Revolve Group (RVLV) Risk Factors

We have in the past received, and may in the future receive, claims by various third-parties that we have infringed their copyrights, trademarks or patents, or improperly used or disclosed their trade secrets, or otherwise infringed or violated their proprietary rights, such as licensing or publicity rights. For example, in March 2023, we received a cease and desist letter alleging copyright infringement and related claims. During 2023, we accrued $7.3 million to general and administrative expenses for losses and legal fees incurred in connection with these claims. In November 2023, we entered into a final settlement agreement with the claimant and paid $7.3 million in settlement costs and legal fees related to this matter. During the first quarter of 2024, we received $2.8 million in insurance proceeds related to this matter. We record insurance proceeds related to legal matters within other income, net in the period in which they are received. Our active engagement in social media activities and large network of social media influencer partners increases these risks for us. The costs of supporting any litigation or disputes related to these claims can be considerable, and we cannot assure you that we will achieve a favorable outcome of any such claim. If any such claim is valid, we may be compelled to cease our use of such intellectual property or other proprietary rights and pay damages, including statutory damages of up to $150,000 per work infringed in the event of willful copyright infringement. We could also be subject to actual damages, the amounts of which may be difficult to quantify. In addition, in some cases we may be obligated to pay the attorneys' fees for a plaintiff in a lawsuit filed against us. Such damages and attorneys' fees, if any, could adversely affect our business, operating results and financial condition. Even if such claims were not valid, defending them could be expensive and distracting, adversely affecting our operating results. Because of the potential risks, expenses and uncertainties of litigation, we may, from time to time, choose to enter into settlement agreements with third parties to avoid or settle litigation, the amounts of which could be substantial and adversely affect our operating results.

We rely on information technology networks and systems to market and sell our products, to process, transmit and store electronic and financial information, to manage a variety of business processes and activities and to comply with regulatory, legal and tax requirements. We depend on a variety of information systems to effectively process customer orders and we depend on our information technology infrastructure for digital marketing activities and for electronic communications among our personnel, customers, manufacturers and suppliers around the world. These information technology systems, some of which are managed by third parties, may be susceptible to damage, disruptions or shutdowns due to failures during the process of upgrading or replacing software, databases or components, power outages, hardware failures, computer viruses, attacks by computer hackers, other security breaches and incidents, telecommunication failures, user errors or catastrophic events. Any material disruption of our systems or the systems of our third-party service providers could disrupt our ability to track, record and analyze the products that we sell and could negatively impact our operations, shipment of goods, ability to process financial information and transactions, and our ability to receive and process retail customers' orders and eCommerce orders or engage in normal business activities. If our information technology systems suffer damage, disruption or shutdown and we do not effectively resolve the issues in a timely manner, our business, financial condition and results of operations may be materially and adversely affected and we could experience delays in reporting our financial results. Our eCommerce operations are important to our business. Our website serves as an effective extension of our marketing strategies by exposing potential new consumers to our brand, product offerings and enhanced content. Due to the importance of our website and eCommerce operations, we are vulnerable to website downtime and other technical failures. Our failure to successfully respond to these risks could reduce eCommerce sales and damage our brand's reputation. Additionally, the information technology networks and systems used in our business and operations, some of which are managed by third parties, may suffer cyberattacks and otherwise be subject to security breaches and incidents. Any such security breaches and incidents may result in, in addition to network and system disruptions, damage, and shutdowns, consequences such as loss or corruption of, or unauthorized access to or acquisition of, data stored or processed on those networks and systems. The risks described here are heightened due to the increase in remote working since 2020. See also "-If sensitive information, including such information about our customers, is disclosed or accessed without authorization, or if we or our third-party providers are subject to real or perceived cyberattacks or other security breaches or incidents, our customers may curtail use of our platform, we may be exposed to liability and our reputation would suffer."

The software underlying our sites is highly complex and may contain undetected errors or vulnerabilities, some of which may only be discovered after the code has been released. We rely heavily on a software engineering practice known as "continuous deployment," meaning that we typically release software code multiple times per day. This practice may result in the more frequent introduction of errors or vulnerabilities into the software underlying our platform. Any errors or vulnerabilities discovered in our code after release could result in damage to our reputation, loss of customers, disruption to our eCommerce channels, loss of net sales or liability for damages, any of which could adversely affect our growth prospects and our business.

We allow our customers to return products, subject to our return policy. If the rate of merchandise returns increases significantly or if merchandise return economics become less efficient, our business, financial condition and operating results could be harmed. Further, we modify our policies relating to returns from time to time, which may result in customer dissatisfaction or an increase in the number of product returns. From time to time our products are damaged in transit, which can increase return rates and harm our brand. We accept merchandise returns for full refund if returned within 30 days of the original purchase date and merchandise may be exchanged up to 60 days from the original purchase date. Due to our liberal return policy and consumer behavior, we have experienced and may in the future experience heightened levels of returns, which have and may continue to negatively impact our operating results and financial position. We have also experienced and may in the future experience increased levels of returns due to changes in consumer shopping behavior and discretionary spending as a result of changes in macroeconomic conditions or consumer confidence, including levels of unemployment, the size and timing of federal stimulus programs, salaries and wage rates, high inflation, high interest rates, recession or fears of recession, housing costs, energy and fuel costs, the resumption of student loan repayments, income tax rates and the timing of tax refunds, consumer perceptions of personal well-being and security, availability of consumer credit and consumer debt levels.

We use third-party social media platforms as, among other things, marketing tools. For example, we maintain accounts on Instagram, Facebook, TikTok, Pinterest, YouTube and X. We also maintain relationships with thousands of social media influencers and engage in sponsorship initiatives. As existing eCommerce and social media platforms continue to rapidly evolve and new platforms develop, and as customer behavior and preferences evolve, we must continue to adapt to maintain an effective and authentic presence on these platforms and establish presences on new or emerging popular social media platforms. If we are unable to cost-effectively use social media platforms as marketing tools and effectively engage with our customers, our ability to maintain and acquire customers and our financial condition may suffer. In addition, social media platforms we use have and may continue to change their policies or algorithms, leading to shifts in the level of video and recommended content, which may impact our ability to fully optimize such platforms. Furthermore, as laws and regulations and public opinion rapidly evolve to govern the use of social media platforms, our ability to use certain platforms, including TikTok in particular, as marketing tools may become limited, restricted or more expensive or complicated, which could adversely impact our business and operating results. For example, on April 24, 2024, President Biden signed into law certain measures requiring TikTok's parent company to sell TikTok by January 2025 or face a total ban in the United States. The failure by us, our employees, our network of social media influencers, our sponsors or third parties acting at our direction to abide by applicable laws and regulations in the use of social media platforms or otherwise, including intellectual property laws and tax reporting and compliance requirements, could subject us to regulatory investigations, class action lawsuits, liability, taxes, fines or other penalties and have a material adverse effect on our business, financial condition and operating results. In addition, an increase in the use of social media for product promotion and marketing may increase the risk that such content could contain problematic product or marketing claims in violation of applicable regulations. For example, in some cases, the Federal Trade Commission, or the FTC, has sought enforcement action where an endorsement has failed to clearly and conspicuously disclose a financial relationship or material connection between an influencer and an advertiser. We do not prescribe what our influencers post and if we were held responsible for the content of their posts or their actions, we could be fined or forced to alter our practices, which could have an adverse impact on our business. Negative commentary regarding us, our products or influencers and other third parties who are affiliated with us may also be posted on social media platforms and may be adverse to our reputation or business. Influencers with whom we maintain relationships could engage in behavior or use their platforms to communicate directly with our customers in a manner that reflects poorly on our brand and may be attributed to us or otherwise adversely affect us. It is not possible to prevent such behavior and the precautions we take to detect this activity may not be effective in all cases. Our target consumers often value readily available information and often act on such information without further investigation and without regard to its accuracy. The harm may be immediate, without affording us an opportunity for redress or correction.

Our success, including our ability to anticipate and effectively respond to changing style trends, depends in part on our ability to attract and retain key personnel on our executive team, particularly our co-chief executive officers, and in our merchandising, data science, engineering, marketing, design and other organizations. Competition for key personnel is strong and we cannot be sure that we will be able to attract and retain a sufficient number of qualified personnel in the future or that the compensation costs of doing so will not adversely affect our operating results. We do not have long-term employment or non-competition agreements with any of our personnel. If we are unable to retain, attract and motivate talented employees with the appropriate skills at cost-effective compensation levels or if changes to our business adversely affect morale or retention, we may not achieve our objectives and our business and operating results could be adversely affected. In addition, the loss of one or more of our key personnel or the inability to promptly identify a suitable successor to a key role could have an adverse effect on our business. In particular, our co-chief executive officers have unique and valuable experiences leading our company from its inception through today. If either of them was to depart or otherwise reduce their focus on our company, our business may be disrupted. We do not currently maintain key-person life insurance policies on any member of our senior management team or other key employees.

Developing the highest quality products while operating with integrity, is an important component of our brand image and operating philosophy, which makes our reputation sensitive to allegations of unethical or improper business practices, whether real or perceived. We do not control our suppliers and manufacturers or their business and they may not comply with our guidelines or the law. A lack of compliance could lead to reduced sales or recalls or damage to our brand or cause us to seek alternative suppliers, which could increase our costs and result in delayed delivery of our products, product shortages or other disruptions of our operations. In addition, we rely on our manufacturers' and suppliers' compliance reporting in order to comply with regulations applicable to our products. This is further complicated by the fact that expectations of ethical business practices continually evolve and may be substantially more demanding than applicable legal requirements. Ethical business practices are also driven in part by legal developments and by diverse groups active in publicizing and organizing public responses to perceived ethical shortcomings. Accordingly, we cannot predict how such regulations or expectations might develop in the future and cannot be certain that our guidelines or current practices would satisfy all parties who are active in monitoring our products or other business practices worldwide.

The merchandise we sell to our customers is subject to regulation by the Federal Consumer Product Safety Commission, the FTC, the Food and Drug Administration, U.S. Fish and Wildlife Services and other federal, state, local and international regulatory authorities. As a result, our merchandise could become subject to recalls and other remedial actions. Product safety, labeling and licensing regulations, including consumer disclosure and warning regarding chemical exposure, may require us to remove selected merchandise from our inventory. Such recalls or removal of merchandise can result in, among other things, lost sales, diverted resources, potential harm to our reputation and increased customer service costs and legal expenses, which could have a material adverse effect on our operating results. In addition, our failure to comply with such regulations has in the past, and may in the future, subject us to investigations, enforcement actions and the imposition of significant penalties and claims, which could harm our results of operations or our ability to conduct business. Any audits and inspections by governmental agencies related to these matters could result in significant settlement amounts, damages, fines or other penalties, divert financial and management resources, and result in significant legal fees. An unfavorable outcome of any particular proceeding could have an adverse impact on our business, financial condition and results of operations. In addition, the adoption of new regulations or changes in the interpretation of existing regulations may result in significant compliance costs or discontinuation of product sales and could impair the marketing of our products, resulting in significant loss of revenue. We purchase our merchandise from numerous domestic and international vendors. Failure of our vendors to comply with applicable laws and regulations and contractual requirements could lead to litigation against us, resulting in increased legal expenses and costs. In addition, the failure of any such vendors to provide safe and humane factory conditions and oversight at their facilities could damage our reputation with customers or result in legal claims against us.

The U.S. Supreme Court held in South Dakota v. Wayfair, Inc. that states could impose sales tax collection obligations on out-of-state retailers even if those retailers lack any physical presence within the states imposing sales taxes. Under Wayfair, a person requires only a "substantial nexus" with the taxing state before the state may subject the person to sales tax collection obligations therein. An increasing number of states, both before and after the Supreme Court's ruling, have considered or adopted laws that attempt to impose sales tax collection obligations on out-of-state retailers. The Supreme Court's Wayfair decision has removed a significant impediment to the enactment of these laws and it is possible that states may seek to tax out-of-state retailers, including for prior tax years. Although we believe that we currently collect sales taxes in all states that have adopted laws imposing sales tax collection obligations on out-of-state retailers since Wayfair was decided, a successful assertion by one or more states requiring us to collect sales taxes where we presently do not do so, or to collect more taxes in a jurisdiction in which we currently do collect some sales taxes, could result in substantial tax liabilities, including taxes on past sales, as well as penalties and interest. The imposition by state governments of sales tax collection obligations on out-of-state retailers in jurisdictions where we do not currently collect sales taxes, whether for prior years or prospectively, could also create additional administrative burdens for us, put us at a competitive disadvantage if they do not impose similar obligations on our competitors and decrease our future sales, which could have a material adverse impact on our business and operating results.

We collect and maintain significant amounts of personal data and other data relating to our customers and employees. A variety of federal, state and international laws and regulations, and certain industry standards, govern or apply to our collection, use, retention, sharing and security of consumer data. We are subject to certain laws, regulations, contractual obligations and industry standards (including, for example, the PCI-DSS) relating to privacy, data protection, information security and consumer protection, including California's Consumer Legal Remedies Act and unfair competition and false advertising laws, which are evolving and subject to potentially differing interpretations. These requirements may be interpreted and applied in a manner that is inconsistent from one jurisdiction to another or may conflict with other rules or our practices. As a result, our practices likely have not complied or may not comply in the future with all such laws, regulations, requirements and obligations. Any failure, or perceived failure, by us to comply with our privacy policies or with any federal, state or international laws, regulations, industry self-regulatory principles, industry standards or codes of conduct, regulatory guidance, orders to which we may be subject or other legal or contractual obligations relating to privacy, data protection, information security or consumer protection could adversely affect our reputation, brand and business, and may result in claims, proceedings or actions against us by governmental entities or others or other liabilities or require us to change our operations and/or cease or modify our use of certain data sets. Any such claim, proceeding or action could hurt our reputation, brand and business, force us to incur significant expenses in defense of such proceedings, distract our management, increase our costs of doing business, result in a loss of customers and suppliers or an inability to process credit card payments and may result in the imposition of monetary penalties. We may also be contractually required to indemnify and hold harmless third parties from the costs or consequences of non-compliance with any laws, regulations or other legal obligations relating to privacy or consumer protection or any inadvertent or unauthorized use or disclosure of data that we store or handle as part of operating our business. Additionally, any failure by us to comply with the PCI-DSS may violate payment card association operating rules, applicable laws and regulations, and contractual obligations to which we are subject. Any such failure to comply with the PCI-DSS also may subject us to fines, penalties, damages, and civil liability, or the loss of our ability to accept credit and debit card payments, any of which may materially adversely affect our business, financial condition and operating results. Federal, state and international governmental authorities continue to evaluate the privacy implications inherent in the use of third-party "cookies" and other methods of online tracking for behavioral advertising and other purposes. The United States and foreign governments have enacted, have considered or are considering legislation or regulations that could significantly restrict the ability of companies and individuals to engage in these activities, such as by regulating the level of consumer notice and consent required before a company can employ cookies or other electronic tracking tools or the use of data gathered with such tools. Additionally, some providers of consumer devices and web browsers have implemented, or announced plans to implement, means to make it easier for Internet users to prevent the placement of cookies or to block other tracking technologies, which could if widely adopted result in the use of third-party cookies and other methods of online tracking becoming significantly less effective. Regulation of the use of these cookies and other online tracking and advertising practices, or a loss in our ability to make effective use of services that employ such technologies, could increase our costs of operations and limit our ability to track trends, optimize our product assortment or acquire new customers on cost-effective terms and consequently, materially adversely affect our business, financial condition and operating results. For example, Apple has imposed requirements for consumer disclosures regarding privacy practices, and has implemented an application tracking transparency framework that requires opt-in consent for certain types of tracking. This transparency framework was launched in April 2021. This transparency framework has and may continue to negatively impact the effectiveness of our advertising practices. Additionally, in June 2023, Apple announced new SDK privacy controls that it integrated into iOS 17, which was released in September 2023, including new protections designed to limit tracking or identification of user devices. In February 2022, Google announced its Privacy Sandbox initiative for Android, a multi-year effort expected to restrict tracking activity and limit advertisers' ability to collect app and user data across Android devices. Google began rolling out the Privacy Sandbox on January 4, 2024, and in July 2024, announced its change from a previously-announced plan to phase out third-party cookies in the second half of 2024. Foreign laws and regulations relating to privacy, data protection, information security, and consumer protection often are more restrictive than those in the United States. The EU, for example, traditionally has imposed stricter obligations under its laws and regulations relating to privacy, data protection and consumer protection than the United States. The General Data Protection Regulation, or GDPR, governs the EU's data practices and privacy. The GDPR requires companies to meet more stringent requirements regarding the handling of personal data of individuals in the EU than were required under predecessor EU requirements. The GDPR provides for substantial penalties for non-compliance, which may result in monetary penalties of up to 20.0 million Euros or 4% of a company's worldwide turnover, whichever is higher. European privacy and data protection laws, including the GDPR, regulate the transfer of personal data from Europe, including the European Economic Area, or EEA, the UK, and Switzerland, to third countries that have not been found to provide adequate protection to such personal data, including the United States, unless the parties to the transfer have implemented specific safeguards to protect the transferred personal information. The safeguard on which we have primarily relied for such transfers has been use of the European Commission's standard contractual clauses, or SCCs. We have undertaken certain efforts to conform transfers of personal data from the European Economic Area, or the EEA, to the United States based on our understanding of current regulatory obligations and the guidance of data protection authorities. In the "Schrems II" decision issued by the Court of Justice of the European Union, or CJEU, on July 16, 2020, the CJEU invalidated one mechanism for cross-border personal data transfer, the EU-U.S. Privacy Shield, and imposed additional obligations on companies relying on the SCCs to transfer personal data. The Swiss-U.S. Privacy Shield framework subsequently was invalidated by the Swiss Federal Data Protection and Information Commissioner. Following issuance of a U.S. executive order, a new framework, the EU-U.S. Data Privacy Framework, or DPF, was created. Following an adequacy decision issued by the European Commission on July 10, 2023, the DPF, along with a UK extension to the DPF that allows the transfer of personal data from the UK to the U.S., or the UK DPF Extension, are available for companies to use to legitimize personal data transfers to the U.S. from the EEA and UK. Additionally, on September 15, 2024, the Swiss Federal Council announced an adequacy finding regarding the Swiss-U.S. Data Privacy Framework, or the Swiss-U.S. DPF, which is available for companies to use to legitimize personal data transfers from Switzerland to the U.S. The DPF has faced a legal challenge, and it, the Swiss-U.S. DPF, and the UK DPF Extension may be modified and subject to legal challenges in the future, and it remains unclear whether the DPF, the Swiss-U.S. DPF, or the UK DPF Extension will be appropriate for us to rely on. Developments relating to cross-border data transfer may result in data protection regulators applying differing standards for, and requiring ad hoc verification of, transfers of personal data from Europe or other regions to the U.S. The European Commission has released revised SCCs addressing the CJEU concerns. The UK has also adopted new standard contractual clauses, or the UK SCCs, which became effective on March 21, 2022. The CJEU's Schrems II decision, the revised SCCs and the UK SCCs, regulatory guidance and opinions, and other developments relating to cross-border data transfer may require us to implement additional contractual and technical safeguards for any personal data transferred out of the EEA, the UK and Switzerland, which may increase compliance costs, lead to increased regulatory scrutiny or liability, may require additional contractual negotiations, and may adversely impact our business, financial condition and operating results. The UK has implemented legislation similar to the GDPR, including the UK Data Protection Act and legislation similar to the GDPR referred to as the UK GDPR, which provides for fines of up to the greater of 17.5 million British Pounds or 4% of a company's worldwide turnover, whichever is higher. Additionally, the relationship between the UK and the EU in relation to certain aspects of data protection law remains unclear following the UK's exit from the EU, including with respect to regulation of data transfers between EU member states and the UK. On June 28, 2021, the European Commission announced a decision of "adequacy" concluding that the UK ensures an equivalent level of data protection to the GDPR, which generally permits continued personal data flows from the EEA to the UK. Some uncertainty remains, however, as this adequacy determination must be renewed after four years and may be modified or revoked in the interim. We cannot fully predict how the Data Protection Act, the UK GDPR, and other UK data protection laws or regulations may develop in the medium to longer term nor the effects of divergent laws and guidance regarding how data transfers to and from the UK will be regulated. Further, the GDPR and other similar regulations require companies to give specific types of notice and in some cases seek consent from consumers and other data subjects before collecting or using their data for certain purposes, including some marketing activities. The European Commission also has a draft regulation in the approval process that focuses on a person's right to conduct a private life. The proposed legislation, known as the Regulation of Privacy and Electronic Communications, or ePrivacy Regulation, would replace the current ePrivacy Directive. Originally planned to be adopted and implemented at the same time as the GDPR, the ePrivacy Regulation is still being negotiated. If adopted, the ePrivacy Regulation is expected to have a broad potential impact on the use of internet-based services and tracking technologies, such as cookies. Aspects of the ePrivacy Regulation remain for negotiation between the European Commission and the Council. We expect to incur additional costs to comply with the requirements of the ePrivacy Regulation as it is finalized for implementation. Further, on January 13, 2022, the Austrian data protection authority published a decision ruling that the collection of personal data and transfer to the United States through Google Analytics and other analytics and tracking tools used by website operators violates the GDPR. On February 10, 2022, the French data protection authority issued a press release announcing that the French data protection authority had issued a similar decision. Other data protection authorities in the EU are increasingly focused on the use of online tracking tools and have indicated that they plan to issue similar rulings. We may find it necessary or appropriate to develop or use alternative methods to replace the functionality of cookies. Outside of the EU, many countries and territories have laws, regulations, or other requirements relating to privacy, data protection, information security, localized storage of data, and consumer protection, and new countries and territories are adopting such legislation or other obligations with increasing frequency. In China, for example, the Personal Information Protection Law, or PIPL, was adopted on August 20, 2021 and went into effect on November 1, 2021. The PIPL shares similarities with the GDPR, including extraterritorial application, data minimization, data localization and purpose limitation requirements, as well as obligations to provide certain notices and rights to citizens of China. The PIPL allows for fines of up to 50 million renminbi, or 5% of a covered company's revenue in the prior year. More generally, many of these foreign laws and regulations may require consent from consumers for the use of data for various purposes, including marketing, which may reduce our ability to market our products. There is no harmonized approach to these laws and regulations globally. Consequently, international activities and operations increase our risk of non-compliance with applicable laws and regulations, and we would increase our risk of non-compliance with applicable foreign data protection laws by expanding internationally. We may need to change and limit the way we use personal information in operating our business, may be required to make additional investments in compliance programs, may be required to update our policies and procedures and may have difficulty maintaining a single operating model that is compliant. In addition, various federal, state and foreign legislative and regulatory bodies, or self-regulatory organizations, may expand current laws or regulations, enact new laws or regulations or issue revised rules or guidance regarding privacy, data protection, information security and consumer protection. For example, in 2018, California enacted the California Consumer Privacy Act, or CCPA, which, among other things, requires new disclosures to California consumers and affords such consumers new abilities to opt out of certain sales of personal information. The CCPA, which became effective January 1, 2020, provides for civil penalties for violations, as well as a private right of action for certain data breaches that result in the loss of personal information. This private right of action may increase the likelihood of, and risks associated with, data breach litigation. Moreover, California voters approved the California Privacy Rights Act, or CPRA, in November 2020. The CPRA significantly modified the CCPA, creating obligations relating to consumer data effective as of January 1, 2022. Numerous other states have proposed, and in certain cases enacted, legislation that share similarities with the CCPA and the CPRA. Aspects of these privacy statutes remain unclear, resulting in further uncertainty and potentially requiring us to modify our data practices and policies and to incur substantial additional costs and expenses in an effort to comply. As a general matter, compliance with laws, regulations, and any applicable rules or guidance from self-regulatory organizations relating to privacy, data protection, information security and consumer protection may result in substantial costs and may necessitate changes to our business practices, which may compromise our growth strategy, adversely affect our ability to acquire customers, and otherwise adversely affect our business, financial condition and operating results.

We use multiple third-party suppliers and manufacturers based primarily in China. With the rapid development of the Chinese economy, the cost of labor has increased and may continue to increase in the future. Furthermore, pursuant to Chinese labor laws, employers in China are subject to various requirements when signing labor contracts, paying remuneration, determining the term of employees' probation and unilaterally terminating labor contracts. Our results of operations will be materially and adversely affected if the labor costs of our third-party suppliers and manufacturers increase significantly. In addition, we and our manufacturers and suppliers may not be able to find a sufficient number of qualified workers due to the intensely competitive and fluid market for skilled labor in China. We also sell our merchandise to customers in China and use Chinese-owned social media and payment platforms such as TikTok, WeChat and AliPay to market to and transact with customers inside and outside of China. Operating and doing business in China and using Chinese-owned social media platforms as tools for marketing, messaging and transacting with our customers in China exposes us to political, legal and economic risks. In particular, the political, legal and economic climate in China, both nationally and regionally, and China's relationship with the United States, is fluid and unpredictable. Our ability to operate and do business in China and use Chinese-owned social media platforms may be adversely affected by changes in U.S. and Chinese laws and regulations such as those related to, among other things, taxation, import and export tariffs, custom duties, social media, environmental regulations, land use rights, intellectual property, currency controls, network security, employee benefits, hygiene supervision and other matters. In addition, we may not obtain or retain the requisite legal permits to continue to operate in China and costs or operational limitations may be imposed in connection with obtaining and complying with such permits. In addition, Chinese trade regulations are in a state of flux and we may become subject to other forms of taxation, tariffs and duties in China. Furthermore, the third parties we rely on in China may disclose our confidential information or intellectual property to competitors or third parties, which could result in the illegal distribution and sale of counterfeit versions of our products. If any of these events occur, our business, financial condition and results of operations could be materially and adversely affected. See also "-Tariffs imposed by the U.S. government or a global trade war could increase the cost of our products, which could have a material adverse effect on our business, financial condition and results of operations." In addition, the U.S. government has in the past implemented restrictions, and may implement still further restrictions, which affect conducting business with certain Chinese companies, including TikTok. For example, on April 24, 2024, President Biden signed into law certain measures requiring TikTok's parent company to sell TikTok by January 2025 or face a total ban in the United States. Due to the uncertainty regarding the timing, content and extent of any changes in policy and regulatory restrictions, we cannot assure you that we will successfully mitigate any negative impact, including any ability to continue to procure items or services from entities linked to China or other designated countries. Depending upon their duration and implementation, such executive or regulatory actions could result in a material adverse effect on our business, financial condition and results of operations.

Most of our sales are denominated in U.S. dollars. However, a strengthening U.S. dollar could increase the real cost of our products to our customers outside of the United States that pay in foreign currencies, which could adversely affect our operating results. Fluctuations in foreign currency exchange rates may cause us to recognize transaction gains and losses in our consolidated statements of income. If we become more exposed to currency fluctuations and are not able to successfully hedge against the risks associated with currency fluctuations, our operating results could be materially and adversely affected.