Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	Risk Management and Strategy We rely on information technology systems and networks to manage critical business processes, including payment processing, supply chain operations, and marketing activities. To protect these systems and associated data, we maintain a comprehensive cybersecurity risk management program designed to identify, assess, and manage material risks from cybersecurity threats. This program addresses risks to our computer networks, third-party hosted services, communications systems, hardware and software, and sensitive data, including intellectual property, confidential business information, and customer data. Our cybersecurity risk management program is integrated into our overall enterprise risk management framework and includes policies such as our Incident Response Policy and Cybersecurity Incident Reporting Policy. We identify and assess cybersecurity threats through internal monitoring, automated tools, threat intelligence subscriptions, vulnerability scans, penetration testing, and periodic risk assessments. Based on these assessments, we implement and maintain technical, physical, and organizational measures designed to prevent, detect, respond to, and recover from cybersecurity incidents. These measures include encryption of sensitive data, network security controls, access management, asset tracking, and employee security training. We utilize third-party service providers for critical functions such as cloud hosting, payment processing, and application support. Depending on the nature of the services provided and the sensitivity of the data involved, our vendor management process includes reviewing cybersecurity practices, imposing contractual obligations, conducting vulnerability assessments, requiring providers to complete security questionnaires, periodic reassessments during engagement, and ongoing monitoring through external security firms. We also collect compliance documentation and reports annually to ensure adherence to our standards. As part of our broader risk management efforts, we maintain a Business Continuity Plan and Disaster Recovery Plan that outline strategies to maintain critical operations during disruptions and restore IT systems and data in the event of a major incident. These plans include defined recovery time objectives, recovery point objectives, and tested protocols for swift restoration. We also maintain cyber insurance coverage intended to mitigate certain costs associated with cybersecurity incidents. While we have not identified any cybersecurity incidents that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition, cybersecurity threats continue to evolve, and we cannot guarantee that future incidents will not have a material impact. Potential impacts could include increased costs for remediation and security measures, operational disruptions, reputational harm, and limitations on insurance recovery.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	Our cybersecurity risk management program is integrated into our overall enterprise risk management framework and includes policies such as our Incident Response Policy and Cybersecurity Incident Reporting Policy. We identify and assess cybersecurity threats through internal monitoring, automated tools, threat intelligence subscriptions, vulnerability scans, penetration testing, and periodic risk assessments. Based on these assessments, we implement and maintain technical, physical, and organizational measures designed to prevent, detect, respond to, and recover from cybersecurity incidents. These measures include encryption of sensitive data, network security controls, access management, asset tracking, and employee security training.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	Oversight of cybersecurity risk is provided by the Audit Committee of our Board of Directors, which reviews and discusses cybersecurity risks and mitigation strategies as part of its enterprise risk oversight responsibilities. The Audit Committee receives quarterly updates on cybersecurity matters and is informed promptly of any material developments between meetings.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	Oversight of cybersecurity risk is provided by the Audit Committee of our Board of Directors, which reviews and discusses cybersecurity risks and mitigation strategies as part of its enterprise risk oversight responsibilities.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Audit Committee receives quarterly updates on cybersecurity matters and is informed promptly of any material developments between meetings.
Cybersecurity Risk Role of Management [Text Block]	Our Chief Information Officer, Derek Tonn, leads the implementation of our cybersecurity program. Mr. Tonn has extensive experience in information technology and cybersecurity, having previously served as our Senior Vice President of IT and Analytics, where he oversaw the creation of our data and cybersecurity program. He is responsible for hiring appropriate personnel, integrating cybersecurity risk considerations into our overall risk management strategy, approving budgets, and overseeing incident response processes. We also engage external consultants to assist with annual enterprise risk assessments and to validate the design and effectiveness of our cybersecurity controls. Our incident response processes are designed to escalate significant cybersecurity incidents to senior management and the Audit Committee in accordance with our Cybersecurity Incident Reporting Policy. These processes include classification, escalation, and communication protocols and are periodically tested and updated. Employees receive regular security training, including phishing simulations and awareness campaigns, to reinforce best practices.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	Our Chief Information Officer, Derek Tonn, leads the implementation of our cybersecurity program. Mr. Tonn has extensive experience in information technology and cybersecurity, having previously served as our Senior Vice President of IT and Analytics, where he oversaw the creation of our data and cybersecurity program. He is responsible for hiring appropriate personnel, integrating cybersecurity risk considerations into our overall risk management strategy, approving budgets, and overseeing incident response processes. We also engage external consultants to assist with annual enterprise risk assessments and to validate the design and effectiveness of our cybersecurity controls.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	Mr. Tonn has extensive experience in information technology and cybersecurity, having previously served as our Senior Vice President of IT and Analytics, where he oversaw the creation of our data and cybersecurity program.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	Our incident response processes are designed to escalate significant cybersecurity incidents to senior management and the Audit Committee in accordance with our Cybersecurity Incident Reporting Policy. These processes include classification, escalation, and communication protocols and are periodically tested and updated. Employees receive regular security training, including phishing simulations and awareness campaigns, to reinforce best practices.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2025

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Risk Management and Strategy

We rely on information technology systems and networks to manage critical business processes, including payment processing, supply chain operations, and marketing activities. To protect these systems and associated data, we maintain a comprehensive cybersecurity risk management program designed to identify, assess, and manage material risks from cybersecurity threats. This program addresses risks to our computer networks, third-party hosted services, communications systems, hardware and software, and sensitive data, including intellectual property, confidential business information, and customer data.

Our cybersecurity risk management program is integrated into our overall enterprise risk management framework and includes policies such as our Incident Response Policy and Cybersecurity Incident Reporting Policy. We identify and assess cybersecurity threats through internal monitoring, automated tools, threat intelligence subscriptions, vulnerability scans, penetration testing, and periodic risk assessments. Based on these assessments, we implement and maintain technical, physical, and organizational measures designed to

prevent, detect, respond to, and recover from cybersecurity incidents. These measures include encryption of sensitive data, network security controls, access management, asset tracking, and employee security training.

We utilize third-party service providers for critical functions such as cloud hosting, payment processing, and application support. Depending on the nature of the services provided and the sensitivity of the data involved, our vendor management process includes reviewing cybersecurity practices, imposing contractual obligations, conducting vulnerability assessments, requiring providers to complete security questionnaires, periodic reassessments during engagement, and ongoing monitoring through external security firms. We also collect compliance documentation and reports annually to ensure adherence to our standards.

As part of our broader risk management efforts, we maintain a Business Continuity Plan and Disaster Recovery Plan that outline strategies to maintain critical operations during disruptions and restore IT systems and data in the event of a major incident. These plans include defined recovery time objectives, recovery point objectives, and tested protocols for swift restoration. We also maintain cyber insurance coverage intended to mitigate certain costs associated with cybersecurity incidents.

While we have not identified any cybersecurity incidents that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition, cybersecurity threats continue to evolve, and we cannot guarantee that future incidents will not have a material impact. Potential impacts could include increased costs for remediation and security measures, operational disruptions, reputational harm, and limitations on insurance recovery.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

Oversight of cybersecurity risk is provided by the Audit Committee of our Board of Directors, which reviews and discusses cybersecurity risks and mitigation strategies as part of its enterprise risk oversight responsibilities. The Audit Committee receives quarterly updates on cybersecurity matters and is informed promptly of any material developments between meetings.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

The Audit Committee receives quarterly updates on cybersecurity matters and is informed promptly of any material developments between meetings.

Cybersecurity Risk Role of Management [Text Block]

Our Chief Information Officer, Derek Tonn, leads the implementation of our cybersecurity program. Mr. Tonn has extensive experience in information technology and cybersecurity, having previously served as our Senior Vice President of IT and Analytics, where he oversaw the creation of our data and cybersecurity program. He is responsible for hiring appropriate personnel, integrating cybersecurity risk considerations into our overall risk management strategy, approving budgets, and overseeing incident response processes. We also engage external consultants to assist with annual enterprise risk assessments and to validate the design and effectiveness of our cybersecurity controls.

Our incident response processes are designed to escalate significant cybersecurity incidents to senior management and the Audit Committee in accordance with our Cybersecurity Incident Reporting Policy. These processes include classification, escalation, and communication protocols and are periodically tested and updated. Employees receive regular security training, including phishing simulations and awareness campaigns, to reinforce best practices.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Mr. Tonn has extensive experience in information technology and cybersecurity, having previously served as our Senior Vice President of IT and Analytics, where he oversaw the creation of our data and cybersecurity program.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true