Squarespace (SQSP) Risk Analysis

Litigation is very common in connection with the sale of public companies, regardless of whether the claims have any merit. One of the conditions to consummating the Merger is that no order preventing the consummation of the Merger shall have been issued by any court. Consequently, if any such lawsuit challenging the Merger is successful in obtaining an order preventing the consummation of the Merger, that order may delay or prevent the Merger from being completed. While we will evaluate and defend against any lawsuits, the time and costs of defending against litigation relating to the Merger may adversely affect our business.

We are subject to a variety of laws and regulations, including regulation by various federal government agencies, including the FTC, the Federal Communications Commission and state and local agencies, as well as data privacy and security laws in jurisdictions outside of the United States. We collect personal information and other potentially protected information from our employees, our current and prospective customers and their users. The U.S. federal and various state and foreign governments have adopted or proposed limitations on, or requirements regarding, the collection, distribution, use, security and storage of personal information, payment card information or other confidential information of individuals and the FTC and many state attorneys general are applying federal and state consumer protection laws to impose standards on the online collection, use and dissemination of data. Self-regulatory obligations, other industry standards, policies and other legal obligations may apply to our collection, distribution, use, security or storage of personal information, payment card information, payment solution know-your-customer and risk information or other confidential information relating to individuals. These obligations may be interpreted and applied inconsistently from one jurisdiction to another and may conflict with one another, other regulatory requirements or our internal practices. Any failure or perceived failure by us to comply with United States, European Union or other foreign privacy or security laws, policies, industry standards or legal obligations or any security incident resulting in the unauthorized access to, or acquisition, release or transfer of, personal information, payment card information, payment solution know-your-customer and risk information or other confidential information relating to our customers, employees or others may result in governmental enforcement actions, litigation, fines and penalties or adverse publicity and could cause our customers to lose trust in us, which could have an adverse effect on our reputation, business, financial condition and results of operations. We expect there will continue to be newly enacted and proposed laws and regulations as well as emerging industry standards concerning privacy, data protection and information security in the United States, the European Union and other jurisdictions, and we cannot yet determine the impact such future laws, regulations and standards may have on our business. Such laws, regulations, standards and other obligations could impair our ability to, or the manner in which we collect or use information to target advertising to our customers, thereby having a negative impact on our ability to maintain and grow our customer base and increase revenue. For example, the CCPA requires, among other things, that covered companies such as ours provide new disclosures to California consumers and affords such consumers new rights, including the right to access and delete their information and to opt-out of certain sharing and sales of personal information or opt into certain financial incentive programs. The law also prohibits covered businesses from discriminating against consumers (e.g., charging more for services) for exercising any of their CCPA rights. The CCPA took effect on January 1, 2020 and enforcement of the CCPA began on July 1, 2020. The CCPA imposes a severe statutory damages framework as well as a private right of action for certain data breaches that result in the loss of personal information. This private right of action is expected to increase the likelihood of, and risks associated with, data breach litigation. It remains unclear how various provisions of the CCPA will be interpreted and enforced. The CCPA has been amended on multiple occasions and is the subject of regulations of the California Privacy Protection Agency. Additionally, the California Secretary of State certified the California Privacy Rights Act (the "CPRA"), which California voters approved on November 4, 2020. This initiative significantly modified the CCPA, resulting in further uncertainty and requiring us to incur additional costs and expenses in an effort to comply. Other states have passed and others may pass comparable legislation, with potentially greater penalties and more rigorous compliance requirements relevant to our business. The effects of the CCPA, and other similar state or federal laws, are potentially significant and may require us to modify our data processing practices and policies and to incur substantial costs and potential liability in an effort to comply with such legislation. Future restrictions on the collection, use, sharing or disclosure of our customers' data or additional requirements for express or implied consent of customers for the collection, use, disclosure, sharing or other processing of such information could increase our operating expenses, require us to modify our solutions, possibly in a material manner, or stop offering certain solutions, and could limit our ability to develop and implement new solutions. In addition, several foreign countries and governmental bodies, including the European Union and Canada, have laws and regulations concerning the collection and use of their residents' personal information and payment card information, which are often more restrictive than those in the United States. Laws and regulations in these jurisdictions apply broadly to the collection, use, storage, disclosure and security of personal information and payment card information identifying, or which may be used to identify, an individual, such as names, email addresses and, in some jurisdictions, Internet Protocol (IP) addresses, device identifiers and other data. Although we are working to comply with those laws and regulations applicable to us, these and other obligations may be modified and interpreted in different ways by courts, and new laws and regulations may be enacted in the future. We are subject to the E.U. General Data Protection Regulation 2016/679 (the "GDPR"), and following the United Kingdom's exit from the European Union, from January 1, 2021, we are also subject to the United Kingdom GDPR (the "U.K. GDPR"), which, together with the amended U.K. Data Protection Act of 2018 (the "U.K. Data Protection Act"), retains the GDPR in U.K. national law. The U.K. GDPR mirrors the fines under the GDPR. It remains unclear how the U.K. GDPR, the U.K. Data Protection Act and other U.K. data protection laws or regulations will develop in the medium to longer term. In addition, some countries are considering or have enacted legislation requiring local storage and processing of data that could increase the cost and complexity of delivering our solutions. Any new laws, regulations, other legal obligations or industry standards or any changed interpretation of existing laws, regulations or other standards may require us to incur additional costs and restrict our business operations. The regulatory environment applicable to the handling of European Economic Area ("EEA"), Swiss and United Kingdom individuals' personal data (as such item is used in the GDPR), and our actions taken in response, may cause us to face a risk of enforcement actions by data protection authorities in the EEA, Switzerland and the United Kingdom, assume additional liabilities or incur additional costs and could result in our business, financial condition and results of operations being harmed. In particular, with regard to transfers to the United States of personal data of our European and United Kingdom employees and our European, Swiss and United Kingdom customers and their users, the European Commission, the United Kingdom Government, and the Swiss Federal Administration (working with the U.S. Department of Commerce) adopted an adequacy decision pursuant to the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. Data Privacy Frameworks (each individually and jointly, the "Data Privacy Frameworks"). We comply with the Data Privacy Frameworks to provide an additional legal basis for transfers of personal data to the United States from the EEA, Switzerland and the United Kingdom. It is expected that the Data Privacy Frameworks will be subject to legal challenge to be invalidated through the Court of Justice of the European Union and the E.U. Model Clauses have been subject to legal challenge and may be modified or invalidated. The European Commission has adopted new modular E.U. Model Clauses and the non-legally binding guidance on Supplementary Measures that has been issued by the European Data Protection Board casts doubt on the ability to transfer unencrypted data to the United States. We are monitoring the developments related to the Data Privacy Frameworks and E.U. Model Clauses, but depending on the outcome, we may be unsuccessful in maintaining a legitimate means for our transfer and receipt of personal data from the EEA, Switzerland and United Kingdom in the United States and any other countries that are not considered adequate by the European Union, Switzerland or the United Kingdom. We may, in addition to other impacts, experience additional costs associated with increased compliance burdens and be required to engage in new contract negotiations with third-parties that aid in processing data on our behalf or localize certain data. We may experience reluctance or refusal by current or prospective European, Swiss or United Kingdom customers to use our solutions, and we may find it necessary or desirable to make further changes to our handling of personal data of EEA, Switzerland and United Kingdom residents. We are also subject to evolving privacy laws on tracking technologies, including cookies and e-marketing. For example, in the European Union and the United Kingdom, regulators are increasingly focusing on compliance with requirements in the online behavioral advertising ecosystem, and current national laws that implement the ePrivacy Directive are highly likely to be replaced by an E.U. regulation known as the ePrivacy Regulation which will significantly increase fines for non-compliance. Guidance and case law in the European Union and the United Kingdom require opt-in consent for the placement of a cookie or similar tracking technologies on a customer's device and for direct electronic marketing. Evolving privacy laws on cookies and e-marketing could lead to substantial costs, require significant systems changes, limit the effectiveness of our marketing activities, divert the attention of our technology personnel, adversely affect our margins, increase costs and subject us to additional liabilities. Regulation of cookies and similar technologies, and any decline of cookies or similar online tracking technologies as a means to identify and potentially target users, may lead to broader restrictions and impairments on our marketing and personalization activities and may negatively impact our efforts to understand our customers. Consumers can, with increasing ease, implement technologies that limit our ability to collect and use data to deliver or advertise our services, or otherwise limit the effectiveness of our platform. Cookies may be deleted or blocked by consumers. The most commonly used Internet browsers allow consumers to modify their browser settings to block first-party cookies (placed from the domain of the website owner that the consumer is browsing) or third-party cookies (placed from a different domain), and some browsers block third-party cookies by default. Some prominent technology companies, including Google, the owner of the Chrome browser, have announced intentions to discontinue support of third-party cookies, and to develop alternative methods and mechanisms for tracking consumers. Many applications and other devices allow consumers to avoid receiving advertisements by paying for subscriptions or other downloads. Mobile devices using Android and iOS operating systems limit the ability of cookies, or similar technology, to track consumers while they are using applications other than their web browser on the device. If our privacy or data security measures fail to comply with current or future laws, regulations, policies, legal obligations or industry standards, or are perceived to have failed to so comply, we may be subject to litigation, regulatory investigations and related actions, significant fines (which, for certain breaches of the GDPR or U.K. GDPR, may be up to the greater of €20 million or 4% of total global annual turnover), civil claims including representative actions and other class action type litigation (potentially amounting to significant compensation or damages liabilities) or other liabilities, negative publicity and a potential loss of business. Moreover, if future laws, regulations, other legal obligations or industry standards, or any changed interpretations of the foregoing, limit our customers' ability to use and share personal information, including payment card information, or our ability to store, process and share such personal information or other data, demand for our solutions could decrease, our costs could increase and our business, financial condition and results of operations could be harmed.

The market for providing software as a service based website design and management software is evolving and we face competition in various aspects of our business, which we expect to intensify in the future as existing and new competitors introduce new solutions or enhance existing solutions. We also compete with specific providers offering services or products that overlap with parts of our solutions, including online presence solutions, e-commerce solutions, domain registration and website hosting services, email marketing solutions, scheduling solutions and hospitality solutions. Some of our competitors have longer operating histories, larger customer bases, greater brand recognition, more extensive commercial relationships and greater financial and other resources than we do. New or existing competitors may be able to develop solutions better received by customers or may be able to respond more quickly and effectively than we can to new or changing opportunities, technologies, regulations or requirements of our customers and their users. In addition, some larger competitors may be able to leverage a larger installed customer base and distribution network to adopt more aggressive pricing policies and offer more attractive sales terms, which could increase customer churn, cause us to lose potential sales or reduce prices to remain competitive. Competition may also intensify as our competitors enter into business combinations or alliances or raise additional capital, or as established companies in other market segments or geographic regions expand into our market segments or geographic regions. For instance, certain competitors could use strong or dominant positions in one or more markets to gain a competitive advantage by integrating competing platforms or features into solutions they control such as search engines, web browsers, mobile device operating systems or social networks or by making access to our platform more difficult. We also expect new entrants to offer competitive solutions. If we cannot compete successfully against current and future competitors, our business, financial condition and results of operations could be negatively impacted.

Although we expect continued demand from individuals and businesses for our solutions, it is possible the rate of growth may not meet our expectations, or the market may not grow. Our expectations for future revenue growth are based in part on assumptions reflecting our industry knowledge and experience serving individuals and businesses, as well as our assumptions regarding demographic shifts, growth in the availability and capacity of internet infrastructure internationally and the general economic climate. If any of these assumptions proves to be inaccurate, including as a result of the extent of current global economic uncertainty, our growth could be significantly lower than expected. Our ability to compete successfully depends on our ability to offer an integrated and comprehensive platform enabling a diverse base of customers to start, grow and run their businesses or promote their brand. The success of our solutions is predicated on the assumption that an online presence is, and will continue to be, an important factor in our customers' abilities to establish, expand and manage their brand and business quickly, easily and affordably. If we are incorrect in this assumption, for example due to the introduction of a new technology or industry standard superseding the importance of an online presence or rendering our existing or future solutions obsolete, then our ability to retain existing customers and attract new customers could be adversely affected, which could harm our business, financial condition and results of operations.

We believe that protecting, maintaining and enhancing the Squarespace brand is integral to our success, particularly as we seek to attract new customers. Protecting, maintaining and enhancing our brand will depend largely on our ability to continue to provide design-focused and differentiated solutions, which we may not do successfully. The value of our brand may decline if we are unable to maintain the image of the Squarespace brand as design-focused. Successfully maintaining our brand will depend largely on the effectiveness of our marketing efforts, our ability to provide a reliable and useful platform to meet the needs of our customers, our ability to maintain our customers' trust and our ability to continue to develop and successfully differentiate our solutions. Errors, defects, disruptions or other performance problems with our solutions, including with third-party services accessed through our platform, may harm our reputation and brand. Unfavorable media coverage, negative publicity or negative public perception about us or our marketing efforts, our industry, the quality and reliability of our platform or our privacy and security practices may also harm our reputation and our brand. If events occur that damage our reputation and brand, our ability to expand our subscription base may be impaired, and our business, financial condition and results of operations may be harmed. We also believe that the importance of brand recognition will increase as competition in our market increases and the promotion of our brand may require substantial expenditures. We have invested, and may continue to invest, substantial resources to increase our brand awareness, both generally and in specific geographies and to specific customer groups. There can be no assurance that our brand development strategies and investment of resources will enhance recognition of the Squarespace brand or lead to an increased customer base. Furthermore, our international branding efforts may prove unsuccessful due to language barriers and cultural differences. If our efforts to protect and promote our brand are not successful, our business, financial condition and results of operations may be adversely affected. In addition, even if brand recognition and loyalty increases, revenue may not increase at a level commensurate with our marketing spend.

As of June 30, 2024, we had customers in over 200 countries and territories and expect to continue to expand our international operations in the future. However, international sales and the use of our platform in various countries subject us to risks that we do not generally face with respect to domestic sales. These risks include, but are not limited to: - greater difficulty in enforcing contracts, including our terms of service and other agreements;- lack of familiarity and burdens and complexity involved with complying with multiple, conflicting and changing foreign laws, standards, regulatory requirements, tariffs, export controls and other barriers;- data privacy laws, which may require that customer and user data be stored and processed in a designated territory;- differing technology standards and different strategic priorities for customers in various jurisdictions;- weaker protection for intellectual property in certain jurisdictions;- potentially adverse tax consequences, including the complexities of foreign value-added tax (or other tax) systems and restrictions on the repatriation of earnings;- uncertain political and economic climates and increased exposure to global political, economic and social risks that may impact our operations or our customers' operations and/or decrease consumer spending, including the impact of global health emergencies;- difficulties in ensuring compliance with government regulations of e-commerce and other services, which could lead to lower adoption rates;- potentially restrictive actions by foreign governments or regulators, including actions that prevent or limit access to our platform, solutions, apps or website;- uncertainties and instability in European and global markets and increased regulatory costs and challenges and other adverse effects caused by the United Kingdom's withdrawal from the European Union;- lower levels of credit card usage and increased payment risks;- currency exchange rates;- reduced or uncertain protection for intellectual property rights and free speech in some countries;- new and different sources of competition; and - restricted access to and/or lower levels of use of the internet. These factors may cause international costs of doing business to exceed comparable domestic costs and may also require significant management attention and financial resources. Any negative impact from our international business efforts could adversely affect our business, financial condition and results of operations.

We rely heavily on our network infrastructure and IT systems for our business operations. Unanticipated events such as a cyber attack (including illegal hacking, ransomware, phishing or criminal fraud or impersonation), earthquake, fire, flood, terrorist attack, power loss, global pandemic or other future adverse public health developments, telecommunications failure or other similar catastrophic events could cause interruptions in the availability of our platform, delays in accessing our solutions, reputational harm and loss of critical data. Such events could prevent us from providing our solutions to our customers and their users. A catastrophic event that results in the destruction or disruption of our data centers, network infrastructure or IT systems, including any errors, defects or failures in third-party services, could result in costly litigation or other claims and adversely affect our business, financial condition and results of operations. We may also need to expend significant additional resources to protect against cyber attacks or other catastrophic events or to redress problems caused by such events. Additionally, our insurance policies may not be adequate to reimburse us for losses caused by these events and we may not be able to fully collect, if at all, under these insurance policies.

Our business, financial condition and results of operations are affected by fluctuations due to changes in foreign currency exchange rates. While we generate the majority of our revenue in U.S. dollars, a portion of our revenue is denominated in Euros. For the six months ended June 30, 2024, 71.5% of our revenue was denominated in U.S. dollars and 28.5% of our revenue was denominated in Euros. As we expand globally, we will be further exposed to fluctuations in currency exchange rates to the extent that the revenue that we generate in currencies other than the U.S. dollar increases. Furthermore, currency exchange rates have been especially volatile in the recent past, and these currency fluctuations have made and may continue to make it difficult for us to accurately predict our results of operations.

Our future success will depend upon our continued ability to attract, hire, integrate and retain highly skilled personnel, including senior management, engineers, designers, product managers, finance, and legal personnel and customer support. Competition for highly skilled personnel is intense. We compete with many other companies for engineers, designers and product managers with meaningful experience in designing, developing and managing software, as well as for skilled marketing, operations and customer support professionals, and we may not be successful in attracting and retaining the professionals we need. We may need to invest significant amounts of cash and equity to attract and retain new and highly skilled employees, and may never realize returns on these investments. In addition, we are limited in our ability to recruit global talent for our U.S. offices by U.S. immigration laws, including those related to H1-B visas. If we are not able to effectively hire, train and retain employees, our ability to achieve our strategic objectives will be adversely impacted and our business, financial condition and results of operations will be harmed. At present we support remote, hybrid and fully office based arrangements for our employee base. While we have a distributed workforce and our employees are accustomed to working remotely or working with remote employees, our workforce has not historically been fully remote. Doing less business in-person may impact our ability to preserve our corporate culture. Any failure to preserve our culture could negatively affect our future success, including our ability to retain and recruit personnel and to effectively focus on and pursue our corporate objectives. Our management team has spent, and may continue to spend, significant time, attention and resources monitoring workplace-related changes and seeking to manage the effects on our business and workforce. In addition to hiring and integrating new employees, we must continue to focus on retaining our key employees who foster and promote our innovative corporate culture. Our future performance depends on the continued services and contributions of our Founder and Chief Executive Officer, Mr. Casalena, who is critical to the development of our business and growth strategy, in addition to other key employees to execute on our business plan and to identify and pursue new opportunities and solutions. The failure to properly develop or manage succession plans or develop leadership talent or the loss of services of key employees could significantly delay or prevent the achievement of our strategic objectives. From time to time, there may be changes in our senior management team resulting from the hiring or departure of executives, which could disrupt our business. We do not have fixed term agreements with our executive officers or other key personnel that require them to work beyond a standard notice period; therefore, they could terminate their employment with us at any time. The loss of one or more of our key employees (including any limitation on the performance of their duties or short term or long term absences as a result of illness) could adversely affect our business, financial condition and results of operations.

The success of our platform depends, in part, on our ability to integrate and offer third-party services to our customers. In particular, we use Stripe, Inc. ("Stripe") to process our transactions with our customers and we offer payment processing integrations through Stripe, PayPal Holdings, Inc. ("PayPal") and Block, Inc. ("Block"). We also use Stripe to process transactions for our native payment solution. While we offer our customers access to three payment processing integrations and our native payment solution through which to charge their users, disruptions or problems with the relevant services provided by Stripe, PayPal or Block could have an adverse effect on our reputation, business, financial condition and results of operations. Further, if Stripe or any of the other payment service providers we use were to terminate, or materially alter, its relationship with us or become unable to continue processing payments on our behalf, we could experience an impact to our financial results or incur substantial delays and expense in finding and integrating an alternative payment service provider to process payments from our customers and their users, and the quality and reliability of any such alternative payment service provider may not be comparable.