Warby Parker (WRBY) Risk Factors

From time to time, legislation is drafted and introduced in Congress that could significantly change the statutory provisions governing the regulation of medical devices. In addition, the FDA may change its policies, adopt additional regulations or revise existing regulations, or take other actions, which may prevent or delay marketing authorization of our products or impact our ability to modify any products for which we or our third-party manufacturers have already obtained marketing authorizations on a timely basis. For example, in September 2019, the FDA issued revised final guidance describing an optional "safety and performance based" premarket review pathway for manufacturers of "certain, well-understood device types" to demonstrate substantial equivalence under the 510(k) clearance pathway by showing that such device meets objective safety and performance criteria established by the FDA, thereby obviating the need for manufacturers to compare the safety and performance of their medical devices to specific predicate devices in the clearance process. The FDA has identified soft (hydrophilic) daily-wear contact lenses as a device type appropriate for the "safety and performance based" pathway and in March 2023 issued a final guidance describing the testing performance criteria that could support a substantial equivalence determination with respect to certain soft (hydrophilic) daily-wear contact lenses, including the contract manufactured lenses we currently resell under our Scout by Warby Parker label. Under the March 2023 guidance, manufacturers of such contact lenses have the option to submit a 510(k) under the safety and performance-based pathway, rather than submitting a traditional 510(k) premarket notification. In addition, FDA regulations and guidance are often revised or reinterpreted by the FDA in ways that may significantly affect our business and our products. Any new statutes, regulations, or revisions or reinterpretations of existing regulations may impose additional costs or lengthen review times of any product candidates or make it more difficult to obtain marketing authorizations for, manufacture, market, or distribute any product candidate we are developing. For example, on January 31, 2024, the FDA issued a final rule to amend the QSR, which establishes current good manufacturing practice requirements for medical device manufacturers, to replace the existing QSR requirements with standards set by the International Organization for Standardization. Specifically, this final rule, which the FDA expects to go into effect on February 2, 2026, could impose additional or different regulatory requirements on us and our third-party manufacturers that could increase the costs of compliance or otherwise negatively affect our business. We cannot determine what effect changes in regulations, statutes, legal interpretation or policies, when and if promulgated, enacted or adopted may have on our business in the future. If we are slow or unable to adapt to changes in existing requirements or the adoption of new requirements or policies, or if we are not able to maintain regulatory compliance, we may be subject to enforcement action and we may not achieve or sustain profitability. Regulatory changes could result in restrictions on our ability to carry on or expand our operations, higher than anticipated costs, or lower than anticipated sales.

In the United States, the methods used in, and the facilities used for, the manufacture of medical devices must comply with the FDA's design control requirements and current Good Manufacturing Practices for medical devices, known as the Quality System Regulation, or QSR, which is a complex regulatory scheme that covers the procedures and documentation of the design, testing, production, process controls, quality assurance, labeling, packaging, handling, storage, distribution, installation, servicing, and shipping of medical devices. Furthermore, manufacturers of medical devices are required to verify that their suppliers maintain facilities, procedures, and operations that comply with our quality standards and applicable regulatory requirements. The FDA enforces the QSR through periodic announced or unannounced inspections of medical device manufacturing facilities, which may include the facilities of subcontractors. Our products are also subject to similar state regulations and various laws and regulations of foreign countries governing manufacturing. Our third-party manufacturers may not take the necessary steps to comply with applicable regulations, which could cause delays in the delivery of our products. In addition, we engage in certain relabeling and repackaging activities with respect to our frames and sunglasses products which subject us to direct oversight by the FDA under the FDCA and its implementing regulations. These regulations include the FDA's Unique Device Identification System Final Rule, or UDI Final Rule. Among other things, the UDI final rule obligates device labelers to include unique device identifiers, or UDIs, on certain medical device labels and packages, and to submit certain data pertaining to device labeling to the FDA's Global Unique Device Identification Database (GUDID), unless an exception applies. On July 25, 2022, the FDA issued a final guidance stating that the FDA does not intend to enforce the GUDID submission requirements for certain Class I devices considered "consumer health products", which the FDA defined to include certain types of 510(k)-exempt Class I devices that are sold directly to consumers over-the-counter in brick-and-mortar and/or online stores. We or our third-party manufacturers are also subject to FDA regulations with respect to medical devices relating to clinical trials, establishment registration and device listing, sales and distribution, recordkeeping, advertising and promotion, recalls and field safety corrective actions, postmarket surveillance, including reporting of deaths or serious injuries and malfunctions that, if they were to recur, could lead to death or serious injury, and import and export. The regulations to which we are subject are complex and have tended to become more stringent over time. Certain of these requirements were waived for visual acuity charts such as the Virtual Vision Test during the COVID-19 public health emergency under the Enforcement Policy Guidance. This waiver under the Enforcement Policy Guidance expired in November 2023. Failure to comply with applicable FDA requirements or later discovery of previously unknown problems with our products or manufacturing processes could result in, among other things: Warning Letters or untitled letters; fines, injunctions or civil penalties; suspension or withdrawal of approvals; seizures or recalls of our products; total or partial suspension of production or distribution; administrative or judicially imposed sanctions; the FDA's refusal to grant pending or future clearances or approvals for medical devices; refusal to permit the import or export of our products; and criminal prosecution of us, our suppliers, or our employees. Any of these actions could significantly and negatively affect supply of our products. If any of these events occurs, our reputation could be harmed, we could be exposed to product liability claims and we could lose customers and experience reduced sales and increased costs. In addition, the FDA and foreign regulatory bodies have the authority to require the recall of commercialized products in the event of material deficiencies or defects in design or manufacture of a product or in the event that a product poses an unacceptable risk to health. The FDA's authority to require a recall must be based on a finding that there is reasonable probability that the device could cause serious adverse health consequences or death. Manufacturers may also choose to voluntarily recall a product if any material deficiency is found. A government mandated or voluntary recall by us could occur as a result of an unacceptable risk to health, component failures, malfunctions, manufacturing defects, labeling or design deficiencies, packaging defects or other deficiencies or failures to comply with applicable regulations. Product defects or other errors may occur in the future. Depending on the corrective action the manufacturer takes to redress a product's deficiencies or defects, the FDA may require the manufacturer to obtain new marketing authorizations prior to resuming marketing or distribution of the corrected device. Seeking such clearances or approvals may delay the ability to replace the recalled devices in a timely manner. Moreover, if we or our third-party manufacturers do not adequately address problems associated with our products, we may face additional regulatory enforcement action. Companies are required to report certain voluntary recalls and corrections to FDA and to maintain certain records of recalls and corrections that are not reportable to the FDA. We or our third-party manufacturers may initiate voluntary withdrawals or corrections for our products that we or our third-party manufacturers determine do not require notification of the FDA. If the FDA disagrees with such determinations, it could require the relevant manufacturer to report those actions as recalls and levy enforcement action. A future recall announcement could harm our reputation with customers, potentially lead to product liability claims against us and negatively affect our sales. Any corrective action, whether voluntary or involuntary, as well as defending ourselves in a lawsuit, will require the dedication of our time and capital, distract management from operating our business, and may harm our reputation and financial results.

Our products, including contact lenses, eyeglasses, sunglasses, and our Virtual Vision Test mobile application, among others, are regulated as medical devices in the United States by the FDA pursuant to the FDCA and FDA regulations. Before a manufacturer can market a new medical device, or a new use of, or other significant modification to an existing, marketed medical device, the device must first receive either clearance under Section 510(k) of the FDCA, approval of a premarket approval application, or PMA, or grant of a de novo classification request from the FDA, unless an exemption applies. For example, the FDA has required manufacturers of certain disposable and daily-wear contact lenses to obtain 510(k) clearances prior to marketing these products, while requiring manufacturers of certain extended-wear contact lenses to obtain approval of a PMA. In the 510(k) clearance process, before a device may be marketed, the FDA must determine that a proposed device is "substantially equivalent" to a legally marketed "predicate" device, which includes a device that has been previously cleared through the 510(k) process, a device that was legally marketed prior to May 28, 1976 (pre-amendments device), a device that was originally on the U.S. market pursuant to an approved PMA and later down-classified, or a 510(k)-exempt device. To be "substantially equivalent," the proposed device must have the same intended use as the predicate device, and either have the same technological characteristics as the predicate device or have different technological characteristics and not raise different questions of safety or effectiveness than the predicate device. In the process of obtaining PMA approval, the FDA must determine that a proposed device is safe and effective for its intended use based, in part, on extensive data, including, but not limited to, technical, preclinical, clinical trial, manufacturing, and labeling data. The PMA process is required for Class III devices, which are devices that are deemed to pose the greatest risk, such as life-sustaining, life-supporting, or implantable devices. In the de novo classification process, a manufacturer whose novel device under the FDCA would otherwise be automatically classified as Class III and require the submission and approval of a PMA prior to marketing is able to request down-classification of the device to Class I or Class II on the basis that the device presents a low or moderate risk. If the FDA grants the de novo classification request, the applicant will receive authorization to market the device. The PMA approval, 510(k) clearance and de novo classification processes can be expensive, lengthy and uncertain. The FDA's 510(k) clearance process usually takes from three to 12 months, but can take longer. The process of obtaining a PMA is much more costly and uncertain than the 510(k) clearance process and generally takes from one to three years, or even longer, from the time the application is submitted to the FDA. In addition, a PMA generally requires the performance of one or more clinical trials. Clinical data may also be required in connection with an application for 510(k) clearance or a de novo request. Despite the time, effort, and cost, a device may not obtain marketing authorization by the FDA. To date, we have not obtained authorization from the FDA to market any product in the United States, and we generally intend to manufacture 510(k)-exempt devices and/or rely on our third-party vendors and manufacturers, including Menicon, which produces our private label Scout by Warby Parker contact lenses, to have obtained and maintained the necessary marketing authorizations from the FDA for the products we sell. We have not sought or obtained 510(k) clearance or other FDA marketing authorization for our Virtual Vision Test mobile app. We initially registered and marketed the Virtual Vision Test as a Class I 510(k)-exempt medical device. On April 28, 2021 the FDA notified us that a 510(k) premarket notification was required for our Virtual Vision Test mobile application, although the agency also stated that it did not intend to object to our continued marketing of the Virtual Vision Test mobile app without 510(k) clearance, so long as the conditions described in the FDA's guidance "Enforcement Policy for Remote Ophthalmic Assessment and Monitoring Devices During the Coronavirus Disease 2019 (COVID-19) Public Health Emergency," or the Enforcement Policy Guidance, are met. Subsequently, on November 14, 2022, the FDA confirmed that the basis for its April 28, 2021 decision that a 510(k) was required for Virtual Vision Test no longer applied and that devices like the Virtual Vision Test are now 510(k)-exempt. Following the expiration of the Enforcement Policy Guidance in November 2023, we are currently marketing the Virtual Vision Test mobile application as a Class I, 510(k)-exempt device. Our failure, or failure by our third party vendor or manufacturers, to obtain the proper FDA marketing authorizations for our products could lead to FDA enforcement actions, such as a Warning Letter, market withdrawals, product recalls or civil or criminal penalties that could have a material adverse effect on our business.

We are subject to general business regulations and laws as well as regulations and laws specifically governing the internet and e-commerce. Existing and future regulations and laws could impede the growth of the internet, e-commerce or mobile commerce. These regulations and laws may involve taxes, tariffs, privacy and data security, anti-spam, content protection, electronic contracts and communications, consumer protection, and internet neutrality. It is not clear how existing laws governing issues such as property ownership, sales and other taxes, and consumer privacy apply to the internet as the vast majority of these laws were adopted prior to the advent of the internet and do not contemplate or address the unique issues raised by the internet or e-commerce. It is possible that general business regulations and laws, or those specifically governing the internet or e-commerce, may be interpreted and applied in a manner that is inconsistent from one jurisdiction to another and may conflict with other rules or our practices. We cannot be sure that our practices have complied, comply, or will comply fully with all such laws and regulations. Any failure, or perceived failure, by us to comply with any of these laws or regulations could result in damage to our reputation, a loss in business and proceedings, or actions against us by governmental entities or others. Any such proceeding or action could hurt our reputation, force us to spend significant amounts in defense of these proceedings, distract our management, increase our costs of doing business, decrease the use of our sites by customers and suppliers, and may result in the imposition of monetary liability. We may also be contractually liable to indemnify and hold harmless third parties from the costs or consequences of non-compliance with any such laws or regulations. In addition, it is possible that governments of one or more countries may seek to censor content available on our website or may even attempt to completely block access to our website. Adverse legal or regulatory developments could substantially harm our business. In particular, in the event that we are restricted, in whole or in part, from operating in one or more countries, our ability to retain or increase our customer base may be adversely affected, and we may not be able to maintain or grow our net revenue and expand our business as anticipated.

We are subject to the U.S. Foreign Corrupt Practices Act, or FCPA, U.S. domestic bribery laws, and other anti-corruption and anti-money laundering laws in the countries in which we conduct activities. Anti-corruption and anti-bribery laws have been enforced aggressively in recent years and are interpreted broadly to generally prohibit companies, their employees, and their third-party intermediaries from authorizing, offering, or providing, directly or indirectly, improper payments or benefits to recipients in the public or private sector. Our transactions with our suppliers and vendors operating in foreign jurisdictions, including China, Italy, Taiwan, Vietnam, and Japan and our quality assurance presence in China, may subject us to such anti-corruption laws. If we expand our international sales and business, we may engage with business partners and third-party intermediaries to obtain necessary permits, licenses, and other regulatory approvals. In addition, we or our third-party intermediaries may have direct or indirect interactions with officials and employees of government agencies or state-owned or affiliated entities. We can be held liable for the corrupt or other illegal activities of these third-party intermediaries, our employees, representatives, contractors, partners, and agents, even if we do not explicitly authorize such activities. We cannot assure you that all of our third-party intermediaries, employees, representatives, contractors, partners, and agents will not take actions in violation of anti-corruption laws, for which we may be ultimately held responsible. As we expand our international business, our risks under these laws may increase. Detecting, investigating, and resolving actual or alleged violations of anti-corruption laws can require a significant diversion of time, resources, and attention from senior management. In addition, noncompliance with anti-corruption, anti-bribery, or anti-money laundering laws could subject us to whistleblower complaints, investigations, sanctions, settlements, prosecution, enforcement actions, fines, damages, other civil or criminal penalties or injunctions,suspension or debarment from contracting with certain persons, reputational harm, adverse media coverage, and other collateral consequences. If any subpoenas or investigations are launched, or governmental or other sanctions are imposed, or if we do not prevail in any possible civil or criminal proceeding, our business, financial condition, and results of operations could be harmed. In addition, responding to any action will likely result in a materially significant diversion of management's attention and resources and significant defense costs and other professional fees.

We collect, process, store, and use a wide variety of data from current and prospective customers, including personal and sensitive information, such as home addresses and geolocation, and health information related to their ophthalmic prescriptions. As such, we are subject to various federal, state, local, and international laws, rules, and regulations, as well as industry standards and regulatory guidance, relating to the collection, receipt, use, maintenance, storage, use, retention, security, disclosure, transfer and other processing of confidential, sensitive, and personal information. In addition, existing laws and regulations are constantly evolving, and new laws and regulations that apply to our business are being introduced at every level of government in the United States, as well as internationally. Many state legislatures have adopted legislation that regulates how businesses operate online, including measures relating to privacy, data security, and data breaches. Such legislation includes the California Consumer Privacy Act ("CCPA"), which gives California residents expanded rights related to their personal information, including the right to access and delete their personal information, and receive detailed information about how their personal information is used and shared. The CCPA also created restrictions on "sales" of personal information that allow California residents to opt-out of certain sharing of their personal information and may restrict the use of cookies and similar technologies for advertising purposes. Our e-commerce platform, including our websites and mobile applications, rely on these technologies and could be adversely affected by the CCPA's restrictions. The CCPA prohibits discrimination against individuals who exercise their privacy rights, provides for civil penalties for violations, and creates a private right of action for data breaches that is expected to increase data breach litigation. Additionally, the California Privacy Rights Act, or CPRA, went into effect in California on January 1, 2023. The CPRA expands the scope of regulated data to include sensitive personal information that we handle; enables the ability to opt out of the use of personal information for cross-context behavioral advertising techniques on which our products may rely in the future; establishes certain requirements on the retention of personal information; expands the types of data breaches subject to the private right of action; and establishes the California Privacy Protection Agency to implement and enforce the new law, as well as impose administrative fines. Similar laws have been proposed in other states and at the federal level, reflecting a trend toward more stringent privacy legislation in the United States. To the extent multiple state-level laws are introduced with inconsistent or conflicting standards and there is no federal law to preempt such laws, compliance with such laws could be difficult and costly to achieve and we could be subject to fines and penalties in the event of actual or perceived non-compliance. Additionally, we are subject to certain health information privacy and security laws as a result of the health information that we receive in connection with our products and services. These laws and regulations include HIPAA, as amended by the Health Information Technology for Economic and Clinical Health Act, or HITECH, and their implementing regulations. HIPAA requires us to develop and maintain policies and procedures governing PHI that is used or disclosed, and to implement administrative, physical and technical safeguards to protect PHI, including PHI maintained, used, and disclosed in electronic form. These safeguards include employee training, identifying business associates with whom covered entities need to enter into HIPAA-compliant contractual arrangements and various other measures. Ongoing implementation and oversight of these measures involves significant time, effort, and expense and we may have to dedicate additional time and resources to ensure compliance with HIPAA requirements. Additionally, it is not always possible to identify and deter misuse by our employees and other third parties, and the precautions we take to detect and prevent noncompliance may not be effective in preventing all misuse, breaches, or violations. For example, as discussed above, in 2018, we experienced a credential stuffing attack in which malicious third parties used credentials compromised in data breaches suffered by other companies to access accounts on our platform and received notice that OCR would be investigating the incident and our compliance with the Privacy, Security, and Breach Notification Rules and requesting certain information related to the incident and our compliance with the Privacy, Security, and Breach Notification Rules. We continue to work on a resolution with OCR. OCR enforcement activity can result in financial liability and reputational harm, and responses to such enforcement activity can consume significant internal resources. HIPAA imposes mandatory civil and criminal penalties for certain violations. HIPAA also authorizes state attorneys general to file suit on behalf of their residents. While HIPAA does not create a private right of action that would allow individuals to sue in civil court for a HIPAA violation, its standards have been used as the basis for the duty of care in state civil suits, such as those for negligence or recklessness in misusing personal information. Many states in which we operate and in which our customers reside also have laws that protect the privacy and security of health information, many of which differ from each other in significant ways and often are not preempted by HIPAA, thus complicating compliance efforts. For example, Washington has adopted the My Health My Data Act, a privacy law that imposes new state restrictions and requirements on the processing and sale of consumer health data and creates a private right of action, which will take effect as to the substantial majority of the legislation in March 31, 2024. Where state laws are more protective than HIPAA, we have to comply with the stricter provisions, absent statutory exemptions. Whether and how these exemptions will be applied under new laws such as the My Health My Data Act and the CCPA and CPRA is an unsettled area of law. In addition to fines and penalties imposed upon violators, some of these state laws also afford private rights of action to individuals who believe their personal information has been misused, such as the CCPA and CPRA. In addition, the Telephone Consumer Protection Act, or TCPA, imposes significant restrictions on the ability to make telephone calls or send text messages to mobile telephone numbers without the prior consent of the person being contacted. Claims that we have violated the TCPA could be costly to litigate, and if successful, expose us to substantial statutory damages. Foreign privacy laws are also rapidly changing, have become more stringent in recent years, and may increase the costs and complexity of offering our offerings in new geographies. In Canada, where we operate, the Personal Information Protection and Electronic Documents Act, or PIPEDA, and various provincial laws require that companies give detailed privacy notices to consumers, obtain consent to use personal information, with limited exceptions, allow individuals to access and correct their personal information, and report certain data breaches. In addition, Canada's Anti-Spam Legislation, or CASL, prohibits email marketing without the recipient's consent, with limited exceptions. Failure to comply with PIPEDA, CASL, or provincial privacy or data protection laws could result in significant fines and penalties or possible damage awards. In the European Economic Area, the General Data Protection Regulation, or the GDPR, imposes strict obligations on the ability to collect, analyze, transfer, and otherwise process personal data and the UK has a similar law. The GDPR provides for monetary penalties and companies may also face civil claims including representative actions and other class action type litigation (where individuals have suffered harm), potentially amounting to significant compensation or damages liabilities, as well as associated costs, diversion of internal resources, and reputational harm. Furthermore, regulatory guidance is evolving and monitoring developments and compliance will lead to increased costs. In addition, privacy advocates and industry groups have regularly proposed, and may propose in the future, self-regulatory standards by which we are legally or contractually bound. If we fail to comply with these contractual obligations or standards, we may face substantial liability or fines. Consumer resistance to the collection and sharing of the data used to deliver targeted advertising, increased visibility of consent or "do not track" mechanisms as a result of industry regulatory or legal developments, the adoption by consumers of browser settings or "ad-blocking" software, and the development and deployment of new technologies could materially impact our ability to collect data or reduce our ability to deliver relevant promotions or media, which could materially impair the results of our operations. Further, we are subject to the Payment Card Industry Data Security Standard ("PCI Standard"), which is a multifaceted security standard that is designed to protect credit card account data as mandated by payment card industry entities. We work with our merchant services providers to ensure PCI compliance across our payment processing channels. Despite our compliance efforts, in the event of a breach of the security of payment card data, we may become subject to claims that we have violated the PCI Data Security Standard, based on past, present, and future business practices, which could have an adverse impact on our business and reputation. In addition, we are subject to the risk of changes to or disruption in our providers' service. Costs and potential problems and interruptions associated with the implementation of new or upgraded systems and technology such as those necessary to achieve compliance with the PCI Standard or with maintenance or adequate support of existing systems could also disrupt or reduce the efficiency of our operations. Any material interruptions or failures in our payment-related systems could have a material adverse effect on our business, financial condition, and results of operations. If there are amendments to the PCI Standard, the cost of re-compliance could also be substantial and we may suffer loss of critical data and interruptions or delays in our operations as a result. Compliance with these domestic, foreign, and any other applicable privacy and data security laws and regulations is a rigorous and time-intensive process, and we may be required to put in place additional mechanisms to ensure compliance with the new data protection rules. Despite our efforts, we may not be successful in achieving compliance with the rapidly evolving privacy, data security, and data protection requirements discussed above. Emerging technologies we utilize, including artificial intelligence and machine learning, may also become subject to regulation under new laws or new applications of existing laws. While we strive to comply with applicable laws and regulations relating to privacy and data protection in all material respects, there is no assurance that we will not be subject to claims that we have violated applicable laws or codes of conduct, that we will be able to successfully defend against such claims or that we will not be subject to significant fines, penalties, or corrective action requirements in the event of non-compliance. Any actual or perceived non-compliance could result in litigation and proceedings against us by governmental entities, customers or others, fines and civil or criminal penalties, limited ability or inability to operate our business, offer services, or market our business in certain jurisdictions, negative publicity and harm to our brand and reputation, and reduced overall demand for our products and services. Such occurrences could adversely affect our business, financial condition, and results of operations. Our general liability insurance may not cover all potential claims to which we are exposed and may not be adequate to indemnify us for the full extent of our potential liabilities.

In several states where we operate, state corporate practice of medicine and optometry laws prohibit a business corporation from practicing medicine or optometry, directly employing physicians or optometrists to provide professional services, or exercising control over treatment decisions by such professionals. In these states, typically only medical professionals or a professional entity wholly owned by licensed physicians, optometrists, or other licensed medical professionals may provide medical care to patients. Many states also have some form of fee-splitting law, prohibiting certain business arrangements that involve the splitting or sharing of professional fees earned by a physician, optometrist or another medical professional for the delivery of healthcare services. Prohibitions on the practice of medicine or optometry and/or fee-splitting between licensed professionals and lay entities may be statutory or regulatory, or may be imposed through judicial or regulatory interpretation, and vary widely from state to state. In many of our retail stores, we have contractual relationships with optometrists or professional corporations or similar entities that employ ophthalmologists and/or optometrists to provide medical services to our customers. In addition, we have contractual relationships with several professional corporations or similar entities that employ ophthalmologists who review test results and renew prescriptions, as appropriate, of users of our Virtual Vision Test mobile app. We cannot provide any assurance that governmental authorities will not assert that we are engaged in the corporate practice of medicine or optometry, or that our contractual relationships with optometrists, ophthalmologists, or professional entities that employ such providers constitute unlawful fee-splitting. Moreover, we cannot predict whether changes will be made to existing laws, regulations, or interpretations, or whether new ones will be enacted or adopted, which could cause us to be out of compliance with these requirements. If our arrangements are found to violate corporate practice of medicine or optometry and/or fee-splitting laws, our provision of services through our contractual relationships with optometrists, ophthalmologists, or affiliated professional entities that employ such providers could be deemed impermissible, requiring us to do a restructuring or reorganization of our business, and we could be subject to injunctions or civil or, in some cases, criminal penalties, any of which could have a material adverse impact on our financial condition and results of operations.

From time to time, we may be subject to claims, lawsuits, government investigations, and other proceedings involving products liability, competition and antitrust, intellectual property, privacy, false advertising, consumer protection, securities, tax, labor and employment, commercial disputes, and other matters that could adversely affect our business operations and financial condition. As we have grown, we have seen a rise in the number and significance of these disputes and inquiries. For example, in March 2023, a former employee on behalf of herself and a proposed class of California hourly employees, filed a complaint against us, alleging violations of various California wage and hour laws, and two additional follow on actions have been filed against us pursuant to California's Private Attorneys General Act asserting largely overlapping claims. Litigation and regulatory proceedings may be protracted and expensive, and the results are difficult to predict. Certain of these matters include speculative claims for substantial or indeterminate amounts of damages and include claims for injunctive relief. Additionally, our litigation costs could be significant. Adverse outcomes with respect to litigation or any of these legal proceedings may result in significant settlement costs or judgments, penalties and fines, or require us to modify our products or services, all of which could negatively affect our revenue growth. The results of litigation, investigations, claims, and regulatory proceedings cannot be predicted with certainty, and determining accruals for pending litigation and other legal and regulatory matters requires significant judgment. There can be no assurance that our expectations will prove correct, and even if these matters are resolved in our favor or without significant cash settlements, these matters, and the time and resources necessary to litigate or resolve them, could harm our business, financial condition, and results of operations.

Stockholders of a Delaware public benefit corporation (if they, individually or collectively, own the lesser of 2% of its outstanding capital stock or shares of at least $2 million in market value) are entitled to file a derivative lawsuit claiming that its directors failed to balance stockholder and public benefit interests. This potential liability does not exist for traditional corporations. Therefore, we may be subject to the possibility of increased derivative litigation, which would require the attention of management and, as a result, may adversely impact management's ability to effectively execute our strategy. Any such derivative litigation may be costly and have an adverse impact on our business operations, financial conditions, and results of operations.

The convenient payment mechanisms provided by our business are key factors contributing to the development of our business. We rely on third parties, including Stripe, Affirm, Inc., PayPal, and Moneris Solutions (in Canada), for elements of our payment processing infrastructure to accept payments from customers and Coupa, in connection with our banking partners, to remit payments to suppliers. These third parties may refuse to renew our agreements with them on commercially reasonable terms or at all. If these companies become unwilling or unable to provide these services to us on acceptable terms or at all, our business may be disrupted. For certain payment methods, including credit and debit cards and Apple Pay, we generally pay interchange fees and other processing and gateway fees, and such fees result in significant costs. In addition, online payment providers are under continued pressure to pay increased fees to banks to process funds, and there is no assurance that such online payment providers will not pass any increased costs on to us. If these fees increase over time, our operating costs will increase, which could adversely affect our business, financial condition, and results of operations. Future failures of the payment processing infrastructure underlying our business could cause customers to lose trust in our payment operations and could cause them to instead turn to our competitors' products and services. If the quality or convenience of our payment processing infrastructure declines as a result of these limitations or for any other reason, the attractiveness of our business to customers could be adversely affected. If we are forced to migrate to other third-party payment service providers for any reason, the transition would require significant time and management resources, and may not be as effective, efficient, or well-received by our customers.

We rely on a limited number of third-party suppliers and contract manufacturers for the components that go into the manufacturing of our products. In particular, over half of the cellulose acetate used to produce our frames is provided by a single supplier. We also assemble and fulfill glasses at our optical laboratories as well as at a limited number of third-party optical laboratories. Further, we rely on a single logistics partner to fulfill orders for our Home Try-On program and a limited number of other logistics partners to transport and deliver our products. Our reliance on a limited number of contract manufacturers and logistics partners for our products increases our risks of being unable to deliver our products in a timely and cost-effective manner. In the event of interruption from any of our contract manufacturers or our own fulfillment capabilities, we may not be able to increase capacity from other sources or develop alternate or secondary sources without incurring material additional costs and substantial delays. Our business could be adversely affected if one or more of our manufacturers is impacted by a natural disaster, an infectious disease outbreak, or other interruption at a particular location. If we experience a significant increase in demand for our products that cannot be satisfied adequately through our existing manufacturing channels, or if we need to replace an existing manufacturer, we may be unable to supplement or replace them on terms that are acceptable to us, which may undermine our ability to deliver our products in a timely manner. For example, if we require additional manufacturing support, it may take a significant amount of time to identify a manufacturer that has the capability and resources to build our products to our specifications in sufficient volume. Identifying suitable manufacturers and logistics partners is an extensive process that requires us to become satisfied with their quality control, technical capabilities, responsiveness and service, financial stability, regulatory compliance, and labor and other ethical practices. Accordingly, a loss of any of our contract manufacturers or logistics partners could have an adverse effect on our business, financial condition, and operating results.

Efficient inventory management is a key component of our business success and profitability. To be successful, we must maintain sufficient inventory levels to meet our customers' demands without allowing those levels to increase to such an extent that the costs to our or our third-party optical laboratories, retail stores and other points of distribution that hold the goods unduly impact our financial results. We must balance the need to maintain inventory levels that are sufficient to ensure competitive lead times against the risk of inventory obsolescence because of changing customer requirements, fluctuating commodity prices, changes to our products, product transfers, or the life cycle of our products. If we fail to adequately forecast demand for any product, or fail to determine the optimal product mix for production purposes, we may face production capacity issues in processing sufficient quantities of a given product. If our buying and distribution decisions do not accurately predict customer trends or spending levels in general or if we inappropriately price products, we may have to record potential write-downs relating to the value of obsolete or excess inventory. Conversely, if we underestimate future demand for a particular product or do not respond quickly enough to replenish our best performing products, we may have a shortfall in inventory of such products, likely leading to unfulfilled orders, reduced net revenue, and customer dissatisfaction. In addition, because we source components from suppliers located in China, our inventory management may be adversely impacted by enactment or further escalation of tariffs, import restrictions, foreign government regulations, trade restrictions, customs, and duties. Maintaining adequate inventory requires significant attention and monitoring of market trends, local markets, developments with suppliers, and our distribution network, and it is not certain that we will be effective in our inventory management. We are subject to the risk of inventory loss or theft and we may experience higher rates of inventory shrinkage or incur increased security costs to combat inventory theft. In addition, any casualty or disruption to our or our third-party optical laboratories, Home Try-On distribution center, or retail stores may damage or destroy our inventory located there. As we expand our operations, it may be more difficult to effectively manage our inventory. If we are not successful in managing our inventory balances, it could have a material adverse effect on our business, financial condition, and results of operations.

Our success depends, in a large degree, on our ability to attract consumers to our website, mobile applications, and select application partners and convert them into customers in a cost-effective manner. We depend, in large part, on search engines, social media platforms, digital application stores, content-based online advertising, and other online sources for traffic to our website, mobile applications, and select application partners. With respect to search engines, we are included in search results as a result of both paid search listings, where we purchase specific search terms that result in the inclusion of our advertisement, and free search listings, which depend on algorithms used by search engines. For paid search listings, if one or more of the search engines or other online sources on which we rely for purchased listings modifies or terminates its relationship with us, our expenses could rise, we could lose consumers and traffic to our website could decrease, any of which could have a material adverse effect on our business, financial condition, and results of operations. Further, our competitors bid on terms like "Warby Parker" as paid keywords, and consumers searching for us could instead by directed to a third-party's website, which could lead to reduced traffic to our website, which may have a material adverse effect on our business, financial condition, and results of operations. For free search listings, if search engines on which we rely for algorithmic listings modify their algorithms, our websites may appear less prominently or not at all in search results, which could result in reduced traffic to our websites. Our ability to maintain and increase the number of consumers directed to our products from digital platforms is not entirely within our control. Search engines, social media platforms, and other online sources often revise their algorithms and introduce new advertising products. If one or more of the search engines or other online sources on which we rely for traffic to our website and our mobile app were to modify its general methodology for how it displays our advertisements or keyword search results, resulting in fewer consumers clicking through to our website and our mobile applications, our business and operating results are likely to suffer. For example, Apple has moved to "opt-in"privacy models, requiring consumers to expressly consent to receiving targeted ads, which may reduce the value of inventory on its iOS mobile application platform. In addition, if our online display advertisements are no longer effective or are not able to reach certain consumers due to consumers' use of ad-blocking software, our business and operating results could suffer. Furthermore, changes in consumer acceptance or usage of our online sources for traffic could adversely impact the effectiveness of our advertising. Additionally, changes in regulations could limit the ability of search engines and social media platforms, including, but not limited to, Google, Meta, and TikTok, to collect data from users and engage in targeted advertising, making them less effective in disseminating our advertisements to our target customers. If the costs of advertising on search engines and social media platforms increase, we may incur additional marketing expenses or be required to allocate a larger portion of our marketing spend to other channels and our business and operating results could be adversely affected. The marketing of our products depends on our ability to cultivate and maintain cost-effective and otherwise satisfactory relationships with digital application stores. As we grow, we may struggle to maintain cost-effective marketing strategies, and our customer acquisition costs could rise substantially, particularly if our customer mix skews towards fewer repeat purchases by existing customers and more new customers that require higher costs to acquire. Furthermore, because many of our customers access our products through our mobile applications, we depend on the Apple App Store and Google Play to distribute our mobile applications. Apple and Google have broad discretion to change their respective terms and conditions applicable to the distribution of our mobile applications, to interpret their respective terms and conditions in ways that may limit, eliminate or otherwise interfere with our ability to distribute mobile app through their stores, the features we provide and the manner in which we market in-application products. We cannot assure you that Apple or Google will not limit, eliminate or otherwise interfere with the distribution of our mobile applications, the features we provide and the manner in which we market our mobile applications. To the extent it does so, our business, financial condition, and results of operations could be adversely affected.

The growth of our business is dependent upon our ability to continue to grow by cost-effectively retaining our existing customers, increasing their average order volume ("AOV"), defined as net revenue for a given period divided by the number of orders during the same period, and adding new customers. Although we believe that many customers originate from word-of-mouth and other non-paid referrals, we expect to continue to expend resources and run marketing campaigns to acquire additional customers, all of which could impact our overall profitability. If we are not able to continue to expand our customer base, increase their AOV or fail to retain customers, our net revenue may grow slower than expected or decline. We have historically generated a significant portion of our revenue from our retail stores, and our growth strategy depends, in large part, on acquiring customers through the growth of our retail store base and expansion of our existing retail store operations. Our ability to successfully open and operate new retail stores depends on many factors, which are discussed in more detail under "--We have grown rapidly in recent years and have limited experience at our current scale. If we are unable to manage our growth effectively, our brand, company culture, and financial performance may suffer, which may have a material adverse effect on our business, financial condition, and operating results." The growth of our e-commerce channel is also critical to our continued customer retention and growth. Historically, consumers have been slower to adopt online shopping for glasses and contact lenses than e-commerce offerings in other industries such as consumer electronics and apparel. Improving upon the consumer in-store experience through an online platform is difficult due to broad consumer demands on selection, quality, convenience, and affordability. Changing traditional optical retail habits is difficult, and if consumers and retailers do not embrace online optical retail as we expect, our business and operations could be harmed. Moreover, even if more consumers begin to shop for glasses and contacts online, if we are unable to address their changing needs and anticipate or respond to market trends and new technologies, including the integration of artificial intelligence and machine learning, in a timely and cost-efficient manner, we could experience increased customer churn, which, in turn, would adversely affect our business and results of operations. Our ability to attract new customers and increase net revenue and AOV from existing customers also depends in large part on our ability to enhance and improve our existing products and to introduce new products and services, in each case, in a timely manner. We also must be able to identify and originate styles and trends as well as to anticipate and react to changing consumer demands in a timely manner. The success of new and/or enhanced products and services depends on several factors, including their timely introduction and completion, sufficient demand, and cost-effectiveness. We are building and improving machine learning models and other technological capabilities to drive improved customer experience, as well as efficiencies in our operations, such as optimized payment processing and customer service, and automated key support workflows. While we expect these technologies to lead to improvements in the performance of our business and operations, including inventory prediction and customer traffic prediction and management, we may be subject to new or heightened legal, ethical, and other challenges, and any flaws or failures of such technologies could cause interruptions or delays in our service, which may harm our business. Our number of customers may decline materially or fluctuate as a result of many factors, including, among other things: - the quality, consumer appeal, price, and reliability of products and services offered by us;- intense competition in the optical retail industry;- negative publicity related to our brand;- the success of our marketing and advertising efforts;- lack of market acceptance of our business model;- unpredictable nature of the impact of a pandemic, such as COVID-19, or a future outbreak of disease or similar public health concern;- deteriorating macroeconomic conditions and reduced customer spending;- changes in availability of our historic or current customer acquisition methods; or - dissatisfaction with changes we make to our products and services. In addition, if we are unable to provide high-quality support to customers or help resolve issues in a timely and acceptable manner, our ability to attract and retain customers could be adversely affected. If our number of customers declines or fluctuates for any of these reasons among others, our business would suffer.