surrounding identity and access issues in their organizations. With this context in mind, let me share what we are doing at SailPoint today to address enterprise security through the lens of identity. From a product portfolio standpoint, we deliver comprehensive solutions that address the volume of identities under management, the velocity of change happening across the digital landscape and the inherent complexity of the variety of identities, technologies, and types of access required to keep organizations running smoothly, efficiently, and securely. From a management perspective, our team has never been stronger. We’ve enhanced and expanded our senior management team by attracting new leaders from across the industry who bring new skills and perspectives to complement our established leaders. I remain a firm believer that “none of us is as good as all of us,” which fuels our focus on attracting and retaining the industry-leading talent that we believe is represented in our leadership team today. And, from an execution perspective, our focus on consistent, strong execution remains, but we now deliver on a larger scale. We continue to attract the world’s most respected and well-known organizations as SailPoint customers. We now count half of the Fortune 500 and 25% of the Forbes Global 2000 as customers who have chosen to put their trust in SailPoint to protect their organizations from identity-based threats. We have built a best-in-class ecosystem with some of the world’s best and brightest partners, which includes over 1 million skilled professionals that can offer and implement our solutions globally. Our partnerships with leading technology partners, system integrators, value-added resellers, and managed security service providers help extend our reach and provide the most complete identity security solution to our customers. In closing, I am more optimistic than ever about our future path at SailPoint. This market is dynamic and evolving and I believe our depth of knowledge within identity is unmatched. Our technology is built on a unified, intelligent, and powerful platform that is designed to keep up with enterprise demand and ensure our customers are well-positioned for the changes that undoubtedly lie ahead. Finally, our team is committed, convictional, and prepared to continue delivering world-class solutions and services to the benefit of our customers and key stakeholders alike. With that, I hope you’ll join us on this new chapter in our journey. Sincerely, Mark McClain CEO and Founder


Table of Contents

PROSPECTUS SUMMARY

This summary highlights selected information contained elsewhere in this prospectus. This summary does not contain all of the information that you should consider before investing in our common stock. For a more complete understanding of us and this offering, you should read and carefully consider the entire prospectus, including the more detailed information set forth under “Risk Factors” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our consolidated financial statements and the related notes included elsewhere in this prospectus. Some of the statements in this prospectus are forward-looking statements. See “Forward-Looking Statements.”

Our Vision

Our vision is to manage and secure dynamic access to critical applications and data for every enterprise identity with an intelligent and unified platform.

Overview

SailPoint delivers solutions to enable comprehensive identity security for the enterprise. We do this by unifying identity data across systems and identity types, including employee identities, non-employee identities (which include contractors, consultants, and partners), machine identities (autonomous non-human users such as application level accounts, infrastructure accounts, Internet of Things (“IoT”) devices, application programming interface (“API”) accounts, and bots), and artificial intelligence (“AI”) agents. Our software as a service (“SaaS”) and customer-hosted offerings leverage intelligent analytics to provide organizations with critical visibility into which identities currently have access to which resources, which identities should have access to those resources and how that access is being used. Our solutions enable organizations to establish, control, and automate policies that help them define and maintain a robust security posture and achieve regulatory compliance. Powered by AI, our solutions enable organizations to overcome the scale and complexity of managing identities in real-time across dynamic, complex information technology (“IT”) environments.

The evolving threat landscape requires a more comprehensive identity security approach than ever before. The number of cyber attacks continues to increase at an accelerating rate, fueled in part by the adoption of AI by threat actors. In 2023, 90% of organizations surveyed experienced an identity-related incident according to the Identity Defined Security Alliance (“IDSA”). In June 2024, a significant volume of data was stolen via compromised login credentials from customers of a data warehouse, including data from a large ticketing company and a major bank. Hacking groups extensively use compromised identities in their operations, conducting spear-phishing campaigns to access email accounts, harvesting multifactor authentication (“MFA”) codes and leveraging compromised service accounts to infiltrate victims. Once compromised, insufficiently governed identities enable attacks to access sensitive applications and data, presenting a significant risk to organizations.

Identity security is complicated by an evolving and increasingly complex IT environment. Increasingly distributed and remote workforces, the proliferation of infrastructure as a service (“IaaS”) and SaaS applications and an explosion of data have significantly contributed to this new IT paradigm. Non-employee and machine identities, AI-enabled or otherwise, are driving a significant expansion in the number and scope of identities that organizations must manage.

Organizations lack both the people and expertise needed to manage complex ecosystems, and the personnel and skills gap is widening as identity sprawl continues to proliferate. These factors are further exacerbated by regulatory trends toward greater data privacy requirements, leading organizations to demand more effective solutions for managing identity and data security risk.

 

1


Table of Contents

We believe identity is core to enterprise security. We pioneered the market for enterprise identity governance almost two decades ago, and our leadership in the sector has been recognized by independent research firms, including Gartner, Forrester, and KuppingerCole. From this foundation, we have evolved our offerings to address the most challenging dimensions of identity security today.

Since SailPoint was last a public company, we continued to execute on our ambitious strategy to remain at the forefront of innovation in enterprise security by transforming our product offerings into the SailPoint Identity Security Cloud built on our unified Atlas platform. We accelerated the transition of our product offerings to be consumed as a cloud-native SaaS offering to meet our customers where they are in their digital transformation journey. We expanded the breadth of our Identity Security Cloud from our foundational strength in enterprise identity governance for human identities, to now cover all types of identities and a broad range of identity security use cases. Our strategic transformation has increased our long-term relevance with customers while meaningfully expanding our total addressable market.

Today, we offer a range of solutions to meet the varied needs of our customers across multiple deployment options, including Identity Security Cloud, our SaaS-based cloud solution built on our unified platform, Atlas, and IdentityIQ, our customer-hosted identity security solution. These solutions are designed to enable our customers to make more effective decisions regarding access, improve security processes, and provide them with a deeper understanding of identity and access.

Our solutions are underpinned by several key differentiators:

 

   

Our modular, extensible, and scalable Atlas platform, with its unified architecture and deep integration capability, provides us with the foundation for continued product innovation;

 

   

Our Identity Cube provides a 360-degree view of every enterprise identity, enabling a multidimensional approach to access management that encompasses various aspects of identity, such as attributes, entitlements, and effective permissions; and

 

   

Our use of AI and automation throughout our platform enhances decision-making, accelerates risk detection, and delivers seamless integrations.

Our customers include many of the world’s largest and most complex organizations, including large enterprises across all major verticals and governments. Our go-to-market approach consists primarily of tailored customer engagement strategies by market segment, which we believe is critical to ensuring successful implementation and ongoing customer success. Most new customers purchase one of our SaaS suites. We focus on expanding our customer relationships over time with significant up-selling and cross-selling opportunities, including suite upgrades and additional products.

In recent years, we have transitioned our business to a subscription model. This transition is substantially complete with subscription revenue, which consists primarily of SaaS, maintenance, and term subscriptions, comprising 89% and 92% of our total revenue for the year ended January 31, 2024 and the nine months ended October 31, 2024, respectively. As of October 31, 2024, our annual recurring revenue (“ARR”) was $813.2 million, reflecting an increase of 30% compared to October 31, 2023. Of the 30% increase in ARR, approximately 16% was attributable to new customers and approximately 15% was attributable to existing customers with approximately 3% of this increase attributable to migrations from our customer-hosted solutions (primarily maintenance on previously sold perpetual licenses as well as term subscriptions) to our SaaS solution. Today, our go-to-market motion is focused primarily on our SaaS solution and the growth in our ARR is primarily driven by an increase in SaaS ARR. As of October 31, 2024, our SaaS ARR was $485.7 million, reflecting an increase of 40% as compared to $346.0 million as of October 31, 2023. Of the 40% increase in SaaS ARR, approximately 24% was attributable to new customers and approximately 19% was attributable to existing customers with approximately 8% of this increase attributable to migrations from our

 

2


Table of Contents

customer-hosted solutions (primarily maintenance on previously sold perpetual licenses as well as term subscriptions) to our SaaS solution.

Our transformation has led to rapid growth while increasing the visibility and predictability of our financial model. As of January 31, 2022, 2023, and 2024, our ARR was $374.6 million, $520.1 million, and $681.8 million, respectively, representing year-over-year growth of 44%, 39%, and 31%, respectively. As of January 31, 2022, 2023, and 2024, our SaaS ARR was $166.9 million, $266.6 million, and $388.3 million, respectively, representing year-over-year growth of 83%, 60%, and 46%, respectively.

For the fiscal year ended January 31, 2022 (Predecessor), period from February 1, 2022 to August 15, 2022 (Predecessor), period from August 16, 2022 to January 31, 2023 (Successor), fiscal year ended January 31, 2024 (Successor), and nine months ended October 31, 2024 (Successor):

 

   

Our revenue was $450.0 million, $276.2 million, $276.7 million, $699.6 million, and $621.5 million, respectively.

 

   

Our gross profit margin was 74%, 70%, 58%, 60%, and 64%, respectively.

 

   

Our adjusted gross profit margin was 78%, 73%, 77%, 77%, and 78%, respectively.

 

   

Our subscription gross profit margin was 81%, 78%, 64%, 67%, and 69%, respectively.

 

   

Our adjusted subscription gross profit margin was 85%, 81%, 83%, 84%, and 84%, respectively.

 

   

Our operating margin was (13%), (52%), (62%), (48%), and (26%), respectively.

 

   

Our adjusted operating margin was 3%, (7%), 3%, 8%, and 14%, respectively.

 

   

Our net loss was $(63.2) million, $(149.2) million, $(183.3) million, $(395.4) million, and $(235.7) million, respectively.

Adjusted gross profit margin, adjusted subscription gross profit margin, and adjusted operating margin are non-GAAP financial measures. See “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Non-GAAP Financial Measures” for our definitions of these non-GAAP financial measures, information about how and why we use these non-GAAP financial measures, a discussion of the limitations of these non-GAAP financial measures, and a reconciliation of each of these non-GAAP financial measures to its most directly comparable financial measure calculated in accordance with U.S. generally accepted accounting principles (“GAAP”).

Industry Background

Several factors are causing organizations to transform their approach to identity security and adopt a comprehensive identity security strategy, including:

 

   

Organizations are Increasingly Being Targeted by Cyber Attackers Exploiting Identity-Related Vulnerabilities. Continued advances in cyber attack techniques, including the use of AI, and refinements to other proven approaches, such as spear-phishing and social engineering, have enabled attackers to launch more sophisticated and effective identity-focused attacks at an unprecedented scale. Innovations in AI, such as advanced voice cloning, video cloning, and algorithmic password hacking, have led to increased customer attention to security around identity-centric channels vulnerable to attacks of this nature. According to IDSA, 90% of organizations experienced an identity-related breach in 2023, with 28% of organizations surveyed experiencing a breach involving compromised privileged identities. Identity-related breaches, such as account compromise and phishing, are typically the first step used by advanced persistent threat perpetrators.

 

   

Identity Security is Mission-Critical to Minimizing an Organization’s Attack Surface. The proliferation of cyber attackers exploiting identity-related vulnerabilities has led to the elevation of identity security from what was historically a compliance and audit-driven function to what is now a core pillar of a

 

3


Table of Contents
 

modern security posture. The evolving threat landscape has made identity security a top consideration for Chief Information Officers (“CIOs”), Chief Information Security Officers (“CISOs”), and boards. According to IBM’s Cost of a Data Breach Report 2024, the global average cost of a data breach in 2024 is nearly $5 million, and according to IDSA’s 2024 Trends in Identity Security report, 73% of companies surveyed cite identity security as a top three security priority. However, many organizations do not have a comprehensive identity strategy. A survey done by KuppingerCole in August 2024 found that only 40% of companies have a comprehensive identity security posture.

 

   

IT Environments are Increasingly Complex. Organizations are undergoing a monumental IT shift that includes the move to cloud, hybrid, and multi-cloud environments. Combined with the rise of distributed workforces and the consumerization of enterprise software, these factors have significantly expanded the scope of infrastructure and the number of third-party applications and vendors that organizations must manage and secure. The increasing complexity of the IT environment and growth in the number and types of applications and identities that organizations must manage has led to a proliferation of over-access and over-provisioning, which greatly increases the attack surface and the potential damage of cyber attacks occurring from compromised identities accessing infrastructure, applications, and data.

 

   

Advances in Technology and Connectivity are Accelerating the Growth in the Number and Type of Identities. Historically, organizations have solely focused on managing employee identities. However, as organizations outsource and adopt new technologies, there has been a dramatic rise in non-employee identities (which include contractors, consultants, and partners), machine identities (which are autonomous non-human users such as application level accounts, infrastructure accounts, IoT devices, API accounts, and bots), and AI agents. The advancement of generative AI technology has the potential to significantly expand the number of machine identities via AI agents, autonomous intelligent systems performing tasks without human intervention, a new category of identities that must be managed in order to prevent them from being used by threat actors to breach organizations. We estimate that only a fraction of identities are currently governed. This lack of coverage, combined with the growing number of identities, makes it difficult to address the full breadth of potential vulnerabilities now and in the future.

 

   

Data is Growing Exponentially and Sprawling Beyond the Bounds of Traditional Applications. As a result of ongoing digital transformation, the volume of structured and unstructured data within organizations is growing exponentially. According to International Data Corporation (“IDC”), structured and unstructured data is projected to grow within organizations at a compound annual growth rate of 30% from 2023 to 2028. The confluence of these factors has resulted in the creation of highly sensitive critical data repositories where it is paramount to limit access to only authorized identities.

 

   

Organizations Face a Lack of Resources and Expertise to Implement and Manage a Comprehensive Identity Strategy. While organizations are increasingly prioritizing identity security, they face challenges in implementing an identity security strategy due to the shortage of cybersecurity professionals. According to the International Information System Security Certification Consortium (“ISC2”), a cybersecurity training and certification organization, in 2023, the gap between the number of cybersecurity workers needed and the number who are available increased by approximately 448,000, or 12.6%, year-over-year.

 

   

The Evolving Regulatory Landscape Further Underscores the Need for a Holistic Identity Security Strategy. The regulatory landscape is rapidly evolving. Since 2010, the number of identity-related regulations has grown seven-fold globally. As regulatory agencies heighten their focus on improving and enforcing strict data guardrails, remaining compliant has become a chief concern among organizations. Motivated by both regulatory requirements and financial consequences, organizations are turning to identity security solutions that simplify compliance and audit processes.

 

4


Table of Contents

Limitations of Existing Solutions

Legacy and homegrown identity solutions face numerous inherent limitations in meeting the requirements of the evolving identity landscape and today’s complex IT environment, which include:

 

   

Insufficient Visibility Across the IT Environment Due to Limited Connectivity. Existing identity solutions lack the ability to comprehensively address the unique IT environment of each organization. Without full connectivity to all applications and tools, organizations are unable to fully govern their environment, significantly expanding the exposed attack surface.

 

   

Inability to Address the Breadth and Scale of All Identities. As the nature of an identity within a modern organization evolves, existing solutions are incapable of addressing the billions of identity permutations this can potentially create, limiting an organization’s ability to collect and analyze the data they need to enforce policy.

 

   

Inefficiency of Maintaining Identity Security Posture due to Lack of Automation. To maintain a robust identity security posture, an organization must continuously monitor and maintain all of its employee, non-employee, and machine identities, which can number from the hundreds to the millions. In solutions lacking automation capabilities, the process of managing identities is highly manual, time-consuming, and error-prone, resulting in significant inefficiency and heightened risk.

 

   

Inability to Dynamically Adjust Identity Policy due to a Lack of Advanced Analytics. The roles and application access requirements of identities in the modern organization are dynamic. Existing solutions, however, are not capable of accounting for, and adapting to, situational context. Without advanced analytics and machine learning (“ML”) capabilities, organizations are confined to static identity frameworks that result in default over-provisioning of sensitive applications and rights.

 

   

Inability to Address Evolving Customer Needs Due to Lack of Extensibility in Existing Solutions. While the scope of identity security continues to expand, existing solutions lack the extensible architecture required to address these processes within a single platform. As a result, organizations must either purchase discrete solutions from a legacy vendor or create a patchwork of point solutions from several vendors to address their identity security needs.

 

   

High Total Cost of Ownership. Legacy and homegrown solutions typically require significant investment in hardware and software updates, ongoing support, and specialized personnel to manage and troubleshoot issues. The high costs of these solutions limit organizations from utilizing effective identity procedures.

Our Solutions

We believe identity is core to enterprise security. During our nearly 20-year history, we have continuously evolved our offerings to address the most pressing challenges in identity security.

We offer multiple identity solutions to meet the diverse needs of our customers across a full range of deployment options:

 

   

The SailPoint Identity Security Cloud, which is built on our unified Atlas platform and enables organizations to consume our identity solution as a SaaS offering.

 

   

IdentityIQ, which is our customer-hosted identity security solution and meets the needs of organizations that are not able or ready to implement a SaaS solution.

 

5


Table of Contents

 

LOGO

Our solutions address nearly all types of systems and identities, including data and applications, employee identities, non-employee identities and machine identities, and enable smarter access decisions, improve business processes, and provide deeper understanding of identity and access.

Key Benefits of Our Solutions

The key benefits of our solutions for our customers include:

 

   

Comprehensive Connectivity and Integration, Providing Visibility and Control Over the Entire IT Ecosystem. Our solutions enable organizations to connect identities to the appropriate applications and data across their IT environment with pre-built connectors for a wide range of commercial software products from providers such as Epic, Microsoft, Oracle, Salesforce, SAP, ServiceNow and Workday. As a result, our solutions provide organizations with comprehensive visibility and control over the entire identity ecosystem.

 

   

Addresses the Expanding Scope of Identity Types, Resulting in Comprehensive Identity Security. Our solutions enable organizations to adapt to the expanding scope and complexity of all enterprise identity types, including employee, non-employee, and machine identities, as well as provide a dynamic view of each identity’s risk. Our unified data model, the Identity Cube, provides our customers with visibility into and management for the full, dynamic, and expanding range of parameters (e.g., role, job type and current security posture) that comprise a single identity. Additionally, the scalable architecture of our platform enables our solutions to handle the billions of potential identity permutations created by these parameters, while maintaining high levels of performance.

 

   

Efficient Management of Identities Through Workflows and Automation, Improving Security While Lowering Total Cost of Ownership. With purpose-built, identity-specific workflows and robust automation capabilities, our solutions enable organizations to adopt a real-time approach to identity security. Our low-code/no-code approach to streamlining and automating workflows enables business users and security professionals within organizations to address the massive volume and complexity of processes required for managing enterprise identities.

 

   

Dynamic Enforcement of Identity Security Policies Enabled by Advanced Analytics and AI. Our solutions leverage advanced analytics, AI, and ML to enable the risk-based and policy-driven governance of enterprise identities and to enable our customers to maintain regulatory compliance.

 

   

Provides a Single, Unified Solution for a Broad and Expanding Range of Identity Security Capabilities. We believe our platform provides a single, unified solution to manage an organization’s identity

 

6


Table of Contents
 

security posture through a single pane of glass, eliminating the need for organizations to purchase discrete solutions from a legacy vendor or create a patchwork of point solutions from several vendors.

 

   

Lower Total Cost of Ownership. Over time, our comprehensive identity solutions result in lower total cost of ownership by reducing the human and technology resources needed to implement and maintain legacy technology and manage manual identity processes and by limiting the impact of a breach.

Our Competitive Strengths

Our competitive strengths include:

 

   

Commitment to Expertise in Identity Security. We pioneered the identity-centric approach to enterprise security. Our depth of experience has positioned us to continue to define the next generation of identity security. Our leadership in the sector has been recognized by independent research firms, including Gartner, Forrester, and KuppingerCole.

 

   

Commitment to Innovation. Innovation is one of our core values. From our beginnings in on-premises software, we have pushed into cloud, multi-cloud, and hybrid environments and continually expanded our product offerings. We believe our Identity Security Cloud, based on our Atlas platform, was the first in the industry to integrate AI and ML.

 

   

Extensive Partner Ecosystem that Expands our Reach. We have built a robust ecosystem, which includes numerous skilled professionals that can offer and implement our solutions in more than 50 countries. Our partnerships help extend our reach through channel sales and platform functionality, and we believe this enables us to provide the most complete identity security solution to our customers.

 

   

Dedication to Long-Term Customer Success. Our proactive approach and prescriptive path for customers support their deployment of our solutions, and our focus on innovation helps our customers on their ongoing journey to adopt a more robust security posture. Our customer success efforts have resulted in a dollar-based net retention rate of 114% as of October 31, 2024.

 

   

A Deeply Engaged Community. We have built a highly engaged community of over 100,000 members, including our partners, customers, non-customers, and developers. These members have demonstrated strong levels of engagement, and a growing number have reached, and continue to maintain each quarter, our difficult-to-achieve Community Ambassador status.

 

   

Culture. We consider a healthy organizational culture the foundation for our long-term success. We continuously invest in the employee experience, which has allowed us to retain approximately 95% of our identified top talent in the last two years. Our investment in our team delivers real business value and helps win business the right way, by offering creative solutions that address real customer problems.

Our Market Opportunity

The increasing prevalence of identity-related breaches and continued advances in cyber-attack techniques is prompting organizations to transform their approach to identity security. At the same time, the growing complexity of the enterprise IT environment coupled with the shift to cloud and hybrid environments has made identity security more challenging. Our solutions are designed to address the challenges of all enterprises and mid-market organizations in adopting a comprehensive identity security strategy.

We estimate our market opportunity is approximately $55 billion in 2024. We calculate this figure using the total number of global companies with 100 or more employees, which we determined by referencing independent industry data from the S&P Capital IQ database. We then segment these companies into three cohorts based on the number of employees: companies that have between 100 and 999 employees, companies that have between 1,000

 

7


Table of Contents

and 4,999 employees, and companies with 5,000 or more employees. We then multiply the number of companies in each cohort by the average ARR per customer in the corresponding employee count cohort. Average ARR per customer for each employee count cohort is calculated as the ARR attributable to customers in each cohort who subscribe to our Standard, Business, and Business Plus SaaS suites as of July 31, 2024, divided by the number of customers in that cohort who subscribe to a SaaS suite as of July 31, 2024. Our market opportunity estimate assumes that all companies within each cohort would subscribe to our solutions at the same level as our existing customers in such cohort; however, our actual market opportunity will vary depending on the adoption of our solutions by companies and the purchase levels of such companies once they have subscribed to our solutions.

We believe that we are currently underpenetrated in our existing customer base. We expect our estimated market opportunity will continue to grow as customers expand their usage of our solutions by adopting additional products.

For information regarding assumptions and limitations relating to our market opportunity, see “Risk Factors—Risks Related to Our Business and Industry—Our estimated market opportunity and forecasts of our market and market growth may prove to be inaccurate. Moreover, even if our estimate of the market size is accurate, there can be no assurance that we will serve a significant portion of the market, and even if our estimated market opportunity achieves the forecasted growth, there can be no assurance that our business will grow at similar rates or at all.”

Growth Strategies

The following are key elements of our growth strategy:

 

   

Drive New Customer Growth. We believe we have a significant opportunity to accelerate the growth of our customer base by enhancing our marketing efforts, increasing our sales capacity and productivity, and expanding and further leveraging our use of channel partners.

 

   

Expand Existing Customer Relationships. Our customer base of approximately 2,895 organizations, as of October 31, 2024, provides significant expansion opportunities. As our customers adopt new technologies and implement more comprehensive identity security strategies, we see a substantial opportunity to increase our relationships with existing customers through the increased adoption of our solutions.

 

   

Continue to Leverage and Expand Network of Partners and Alliances. We see a significant opportunity to increase the number of customers we can serve through our systems integrator and managed security service provider (“MSP”) partnerships. Additionally, our technology alliance partners help us extend our reach throughout a customer’s IT environment.

 

   

Expand our Global Footprint. Today, we offer our solutions in more than 60 countries. During the year ended January 31, 2024 and the nine months ended October 31, 2024, we generated 32% of our revenue from outside of the United States. In comparison, IDC forecasts approximately 50% of worldwide spending on security products in 2024 will be generated in markets outside of the United States, presenting a significant opportunity to deepen our existing global footprint and drive incremental sales.

 

   

Continue to Innovate and Expand our Portfolio. We recently launched new offerings in non-employee and risk management, data access security, access risk management and cloud infrastructure entitlement management. We are investing in AI, both to increase the capabilities of our solutions, as well as to help our customers protect their organizations while adopting AI for their own use cases.

Recent Developments

Presented below are certain preliminary estimates of selected key business metrics as of the year ended January 31, 2025. The following information reflects our preliminary estimates with respect to such data based

 

8


Table of Contents

on currently available information. These estimated metrics should not be viewed as a substitute for our financial statements prepared in accordance with GAAP included in this prospectus. In particular, ARR and SaaS ARR should be viewed independently of revenue and subscription revenue, respectively, as operating metrics that are not intended to be combined with or to replace revenue or subscription revenue, respectively, or as a forecast of future revenues. Further, our preliminary estimates below are not necessarily indicative of the metrics to be expected for any future period as a result of various factors, including, but not limited to, those discussed in “Risk Factors” and “Forward-Looking Statements.” This information should be read in conjunction with “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our consolidated financial statements and the related notes included elsewhere in this prospectus.

As of the year ended January 31, 2025, we expect:

 

   

ARR of $875 million to $877 million, and

 

   

SaaS ARR of $538 million to $540 million.

During the fourth quarter of the fiscal year ended January 31, 2025, we continued to experience strong year-over-year ARR and SaaS ARR growth. Based on the midpoint of the expected ranges above, total ARR grew approximately 28% year-over-year and SaaS ARR grew approximately 39% year-over-year. Management considers ARR and SaaS ARR as key metrics for gauging the health and growth of our subscription business.

Risk Factor Summary

There are a number of risks related to our business, this offering, and our common stock that you should consider before you decide to participate in this offering. Some of the principal risks related to an investment in our company include the following:

 

   

We have experienced rapid growth in recent periods, and our recent growth rates may not be indicative of our future growth.

 

   

Our future revenues and operating results will be harmed if we are unable to acquire new customers, if our customers do not renew their arrangements with us, if we are unable to expand sales to our existing customers, or if we are unable to develop new solutions that achieve market acceptance.

 

   

If the market for identity security solutions does not grow, our ability to grow our business and our results of operations may be adversely affected.

 

   

If we are unable to maintain successful relationships with our channel partners, our ability to market, sell, distribute, and implement our solutions will be limited, and our business, financial condition, and operating results would be adversely affected.

 

   

Our quarterly results fluctuate significantly and may not fully reflect the underlying performance of our business.

 

   

Our sales cycle is long and unpredictable, and our sales efforts require considerable time and expense.

 

   

We face intense competition in our market, both from larger, well-established companies and from emerging companies, and we may lack sufficient financial and other resources to maintain and improve our competitive position.

 

   

We anticipate that our operations will continue to increase in complexity as we grow, which will add additional challenges to the management of our business in the future.

 

   

If we are not able to maintain and enhance our brand or reputation as an industry leader and innovator, our business and operating results may be adversely affected.

 

   

Our estimated market opportunity and forecasts of our market and market growth may prove to be inaccurate. Moreover, even if our estimate of the market size is accurate, there can be no assurance that

 

9


Table of Contents
 

we will serve a significant portion of the market, and even if our estimated market opportunity achieves the forecasted growth, there can be no assurance that our business will grow at similar rates or at all.

 

   

Our success depends on the experience and expertise of our senior management team and key employees. If we are unable to hire, retain, train, and motivate our personnel, or to maintain our corporate culture, our business, operating results, and prospects may be harmed.

 

   

Our introduction and use of AI, and the integration of AI with our solutions, may not be successful and may present business, compliance, and reputational challenges, which could lead to operational or reputational damage, competitive harm, legal and regulatory risk, and additional costs, any of which could adversely affect our business, financial condition, and results of operations.

 

   

Our ability to introduce new identity security solutions and features is dependent on adequate research and development resources and our ability to successfully complete acquisitions. If we do not adequately fund our research and development efforts or complete acquisitions successfully, we may not be able to compete effectively, and our business and results of operations may be harmed.

 

   

Cyber attacks or other cybersecurity breaches, incidents, or disruptions with respect to our networks, systems, or applications, including unauthorized access to, or disclosure or other processing of, our proprietary, confidential, or sensitive information, including personal information, could disrupt our operations, compromise sensitive information related to our business or personal information processed by us or on our behalf, and expose us to liability, which could harm our reputation and adversely affect our business, financial condition, and results of operations, and as we grow, we may become a more attractive target for cyber attacks.

 

   

Interruptions, outages, or other disruptions affecting the delivery of our SaaS solution, or any of the third-party cloud-based systems that we use in our operations, may adversely affect our business, operating results, and financial condition.

 

   

Real or perceived errors, failures or disruptions in our platform and solutions could adversely affect our customers’ satisfaction with our solutions and/or our industry reputation and business could be harmed.

 

   

We have a substantial amount of indebtedness, which could adversely affect our financial condition and ability to operate our business.

 

   

Thoma Bravo controls us, and its interests may conflict with ours or yours in the future.

These and other risks are more fully described in the section titled “Risk Factors” in this prospectus. If any of these risks actually occurs, our business, financial condition, results of operations, cash flows, and prospects could be materially and adversely affected. As a result, you could lose all or part of your investment in our common stock.

Our Principal Stockholder

Thoma Bravo is one of the largest software-focused investors in the world, with approximately $160 billion in assets under management as of June 30, 2024. Through its private equity, growth equity, and credit strategies, the firm invests in growth-oriented, innovative companies operating in the software and technology sectors. Leveraging Thoma Bravo’s deep sector knowledge and strategic and operational expertise, the firm collaborates with its portfolio companies to implement operating best practices and drive growth initiatives. Over the past 20+ years, the firm has acquired or invested in more than 490 companies representing approximately $265 billion in enterprise value (including control and non-control investments). The firm has offices in Chicago, London, Miami, New York, and San Francisco.

In connection with this offering, we will enter into a director designation agreement (the “Director Designation Agreement”) with Thoma Bravo that provides Thoma Bravo the right to designate nominees to our

 

10


Table of Contents

board of directors (our “Board”), subject to certain conditions. The Director Designation Agreement will provide Thoma Bravo the right to designate: (i) all of the nominees for election to our Board for so long as Thoma Bravo beneficially owns 40% or more of the total number of shares of our common stock beneficially owned by Thoma Bravo upon completion of this offering, as adjusted for any reorganization, recapitalization, stock dividend, stock split, reverse stock split, or similar changes in our capitalization (such number of shares as may be adjusted, the “Original Amount”); (ii) a number of nominees for election to our Board (rounded up to the nearest whole number) equal to 40% of the total directors for so long as Thoma Bravo beneficially owns at least 30% and less than 40% of the Original Amount; (iii) a number of nominees for election to our Board (rounded up to the nearest whole number) equal to 30% of the total directors for so long as Thoma Bravo beneficially owns at least 20% and less than 30% of the Original Amount; (iv) a number of nominees for election to our Board (rounded up to the nearest whole number) equal to 20% of the total directors for so long as Thoma Bravo beneficially owns at least 10% and less than 20% of the Original Amount; and (v) one nominee for election to our Board for so long as Thoma Bravo beneficially owns at least 5% of the Original Amount. See “Certain Relationships and Related Party Transactions—Related Party Transactions—Director Designation Agreement” for more details with respect to the Director Designation Agreement.

Upon completion of this offering, assuming an offering size as set forth in “—The Offering,” participation in this offering as set forth in “Principal and Selling Stockholders,” and an initial public offering price of $20.00 (the midpoint of the estimated price range set forth on the cover page of this prospectus), Thoma Bravo will beneficially own approximately 88.5% of our common stock (or 87.3% of our common stock if the underwriters exercise their option to purchase additional shares in full) and will therefore be able to control all matters that require approval by our stockholders, including changes to our organizational documents and approval of acquisition offers and other significant corporate transactions. Thoma Bravo’s interests may not coincide with the interests of our other stockholders. Additionally, Thoma Bravo engages in a broad spectrum of activities, including investments in our industry generally. In the ordinary course of its business activities, Thoma Bravo may engage in activities where its interests conflict with our interests or those of our other stockholders, such as investing in or advising businesses that directly or indirectly compete with certain portions of our business or are suppliers or customers of ours. See “Risk Factors—Risks Related to This Offering and Ownership of Our Common Stock—Thoma Bravo controls us, and its interests may conflict with ours or yours in the future.”

In connection with our entry into the Credit Facilities (as defined below) on August 16, 2022, Thoma Bravo acquired $50.0 million of our Term Loan (as defined below), and as of January 15, 2025, Thoma Bravo held $32.7 million of our Term Loan. We expect to use a portion of our net proceeds from this offering to repay a portion of our Term Loan. As a result, assuming an initial public offering price of $20.00 per share (the midpoint of the estimated price range set forth on the cover page of this prospectus), we expect that Thoma Bravo will receive $21.7 million of our net proceeds in connection with such repayment. Also on August 16, 2022, we entered into an advisory services agreement with Thoma Bravo (as amended, the “Advisory Services Agreement”), pursuant to which we engaged Thoma Bravo as a financial, transactional, and management consultant for consultation and advice related to corporate strategy, budgeting of future corporate investments, acquisition and divestiture strategies, and debt and equity financings. The Advisory Services Agreement will be terminated in connection with this offering, and we expect to use $9.3 million of our net proceeds from this offering to pay all outstanding fees payable under the Advisory Services Agreement. See “Use of Proceeds” for additional information regarding our expected use of our net proceeds from this offering.

Status as a Controlled Company

Upon completion of this offering, assuming an offering size as set forth in “—The Offering,” participation in this offering as set forth in “Principal and Selling Stockholders,” and an initial public offering price of $20.00 (the midpoint of the estimated price range set forth on the cover page of this prospectus), Thoma Bravo will own approximately 88.5% of our common stock (or 87.3% of our common stock if the underwriters exercise their option to purchase additional shares in full), and we will be a “controlled company” within the meaning of the

 

11


Table of Contents

rules of Nasdaq. As a result, we will qualify for, and intend to rely on, exemptions from certain corporate governance requirements, and you will not have the same protections as those afforded to stockholders of companies that are subject to such governance requirements. See “Management—Corporate Governance—Controlled Company Status.”

Corporate Conversion

We currently operate as a Delaware limited partnership under the name SailPoint Parent, LP, which directly and indirectly holds all of the equity interests in our operating subsidiaries. Prior to the effectiveness of the registration statement of which this prospectus forms a part, SailPoint Parent, LP will convert into a Delaware corporation pursuant to a statutory conversion and will change its name to SailPoint, Inc. In this prospectus, we refer to all of the transactions related to our conversion into a corporation as the Corporate Conversion. Following the Corporate Conversion, we will remain a holding company and will continue to conduct our business through our operating subsidiaries. For more information, see the section titled “Corporate Conversion.”

Following the completion of the Corporate Conversion and prior to the closing of this offering, Thoma Bravo will own approximately 97.4% of SailPoint, Inc.’s common stock. SailPoint, Inc. will have several wholly owned direct and indirect subsidiaries that are legacies from the corporate structure that existed prior to this offering. See the section titled “Corporate Conversion.”

General Corporate Information

Our principal executive offices are located at 11120 Four Points Drive, Suite 100, Austin, Texas 78726. Our telephone number at that address is (512) 346-2000. Our website address is www.sailpoint.com. The information contained on, or that can be accessed through, our website is not incorporated by reference into this prospectus, and you should not consider any information contained on, or that can be accessed through, our website as part of this prospectus or in deciding whether to purchase our common stock.

The SailPoint design logo and our other registered or common law trademarks, service marks or trade names appearing in this prospectus are the property of SailPoint Technologies, Inc., our wholly-owned subsidiary. Other trademarks and trade names referred to in this prospectus are the property of their respective owners.

Channels for Disclosure of Information

Following the completion of this offering, we intend to announce material information to the public through filings with the Securities and Exchange Commission (the “SEC”), the investor relations page on our website, blog posts on our website, press releases, public conference calls, webcasts, our Twitter feed (@SailPoint), our Instagram page (@lifeatsailpoint), and our LinkedIn page.

The information disclosed through the foregoing channels could be deemed to be material information. As such, we encourage investors, the media, and others to follow the channels listed above and to review the information disclosed through such channels.

Any updates to the list of disclosure channels through which we will announce information will be posted on the investor relations page on our website. Information contained on or accessible through any of the foregoing channels is not incorporated by reference into this prospectus.

 

12


Table of Contents

THE OFFERING

 

Common stock offered by us

  

47,500,000  shares.

Common stock offered by the selling stockholders

  

2,500,000 shares.

Common stock to be outstanding after this offering

  

546,560,464 shares (or 554,060,464 shares if the underwriters exercise their option to purchase additional shares in full).

Option to purchase additional shares of common stock from us to cover over-allotments

  


7,500,000 shares.

Indications of interest

  

Prior to the date hereof, the cornerstone investors have, severally and not jointly, indicated an interest in purchasing up to an aggregate of 20% of the shares of common stock in this offering (excluding the underwriters’ option to purchase additional shares) at the initial public offering price. The shares to be purchased by the cornerstone investors will not be subject to a lock-up agreement with the underwriters. Because these indications of interest are not binding agreements or commitments to purchase, the cornerstone investors may determine to purchase more, less, or no shares in this offering or the underwriters may determine to sell more, less, or no shares to the cornerstone investors. The underwriters will receive the same discount on any shares of common stock purchased by the cornerstone investors as they will from any other shares of common stock sold to the public in this offering.

Use of proceeds

  

We estimate that our net proceeds from this offering will be approximately $893.2 million (or approximately $1,036.1 million if the underwriters exercise their option to purchase additional shares in full), assuming an initial public offering price of $20.00 per share, which is the midpoint of the estimated price range set forth on the cover page of this prospectus, and after deducting the underwriting discounts and commissions and estimated offering expenses payable by us. We will not receive any proceeds from the sale of the shares of common stock being offered by the selling stockholders.

 

The principal purposes of this offering are to repay indebtedness, increase our capitalization and financial flexibility, create a public market for our common stock, and enable access to the public equity markets for us and our stockholders.

 

We expect to use our net proceeds from this offering as follows (assuming an initial public offering price of $20.00 per share, which is the midpoint of the estimated price range set forth on the cover page of this prospectus): (i) approximately $52.8 million to

 

13


Table of Contents
  

settle in cash all outstanding equity awards that were issued in connection with the Take-Private Transaction, (ii) approximately $17.3 million to settle in cash all vested equity appreciation rights (“EARs”), (iii) approximately $9.3 million to pay all outstanding fees payable by us to Thoma Bravo pursuant to the Advisory Services Agreement, (iv) approximately $690.0 million to repay a portion of our Term Loan, and (v) the remainder for general corporate purposes.

  

In connection with our entry into the Credit Facilities on August 16, 2022, Thoma Bravo acquired $50.0 million of our Term Loan, and as of January 15, 2025, Thoma Bravo held $32.7 million of our Term Loan. We expect to use a portion of our net proceeds from this offering to repay a portion of our Term Loan. As a result, assuming an initial public offering price of $20.00 per share (the midpoint of the estimated price range set forth on the cover page of this prospectus), we expect that Thoma Bravo will receive $21.7 million of our net proceeds in connection with such repayment.

Controlled company

  

Upon completion of this offering, assuming an offering size and participation in this offering as set forth in this section, Thoma Bravo will own approximately 88.5% of our common stock (or 87.3% of our common stock if the underwriters exercise their option to purchase additional shares in full). As a result, we expect to be a controlled company within the meaning of the rules of Nasdaq. See “Management—Corporate Governance—Controlled Company Status.”

Risk factors

  

Investing in our common stock involves a high degree of risk. See “Risk Factors” elsewhere in this prospectus for a discussion of factors you should carefully consider before deciding to invest in our common stock.

Proposed trading symbol

   “SAIL”

Except as otherwise indicated in this prospectus, the number of shares of our common stock to be outstanding after this offering and other information based thereon is based on 546,560,464 shares of our common stock outstanding as of January 15, 2025, after giving effect to the Corporate Conversion as if it occurred on January 15, 2025 and the issuance of shares of our common stock in this offering, assuming no exercise by the underwriters of their over-allotment option, and includes:

 

   

495,066,070 shares of our common stock that are issuable upon the conversion of partnership units that are issued, outstanding, and vested as of January 15, 2025, which conversion will occur in connection with the Corporate Conversion; and

 

   

3,994,394 shares of our restricted common stock issuable upon the conversion of incentive units that are issued, outstanding, and unvested as of January 15, 2025 (the “Exchange Restricted Common

 

14


Table of Contents
 

Shares”), which conversion will occur in connection with the Corporate Conversion (including 3,126,563 shares of our restricted common stock that are expected to vest in connection with this offering).

The number of shares of our common stock to be outstanding after this offering excludes:

 

   

56,127,257 shares of our common stock that will be available for future issuance under our Omnibus Incentive Plan (the “Omnibus Plan”), which will be adopted in connection with this offering and under which we intend to issue:

 

   

158,302 shares of our common stock upon vesting and settlement of restricted stock units to be granted upon the exchange of EARs issued, outstanding, and unvested as of January 15, 2025 (after giving effect to the accelerated vesting of such EARs to be settled in cash in connection with this offering), which exchange will occur in connection with the Corporate Conversion (the “Exchange Grants”); and

 

   

up to 27,000,000 shares of common stock upon vesting and settlement of restricted stock units to be granted upon the closing of this offering to certain of our employees (the “IPO Grants”);

 

   

10,931,209 shares of our common stock that will become available for future issuance under our Employee Stock Purchase Plan (the “ESPP”), which will be adopted in connection with this offering; and

 

   

7,500,000 shares of our common stock that would be issued upon the underwriters exercising their option to purchase additional shares in full.

The Omnibus Plan and the ESPP each provides for annual automatic increases in the number of shares of our common stock reserved thereunder, as more fully described in the section titled “Executive Compensation—Actions Taken in Connection with this Offering.”

Unless otherwise indicated, all information in this prospectus, including the number of shares of common stock to be outstanding following this offering, assumes or gives effect to:

 

   

an initial public offering price of $20.00 per share, which is the midpoint of the estimated price range set forth on the cover of this prospectus;

 

   

no exercise by the underwriters of their option to purchase up to 7,500,000 additional shares of common stock from us;

 

   

the Unit Split, with all units, share, and per unit or per share information for all periods presented in this prospectus adjusted to reflect the Unit Split on a retroactive basis;

 

   

the filing of our certificate of incorporation and the adoption of our bylaws, the forms of which are included as exhibits to the registration statement of which this prospectus is a part, upon the Corporate Conversion; and

 

   

the effectiveness of the Corporate Conversion prior to the consummation of this offering.

 

15


Table of Contents

SUMMARY CONSOLIDATED FINANCIAL AND OTHER DATA

You should read the following summary consolidated financial and other data together with our audited consolidated financial statements and related notes included elsewhere in this prospectus and the information under “Management’s Discussion and Analysis of Financial Condition and Results of Operations.” Our historical results are not necessarily indicative of the results to be expected in the future.

On August 16, 2022, STHI was acquired by Thoma Bravo in the Take-Private Transaction. We applied purchase accounting on the date of the Take-Private Transaction, and we refer to the Company as “Predecessor” in the periods before the Take-Private Transaction and as “Successor” in the subsequent periods.

The summary consolidated statements of operations data from February 1, 2021 to January 31, 2022 and from February 1, 2022 to August 15, 2022 relate to the Predecessor and are derived from our audited consolidated financial statements included elsewhere in this prospectus. The summary consolidated statements of operations data for the periods from August 16, 2022 to January 31, 2023 and from February 1, 2023 to January 31, 2024, and the consolidated balance sheet data as of January 31, 2023 and 2024, relate to the Successor and are derived from our audited consolidated financial statements included elsewhere in this prospectus. The summary consolidated statements of operations data for the nine months ended October 31, 2023 and 2024, and the consolidated balance sheet data as of October 31, 2024, relate to the Successor and are derived from our unaudited condensed consolidated financial statements included elsewhere in this prospectus.

Consolidated Statement of Operations Data

 

    Predecessor     Successor  
    Year Ended
January 31, 2022
    February 1, 2022 to
August 15, 2022
    August 16, 2022 to
January 31, 2023
    Year Ended
January 31, 2024
    Nine Months Ended  
    October 31,
2023
    October 31,
2024
 
                (in thousands, except per share data)        
          (unaudited)  

Revenue

           

Subscription

  $ 338,905     $ 227,398     $ 233,047     $ 622,830     $ 438,542     $ 569,540  

Perpetual licenses

    57,716       13,841       10,806       5,842       5,100       360  

Services and other

    53,414       34,915       32,820       70,900       53,223       51,590  
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total revenue

    450,035       276,154       276,673       699,572       496,865       621,490  

Cost of revenue

           

Subscription(1)(2)

    62,783       49,440       85,044       205,053       150,236       174,174  

Perpetual licenses(2)

    2,653       908       3,718       2,227       2,063       121  

Services and other(1)

    49,268       32,454       28,055       69,355       51,364       51,089  

Impairment of intangible assets

    744                                
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total cost of revenue

    115,448       82,802       116,817       276,635       203,663       225,384  
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Gross profit

    334,587       193,352       159,856       422,937       293,202       396,106  

Operating expenses

           

Research and development(1)(2)

    119,533       81,261       78,223       180,778       134,845       124,274  

Sales and marketing(1)(2)

    212,868       140,939       201,331       461,187       338,350       350,038  

General and administrative(1)

    62,477       115,723       51,896       113,701       87,508       80,314  
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total operating expenses

    394,878       337,923       331,450       755,666       560,703       554,626  
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Loss from operations

    (60,291     (144,571     (171,594     (332,729     (267,501     (158,520

Other income (expense), net

           

Interest income

    730       360       1,933       10,658       8,031       3,615  

Interest expense

    (2,676     (1,492     (74,844     (187,059     (139,490     (140,125

 

16


Table of Contents
    Predecessor     Successor  
    Year Ended
January 31, 2022
    February 1, 2022 to
August 15, 2022
    August 16, 2022 to
January 31, 2023
    Year Ended
January 31, 2024
    Nine Months Ended  
    October 31,
2023
    October 31,
2024
 
                (in thousands, except per share data)        
          (unaudited)  

Other income (expense), net

    (821     (1,873     (1,278     (3,219     (2,335     (3,199
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total other income (expense), net

    (2,767     (3,005     (74,189     (179,620     (133,794     (139,709
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Loss before income taxes

    (63,058     (147,576     (245,783     (512,349     (401,295     (298,229

Income tax benefit (expense)

    (99     (1,663     62,524       116,982       93,191       62,503  
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Net loss(3)

  $ (63,157   $ (149,239   $ (183,259   $ (395,367   $ (308,104   $ (235,726
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Class A yield

        (250,638     (583,672     (431,512     (472,439
     

 

 

   

 

 

   

 

 

   

 

 

 

Net loss attributable to Class B unitholders(3)

      $ (433,897   $ (979,039   $ (739,616   $ (708,165
     

 

 

   

 

 

   

 

 

   

 

 

 

Loss per unit attributable to Class B unitholders—basic and diluted(3)

      $ (5.46   $ (12.13   $ (9.19   $ (8.56
     

 

 

   

 

 

   

 

 

   

 

 

 

Weighted average Class B units outstanding—basic and diluted

        79,535       80,746       80,441       82,687  
     

 

 

   

 

 

   

 

 

   

 

 

 

Pro forma basic and diluted loss per share available to common stockholders(4)(5)

        $ (0.77     $ (0.28
       

 

 

     

 

 

 

Pro forma weighted-average shares used in computation of basic and diluted net loss per share(4)(5)

          542,855         545,069  
       

 

 

     

 

 

 

 

(1)

Includes equity-based compensation as follows:

 

    Predecessor     Successor  
    Year Ended
January 31, 2022
    February 1, 2022 to
August 15, 2022
    August 16, 2022 to
January 31, 2023
    Year Ended
January 31, 2024
    Nine Months Ended  
    October 31, 2023     October 31, 2024  
                (in thousands)              
                            (unaudited)  
                                     

Cost of revenue

           

Subscription

  $ 3,871     $ 2,246     $ 3,276     $ 6,675     $ 5,284     $ 5,120  

Services and other

    3,827       1,921       2,744       5,772       4,381       4,854  

Operating expenses

           

Research and development

    16,125       11,222       14,775       30,373       23,062       17,283  

Sales and marketing

    19,208       14,393       21,480       52,292       40,756       26,481  

General and administrative

    10,854       9,772       16,758       39,707       30,748       18,456  
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total

  $ 53,885     $ 39,554     $ 59,033     $ 134,819     $ 104,231     $ 72,194  
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

 

17


Table of Contents
(2)

Includes amortization expenses as follows:

 

    Predecessor     Successor  
    Year Ended
January 31, 2022
    February 1, 2022 to
August 15, 2022
    August 16, 2022 to
January 31, 2023
    Year Ended
January 31, 2024
    Nine Months Ended  
    October 31,
2023
    October 31,
2024
 
   

(in thousands)

 
                            (unaudited)  

Cost of revenue

           

Subscription

  $ 7,660     $  4,603     $ 42,422     $  100,820     $ 75,154     $ 77,466  

Perpetual licenses

    1,818       562       3,383       2,147       1,994       121  

Operating expenses

           

Research and development

    603       367             32             285  

Sales and marketing

    6,287       3,526       69,882       154,030       115,536       102,827  
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total

  $ 16,368     $ 9,058     $ 115,687     $ 257,029     $ 192,684     $ 180,699  
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

 

(3)

All net losses for the Predecessor period for the year ended January 31, 2022 and the period from February 1, 2022 to August 15, 2022 were entirely attributable to Predecessor shareholders. Additionally, due to the impact of the Take-Private Transaction, the Company’s capital structures for the Predecessor and Successor periods are not comparable. As a result, the presentation of loss per share for the periods prior to the Take-Private Transaction is not meaningful.

(4)

The unaudited pro forma net loss attributable to common stockholders used in the calculation of unaudited pro forma basic and diluted net loss per share attributable to common stockholders for the year ended January 31, 2024 was $(416.7) million. The unaudited pro forma weighted-average number of shares outstanding used to determine pro forma basic net loss per share attributable to common stockholders for the year ended January 31, 2024 was 542.9 million.

(5)

Pro forma basic and diluted net loss per share attributable to common stockholders and pro forma weighted-average shares outstanding have been computed giving effect to the transactions described in “Unaudited Pro Forma Condensed Consolidated Financial Information,” including (a) the issuance of 36,567,854.01 Class A Units and 7,988,951.20 Class B Units to Thoma Bravo and other equityholders of the Company for approximately $600.3 million ($550 million and $25 million of which were used to repay borrowings outstanding under our Term Loan and our Revolving Credit Facility, respectively), (b) the Corporate Conversion, and (c) our sale of shares of common stock in this offering and the application of our net proceeds from this offering set forth under “Use of Proceeds,” assuming an initial public offering price of $20.00 per share, which is the midpoint of the estimated price range set forth on the cover page of this prospectus, and after deducting the underwriting discounts and commissions and estimated offering expenses payable by us. In addition to other expected uses of our net proceeds as disclosed under “Use of Proceeds,” assuming an initial public offering price of $20.00 per share (the midpoint of the estimated price range set forth on the cover page of this prospectus), we expect to use approximately $690.0 million of our net proceeds from this offering to repay a portion of our Term Loan. Pro forma basic and diluted net loss per share attributable to common stockholders have been adjusted to reflect the reduction in interest expense and income tax benefit of $122.7 million and $11.7 million, respectively, as a result of the repayment of $550.0 million and $25.0 million of borrowings outstanding under our Term Loan and our Revolving Credit Facility, respectively, and the expected repayment of $690.0 million of borrowings outstanding under our Term Loan with a portion of our net proceeds from this offering. This pro forma data is presented for informational purposes only and does not purport to represent what our net loss or net loss per share actually would have been had this offering and use of proceeds therefrom occurred on January 31, 2024 or to project our net loss or net loss per share for any future period.

 

18


Table of Contents

Consolidated Balance Sheet Data

 

    As of
January 31, 2023
    As of
January 31, 2024
    As of
October 31, 2024
 
    Actual     Actual     Actual     Pro Forma(1)     Pro Forma
As Adjusted(2)(3)
 
    (in thousands)  
                (unaudited)  

Cash and cash equivalents

  $ 424,323     $ 211,647     $ 68,166     $ 118,487     $ 228,793  

Working capital, excluding deferred revenue(4)

    564,069       404,687       253,292       303,613       426,800  

Total assets

    7,922,923       7,589,732       7,316,538       7,366,859       7,477,165  

Deferred revenue, current and non-current

    305,220       372,040       369,383       369,383       369,383  

Long term debt, net of current portion

    1,558,497       1,562,215       1,565,242       1,023,807       344,552  

Total liabilities

    2,317,788       2,292,063       2,236,534       1,693,179       973,869  

Redeemable convertible units

    5,788,394       5,838,864       5,834,148       6,434,469        

Total partners’ deficit / stockholders’ equity

    (183,259     (541,195     (754,144     (760,789     6,503,296  

 

(1)

The unaudited pro forma balance sheet data gives effect to the transactions described in “Unaudited Pro Forma Condensed Consolidated Financial Information,” (a) including (i) the issuance of 36,567,854.01 Class A Units and 7,988,951.20 Class B Units to Thoma Bravo and other equityholders of the Company for approximately $600.3 million ($550 million and $25 million of which were used to repay borrowings outstanding under our Term Loan and our Revolving Credit Facility, respectively) and (ii) the Corporate Conversion, but (b) excluding our sale of shares of common stock in this offering. The pro forma as adjusted information discussed above is illustrative only and will depend on the actual initial public offering price and other terms of this offering determined at pricing.

(2)

The unaudited pro forma as adjusted balance sheet data gives effect to the transactions described in “Unaudited Pro Forma Condensed Consolidated Financial Information,” including (a) the items described in footnote (1) above and (b) our sale of 47,500,000 shares of common stock in this offering and the application of the net proceeds therefrom as set forth under “Use of Proceeds,” assuming an initial public offering price of $20.00 per share, which is the midpoint of the estimated price range set forth on the cover page of this prospectus, and after deducting the underwriting discounts and commissions and estimated offering expenses payable by us.

(3)

A $1.00 increase or decrease in the assumed initial public offering price of $20.00 per share, which is the midpoint of the estimated price range set forth on the cover page of this prospectus, would increase or decrease each of cash and cash equivalents, total assets, working capital, and total partners’ (deficit) equity by approximately $45.2 million, assuming the number of shares offered, as set forth on the cover page of this prospectus, remains the same, and after deducting the underwriting discounts and commissions and estimated offering expenses payable by us. Similarly, each 1,000,000 increase or decrease in the number of shares of common stock offered in this offering would increase or decrease each of cash and cash equivalents, total assets, working capital, and total partners’ (deficit) equity by approximately $19.1 million, based on an assumed initial public offering price of $20.00 per share, which is the midpoint of the estimated price range set forth on the cover page of this prospectus, and after deducting the underwriting discounts and commissions and estimated offering expenses payable by us.

(4)

Working capital is defined as current assets less current liabilities.

Key Business Metrics

In addition to our financial information prepared in accordance with GAAP, we monitor the following key business metrics to help us measure and evaluate the effectiveness of our operations. See “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Key Business Metrics” for more

 

19


Table of Contents

information, including how we define these key business metrics. Although we believe we have a reasonable

basis for each of these metrics, we caution you that these metrics are based on a combination of assumptions that may prove to be inaccurate over time. Please see the section titled “Risk Factors” for more information. In the key business metrics graphs below, “YoY Growth” is defined as the year-over-year growth of the applicable metric as compared to the metric at the same time in the prior fiscal year.

Annual Recurring Revenue

We believe ARR is a key metric to measure our business performance because it measures our ability to generate sales with new customers and to maintain and expand spend with existing customers. Our ARR has grown in each of the past three years, reflecting growth in new customers as well as expanded sales to existing customers. The following graph presents our ARR as of the end of each period noted below (dollars in millions):

 

LOGO

SaaS Annual Recurring Revenue

In recent years, we have transitioned our business to a SaaS-first subscription model. As a result of those efforts, our SaaS ARR has more than doubled from October 31, 2022 to October 31, 2024, and the share of SaaS ARR to total ARR has increased from 49% to 60% from October 31, 2022 to October 31, 2024. We believe the share of ARR generated by our SaaS solution will continue to increase over time. The following graph presents our SaaS ARR as of the end of each period noted below (dollars in millions):

 

LOGO

 

20


Table of Contents

Dollar-Based Net Retention Rate

Our focus on growing our product portfolio as well as expanding customer relationships over time through cross-selling and up-selling has driven expansion of our dollar-based net retention rate from 109% as of October 31, 2022 to 114% as of October 31, 2024. Our dollar-based net retention rate reflects customer expansion, contraction, and churn. The following graph presents our dollar-based net retention rate as of the end of each period noted below:

 

 

LOGO

 

21


Table of Contents

RISK FACTORS

Investing in our common stock involves a high degree of risk. You should carefully consider the risks and uncertainties described below, together with all of the other information contained in this prospectus, including our consolidated financial statements and the related notes thereto, before making a decision to invest in our common stock. The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties that we are unaware of, or that we currently believe are not material, may also become important factors that affect us. If any such risks or any of the following risks occur, our business, financial condition, operating results, and prospects could be materially and adversely affected. Also, the price of our common stock could decline due to any of these risks, and as a result, you could lose all or part of your investment.

Because of the following factors, as well as other factors affecting our businesses, financial condition, operating results, and prospects, past financial performance should not be considered a reliable indicator of future performance, and investors should not rely on historical trends to anticipate trends or results in the future.

Risks Related to Our Business and Industry

We have experienced rapid growth in recent periods, and our recent growth rates may not be indicative of our future growth.

We have experienced rapid growth in recent years. Our revenue grew from $365.3 million to $699.6 million from the fiscal year ended December 31, 2020 to the fiscal year ended January 31, 2024. Our revenue growth may not continue at a level consistent with historical performance. We believe our revenue growth depends on a number of factors, including, but not limited to:

 

   

our ability to attract new customers and retain and increase sales to existing customers;

 

   

our ability to, and the ability of our channel partners to, successfully deploy and implement our solutions, increase our existing customers’ use of our solutions, and provide our customers with excellent customer support;

 

   

our ability to hire and retain substantial numbers of marketing, research and development, and general and administrative personnel and expand our global operations;

 

   

our ability to develop our existing solutions and introduce new solutions; and

 

   

our ability to increase the number of our partners.

If we are unable to achieve any of these requirements, our revenue growth will be adversely affected.

Our future revenues and operating results will be harmed if we are unable to acquire new customers, if our customers do not renew their arrangements with us, if we are unable to expand sales to our existing customers, or if we are unable to develop new solutions that achieve market acceptance.

To continue to grow our business, it is important that we continue to acquire new customers to purchase and use our solutions. Our success in adding new customers depends on numerous factors, including our ability to (i) offer a compelling identity security platform and solutions, (ii) execute an effective sales and marketing strategy, (iii) attract, effectively train, and retain new sales, marketing, professional services, and support personnel in the markets we pursue, (iv) develop or expand relationships with channel partners, including system integrators, value-added resellers, technology partners, and MSPs, (v) expand into new geographies and vertical markets, (vi) deploy our platform and solutions for new customers, and (vii) provide quality customer support once deployed.

It is important to our continued growth that our customers renew their arrangements when existing contract terms expire. For Identity Security Cloud, our SaaS-based cloud solution, and IdentityIQ, our customer-hosted

 

22


Table of Contents

solution, our customers typically enter into three-year contracts with annual billing upfront. Our customers have no obligation to renew their maintenance and term subscriptions, and our customers may decide not to renew these agreements with a similar contract period, at the same prices and terms, or with the same or a greater number of identities. Our customer retention and expansion are difficult to accurately predict and may decline or fluctuate as a result of a number of factors. Our ability to increase revenue depends in large part on our ability to expand our customer relationships over time through up-selling and cross-selling opportunities including suite upgrades and additional products. Our ability to increase sales to existing customers depends on several factors, including their experience with implementing and using our solutions and the existing products they have implemented, their ability to integrate our solutions with existing technologies, and our pricing model.

If we are unable to successfully acquire new customers, retain our existing customers, expand sales to existing customers, or introduce new solutions, our business, financial condition, and operating results would be adversely affected. The adverse effect on our financial results may be particularly acute because of the significant research, development, marketing, sales, and other expenses we will have incurred in connection with the new solutions.

If our new solutions do not achieve adequate acceptance in the market, our competitive position could be impaired and our potential to generate new revenue or to retain existing revenue could be diminished. The adverse effect on our financial results may be particularly acute because of the significant research, development, marketing, sales, and other expenses we will have incurred in connection with the new solutions, and we may not have the ability to introduce compelling new solutions that address the requirements of our customers in light of the dynamic identity security market in which we operate.

Additionally, if the incidence of cyber attacks were to decline, or enterprises or governments perceive that the general level of cyber attacks has declined, our ability to attract new customers could be adversely affected. We may face additional difficulties in attracting organizations that use legacy products to purchase our solutions if they believe that these legacy products are more cost-effective or provide a level of security that is sufficient to meet their needs. Furthermore, the use of our solutions to manage identities and access is relatively new, and if we are unable to convince organizations of the benefits of our solutions, then we may be unable to acquire new customers or keep existing customers.

If the market for identity security solutions does not grow, our ability to grow our business and our results of operations may be adversely affected.

We believe our future success will depend in large part on the growth, if any, in the market for identity security solutions. The market for identity security solutions, including our platform and identity security solutions, is rapidly evolving. As such, it is difficult to predict this market’s potential growth, if any, customer adoption and retention rates, customer demand for identity security platforms or the success of competitive products. Any expansion in this market depends on a number of factors, including the cost, performance, and perceived value associated with our platform and identity security solutions and similar solutions of our competitors, including preference to manage security with existing infrastructure security tools alone, rather than investing in a platform-based identity security solution. The markets for some of our solutions are new, unproven, and evolving, and our future success depends on growth and expansion of these markets. If our platform and identity security solutions do not achieve widespread adoption or there is a reduction in demand for our platform and identity security solutions due to a lack of customer acceptance, technological challenges, competing products or solutions, privacy concerns, decreases in corporate spending, weakening economic conditions or otherwise, it could result in early terminations, reduced customer retention rates, or decreased revenue, any of which would adversely affect our business, financial condition, and results of operations.

 

23


Table of Contents

If we are unable to maintain successful relationships with our channel partners, our ability to market, sell, distribute, and implement our solutions will be limited, and our business, financial condition, and operating results would be adversely affected.

We derive a significant portion of our revenue from sales influenced by, or made through, our channel partner network and expect these sales to continue to grow for the foreseeable future. Our channel partners provide implementation and other services to our customers in exchange for fees paid by those customers. We may not achieve anticipated revenue growth from our channel partners if we are unable to retain our existing channel partners and expand their sales or add additional motivated channel partners.

Our arrangements with our channel partners are generally non-exclusive, meaning they may offer customers the products of several different companies, including products that compete with our solutions and products. If our channel partners do not effectively market and sell our solutions, choose to use greater efforts to market and sell our competitors’ products or services, fail to meet the needs of our customers, or cease marketing our solutions or providing services to us, our ability to grow our business and sell our solutions may be adversely affected. Our channel partners may cease marketing our solutions with limited or no notice and with little or no penalty. In addition, certain of our channel partners are subject to independence requirements that have in the past or may in the future prevent them from providing services to us or cooperating with us in our go-to-market efforts if they also provide services for affiliates of our controlling stockholder, Thoma Bravo. If one or more of our channel partners determines that it is unable to both provide services to us or cooperate with us in our go-to-market efforts and also provide services to affiliates of our controlling stockholder, those channel partners may cease marketing our solutions or otherwise cease providing services to us or cooperating with us in our go-to-market efforts.

We also collaborate with adjacent technology vendors to offer comprehensive solutions to our customers. If we do not effectively collaborate with them, or if they elect to terminate their relationships with us or develop and market solutions that compete with our solutions, our growth would be adversely affected.

Our quarterly results fluctuate significantly and may not fully reflect the underlying performance of our business.

Our quarterly revenue and operating results tend to fluctuate from period-to-period, and we believe that our quarterly results may vary significantly in the future. Consequently, you should not rely on the results of any one quarter as an indication of future performance. Period-to-period comparisons of our revenue and operating results may not be meaningful and, as a result, may not fully reflect the underlying performance of our business.

Our quarterly operating results may fluctuate as a result of a variety of factors, including, but not limited to, those listed below, many of which are outside of our control:

 

   

the mix of revenue and associated costs attributable to subscription and professional services, which may impact our gross margins and operating income;

 

   

the mix of revenue attributable to larger transactions as opposed to smaller transactions and the associated volatility and timing of our transactions;

 

   

the mix of SaaS subscriptions compared to term subscriptions, which affects how we recognize revenue and may result in a decrease in gross margins as well as impact the results of our operations;

 

   

the loss or deterioration of our channel partner and other relationships influencing our sales execution;

 

   

the growth in the market for our solutions;

 

   

our ability to attract new customers and retain and increase sales to existing customers;

 

   

changes in customers’ budgets and in the timing of their purchasing decisions, including seasonal buying patterns for IT spending;

 

24


Table of Contents
   

the timing and success of new product introductions by our competitors and by us;

 

   

changes in our pricing policies or those of our competitors;

 

   

significant security breaches of, technical difficulties with, or interruptions to the delivery and use of our platform;

 

   

changes in the legislative or regulatory environment;

 

   

foreign exchange gains and losses related to expenses and sales denominated in currencies other than the U.S. dollar or the functional currencies of our subsidiaries;

 

   

increases in and timing of sales and marketing and other operating expenses that we may incur to grow and expand our operations and to remain competitive;

 

   

costs related to the acquisition of businesses, talent, technologies, or intellectual property, including potentially significant amortization costs and possible write-downs;

 

   

our ability to control costs, including our operating expenses;

 

   

the collectability of receivables from customers and channel partners, which may be hindered or delayed if these customers or channel partners experience financial distress;

 

   

economic conditions specifically affecting industries in which our customers participate;

 

   

natural disasters or other catastrophic events; and

 

   

litigation-related costs, settlements, or adverse litigation judgments.

Our sales cycle is long and unpredictable, and our sales efforts require considerable time and expense.

The length and unpredictability of the sales cycle for our offerings makes it difficult to identify a regular cadence to our sales and the related revenue recognition. We and our channel partners are often required to spend significant time and resources to better educate and familiarize potential customers with the value proposition of our platform and solutions. Customers often view the purchase of our solutions as a strategic decision and significant investment and, as a result, frequently require considerable time to evaluate, test, and qualify our platform and solutions prior to purchasing our solutions. During the sales cycle, we expend significant time and money on sales and marketing and contract negotiation activities, which ultimately may not result in a sale. Additional factors that may influence the length and variability of our sales cycle include:

 

   

the discretionary nature of purchasing and budget cycles and decisions;

 

   

lengthy purchasing approval processes;

 

   

the evaluation of competing products during the purchasing process;

 

   

time, complexity, and expense involved in replacing existing solutions;

 

   

announcements or planned introductions of new products, features, or functionality by our competitors or of new solutions or modules by us;

 

   

the practice of large enterprises often driving their purchasing cycles based on internal factors rather than marketing cycles; and

 

   

evolving functionality demands.

If our efforts in pursuing sales and customers are unsuccessful, or if our sales cycles lengthen, our revenue could be lower than expected, which would have an adverse effect on our business, operating results, and financial condition.

 

25


Table of Contents

We recognize most of our revenue ratably over the term of our agreements with customers and, as a result, downturns or upturns in sales may not be immediately reflected in our operating results.

In recent years, we have transitioned our business to a subscription model. As we continue this shift, our business, financial condition, operating results, and prospects could be materially and adversely affected if we fail to successfully manage such shift, which depends upon our ability to, among other things, properly price our subscription-based arrangements, deliver SaaS, retain our customers, and further develop or acquire related technologies and infrastructure.

We recognize most of our revenue ratably over the terms of our agreements with customers. As a result, a portion of the revenue that we report in each period will be derived from the recognition of deferred revenue relating to agreements entered into during previous periods. Consequently, a decline in new subscription sales or renewals in any one period may not be immediately reflected in our revenue results for that period. This decline, however, will negatively affect our revenue in future periods. Accordingly, the effect of significant downturns in sales and market acceptance of our solutions and potential changes in our rate of renewals may not be fully reflected in our operating results until future periods.

We expect to continue to invest in research and development, sales and marketing, general and administrative functions, and other areas to grow our business. Such costs are generally expensed as incurred (with the exception of sales commissions and certain research and development costs), as compared to the corresponding revenue, substantially all of which is recognized ratably in future periods. We are likely to recognize the costs associated with these investments earlier than some of the anticipated benefits, and the return on these investments may develop more slowly, or may be lower, than we expect, which could adversely affect our operating results.

We expect our revenue mix and certain business factors to impact the amount of revenue recognized period to period, which could make period-to-period revenue comparisons not meaningful and difficult to predict.

Our subscription revenue includes revenue from sales of SaaS subscriptions, which is recognized ratably over the contract period, and revenue from sales of term subscriptions, a majority of which is recognized upfront when we transfer control of the license to the customer. Due to the proportion of our contracts trending from term subscriptions and maintenance to SaaS subscriptions, our revenue may fluctuate and period-to-period revenue comparisons may not be meaningful, and our past results may not be indicative of future performance. We cannot be certain how long these factors may persist. These factors make it challenging to forecast our revenue as the mix of solutions and services, as well as the size of contracts, are difficult to predict.

We face intense competition in our market, both from larger, well-established companies and from emerging companies, and we may lack sufficient financial and other resources to maintain and improve our competitive position.

The market for identity security solutions is intensely competitive and is characterized by constant change and innovation. We face competition from large, well-known enterprise software vendors that offer identity solutions within their product portfolios, pure play identity vendors (including new market entrants), and vendors with whom we have not traditionally competed but who may either introduce new products or incorporate features into existing products that compete with our solutions. For example, our competitors include large public companies, such as IBM, Microsoft, and Oracle that offer identity solutions within their product portfolios, and identity centric solution providers, including CyberArk, Okta, and One Identity.

Many of our competitors are larger, have greater resources and existing customer relationships, and may be able to compete and respond more effectively than we can to new or changing opportunities, technologies, standards, or customer requirements. Our competitors may also seek to extend or supplement their existing offerings to provide identity security solutions that more closely compete with our offerings. Potential customers may also prefer to purchase, or incrementally add solutions, from their existing suppliers rather than a new or additional supplier regardless of product performance or features.

 

26


Table of Contents

In addition, merger and acquisition transactions in the technology industry continue to occur, particularly transactions involving cloud-based technologies. Accordingly, there is a greater likelihood that we will compete with other large technology companies in the future. Some of our competitors have made acquisitions or entered into strategic relationships to offer a more comprehensive product than they individually had offered. Companies and alliances resulting from these possible consolidations and partnerships may create more compelling product offerings and be able to offer more attractive pricing, making it more difficult for us to compete effectively. In addition, continued industry consolidation may adversely impact customers’ perceptions of the viability of small and medium-sized technology companies and consequently their willingness to purchase from those companies.

New start-up companies that innovate and competitors that are making significant investments in research and development may invent similar or superior products and technologies that compete with our solutions, and our business could be materially and adversely affected if such technologies or products are widely adopted. Conditions in our market could change rapidly and significantly as a result of technological advancements, partnering by our competitors, or continuing market consolidation. These competitive pressures in our market or our failure to compete effectively may result in price reductions, fewer orders, reduced revenue, and gross margins, increased net losses, and loss of market share. Any failure to meet and address these factors would adversely affect our business, financial condition, and operating results.

We anticipate that our operations will continue to increase in complexity as we grow, which will add additional challenges to the management of our business in the future.

Our business has experienced significant growth and is becoming increasingly complex. We increased the number of our employees from 1,394 at December 31, 2020 to 2,645 at October 31, 2024 and the number of countries in which we have employees from 18 at December 31, 2020 to 22 at October 31, 2024. We have also experienced growth in the number of our customers from over 1,700 at December 31, 2020 to approximately 2,895 at October 31, 2024 and the number of countries in which we have customers from over 50 at December 31, 2020 to over 60 at October 31, 2024. We expect this growth to continue and for our operations to become increasingly complex. To effectively manage this growth, we have made, and plan to continue to make, substantial investments to improve our operational, financial, and management controls, as well as our reporting systems and procedures. Our success will depend in part on our ability to manage this complexity effectively without undermining our corporate culture, which we believe has been central to our success. If we are unable to manage this complexity, our business, operations, operating results, and financial condition may suffer.

As our customer base continues to grow, we likely will need to expand our professional services and other personnel, and maintain and enhance our existing partner network, to provide a high level of customer service. We also will need to effectively manage our direct and indirect sales processes as the number and type of our sales personnel and partner network continues to grow and become more complex and as we continue to expand into new geographies and vertical markets. This complexity is further driven by the various ways in which we sell our solutions, including on a per identity and per module basis through SaaS and other subscription offerings. If we do not effectively manage the increasing complexity of our business and operations, the quality of our solutions and customer service could suffer, and we may not be able to adequately address competitive challenges. These factors could impair our ability, and our channel partners’ ability, to attract new customers, retain existing customers, expand our customers’ use of existing solutions and adoption of more of our products, and continue to provide high levels of customer service, all of which would adversely affect our reputation, overall business, operations, operating results, and financial condition.

Seasonality may cause fluctuations in our sales, results of operations and remaining performance obligations.

Historically, we have experienced seasonality in remaining performance obligations (“RPO”) and customer sales, as we typically sell a higher percentage of our solutions to new customers and renewal subscriptions with existing customers in the fourth quarter of our fiscal year. We believe that this results from the procurement,

 

27


Table of Contents

budgeting, and deployment cycles of many of our customers, particularly our enterprise customers. We expect that this seasonality will continue to affect our sales, RPO, and results of operations in the future and might become more pronounced as we continue to target larger enterprise customers.

Our failure to achieve and maintain an effective system of disclosure controls and internal control over financial reporting could adversely affect our financial position and lower our stock price.

As a public company, we will be subject to the reporting requirements of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), the Sarbanes-Oxley Act of 2002 (the “Sarbanes-Oxley Act”), and the rules and regulations of the applicable listing standards of Nasdaq. We expect that the requirements of these rules and regulations will increase our legal, accounting, and financial compliance costs, make some activities more difficult, time-consuming, and costly, and place significant strain on our personnel, systems, and resources. The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting. In order to maintain and improve the effectiveness of our disclosure controls and procedures and internal control over financial reporting, we have expended, and anticipate that we will continue to expend, significant resources, including accounting-related costs and significant management oversight.

Our internal resources and personnel may in the future be insufficient to avoid accounting errors, and there can be no assurance that we will not have material weaknesses in the future. Any failure to develop or maintain effective controls or any difficulties encountered implementing required new or improved controls could harm our operating results or cause us to fail to meet our reporting obligations and may result in a restatement of our financial statements for prior periods. Any failure to implement and maintain effective internal control over financial reporting also could adversely affect the results of periodic management evaluations and annual independent registered public accounting firm attestation reports regarding the effectiveness of our internal control over financial reporting that we will eventually be required to include in our periodic reports that will be filed with the SEC. Ineffective disclosure controls and procedures and internal control over financial reporting could also cause investors to lose confidence in our reported financial and other information, which would likely have a negative effect on the trading price of our common stock. In addition, if we are unable to continue to meet these requirements, we may not be able to remain listed on Nasdaq. We are not currently required to comply with the SEC rules that implement Section 404 of the Sarbanes-Oxley Act and are therefore not required to make a formal assessment of the effectiveness of our internal control over financial reporting for that purpose. As a public company, we will be required to provide an annual management report on the effectiveness of our internal control over financial reporting commencing with our second annual report on Form 10-K. This assessment will need to include disclosure of any material weaknesses identified by our management in our internal control over financial reporting. We will also be required to disclose changes made in our internal control and procedures on a quarterly basis. Our independent registered public accounting firm will not be required to report on the effectiveness of our internal control over financial reporting pursuant to Section 404 of the Sarbanes-Oxley Act until our second annual report required to be filed with the SEC. At such time, our independent registered public accounting firm may issue a report that is adverse in the event it is not satisfied with the level at which our controls are documented, designed, or operating.

Any failure to maintain effective disclosure controls and internal control over financial reporting could have an adverse effect on our business and operating results and could cause a decline in the price of our common stock.

If we are not able to maintain and enhance our brand or reputation as an industry leader and innovator, our business and operating results may be adversely affected.

We believe that maintaining and enhancing our reputation as a leader and innovator in the market for identity security solutions is critical to our relationship with our existing customers and our ability to attract new customers. The successful promotion of our brand attributes will depend on a number of factors, including our

 

28


Table of Contents

marketing efforts, our ability to continue to develop high-quality solutions, and our ability to successfully differentiate our platform and solutions from competitive products and services. Our brand promotion activities may not be successful or yield increased revenue. In addition, independent industry analysts often provide reports of our solutions, as well as those of our competitors, and perception of our solutions in the marketplace may be significantly influenced by these reports. If these reports are negative, or less positive as compared to those of our competitors, our reputation may be adversely affected. Additionally, the performance of our channel partners may affect our brand and reputation if customers do not have a positive experience with our solutions as implemented by our channel partners or with the implementation generally. The promotion of our brand requires us to make substantial expenditures, and we anticipate that the expenditures will increase as our market becomes more competitive, as we expand into new geographies and vertical markets, and as more sales are generated through our channel partners. To the extent that these activities yield increased revenue, this revenue may not offset the increased expenses we incur. If we do not successfully maintain and enhance our brand and reputation, our business and operating results may be adversely affected.

Sales to enterprise customers involve risks that may not be present or that are present to a lesser extent with respect to sales to smaller organizations.

We target our sales to enterprise customers and large organizations, which involves risks that may not be present or that are present to a lesser extent with sales to smaller customers, including the commercial customer segment. These risks include longer sales cycles and negotiations, more complex customer requirements (including audit and other requirements driven by such customers’ regulatory and industry contexts), substantial upfront sales costs, and less predictability in completing some of our sales. For example, enterprise customers may require considerable time to evaluate and test our platform and solutions and those of our competitors prior to making a purchase decision and placing an order or may need specialized security features to meet regulatory requirements. A number of factors influence the length and variability of our sales cycle, including the need to educate potential customers about the uses and benefits of our platform and solutions, the discretionary nature of purchasing and budget cycles, the macroeconomic uncertainty and challenges and resulting increased technology spending scrutiny, and the competitive nature of evaluation and purchasing approval processes. Since the processes for deployment, configuration, and management of our platform and solutions are complex, we are also often required to invest significant time and other resources to train and familiarize potential customers with our platform and solutions. Customers may engage in extensive evaluation, testing, and quality assurance work before making a purchase commitment, which increases our upfront investment in sales, marketing, and deployment efforts, with no guarantee that these customers will make a purchase or increase the scope of their subscriptions. In certain circumstances, an enterprise customer’s decision to use our platform and solutions may be an organization-wide decision, and therefore, these types of sales require us to provide greater levels of education regarding the use and benefits of our platform and solutions. As a result, the length of our sales cycle, from identification of the opportunity to deal closure, has varied, and may continue to vary, significantly from customer to customer, with sales to large enterprises and organizations typically taking longer to complete. Moreover, large enterprise customers often begin to deploy our platform and solutions on a limited basis but nevertheless demand configuration, integration services, and pricing negotiations, which increase our upfront investment in the sales effort with no guarantee that these customers will deploy our identity security solutions widely enough across their organization to justify our substantial upfront investment.

Given these factors, it is difficult to predict whether and when a sale will be completed and when revenue from a sale will be recognized due to the variety of ways in which customers may purchase our platform and solutions. This may result in lower than expected revenue in any given period, which would have an adverse effect on our business, financial condition, and results of operations.

Because our long-term success depends, in part, on our ability to expand the sales and marketing of our solutions to customers located outside of the United States, and we perform a significant portion of our

 

29


Table of Contents

development outside of the United States, our business will be susceptible to risks associated with international operations.

At October 31, 2024, we had customers in over 60 countries and employees in over 20 countries, and we intend to continue expanding our international sales and marketing operations.

Conducting international operations subjects us to risks that we do not generally face in the United States. These risks include:

 

   

encountering existing and new competitors with stronger brand recognition in the new markets;

 

   

challenges developing, marketing, selling, and implementing our platform and solutions caused by language, cultural, and ethical differences, and the competitive environment;

 

   

heightened risks of unethical, unfair, or corrupt business practices, actual or claimed, in certain geographies and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of, and irregularities in, financial statements;

 

   

global and domestic political instability, economic sanctions, terrorist activities, or international conflicts, including the conflict in Israel and the surrounding area and the ongoing conflict between Russia and Ukraine, which have in the past and may in the future impact the operations of our business or the businesses of our customers;

 

   

currency fluctuations;

 

   

the risks of currency hedging activities to limit the impact of exchange rate fluctuations, should we engage in such activities in the future;

 

   

difficulties in managing systems integrators and technology providers;

 

   

laws imposing heightened restrictions on data usage and increased penalties for failure to comply with applicable laws, particularly in the European Union (the “EU”);

 

   

risks associated with trade restrictions and foreign import requirements, including the importation, certification, and localization of our solutions required in foreign countries, as well as changes in trade, tariffs, restrictions, or requirements;

 

   

potentially different pricing environments, longer sales cycles, and longer accounts receivable payment cycles and collections issues;

 

   

management communication and integration problems resulting from cultural differences and geographic dispersion;

 

   

increased turnover of international personnel as compared to our domestic operations;

 

   

potentially adverse tax consequences, including multiple and possibly overlapping tax structures, the complexities of foreign value added tax systems, restrictions on the repatriation of earnings, and changes in tax rates;

 

   

greater difficulty in enforcing contracts, accounts receivable collection, and longer collection periods;

 

   

the uncertainty and limitation of protection for intellectual property rights in some countries;

 

   

increased financial accounting and reporting burdens and complexities; and

 

   

lack of familiarity with local laws, customs, and practices, and laws and business practices favoring local competitors or commercial parties.

The occurrence of any one of these risks could harm our international business and, consequently, our operating results. Additionally, operating in international markets requires significant management attention and financial resources. We cannot be certain that the investment and additional resources required to operate in other countries will produce desired levels of revenue or net income.

 

30


Table of Contents

Unfavorable conditions in our industry or the global economy, including those caused by the ongoing conflicts around the world, or reductions in technology spending, could limit our ability to grow our business and negatively affect our results of operations.

Global business activities face widespread macroeconomic uncertainties, and our results of operations may vary based on the impact of changes in our industry or the global economy on us or our customers and potential customers. Negative conditions in the general economy in the United States, Europe, or Asia and in the global economy, including conditions resulting from changes in gross domestic product growth, financial and credit market fluctuations, inflation and efforts to control further inflation, rising interest rates, bank failures, international trade relations, political turmoil (such as the conflict in Israel and the surrounding area and the ongoing conflict between Russia and Ukraine), potential U.S. federal government shutdowns, natural catastrophes, warfare, and terrorist attacks could cause a decrease in business investments by existing or potential customers, including spending on technology, and negatively affect the growth of our business. As an example, in the United States, capital markets have experienced and continue to experience volatility and disruption. Furthermore, inflation rates in the United States have recently increased to levels not seen in decades. Global economic and global and domestic political uncertainty may cause some of our customers or potential customers to curtail spending generally, or IT and identity security spending specifically, and may ultimately result in new regulatory and cost challenges to our international operations.

In addition to the foregoing, adverse developments that affect financial institutions, transactional counterparties, or other third parties, such as bank failures or concerns or speculation about any similar events or risks, could lead to market-wide liquidity problems, which in turn may cause third parties, including our customers, to become unable to meet their obligations under various types of financial arrangements as well as general disruptions or instability in the financial markets. Such economic volatility could adversely affect our business, financial condition, results of operations, and cash flows, and future market disruptions could negatively impact us. In particular, we have in the past experienced longer sales cycles and related negotiations for prospective customers and existing customer expansions, reduced contract sizes, or generally increased scrutiny on technology spending and budgets from existing and potential customers, due in part to the effects of macroeconomic uncertainty. These customer dynamics may again occur in the future, and to the extent there is a sustained general economic downturn, a recession, or another situation where technology budgets grow at a slower rate or contract, these customer dynamics may be exacerbated.

We have employees and contractors in locations throughout the Middle East, Europe, and Asia, including in Israel. If the global effect of the ongoing conflict in Israel and the surrounding area or the ongoing conflict between Russia and Ukraine escalates or expands, our ability to conduct business in these regions could be adversely impacted, potentially resulting in delays to product development, sales and marketing, and other key business functions. Additionally, in light of reports of an increase in Russian cyber attacks in connection with the current conflict, we may face a heightened risk of state-sponsored cyber attacks in the near term. Our competitors, many of whom are larger and have greater financial resources than we do, may respond to challenging market conditions by lowering prices in an attempt to attract our customers, which may require us to respond in kind and may negatively impact our existing customer relationships and new customer acquisition strategy. In addition, the increased pace of consolidation in certain industries may result in reduced overall spending on our identity security solutions. We cannot predict the timing, strength, or duration of any economic slowdown, instability, or recovery, generally or within any particular industry.

Our estimated market opportunity and forecasts of our market and market growth may prove to be inaccurate. Moreover, even if our estimate of the market size is accurate, there can be no assurance that we will serve a significant portion of the market, and even if our estimated market opportunity achieves the forecasted growth, there can be no assurance that our business will grow at similar rates, or at all.

Our estimated market opportunity and growth forecasts included in this prospectus relating to our market opportunity and the expected growth in that market are subject to significant uncertainty and are based on

 

31


Table of Contents

assumptions and estimates, which may prove to be inaccurate. In particular, our market opportunity estimate assumes that all companies within each cohort would subscribe to our solutions at the same level as our existing customers in such cohort; however, our actual market opportunity will vary depending on the adoption of our solutions by companies and the purchase levels of such companies once they have subscribed to our solutions. Moreover, even if this market meets our size estimate and experiences the forecasted growth, there can be no assurance that our business will serve a significant portion of this market, and we may not grow our business at a similar rate or at all. Our growth is subject to many factors, including our success in implementing our business strategy, which is subject to many risks and uncertainties. See “—Risks Related to Our Business and Industry” for a discussion of risk factors that could impact our growth. Accordingly, our estimated market opportunity and the forecasts of market growth included in this prospectus should not be taken as indicative of our future growth.

Any failure to offer high-quality customer support may adversely affect our relationships with our customers and our financial results.

We typically bundle customer support with arrangements for our solutions. In deploying and using our platform and solutions, our customers typically require the assistance of our support teams to resolve complex technical and operational issues. We may be unable to modify the nature, scope, and delivery of our customer support to compete with changes in product support services provided by our competitors. Increased customer demand for support, without corresponding revenue, could increase costs and adversely affect our operating results. We may also be unable to respond quickly enough to accommodate short-term increases in customer demand for support. Our sales are highly dependent on our reputation and on positive recommendations from our existing customers. Any failure to maintain high-quality customer support, or a market perception that we do not maintain high-quality product support, could adversely affect our reputation and our ability to sell our solutions to existing and new customers.

If we fail to meet contractual commitments related to response time, service level commitments, or quality of professional services, we could be obligated to provide credits for future service or face contract termination, which could adversely affect our business, operating results, and financial condition.

Depending on the solutions purchased, our customer agreements contain service level agreements, under which we guarantee specified availability of our platform and solutions. If we are unable to meet the stated service level commitments to our customers or suffer extended periods of unavailability of our SaaS solution or other subscription offerings, we may be contractually obligated to provide affected customers with service credits or customers could elect to terminate and receive refunds for prepaid amounts. In addition, if the quality of our professional services does not meet contractual requirements, we may be required to re-perform the services at our expense or refund amounts paid for the services. Any failure to meet these contractual commitments could adversely affect our revenue, operating results, and financial condition, and any failure to meet service level commitments or extended service outages of our SaaS solution or other subscription offerings could adversely affect our business and reputation as customers may elect not to renew and we could lose future sales.

Our business depends, in part, on sales to the public sector, which are subject to a number of challenges and risks, and significant changes in the contracting or fiscal policies of the public sector could have an adverse effect on our business.

We derived approximately 12% to 14% of our revenue from sales of our solutions to federal, state, local, and foreign governments and public universities in each of the last three fiscal years, and we believe that the success and growth of our business will continue to depend in part on our successful procurement of government and other public sector contracts. Factors that could impede our ability to maintain or increase the amount of revenue derived from the public sector include:

 

   

changes in fiscal or contracting policies;

 

   

decreases in available government funding;

 

   

changes in government programs or applicable requirements;

 

32


Table of Contents
   

the adoption of new laws or regulations or changes to existing laws or regulations; and

 

   

potential delays or changes in the government appropriations or other funding authorization processes.

The occurrence of any of the foregoing could cause governments, governmental agencies, and others in the public sector to delay or refrain from purchasing our solutions or otherwise have an adverse effect on our business, operating results, and financial condition.

Additionally, the sale of our solutions to the public sector is tied to budget cycles, and there are government requirements and authorizations that we may be required to meet. Further, we may be subject to audits and investigations relating to the contracts we enter into with the public sector, and violations could result in penalties and sanctions, including contract termination, refunding or forfeiting payments, fines and suspension, or debarment from future public sector business. Selling to these entities can be highly competitive, expensive, and time consuming, often requiring significant upfront time and expense. Public sector entities often require contract terms that differ from our standard arrangements and impose additional compliance requirements, require increased attention to pricing practices, or are otherwise time consuming and expensive to satisfy. For example, some of our government entity customers contract with us on the basis of our authorization under the U.S. Federal Risk and Authorization Management Program (“FedRAMP”), which has in the past and may in the future require us to undertake additional actions and expense to ensure compliance. Public sector entities may also have statutory, contractual, or other legal rights to terminate contracts with our partners for convenience, for lack of funding, or due to a default, and any such termination may adversely impact our future results of operations. If we represent that we meet certain standards, authorizations (such as FedRAMP), or requirements and do not meet them, or if such authorizations are suspended or revoked, we could be subject to increased liability from our customers, investigation by regulators, or termination rights. Even if we do meet them, the additional costs associated with providing our service to public sector entities could harm our margins. Moreover, changes in underlying regulatory requirements could be an impediment to our ability to efficiently provide our service to public sector customers and to grow or maintain our customer base. Any of these risks related to contracting with public sector entities could adversely impact our future sales and results of operations or make them more difficult to predict.

Our failure to raise additional capital or generate cash flows necessary to expand our operations and invest in new technologies in the future could reduce our ability to compete successfully and harm our operating results.

We may need to raise additional funds, and we may not be able to obtain additional debt or equity financing on favorable terms, if at all. If we raise additional equity financing, our security holders may experience significant dilution of their ownership interests. If we engage in debt financing, we may be required to accept terms that restrict our ability to incur additional indebtedness, force us to maintain specified liquidity or other ratios, or restrict our ability to pay dividends or make acquisitions. If we need additional capital and cannot raise it on acceptable terms, or at all, we may not be able to, among other things:

 

   

develop and enhance our solutions;

 

   

continue to expand our product development, sales, and marketing organizations;

 

   

hire, train, and retain employees;

 

   

respond to competitive pressures or unanticipated working capital requirements; or

 

   

pursue acquisition opportunities.

We may acquire or invest in companies, which may divert our management’s attention and result in additional dilution to our stockholders. We may be unable to integrate acquired businesses and technologies successfully or achieve the expected benefits of such acquisitions, and acquisitions,

 

33


Table of Contents

particularly of development stage companies, may adversely affect our operating results and liquidity as well as our ability to meet expectations.

Our success will depend, in part, on our ability to expand our solutions and grow our business in response to changing technologies, customer demands, and competitive pressures. As we have in the past, we may in the future choose to do so through the acquisition of, or investment in, new or complementary businesses and technologies rather than through internal development. As a function of the industry in which we operate, we may acquire development stage companies that are not yet profitable, and that require continued investment, which could adversely affect our results of operations and liquidity as well as our ability to meet expectations, particularly if they were formulated prior to such acquisitions. Development stage companies generally involve a higher degree of risk and have not been proven, require additional capital to develop, and typically do not generate enough revenue to offset increased expenses associated therewith.

The identification of suitable acquisition or investment candidates can be difficult, time-consuming, and costly, and we may not be able to successfully complete identified acquisitions or investments. The risks we face in connection with acquisitions and/or investments include:

 

   

an acquisition may negatively affect our operating results because it may require us to incur charges or assume substantial debt or other liabilities, may cause adverse tax consequences or unfavorable accounting treatment, may expose us to claims and disputes by stockholders and third parties, including intellectual property claims and disputes, or may not generate sufficient financial return to offset additional costs and expenses related to the acquisition;

 

   

we may encounter difficulties or unforeseen expenditures in integrating the business, technologies, products, personnel, or operations of any company that we acquire;

 

   

an acquisition or investment may disrupt our ongoing business, divert resources, increase our expenses, and distract our management;

 

   

an acquisition may result in a delay or reduction of customer purchases for both us and the company acquired due to customer uncertainty about continuity and effectiveness of service from either company;

 

   

we may encounter difficulties in, or may be unable to, successfully sell any acquired products or effectively integrate them into or with our existing solutions;

 

   

our use of cash to pay for acquisitions or investments would limit other potential uses for our cash;

 

   

if we incur debt to fund any acquisitions or investments, such debt may subject us to material restrictions on our ability to conduct our business; and

 

   

if we issue a significant amount of equity securities in connection with future acquisitions, existing stockholders may be diluted and earnings per share may decrease.

The occurrence of any of these risks could adversely affect our business, operating results, and financial condition.

If our estimates or judgments relating to our critical accounting policies prove to be incorrect, our operating results could be adversely affected.

The preparation of financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the amounts reported in our consolidated financial statements and accompanying notes. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, as provided in the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations.” The results of these estimates form the basis for making judgments about the carrying values of assets, liabilities, and equity and the amount of revenue and expenses that

 

34


Table of Contents

are not readily apparent from other sources. Significant assumptions and estimates used in preparing our consolidated financial statements include those related to the fair value allocation of multiple performance obligations in revenue recognition, the expected period of benefit of contract acquisition costs, the assumptions underlying the fair value used for equity-based compensation expense and estimated useful lives, and impairment of intangible assets and goodwill arising from business combinations. Our operating results may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our operating results to fall below the expectations of securities analysts and investors, resulting in a decline in the trading price of our common stock.

Changes in existing financial accounting standards or practices, or taxation rules or practices, may harm our operating results.

Changes in existing accounting or taxation rules or practices, new accounting pronouncements or taxation rules, or varying interpretations of current accounting pronouncements or taxation practice could harm our operating results or the manner in which we conduct our business. Further, such changes could potentially affect our reporting of transactions completed before such changes are effective.

GAAP is subject to interpretation by the Financial Accounting Standards Board (“FASB”), the SEC, and various bodies formed to promulgate and interpret appropriate accounting principles. A change in these principles or interpretations could have a significant effect on our reported financial results and could affect the reporting of transactions completed before the announcement of a change. Adoption of such new standards and any difficulties in implementation of changes in accounting principles, including the ability to modify our accounting systems, could cause us to fail to meet our financial reporting obligations, which could result in regulatory discipline and harm investors’ confidence in us.

We track certain business and operational metrics, which are subject to inherent challenges in measurement, and real or perceived inaccuracies in such metrics may harm our reputation and materially adversely affect our stock price, business, results of operations, and financial condition.

We track certain business and operational metrics, including metrics such as ARR, SaaS ARR, and dollar-based net retention rate, which may differ from estimates or similar metrics published by third parties due to differences in sources, methodologies, or the assumptions on which we rely. Our internal systems and tools are subject to a number of limitations, and our methodologies for tracking these metrics may change over time, which could result in unexpected changes to our metrics, including the metrics we publicly disclose. If the internal systems and tools we use to track these metrics undercount or overcount performance or contain algorithmic or other technical errors, the data we report may not be accurate.

If our solutions fail to help our customers achieve and maintain compliance with certain government regulations and industry standards, our business and operating results could be materially and adversely affected.

We believe we generate a portion of our revenues from our solutions because our customers use our solutions as part of their efforts to achieve and maintain compliance with certain government regulations and industry standards, and we expect that will continue for the foreseeable future. Examples of industry standards and government regulations include the Federal Information Security Management Act (FISMA) and associated National Institute for Standards and Testing (NIST) Network Security Standards; the Sarbanes-Oxley Act; the Payment Card Industry Data Security Standard (PCI-DSS); Title 21 of the U.S. Code of Federal Regulations, which governs food and drug industries; the North American Electric Reliability Corporation Critical Infrastructure Protection Plan (NERC-CIP); the European General Data Protection Regulation (“GDPR”); the German Federal Financial Supervisory Authority (BaFin) Minimum Requirements for Risk Management; and the Monetary Authority of Singapore’s Technology Risk Management Notices. These industry standards may change with little or no notice, including changes that could make them more or less onerous for businesses. In addition,

 

35


Table of Contents

governments may also adopt new laws or regulations, or make changes to existing laws or regulations, that could affect whether our customers believe our solution assists them in maintaining compliance with such laws or regulations. If our solutions fail to expedite our customers’ compliance initiatives, our customers may lose confidence in our solutions and could switch to those offered by our competitors. In addition, if government regulations and industry standards related to IT security are changed in a manner that makes them less onerous, our customers may view compliance as less critical to their businesses, and our customers may be less willing to purchase our solutions. In either case, our sales and financial results would suffer.

Our success depends on the experience and expertise of our senior management team and key employees. If we are unable to hire, retain, train, and motivate our personnel, or to maintain our corporate culture, our business, operating results, and prospects may be harmed.

Our success has depended, and continues to depend, on the efforts and talents of our senior management team and key employees, including our CEO, leadership team, engineers, product managers, sales and marketing personnel, and professional services personnel. Our future success will also depend upon our continued ability to identify, hire, and retain additional skilled and highly qualified personnel, which will require significant time, expense, and attention.

The majority of our employees, including all of our officers and key employees, are employed on an at-will basis, which means that they could terminate their employment with us at any time. The loss of one or more members of our senior management team, particularly if closely grouped, could adversely affect our ability to execute our business plan and thus, our business, operating results, and prospects. We do not maintain key man insurance on any of our officers or key employees, and we may not be able to find adequate replacements.

Competition for well-qualified employees in all aspects of our business, including sales, professional services, and software engineering, is intense. We have from time to time experienced, and may in the future have, difficulty hiring and retaining employees with appropriate qualifications, and many of the companies with which we compete for experienced personnel have greater resources than we have. We may need to invest significant amounts of cash and equity to attract and retain new employes, and we may never realize returns on these investments. Additionally, many of our employees may be able to receive significant proceeds from sales of our common stock in the public markets after this offering, which may reduce their motivation to continue to work for us.

We believe that our corporate culture has been and will continue to be a key contributor to our success. The size of our workforce has grown significantly in recent years, and we expect headcount growth to continue for the foreseeable future. If we are not able to maintain our corporate culture as we grow, we may be unable to continue to foster the innovation, integrity, and collaboration we believe we need to support our growth, which could adversely affect our business.

We are exposed to fluctuations in currency exchange rates, which could negatively affect our results of operations.

Our platform and solutions are billed in multiple currencies, and therefore, a portion of our revenue is subject to foreign currency risk. A strengthening of the U.S. dollar could increase the real cost of our platform and solutions to our customers outside of the United States, which could also adversely affect our results of operations. In addition, an increasing portion of our operating expenses are incurred outside the United States. These operating expenses are denominated in foreign currencies and are subject to fluctuations due to changes in foreign currency exchange rates. While we do not currently hedge against the risks associated with currency fluctuations, if our foreign currency risk increases in the future and we are not able to successfully hedge against the risks associated with currency fluctuations, our results of operations would be adversely affected.

Our business could be disrupted by catastrophic events.

Occurrence of any catastrophic event, including earthquake, fire, flood, tsunami, or other weather event, power loss, telecommunications failure, software or commodity appliance malfunction, cyber attack, war,

 

36


Table of Contents

terrorist attack, explosion, or pandemic could impact our business. Our insurance coverage may not compensate us for losses that may occur in the event of a significant natural disaster. Additionally, we rely on third-party systems and enterprise applications, technology systems, and our website for our development, marketing, operational support, hosted services, and sales activities. In the event of a catastrophic event, we may be unable to continue our operations and may endure system interruptions, reputational harm, delays in our product development, lengthy interruptions in our identity security solutions, and breaches of data security, all of which could have an adverse effect on our results of operations. If we are unable to develop adequate plans to ensure that our business functions continue to operate during and after a disaster and to execute successfully on those plans in the event of a disaster or emergency, our business would be harmed.

Risks Related to Our Technology and Our Intellectual Property Rights

Our introduction and use of AI, and the integration of AI with our solutions, may not be successful and may present business, compliance, and reputational challenges, which could lead to operational or reputational damage, competitive harm, legal and regulatory risk, and additional costs, any of which could adversely affect our business, financial condition, and results of operations.

We have incorporated, and expect to continue to incorporate, AI in our solutions, and this incorporation of AI in our business and operations may become more significant over time. The use of generative AI, a relatively new and emerging technology in the early stages of commercial use, exposes us to additional risks, such as potential damage to our reputation, competitive position, and business, legal and regulatory risks, and additional costs. For example, generative AI has been known to produce false or “hallucinatory” inferences or output, and certain generative AI uses ML and predictive analytics, which can create inaccurate, incomplete, or misleading content, unintended biases, and other discriminatory or unexpected results, errors, or inadequacies, any of which may not be easily detectable by us or any of our related service providers. Accordingly, while AI systems may help provide more tailored or personalized user experiences, if the content, analyses, or recommendations that AI systems assist in producing in our solutions are, or are perceived to be, deficient, inaccurate, biased, unethical, or otherwise flawed, our reputation, competitive position, and business may be materially and adversely affected. In addition, new laws and regulations, or the interpretation of existing laws and regulations, in any of the jurisdictions we operate in may affect the use of our AI systems and our use of third-party AI tools and solutions and may expose us to government enforcement or civil suits.

As the legal and regulatory framework encompassing AI matures, it may result in increases in our operational and development expenses that impact our ability to earn revenue from or utilize any AI systems. Any of the foregoing and any similar issues, whether actual or perceived, could negatively impact our users’ experience and diminish the perceived quality and value of our offerings. This in turn could damage our brand, reputation, competitive position, and business. Additionally, if any of our employees, contractors, consultants, vendors, or service providers use any third-party AI-powered tools or solutions in connection with our business or the services they provide to us, it may lead to the inadvertent disclosure or incorporation of our confidential information into publicly available training sets, which may impact our ability to realize the benefit of, or adequately maintain, protect, and enforce our intellectual property or confidential information, harming our competitive position and business. Our ability to mitigate risks associated with disclosure of our confidential information, including in connection with AI systems, will depend on our implementation, maintenance, monitoring, and enforcement of appropriate technical and administrative safeguards, policies, and procedures governing the use of AI in our business.

Additionally, any output created by us using AI tools may not be subject to copyright protection, which may adversely affect our intellectual property rights in, or ability to commercialize or use, any such content. In the United States, a number of civil lawsuits have been initiated related to the foregoing and other concerns, any one of which may, among other things, require us to limit the ways in which our AI systems are trained and may affect our ability to develop our AI-powered solutions. For example, the output produced by AI tools may include information subject to certain privacy or right of publicity laws or constitute an unauthorized derivative

 

37


Table of Contents

work of the copyrighted material used in training the underlying AI model, any of which could also create a risk of liability for us, or adversely affect our business or operations. AI-related lawsuits to date have generally focused on AI service providers, which may increase our risks of liability. In addition, the use of AI has resulted in, and may in the future result in, cybersecurity breaches, incidents, or disruptions that implicate the personal information of clients of AI systems. To the extent that we do not have sufficient rights to use the data or other material or content used in or produced by the AI tools used in our business, or if we experience cybersecurity incidents in connection with our use of AI, it could adversely affect our reputation and expose us to legal liability or regulatory risk, including with respect to third-party intellectual property, privacy, data protection and cybersecurity, publicity, contractual, or other rights. Further, our competitors or other third parties may incorporate AI into their products more quickly or more successfully than us, which could impair our ability to compete effectively.

As the utilization of AI becomes more prevalent, we anticipate that it will continue to present new or unanticipated ethical, reputational, technical, operational, legal, competitive, and regulatory issues, among others. We expect that our incorporation of AI in our business will require additional resources, including the incurrence of additional costs, to develop and maintain our solutions and features to minimize potentially harmful or unintended consequences, to comply with applicable and emerging laws and regulations, to maintain or extend our competitive position and to address any ethical, reputational, technical, operational, legal, competitive, or regulatory issues which may arise as a result of any of the foregoing. As a result, the challenges presented with our use of AI could adversely affect our business, financial condition, and results of operations.

Our ability to introduce new identity security solutions and features is dependent on adequate research and development resources and our ability to successfully complete acquisitions. If we do not adequately fund our research and development efforts or complete acquisitions successfully, we may not be able to compete effectively, and our business and results of operations may be harmed.

To remain competitive, we must continue to offer new data security solutions and enhancements to our platform and existing solutions. This is particularly true as we further expand and diversify our capabilities. Maintaining adequate research and development resources, such as the appropriate personnel and development technology, to meet the demands of the market is essential. If we elect not to or are unable to develop solutions internally due to certain constraints, such as high employee turnover, lack of management ability, or a lack of other research and development resources, we may choose to expand into a certain market or strategy via an acquisition for which we could potentially pay too much or fail to successfully integrate into our operations. We may acquire or invest in companies, which may divert our management’s attention and result in additional dilution to our stockholders. For additional information about the risks we face in connection with acquisitions, see “—Risks Related to Our Business and Industry—We may acquire or invest in companies, which may divert our management’s attention and result in additional dilution to our stockholders. We may be unable to integrate acquired businesses and technologies successfully or achieve the expected benefits of such acquisitions, and acquisitions, particularly of development stage companies, may adversely affect our operating results and liquidity as well as our ability to meet expectations.” Further, many of our competitors expend a considerably greater amount of funds on their respective research and development programs, and those that do not may be acquired by larger companies that would allocate greater resources to our competitors’ research and development programs. Our failure to maintain adequate research and development resources or to compete effectively with the research and development programs of our competitors would give an advantage to such competitors, and our business, financial condition, and results of operations could be adversely affected. Moreover, there is no assurance that our research and development or acquisition efforts will successfully anticipate market needs and result in significant new marketable solutions or enhancements to our solutions, design improvements, cost savings, revenues, or other expected benefits. If we are unable to generate an adequate return on such investments, we may not be able to compete effectively, and our business and results of operations may be adversely affected.

Cyber attacks or other cybersecurity breaches, incidents, or disruptions with respect to our networks, systems, or applications, including unauthorized access to, or disclosure or other processing of, our

 

38


Table of Contents

proprietary, confidential, or sensitive information, including personal information, could disrupt our operations, compromise sensitive information related to our business or personal information processed by us or on our behalf, and expose us to liability, which could harm our reputation and adversely affect our business, financial condition, and results of operations, and as we grow, we may become a more attractive target for cyber attacks.

Our solutions analyze and otherwise process proprietary and confidential information, including personal information. Increasingly, companies in our industry are subject to a wide variety of attacks on their networks and systems. As a well-known provider of identity security solutions, we pose an attractive target for such attacks, and as our footprint grows larger, we may become an even more attractive target for cyber attacks. We have previously experienced, and may in the future experience, various attempts to access or disrupt our networks, systems, and applications. We face threats from a variety of sources, including sophisticated nation-state and nation-state supported actors, cyber criminals, terrorists, and politically motivated groups or individuals that pose risks to our internal networks, our platform, our third-party service providers, and our customers’ systems and the proprietary, confidential, or sensitive information, including personal information processed by us or on our behalf.

The nature of the attacks perpetrated against us may include theft of sensitive information, exploitation of our solutions as part of a supply chain attack against our customers, manipulation of data, ransomware, or others. Any of these attacks, if successful, can lead to significant interruptions in our operations, loss of sensitive data and income, reputational harm, and diversion of funds. In the case of ransomware, extortion payments may alleviate the negative impact of a ransomware attack, but we may be unwilling or unable to make such payments due to, for example, applicable laws or regulations prohibiting such payments. We do expend and may be required to expend significantly more capital and financial resources in the future to protect against any such threats or to alleviate problems caused by breaches in security.

Moreover, future or past business transactions (such as acquisitions or integrations) could expose us to additional cybersecurity risks and vulnerabilities, as our systems could be negatively affected by vulnerabilities present in acquired or integrated entities’ systems and technologies. Furthermore, we may discover security issues that were not found during due diligence of such acquired or integrated entities, and it may be increasingly difficult to integrate companies into our IT environment and security program successfully, or at all.

Despite significant efforts to create security barriers to safeguard against such threats, it is impossible for us to entirely mitigate these risks. Despite our security measures, our and our third-party service providers’ IT and infrastructure may be vulnerable to security risks, including unauthorized access to, use, or disclosure of customer data, theft of proprietary information, employee error or misconduct, denial of service attacks, loss or corruption of customer data, and computer hacking attacks or other cyber attacks subsequently originated from our infrastructure. The security measures we have integrated into our internal networks and platform, which are designed to detect unauthorized activity, protect our proprietary, confidential, or sensitive information, including personal information, prevent data loss and prevent or minimize security breaches, incidents, or disruptions, may not function as expected or may not be sufficient to protect our internal networks and platform against certain attacks. In addition, techniques used to sabotage or obtain unauthorized access to networks in which data is stored or through which data is transmitted change frequently, generally are not recognized until launched against a target, and may be difficult to discover for an extended period. Even if identified, we may be unable to adequately investigate or remediate incidents or breaches due to attackers increasingly using tools and techniques that are designed to circumvent controls, to avoid detection, and to remove or obfuscate forensic evidence. For example, threat actors may leverage emerging AI technologies to develop new hacking tools and attack vectors, exploit vulnerabilities, obscure their activities, and increase the difficulty of threat attribution and remediation. Such cyber attacks and other cybersecurity breaches, incidents, or disruptions may continue to evolve in frequency and sophistication, and as a result, we may be unable to anticipate these techniques or reasonably implement adequate preventative measures to prevent an electronic intrusion into our networks.

If an actual or perceived breach of our or our third-party service providers’ security occurs, whether as result of third-party action, employee error, malfeasance, or otherwise, the market perception of the effectiveness of our

 

39


Table of Contents

security measures could be harmed, our brand and reputation could be impacted, we could lose potential sales and existing customers, our ability to operate our business could be impaired, we could be subject to litigation, government enforcement actions, additional reporting requirements, and restrictions on data processing, and we may incur significant liabilities. Some of our contracts may not contain limitations of liability, and even where they do, there can be no assurance that any such limitations of liability are sufficient to protect us from liabilities, damages, or claims related to any such breaches. Additionally, while our insurance policies include liability coverage for certain breaches, subject to retention amounts that could be substantial, we cannot be sure that our insurance coverage will be sufficient to protect us from liabilities, damages, or claims related to any such breaches, that such coverage will continue to be available on commercially reasonable terms or at all or that such coverage will pay future claims. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or larger deductibles, could adversely affect our business, financial condition, and results of operations. Moreover, failure to maintain effective internal accounting controls related to identity security breaches and cybersecurity in general could impact our ability to produce timely and accurate financial statements and could subject us to regulatory scrutiny and/or government enforcement actions. Further, our solutions may be perceived as less desirable, which could negatively affect our business and damage our reputation. Our ability to retain existing customers, expand solutions, and use case penetration with existing customers and acquire new customers is dependent upon our reputation as a trusted intelligent security provider. The importance of our reputation in retaining existing business and acquiring new business is heightened by our focus on enterprise customers. In addition, we have a number of customers that operate in highly-regulated industries where our customers’ data is particularly sensitive, such as financial services and healthcare. A network or security breach could damage our relationships with customers, result in the loss of customers across one or more use case or solution, and make it more challenging to acquire new customers, and such damage would likely be heightened in the event a network or security breach occurred in the highly-regulated industries we serve. Because techniques used to obtain unauthorized access to, or sabotage, systems change frequently and may not be recognized until launched against a target, we and our customers may be unable to anticipate these techniques or implement adequate preventive measures.

Our operations involve analyzing and processing our customers’ and other third parties’ confidential and proprietary information, including, in some cases, personally identifiable information. We have legal and contractual obligations to protect the confidentiality and appropriate use of such information, including customer data. As a result, security incidents impacting our platform or the systems of our third-party service providers could result in a risk of loss or unauthorized access to or disclosure of the information we process on behalf of our customers. This, in turn, could require notification under applicable data privacy regulations and could lead to litigation, governmental audits and investigations, and possible liability, damage our relationships with our existing customers, trigger indemnification and other contractual obligations, cause us to incur investigation, mitigation, and remediation expenses, and have a negative impact on our ability to attract and retain new customers. Furthermore, any such incident, including a breach of our customers’ systems, could compromise our networks or networks secured by our solutions, creating system disruptions or slowdowns and exploiting security vulnerabilities of our or our customers’ networks, and the information stored on our or our customers’ systems could be accessed or disclosed without authorization, altered, lost, or stolen, which could subject us to liability and cause us financial harm. An actual or perceived breach of our networks, our customers’ networks, those of our third-party service providers or other networks secured by our solutions, whether or not due to a vulnerability in our platform, may also undermine confidence in our platform or our industry and result in expenditure of significant resources in efforts to analyze, correct, eliminate, or work around errors or defects, delayed or lost revenue, delay in the development or release of new solutions, an increase in collection cycles for accounts receivable, damage to our brand and reputation, negative publicity, loss of channel partners, customers and sales, increased costs to remedy any problem, increased insurance expense, and costly litigation.

In addition, if a high-profile security incident occurs with respect to another identity security solution provider, our customers and potential customers may lose trust in the value of the identity security solution business model generally, including the security of our solutions, which could adversely impact our ability to

 

40


Table of Contents

retain existing customers or attract new ones, potentially causing a negative impact on our business. Any of these negative outcomes could adversely impact market acceptance of our solutions and could adversely affect our business, results of operations, and financial condition.

Interruptions, outages, or other disruptions affecting the delivery of our SaaS solution, or any of the third-party cloud-based systems that we use in our operations, may adversely affect our business, operating results, and financial condition.

Our continued growth depends in part on the ability of our existing customers and new customers to consistently access our platform and solutions at any time and within an acceptable amount of time. In addition, our ability to access certain third-party SaaS solutions, including those of our service providers, is important to our operations and the delivery of our customer support and professional services. We have experienced, and may in the future experience, service disruptions, outages, and other performance problems both in the delivery of our SaaS solution and in third-party SaaS solutions we use due to a variety of factors, including infrastructure changes, malicious actors, human or software errors, or capacity constraints. In some instances, we may not be able to identify the cause or causes of these performance problems within an acceptable period of time. If our SaaS solution or the third-party SaaS solutions we depend on are unavailable or if our customers are unable to access features of our SaaS solution within a reasonable amount of time or at all, our business would be negatively affected.

We host our SaaS solution primarily using Amazon Web Services (“AWS”) data centers. Our related operations depend on protecting the virtual cloud infrastructure hosted in AWS by maintaining its configuration, architecture, features, and interconnection specifications, as well as the information stored in these virtual data centers and which third-party internet service providers transmit. Although we have disaster recovery plans that utilize multiple AWS locations, any incident affecting their infrastructure that may be caused by fire, flood, severe storm, earthquake, or other natural disasters, cyber attacks, terrorist, or other attacks, public health issues, or other similar events beyond our control could negatively affect our SaaS platform. A prolonged AWS service disruption affecting our SaaS platform for any of the foregoing or other reasons would negatively impact our ability to serve our customers and could damage our reputation with current and potential customers, expose us to liability, cause us to lose customers, or otherwise harm our business. We may also incur significant costs for using alternative equipment or taking other actions in preparation for, or in reaction to, events that damage the AWS services we use, which would also likely require significant investments of time. In addition, AWS may terminate the agreement by providing 30 days’ prior written notice and may, in some cases, terminate the agreement immediately for cause upon notice. In the event that our AWS service agreements are terminated, or there is a lapse of service, elimination of AWS services or features that we utilize, interruption of internet service provider connectivity, or damage to such facilities, we could experience interruptions in access to our platform as well as significant delays and additional expense in arranging or creating new facilities and services and/or re-architecting our SaaS solution for deployment on a different cloud infrastructure service provider, which may adversely affect our business, operating results, and financial condition.

We rely on third-party software to provide many essential financial and operational services to support our business. Some of these vendors are less established and have shorter operating histories than traditional software vendors. Moreover, many of these vendors, including Salesforce, NetSuite, Workday, and ServiceNow, provide their services to us via a cloud-based model instead of software that is installed on our premises. As a result, we depend upon these vendors to provide us with services that are always available and are free of errors or defects that could cause disruptions in our business processes. Interruptions, outages, or other disruptions affecting SaaS solutions that we rely on can significantly impact our business, operating results, and financial condition. Such disruptions could cause operational delays, inefficiencies, and customer dissatisfaction, which could result in increased customer churn, revenue loss, and increased mitigation costs and potential penalties for not meeting service-level agreements. Frequent or significant disruptions could damage our reputation, making it harder to attract and retain customers. Additionally, service disruptions can result in non-compliance with regulatory requirements, which could lead to legal penalties and increased scrutiny.

 

41


Table of Contents

If we fail to adapt and respond effectively to rapidly changing technology, evolving industry standards, changing regulations, and changing customer needs, requirements, or preferences, our platform and solutions may become less competitive.

The market in which we compete is relatively new and subject to rapid technological change, evolving industry standards, and changing regulations, as well as changing customer needs, requirements, and preferences. The success of our business will depend, in part, on our ability to adapt and respond effectively to these changes on a timely basis. In addition, as our customers’ technologies and business plans grow more complex, we expect them to face new and increasing challenges. Our customers require that our solution effectively identifies and responds to these challenges without disrupting the performance of our customers’ IT systems. As a result, we must continually modify and improve our solutions and introduce or acquire new solutions in response to changes in our customers’ IT infrastructures.

We may be unable to anticipate future market needs and opportunities or be able to develop enhancements to our platform or existing solutions or new solutions to meet such needs or opportunities in a timely manner, if at all. Even if we are able to anticipate, develop, and commercially introduce enhancements to our platform and existing solutions and new solutions, those enhancements and new solutions may not achieve widespread market acceptance. Our enhancements or new solutions could fail to attain sufficient market acceptance for many reasons, including:

 

   

delays in releasing platform or solutions enhancements or new solutions;

 

   

inability to interoperate effectively with existing or newly introduced technologies, systems, or applications of our existing and prospective customers;

 

   

defects, errors, or failures in our platform or solutions;

 

   

negative publicity about the performance or effectiveness of our platform or solutions;

 

   

introduction or anticipated introduction of competing products by our competitors;

 

   

installation, configuration, or usage errors by our customers or partners; and

 

   

changing of regulatory requirements related to security.

If we were unable to enhance our platform or existing solutions or develop new solutions that keep pace with rapid technological and industry change, our business, operating results, and financial condition could be adversely affected. If new technologies emerge that are able to deliver competitive products and services at lower prices, more efficiently, more conveniently, or more securely, such technologies could adversely impact our ability to compete effectively.

Real or perceived errors, failures, or disruptions in our platform and solutions could adversely affect our customers’ satisfaction with our solutions and/or our industry reputation and business could be harmed.

Our platform and solutions are very complex and have contained and may contain undetected defects, vulnerabilities, or errors, especially when solutions are first introduced or enhanced. Our platform and solutions are often used in connection with large-scale computing environments with different operating systems, system management software, equipment, and networking configurations, which may cause errors or failures of products, or other aspects of the computing environment into which our solutions are deployed. If our platform and solutions are not implemented or used correctly or as intended, inadequate performance and disruption of service may result. In addition, deployment of our platform and solutions into complicated, large-scale computing environments may expose errors, failures, or vulnerabilities in our solutions. Any such errors, failures, or vulnerabilities may not be found until after they are deployed to our customers. Some of our software and features are powered by ML and AI, which depend on datasets and algorithms that could be flawed, including through inaccurate, insufficient, outdated, or biased data. From time to time, we have experienced errors, failures, and bugs in our platform that have resulted in customer downtime, and we cannot assure you that we will be able to mitigate future errors, failures, vulnerabilities, or bugs in a quick or cost-effective manner.

 

42


Table of Contents

We and certain of our third-party service providers have in the past experienced, and may in the future experience, performance issues due to a variety of factors, including infrastructure changes, human or software errors, website, or third-party hosting disruptions or capacity constraints due to a number of potential causes including technical failures, cyber attacks, security incidents, natural disasters, or fraud. We have also been the target of distributed denial of service attacks and other cybersecurity attacks that attempt to disrupt our services. If our or our third-party service providers’ products, solutions, or corporate security are compromised, our website, professional services, customer support, or SaaS solution is unavailable, or there are flaws in our ML and AI processes, our business could be negatively affected. Moreover, if our security measures or solutions or third-party service providers are subject to cyber attacks that degrade or deny the ability of users to access our website or other solutions, our solutions may be perceived as insecure, and we may incur significant legal and financial exposure. In particular, our cloud-based solutions may be especially vulnerable to interruptions, performance problems, or cyber attacks. Furthermore, our solutions may not help detect situations in which a valid user identity has been compromised, for example as part of a highly sophisticated cyber attack of the type described below. If we, our third-party service providers, our partners, or one or more customers were to suffer a highly publicized breach, even if our platform and solutions perform effectively, such a breach could cause our customers or potential customers to lose trust in our identity security solutions in general, which could cause us to suffer reputational harm, lose existing commercial relationships and customers, or deter them from purchasing additional products, and prevent new customers from purchasing our solutions. Highly publicized cybersecurity events have heightened consumer, legislative, and regulatory awareness of these kinds of cybersecurity risks, while further emboldening individuals or groups to target IT systems more aggressively, highlighting the vulnerability of IT supply chains.

We continue to invest in the personnel, infrastructure, and third-party best practice software solutions and services necessary to mitigate these risks. However, if we are unable to attract and retain personnel with the necessary cybersecurity expertise, or fail to implement sufficient safeguarding measures, we may not be able to prevent, detect, and mitigate potentially disruptive events which could occur in the future. In some instances, we may not be able to identify the cause or causes of these events within an acceptable period of time. Even with these investments, we may not be able to stop a complex and sophisticated cyber attack. Such attacks can be particularly difficult to prevent or fully mitigate when they occur in the supply chain. If we are or become a target of such an attack, we may not be able to prevent, detect, and mitigate such an attack, which could cause disruptions in service or other performance problems, hurt our reputation and our ability to attract new customers and retain existing customers, and damage our customers’ businesses.

Since our customers use our platform and solutions for important aspects of their security environment and operational business, any real or perceived errors, failures, or vulnerabilities in our solutions, or disruptions in service or other performance problems, could hurt our reputation and may damage our customers’ businesses. Furthermore, defects, errors, vulnerabilities, or failures in our platform or solutions may require us to implement design changes or software updates. Any defects, vulnerabilities, or errors in our platform or solutions, or the perception of such defects, vulnerabilities, or errors, could result in: (i) expenditure of significant financial and product development resources in efforts to analyze, correct, eliminate, or work around errors or defects; (ii) loss of existing or potential customers or channel partners; (iii) delayed or lost revenue; (iv) delay or failure to attain market acceptance; (v) delay in the development or release of new solutions; (vi) negative publicity, which will harm our reputation; (vii) an increase in collection cycles for accounts receivable or the expense and risk of litigation; and (viii) harm to our operating results.

The contractual protections we have in our standard terms and conditions of sale, such as warranty disclaimers and limitation of liability provisions, may not fully or effectively protect us from claims by customers, commercial relationships, or other third parties. Any insurance coverage we may have may not adequately cover all claims asserted against us or may cover only a portion of such claims. In addition, even claims that ultimately are unsuccessful could result in our expenditure of funds in litigation and the diverting of management’s time and other resources.

 

43


Table of Contents

If our platform and solutions do not effectively interoperate with our customers’ existing or future IT infrastructure and applications, implementations could be delayed or cancelled, which would harm our business.

Our success depends on the interoperability of our platform and solutions with third-party applications and data that we have not developed and do not control. Any changes in such applications or data that degrade the functionality of our platform or solutions or give preferential treatment to competitive software could adversely affect the adoption and usage of our solutions. We may not be successful in adapting our platform or solutions to operate effectively with these applications or data. If it is difficult for our customers to access and use our platform or solutions, or if our platform or solutions cannot connect a broadening range of applications and data, then our customer growth and retention may be harmed, and our business and operating results could be adversely affected.

Incorrect or improper implementation or use of our platform and solutions could result in customer dissatisfaction and harm our business, financial condition, and results of operations.

Our platform and solutions are deployed in a wide variety of IT infrastructures, including large-scale, complex technology environments, and we believe our future success will depend, at least in part, on our ability to support such deployments. Implementations of our platform and solutions may be technically complicated, and it may not be easy to maximize the value of our platform and solutions without proper implementation, training, and support. Some of our customers have experienced difficulties implementing our platform and solutions in the past and may experience implementation difficulties in the future. If we or our customers are unable to implement our platform and solutions successfully, customer perceptions of our platform and solutions may be impaired, our reputation and brand may suffer, or customers may choose not to renew their subscriptions or purchase additional identity security solutions from us.

Any failure by customers to appropriately implement our platform and solutions or any failure of our platform and solutions to effectively integrate and operate within our customers’ data management infrastructure could result in customer dissatisfaction, impact the perceived reliability of our platform and solutions, result in negative press coverage, negatively affect our reputation, and harm our business, financial condition, and results of operations.

We use third-party licensed software, third-party licensed services, and cloud services subscriptions in or with our solutions, and the inability to maintain these licenses and subscriptions or issues with the software we license or services we leverage could result in increased costs or reduced service levels, which would adversely affect our business.

Our solutions include software or other intellectual property licensed from certain third parties, and we use certain software and other intellectual property licensed from third parties in our business. We anticipate that we will continue to rely on such third-party software and intellectual property in the future, and from time to time, we may be required to renegotiate our current third-party licenses or license additional technology from third parties to develop new solutions or enhancements thereto or to facilitate new business models. This exposes us to risks over which we may have little or no control. For example, the third-party software we currently license may not always be available, or available on commercially reasonable terms, and we may not have access to alternative third-party software in the event of any issues with such software. In addition, a third party may assert that we or our customers are in breach of the terms of applicable licenses, which could, among other things, force us to cease use of such software and give such third party the right to terminate the applicable license or seek damages from us, or both. Additionally, we may not have the right to control the maintenance, prosecution, preparation, filing, enforcement, defense, or litigation of intellectual property that we license from third parties and are reliant on our licensors to do so. We also cannot be certain that activities such as intellectual property protection, maintenance, prosecution, and enforcement by our licensors have been or will be conducted consistent with our best interests or in compliance with applicable laws and regulations or will result in valid and

 

44


Table of Contents

enforceable intellectual property rights. It is possible that our licensors’ infringement proceedings or defense activities may be less vigorous than had we conducted them ourselves or may not be conducted in accordance with our best interests. Furthermore, we cannot be certain that our licensors are not infringing, misappropriating, or otherwise violating the intellectual property rights of third parties or that our licensors have sufficient rights to the licensed intellectual property in all jurisdictions in which we may offer our solutions. Our inability to obtain or maintain certain licenses or other rights, to obtain or maintain such licenses or rights on favorable terms, or the need to engage in litigation or any other proceedings regarding these matters could result in delays in releases of new solutions and could otherwise disrupt our business, until equivalent technology can be identified, licensed, or developed, if at all. Also, to the extent that our platform and solutions depend upon the successful operation of third-party software in conjunction with our software, any undetected errors, vulnerabilities, compromises, or defects in such third-party software could prevent the deployment or impair the functionality of our solutions, delay new feature introductions, result in a failure of our platform, and injure our reputation. Any of the foregoing could materially adversely affect our business, financial condition, and results of operations.

If we fail to obtain, maintain, protect, defend, or adequately enforce our intellectual property or proprietary rights, our competitive position could be impaired, and we may lose valuable assets, generate reduced revenue, and incur costly litigation to protect our rights.

We regard the protection of our copyrights, proprietary software, trademarks, domain names, trade secrets, and other intellectual property rights as critical to our success. We rely and expect to continue to rely on a combination of copyright, trademark, patent, trade secret, and unfair competition laws, as well as confidentiality procedures and agreements, protective covenant agreements, and other contractual protections with our employees, independent contractors, advisers, channel partners, resellers, and customers to protect our trade secrets, proprietary information, and intellectual property rights.

We strive to protect our intellectual property rights by relying on foreign, federal, state, and common law rights, as well as certain contractual restrictions. However, the steps we take to protect our intellectual property and proprietary rights, including physical, operational, and managerial protections of our confidential information, contractual obligations of confidentiality, assignment agreements with our employees and contractors, license agreements, the prosecution, defense, enforcement, protection, and maintenance of registrations and applications for registration of intellectual property rights, and the defense and enforcement of common law rights require significant resources and may be inadequate. Effective trade secret, copyright, trademark, patent, and domain name protection is expensive to develop and maintain, both in terms of initial and ongoing registration requirements and expenses and the costs of defending and enforcing our rights. Given the costs and expenses of obtaining, maintaining, protecting, exploiting, defending, and enforcing our intellectual property rights, we may choose not to obtain, maintain, protect, exploit, defend, or enforce certain intellectual property rights that later turn out to be important. We cannot guarantee that our efforts to obtain, maintain, protect, exploit, defend, or enforce our intellectual property rights are adequate or that we have secured, or will be able to secure, appropriate permissions or protections for all of the intellectual property rights we use or rely on.

Our registered or unregistered trademarks, trade names, or other intellectual property rights may be challenged, infringed, diluted, circumvented, misappropriated, or otherwise violated or declared invalid or unenforceable or determined to be infringing on or dilutive of other marks. Our domain names and social media handles may also be misappropriated or otherwise misused. Further, at times, competitors may adopt trade names, trademarks, domain names, or social media handles similar to ours, thereby impeding our ability to build, maintain, or extend brand identity and possibly leading to market confusion or brand dilution. Furthermore, even if we are able to obtain intellectual property rights, any challenge to our intellectual property rights could result in them being narrowed in scope or declared invalid or unenforceable. Litigation may become necessary to enforce our intellectual property rights, protect our trade secrets, or determine the validity and scope of proprietary rights claimed by others. We may be unable to prevent the misappropriation or disclosure of our proprietary information or deter independent development of similar technologies by others, which may diminish the value of our brand and other intangible assets and allow competitors to more effectively mimic our solutions.

 

45


Table of Contents

While it is our policy to require our employees, contractors, and other parties with whom we conduct business who may be involved in the conception or development of intellectual property for us to execute agreements assigning such intellectual property to us, we may be unsuccessful in executing such an agreement with each party who, in fact, conceives or develops intellectual property that we regard as our own. Additionally, any such assignment of intellectual property rights may not be self-executing or the assignment agreements may be breached, and we may be forced to bring claims against third parties, or defend claims that they may bring against us, to determine the ownership of what we regard as our intellectual property. Further, although it is our policy to enter into confidentiality agreements with employees and third parties to protect our trade secrets and other proprietary rights, we cannot guarantee that we have entered into such agreements with each party that has or may have had access to our trade secrets, confidential information, software, or other proprietary technology and, even if entered into, these agreements may otherwise fail to effectively prevent disclosure of our proprietary or confidential rights, information, or technologies, may be limited as to their term, or may not provide an adequate remedy in the event of unauthorized disclosure, misappropriation, use, or other violation of our trade secrets, confidential information, and other proprietary rights or technologies.

We pursue the registration or protection of our domain names and trademarks in the United States and in certain jurisdictions abroad. However, the laws of some foreign countries do not protect our intellectual property to the same extent as the laws of the United States, and effective intellectual property protection and enforcement mechanisms may not be available in those jurisdictions, which could make it difficult for us to stop the infringement, misappropriation, dilution, or other violation of our intellectual property or marketing of competing products or solutions in violation of our intellectual property rights generally. We may need to expend additional resources to defend our intellectual property in these countries. Any of the foregoing could adversely affect our business, financial condition, and results of operations.

We may be subject to intellectual property rights claims by third parties, including contractual counterparties, which may be costly to defend, result in damage to our reputation, and could require us to pay significant damages, limit our ability to use certain technologies, and adversely affect our business, financial condition, and results of operations.

Companies in the software and technology industries, including some of our current and potential competitors, own large numbers of patents, copyrights, trademarks, trade secrets, and other intellectual property rights and frequently enter into litigation based on allegations of infringement, misappropriation, or other violations of intellectual property rights. We have in the past and may in the future be subject to notices or claims that we have infringed, misappropriated, or misused the intellectual property of our competitors or other third parties, including third parties that may have significantly larger and more mature patent holdings than we do or are patent holding companies whose sole business is to assert such claims. To the extent we increase our visibility in the market, we face a higher risk of being the subject of intellectual property claims. Additionally, despite our efforts to ensure that our employees, contractors, consultants, vendors, and service providers do not use the intellectual property and other proprietary information or know-how of third parties in their work for us, intellectual property, including copyrighted materials, trade secrets, software code, or other proprietary information, we have been and could in the future be subject to claims that we, our employees, or our contractors, consultants, vendors, and service providers have inadvertently or otherwise used or disclosed intellectual property, copyrighted materials, trade secrets, or other proprietary information of our competitors, former employers, or other parties. Litigation may be necessary to defend against these claims. If we fail in defending against such claims, a court could order us to pay substantial damages and prohibit us from using technologies or features that are essential to our solutions, if such technologies or features are found to incorporate or be derived from the trade secrets or other proprietary information of these parties. In addition, we may lose valuable intellectual property rights or personnel. A loss of key personnel or their work product could hamper or prevent our ability to develop, market, and support potential solutions or enhancements, which could severely harm our business. Even if we are successful in defending against these claims, such litigation could result in substantial costs and be a distraction to management.

Our agreements with customers and other third parties may include indemnification provisions under which we agree to indemnify them or otherwise be liable for losses suffered or incurred as a result of claims of

 

46


Table of Contents

intellectual property infringement or misappropriation, damages caused by us to property or persons, or other liabilities relating to or arising from our platform, solutions, or other contractual obligations. See “—Indemnity provisions in various agreements potentially expose us to substantial liability for intellectual property infringement, misappropriation, or violation as well as other losses.”

Any intellectual property, indemnification, or wrongful use or disclosure claims, with or without merit, could be time-consuming and expensive, could require litigation, and could divert our management’s attention and other resources. These claims could also subject us to significant liability for damages, potentially including treble damages if we are found to have willfully infringed patents or copyrights. These claims could also result in our having to stop using technology found to be in violation of a third party’s rights. We might be required to seek a license for the intellectual property, which may not be available on reasonable terms or at all. Even if a license is available, we could be required to pay significant royalties, which would increase our operating expenses. As a result, we may be required to develop alternative non-infringing technology, which could require significant effort and expense. If we cannot license or develop technology for any aspect of our business that may ultimately be determined to infringe on or misappropriate the intellectual property rights of another party, we could be forced to limit or stop sales of licenses to our platform and solutions and may be unable to compete effectively. We could also lose valuable intellectual property rights or key personnel as a result of a wrongful disclosure dispute. Furthermore, we may be subject to indemnification obligations with respect to third-party intellectual property pursuant to our agreements with our channel partners or customers. Any of these results would adversely affect our business, operating results, and financial condition.

Indemnity provisions in various agreements potentially expose us to substantial liability for intellectual property infringement, misappropriation, or violation as well as other losses.

Our agreements with customers and certain partners include indemnification provisions under which we agree to defend and indemnify such customer or partner for losses suffered or incurred as a result of third-party claims for intellectual property infringement or misappropriation of our solutions. The intellectual property infringement indemnity to such customers or partners is an uncapped liability for which we would be responsible, and intellectual property indemnity provisions survive termination or expiration of the applicable agreement.

From time to time, customers also require us to indemnify them for a third-party claim for a violation of law arising from our breach of obligations under the applicable agreement. The existence of such a dispute may have adverse effects on our customer relationship and reputation, and even if we contractually limit our liability with respect to such obligations, we may still incur substantial liability related to them. Any assertions by a third party, whether or not successful, with respect to any of these indemnification obligations could subject us to costly and time-consuming litigation, expensive remediation and licenses, divert management attention and financial resources, harm our relationship with that customer and other current and prospective customers, reduce demand for our platform and solutions, and harm our brand, business, operating results, and financial condition. Any dispute with a customer with respect to such obligations could have adverse effects on our relationship with that customer and other existing customers and new customers and adversely affect our business and operating results.

Our use of “open source” software could negatively affect our ability to sell our solutions and subject us to possible litigation.

Some aspects of our platform and solutions are built using open source software, and we intend to continue to use open source software in the future. From time to time, we contribute software source code to open source projects under open source licenses or release internal software projects under open source software licenses and anticipate doing so in the future. Open source software is generally freely accessible, usable, and modifiable. However, certain open source licenses may, in certain circumstances, require us to offer our solutions that incorporate the open source software for no cost, make available source code for modifications or derivative works

 

47


Table of Contents

we create based upon the open source software, incorporate or use the open source software, and/or license such modifications or derivative works under the terms of the particular open source license or otherwise unfavorable terms. The terms of certain open source licenses to which we are subject have not been interpreted by U.S. or foreign courts, and there is a risk that open source software licenses could be construed in a manner that imposes unanticipated conditions or restrictions on our ability to monetize our solutions. While we try to insulate our proprietary code from the effects of such open source license provisions, we cannot guarantee that we will be successful, that all open source software is reviewed prior to use in our solutions, that our developers have not incorporated open source software into our solutions in potentially disruptive ways, or that they will not do so in the future. Additionally, we may from time to time face claims from third parties claiming ownership of, or demanding release of, the open source software or derivative works that we developed using such software, which could include our proprietary source code, or otherwise seeking to enforce the terms of the applicable open source software license. These claims could result in costly litigation and could require us to make our software source code freely available, purchase a costly license, or cease offering the implicated solutions unless and until we can re-engineer them to avoid infringement or violation. This re-engineering process could require significant additional research and development resources, and we may not be able to complete it successfully. We could also be subject to suits by parties claiming ownership of what we believe to be open source software. In addition to risks related to license requirements, use of certain open source software can lead to greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or controls on the origin of software and, thus, may contain security vulnerabilities or broken code. Moreover, some open source projects have known security and other vulnerabilities and architectural instabilities, or are otherwise subject to security attacks due to their wide availability, and are provided on an “as-is” basis. There is typically no support available for open source software, and we cannot ensure that the authors of such open source software will implement or push updates to address security risks or will not abandon further development and maintenance. Further, our use of any AI tools that use, incorporate, or output any open source software may heighten the foregoing risks. Any of these risks could be difficult to eliminate or manage, and if not addressed, could have a negative effect on our business, operating results, and financial condition.

Risks Related to Our Indebtedness

Servicing our debt may require a significant amount of cash, and we may not have sufficient cash flow from our business to do so.

We have historically relied on the availability of debt financing. Our ability to make scheduled payments of the principal of, to pay interest on, or to refinance our indebtedness, including any future borrowings under the Credit Facilities, depends on our future performance, which is subject to economic, financial, competitive, and other factors beyond our control, including the factors described in this “Risk Factors” section. Our business may not continue to generate cash flow from operations in the future sufficient to service our debt and make necessary capital expenditures. If we are unable to generate such cash flow, we may be required to adopt one or more alternatives, such as selling assets, restructuring debt, or obtaining additional equity capital on terms that may be onerous or highly dilutive. Our ability to refinance our indebtedness will depend on the capital markets and our financial condition at such time. We may not be able to engage in any of these activities or engage in these activities on desirable terms. In addition, the Credit Facilities and any of our future debt agreements may contain restrictive covenants that prohibit us from adopting any of these alternatives. Any failure to comply with the obligations under any of our debt instruments could result in an event of default under the agreements governing such indebtedness, which, if not cured or waived, could result in the acceleration of our debt. If we are unable to generate sufficient cash flow from our business to service our debt, our results of operations and financial condition could be adversely affected.

 

48


Table of Contents

The terms, conditions, and restrictions contained in the Credit Agreement could expose us to risks that could adversely affect our liquidity and financial condition or otherwise adversely affect our operating results.

At January 15, 2025, we had $1.04 billion of outstanding borrowings under the Term Loan (excluding unamortized issuance costs) and no outstanding borrowings or letters of credit under our Revolving Credit Facility.

The Credit Agreement contains various covenants that, among other things, limit our and certain of our subsidiaries’ abilities to:

 

   

incur additional indebtedness or guarantee indebtedness of others;

 

   

create additional liens on our assets;

 

   

merge, consolidate, or dissolve;

 

   

make loans or investments, including acquisitions;

 

   

sell assets;

 

   

engage in sale and leaseback transactions;

 

   

pay dividends and make other distributions on our capital stock, and redeem and repurchase our capital stock; or

 

   

enter into transactions with affiliates.

The Credit Facilities also contain numerous affirmative covenants, including financial covenants. Our failure to comply with these covenants could result in an event of default, which, if not cured or waived, could result in the acceleration of our debt. Any additional debt that we incur in the future could subject us to similar or additional covenants.

If we experience a decline in cash flow due to any of the factors described in this “Risk Factors” section or otherwise, we could have difficulty paying interest and principal amounts due on our indebtedness and meeting the financial covenants set forth in the Credit Facilities. If we are unable to generate sufficient cash flow or otherwise to obtain the funds necessary to make required payments under the Credit Facilities, or if we fail to comply with the various requirements of our indebtedness, we could default under the Credit Facilities. Any such default could have a material adverse effect on our liquidity and financial condition.

We have a substantial amount of indebtedness, which could adversely affect our financial condition and ability to operate our business.

As of January 15, 2025, we had $1.04 billion of indebtedness outstanding, consisting of our Term Loan (excluding unamortized issuance costs). Our substantial indebtedness, combined with our other financial obligations and contractual commitments, could have important consequences for our business. For example, it could:

 

   

require us to dedicate a substantial portion of our cash flow from operations to payments on our indebtedness, thereby reducing funds available for working capital, capital expenditures, acquisitions, business development, and other purposes;

 

   

compromise our ability to capitalize on business opportunities and to react to competitive pressures, as compared to our competitors, due to our high level of debt and the restrictive covenants in the Credit Agreement;

 

   

limit our flexibility in planning for, or reacting to, changes in our business and the industries in which we operate;

 

   

limit our ability to borrow additional funds, or to dispose of assets to raise funds, if needed, for working capital, capital expenditures, acquisitions, and other corporate purposes; and

 

49


Table of Contents
   

limit our ability to redeem, repurchase, defease, or otherwise acquire or retire for value any subordinated indebtedness we may incur.

These restrictions could adversely affect our financial condition and limit our ability to successfully implement our growth strategy.

In addition, we may need additional financing to support our business and pursue our growth strategy, including for strategic acquisitions. Our ability to obtain additional financing, if and when required, will depend on investor demand, our operating performance, the condition of the capital markets, and other factors. We cannot assure you that additional financing will be available to us on favorable terms when required, or at all. If we raise additional funds through the issuance of equity, equity-linked, or debt securities, those securities may have rights, preferences, or privileges senior to those of our common stock, and, in the case of equity and equity-linked securities, our existing stockholders may experience dilution.

Despite current indebtedness levels, we may incur substantially more indebtedness, which could further exacerbate the risks associated with our substantial indebtedness.

We may incur significant additional indebtedness in the future. We may also consider investments in joint ventures or acquisitions, which may increase our indebtedness. If new debt is added to our current indebtedness levels, the related risks that we face could intensify.

Interest rate fluctuations may have a material adverse effect on our business, results of operations, financial condition, and cash flows.

Indebtedness under the Credit Facilities bears interest at variable rates, and we may incur additional variable interest rate indebtedness in the future. This exposes us to interest rate risk, and any interest rate swaps we enter into in order to reduce interest rate volatility may not fully mitigate our interest rate risk. If interest rates were to increase, our debt service obligations on the variable rate indebtedness would increase even if the amount borrowed remained the same, and our net income and cash flows, including cash available for servicing our indebtedness, would correspondingly decrease.

Risks Related to Laws and Regulations

We will face risks associated with the growth of our business with certain heavily regulated industry verticals.

We market and sell our platform and solutions to customers in heavily regulated industry verticals, including the banking, healthcare, and financial services industries. As a result, we face additional regulatory scrutiny, risks, and burdens from the governmental entities and agencies that regulate those industries. Entering new heavily regulated verticals and expanding in those verticals in which we are already operating will continue to require significant resources to address potential regulatory scrutiny, risks, and burdens, and there is no guarantee that such efforts will be successful or beneficial to us. If we are unable to successfully penetrate these verticals, maintain our market share in such verticals in which we already operate or cost-effectively comply with governmental and regulatory requirements applicable to our activities with customers in such verticals, our business, financial condition, and results of operations may be harmed.

Any actual or perceived failure by us to comply with our privacy policy or legal or regulatory requirements, rules, industry standards, contractual requirements, and other obligations relating to privacy, data protection, and cybersecurity, in one or multiple jurisdictions could result in proceedings, actions, or penalties against us.

Our solutions analyze and otherwise process customer information, including personal information and other information supplied by our customers. Our standard customer agreement prohibits customers from sending

 

50


Table of Contents

to or storing sensitive customer data in our solutions, whether proprietary data, confidential data, sensitive personal data, or otherwise. However, we may enter into agreements with customers with unique terms that allow for certain sensitive customer data to be sent to and stored in our solutions. Further, our customers’ use of data concerning, among others, their employees, contractors, customers, and/or partners is essential to their use of our platform and solutions, and our solutions are not architected in a manner that prevents our customers from submitting or storing sensitive customer data. We have implemented various features intended to enable our customers to better secure their information and comply with applicable privacy and security requirements in their data governance, but these features do not ensure their compliance and may not be effective against all potential privacy and identity security concerns.

A wide variety of domestic and foreign laws, rules and regulations, and contractual requirements apply to the use and processing of proprietary, confidential, and sensitive information, including personal information. These laws, rules, regulations, industry standards, contractual requirements, and other obligations are constantly evolving, and we expect that we will continue to become subject to new proposed laws, rules, regulations, industry standards, contractual requirements, and other obligations in the United States, the EU, the United Kingdom (“UK”) and other jurisdictions.

For example, in the United States, there are numerous federal, state, and local privacy, data protection, and cybersecurity laws, rules, and regulations governing the use and processing of personal data. At the federal level, we are subject to, among other laws, rules, and regulations, the rules and regulations promulgated under the authority of the Federal Trade Commission, which has the authority to regulate and enforce against unfair or deceptive acts or practices in or affecting commerce, including acts and practices with respect to privacy, data protection, and cybersecurity. Moreover, Congress has considered, and continues to consider, many proposals for comprehensive national data privacy and cybersecurity legislation. As another example, at the state level, we are subject to laws, rules, and regulations, such as the California Consumer Privacy Act (as amended by the California Privacy Rights Act (collectively, “CCPA”)), which, amongst other things, requires businesses to provide specific disclosures in privacy notices, implement new operational practices, honor requests from California residents to exercise certain privacy rights (such as the right to access and request deletion of their personal information and to opt out of certain sharing and sales of personal information) and provides for civil penalties of up to $7,500 per violation, as well as a private right of action for certain data breaches that may increase the likelihood of and risks associated with data breach litigation. Many other states have also enacted, or are in the process of enacting, comprehensive privacy, data protection, and cybersecurity laws, rules, and regulations that share similarities with the CCPA, which creates the potential for a patchwork of overlapping but different state laws. In addition, all 50 states have laws that require the provision of notification for security breaches of personal information to affected individuals, state officers, or others. Possible consequences for non-compliance with these various state laws include enforcement actions in response to rules and regulations promulgated under the authority of federal agencies, state attorneys general, and legislatures and consumer protection agencies.

Outside of the United States, an increasing number of laws, rules, regulations, and industry standards apply to privacy, data protection, and cybersecurity. For example, we are subject to the GDPR in the EU, and in the UK, we are subject to the UK’s Data Protection Act 2018 as supplemented by the GDPR as implemented into UK law (collectively, “UK GDPR”), both of which impose similar, stringent data protection requirements. The GDPR and UK GDPR are wide-ranging in scope and impose numerous additional requirements on companies that process personal data, including imposing special requirements in respect of the processing of personal data, requiring that consent of individuals to whom the personal data relates is obtained in certain circumstances, requiring additional disclosures to individuals regarding data processing activities, requiring that safeguards are implemented to protect the security and confidentiality of personal data, creating mandatory data breach notification requirements in certain circumstances, and requiring that certain measures (including contractual requirements) are put in place when engaging third-party processors. The GDPR and UK GDPR also provide individuals with various rights in respect of their personal data, including rights of access, erasure, portability, rectification, restriction, and objection. Failure to comply with the GDPR and the UK GDPR can result in

 

51


Table of Contents

significant fines and other liability, including fines of up to EUR 20 million (or GBP 17.5 million under the UK GDPR) or four percent of global revenue, whichever is greater. European data protection authorities have shown a willingness to impose significant fines and issue orders preventing the processing of personal data on non-compliant businesses and have already imposed fines for GDPR violations up to, in some cases, hundreds of millions of Euros. While the UK GDPR currently imposes substantially the same obligations as the GDPR, the UK GDPR will not automatically incorporate changes to the GDPR going forward (which would need to be specifically incorporated by the UK government). Moreover, the UK government has publicly announced plans to reform the UK GDPR in ways that, if formalized, are likely to deviate from the GDPR, all of which creates a risk of divergent parallel regimes and related uncertainty, along with the potential for increased compliance costs and risks for affected businesses. Legal developments in the European Economic Area (“EEA”) and the UK, including rulings from the Court of Justice of the European Union (“CJEU”), have also created complexity and uncertainty regarding processing and transfers of personal data from the EEA and the UK to the United States and other so-called third countries outside the EEA and the UK that have not been determined by the relevant data protection authorities to provide an adequate level of protection for privacy rights. Case law from the CJEU indicates that reliance on the standard contractual clauses—a standard form of contract approved by the European Commission as an adequate personal data transfer mechanism—alone may not necessarily be sufficient in all circumstances and that transfers must be assessed on a case-by-case basis. In July 2023, the European Commission adopted an adequacy decision in relation to the new EU-U.S. Data Privacy Framework (“DPF”) rendering the DPF effective as a GDPR transfer mechanism for personal data transferred from the EEA to the United States by U.S. entities self-certified under the DPF. In October 2023, the UK Extension to the DPF came into effect, as approved by the UK government, as a data transfer mechanism from the UK to U.S. entities self-certified under the DPF. While we have taken steps to mitigate the impact on us, such as implementing the European Commission’s standard contractual clauses, the efficacy and longevity of these mechanisms remains uncertain. Other jurisdictions outside the EU and the UK are similarly introducing or enhancing privacy, data protection, and cybersecurity laws, rules, and regulations, which could increase our compliance costs and the risks associated with noncompliance. We cannot yet fully determine the impact these or future laws, rules, and regulations may have on our business or operations. These laws, rules, and regulations may be inconsistent from one jurisdiction to another, subject to differing interpretations, and may be interpreted to conflict with our practices. While we have implemented controls and procedures designed to comply with the requirements of the privacy, data protection, and cybersecurity laws, rules, and regulations of the jurisdictions in which we operate, such controls and procedures may not be effective in ensuring compliance or preventing unauthorized transfers of personal information. Failure to comply with such requirements could result in fines, sanctions, or other penalties, which could materially affect our reputation, business, financial condition, and results of operations.

These and other applicable data protection and privacy-related laws and regulations are evolving and may result in regulatory and public scrutiny and escalating levels of enforcement and sanctions. See “Business—Government Regulations” for more information. Our failure to comply with contractual obligations or applicable laws and regulations, or to protect any personal or other customer data, could result in enforcement actions against us, including regulatory fines or other civil or criminal liability, as well as claims for damages, contractual or otherwise, by customers and other affected individuals, damage to our reputation, and loss of goodwill (both in relation to existing customers and prospective customers), any of which could adversely affect our business, operating results, financial performance, and prospects.

In addition, we are subject to certain contractual obligations and have made privacy commitments, including in privacy policies and customer data processing agreements, regarding our use and processing of personal data. As a company that supports customer privacy and security objectives, even the perception of a failure by us to comply with our privacy commitments, whether or not valid, may harm our reputation, inhibit adoption of our solutions by current and future customers, or adversely impact our ability to attract and retain workforce talent. Additionally, a failure or perceived failure to comply with privacy commitments could lead to regulator or civil claims if our commitments are found to be deceptive or otherwise misrepresentative of our actual policies and practices.

 

52


Table of Contents

Loss, retention, or misuse of certain information and alleged violations of laws and regulations relating to privacy and data security, and any relevant claims, may expose us to potential liability and may require us to expend significant resources on identity security and in responding to and defending such allegations and claims. Any failure or perceived failure by us or any third parties with which we do business to comply with laws, rules, regulations, industry standards, contractual requirements, or other actual or asserted obligations to which we or such third parties are or may become subject may result in significant liability, adverse publicity, inability to process data, and investigations, proceedings, and other legal actions against us by governmental entities and private claims, demands, and litigation. Any such action or other matter could be expensive to defend, may require the expenditure of substantial legal and other costs and substantial time and resources, may result in fines, penalties, or other liabilities, and likely would damage our reputation and adversely affect our business, financial condition, and results of operations. We may in the future be party to such actions and disputes. In many jurisdictions, enforcement actions and consequences for non-compliance with privacy, data protection, and cybersecurity laws, rules, regulations, industry standards, contractual requirements, or other obligations are rising. Data subjects may also have a private right of action, as well as consumer associations, to lodge complaints with supervisory authorities, seek judicial remedies, and obtain compensation for damages resulting from violations of applicable privacy, data protection, and cybersecurity laws, rules, and regulations. In addition, privacy advocates and industry groups have regularly proposed, and may propose in the future, self-regulatory standards that may legally or contractually apply to us or be alleged to apply to us. If we fail or are alleged to fail to follow these standards, even if no personal information is compromised, we may incur significant fines or experience a significant increase in costs and face regulatory investigations and other proceedings or private claims, demands, and litigation. In addition, future laws, regulations, standards, and other obligations, and changes in the interpretation of existing laws, regulations, standards, and other obligations, could impair our customers’ ability to collect, use, or disclose data relating to individuals, which could decrease demand for our platform and solutions, increase our costs, and impair our ability to maintain and grow our customer base and increase our revenue. This includes evolutions in definitions of what constitutes “Personal Information” and “Personal Data” subject to privacy laws, especially relating to classification of intellectual property addresses, machine or device identification numbers, location data and other information. Changes in the law may limit or inhibit our ability to offer certain solutions or features, limit the growth of features and/or development of new solutions, including that supported by AI or ML, or limit our ability to operate or expand our business and develop technology alliance relationships that may involve the sharing of data.

Around the world, there are numerous lawsuits in process against various technology companies that process personal data. If those lawsuits are successful, it could increase the likelihood that our company may be exposed to liability for our own policies and practices concerning the processing of personal data and could hurt our business. Furthermore, the costs of compliance with, and other burdens imposed by laws, regulations, and policies concerning privacy and identity security that are applicable to the businesses of our customers may limit the use and adoption of our platform or solutions and reduce overall demand for them. Privacy concerns, whether or not valid, may inhibit market adoption of our solutions. Additionally, concerns about security or privacy may result in the adoption of new legislation that restricts the implementation of technologies like ours or requires us to make modifications to our solutions, which could significantly limit the adoption and deployment of our technologies or result in significant expense to modify our solutions.

We publicly post our privacy policies and practices concerning our processing, use, and disclosure of the personally identifiable information provided to us by our website visitors. Our publication of our privacy policies and other statements we publish that provide promises and assurances about privacy and security can subject us to potential state, federal, and international action if they are found to be deceptive or misrepresentative of our actual policies and practices or if our practices are found to be unfair.

Regulatory and legislative developments related to the use of AI could adversely affect our use of such technologies in our solutions and business.

We use AI throughout our business. As the regulatory framework for AI and automated decision making evolves, our business, financial condition, and results of operations may be adversely affected. The regulatory

 

53


Table of Contents

framework for AI and similar technologies and automated decision making is changing rapidly. It is possible that new laws and regulations will be adopted in the United States and in non-U.S. jurisdictions or that existing laws and regulations may be interpreted in ways that would affect the operation of our solutions and the way in which we use AI and similar technologies. We may not be able to adequately anticipate or respond to these evolving laws and regulations, and we may need to expend additional resources to adjust our offerings in certain jurisdictions if applicable legal frameworks are inconsistent across jurisdictions. In addition, because these technologies are themselves highly complex and rapidly developing, it is not possible to predict all of the legal or regulatory risks that may arise relating to our use of such technologies. Further, the cost to comply with such laws or regulations could be significant and could increase our operating expenses, which would adversely affect our business, financial condition, and results of operations.

For example, in August 2024, the EU Artificial Intelligence Act (the “AI Act”), which establishes broad obligations for the development and use of AI-based technologies in the EU based on their potential risks and level of impact, came into force. This framework categorizes AI systems, based on the risks associated with such AI systems’ intended purposes, as creating unacceptable or high risks, with all other AI systems being considered low risk. Furthermore, the AI Act includes requirements around transparency, conformity assessments and monitoring, risk assessments, human oversight, security, accuracy, general purpose AI, and foundation models, and provides for fines of up to the greater of €35 million or 7% of worldwide annual turnover for violations. There is a risk that our current or future AI-powered solutions may obligate us to comply with the applicable requirements of the AI Act, which may impose additional costs on us, increase our risk of liability, or adversely affect our business. For example, the AI Act prohibits certain uses of AI systems and places numerous obligations on providers and deployers of permitted AI systems, with heightened requirements based on AI systems that are considered high risk. This regulatory framework is expected to have a material impact on the way AI is regulated in the EU and beyond, and, together with developing regulatory guidance and judicial decisions in this area, may affect our use of AI and our ability to provide and to improve our solutions, require additional compliance measures and changes to our operations and processes, result in increased compliance costs and potential increases in civil claims against us, and could adversely affect our business, financial condition, and results of operations.

Failure to comply with anti-bribery, anti-corruption, and anti-money laundering laws could subject us to penalties and other adverse consequences.

We are subject to the Foreign Corrupt Practices Act (the “FCPA”), the U.K. Bribery Act, and other anti-corruption, anti-bribery, and anti-money laundering laws in various jurisdictions both domestic and abroad. The FCPA prohibits any U.S. individual or business from paying, offering, authorizing payment, or offering of anything of value, directly or indirectly, to any foreign official, political party, or candidate for the purpose of influencing any act or decision of the foreign entity in order to assist the individual or business in obtaining or retaining business. The U.K. Bribery Act is similar but even broader in scope in that it prohibits bribery of private (non-government) persons as well. The FCPA also obligates companies whose securities are listed in the United States to comply with certain accounting provisions requiring the company to maintain books and records that accurately and fairly reflect all transactions of the corporation, including international subsidiaries, and to devise and maintain an adequate system of internal accounting controls for international operations. Our sales model presents some risk under these laws. We leverage third parties, including channel partners, to sell our solutions and conduct our business abroad. We and our third-party intermediaries may have direct or indirect interactions with officials and employees of government agencies, state-owned or affiliated entities, and non-governmental commercial entities and may be held liable for the corrupt or other illegal activities of these third-party intermediaries, our employees, representatives, contractors, channel partners, and agents, even if we do not explicitly authorize such activities. While we have policies and procedure to address compliance with these laws, we cannot assure you that all of our employees and agents will not take actions in violation of our policies and applicable law, for which we may be ultimately held responsible. Noncompliance with these laws could subject us to investigations, sanctions, settlements, prosecution, other enforcement actions, disgorgement of profits, significant fines, damages, other civil and criminal penalties or injunctions, adverse media coverage,

 

54


Table of Contents

and other consequences. Any investigations, actions, or sanctions could adversely affect our business, operating results, and financial condition.

We are subject to governmental export controls and economic sanctions laws that could impair our ability to compete in international markets and subject us to liability if we are not in full compliance with applicable laws.

Our business activities are subject to various restrictions under U.S. export controls and trade and economic sanctions laws, including the U.S. Commerce Department’s Export Administration Regulations and economic and trade sanctions regulations maintained by the U.S. Treasury Department’s Office of Foreign Assets Control. The U.S. export control laws and U.S. economic sanctions laws include prohibitions on the sale or supply of certain products and services to U.S. embargoed or sanctioned countries, governments, persons, and entities and also require authorization for the export of encryption items. We are also subject to Israeli export controls on encryption technology for our platform and identity security solutions. If the applicable U.S. or Israeli requirements regarding export of encryption technology were to change or if we change the encryption means in our solutions, we may need to satisfy additional requirements in the United States or Israel. There can be no assurance that we will be able to satisfy any additional requirements under these circumstances in either the United States or Israel.

In addition, various countries regulate the import of certain encryption technology, including through import permitting and licensing requirements, and have enacted laws that could limit our ability to distribute our solutions or could limit our customers’ ability to implement our solutions in those countries. Although we take precautions to prevent our solutions from being provided in violation of such laws, our solutions may have been in the past, and could in the future be, provided inadvertently in violation of such laws, despite the precautions we take. If we fail to comply with these laws and regulations, we and certain of our employees could be subject to civil or criminal penalties, including the possible loss of export privileges and monetary penalties. Obtaining the necessary authorizations, including any required license, for a particular transaction may be time-consuming, is not guaranteed, and may result in the delay or loss of sales opportunities. Although we take precautions to prevent transactions with U.S. sanction targets, we could inadvertently provide our solutions to persons prohibited by U.S. sanctions. This could result in negative consequences to us, including government investigations, penalties, and harm to our reputation.

Our corporate structure and intercompany arrangements are subject to the tax laws of various jurisdictions, and we could be obligated to pay additional taxes, which would harm our operating results.

Based on our current corporate structure, we may be subject to taxation in several jurisdictions around the world with increasingly complex tax laws, the application of which can be uncertain. The amount of taxes we pay in these jurisdictions could increase substantially as a result of changes in the applicable tax principles, including increased tax rates, new tax laws, or revised interpretations of existing tax laws and precedents. In addition, the authorities in these jurisdictions could challenge our methodologies for valuing developed technology or intercompany arrangements, including our transfer pricing. The relevant taxing authorities may determine that the manner in which we operate our business does not achieve the intended tax consequences. If such a disagreement were to occur, and our position were not sustained, we could be required to pay additional taxes, interest, and penalties. Such authorities could claim that various withholding requirements apply to us or our subsidiaries or assert that benefits of tax treaties are not available to us or our subsidiaries. Any increase in the amount of taxes we pay or that are imposed on us could increase our worldwide effective tax rate and adversely affect our business and operating results.

Our ability to use net operating losses and other tax attributes to offset future taxable income may be subject to certain limitations.

Our U.S. federal and state net operating loss (“NOLs”) carryforwards and certain other tax credits may be subject to limitations under Section 382 and Section 383 of the Internal Revenue Code of 1986, as amended (the

 

55


Table of Contents

“Code”), respectively, and similar provisions of state law. Under those sections of the Code, a corporation that undergoes an “ownership change,” generally defined as a greater than 50% change (by value) in its equity ownership over a three-year period, is subject to limitations on its ability to utilize its pre-change NOLs and other pre-change tax attributes, such as research tax credits, to offset future taxable income or taxes. Our existing NOLs may be subject to limitations arising from previous ownership changes, and if we undergo an ownership change in connection with or after this offering, our ability to utilize NOLs and other tax attributes could be further limited by Sections 382 and 383 of the Code. In addition, future changes in our stock ownership, many of which are outside of our control, could result in an ownership change under Sections 382 and 383 of the Code. “Ownership changes” that have occurred in the past or that may occur in the future, including in connection with this offering, could result in the imposition of an annual limit on the amount of pre-ownership change NOLs and other tax attributes we can use to reduce taxable income, potentially increasing and accelerating our liability for income taxes, and also potentially causing those tax attributes to expire unused.

We function as a HIPAA “business associate” or service provider for certain of our customers and, as such, are subject to strict privacy and data security requirements. If we fail to comply with any of these requirements, or applicable requirements under state health information laws, we could be subject to significant liability, which can adversely affect our business as well as our ability to attract and retain new customers.

The Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act (“HITECH”), and their respective implementing regulations (collectively referred to as “HIPAA”), imposes specified requirements relating to the privacy, security, and transmission of individually identifiable health information, including “protected health information” (“PHI”) under HIPAA. HIPAA requires, among other things, that “covered entities” and their business associates maintain reasonable and appropriate administrative, physical, and technical safeguards to protect PHI. Additionally, business associates are required to assist covered entities with various requirements under HIPAA, including reporting certain breaches, security incidents, or other unauthorized uses or disclosures of PHI to individuals, the Department of Health and Human Services (“HHS”) Office for Civil Rights, and the media, depending on the extent of the disclosure. We may function as a business associate for certain of our customers that are HIPAA covered entities and service providers, and in that context we are regulated as a business associate for the purposes of HIPAA.

If we are unable to comply with our obligations under HIPAA as a business associate, we could face substantial civil or criminal liability or other regulatory action. HITECH also gave state attorneys general authority to file civil actions for damages or injunctions in federal courts to enforce the federal HIPAA laws and seek attorneys’ fees and costs associated with pursuing federal civil actions. Furthermore, the HIPAA-covered entities and service providers to which we provide solutions require us to enter into HIPAA-compliant business associate agreements with them. These agreements impose stringent data security obligations on us. If we are unable to meet the requirements of any of these business associate agreements, we could face contractual liability, as well as possible civil and criminal liability under HIPAA, all of which can have an adverse impact on our business and generate negative publicity, which, in turn, can have an adverse impact on our ability to attract and retain new customers.

In addition, many state laws govern the privacy and security of health information in certain circumstances, including having passed privacy legislation to cover consumer health data and sensitive data. These laws may differ from other state privacy requirements, including in the way such laws are interpreted and enforced by state regulatory authorities, and may be more stringent than HIPAA. Under these state laws, states may impose fines or penalties for violations and, depending on the state, may allow a private right of action for individuals who believe their information has been inappropriately used or disclosed, including from a security incident or breach. Additionally, many state attorneys general and the Federal Trade Commission have interpreted existing consumer protection laws to impose standards on the privacy, security, use, transfer, disclosure, disposal, and other treatment of an individual’s information, including health information.

 

56


Table of Contents

Increased and complex scrutiny of environmental, social, and governance (“ESG”) matters may require us to incur additional costs or otherwise adversely impact our business.

Increased attention to climate change, diversity, equity, and inclusion, and other ESG issues, as well as societal expectations regarding voluntary ESG initiatives and disclosures, may result in increased costs (including but not limited to increased costs related to compliance, stakeholder engagement, and contracting), impact our reputation or otherwise affect our business performance. In addition, organizations that provide information to investors on corporate governance and related matters have developed ratings processes for evaluating companies on ESG matters. Such ratings are used by some investors to inform their investment or voting decisions. Unfavorable ESG ratings could lead to negative investor sentiment toward us and/or our industry, which could have a negative impact on our access to and costs of capital. To the extent ESG matters negatively impact our reputation, we may also not be able to compete as effectively to recruit or retain employees. We may take certain actions, including the establishment of ESG-related goals or targets, to improve our ESG profile and/or respond to stakeholder demand; however, such actions may be costly or be subject to numerous conditions that are outside our control, and we cannot guarantee that such actions will have the desired effect.

Moreover, while we may create and publish voluntary disclosures regarding ESG matters from time to time, many of the statements in those voluntary disclosures are based on hypothetical expectations and assumptions that may or may not be representative of current or actual risks or events or forecasts of expected risks or events, including the costs associated therewith. Such expectations and assumptions are necessarily uncertain and may be prone to error or subject to misinterpretation given the long timelines involved and the lack of an established single approach to identifying, measuring, and reporting on many ESG matters. Such disclosures may also be at least partially reliant on third-party information that we have not independently verified or cannot be independently verified. In addition, we expect there will likely be increasing levels of regulation, disclosure-related and otherwise, with respect to ESG matters, and increased regulation will likely lead to increased compliance costs as well as scrutiny that could heighten all of the risks identified in this risk factor. Such ESG matters may also impact our customers, which may adversely impact our business, financial condition, or results of operations.

Risks Related to This Offering and Ownership of Our Common Stock

The requirements of being a public company, including compliance with the reporting requirements of the Exchange Act and the requirements of the Sarbanes-Oxley Act, may strain our resources, increase our costs, and distract management, and we may be unable to comply with these requirements in a timely or cost-effective manner.

As a public company, we will need to comply with new laws, regulations, and requirements, certain corporate governance provisions of the Sarbanes-Oxley Act, related regulations of the SEC, and the requirements of Nasdaq, with which we are not required to comply as a private company. Complying with these statutes, regulations, and requirements will occupy a significant amount of time of our board of directors and management and will significantly increase our costs and expenses. We will need to:

 

   

institute a more comprehensive compliance function;

 

   

comply with rules promulgated by Nasdaq;

 

   

continue to prepare and distribute periodic public reports in compliance with our obligations under the federal securities laws;

 

   

establish new internal policies, such as those relating to insider trading; and

 

   

involve and retain to a greater degree outside counsel and accountants in the above activities.

Furthermore, we will be required, pursuant to Section 404 of the Sarbanes-Oxley Act, to furnish a report by management on, among other things, the effectiveness of our internal control over financial reporting as of the

 

57


Table of Contents

end of the fiscal year that coincides with the filing of our second Annual Report on Form 10-K. This assessment will need to include disclosure of any material weaknesses identified by our management in our internal control over financial reporting. We will also be required to disclose changes made in our internal control and procedures on a quarterly basis. Our independent registered public accounting firm will not be required to report on the effectiveness of our internal control over financial reporting pursuant to Section 404 of the Sarbanes-Oxley Act until our second annual report required to be filed with the SEC. At such time, our independent registered public accounting firm may issue a report that is adverse in the event it is not satisfied with the level at which our controls are documented, designed, or operating.

In addition, we expect that being a public company subject to these rules and regulations may make it more difficult and more expensive for us to obtain director and officer liability insurance, and we may be required to accept reduced policy limits and coverage or incur substantially higher costs to obtain the same or similar coverage. As a result, it may be more difficult for us to attract and retain qualified individuals to serve on our board of directors or as executive officers. We are currently evaluating these rules, and we cannot predict or estimate the amount of additional costs we may incur or the timing of such costs.

In addition, we are implementing a new enterprise resource planning (“ERP”) system. The ERP system is intended to combine and streamline the management of our financial, accounting, human resources, sales and marketing, and other functions, enabling it to manage operations and track performance more effectively. Any disruptions or difficulties in implementing or using the ERP system could adversely affect our controls and harm our business, financial condition, and results of operations, including our ability to forecast our business and collect receivables. Moreover, such disruption or difficulties could result in unanticipated costs and diversion of management attention.

There is currently no public trading market for our common stock, and an active trading market may not develop or be sustained following this offering.

We have applied for the listing of our common stock on Nasdaq under the symbol “SAIL.” However, there is currently no public trading market for our common stock. We cannot assure you that an active trading market for our common stock will develop on such exchange or elsewhere or, if developed, that any market will be sustained. Accordingly, we cannot assure you of the liquidity of any trading market, your ability to sell your shares of our common stock when desired, or the prices that you may obtain for your shares of our common stock.

Participation in this offering by the cornerstone investors could reduce the public float for our shares of common stock.

The cornerstone investors have, severally and not jointly, indicated an interest in purchasing up to an aggregate of 20% of the shares of common stock in this offering (excluding the underwriters’ option to purchase additional shares) at the initial public offering price. The shares of common stock to be purchased by the cornerstone investors will not be subject to a lock-up agreement with the underwriters. Because these indications of interest are not binding agreements or commitments to purchase, the cornerstone investors may determine to purchase more, less, or no shares in this offering or the underwriters may determine to sell more, less, or no shares to the cornerstone investors. The underwriters will receive the same discount on any shares of common stock purchased by the cornerstone investors as they will from any other shares of common stock sold to the public in this offering. If one or more of the cornerstone investors are allocated all or a portion (or more) of the shares of common stock in which they have indicated an interest in purchasing in this offering, and purchase any such shares, such purchase could reduce the available public float for our shares of common stock if the cornerstone investors hold such shares of common stock long term.

 

58


Table of Contents

The trading price of our common stock could be volatile, which could cause the value of your investment to decline.

Technology stocks have historically experienced high levels of volatility. The trading price of our common stock following this offering may fluctuate substantially. Following the completion of this offering, the market price of our common stock may be higher or lower than the price you pay in the offering, depending on many factors, some of which are beyond our control and may not be related to our operating performance. These fluctuations could cause you to lose all or part of your investment in our common stock. Factors that could cause fluctuations in the trading price of our common stock include the following:

 

   

announcements of new solutions, products, or technologies, commercial relationships, acquisitions, or other events by us or our competitors;

 

   

changes in how customers perceive the benefits of our solutions;

 

   

shifts in the mix of revenue attributable to SaaS subscriptions from quarter to quarter;

 

   

departures of key personnel;

 

   

price and fluctuations in the overall stock market from time to time;

 

   

fluctuations in the trading volume of our shares or the size of our public float;

 

   

sales of large blocks of our common stock;

 

   

actual or anticipated changes or fluctuations in our operating results;

 

   

whether our operating results meet the expectations of securities analysts or investors;

 

   

changes in actual or future expectations of investors or securities analysts;

 

   

litigation involving us, our industry, or both;

 

   

regulatory developments in the United States, foreign countries, or both;

 

   

general economic conditions and trends;

 

   

major catastrophic events in our domestic and foreign markets; and

 

   

“flash crashes,” “freeze flashes,” or other glitches that disrupt trading on the securities exchange on which we are listed.

In addition, if the market for technology stocks or the stock market in general experiences a loss of investor confidence, the trading price of our common stock could decline for reasons unrelated to our business, operating results, or financial condition. The trading price of our common stock might also decline in reaction to events that affect other companies in our industry even if these events do not directly affect us. In the past, following periods of volatility in the trading price of a company’s securities, securities class action litigation has often been brought against that company. If our stock price is volatile, we may become the target of securities litigation. Securities litigation could result in substantial costs and divert our management’s attention and resources from our business. This could have an adverse effect on our business, operating results, and financial condition.

If securities analysts or industry analysts were to downgrade our stock, publish negative research or reports, or fail to publish reports about our business, our competitive position could suffer and our stock price and trading volume could decline.

The trading market for our common stock will, to some extent, depend on the research and reports that securities or industry analysts publish about us or our business. We do not have any control over these analysts. If one or more of the analysts who cover us should downgrade our stock or publish negative research or reports, cease coverage of our company, or fail to regularly publish reports about our business, our competitive position could suffer and our stock price and trading volume could decline.

 

59


Table of Contents

Investors in this offering will experience immediate and substantial dilution of $20.63 per share.

Based on an assumed initial public offering price of $20.00 per share (the midpoint of the estimated price range set forth on the cover of this prospectus), purchasers of our common stock in this offering will experience an immediate and substantial dilution of $20.63 per share in the pro forma as adjusted net tangible book value per share of common stock from the initial public offering price, and our pro forma as adjusted net tangible book value as of January 15, 2025, after giving effect to this offering, would be $(0.63) per share. This dilution is due in large part to earlier investors having paid substantially less than the initial public offering price when they purchased their shares. See the section titled “Dilution” below.

Sales of substantial amounts of our common stock in the public markets, or the perception that such sales could occur, could reduce the market price of our common stock.

Sales of a substantial number of shares of our common stock in the public market after this offering, or the perception that such sales could occur, could adversely affect the market price of our common stock and may make it more difficult for you to sell your common stock at a time and price that you deem appropriate. Based on the total number of outstanding shares of our common stock as of January 15, 2025, upon completion of this offering, we will have approximately 546,560,464 shares of common stock outstanding. All of the shares of common stock sold in this offering will be freely tradable without restrictions or further registration under the Securities Act of 1933, as amended (the “Securities Act”), except for any shares held by our “affiliates” as defined in Rule 144 under the Securities Act.

Subject to certain exceptions described in the section titled “Underwriting,” Thoma Bravo, the selling stockholders, and each of our directors and executive officers, which together represent substantially all of our outstanding shares of common stock, have entered into lock-up agreements, and we have agreed to enter into an underwriting agreement containing a lock-up provision (each, a “Lock-Up Agreement”) with the underwriters of this offering pursuant to which we and they have agreed or will agree that, subject to certain exceptions, we and they will not dispose of or hedge any shares or any securities convertible into or exchangeable for shares of our common stock for a period of 180 days after the date of this prospectus. See the section titled “Underwriting” and “Shares Eligible for Future Sale” for more information. Sales of a substantial number of such shares upon expiration of, or the perception that such sales may occur, or early release of the securities subject to, the Lock-Up Agreements, could cause our stock price to fall or make it more difficult for you to sell your common stock at a time and price that you deem appropriate.

Our issuance of additional capital stock in connection with financings, acquisitions, investments, our stock incentive plans, or otherwise will dilute all other stockholders.

We may issue additional capital stock in the future that will result in dilution to all other stockholders. We may also raise capital through equity financings in the future. As part of our business strategy, we may acquire or make investments in complementary companies, products, or technologies and issue equity securities to pay for any such acquisition or investment. Any such issuances of additional capital stock may cause stockholders to experience significant dilution of their ownership interests and the per share value of our common stock to decline.

Management will have broad discretion over the use of our proceeds from this offering.

The principal purposes of this offering include increasing our capitalization and financial flexibility, creating a public market for our stock, thereby enabling access to the public equity markets by our employees and stockholders, obtaining additional capital, and increasing our visibility in the marketplace. We intend to use our net proceeds from this offering for general corporate purposes, including working capital, operating expenses, and capital expenditures, and to repay indebtedness. See “Use of Proceeds.” We cannot specify with certainty the particular uses of our net proceeds to us from this offering. Accordingly, we will have broad

 

60


Table of Contents

discretion in using our proceeds and might not be able to obtain a significant return, if any, on investment of our net proceeds. Investors in this offering will need to rely upon the judgment of our management with respect to the use of our proceeds. If we do not use our net proceeds from this offering effectively, our business, operating results, and financial condition could be harmed.

We do not intend to pay dividends on our common stock and, consequently, your ability to achieve a return on your investment will depend on appreciation in the price of our common stock.

We have never declared or paid any dividends on our common stock. We intend to retain any earnings to finance the operation and expansion of our business, and we do not anticipate paying any cash dividends in the foreseeable future. As a result, you may only receive a return on your investment in our common stock if the market price of our common stock increases.

Provisions of our corporate governance documents could make an acquisition of us more difficult and may prevent attempts by our stockholders to replace or remove our current management, even if beneficial to our stockholders.

Our certificate of incorporation and bylaws to be effective at or prior to the consummation of this offering and the Delaware General Corporation Law (the “DGCL”) will contain provisions that could make it more difficult for a third party to acquire us, even if doing so might be beneficial to our stockholders. Among other things:

 

   

these provisions allow us to authorize the issuance of undesignated preferred stock, the terms of which may be established and the shares of which may be issued without stockholder approval, and which may include supermajority voting, special approval, dividend, or other rights or preferences superior to the rights of stockholders;

 

   

these provisions provide for a classified board of directors with staggered three-year terms;

 

   

these provisions provide that, at any time when Thoma Bravo controls, in the aggregate, less than 40% in voting power of our stock entitled to vote generally in the election of directors, directors may only be removed for cause and only by the affirmative vote of holders of at least 66 2/3% in voting power of all the then-outstanding shares of our stock entitled to vote thereon, voting together as a single class;

 

   

these provisions prohibit stockholder action by written consent from and after the date on which Thoma Bravo controls, in the aggregate, less than 35% in voting power of our stock entitled to vote generally in the election of directors;

 

   

these provisions provide that for as long as Thoma Bravo controls, in the aggregate, at least 50% in voting power of our stock entitled to vote generally in the election of directors, any amendment, alteration, or repeal of our bylaws by our stockholders will require the affirmative vote of a majority in voting power of the outstanding shares of our capital stock and at any time when Thoma Bravo controls, in the aggregate, less than 50% in voting power of all outstanding shares of our stock entitled to vote generally in the election of directors, any amendment, alteration, or repeal of our bylaws by our stockholders will require the affirmative vote of the holders of at least 66 2/3% in voting power of all the then-outstanding shares of our stock entitled to vote thereon, voting together as a single class; and

 

   

these provisions establish advance notice requirements for nominations for elections to our Board or for proposing matters that can be acted upon by stockholders at stockholder meetings; provided, however, at any time when Thoma Bravo controls, in the aggregate, at least 10% in voting power of our stock entitled to vote generally in the election of directors, such advance notice procedure will not apply to Thoma Bravo.

We will opt out of Section 203 of the DGCL, which generally prohibits a Delaware corporation from engaging in any of a broad range of business combinations with any interested stockholder for a period of three

 

61


Table of Contents

years following the date on which the stockholder became an interested stockholder. However, our certificate of incorporation to be effective at or prior to the consummation of this offering will contain a provision that provides us with protections similar to Section 203 and will prevent us from engaging in a business combination with a person (excluding Thoma Bravo and any of their direct or indirect transferees and any group as to which such persons are a party) who acquires at least 15% of our common stock for a period of three years from the date such person acquired such common stock, unless board or stockholder approval is obtained prior to the acquisition. These provisions could discourage, delay, or prevent a transaction involving a change in control of our company. These provisions could also discourage proxy contests and make it more difficult for you and other stockholders to elect directors of your choosing and cause us to take other corporate actions you desire, including actions that you may deem advantageous, or negatively affect the trading price of our common stock. In addition, because our Board is responsible for appointing the members of our management team, these provisions could in turn affect any attempt by our stockholders to replace current members of our management team.

These and other provisions in our certificate of incorporation, bylaws, and Delaware law could make it more difficult for stockholders or potential acquirers to obtain control of our Board or initiate actions that are opposed by our then-current Board, including actions to delay or impede a merger, tender offer, or proxy contest involving our company. The existence of these provisions could negatively affect the price of our common stock and limit opportunities for you to realize value in a corporate transaction.

Thoma Bravo controls us, and its interests may conflict with ours or yours in the future.

Immediately following this offering, assuming an offering size as set forth in “Prospectus Summary—The Offering,” participation in this offering as set forth in “Principal and Selling Stockholders,” and an initial public offering price of $20.00 (the midpoint of the estimated price range set forth on the cover page of this prospectus), investment entities affiliated with Thoma Bravo will control approximately 88.5% of the voting power of our outstanding common stock, or 87.3% if the underwriters exercise their option to purchase additional shares in full, which means that, based on its percentage voting power controlled after the offering, Thoma Bravo will control the vote of all matters submitted to a vote of our stockholders. This control will enable Thoma Bravo to control the election of the members of the Board and all other corporate decisions. Even when Thoma Bravo ceases to control a majority of the total voting power, for so long as Thoma Bravo continues to own a significant percentage of our common stock, Thoma Bravo will still be able to significantly influence the composition of our Board and the approval of actions requiring stockholder approval. Accordingly, for such period of time, Thoma Bravo will have significant influence with respect to our management, business plans, and policies, including the appointment and removal of our officers, decisions on whether to raise future capital, and amending our charter and bylaws, which govern the rights attached to our common stock. In particular, for so long as Thoma Bravo continues to own a significant percentage of our common stock, Thoma Bravo will be able to cause or prevent a change of control of us or a change in the composition of our Board and could preclude any unsolicited acquisition of us. The concentration of ownership could deprive you of an opportunity to receive a premium for your shares of common stock as part of a sale of us and ultimately might affect the market price of our common stock.

In addition, in connection with this offering, we will enter into a Director Designation Agreement with Thoma Bravo that provides it the right to designate: (i) all of the nominees for election to our Board for so long as Thoma Bravo beneficially owns 40% or more of the Original Amount; (ii) a number of nominees for election to our Board (rounded up to the nearest whole number) equal to 40% of the total directors for so long as Thoma Bravo beneficially owns at least 30% and less than 40% of the Original Amount; (iii) a number of nominees for election to our Board (rounded up to the nearest whole number) equal to 30% of the total directors for so long as Thoma Bravo beneficially owns at least 20% and less than 30% of the Original Amount; (iv) a number of nominees for election to our Board (rounded up to the nearest whole number) equal to 20% of the total directors for so long as Thoma Bravo beneficially owns at least 10% and less than 20% of the Original Amount; and (v) one nominee for election to our Board for so long as Thoma Bravo beneficially owns at least 5% of the Original Amount. The Director Designation Agreement will also provide that Thoma Bravo may assign such right to an affiliate. The Director Designation Agreement will prohibit us from increasing or decreasing the size of our Board without the prior written consent of Thoma Bravo. See “Certain Relationships and Related Party

 

62


Table of Contents

Transactions—Related Party Transactions—Director Designation Agreement” for more details with respect to the Director Designation Agreement.

Thoma Bravo and its affiliates engage in a broad spectrum of activities, including investments in our industry generally. In the ordinary course of their business activities, Thoma Bravo and its affiliates may engage in activities where their interests conflict with our interests or those of our other stockholders, such as investing in or advising businesses that directly or indirectly compete with certain portions of our business or are suppliers or customers of ours. Our certificate of incorporation to be effective at or prior to the consummation of this offering will provide that none of Thoma Bravo, any of its affiliates, or any director who is not employed by us (including any non-employee director who serves as one of our officers in both his or her director and officer capacities) or its affiliates will have any duty to refrain from engaging, directly or indirectly, in the same business activities or similar business activities or lines of business in which we operate. Thoma Bravo also may pursue acquisition opportunities that may be complementary to our business, and, as a result, those acquisition opportunities may not be available to us. In addition, Thoma Bravo may have an interest in pursuing acquisitions, divestitures, and other transactions that, in their judgment, could enhance their investment, even though such transactions might involve risks to you or may not prove beneficial.

We may issue preferred stock whose terms could adversely affect the voting power or value of our common stock.

Our charter authorizes us to issue, without the approval of our stockholders, one or more classes or series of preferred stock having such designations, preferences, limitations, and relative rights, including preferences over our common stock respecting dividends and distributions, as our Board may determine. The terms of one or more classes or series of preferred stock could adversely impact the voting power or value of our common stock. For example, we might grant holders of preferred stock the right to elect some number of our directors in all events or on the happening of specified events or the right to veto specified transactions. Similarly, the repurchase or redemption rights or liquidation preferences we might assign to holders of preferred stock could affect the residual value of our common stock.

Our charter designates the Court of Chancery of the State of Delaware as the sole and exclusive forum for certain types of actions and proceedings that may be initiated by our stockholders, which could limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us or our directors, officers, employees, or agents.

Pursuant to our certificate of incorporation, which we will adopt at or prior to the consummation of this offering, unless we consent in writing to the selection of an alternative forum, the Court of Chancery of the State of Delaware will be the sole and exclusive forum for any claims in state court for (i) any derivative action or proceeding brought on our behalf, (ii) any action asserting a claim of breach of a fiduciary duty owed by any of our directors, officers, other employees, or stockholders to us or our stockholders, (iii) any action asserting a claim against us arising pursuant to any provision of the DGCL, our certificate of incorporation, or our bylaws, or (iv) any other action asserting a claim against us that is governed by the internal affairs doctrine; provided that for the avoidance of doubt, the forum selection provision that identifies the Court of Chancery of the State of Delaware as the exclusive forum for certain litigation, including any “derivative action,” will not apply to suits to enforce a duty or liability created by the Securities Act, the Exchange Act, or any other claim for which the federal courts have exclusive jurisdiction. Our certificate of incorporation will also provide that, unless we consent in writing to the selection of an alternative forum, the federal district courts of the United States shall be the exclusive forum for the resolution of any complaint asserting a cause of action arising under the Securities Act. Our certificate of incorporation will further provide that any person or entity purchasing or otherwise acquiring or holding any interest in shares of our capital stock is deemed to have notice of and consented to the provisions of our certificate of incorporation described above. See “Description of Capital Stock—Exclusive Forum.” The forum selection provisions in our certificate of incorporation may have the effect of discouraging lawsuits against us or our directors and officers and may limit our stockholders’ ability to obtain a favorable

 

63


Table of Contents

judicial forum for disputes with us. If the enforceability of our forum selection provisions were to be challenged, we may incur additional costs associated with resolving such challenge. While we currently have no basis to expect any such challenge would be successful, if a court were to find our forum selection provisions to be inapplicable or unenforceable with respect to one or more of these specified types of actions or proceedings, we may incur additional costs associated with having to litigate in other jurisdictions, which could have an adverse effect on our business, financial condition, results of operations, cash flows, and prospects and result in a diversion of the time and resources of our employees, management, and Board.

A significant portion of our total outstanding shares of common stock are restricted from immediate resale but may be sold into the market in the near future. This could cause the market price of our common stock to drop significantly, even if our business is doing well.

Sales of a substantial number of shares of our common stock in the public market could occur at any time. These sales, or the perception in the market that the holders of a large number of shares of common stock intend to sell shares, could reduce the market price of our common stock. After this offering, we will have 546,560,464 outstanding shares of common stock. This includes shares of common stock that we and the selling stockholders are selling in this offering, which may be resold in the public market immediately. Following the consummation of this offering, substantially all of the shares that are not being sold in this offering will be subject to a 180-day lock-up period provided under the Lock-Up Agreements as described in “Underwriting” and restricted from immediate resale under the federal securities laws as described in “Shares Eligible for Future Sale.” All of these shares of common stock will, however, be able to be resold after the expiration of the lock-up period, as well as pursuant to customary exceptions thereto or upon the waiver of the lock-up agreement by the representatives on behalf of the underwriters. We also intend to register shares of common stock that we may issue under our equity compensation plans. Once we register these shares, they can be freely sold in the public market upon issuance, subject to the lock-up agreements. As restrictions on resale end, the market price of our stock could decline if the holders of currently restricted shares of common stock sell them or are perceived by the market as intending to sell them.

We expect to be a controlled company within the meaning of the rules of Nasdaq and, as a result, will qualify for and intend to rely on exemptions from certain corporate governance requirements.

Upon completion of this offering, Thoma Bravo will beneficially own, on a combined basis, a majority of the combined voting power of all classes of our outstanding voting stock. As a result, we expect to be a controlled company within the meaning of the rules of Nasdaq. Under the Nasdaq rules, a company of which more than 50% of the voting power is held by another person or group of persons acting together is a controlled company and may elect not to comply with certain Nasdaq corporate governance requirements, including the requirements that:

 

   

a majority of the board of directors consist of independent directors as defined under the rules of Nasdaq;

 

   

the nominating and governance committee be composed entirely of independent directors with a written charter addressing the committee’s purpose and responsibilities; and

 

   

the compensation committee be composed entirely of independent directors with a written charter addressing the committee’s purpose and responsibilities.

These requirements will not apply to us as long as we remain a controlled company. Following the offering, we intend to utilize some or all of these exemptions. Accordingly, you may not have the same protections afforded to stockholders of companies that are subject to all of the corporate governance requirements of Nasdaq. See the section titled “ManagementCorporate GovernanceControlled Company Status” below.

 

64


Table of Contents

FORWARD-LOOKING STATEMENTS

This prospectus contains forward-looking statements that are subject to risks and uncertainties. All statements other than statements of historical fact included in this prospectus are forward-looking statements. Forward-looking statements give our current expectations and projections relating to our financial condition, results of operations, plans, objectives, future performance, and business. You can identify forward-looking statements by the fact that they do not relate strictly to historical or current facts. These statements may include words such as “anticipate,” “estimate,” “expect,” “project,” “plan,” “intend,” “believe,” “may,” “will,” “should,” “can have,” “likely,” and other words and terms of similar meaning in connection with any discussion of the timing or nature of future operating or financial performance or other events. For example, all statements we make relating to our estimated and projected costs, expenditures, cash flows, growth rates, and financial results or our plans and objectives for future operations, growth initiatives, or strategies are forward-looking statements. All forward-looking statements are subject to risks and uncertainties that may cause actual results to differ materially from those that we expected, including:

 

   

our ability to sustain historical growth rates;

 

   

our ability to attract and retain customers and to deepen our relationships with existing customers;

 

   

the growth in the market for identity security solutions;

 

   

our ability to maintain successful relationships with our channel partners;

 

   

the length and unpredictable nature of our sales cycle;

 

   

our ability to compete successfully against current and future competitors;

 

   

the increasing complexity of our operations;

 

   

our ability to maintain and enhance our brand or reputation as an industry leader and innovator;

 

   

unfavorable conditions in our industry or the global economy;

 

   

our estimated market opportunity and forecasts of our market and market growth may prove to be inaccurate;

 

   

our ability to hire, retain, train, and motivate our personnel and our ability to maintain our corporate culture;

 

   

our ability to successfully introduce, use, and integrate AI with our solutions;

 

   

breaches in our security, cyber attacks, or other cyber risks;

 

   

interruptions, outages, or other disruptions affecting the delivery of our SaaS solution or any of the third-party cloud-based systems that we use in our operations;

 

   

our ability to adapt and respond to rapidly changing technology, industry standards, regulations, or customer needs, requirements, or preferences;

 

   

real or perceived errors, failures, or disruptions in our platform or solutions;

 

   

the ability of our platform and solutions to effectively interoperate with our customers’ existing or future IT infrastructures;

 

   

our ability to comply with our privacy policy or related legal or regulatory requirements;

 

   

the impact of various tax laws and regulations, including our failure to comply therewith; and

 

   

other factors disclosed in the section titled “Risk Factors” and elsewhere in this prospectus.

We derive many of our forward-looking statements from our operating budgets and forecasts, which are based on many detailed assumptions. While we believe that our assumptions are reasonable, we caution that it is

 

65


Table of Contents

very difficult to predict the impact of known factors, and it is impossible for us to anticipate all factors that could affect our actual results. Important factors that could cause actual results to differ materially from our expectations or cautionary statements are disclosed under the sections titled “Risk Factors” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations” in this prospectus. All written and oral forward-looking statements attributable to us, or persons acting on our behalf, are expressly qualified in their entirety by these cautionary statements as well as other cautionary statements that are made from time to time in our other SEC filings and public communications. You should evaluate all forward-looking statements made in this prospectus in the context of these risks and uncertainties.

We caution you that the important factors referenced above may not contain all of the factors that are important to you. In addition, we cannot assure you that we will realize the results or developments we expect or anticipate or, even if substantially realized, that they will result in the consequences or affect us or our operations in the way we expect. The forward-looking statements included in this prospectus are made only as of the date hereof. We undertake no obligation to update or revise any forward-looking statement as a result of new information, future events or otherwise, except as otherwise required by law.

 

66


Table of Contents

MARKET AND INDUSTRY DATA

Unless otherwise indicated, information contained in this prospectus concerning our industry and the market in which we operate, including our general expectations and market position, market opportunity, and market size, is based on information from various sources, on assumptions that we have made that are based on those data and other similar sources, and on our knowledge of the markets for our solutions. This information involves a number of assumptions and limitations and is inherently imprecise, and you are cautioned not to give undue weight to these estimates. In addition, the industry in which we operate, as well as the projections, assumptions, and estimates of the future performance of the industry in which we operate, are subject to a high degree of uncertainty and risk due to a variety of factors, including those described in the section titled “Risk Factors” and elsewhere in this prospectus, that could cause results to differ materially from those expressed in these publications and reports.

Some of the industry and market data contained in this prospectus are based on independent industry publications, including those generated by Forrester, Gartner (as defined below), IDC, KuppingerCole, ISC2, IDSA, Abnormal Security, and other publicly available information.

GARTNER is a registered trademark and service mark of Gartner, Inc. (“Gartner”) and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. The Gartner content described herein (the “Gartner Content”) represents research opinion or viewpoints published, as part of a syndicated subscription service, by Gartner and is not a representation of fact. The Gartner Content speaks as of its original publication date (and not as of the date of this prospectus), and the opinions expressed in the Gartner Content are subject to change without notice.

PEER INSIGHTS is a registered trademark of Gartner and/or its affiliates and is used herein with permission. Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences and should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product, or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.

 

67


Table of Contents

USE OF PROCEEDS

We estimate that our net proceeds from this offering will be approximately $893.2 million (or approximately $1,036.1 million if the underwriters exercise their option to purchase additional shares in full), assuming an initial public offering price of $20.00 per share, which is the midpoint of the estimated price range set forth on the cover page of this prospectus, after deducting the underwriting discounts and commissions and estimated offering expenses payable by us. We will not receive any of the proceeds from the sale of the shares being offered by the selling stockholders.

The principal purposes of this offering are to reduce our indebtedness, increase our capitalization and financial flexibility, create a public market for our common stock, and enable access to the public equity markets for us and our stockholders. We expect to use our net proceeds from this offering as follows (assuming an initial public offering price of $20.00 per share, which is the midpoint of the estimated price range set forth on the cover page of this prospectus): (i) approximately $52.8 million to settle in cash all outstanding equity awards that were issued in connection with the Take-Private Transaction, (ii) approximately $17.3 million to settle in cash all vested EARs, (iii) approximately $9.3 million to pay all outstanding fees payable by us to Thoma Bravo pursuant to the Advisory Services Agreement, (iv) approximately $690.0 million to repay a portion of our Term Loan, and (v) the remainder for general corporate purposes, which may include future acquisitions or investments in complementary businesses, products, services, or technologies. As of the date of this prospectus, we have not entered into any material agreements, commitments, or understandings relating to any significant transaction of this type.

On August 16, 2022, we entered into the Credit Agreement with a syndicate of lenders, which provides for a $1.59 billion Term Loan and a $125.0 million Revolving Credit Facility. As of January 15, 2025, we had $1.04 billion of outstanding borrowings under the Term Loan (excluding unamortized issuance costs), and the interest rate on our Term Loan was approximately 10.5%. Our Term Loan matures on August 16, 2029. For additional information about the Term Loan, see “Description of Certain Indebtedness.”

Thoma Bravo acquired $50.0 million of our Term Loan on August 16, 2022, and as of January 15, 2025, Thoma Bravo held $32.7 million of our Term Loan. We expect to use a portion of our net proceeds from this offering to repay a portion of our Term Loan. As a result, assuming an initial public offering price of $20.00 per share (the midpoint of the estimated price range set forth on the cover page of this prospectus), we expect that Thoma Bravo will receive $21.7 million of our net proceeds in connection with such repayment.

Each $1.00 increase or decrease in the assumed initial public offering price of $20.00 per share, which is the midpoint of the estimated price range set forth on the cover page of this prospectus, would increase or decrease the net proceeds to us from this offering by approximately $45.2 million, assuming the number of shares offered, as set forth on the cover page of this prospectus, remains the same, and after deducting the underwriting discounts and commissions and estimated offering expenses payable by us.

Each 1,000,000 increase or decrease in the number of shares offered would increase or decrease the net proceeds to us from this offering by approximately $19.1 million, assuming that the assumed initial public offering price per share for the offering remains at $20.00, which is the midpoint of the estimated price range set forth on the cover page of this prospectus, and after deducting the underwriting discounts and commissions and estimated offering expenses payable by us.

 

68


Table of Contents

DIVIDEND POLICY

We currently intend to retain all available funds and any future earnings to fund the development and expansion of our business, and we do not anticipate paying any cash dividends in the foreseeable future. Additionally, the terms of the Credit Agreement restrict our ability to pay dividends, and we may also enter into debt instruments in the future that will restrict our ability to declare or pay cash dividends on our common stock. Any future determination related to dividend policy will be made at the discretion of our Board, subject to compliance with covenants in current and future agreements governing our indebtedness (see “Description of Certain Indebtedness”) and requirements under Delaware law, and will depend on our results of operations, financial condition, capital requirements, and other factors that our Board may deem relevant. See “Risk Factors—Risks Related to This Offering and Ownership of Our Common Stock—We do not intend to pay dividends on our common stock and, consequently, your ability to achieve a return on your investment will depend on appreciation in the price of our common stock.”

 

69


Table of Contents

CAPITALIZATION

The following table describes our cash and cash equivalents and capitalization as of October 31, 2024, as follows:

 

   

of SailPoint Parent, LP on an actual basis; and

 

   

of SailPoint, Inc. on a pro forma as adjusted basis to give effect to the transactions described under “Unaudited Pro Forma Condensed Consolidated Financial Information,” including (a) the issuance of Class A Units and Class B Units to Thoma Bravo and certain other equityholders of the Company and the use of proceeds therefrom, including a portion of which was used to repay borrowings outstanding under our Term Loan and our Revolving Credit Facility, (b) the Corporate Conversion, and (c) our sale of 47,500,000 shares of common stock in this offering and the application of our net proceeds therefrom, as set forth under “Use of Proceeds,” assuming an initial public offering price of $20.00 per share, which is the midpoint of the estimated price range set forth on the cover page of this prospectus, and after deducting the underwriting discounts and commissions and estimated offering expenses payable by us.

The pro forma as adjusted information set forth in the table below is illustrative only and will be adjusted based on the actual initial public offering price and other terms of this offering determined at pricing. You should read this table in conjunction with our consolidated financial statements and the related notes, “Use of Proceeds,” “Unaudited Pro Forma Condensed Consolidated Financial Information,” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations” included elsewhere in this prospectus.

 

     As of October 31, 2024  
     Actual     Pro forma as
Adjusted
 
(in thousands except per share amounts)  

Cash and cash equivalents(1)

   $ 68,166     $ 228,793  
  

 

 

   

 

 

 

Total debt, including current portion(2)(3):

    

Revolving Credit Facility

     —        —   

Term Loan

     1,565,242       344,552  
  

 

 

   

 

 

 

Total long term debt

     1,565,242       344,552  

Redeemable convertible units, no par value, unlimited units authorized and 454,540,317 Class A Units and Class B Units issued and outstanding, actual; no units authorized, issued, or outstanding, as adjusted(3)

     5,834,148       —   

Partners’ / shareholders’ equity

    

Preferred stock, $0.0001 par value; no shares authorized, issued, or outstanding, actual; 50,000,000 shares authorized and no shares issued or outstanding, as adjusted(4)

     —        —   

Common stock, $0.0001 par value; no shares issued and outstanding, actual; 1,750,000,000 shares authorized and 545,085,095 issued and outstanding, as adjusted(4)

     —        54  

Additional paid-in capital

     60,208       7,447,641  

Accumulated deficit

     (814,352     (944,399
  

 

 

   

 

 

 

Total partners’ deficit / shareholders’ equity

     (754,144     6,503,296  
  

 

 

   

 

 

 

Total capitalization

   $ 6,645,246     $ 6,847,868  
  

 

 

   

 

 

 

 

(1)

Approximately $13 million of cash was used in the fiscal quarter ended January 31, 2025 to settle equity awards issued in connection with the Take-Private Transaction that vested in October, November, and December 2024. Approximately $0.5 million of equity awards issued in connection with the Take-Private Transaction have been forfeited in the fiscal quarter ended January 31, 2025.

(2)

Net of debt issuance costs of $24.8 million.

(3)

As of October 31, 2024, we had $1.59 billion of outstanding borrowings under the Term Loan (excluding unamortized issuance costs) and no outstanding borrowings or letters of credit under the Revolving Credit Facility. On November 8, 2024, we drew $25.0 million on the Revolving Credit Facility. On December 23,

 

70


Table of Contents
 

2024, we repaid $550.0 million and $25.0 million of borrowings outstanding under the Term Loan and the Revolving Credit Facility, respectively, and as of both December 23, 2024 and January 15, 2025, we had $1.04 billion of outstanding borrowings under the Term Loan (excluding unamortized issuance costs) and no outstanding borrowings or letters of credit under the Revolving Credit Facility. Assuming an initial public offering price of $20.00 per share (the midpoint of the estimated price range set forth on the cover page of this prospectus), we expect to use a portion of our net proceeds from this offering to repay approximately $690.0 million of outstanding borrowings under the Term Loan, resulting in $350.0 million of outstanding borrowings under the Term Loan (excluding unamortized issuance costs of $5.5 million).

(4)

As adjusted to reflect the conversion of our outstanding partners’ interests into shares of our common stock in conjunction with the Corporate Conversion.

A $1.00 increase or decrease in the assumed initial public offering price of $20.00 per share, which is the midpoint of the estimated price range set forth on the cover page of this prospectus, would increase or decrease each of cash, cash equivalents, and restricted cash, additional paid-in capital, partners’ (deficit) equity, and total capitalization on an as adjusted basis by approximately $45.2 million, assuming the number of shares offered, as set forth on the cover page of this prospectus, remains the same, and after deducting the underwriting discounts and commissions and estimated offering expenses payable by us.

Each 1,000,000 increase or decrease in the number of shares of common stock offered in this offering would increase or decrease each of cash, cash equivalents, and restricted cash, additional paid-in capital, partners’ (deficit) equity, and total capitalization on an as adjusted basis by approximately $19.1 million, based on an assumed initial public offering price of $20.00 per share, which is the midpoint of the estimated price range set forth on the cover page of this prospectus, and after deducting the underwriting discounts and commissions and estimated offering expenses payable by us.

The information presented in the table above does not include:

 

   

56,127,257 shares of our common stock that will be available for future issuance under our Omnibus Plan, which will be adopted in connection with this offering and under which we intend to issue:

 

   

158,302 shares of our common stock upon vesting and settlement of the Exchange Grants; and

 

   

up to 27,000,000 shares of common stock upon vesting and settlement of the IPO Grants;

 

   

10,931,209 shares of our common stock that will become available for future issuance under our ESPP, which will be adopted in connection with this offering; and

 

   

7,500,000 shares of our common stock that would be issued upon the underwriters exercising their option to purchase additional shares in full.

 

71


Table of Contents

DILUTION

If you invest in our common stock in this offering, your interest will be diluted to the extent of the difference between the initial public offering price per share of our common stock in this offering and the pro forma as adjusted net tangible book value per share of our common stock immediately after this offering. Dilution in net tangible book value per share to investors purchasing shares of our common stock in this offering represents the difference between the amount per share paid by investors purchasing shares of our common stock in this offering and the pro forma as adjusted net tangible book value per share of our common stock immediately after completion of this offering.

Net tangible book value per share is determined by dividing our total tangible assets less our total liabilities by the number of our units or shares of common stock outstanding. Our historical net tangible book value as of October 31, 2024 was $(7,602.4) million, or $(16.90) per unit. Our pro forma net tangible book value as of October 31, 2024 was $(1,174.6) million, or $(2.38) per share, after giving effect to the transactions described under “Unaudited Pro Forma Condensed Consolidated Financial Information,” (i) including the sale by us of units and the repayment of borrowings with a portion of the proceeds therefrom and the Corporate Conversion, but (ii) excluding our sale of shares of common stock in this offering.

After further giving effect to the sale by us of 47,500,000 shares of common stock in this offering at the assumed initial public offering price of $20.00 per share (the midpoint of the estimated price range set forth on the cover page of this prospectus), after deducting the underwriting discounts and commissions and estimated offering expenses payable by us, and the application of a portion of our net proceeds from this offering to repay $690.0 million of outstanding borrowings under the Term Loan, net of fees, as set forth under “Use of Proceeds,” our pro forma as adjusted net tangible book value as of October 31, 2024 would have been $(345.0) million, or $(0.63) per share of common stock. This represents an immediate increase in net tangible book value of $1.75 per share to our existing stockholders and an immediate dilution in net tangible book value of $20.63 per share to investors participating in this offering at the assumed initial public offering price. There is no impact on dilution per share to investors participating in this offering as a result of the sale of shares of common stock by the selling stockholders. The following table illustrates this per share dilution:

 

Assumed initial public offering price per share

     $ 20.00  

Pro forma net tangible book value per share as of October 31, 2024

   $ (2.38  

Increase in pro forma net tangible book value per share attributable to the investors in this offering

   $ 1.75    
  

 

 

   

Pro forma as adjusted net tangible book value per share after giving effect to this offering

     $ (0.63
    

 

 

 

Dilution in net tangible book value per share to the investors in this offering

     $ 20.63  
    

 

 

 

A $1.00 increase or decrease in the assumed initial public offering price of $20.00 per share, which is the midpoint of the estimated price range set forth on the cover page of this prospectus, would increase or decrease our pro forma as adjusted net tangible book value per share after this offering by $0.08, and would increase or decrease the dilution per share to the investors in this offering by $0.92, assuming that the number of shares offered by us, as set forth on the cover page of this prospectus, remains the same, and after deducting the underwriting discounts and commissions and estimated offering expenses payable by us. Similarly, each increase or decrease of 1,000,000 shares in the number of shares of common stock offered by us would increase or decrease our pro forma as adjusted net tangible book value per share after this offering by $0.03 and would increase or decrease dilution per share to investors in this offering by $(0.03), assuming the assumed initial public offering price, which is the midpoint of the estimated price range set forth on the cover page of this prospectus, remains the same and after deducting the underwriting discounts and commissions and estimated offering expenses payable by us.

 

72


Table of Contents

If the underwriters exercise their over-allotment option in full, the pro forma as adjusted net tangible book value per share after this offering would be $(0.37), and the dilution in pro forma as adjusted net tangible book value per share to new investors in this offering would be $20.37.

The following table presents, on a pro forma as adjusted basis as described above, as of October 31, 2024, after giving effect to the transactions described under “Unaudited Pro Forma Condensed Consolidated Financial Information,” including (i) the sale by us of units and the repayment of borrowings with a portion of the proceeds therefrom, (ii) the completion of the Corporate Conversion, and (iii) the sale by us of 47,500,000 shares of our common stock in this offering at the assumed initial public offering price of $20.00 per share (the midpoint of the estimated offering price range set forth on the cover page of this prospectus), the differences between our existing stockholders and the investors purchasing shares of our common stock in this offering, with respect to the number of shares purchased, the total consideration paid to us, and the average price per share paid by our existing stockholders or to be paid to us by investors purchasing shares in this offering at an assumed offering price of $20.00 per share, which is the midpoint of the price range set forth on the cover page of this prospectus, before deducting the underwriting discounts and commissions and estimated offering expenses payable by us.

 

     Shares Purchased     Total Consideration     Average Price
Per Share
 
     Number      Percentage     Amount      Percentage  

Existing Stockholders

     499,060,464        91   $ 6,434,469,234        88   $ 12.89  

New Investors

     47,500,000        9       893,175,000        12       18.80  
  

 

 

    

 

 

   

 

 

    

 

 

   

 

 

 

Total

     546,560,464        100   $ 7,327,644,234        100   $ 13.41  
  

 

 

    

 

 

   

 

 

    

 

 

   

 

 

 

A $1.00 increase or decrease in the assumed initial public offering price of $20.00 per share, which is the midpoint of the price range set forth on the cover page of this prospectus, would increase or decrease the total consideration paid by new investors by $45.2 million and increase or decrease the percent of total consideration paid by new investors by 0.6%, assuming that the number of shares offered by us, as set forth on the cover page of this prospectus, remains the same and before deducting the underwriting discounts and commissions and estimated offering expenses payable by us.

Except as otherwise indicated, the above discussion and tables assume no exercise of the underwriters’ over-allotment option. After giving effect to sales of shares in this offering, assuming the underwriters exercise their option to purchase additional shares in full, our existing stockholders would own 90% and our new investors would own 10% of the total number of shares of our common stock outstanding after this offering.

In addition, to the extent we issue any additional stock options or any stock options are exercised, or we issue any other securities or convertible debt in the future, investors participating in this offering may experience further dilution.

The above discussion and tables do not include:

 

   

56,127,257 shares of our common stock that will be available for future issuance under our Omnibus Plan, which will be adopted in connection with this offering and under which we intend to issue:

 

   

158,302 shares of our common stock upon vesting and settlement of the Exchange Grants; and

 

   

up to 27,000,000 shares of common stock upon vesting and settlement of the IPO Grants;

 

   

10,931,209 shares of our common stock that will become available for future issuance under our ESPP, which will be adopted in connection with this offering; and

 

   

7,500,000 shares of our common stock that would be issued upon the underwriters exercising their option to purchase additional shares in full.

The Omnibus Plan and the ESPP each provides for annual automatic increases in the number of shares of our common stock reserved thereunder, as more fully described in the section titled “Executive Compensation—Actions Taken in Connection with this Offering.”

 

73


Table of Contents

UNAUDITED PRO FORMA CONDENSED CONSOLIDATED FINANCIAL INFORMATION

On December 23, 2024, SailPoint Parent, LP (the “Company” or “SailPoint”) entered into a purchase agreement with Thoma Bravo, pursuant to which Thoma Bravo purchased Class A Units and Class B Units for an aggregate purchase price of $600.0 million. In addition, on January 7, 2025, in connection with Thoma Bravo’s purchase, certain of the Company’s directors and other equityholders exercised their preemptive rights under our partnership agreement and purchased Class A Units and Class B Units for an aggregate purchase price of approximately $0.3 million. The Company used $575.0 million of the proceeds from such transaction to repay $550.0 million and $25.0 million of the Term Loan and Revolving Credit Facility (which was drawn down by the Company on November 8, 2024), respectively, and plans to use the remainder for general corporate purposes. The unaudited pro forma condensed financial information presented below is derived from the historical financial statements of the Company and is adjusted to give effect to the borrowings under the Revolving Credit Facility on November 8, 2024 and these Unit purchases as well as the use of proceeds therefrom (together, the “Transaction”).

The unaudited pro forma condensed financial information presented below is also adjusted to give effect to (1) the Corporate Conversion, (2) our sale of shares of common stock in this offering, assuming an initial public offering price of $20.00 per share, which is the midpoint of the estimated price range set forth on the cover page of this prospectus, after deducting the underwriting discounts and commissions and estimated offering expenses payable by us, (3) the application of a portion of our net proceeds from this offering to repay of a portion of borrowings outstanding under the Term Loan, as described in “Use of Proceeds,” (4) the settlement of all outstanding fees payable by us to Thoma Bravo pursuant to the Advisory Services Agreement, (5) the settlement of all vested EARs, (6) the settlement of all outstanding equity awards that were issued in connection with the Take-Private Transaction, (7) the modification to accelerate the vesting of certain unvested incentive units in connection with this offering, and (8) the grant of fully vested incentive units in connection with this offering (together, the “Offering”).

The unaudited pro forma condensed consolidated financial information was prepared in accordance with Article 11 of Regulation S-X using the assumptions set forth in the notes to the unaudited pro forma condensed consolidated financial information. The unaudited pro forma condensed consolidated financial information has been adjusted to include adjustments, which reflect the application of the accounting required by generally accepted accounting principles in the United States (“GAAP”), and rules of the Securities and Exchange Commission (the “SEC”), and linking the effects of the issuance of shares, debt draw down and repayment, and resulting transactions to the historical consolidated financial statements of the Company (“Transaction Adjustments”).

The unaudited pro forma condensed consolidated balance sheet as of October 31, 2024 gives pro forma effect to the Transaction and the Offering as if they had been completed on October 31, 2024. The unaudited pro forma condensed consolidated statements of operations for the year ended January 31, 2024 and the nine months ended October 31, 2024 give pro forma effect to the Transaction and the Offering as if they had been completed on February 1, 2023.

The unaudited pro forma condensed consolidated financial information should be read in conjunction with the accompanying notes to the unaudited pro forma condensed financial statements, “Summary Consolidated Financial and Other Data,” “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” and the historical financial statements and related notes included elsewhere in this prospectus.

The unaudited pro forma condensed consolidated financial information has been presented for informational purposes only. The unaudited condensed consolidated pro forma financial information should not be relied upon as being indicative of what our results of operations would have been had the Transaction and the Offering been completed as of the dates indicated. The unaudited pro forma condensed consolidated financial information also does not project our financial position or results of operations for any future period or date. Future results may vary significantly from the results reflected in the unaudited pro forma condensed consolidated financial information and should not be relied on as an indication of our results after the consummation of the Transaction or the Offering.

 

74


Table of Contents

UNAUDITED PRO FORMA CONDENSED CONSOLIDATED BALANCE SHEET

AS OF OCTOBER 31, 2024

(In thousands)

 

    SailPoint
(Historical)
    Transaction
Adjustments
(Note 2)
    As Adjusted
Before Offering
Adjustments
    Offering
Adjustments
(Note 4)
        Pro Forma
Condensed
Consolidated
 

Assets

           

Current assets

           

Cash and cash equivalents

  $ 68,166     $ 50,321  a    $ 118,487     $ 110,306       i     $ 228,793  

Accounts receivable, net of allowance

    207,291       —        207,291       —          207,291  

Contract acquisition costs

    26,859       —        26,859       —          26,859  

Contract assets

    58,348       —        58,348       —          58,348  

Prepayments and other current assets

    37,294       —        37,294       —          37,294  
 

 

 

   

 

 

   

 

 

   

 

 

     

 

 

 

Total current assets

    397,958       50,321       448,279       110,306         558,585  

Property and equipment, net

    22,979       —        22,979       —          22,979  

Contract acquisition costs, non-current

    77,434       —        77,434       —          77,434  

Contract assets, non-current, net of allowance

    34,155       —        34,155       —          34,155  

Other non-current assets

    41,059       —        41,059       —          41,059  

Goodwill

    5,142,421       —        5,142,421       —          5,142,421  

Intangible assets, net

    1,600,532       —        1,600,532       —          1,600,532  
 

 

 

   

 

 

   

 

 

   

 

 

     

 

 

 

Total assets

    7,316,538       50,321       7,366,859       110,306         7,477,165  
 

 

 

   

 

 

   

 

 

   

 

 

     

 

 

 

Liabilities, redeemable convertible units and partners’ capital / shareholders’ equity

           

Current liabilities

           

Accounts payable

    12,144       —        12,144       —          12,144  

Accrued expenses and other liabilities

    132,522       —        132,522       (12,881     ii       119,641  

Deferred revenue

    339,699       —        339,699       —          339,699  
 

 

 

   

 

 

   

 

 

   

 

 

     

 

 

 

Total current liabilities

    484,365       —        484,365       (12,881       471,484  

Deferred tax liabilities, non-current

    130,603       (1,920 ) b      128,683       (19,629     iii       109,054  

Other long-term liabilities

    26,640       —        26,640       (7,545     iv       19,095  

Deferred revenue, non-current

    29,684       —        29,684       —          29,684  

Long-term debt, net

    1,565,242       (541,435 ) c      1,023,807       (679,255     v       344,552  
 

 

 

   

 

 

   

 

 

   

 

 

     

 

 

 

Total liabilities

    2,236,534       (543,355     1,693,179       (719,310       973,869  
 

 

 

   

 

 

   

 

 

   

 

 

     

 

 

 

Redeemable convertible units

    5,834,148       600,321  d      6,434,469       (6,434,469     vi       —   

Partners’ capital / shareholders’ equity

           

Common stock

    —        —        —        54       vii       54  

Additional paid in capital

    60,208       —        60,208       7,387,433       viii       7,447,641  

Accumulated deficit

    (814,352     (6,645 ) e      (820,997     (123,402     ix       (944,399
 

 

 

   

 

 

   

 

 

   

 

 

     

 

 

 

Total partners’ capital / shareholders’ equity

    (754,144     (6,645     (760,789     7,264,085         6,503,296  
 

 

 

   

 

 

   

 

 

   

 

 

     

 

 

 

Total liabilities, redeemable convertible units and partners’ capital / shareholders’ equity

  $ 7,316,538     $ 50,321     $ 7,366,859     $ 110,306       $ 7,477,165  
 

 

 

   

 

 

   

 

 

   

 

 

     

 

 

 

The accompanying notes are an integral part of these unaudited pro forma condensed consolidated financial statements.

 

75


Table of Contents

UNAUDITED PRO FORMA CONDENSED CONSOLIDATED STATEMENT OF OPERATIONS

YEAR ENDED JANUARY 31, 2024

(In thousands, except per unit and per share amounts)

 

     SailPoint
(Historical)
    Transaction
Adjustments
(Note 3)
           As Adjusted
Before Offering
Adjustments
    Offering
Adjustments
(Note 5)
           Pro Forma
Condensed
Consolidated
 

Revenue

                

Subscription

   $ 622,830     $ —         $ 622,830     $ —         $ 622,830  

Perpetual licenses

     5,842       —           5,842       —           5,842  

Service and other

     70,900       —           70,900       —           70,900  
  

 

 

   

 

 

      

 

 

   

 

 

      

 

 

 

Total revenue

     699,572       —           699,572       —           699,572  

Cost of revenue

                

Subscription

     205,053       —           205,053       10,279       aa        215,332  

Perpetual licenses

     2,227       —           2,227       —           2,227  

Service and other

     69,355       —           69,355       8,755       aa        78,110  
  

 

 

   

 

 

      

 

 

   

 

 

      

 

 

 

Total cost of revenue

     276,635       —           276,635       19,034          295,669  
  

 

 

   

 

 

      

 

 

   

 

 

      

 

 

 

Gross profit

     422,937       —           422,937       (19,034        403,903  
  

 

 

   

 

 

      

 

 

   

 

 

      

 

 

 

Operating expenses

                

Research and development

     180,778       —           180,778       26,478       aa        207,256  

Sales and marketing

     461,187       —           461,187       47,261       aa        508,448  

General and administrative

     113,701       —           113,701       39,513       aa        153,214  
  

 

 

   

 

 

      

 

 

   

 

 

      

 

 

 

Total operating expenses

     755,666       —           755,666       113,252          868,918  
  

 

 

   

 

 

      

 

 

   

 

 

      

 

 

 

Loss from operations

     (332,729     —           (332,729     (132,286        (465,015

Other income (expense), net

                

Interest income

     10,658       —           10,658       —           10,658  

Interest expense

     (187,059     53,397       i        (133,662     69,293       bb        (64,369

Other (expense) income, net

     (3,219     —           (3,219     —           (3,219
  

 

 

   

 

 

      

 

 

   

 

 

      

 

 

 

Total other income (expense), net

     (179,620     53,397          (126,223     69,293          (56,930
  

 

 

   

 

 

      

 

 

   

 

 

      

 

 

 

Loss before income taxes

     (512,349     53,397          (458,952     (62,993        (521,945

Income tax benefit (expense)

     116,982       (12,548     ii        104,434       820       cc        105,254  
  

 

 

   

 

 

      

 

 

   

 

 

      

 

 

 

Net loss

   $ (395,367   $ 40,849        $ (354,518   $ (62,173      $ (416,691
  

 

 

   

 

 

      

 

 

   

 

 

      

 

 

 

Class A yield

   $ (583,672     (176,328     iii      $ (760,000       
  

 

 

   

 

 

      

 

 

        

Net loss attributable to Class B unitholders / common stockholders

   $ (979,039        $ (1,114,518        $ (416,691
  

 

 

        

 

 

        

 

 

 

Loss per unit attributable to Class B unitholders—basic and diluted

   $ (12.13              
  

 

 

               

Weighted average Class B Units outstanding—basic and diluted

     80,746                
  

 

 

               

Loss per share attributable to common stock—basic and diluted

                 $ (0.77
                

 

 

 

Weighted average common stock outstanding—basic and diluted

              542,855       dd        542,855  
           

 

 

      

 

 

 

The accompanying notes are an integral part of these unaudited pro forma condensed consolidated financial statements.

 

76


Table of Contents

UNAUDITED PRO FORMA CONDENSED CONSOLIDATED STATEMENT OF OPERATIONS

NINE MONTHS ENDED OCTOBER 31, 2024

(In thousands, except per unit and per share amounts)

 

     SailPoint
(Historical)
    Transaction
Adjustments
(Note 3)
           As Adjusted
Before
Offering
Adjustments
    Offering
Adjustments
(Note 5)
           Pro Forma
Condensed
Consolidated
 

Revenue

                

Subscription

   $ 569,540     $ —         $ 569,540     $ —         $ 569,540  

Perpetual licenses

     360       —           360       —           360  

Service and other

     51,590       —           51,590       —           51,590  
  

 

 

   

 

 

      

 

 

   

 

 

      

 

 

 

Total revenue

     621,490       —           621,490       —           621,490  

Cost of revenue

                

Subscription

     174,174       —           174,174       —           174,174  

Perpetual licenses

     121       —           121       —           121  

Service and other

     51,089       —           51,089       —           51,089  
  

 

 

   

 

 

      

 

 

   

 

 

      

 

 

 

Total cost of revenue

     225,384       —           225,384       —           225,384  
  

 

 

   

 

 

      

 

 

   

 

 

      

 

 

 

Gross profit

     396,106       —           396,106       —           396,106  
  

 

 

   

 

 

      

 

 

   

 

 

      

 

 

 

Operating expenses

                

Research and development

     124,274       —           124,274       —           124,274  

Sales and marketing

     350,038       —           350,038       —           350,038  

General and administrative

     80,314       —           80,314       —           80,314  
  

 

 

   

 

 

      

 

 

   

 

 

      

 

 

 

Total operating expenses

     554,626       —           554,626       —           554,626  
  

 

 

   

 

 

      

 

 

   

 

 

      

 

 

 

Loss from operations

     (158,520     —           (158,520     —           (158,520

Other income (expense), net

                

Interest income

     3,615       —           3,615       —           3,615  

Interest expense

     (140,125     48,173       i        (91,952     60,527       bb        (31,425

Other (expense) income, net

     (3,199     —           (3,199     —           (3,199
  

 

 

   

 

 

      

 

 

   

 

 

      

 

 

 

Total other income (expense), net

     (139,709     48,173          (91,536     60,527          (31,009
  

 

 

   

 

 

      

 

 

   

 

 

      

 

 

 

Loss before income taxes

     (298,229     48,173          (250,056     60,527          (189,529

Income tax benefit (expense)

     62,503       (10,801     ii        51,702       (14,415     cc        37,287  
  

 

 

   

 

 

      

 

 

   

 

 

      

 

 

 

Net loss

   $ (235,726   $ 37,372        $ (198,354   $ 46,112        $ (152,242
  

 

 

   

 

 

      

 

 

   

 

 

      

 

 

 

Class A yield

   $ (472,439   $ (45,217     iii      $ (517,656       
  

 

 

   

 

 

      

 

 

        

Net loss attributable to Class B unitholders / common stockholders

   $ (708,165        $ (716,010        $ (152,242
  

 

 

        

 

 

        

 

 

 

Loss per unit attributable to Class B unitholders—basic and diluted

   $ (8.56              
  

 

 

               

Weighted average Class B Units outstanding—basic and diluted

     82,687                
  

 

 

               

Loss per share attributable to common stock—basic and diluted

                 $ (0.28
                

 

 

 

Weighted average common stock outstanding—basic and diluted

              545,069       dd        545,069  
           

 

 

      

 

 

 

The accompanying notes are an integral part of these unaudited pro forma condensed consolidated financial statements.

 

77


Table of Contents

Notes To Unaudited Pro Forma Condensed Consolidated Financial Information

 

1.

Basis of Presentation and Description of the Transaction

The unaudited pro forma condensed consolidated financial information was prepared in accordance with Article 11 of Regulation S-X and presents the pro forma financial condition and results of operations based upon the historical financial information of the Company after giving effect to the Transaction and the Offering and, in each case, related adjustments as set forth in the notes to the unaudited pro forma condensed consolidated financial information. The condensed consolidated financial information is based on the accounting policies prior to pro forma adjustments.

The unaudited pro forma condensed consolidated balance sheet as of October 31, 2024 gives pro forma effect to the Transaction and the Offering as if they had been completed on October 31, 2024. The unaudited pro forma condensed statements of operations for the nine months ended October 31, 2024 and for the year ended January 31, 2024 give pro forma effect to the Transaction and the Offering as if they had been completed on February 1, 2023.

Description of the Transaction

On December 23, 2024, the Company entered into a purchase agreement with Thoma Bravo, pursuant to which Thoma Bravo purchased approximately 36,548,286.44 Class A Units and approximately 7,984,676.29 Class B Units for an aggregate purchase price of $600.0 million. In connection with Thoma Bravo’s purchase, certain of the Company’s directors and other equityholders exercised their preemptive rights under our partnership agreement and purchased a total of approximately 19,567.57 Class A Units and approximately 4,274.91 Class B Units for an aggregate purchase price of approximately $0.3 million. The Company used $575.0 million of the proceeds from such transactions to repay $550.0 million and $25.0 million of the Term Loan and Revolving Credit Facility (which was drawn down by the Company on November 8, 2024), respectively, and plans to use the remainder for general corporate purposes.

Description of the Offering

The Offering represents the following: (1) the Corporate Conversion, (2) our sale of shares of common stock in this offering, assuming an initial public offering price of $20.00 per share, which is the midpoint of the estimated price range set forth on the cover page of this prospectus, after deducting the underwriting discounts and commissions and estimated offering expenses payable by us, (3) the application of a portion of our net proceeds from this offering to repay of a portion of borrowings outstanding under the Term Loan as described in “Use of Proceeds,” (4) the settlement of all outstanding fees payable by us to Thoma Bravo pursuant to the Advisory Services Agreement, (5) the settlement of all vested “EARs,” (6) the settlement of all outstanding equity awards that were issued in connection with the Take-Private Transaction, (7) the modification to accelerate the vesting of 2,614,115 unvested incentive units in connection with this offering, and (8) the grant of 677,023 fully vested incentive units in connection with this offering.

 

78


Table of Contents
2.

Notes to Transaction Adjustments for the Unaudited Pro Forma Condensed Balance Sheet

Transaction Adjustments include the following adjustments related to the unaudited pro forma condensed consolidated balance sheet as of October 31, 2024:

 

  a.  

Represents the proceeds received from Thoma Bravo and certain of the Company’s directors and other equityholders, and the adjustment to the carrying value of the Term Loan to reflect the repayment as described in Note 1. The components of the Transaction are summarized below (in thousands):

 

Proceeds from draw down of Revolving Credit Facility

   $ 25,000  

Proceeds from issuance of redeemable convertible units to Thoma Bravo

     600,000  

Proceeds from issuance of redeemable convertible units to directors and other equityholders

     321  

Repayment of Term Loan

     (550,000

Repayment of Revolving Credit Facility

     (25,000
  

 

 

 

Total Transaction Adjustments

   $ 50,321  
  

 

 

 

 

  b.  

Represents the adjustment to deferred tax liabilities for the impact of the write-off of unamortized debt issuance costs associated with the portion of the Term Loan that was extinguished.

 

  c.  

Represents the adjustment to the carrying value of the Term Loan to reflect the repayment and the write-off of unamortized debt issuance costs associated with the portion of the Term Loan that was extinguished. The Term Loan repayment was treated as an extinguishment with the related proportional value of the unamortized debt issuance costs written-off and recognized as a loss on debt extinguishment. The components of the transaction are summarized below (in thousands):

 

Repayment of the Term Loan

   $ (550,000

Write-off of the unamortized debt issuance costs

     8,565  
  

 

 

 

Total Transaction Adjustments

   $ (541,435
  

 

 

 

 

  d.  

Represents the proceeds received from Thoma Bravo and other equityholders for the issuance of Class A Units and Class B Units that are classified as redeemable convertible units. The components of the Transaction are summarized below (in thousands):

 

Proceeds from issuance of redeemable convertible units to Thoma Bravo

   $ 600,000  

Proceeds from issuance of redeemable convertible units to other equityholders

     321  
  

 

 

 

Total Transaction Adjustments

   $ 600,321  
  

 

 

 

 

  e.  

The following summarizes the adjustments related to accumulated deficit (in thousands):

 

Adjustment to deferred tax liabilities - Note 2(b)

   $ 1,920  

Write-off of the unamortized debt issuance costs – Note 2(c)

     (8,565
  

 

 

 

Total Transaction Adjustments

   $ (6,645
  

 

 

 

 

79


Table of Contents
3.

Notes to Transaction Adjustments for the Unaudited Pro Forma Condensed Statements of Operations

Transaction Adjustments include the following adjustments, which are based on the Company’s preliminary estimates and assumptions, related to the unaudited pro forma condensed consolidated statements of operations for the year ended January 31, 2024 and the nine months ended October 31, 2024:

 

  i.  

Represents (i) the change to interest expense for the reduction in contractual interest expense associated with the portion of the Term Loan that was repaid and (ii) the reduction in amortization expense associated with the unamortized debt issuance costs that were written-off as a result of the Term Loan repayment. The unamortized debt issuance costs written-off was recognized as a loss on debt extinguishment and classified within interest expense. The following summarizes the adjustments (in thousands):

 

     Year Ended
January 31,
2024
    Nine Months
Ended October 31,
2024
 

Reduction of contractual interest expense

   $ 63,006     $ 47,129  

Reduction in amortization of debt issuance costs

     1,286       1,044  

Loss on partial debt extinguishment

     (10,895     —   
  

 

 

   

 

 

 

Total Transaction Adjustments

   $ 53,397     $ 48,173  
  

 

 

   

 

 

 

 

  ii.  

Represents the adjustment to the income tax benefits as a result of reductions in interest expense and amortization expense based on the Company’s effective tax rate of 22.8% and 22.4% for the year ended January 31, 2024 and the nine months ended October 31, 2024, respectively.

 

  iii.  

Represents the additional Class A yield earned by the holders of the Class A Units issued as part of the Transaction. The components of the Transaction are summarized below (in thousands):

 

     Year Ended
January 31,
2024
     Nine Months
Ended October 31,
2024
 

Stated Class A yield earned

   $ (55,938    $ (45,217

Deemed dividend(1)

    
(120,390

     —   
  

 

 

    

 

 

 

Total Transaction Adjustments

   $ (176,328    $ (45,217
  

 

 

    

 

 

 

 

  (1)   

Represents the difference between the proceeds received by the Company and the fair value of the units issued as part of the Transaction.

 

4.

Notes to the Offering Adjustments for Unaudited Pro Forma Condensed Balance Sheet

Offering adjustments include the following adjustments related to the unaudited pro forma condensed consolidated balance sheet as of October 31, 2024:

 

  i.  

Represents the (i) proceeds received the sale of shares of common stock in this offering, assuming an initial public offering price of $20.00 per share, which is the midpoint of the estimated price range set forth on the cover page of this prospectus, and after deducting the underwriting discounts and commissions of $45.1 million and estimated offering expenses payable by us of $11.7 million, (ii) partial repayment of outstanding borrowings under the Term Loan, (iii) the settlement of all outstanding fees payable by us to Thoma Bravo pursuant to the Advisory Services Agreement that will be terminated in connection with this offering, (iv) the settlement of all vested EARs and (v) the settlement of all outstanding equity awards that were issued in connection with the Take-Private Transaction. The components of the Offering are summarized below (in thousands):

 

80


Table of Contents

Proceeds from sale of shares of common stock

   $ 893,175  

Repayment of borrowing under the Term Loan

     (690,000

Settlement of Thoma Bravo monitoring fees

     (9,292

Settlement of vested EARs

     (17,302

Settlement of Take-Private Transaction equity awards

     (66,275
  

 

 

 

Total Offering adjustments

   $ 110,306  
  

 

 

 

 

  ii.  

Represents the settlement of all outstanding equity awards that were issued in connection with the Take-Private Transaction and the settlement of all outstanding fees payable by us to Thoma Bravo related to the Advisory Services Agreement that will be terminated in connection with this offering. In connection with this Offering, our Board approved the acceleration of all outstanding unvested equity awards that were issued in connection with the Take-Private Transaction. The adjustments reflect the removal of the amounts accrued as of October 31, 2024 that were settled in the Offering, comprising the following (in thousands):

 

Settlement Take-Private Transaction equity awards

   $ (6,006

Settlement of Thoma Bravo monitoring fees

     (6,875
  

 

 

 

Total Offering adjustments

   $ (12,881
  

 

 

 

 

  iii.  

Represents the adjustment to deferred tax liabilities for the impact of the Offering adjustments described in Note 4(ix).

 

  iv.  

Primarily represents the settlement all vested EARs. In connection with this Offering, our Board approved the acceleration of vesting certain portions of outstanding unvested EARs. The adjustments reflect the removal of the amounts accrued as of October 31, 2024 that were impacted by the Offering, comprising the following (in thousands):

 

Settlement of vested EARs

   $ (7,206

Reclassification of unvested EARs

     (339
  

 

 

 

Total Offering adjustments

   $ (7,545
  

 

 

 

 

  v.  

Represents the adjustment to the carrying value of the Term Loan to reflect the repayment and the write-off of unamortized debt issuance costs associated with the portion of the Term Loan that was extinguished. The Term Loan repayment was treated as an extinguishment with the related proportional value of the unamortized debt issuance costs written-off and recognized as a loss on debt extinguishment. The components of the Offering are summarized below (in thousands):

 

Repayment of the Term Loan

   $ (690,000

Write-off of the unamortized debt issuance costs

     10,745  
  

 

 

 

Total Offering adjustments

   $ (679,255
  

 

 

 

 

  vi.  

Represents the adjustment to redeemable convertible units for the impact of the Corporate Conversion.

 

  vii.  

Represents the adjustment to common stock to reflect the Corporate Conversion, the acceleration of certain unvested incentive units upon the Offering, the grant of fully vested incentive units and our sale of common stock in this Offering.

 

81


Table of Contents
  viii.  

The following summarizes the adjustments related to additional paid in capital (in thousands):

 

Effect of the Corporate Conversion – Note 4(vi)

   $ 6,434,420  

Proceeds from sale of common stock – Note 4(i)

     893,170  

Impact of the acceleration of unvested incentive units (1)

     45,964  

Impact of the grant of incentive units (2)

     13,540  

Reclassification of unvested EARs (3)

     339  
  

 

 

 

Total Offering adjustments

   $ 7,387,433  
  

 

 

 

 

  (1) 

Represents the impact of the modification to accelerate the vesting terms of certain unvested incentive units. In connection with this offering, our Board approved the acceleration 2,614,115 unvested incentive units.

 

  (2) 

Represents the impact for grants of incentive units which were fully vested upon grant. In connection with this Offering, our Board granted 677,023 of fully vested incentive units.

 

  (3) 

Represents the impact of converting unvested EARs into restricted stock units.

 

  ix.  

The following summarizes the adjustments related to accumulated deficit (in thousands):

 

Write-off of the unamortized debt issuance costs – Note 4(v)

   $ (10,745

Impact of settlement of Take-Private Transaction equity awards (1)

     (60,269

Impact of settlement of Thoma Bravo monitoring fees – Note 4(ii)

     (2,417

Impact of settlement and modification of EARs (2)

     (10,096

Impact of the acceleration of unvested incentive units – Note 4(viii)

     (45,964

Impact of the grant of incentive units – Note 4(viii)

     (13,540

Adjustment to deferred tax liabilities (3)

     19,629  
  

 

 

 

Total Offering adjustments

   $ (123,402
  

 

 

 

 

  (1) 

Represents the impact of the acceleration of all outstanding equity awards that were issued in connection with the Take-Private Transaction. The impact above reflects the cash settlement amount per Note 4(i) of the Take-Private Transaction equity awards less the amount accrued as of October 31, 2024 per Note 4(ii).

 

  (2) 

Primarily represents the settlement of all vested EARs. In connection with this Offering, our Board approved the acceleration of vesting certain portions of outstanding unvested EARs. The impact above primarily reflect the cash settlement amount of the EARs per Note 4(i) less the amount accrued as of October 31, 2024 per Note 4(ii).

 

  (3) 

Represents the deferred tax benefit resulting from the impact of the other Offering Adjustments described in Note 4(ix).

 

82


Table of Contents
5.

Notes to the Offering Adjustments for Unaudited Pro Forma Condensed Statements of Operations

Offering adjustments include the following adjustments, which are based on the Company’s preliminary estimates and assumptions, related to the unaudited pro forma condensed consolidated statements of operations for the year ended January 31, 2024 and the nine months ended October 31, 2024:

 

  aa.  

The following summarizes for the non-recurring Offering adjustments to cost of revenue—subscription, cost of revenue—services and other, research and development, sales and marketing and general and administrative for the year ended January 31, 2024 (in thousands):

 

     Cost of
revenue—

subscription
     Cost of
revenue—

services
and other
     Research
and
development
     Sales and
marketing
     General and
administrative
     Total
Offering
Adjustments
 

Settlement of equity awards (1)

   $ 4,770      $ 4,063      $ 12,288      $ 21,933      $ 17,215      $ 60,269  

Settlement of Thoma Bravo monitoring fees (2)

     —         —         —         —         2,417        2,417  

Impact of settlement and modification of EARs (3)

     799        681        2,058        3,674        2,884        10,096  

Impact of the acceleration of unvested incentive units (4)

     3,638        3,099        9,371        16,727        13,129        45,964  

Impact of the grant of incentive units (5)

     1,072        912        2,761        4,927        3,868        13,540  
  

 

 

    

 

 

    

 

 

    

 

 

    

 

 

    

 

 

 

Total Offering adjustments

   $ 10,279      $ 8,755      $ 26,478      $ 47,261      $ 39,513      $ 132,286  
  

 

 

    

 

 

    

 

 

    

 

 

    

 

 

    

 

 

 

 

  (1)   

Represents the settlement in cash of all outstanding equity awards that were issued in connection with the Take-Private Transaction.

 

  (2)  

Represents the settlement of all outstanding fees payable by us to Thoma Bravo pursuant to the Advisory Services Agreement that will be terminated in connection with this offering.

 

  (3)   

Primarily represents the settlement all vested EARs. In connection with this offering, our Board approved the acceleration of vesting certain portions of outstanding unvested EARs.

 

  (4)  

Represents the impact of the modification to accelerate the vesting of 2,614,115 unvested incentive units in connection with this offering.

 

  (5)  

Represents the impact for grants of 677,023 fully vested incentive units in connection with this offering.

 

  bb.  

Represents (i) the change to interest expense for the reduction in contractual interest expense associated with the portion of the Term Loan that was repaid and (ii) the reduction in amortization expense associated with the unamortized debt issuance costs that were written-off as a result of the Term Loan repayment. The unamortized debt issuance costs written-off was recognized as a one-time loss on debt extinguishment and classified within interest expense. The following summarizes the Offering Adjustments (in thousands):

 

     Year Ended
January 31,
2024
     Nine Months
Ended
October 31,
2024
 

Reduction of contractual interest expense

   $ 79,044      $ 59,125  

Reduction in amortization of debt issuance costs

     994        1,402  

Loss on partial debt extinguishment

     (10,745      —   
  

 

 

    

 

 

 

Total Offering adjustments

   $ 69,293      $ 60,527  
  

 

 

    

 

 

 

 

  cc.  

Represents the adjustment to the income tax benefits as a result of the Offering adjustments based on the Company’s tax rate of 23.5% and 22.4% for the year ended January 31, 2024 and the nine months ended October 31, 2024, respectively.

 

83


Table of Contents
  dd.

Represents the adjustments to weighted average shares outstanding for the Transaction and the Offering. The adjustments reflect the Corporate Conversion. The following table presents the adjustment to the denominator of the pro forma basic and diluted net loss per share attributable to common stockholders (in thousands):

 

     Year Ended
January 31,
2024
     Nine Months
Ended
October 31,
2024
 

Reflect the impact of the partnership units converting to common stock as part of the Corporate Conversion

     447,507        449,721  

Reflect the impact of the Corporate Conversion on the issuance of Class A Units and Class B Units as part of the Transaction

     44,557        44,557  

Reflect the impact of the accelerated vesting of incentive units

     2,614        2,614  

Reflect the impact of the grant of incentive units

     677        677  

Reflect the issuance shares of common stock as part this Offering

     47,500        47,500  
  

 

 

    

 

 

 

Total Offering adjustments

     542,855        545,069  
  

 

 

    

 

 

 

 

84


Table of Contents

MANAGEMENT’S DISCUSSION AND ANALYSIS OF

FINANCIAL CONDITION AND RESULTS OF OPERATIONS

You should read the following discussion and analysis of our financial condition and results of operations together with our consolidated financial statements and the related notes and other financial information included elsewhere in this prospectus. Some of the information contained in this discussion and analysis or set forth elsewhere in this prospectus, including information with respect to our plans and strategy for our business, includes forward-looking statements that involve risks and uncertainties. You should review the “Risk Factors” section of this prospectus for a discussion of important factors that could cause actual results to differ materially from the results described in or implied by the forward-looking statements contained in the following discussion and analysis. The objective of this section is to provide investors with an understanding of the financial drivers and levers in our business and describe the financial performance of the business.

Our fiscal year end is January 31, and our fiscal quarters end on April 30, July 31, October 31, and January 31. Our fiscal year ended January 31, 2022 and fiscal year ended January 31, 2024 are referred to herein as “fiscal 2022” and “fiscal 2024,” respectively.

Overview

We deliver solutions to enable comprehensive identity security for the enterprise. We do this by unifying identity data across systems and identity types, including employee identities, non-employee identities, and machine identities. Our SaaS and customer-hosted offerings leverage intelligent analytics to provide organizations with critical visibility into which identities currently have access to which resources, which identities should have access to those resources, and how that access is being used. Our solutions enable organizations to establish, control, and automate policies that help them define and maintain a robust security posture and achieve regulatory compliance. Powered by AI, our solutions enable organizations to overcome the scale and complexity of managing identities in real-time across dynamic, complex IT environments. Our solutions empower organizations to maintain a robust security posture and achieve regulatory compliance.

Today, we offer a range of solutions to meet the varied needs of our customers across a broad set of deployment options including: Identity Security Cloud, our SaaS-based cloud solution built on our unified platform, Atlas, and IdentityIQ, our customer-hosted identity security solution. These solutions are designed to enable our customers to make more effective decisions regarding access, improve security processes, and provide them with a deeper understanding of identity and access.

 

85


Table of Contents

SailPoint was founded in 2005 by industry experts to develop a new category of identity solutions, address emerging identity security challenges, and drive innovation in the identity market. After establishing leadership in on-premises identity solutions, SailPoint pioneered standalone identity governance and administration SaaS solutions with advanced analytics. Today, SailPoint delivers a robust, extensible SaaS platform for identity security that is ready for the AI age with modern data architecture and just-in-time access to critical data for advanced use cases.

 

 

LOGO

In recent years, we have transitioned our business to a subscription model. This transition is substantially complete with subscription revenue, which consists primarily of SaaS, maintenance, and term subscriptions, comprising 89% and 92% of our total revenue for the year ended January 31, 2024 and the nine months ended October 31, 2024 respectively. As of October 31, 2024, our ARR was $813.2 million, reflecting an increase of 30% compared to October 31, 2023. Of the 30% increase in ARR, approximately 16% was attributable to new customers and approximately 15% was attributable to existing customers with approximately 3% of this increase attributable to migrations from our on premises solutions (primarily maintenance on previously sold perpetual licenses as well as term subscriptions) to our SaaS solution. Today, our go-to-market motion is focused primarily on our SaaS solution, and the growth in our ARR is primarily driven by an increase in SaaS ARR. As of October 31, 2024, our SaaS ARR was $485.7 million, reflecting an increase of 40% as compared to $346.0 million as of October 31, 2023. Of the 40% increase in SaaS ARR, approximately 24% was attributable to new customers and approximately 19% was attributable to existing customers with approximately 8% of this increase attributable to migrations from our on-premises solutions (primarily maintenance on previously sold perpetual licenses as well as term subscriptions) to our SaaS solution.

Our transformation has led to rapid growth while increasing the visibility and predictability of our financial model. As of January 31, 2022, 2023, and 2024, our ARR was $374.6 million, $520.1 million, and $681.8 million, respectively, representing year-over-year growth of 44%, 39%, and 31%, respectively. As of January 31, 2022, 2023, and 2024, our SaaS ARR was $166.9 million, $266.6 million, and $388.3 million, respectively, representing year-over-year growth of 83%, 60%, and 46%, respectively.

For the fiscal year ended January 31, 2022 (Predecessor), period from February 1, 2022 to August 15, 2022 (Predecessor), period from August 16, 2022 to January 31, 2023 (Successor), fiscal year ended January 31, 2024 (Successor), and nine months ended October 31, 2024 (Successor):

 

   

Our revenue was $450.0 million, $276.2 million, $276.7 million, $699.6 million, and $621.5 million, respectively.

 

86


Table of Contents