RingCentral (RNG) Risk Analysis

The cloud-based business communications industry is characterized by rapid development of and changes in customer requirements, frequent introductions of new and enhanced services, and continuing and rapid technological advancement. We cannot predict the effect of technological changes or the introduction of new, disruptive technologies on our business, and the market for cloud-based business communications may develop in a manner different than we expect, and our solutions could fail to achieve market acceptance. Our continued growth depends on continued use of voice, video communications, messaging and contact center solutions by businesses, as compared to email and other data-based methods. In addition, to compete successfully, we must anticipate and adapt to technological changes and evolving industry standards, and continue to design, develop, manufacture, and sell new and enhanced services that provide increasingly higher levels of performance and reliability. Currently, we derive a majority of our revenues from subscriptions to RingEX (formerly RingCentral MVP), and we expect this will continue for the foreseeable future. However, our future success may also depend on our ability to introduce and sell new services, features, and functionality, such as RingCX, RingSense and RingCentral Events that enhance or are beyond the subscriptions we currently offer, as well as to improve usability and support and increase customer satisfaction. For example, we and our peers and competitors continue to invest significantly in AI (including machine learning and large language models). There are significant risks involved in deploying AI and there can be no assurance that using AI in our platforms and products, such as our AI-powered product, RingSense, will enhance or be beneficial to our business,. Our failure to develop solutions that satisfy customer preferences in a timely and cost-effective manner may harm our ability to compete effectively, renew our subscriptions with existing customers, increase our subscription revenues from our existing customers, and create or increase demand for our subscriptions and may materially and adversely impact our results of operations. The introduction of new services by competitors, including those that incorporate AI and machine learning, or the development of entirely new technologies to replace existing offerings could make our solutions outdated, obsolete or adversely affect our business and results of operations. Announcements of future releases and new services and technologies by our competitors or us could cause customers to defer purchases of our existing subscriptions, which also could have a material adverse effect on our business, financial condition or results of operations. We may experience difficulties with software development, operations, design, or marketing that could delay or prevent our development, introduction, or implementation of new or enhanced services and applications. We have in the past experienced delays in the planned release dates of new features and upgrades and have discovered defects in new services and applications after their introduction. We cannot assure you that new features or upgrades will be released according to schedule, or that, when released, they will not contain defects or bugs. Either of these situations could result in adverse publicity, loss of revenues, delay in market acceptance, or claims by customers brought against us, all of which could harm our reputation, business, results of operations, and financial condition. Moreover, the development of new or enhanced services or applications will require substantial investment, and we must continue to invest a significant amount of resources in our research and development efforts to develop these services and applications to remain competitive. We do not know whether these investments will be successful. If customers do not widely adopt any new or enhanced services and applications, we may not be able to realize a return on our investment. If we are unable to develop, license, or acquire new or enhanced services and applications on a timely and cost-effective basis, or if such new or enhanced services and applications do not achieve market acceptance, our business, financial condition, and results of operations may be materially and adversely affected.

Our operations depend on our ability to protect our production and corporate information technology services from interruption or damage from various threats, including cyber-attacks, denial-of-service events and other system and network disruptions, social engineering, unauthorized entry, insider threats, rogue employees or contractors, computer malware or other means of causing security breaches or incidents. Although we require our employees to undertake privacy and cybersecurity training, we have from time to time been subject to communications fraud, social engineering tactics, cyber-attacks by malicious actors, and denial of service and other disruptive events, and we may be subject to similar attacks in the future, particularly as the frequency and sophistication of cyber-attacks increases. We cannot assure you that our backup systems, regular data backups, security controls, personnel training, and other procedures currently in place, or that may be in place in the future, will prevent significant damage, system failure, service outages, data incidents, data loss, unauthorized access, loss of use, interruption, or increased charges from our technology vendors. The amount of data we store for our customers and users increases as our business grows. We host services, which includes hosting customer data, in co-located data centers and in multiple public cloud services. Our solutions allow users to store files, tasks, calendar events, messages and other data on our services indefinitely or as may be directed by our customers, at least until termination of the agreement. We also maintain sensitive data related to our technology and business, and that of our employees, strategic partners, GSPs, channel partners, and customers, including intellectual property, proprietary business information and personal information (also called personal data) on our own systems and in multiple vendors' cloud services. As a result of maintaining larger volumes of data and user files and/or as a result of our continued movement up market, or movement into new customer markets and acquisition of larger and more recognized customers, we may become more of a target for hackers, nation states, and other malicious actors. In addition, we use third-party vendors who, in some cases, have access to our data and our employees', partners', and customers' data. We employ layered security measures and have a means of working with third parties who report vulnerabilities to us. Despite the implementation of security measures by us or our vendors, our computing devices, infrastructure, or networks, or our vendors' computing devices, infrastructure, or networks have in the past, and may in the future, be vulnerable to hackers, computer viruses, worms, ransomware, other malware, employee theft or misuse, phishing, denial-of-service attacks, or similar disruptive problems that are caused by or through a security weakness or vulnerability in our or our vendors' infrastructure, network, or business practices or our or our vendors' customers, employees, business partners, consultants, or other Internet users who attempt to obtain unauthorized access to our or our vendors' corporate or personal systems, networks, or devices. Security weaknesses or vulnerabilities in our, our vendors', or our customers' infrastructure, networks, or business practices could lead to increased costs, liability claims, including contractual liability claims relating to security obligations in agreements with our partners and our customers, fines, claims, investigations and other proceedings, reduced revenue, or harm to our reputation or competitive position. In addition, even if vulnerabilities are not exploited or targeted, we could incur increased costs and capital expenditures in any efforts we undertake to strengthen our security controls or remediate security vulnerabilities. We currently require a substantial number of our employees to work in one of our offices, nevertheless, we have implemented remote working protocols and offer work-issued devices to substantially all employees, whether working in an office or remotely. Actions of employees while working remotely may have significant effects on the security of our infrastructure, networks, and the information we process, such as by increasing the risk of compromise to systems or data arising from employees' combined personal and private use of devices, accessing our networks or information using wireless networks that we do not control, or the ability to transmit or store information outside of our network. Our employees' or third parties' intentional, unintentional, or inadvertent actions may increase our vulnerability to or expose us to security threats, such as ransomware or other malware and phishing attacks, and we may remain responsible for or otherwise face liability in connection with unauthorized access to, loss, unavailability alteration, destruction, acquisition, disclosure or other processing of information we or our vendors, business partners, or consultants process or otherwise maintain. Additionally, political and geopolitical uncertainty and actions, such as the war between Russia and Ukraine and the conflicts in the Middle East, may create heightened risks to us and our vendors, business partners, and consultants of cyber-attacks from nation-state actors or their affiliated entities, including attacks that could materially disrupt our systems and operations, supply chain, and ability to produce, sell and distribute our services. Also, cyber-attacks, including on the supply chain (including our software supply chain), continue to increase in frequency and magnitude, and we cannot provide assurances that our preventative efforts, or those of our suppliers, have been or will be successful. We rely on encryption and authentication technology to provide secure transmission of and access to confidential information, including customer credit card numbers, debit card numbers, direct debit information, customer communications, and files uploaded by our customers. Advances in computer capabilities, new cryptographic discoveries, software or hardware bugs or vulnerabilities, social engineering activities, the introduction of ransomware or other malicious code, or other developments may result in a compromise or breach of the technology we use to protect our data and our customer data, or of the data itself. We also have incorporated AI-powered features into our solutions and may continue to incorporate additional AI features and technologies into our solutions in the future. Our use of AI features and technologies may create additional cybersecurity risks or increase cybersecurity risks, including risks of security breaches and incidents. Further, AI technologies may be used in connection with certain cybersecurity attacks, resulting in heightened risks of security breaches and incidents. Additionally, third parties have in the past successfully induced, and may attempt in the future to induce using social engineering or other methods, employees, consultants, or customers into disclosing sensitive information, such as usernames, provisioning data, customer proprietary network information ("CPNI") or other information in order to gain access to our customers' user accounts or data, or to our systems or data. CPNI includes information such as the phone numbers called by a customer, the frequency, duration, and timing of such calls, and any services purchased by the consumer, such as call waiting, call forwarding, and caller ID, in addition to other information that may appear on a customer's bill. Third parties may also attempt to induce employees, consultants, or customers into disclosing information regarding our and our customers' intellectual property, personal data and other confidential information. The techniques used to obtain unauthorized access, to perform hacking, phishing and social engineering, or to sabotage systems change and evolve frequently and may not be recognized until launched against a target, may be new and previously unknown or little-known, or may not be detected or understood until well after such actions are conducted. We may be unable to anticipate these techniques and may be unsuccessful in implementing appropriate preventative measures, and any security breach or other incident may be difficult to detect and may take longer than expected to remediate or otherwise address. Any system failure or disruption or security breach or incident that causes interruptions or data loss in our operations or in the computer systems of our customers or leads to the misappropriation, loss, unavailability, or unauthorized use, disclosure, or other processing of our or our customers' confidential or personal information could result in significant liability to us, loss of our intellectual property, cause our subscriptions to be perceived as not being secure, cause considerable harm to us and our reputation (including requiring notification to customers, regulators, or the media), and deter current and potential customers from using our subscriptions. Any of these events could have a material adverse effect on our business, results of operations, and financial condition. It is critical to our business that our sensitive information and that of our employees, strategic partners, GSPs, channel partners and customers remains secure and that our customers perceive that this information is secure. An information security incident could result in unauthorized access to, loss or unavailability of, or unauthorized disclosure or other processing of such information. Any actual or perceived cybersecurity breach or incident could expose us to litigation, indemnity obligations, government notification and investigations or other proceedings, contractual liability, and other possible liabilities, and could result in negative publicity, which could harm our reputation and reduce our customers' confidence in the effectiveness of our solutions, which could materially and adversely affect our business and operating results. A security breach or incident could also expose us to increased costs, including remediation costs, disruption of operations, or increased cybersecurity protection costs, that may have a material adverse effect on our business. In addition, an actual or perceived security breach or incident of or impacting our customers' systems can also result in exposure of credentials, unauthorized access to accounts, exposure of their information and data (including CPNI), and fraudulent calls on their accounts, which can have impacts to us similar to those described above. Any actual or perceived security breach or incident of or impacting our partners' or vendors' systems can result in similar impacts. Additionally, due to the nature of our solutions, we are unable to maintain complete control over data security or the implementation of measures that reduce the risk of a data security incident. For example, our customers may accidentally disclose their passwords or store them on a mobile device that is lost or stolen, creating the perception that our systems are not secure against third-party access. Additionally, our third-party contractors in the Philippines, U.S., Georgia, and elsewhere may have access to customer data. While our agreements with our third-party contractors restrict their use or disclosure of any customer data, if these or other third-party vendors violate applicable laws or our policies, this may put our customers' information at risk and could have a material and adverse effect on our business. Laws, regulations, and enforcement activities relating to security and privacy continue to evolve. For example, in 2023, the SEC adopted cybersecurity risk management and disclosure rules, which require the disclosure of information pertaining to cybersecurity incidents and cybersecurity risk management, strategy, and governance. Additionally, the Digital Operational Resiliency Act went into effect on January 17, 2025. It aims to establish a universal framework for managing and mitigating information and communication technology risk that will apply to financial-sector entities and their third-party cloud service providers. We have incurred and expect to continue to incur significant expenses in our efforts to prevent and address security incidents. Determining whether a security breach or incident is notifiable or reportable may not be straightforward and may be costly and could lead to negative publicity, loss of customer or partner confidence in the effectiveness of our security measures, diversion of management's attention, governmental investigations, and the expenditure of significant capital and other resources to respond to or alleviate problems caused by the actual or perceived security breach or incident. We may find it necessary for various reasons, such as a need to support changes to applicable laws or to support our expansion of sales into new geographic areas or into new industry markets, to change or enhance our cybersecurity measures, which may make it more expensive to operate in certain jurisdictions and may increase the risk of our non-compliance with evolving laws and regulations. While we maintain cybersecurity insurance, our insurance may be insufficient to cover all liabilities incurred by privacy or security incidents. We also cannot be certain that our insurance coverage will be sufficient for data handling or data security liabilities actually incurred, that insurance will continue to be available to us on economically reasonable terms, or at all, or that an insurer will not deny coverage as to any future claim. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could have a material adverse effect on our business, including our financial condition, operating results, and reputation.

Our future performance depends on the continued services and contributions of our senior management and other key employees to execute on our business plan, and to identify and pursue opportunities and services innovations. The loss of services of senior management or other key employees, whether in the past or in the future, could significantly delay or prevent the achievement of our business, financial, developmental and strategic objectives. In particular, we depend to a considerable degree on the vision, skills, experience, and effort of our co-founder, Chairman and Chief Executive Officer, Vladimir Shmunis, who has provided our strategic direction for over 20 years and has built and maintained what we believe is an attractive workplace culture. Any future changes resulting from the hiring or departure of executives could disrupt our business and could impact our ability to preserve our culture, which could negatively affect our ability to recruit and retain personnel. None of our executive officers or other senior management personnel is bound by a written employment agreement and any of them may therefore terminate employment with us at any time with limited or no advance notice. The replacement of any current or future senior management personnel could involve significant time and costs, and any such loss could significantly delay or prevent the achievement of our business objectives. Our future success also depends on our ability to continue to attract and retain highly skilled personnel. Despite many recent layoffs in the technology industry and at the company, we believe that there is, and will continue to be, intense competition for highly skilled technical and other personnel with experience in our industry in the San Francisco Bay Area, where our headquarters is located, in Denver, Colorado, where we have an office where a significant portion of our U.S. sales and customer support office and our network operations center is located, and in other locations where we have employees. In addition, changes to U.S. immigration policies, particularly to H-1B and other visa programs, and restrictions on travel could restrain the flow of technical and professional talent into the U.S. and may inhibit our ability to hire qualified personnel. Similar risks exist with respect to immigration regulations in other countries where we operate, may operate in the future or have employees or contractors. We must provide competitive compensation packages and a high-quality work environment to hire, retain, and motivate employees. If we are unable to retain and motivate our existing employees and attract qualified personnel to fill key positions, we may be unable to manage our business effectively, including the development, marketing, and sale of existing and new subscriptions, which could have a material adverse effect on our business, financial condition, and results of operations. To the extent we hire personnel from competitors, we may be subject to allegations that they have been improperly solicited or divulged proprietary or other confidential information. Volatility in, or lack of performance of, our stock price may also affect our ability to attract and retain key personnel.

The cloud-based business communications and collaboration solutions industry is highly competitive. We face intense competition from other providers of UCaaS, CCaaS, Communications Platform as a Service ("CPaaS"), messaging, video, fax, virtual events, AI (including quality management, sales assistant and other AI driven functionalities), virtual assistant, work-force management/optimization and other communication products and services. Our competitors include traditional on-premises, hardware business communications providers, cloud, hybrid and hosted communications providers, GSPs and each of their channel partners, resellers, distributors and agents who offer proprietary or other third-party cloud business communications products and services. As a result, several of the companies with whom we have commercial relationships, such as our GSPs, OEM resellers, and channel partners, also offer, market and sell competing products and services. Our competitors include but are not limited to: 8x8, Inc., Dialpad, Inc., LogMeIn, Inc., Microsoft Corporation, Nextiva, Inc., Twilio Inc., Ericsson ("Vonage"), Zoom Communications, Inc., Amazon.com, Inc., AT&T Inc., BT Group plc, TELUS Corporation, Vodafone Group Plc, Deutsche Telekom, Avaya LLC ("Avaya"), Mitel Networks Corporation ("Mitel"), Cisco Systems, Inc. ("WebEx"), Alphabet Inc. ("Google Voice"), Meta Platforms, Inc., Oracle Corporation, and Salesforce.com, Inc., Five9, Inc., NICE Ltd. (including LiveVox Holdings, Inc.), Genesys Telecommunications Laboratories, Inc., Talkdesk, Inc., Verint Systems Inc., Calabrio, Inc., yellow.ai, ON24, Inc., Cvent Holding Corp., Gong.io Inc., Alianza, Inc., and Outreach Corporation. Many of our current and potential competitors have longer operating histories, significantly greater resources and/or name recognition, more diversified offerings, greater international presence, and larger customer bases than we have. As a result, these competitors may have greater credibility with our existing and potential customers. In addition, certain of our competitors have partnered with, or been acquired by, and may in the future partner with or acquire, other competitors to offer services, leveraging their collective competitive positions, which makes it more difficult to compete with them and could significantly and adversely affect our results of operations. Demand for our platform is also sensitive to price. Many factors, including our marketing, user acquisition and technology costs, and our current and future competitors' pricing and marketing strategies, can significantly affect our pricing strategies. Our competitors may be able to adopt more aggressive pricing policies and promotions and devote greater resources to the development, promotion and sale of their services than we can to ours. Some of our competitors have in the past and may choose in the future to sacrifice revenues and/or profitability to gain market share by offering their services at lower prices or for free, or offering alternative pricing models, such as "freemium" pricing or free "service credits." Our competitors may also offer bundled service arrangements that provide more complete service offerings with other functionality that we do not offer (such as broadband), thereby making them more attractive to potential customers despite the technical merits or advantages of our platform. Competition could result in a decrease to our prices, increase customer acquisition costs, slow our growth, increase our customer turnover, reduce our sales, or decrease our market share, any or all of which could materially and adversely affect our revenues and growth.

We believe that continuing to strengthen our current brand will be critical to achieving widespread acceptance of our subscriptions and will require continued focus on active marketing efforts. The demand for and cost of online and traditional advertising has been increasing and may continue to increase. Accordingly, we may need to increase our investment in, and devote greater resources to, advertising, marketing, and other efforts to create and maintain brand loyalty among users. Brand promotion activities may not yield increased revenues, and even if they do, any increased revenues may not offset the expenses incurred in building our brand. In addition, if we do not handle customer complaints effectively, our brand and reputation may suffer, we may lose our customers' confidence, and they may choose to terminate, reduce or not to renew their subscriptions. Many of our customers also participate in social media and online blogs about Internet-based software solutions, including our subscriptions, and our success depends in part on our ability to minimize negative and generate positive customer feedback through such online channels where existing and potential customers seek and share information. If we fail to sufficiently invest in, promote and maintain our brand, our business could be materially and adversely affected.

In the course of providing our services, RingCentral collects, stores, transmits, and discloses (collectively, "processes") many types of personal data, including sensitive personal data. RingCentral's processing of personal data is subject to a myriad of obligations and restrictions flowing from laws, regulations, industry standards, and contracts. Data protection laws in the U.S. and abroad give consumers and businesses rights to control the processing of personal data, including the right to opt-out of the sale, sharing, or certain uses of their data and to which countries their data may be transferred. In the U.S., we could be subject to enforcement actions if the FTC or state attorneys general have reason to believe we have engaged in unfair or deceptive privacy or data security practices. Sector specific laws applicable to personal health data, personal data processed on behalf of financial institutions, data about minors, and personal data processed in the course of providing communications services impose compliance costs and create regulatory risks. Omnibus privacy laws applicable abroad and in an increasing number of U.S. states may apply to RingCentral's processing in those jurisdictions. In addition, many data protection laws outside the United States prohibit or impose burdens on the transfer of personal data to countries, including the U.S., that have been deemed not to provide adequate privacy protections. Our obligations under these laws and regulations may be unclear, compliance can be costly, and penalties for non-compliance can be substantial. Increasingly, jurisdictions in which RingCentral does business are regulating digital services and emerging technologies such as AI in ways that go beyond traditional privacy and data protection legislation. The impact of this regulatory activity on the overall industry, business models and our operations are uncertain and could result in changed or new operational and administrative costs that could have an adverse effect on our business, financial condition, and results of operations. If we experience or suspect a data security incident, we may incur significant costs associated with investigation, mitigation, remediation, and customer notifications. We may be unable to maintain complete control over data security, e.g., our customers may accidentally disclose their passwords. Additionally, if our third-party contractors experience a data security incident, or violate applicable laws or our policies, such incidents or violations may also put our customers' information at risk, create the perception that our systems are not secure, and in turn have a material and adverse effect on our business. Regulation of personal information is evolving, and new laws could further impact how we handle personal information and/or could require us to incur additional compliance costs, either or both of which could have an adverse impact on our operations. The scope and status of these obligations and restrictions is uncertain, changing, subject to differing interpretations, and may be inconsistent from jurisdiction to jurisdiction. As implementation and enforcement of these existing and new laws and regulations progress, we could experience additional costs associated with increased compliance burdens and contractual obligations, be required to localize certain personal data, and/or be at risk for increased regulatory fines or damages. Failure to comply with obligations and restrictions related to data privacy, data protection, and security in any jurisdiction in which we operate could subject us to regulatory investigations, lawsuits, substantial fines, sanctions, civil and criminal penalties, damages (including statutory damages), consent decrees, injunctions, adverse publicity, reputational damage, and other losses. Further, our actual compliance, our customers' perception of our compliance, costs of compliance with such regulations, and obligations and customer concerns regarding their own compliance obligations (whether factual or in error) may limit the use and adoption of our subscriptions and reduce overall demand. Even the perception of privacy-related concerns, whether or not valid, may inhibit market adoption of our subscriptions in certain industries.

The success of our activities is affected by general economic and political conditions, including, among others, inflation rate fluctuations, interest rates, supply chain constraints, consumer confidence, volatile equity capital markets, tax rates, economic uncertainty, political instability, changes in laws, foreign currency exchange rates, and trade barriers and sanctions. Such economic volatility could adversely affect our business, financial condition, results of operations and cash flows, and future market disruptions could negatively impact us. A significant portion of our revenues comes from small and medium-sized businesses, which have been, and may continue to be, adversely affected by the macroeconomic conditions and uncertainties to a greater extent than larger enterprises with greater financial resources. Unfavorable economic conditions could increase our operating costs and, because our typical contracts with customers lock in our price for a few years and/or may have elasticity clauses, our profitability could be negatively affected. Geopolitical destabilization could impact global currency exchange rates, supply chains, trade and movement of resources, the price of commodities such as energy, as well as demand for our products and services, which may adversely affect the technology spending of our customers and potential customers. Geopolitical conflicts, including the effects of the ongoing war between Russia and Ukraine and related international sanctions against Russia, the ongoing conflicts in the Middle East, any potential worsening or expansion of these conflicts and wars, and U.S.-China relations, are heightening these risks. The recent U.S. presidential election could lead to changes in economic conditions or economic uncertainties in the United States and globally. Any such changes or uncertainties, including in international trade relations, legislation and regulations (including those related to taxation and importation), or economic and monetary policies, could result in heightened diplomatic tensions or political and civil unrest, among other potential impacts, and have a material adverse effect on the global economy as a whole and/or our business, or may require us to significantly modify one or more of our current business practices. Some of our international agreements provide for payment denominated in local currencies, and the majority of our local costs are denominated in local currencies. Fluctuations in the value of the U.S. dollar versus foreign currencies has in the past, and may in the future, impact our operating results when translated into U.S. dollars. Thus, our results of operations and cash flows are subject to fluctuations due to changes in foreign currency exchange rates, particularly changes in the Euro, British Pound Sterling, Bulgarian Lev, Chinese Yuan, Indian Rupee, Canadian Dollar, Australian Dollar, and Singapore Dollar, and may be adversely affected in the future due to changes in foreign currency exchange rates. Certain changes in exchange rates have and may in the future negatively affect our revenues, expenses, and other operating results as expressed in U.S. dollars.

We have significant operations directly or through third parties in many countries outside of the U.S. and Canada, including, the U.K., China, the Philippines, Germany, Georgia, Bulgaria, Spain, Australia, India, and France. We also sell our solutions to customers in several countries in Europe, as well as in the Asia Pacific region, and we may continue to grow our international presence in the future. The future success of our business will depend, in part, on our ability to expand our operations and customer base worldwide, as well as our ability to acquire and maintain international customers in a cost effective manner. Operating in international markets requires significant resources and management attention and will subject us to regulatory, economic, and political risks that are different from those in the U.S. Due to our relatively limited experience with international operations and developing and managing sales and distribution channels in international markets, our international expansion efforts may not be successful. In addition, we will face risks in doing business internationally that could materially and adversely affect our business, including: - our ability to comply with differing and evolving technical and environmental standards, telecommunications regulations, and certification requirements outside the U.S.;- difficulties and costs associated with staffing and managing foreign operations, including managing compliance with foreign labor laws and regulations;- new and different sources of competition;- our ability to effectively price our subscriptions in competitive international markets;- potentially greater difficulty collecting accounts receivable and longer payment cycles;- the need to adapt and localize our subscriptions and product offerings for specific countries and local regulators;- the need to offer customer care, product information, websites, and other marketing collateral in various native languages;- the need to contract and bill in various native languages, currencies, and under a variety of different legal systems;- reliance on third parties over which we have limited control, including those that market and resell our subscriptions in international markets;- availability of reliable broadband connectivity and wide area networks in targeted areas for expansion;- lower levels of adoption of credit or debit card usage for Internet related purchases by foreign customers and compliance with various foreign regulations related to credit or debit card processing and data protection requirements;- export controls and economic sanctions, foreign trade restrictions, travel restrictions, and changes in diplomatic and trade relationships, including tariffs and other non-tariff barriers, such as quotas and local content rules;- our ability to comply with different and evolving laws, rules, and regulations, including the European General Data Protection Regulation (the "GDPR"), and other data privacy and data protection laws, and regulations;- compliance with various anti-bribery and anti-corruption laws such as the Foreign Corrupt Practices Act and U.K. Bribery Act of 2010;- more limited protection for intellectual property rights in some countries;- adverse tax consequences;- fluctuations in currency exchange rates;- exchange control regulations, which might restrict or prohibit our conversion of other currencies into U.S. dollars;- restrictions on the transfer of funds;- deterioration of political relations between the U.S. and other countries where we have personnel who support our business, particularly China, India, Bulgaria, Spain, and the Philippines; and - political or social unrest, economic instability, conflict or war in such countries. Our failure to manage any of these risks successfully could harm our future international operations and our overall business.

Our corporate headquarters and other offices and many of our data centers, co-location and research and development facilities, and third-party customer service call centers are located in the U.S. (including in the state of California), Spain, Georgia, Bulgaria, and several countries in Asia, including China, the Philippines, India, and Australia. Many of these locations are near known earthquake fault zones, which are vulnerable to damage from earthquakes and tsunamis, or are in areas subject to hurricanes and typhoons. We and our contractors are also vulnerable to other types of disasters, such as power loss, fire, floods, pandemics, cyber-attack, war (including ongoing geopolitical tensions related to the war between Russia and Ukraine and the ongoing conflicts in the Middle East), political unrest, and terrorist attacks and similar events that are beyond our control. If any disasters or geopolitical conflicts were to occur or worsen, our ability to operate our business could be seriously impaired, and we may endure system interruptions, reputational harm, loss of intellectual property, delays in our subscriptions development, lengthy interruptions in our services, breaches of data security, and loss of critical data, all of which could harm our future results of operations. In addition, we do not carry earthquake insurance and we may not have adequate insurance to cover our losses resulting from other disasters or other similar significant business interruptions. Any significant losses that are not recoverable under our insurance policies could seriously impair our business and financial condition.