Pinterest (PINS) Risk Factors

We rely, and expect to continue to rely, on a combination of confidentiality, invention assignment and license agreements with our employees, consultants and other third parties with whom we have relationships, as well as trademark, copyright, patent and trade secret protection laws, to protect our proprietary rights. We have filed various applications for certain aspects of our intellectual property in the United States and other countries, and we currently hold issued patents in multiple jurisdictions. Further, there can be no assurance that each of our patent applications will result in the issuance of a patent. In addition, any resulting issued patents may have claims narrower than those in our patent applications. There can be no assurance that each of our trademark registration applications will result in the issuance of a trademark or that each resulting trademark registration will be able to be maintained. In the future we may acquire additional patents or patent portfolios, license patents from third parties or agree to license the use of our patents to third parties, which could require significant cash expenditures. Additionally, our current and future patents, trademarks and other intellectual property or other proprietary rights may be contested, circumvented or found unenforceable or invalid. Third parties may knowingly or unknowingly infringe or challenge our proprietary rights. Effective intellectual property protection may not be available in every country in which we operate or intend to operate our business. We may not be able to prevent infringement without incurring substantial time and expense, if at all. There can be no assurance that others will not offer technologies, products, services, features or concepts that are substantially similar to ours and compete with our business. Similarly, particularly as we expand the scope of our business and the countries in which we operate, we may not be able to prevent third parties from infringing, or challenging our use of, our intellectual property rights, including those used to build and distinguish the "Pinterest" brand. If the protection of our proprietary rights is inadequate to prevent unauthorized use or appropriation by third parties, the value of our brand and other intangible assets may be diminished and competitors may be able to more effectively mimic our technologies, products, services or features or methods of operations. Any of these events could harm our business, revenue and financial results.

As a social media company we are frequently targeted by cybersecurity attacks because we receive, process, use, store, and share digitally large amounts of data, including user data as well as confidential, sensitive, proprietary, and personal information in the ordinary course of our business. There can be no assurance that any cybersecurity attack or incident will not be material or ultimately result in significant legal, financial, and reputational harm, including government inquiries, enforcement actions, litigation, and negative publicity. Our efforts to protect our internal data or the information that users, creators, publishers and advertisers and other partners have shared with us may be unsuccessful due to the actions of third parties, software bugs, misconfigurations, vulnerabilities or other technical malfunctions, cybersecurity attacks, employee error or malfeasance, hacking, ransomware, viruses or other factors. In addition, third parties have in the past and may in the future attempt to induce our personnel, users, creators, publishers, advertisers or vendors to disclose information to gain access to our data, advertisers' data or users' data. Further, because the login credentials or passwords employed by users to access our platform may be similar to or the same as the ones that they use in connection with other platforms or websites, a breach in the security of those platforms or websites can allow third parties to gain unauthorized access to users' accounts on our platform. If any of the events described above occur, our information or personnel's, users', creators', publishers' or advertisers' information could be accessed or disclosed improperly. If a third-party gains unauthorized access to our platform, they may, among other things, post malicious spam and other content on our platform using a user's, creator's, publishers' or advertiser's account, which could negatively affect our platform, reputation, and business. Some third parties, including advertisers and vendors, store information that we share with them on their networks. If these third parties fail to implement adequate data-security practices or fail to comply with our terms and policies, users' data may be improperly accessed, used or disclosed. Even if these third parties take all the necessary precautions, their networks may still suffer a breach, which could compromise the data we share with them. Any incidents where personnel's, users', creators', publishers', advertisers' or our information is accessed without authorization or is improperly used, or incidents that violate our privacy policy, terms of service or other policies, or the perception that an incident has occurred, could damage our brand and reputation, adversely impact our competitive position and result in significant costs. We may be required or choose to notify government authorities or affected personnel or users regarding security incidents, and government authorities or affected personnel, users, creators, publishers or advertisers could initiate legal or regulatory action against us over those incidents, which could cause us to incur significant expense and liability or result in orders or consent decrees forcing us to modify our business practices. It may be difficult and costly to detect, investigate, mitigate, contain, and remediate a cybersecurity incident and our efforts to do so may not be successful. Actions taken by us or the third parties with whom we work to detect, investigate, mitigate, contain, and remediate a security incident could result in outages, data losses, and disruptions of our business. Threat actors may also gain access to other networks and systems after a compromise of our networks and systems. Further, there can be no assurance that our insurance coverage will be sufficient to compensate for related losses resulting from a cybersecurity incident. In addition, we may expend significant resources or modify our business activities to adopt additional measures designed to protect against security incidents. Certain data privacy and security obligations require us to implement and maintain specific security measures or industry-standard or reasonable security measures to protect our systems and sensitive information. While we have implemented security measures designed to protect against security incidents, there can be no assurance that these measures will be effective. Maintaining the trust of users, creators, publishers and advertisers is important to sustain user and advertiser growth, retention and engagement, and we may incur significant costs in an effort to detect and prevent security incidents. Concerns over our information security or data privacy practices, whether actual or unfounded, can subject us to negative publicity and damage our brand and reputation and deter users, creators, publishers and advertisers from using our platform. Any of these occurrences could harm our business, revenue and financial results.

Governmental authorities outside the United States have restricted, and may in the future seek to restrict access to our platform if they consider us to be in violation of their laws or for other reasons. For example, access to our service has been or is currently restricted in whole or in part in certain countries. Other governments may seek to restrict access to or block our platform, prohibit or block the hosting of certain content available through our platform, or impose other restrictions that may affect the accessibility or usability of our platform in that country for a period of time or even indefinitely. We may also decide to stop offering our platform in a country as a result of these types of restrictions. For example, some countries have enacted laws that allow websites to be blocked for hosting certain types of content or may require websites to remove certain restricted content, to appoint local representatives in the country, or to store user data within that country. It can be challenging or impractical to manage the requirements of multiple jurisdictions governing the type and nature of the content available on our platform. If additional prohibitions or restrictions are imposed on our platform, or if our competitors are able to successfully penetrate new geographic markets or capture a greater share of existing geographic markets that we cannot access or where we face other restrictions, our user growth, retention and engagement may be adversely affected, and our business, revenue and financial results could be harmed.

We receive, process, store, use and share data, some of which contains personal information. There are numerous federal, state, local and foreign laws and regulations regarding matters central to our business, data privacy and the collection, storing, sharing, use, processing, disclosure and protection of personal information and other data from users, employees and business partners, the scope of which are regularly changing, subject to uncertain and differing interpretations and may be inconsistent among countries or states or conflict with other rules. The application and interpretation of these laws and regulations are often uncertain, particularly in the new and rapidly evolving industry in which we operate, and as the focus on data privacy and data protection increases globally, we are, and will continue to be, subject to varied and evolving data privacy and data protection laws. We are subject to GDPR which expands the rights of individuals to control how their personal data is processed, includes restrictions on the use of personal data of children, creates new regulatory and operational requirements for processing personal data (in particular in case of a data breach), increases requirements for security and confidentiality, restricts transfers of data outside of the European Economic Area and provides for significant penalties for non-compliance, including fines of up to 4% of global annual turnover for the preceding financial year or €20 million (whichever is higher) for the most serious infringements. Additionally, we have historically relied upon multiple legally valid transfer mechanisms to transfer certain personal data outside of the European Economic Area, including the EU-U.S. Privacy Shield Framework and Standard Contractual Clauses (SCCs). The Court of Justice of the European Union ruled that the EU-U.S. Privacy Shield is an invalid transfer mechanism, but upheld the validity of the SCCs subject to future elaboration of additional safeguards by regulators such as specific "supplemental measures" that should be undertaken to protect EU data subjects. While the EU Commission has approved a new EU-U.S Data Privacy Framework, which Pinterest has applied to join, the validity of data transfer mechanisms and additional safeguards remains subject to legal, regulatory, and political review and developments in both Europe and the U.S. The invalidation of data transfer mechanisms, or the potential invalidation of additional safeguards could have a significant adverse impact on our ability to process and transfer the personal data of EEA users outside of the European Economic Area. The State of California enacted the CCPA which requires companies that process information of California residents to make new disclosures to consumers about their data collection, use and sharing practices, allows consumers to opt out of certain data sharing with third parties and provides a new cause of action for data breaches. Additionally, the California Privacy Rights Act ("CPRA") which went into effect in 2023 and significantly modifies the CCPA, has led to further uncertainty and requires us to incur additional costs and expenses. Other states have also enacted privacy laws similar to the CCPA, which became operative recently or will become operative in the next few years, with these providing consumers with similar abilities to opt-out of certain data sharing and to limit the use of certain data for targeted advertising. Additionally, the Federal Trade Commission and many state attorneys general are interpreting federal and state consumer protection laws to impose standards for the online collection, use, dissemination and security of data. The burdens imposed by these and other laws and regulations that may be enacted, or new interpretations of existing laws and regulations, may require us to modify our data processing practices and policies and to incur substantial costs in order to comply and may disproportionately affect our business in comparison to our peers that have greater resources. These laws and regulations may also impact our ability to expand advertising on our platform internationally, as they may impede our ability to deliver targeted advertising and accurately measure our ad performance. In addition, the privacy of teens' personal data collected online, and use of commercial websites, applications, online services, or other interactive platforms, generally, are also becoming increasingly scrutinized. Regulations focused on online safety and protection of teens' privacy online may require us to change our services and incur costs to do so. Moreover, various laws to restrict or govern the use of commercial websites, applications, online services, or other interactive platforms by teens have passed or have been proposed, including laws prohibiting showing teens advertising, requiring age verification, limiting the use of teens' personal data, and requiring parental consent or providing for other parental rights. These laws may be, or in some cases already have been, subject to legal challenges and changing interpretations, which may further complicate our efforts to comply with laws applicable to us. These new laws may result in restrictions on the use of certain of our products or services by teens, the inability to offer certain products and services to teens, decrease DAUs or user engagement in those jurisdictions, require changes to our products and services to achieve compliance, decrease our advertising and subscription revenue, and increase legal risk and compliance costs for us and our third-party partners, any of which could seriously harm our business. Any failure or perceived failure by us to comply with our privacy policies, data privacy-related obligations to users or other third parties, or our data privacy-related legal obligations, or any compromise of security that results in the unauthorized release or transfer of personally identifiable information or other user data, or other failure to comply with these laws and regulations, or regulatory scrutiny, can result in governmental enforcement actions or litigation that could expose our business to substantial financial penalties, or other monetary or non-monetary relief, negative publicity, loss of confidence in our products, decline in user or advertiser growth or damage to our brand and reputation. Companies in the technology industry have recently experienced increased regulatory scrutiny relating to data privacy and data protection, and we have become subject to enhanced scrutiny and enforcement actions from regulators to ensure compliance with data privacy and data protection laws and regulations. The GDPR, CCPA and other such laws and regulations impose new and burdensome obligations, and include substantial uncertainty as to their interpretation, and we are subject to challenges in addressing their requirements, which could result in fines or penalties, lead us to change our data privacy policies and practices, how our product currently operates, and limit our ability to deliver personalized advertising by, for example, requiring users to opt-in to personalized advertising. Public statements and complaints against us by consumer advocacy groups or others could also cause users to lose trust in us, which could result in declines in user growth, retention or engagement and have an adverse effect on our brand, reputation and business. Additionally, if third parties that we work with, such as advertisers, service providers or developers, violate applicable laws or our policies, these violations may also put users' information at risk and could in turn have an adverse effect on our business, revenue and financial results. Any significant change to applicable laws, regulations or industry practices, or to interpretations of existing laws and regulations, regarding the use or disclosure of users' data, or regarding requirements around obtaining consent from users for the use and disclosure of such data, could require us to modify our products to allow for limited data use, possibly in a material manner, and may limit our ability to develop new products that make use of the data that users voluntarily share. There currently are a number of proposals pending before federal, state and foreign legislative and regulatory bodies. In addition, some countries are considering or have passed legislation implementing data protection requirements or requiring local storage and processing of data or similar requirements that could increase the cost and complexity of delivering our service, particularly as we expand our operations internationally.

We believe that our brand, identity and reputation have significantly contributed to the success of our business. We also believe that maintaining and enhancing the "Pinterest" brand and reputation is critical to retaining and growing our user, creator, publisher and advertiser base. Maintaining and enhancing our brand and reputation depends largely on our continued ability to provide high-quality, relevant, reliable, trustworthy and innovative products, which may require substantial investment and may not be successful. From time to time, we introduce new products or updates to existing products that require users to agree to new terms of service that users may not like, which may negatively affect our brand and reputation. Additionally, advertisements or actions of our advertisers may affect our brand and reputation if users do not think the advertisements help them accomplish their objectives, or view the advertisements as intrusive, annoying or misleading or have poor experiences with our advertisers. In addition, our brand, identity and reputation may be adversely affected by perceptions of social media platforms in general, including perceptions resulting from factors unrelated to the company's actions or the content or actions of users, such as the boycott of Facebook and X (formerly Twitter) by some advertisers or allegations of the impact of social media on the mental health of users. Our brand and reputation can also be negatively affected by the content or actions of our users that are deemed to be hostile or inappropriate to other users, by the actions of our users acting under false or inauthentic identities, by the use of our products or services to disseminate information that is deemed to be misleading, or by the use of our platform for illicit, illegal or objectionable ends. We also may fail to respond expeditiously to the sharing of illegal, illicit or objectionable content on our platform or objectionable practices by advertisers, or to otherwise address user or advertiser concerns, which could erode confidence in our brand and damage our reputation. We expect that our ability to identify and respond to this content in a consistently applied manner and on a timely basis or at all may decrease as the number of users grows, as the amount of content on the platform increases or as we expand our product and service offerings, such as video and live streaming content. Any governmental or regulatory inquiry, investigation or action, including based on the appearance of illegal, illicit or objectionable content on our platform, our business practices, or failure to comply with laws and regulations, could damage our brand and reputation, regardless of the outcome. We have experienced, and expect to continue to experience, media, legislative, governmental, regulatory, investor and other third-party scrutiny of our decisions. Any scrutiny, inquiry, investigation or action, including regarding our data privacy, copyright, content, employment or other practices, workplace culture, charitable giving, product changes, product quality, litigation or regulatory action or regarding the actions of our employees, users or advertisers or other issues, may harm our brand and reputation. In addition, scrutiny of other companies in our industry, including their impact on user "screen time" or their content policies or data privacy practices, could also have a negative impact on our brand and reputation. These concerns, whether actual or unfounded, may also deter users, creators, publishers or advertisers from using our platform. Adverse publicity, regardless of its accuracy, relating to events or activities attributed to us, our employees, third-party vendors, users, creators, publishers or our advertisers, or to social media platforms in general, may tarnish our reputation and reduce the value of our brand. If we fail to promote and maintain the "Pinterest" brand or preserve our reputation, or if we incur excessive expenses in this effort, our business, revenue and financial results could be harmed.

We currently depend on the continued services and performance of our key personnel, including William Ready and others. Mr. Ready's employment, and the employment of our other key personnel, is at will, which means they may resign or be terminated for any reason at any time. Similarly, Mr. Silbermann is currently non-executive Chair of the Board and may resign at any time. In addition, much of our key technology and systems are custom-made for our business by our personnel. The loss of key personnel, including key members of management as well as our key engineering, design, marketing, sales and product development personnel, could disrupt our operations and harm our business. This risk is particularly heightened in an environment where companies, including us, slow down hiring or reduce their workforce and will continue to find ways to further reduce costs due to macroeconomic conditions. In addition, it is important to our business to attract and retain highly talented personnel, particularly engineers with expertise in computer vision, AI and machine learning. We have found and may continue to find our recruiting and retention efforts more challenging because the marketplace for talent is highly competitive. The incentives provided by our stock option grants, restricted stock grants and restricted stock unit grants, or by other compensation and benefits arrangements, may not be effective to attract and retain employees, especially as a result of continued fluctuations in our stock price. We may also be required to enhance wages, benefits and non-equity incentives. If we are unable to meet employees and potential employees' expectations, we may experience difficulties attracting and retaining personnel. Further, our ongoing efforts to address workplace culture concerns (including to meet the goals we set in our Inclusion and Diversity Reports), implement the recommendations of the Special Committee of our Board and the terms of the settlement agreement with respect to certain derivative lawsuits and resolve certain related allegations or claims have resulted in, and will continue to result in, increased costs, as well as consuming management's time and attention. Further, if our efforts are unsuccessful, we may not be able to attract and retain talent, we may be subject to investigations, litigation and other proceedings and our brand and reputation and stock price may be harmed. We currently have a flexible work model which provides for a more distributed workforce. Our work strategy, including our efforts related to employee onboarding, training and development and retention may not be successful. Further, our work strategy may continue to evolve and may not meet the needs of our existing and potential future employees and they may prefer work models offered by other companies. If we do not succeed in attracting and retaining highly qualified personnel or the financial resources required to do so increase, we may not be able to meet our business objectives, and our business, revenue and financial results could be harmed.

AWS provides the cloud computing infrastructure we use to host our website, mobile application and many of the internal tools we use to operate our business. We have a long-term commitment with AWS. Under the agreement with AWS, in return for negotiated concessions, we currently are required to maintain a substantial majority of our monthly usage of certain compute, storage, data transfer and other services on AWS. This agreement is terminable only under certain conditions, including by either party following the other party's material breach, which may be the result of circumstances that are beyond our control. A material breach of this agreement by us, or early termination of the agreement, could carry substantial penalties, including liquidated damages. If AWS increases pricing terms, terminates or seeks to terminate our contractual relationship, establishes more favorable relationships with our competitors, or changes or interprets its terms of service or policies in a manner that is unfavorable, those actions could harm our business, revenue and financial results. Any significant disruption of, limitation of our access to or other interference with our use of AWS would negatively impact our operations and our business could be harmed. In addition, any transition of the cloud services currently provided by AWS to another cloud services provider would be difficult to implement and would cause us to incur significant time and expense and could disrupt or degrade our ability to deliver our products and services. The level of service provided by AWS could affect the availability or speed of our services. If users, creators, publishers or advertisers are not able to access our service or platform or encounter difficulties in doing so, we may lose users, creators, publishers or advertisers and could harm our business and reputation. We utilize data center hosting facilities operated by AWS, located in various facilities. However, we have implemented a limited disaster recovery program which does not allow us to serve network traffic from back-up data center services. An unexpected disruption of services provided by these data centers could hamper our ability to handle existing or increased traffic, result in the loss of data or cause our platform to become unavailable, which may harm our reputation and business.

Adverse global economic and financial events, such as the epidemics, pandemics and other public health emergencies, Russia's invasion of Ukraine, the war in the Middle East, recession or fears of recession, inflation, fluctuation in foreign exchange rate, supply chain issues, and inventory and labor shortages, have caused, and could in the future, continue to cause disruptions and volatility in global financial markets. Such conditions have resulted in or may result in, among other things, an adverse impact on the ability and willingness of companies to spend on advertising, volatility in our stock price, and an adverse impact on the financial condition of the institutions with whom we hold deposits or the credit quality of the issuers of our cash equivalents and marketable securities. In addition, since the majority of our revenue is derived from advertisers within the U.S., economic conditions in the U.S. have a greater impact on us. We may not perform well in adverse macroeconomic conditions and they could negatively impact our business and financial condition.

We continue to develop and evolve our international growth strategy and may adjust the way we expand our business operations outside the United States. We may limit our expansion or decrease our operations in certain international markets, including discontinuing advertising in those markets or not monetizing those markets at all, which could harm our reputation and business, revenue and financial results. Alternatively, we may enter new international markets and expand in existing markets where we have limited or no experience in deploying our service or selling advertisements. We may launch our advertising platform in countries where we do not have sales staffing in place, where market perception of our service and ad platform may be low or where our audience size in a given market may be low relative to advertiser expectations, all or any of which could limit our ability to monetize those countries. In addition, as part of our growth and monetization strategy in markets outside the United States, we are working to partner with local third-party sales organizations, which we refer to as resellers. However, there is no guarantee that resellers will choose to work with us or be willing to invest the time and resources required to train their staff to effectively sell our platform or that this strategy will be successful to increase average revenue per user in these markets. Further, in order to expand successfully, we need to offer content and products that are customized and relevant to local users and advertisers, which requires significant investment of time and resources. We are subject to a variety of risks inherent in doing business internationally, and our exposure to these risks will increase as we continue to expand our operations, user base and advertiser base globally. These risks include: - political, social and economic instability, including armed conflict or hostilities, such as Russia's invasion of Ukraine and the war in the Middle East;- selective or inconsistent government regulatory action or enforcement;- fluctuations in currency exchange rates and restrictions on currency conversions;- higher levels of credit risk and payment fraud;- enhanced difficulties of integrating any foreign acquisitions;- reduced protection for intellectual property rights in some countries;- difficulties in staffing and managing global operations and the increased travel, infrastructure and legal and tax compliance costs associated with multiple international locations and subsidiaries;- different regulations and practices with respect to employee/employer relationships, existence of workers' councils and labor unions, and other challenges caused by distance, language and cultural differences, making it harder to do business in certain international jurisdictions;- increasing labor costs due to high wage inflation in certain international jurisdictions;- compliance with statutory requirements relating to our equity;- regulations that might add difficulties in repatriating cash earned outside the United States and otherwise prevent us from freely moving cash;- import and export controls and restrictions and changes in trade regulations, including sanctions;- compliance with the U.S. Foreign Corrupt Practices Act, the U.K. Bribery Act and similar laws in other jurisdictions;- compliance with laws governing supply chains and related business operations;- compliance with environmental, social and governance (ESG) laws and with GDPR and similar data privacy and data protection laws;- compliance with laws that might restrict content or advertising (such as laws intended to protect teens), require us to provide user information, including confidential information, to local authorities or add significant requirements that make it difficult to operate in that jurisdiction;- macroeconomic conditions, such as inflation and labor shortage which had an impact on the pace of our global expansion;- compliance with multiple tax jurisdictions and management of tax impact of global operations; and If we are unable to execute our strategy on international growth and manage the complexity of global operations successfully, our business, revenue and financial results could be harmed.