information or otherwise compromise the security of our internal networks, electronic systems and/or physical facilities in order to gain access to our data or our customers’ data. Because techniques used to obtain unauthorized access change frequently and the size and severity of DDoS attacks and security breaches are increasing, we may be unable to implement adequate preventative measures or stop DDoS attacks or security breaches while they are occurring. In addition to our own platform and applications, some of the third parties with which we work may receive information provided by us, by our customers, or by our customers’ consumers through web or mobile applications integrated with our platform. If these third parties fail to adhere to adequate data security practices, or in the event of a breach of their networks, our own and our customers’ data may be improperly accessed, used, or disclosed. Any actual or perceived DDoS attack or security breach of our platform, systems, and networks could damage our reputation and brand, expose us to a risk of litigation and possible liability, and require us to expend significant capital and other resources to respond to and alleviate problems caused by the DDoS attack or security breach. Our ability to retain adequate cyber-crime and liability insurance may be reduced. Some jurisdictions have enacted laws requiring companies to notify individuals of data security breaches involving certain types of personal data and our agreements with certain customers and partners require us to notify them in the event of a security incident. Such mandatory disclosures are costly, could lead to negative publicity, and may cause our customers to lose confidence in the effectiveness of our data security measures. Moreover, if a high-profile security breach occurs with respect to another SaaS provider or one of the service providers with which we partner , customers may lose trust in the security of the SaaS business model generally, which could adversely impact our ability to retain revenue from existing customers or attract new ones. Any of these events could harm our reputation or subject us to significant liability, and materially and adversely affect our business and financial results. Although we maintain cyber liability insurance, we cannot be certain that its coverage will be adequate for liabilities actually incurred or that insurance will continue to be available to us on economically reasonable terms, or at all. We may be subject to claims by third parties of intellectual property infringement. The software industry is characterized by the existence of a large number of patents and frequent claims and related litigation regarding patents and other intellectual property rights. Third parties have in the past asserted, and may in the future assert, that our platform, modules, technology, methods, or practices infringe, misappropriate, or otherwise violate their intellectual property or other proprietary rights. Such claims may be made by our competitors seeking to obtain a competitive advantage or by other parties. Additionally, non-practicing entities purchasing intellectual property assets for the purpose of making claims of infringement may attempt to extract settlements from us. The risk of claims may increase as the number of modules that we offer and competitors in our market increases and overlaps occur. In addition, to the extent that we gain greater visibility and market exposure, we face a higher risk of being the subject of intellectual property infringement claims. Any such claims, regardless of merit, that result in litigation could result in substantial expenses, divert the attention of management, cause significant delays in introducing new or enhanced services or technology, materially disrupt the conduct of our business, and have a material and adverse effect on our brand, business, financial condition, and results of operations. Although we do not believe that our proprietary technology, processes, and methods have been patented by any third party, it is possible that patents have been issued to third parties that cover all or a portion of our business. As a consequence of any patent or other intellectual property claims, we could be required to pay substantial damages, develop non-infringing technology, enter into royalty-bearing licensing agreements, stop selling or marketing some or all of our modules, or re-brand our modules. We may also be obligated to indemnify our customers against intellectual property claims, and we may have to pay substantial settlement costs, including royalty payments, in connection with any such claim or litigation and to obtain licenses, or modify applications, which could be costly. If it appears necessary, we may seek to secure license rights to intellectual property that we are alleged to infringe at a significant cost, potentially even if we believe such claims to be without merit. If required licenses cannot be obtained, or if existing licenses are not renewed, litigation could result. Litigation is inherently uncertain and can cause us to expend significant money, time, and attention to it, even if we are ultimately successful. Any adverse decision could result in a loss of our proprietary rights, subject us to significant liabilities, require us to seek licenses for alternative technologies from third parties, prevent us from offering all or a portion of our modules, and otherwise negatively affect our business and operating results. If our software contains serious errors or defects, we may lose revenue and market acceptance and may incur costs to defend or settle claims with our customers. Software or APIs such as ours may contain errors, defects, security vulnerabilities, or software bugs that are difficult to detect or correct, particularly when first introduced or when new versions or enhancements are released. Despite internal testing, our platform may contain serious errors or defects, security vulnerabilities, or software bugs that we may be unable to successfully correct in a timely manner or at all, which could result in lost revenue, significant expenditures of capital, a delay or loss in market acceptance, and damage to our reputation and brand, any of which could have an adverse effect on our 31
2022 10K Page 37 Page 39