Intelligent Protection Management (IPM) Risk Factors

The online live video industry is characterized by rapid change, and our future success is dependent upon our ability to adopt and innovate. To attract new users and increase revenues from existing users, we need to enhance, add new features to and improve our existing applications, introduce new applications in the future and where applicable, cross-market such applications. The success of any enhancements or new features and applications depends on several factors, including timely completion, introduction and market acceptance. Building a new brand or product is generally an iterative process that occurs over a meaningful period of time and involves considerable resources and expenditures, and we may expend significant time and resources developing and launching an application that may not result in revenues in the anticipated timeframe or at all or may not result in revenue growth that is sufficient to offset increased expenses. If we are unable to successfully develop enhancements, new features or new applications to meet user trends and preferences, our business and operating results could be adversely affected. In addition, our applications are designed to operate on a variety of network, hardware and software platforms using internet tools and protocols and we need to continuously modify and enhance our applications to keep pace with technological changes. If we are unable to respond in a timely and cost-effective manner, our current and future applications may become less marketable and less competitive or even obsolete.

We receive, process, store and transmit a significant amount of personal user and other confidential information, including credit card information, and enable our users to share their personal information with each other. In some cases, we retain third party vendors to store this information. We continuously develop and maintain systems to protect the security, integrity and confidentiality of this information, but cannot guarantee that inadvertent or unauthorized use or disclosure will not occur or that third parties will not gain unauthorized access to this information despite our efforts. If any such event were to occur, we may not be able to remedy the event, and we may have to expend significant capital and resources to mitigate the impact of such an event, and to develop and implement protections to prevent future events of this nature from occurring. Security breaches, computer malware and cybersecurity incidents have become more prevalent in our industry and may occur on our systems in the future. Although it is difficult to determine what, if any, harm may directly result from an interruption or attack, any security breach caused by hacking, including efforts to gain unauthorized access to our applications, servers or websites, or to cause intentional malfunctions or loss or corruption of data, software, hardware or other computer equipment, and the inadvertent transmission of computer viruses could harm our business, financial condition and results of operations. If a breach of our security (or the security of our vendors and partners) occurs, the perception of the effectiveness of our security measures and our reputation may be harmed, we could lose current and potential users and the recognition of our various brands and their competitive positions could be diminished, any or all of which could adversely affect our business, financial condition and results of operations. Spammers may attempt to use our products to send targeted and untargeted spam messages to users, which may embarrass or annoy users and make our products less user friendly. We cannot be certain that the technologies that we have developed to repel spamming attacks will be able to eliminate all spam messages from our products. Our actions to combat spam may also require diversion of significant time and focus of our engineering team from improving our products. As a result of spamming activities, our users may use our products less or stop using them altogether, and result in continuing operational cost to us. Furthermore, the adoption of certain technologies, such as cloud computing, artificial intelligence and machine learning may increase the risks associated with cyber attacks. Similarly, terror and other criminal groups may use our products to promote their goals and encourage users to engage in terror and other illegal activities. We expect that as more people use our products, these groups will increasingly seek to misuse our products. Although we invest resources to combat these activities, including by suspending or terminating accounts we believe are violating our Terms of Service, we expect these groups will continue to seek ways to act inappropriately and illegally on our products. Combating these groups requires our engineering team to divert significant time and focus from improving our products. In addition, we may not be able to control or stop our products from becoming the preferred application of use by these groups, which may become public knowledge and seriously harm our reputation or lead to lawsuits or attention from regulators. If these activities increase, our reputation, user growth and user engagement, and operational cost structure could be seriously harmed. Furthermore, many governments have enacted laws requiring companies to provide notice of data security incidents involving certain types of personal data. Such laws are inconsistent, and compliance in the event of a widespread data breach is costly. We maintain a work-from-home policy for our employees. Remote work and remote access increase our vulnerability to cybersecurity attacks. We may see an increase in cyberattack volume, frequency and sophistication driven by the global enablement of remote workforces. We seek to detect and investigate unauthorized attempts and attacks against our network, products and services and to prevent their recurrence where practicable through changes to our internal processes and tools and changes or updates to our products and services; however, we remain potentially vulnerable to additional known or unknown threats. In some instances, we and the users of our applications can be unaware of an incident or its magnitude and effects. Moreover, globally there has been an increase in cybersecurity attacks since Russia invaded Ukraine. The risk of state-supported and geopolitical-related cyber-attacks may increase in connection with the war in Ukraine and any related political or economic responses and counter-responses. We may not discover all such incidents or activity or be able to respond or otherwise address them promptly, in sufficient respects or at all. Our existing general liability insurance coverage and the coverage we carry for cyber-related liabilities may not continue to be available on acceptable terms or be available in sufficient amounts to cover one or more large claims or that the insurer will not deny coverage as to any future claim. The successful assertion of one or more large claims against us that are not covered or exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could harm our business.

The tax regimes we are subject to or operate under, including income and non-income taxes, are unsettled and may be subject to significant change. For example, the Inflation Reduction Act (the "IRA") was signed into law on August 16, 2022 and became effective on January 1, 2023. We do not currently expect that the IRA will have a material impact on our income tax liability. We are unable to predict what changes to the tax laws of the U.S. and other jurisdictions may be proposed or enacted in the future or what effect such changes would have on our business. Any significant increase in our future effective tax rate could have a material adverse impact on our business, financial condition, results of operations, or cash flows.

State, federal and international laws and regulations govern the collection, use, retention, sharing and security of data that we receive from and about our users. These laws can be particularly restrictive in certain states and in countries outside of the United States. In addition, the application and interpretation of these laws and regulations are often uncertain, particularly in the new and rapidly evolving industries in which we operate. The European Union has implemented a privacy regulation called the GDPR that imposes a high level of regulatory scrutiny on our business' processing of personal data from the European Economic Area, with possible financial consequences for noncompliance of up to 4% of our worldwide revenues. The FTC regularly investigates and brings enforcement actions against companies that have used personally identifiable information in a deceptive or unfair manner or in violation of a posted privacy policy. If we are accused of violating the terms of our privacy policy, implementing unfair privacy practices or otherwise breaching data privacy laws, we may be forced to expend significant financial and managerial resources to defend against an action by the FTC, European Data Protection Authorities, or other state or federal enforcement agencies. Our user database holds the personal information of our users and subscribers residing in the United States and other countries, and we could be sued by those users if any of the information is misused or misappropriated. Growing public concern about privacy and the use of personal information may subject us to increased regulatory scrutiny. Regulations related to treatment of user data by online services are evolving as several U.S. state governments have recently adopted new, or modified existing, laws and regulations addressing data privacy and the collection, processing, storage, transfer and use of data. These state laws include, for example: CCPA, the CPRA, which became effective on January 1, 2023, and expands upon the CCPA, the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Act Concerning Personal Data Privacy and Online Monitoring, the Utah Consumer Privacy Act, the Delaware Personal Data Privacy Act, the Indiana Consumer Data Protection Act, the Iowa Consumer Data Protection Act, the Montana Consumer Data Privacy Act, the Oregon Consumer Privacy Act, the Tennessee Information Protection Act, the Texas Data Privacy and Security Act and the New York SHIELD Act. In addition, every U.S. state has passed laws requiring notification to users when there is a security breach resulting in unauthorized disclosure of certain types of personal information, many of which are modeled on California's Information Practices Act. There are a number of legislative proposals pending before the U.S. Congress and various state legislative bodies concerning data protection that could, if adopted, have an adverse effect on our business. We are unable to determine if and when such legislation may be adopted. Many other jurisdictions, including the European Union, have adopted breach notification and other data protection notification laws designed to inform users of unauthorized disclosure of personally identifiable information. The introduction of new privacy and data breach laws and the interpretation of existing privacy and data breach laws in the United States, Europe and other foreign jurisdictions is constantly evolving. There is a risk that new laws may be introduced or that existing laws may be applied in a way that would conflict our current data protection practices or prevent the transfer of data between countries in which we operate. Future laws and regulations with respect to the collection, compilation, use and publication of information and consumer privacy could result in limitations on our operations, increased compliance or litigation expense, adverse publicity or loss of revenue, any of which could have a material adverse effect on our business, financial condition and results of operations. Any failure, or perceived failure, by us to comply with such laws and regulations, including FTC requirements or industry self-regulatory principles, could result in proceedings or actions against us by governmental entities or others, which could potentially have an adverse effect on our business. As a result of such a failure, or perceived failure, we may be subject to a claim or class-action lawsuit regarding our online services. The successful assertion of a claim against us, or a regulatory action against us, could result in significant monetary damages, diversion of management resources and require us to make significant payments and incur substantial legal expenses. Any claims with respect to violation of privacy or misappropriation of user data brought against us may have a material adverse effect on our business, results of operations and financial condition. It is also possible that we could be prohibited from collecting or disseminating certain types of data, which could affect our ability to meet our users' needs.

The industry in which we compete is highly competitive and has few barriers to entry. If we are unable to efficiently and effectively attract new users as a result of intense competition or a saturated market, we may not be able to continue the provision, development and enhancement of our consumer applications or become profitable on a consistent basis in the future. Important factors affecting our ability to successfully compete include: - the usefulness, novelty, performance, ease of use, and reliability of our consumer applications compared to our competitors;- the timing and market acceptance of our consumer applications, including developments and enhancements of our competitors' consumer applications;- our ability to effectively monetize our consumer applications and the availability of free or cheaper alternatives from our competitors;- our ability to hire and retain talented employees, including technical employees, executives, and marketing experts;- the success of our customer service and support efforts;- our reputation and brand strength compared to our competitors;- competition for acquiring users that could result in increased user acquisition costs;- reliance upon the platforms through which our consumer applications are accessed and the platform owner's ability to control our activities on such platforms;- the effectiveness of the marketing and advertisement of our services and consumer applications;- our ability to maintain advertisers' interest in advertising through our consumer applications;- our ability to innovate in the ever-changing consumer applications industry in which we operate;- changes as a result of new legislation or regulation within the consumer applications industry; and - acquisitions or consolidations within the consumer applications industry. Many of our current and potential competitors offer similar services and have longer operating histories, significantly greater capital, financial, technical, marketing and other resources and larger user or subscriber bases than we do. These factors may allow our competitors to more quickly respond to new or emerging technologies and changes in client or consumer preferences. These competitors may engage in more extensive research and development efforts, undertake more far-reaching marketing campaigns and adopt more aggressive pricing strategies that may allow them to build larger user bases consisting of greater numbers of paying users. Our competitors may develop applications and software that are equal or superior to our applications and software or that achieve greater market or industry acceptance. It is possible that a new application developed or offered by one of our competitors could gain rapid scale at the expense of existing brands through harnessing a new technology or distribution channel, creating a new approach to connecting people. Certain entities that we do not directly compete with but that have large or dominant positions in one or more markets could use those positions to gain a competitive advantage against us by integrating competing video chat or social media platforms into products they control, such as search engines, web browsers or mobile device operating systems. Costs for consumers to switch between products in the video chat industry are generally low, and consumers have a propensity to try new products to connect with new people. As a result, new entrants and business models are likely to continue to emerge in our industry. These activities could attract users and subscribers away from our applications and reduce our market share. If we are unable to effectively compete, we may fail to obtain new users for our products or our users may discontinue the use of our products and we may lose active users, either of which would have a material adverse effect on our business, results of operations and financial condition.

On an annual basis the Company has millions of users; however, compared to the total number of users in any given period, only a small portion of our users are active users or purchasers of virtual gifts. We primarily generate revenue through the sale of subscriptions and virtual gifts to this small portion of users and secondarily generate revenue through paid advertisements. Accordingly, the success of our consumer applications is substantially dependent on our ability to convert our users into active users and to sell our users virtual gifts. Users discontinue the use of our applications in the ordinary course of business, and to sustain our revenue levels, we must attract, retain and increase the number of users or more effectively monetize our existing users. Falling user retention, growth or engagement could also make our applications less attractive to advertisers, which could harm our business. There are a number of factors that could negatively impact user retention, growth and engagement, including, among other things: - users may adopt competing products instead of ours;- we may fail to introduce new products and services or improve upon our existing applications, or those new products and services or improvements we introduce may be poorly received;- our products may fail to operate effectively on mobile or other platforms;- we may be unable to combat spam or other hostile or inappropriate usage on our products;- there may be adverse changes in user sentiment about the quality or usefulness of our existing products;- there may be concerns about the privacy implications, safety or security of our products;- technical or other problems may frustrate the experience of our users, particularly if those problems prevent us from delivering our products in a fast and reliable manner;- we may fail to provide adequate service to our users;- we or other companies in our industry may be the subject of adverse media reports or other negative publicity;- we may not maintain our brand image or our reputation may be damaged; and - we may be subject to denial of service or other attacks from hackers that result in service downtime. To retain existing users, and particularly those users who are paying subscribers, we must devote significant resources so that our applications retain their interest. If we fail to grow or sustain the number of our users, or if the rates at which we attract and retain existing users declines or the rate at which users become paying subscribers declines, it could have a material adverse effect on our business, results of operations or financial condition.

We believe that developing, establishing and maintaining awareness of our application brands is critical to our efforts to achieve widespread acceptance of our applications and is an important element to expanding our subscriber base. Successful promotion of our application brands will depend largely on the effectiveness of our advertising and marketing efforts and on our ability to provide reliable and useful applications at competitive prices. If users do not perceive our products to be of high quality, or if our products are not favorably received by users, the value of our brands could diminish, thereby decreasing the attractiveness of our software, services and applications to users. In addition, advertising and marketing activities may not yield increased revenue, and even if they do, any increased revenue may not offset the expenses we incurred in building our brands. If we fail to successfully promote and maintain our application brands or incur substantial expenses in unsuccessfully attempting to promote and maintain our brands, we may fail to attract enough new subscribers or retain our existing subscribers to the extent necessary to realize a sufficient return on our advertising and marketing activities, and it could have a material adverse effect on our business, results of operations or financial condition.

We cannot control our users' communications with each other or physical actions towards one another. There is a possibility that users or third parties could be physically or emotionally harmed following interaction with another user. We warn our users that we do not screen other users and, given our lack of physical presence, we do not take any action to ensure personal safety on a meeting between users or subscribers arranged following contact initiated via our applications or ensure personal safety of our users against self-harming following contact with other users initiated via our applications. If an unfortunate incident of this nature occurred in a meeting of two people following contact initiated on our applications or that of one of our competitors, any resulting negative publicity could materially and adversely affect us or the online video chat industry in general. Any such incident involving our applications could damage our reputation and our brand, which could have a material adverse effect on our business, results of operations or financial condition. In addition, the affected users or third parties could initiate legal action against us, which could divert management attention from operations, cause us to incur significant expenses, whether we are successful or not, and damage our reputation.

Our business may be affected by changes in the economy generally, including as a result of pandemics, terrorist attacks, natural disasters or other events outside our control, and any resulting effect on spending by our customers. Furthermore, prolonged periods of inflation have affected, and may continue to affect, our ability to target new customers as well as keep existing customers engaged and may ultimately have a correlating effect on our users' discretionary spending. While some of our customers may consider our applications to be a cost-saving purchase, others may view a subscription to our applications as a discretionary purchase, and our customers may reduce their discretionary spending on our platform during an economic downturn. Moreover, while we continue to add paid users to our customer base, our user growth may continue to slow or decline as the impact of the highly inflationary environment, which makes products like ours more discretionary in nature. In addition, increased inflation may result in increased operating costs (including labor and consulting costs), reduced liquidity, and limitations on our ability to access credit or otherwise raise debt and equity capital. In addition, the United States Federal Reserve has raised, and may continue to raise, interest rates in response to concerns about inflation. Increases in interest rates, especially if coupled with reduced government spending and volatility in financial markets, may have the effect of further increasing economic uncertainty and heightening these risks. In an inflationary environment, we may be unable to raise the prices of our subscriptions at or above the rate at which our costs increase, which could/would reduce our profit margins and have a material adverse effect on our financial results and liquidity. A reduction in our revenue would be detrimental to our profitability and financial condition and could also have an adverse impact on our future growth.

Presently, we derive a significant portion of revenue from users located outside of the United States. In addition, we rely on outsourced development services from companies with consultants based in Russia, India and elsewhere. The invasion of Ukraine by Russia has escalated tensions among the United States, the North Atlantic Treaty Organization ("NATO") member states, and Russia. The United States, other NATO member states, as well as non-member states, have imposed sanctions against Russia and certain Russian banks, enterprises and individuals. These and any future additional sanctions and any resulting conflict between Russia, the United States and other countries may, on a short term, disrupt, or in the future could disrupt, the consulting services provided by our third-party developers residing in Russia. This conflict may increase our costs with respect to any current or future planned development services in Russia or could result in negative publicity. We may enter new international markets where we have limited or no experience in marketing, selling and deploying our products. If we fail to deploy or manage our operations in international markets successfully, our business may suffer. As our international operations increase our operating results may become more greatly affected by fluctuations in the exchange rates of the currencies in which we do business. In addition, we are subject to a variety of risks inherent in doing business internationally, including: - political, social, and economic instability;- risks related to the legal and regulatory environment in foreign jurisdictions, including with respect to privacy, free speech and unexpected changes in laws, regulatory requirements, and enforcement;- potential damage to our brand and reputation due to compliance with local laws, including potential censorship and requirements to provide user information to local authorities;- fluctuations in currency exchange rates;- higher levels of credit risk and payment fraud;- complying with multiple tax jurisdictions;- reduced protection for intellectual-property rights in some countries;- difficulties in staffing and managing global operations and the increased travel, infrastructure and compliance costs associated with multiple international locations;- regulations that might add difficulties in repatriating cash earned outside the United States and otherwise preventing us from freely moving cash;- import and export restrictions and changes in trade regulation;- complying with statutory equity requirements;- complying with the U.S. Foreign Corrupt Practices Act, the U.K. Bribery Act and similar laws in other jurisdictions;- the impact of the United Kingdom's exit from the European Union; and - export controls and economic sanctions administered by the Department of Commerce Bureau of Industry and Security and the Treasury Department's Office of Foreign Assets Control. If we are unable to expand internationally and manage the complexity of our global operations successfully, our business could be seriously harmed.