UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
FORM 10-K
(Mark One)
ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 | |||||
For the fiscal year ended January 31 , 2024
OR
TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 FOR THE TRANSITION PERIOD FROM TO | |||||
Commission File Number: 001-41121
(Exact name of Registrant as specified in its charter) | ||||||||
(State or other jurisdiction of incorporation or organization) | (I.R.S. Employer Identification Number) | |||||||
(Address of principal executives offices, including zip code)
Registrant's telephone number including area code: (415 ) 301-3227
Securities registered pursuant to Section 12(b) of the Act:
| (Title of each class) | Trading Symbol(s) | (Name of each exchange on which registered) | ||||||
Securities registered pursuant to Section 12(g) of the Act: None
Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes ☐ No ☒
Indicate by check mark if the registrant is not required to file reports pursuant to Section 13b or 15(d) of the Act. Yes ☐ No ☒
Indicate by check mark whether the registrant: (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes ☒ No ☐
Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). Yes ☒ No ☐
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.
| ☒ | Accelerated filer | ☐ | |||||||||
| Non-accelerated filer | ☐ | Smaller reporting company | |||||||||
| Emerging growth company | |||||||||||
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐
Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. ☒
If securities are registered pursuant to Section 12(b) of the Act, indicate by check mark whether the financial statements of the registrant included in the filing reflect the correction of an error to previously issued financial statements. ☐
Indicate by check mark whether any of those error corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the registrant's executive officers during the relevant recovery period pursuant to §240.10D-1(b). ☐
Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act). Yes ☐ No ☒
The aggregate market value of voting and non-voting common equity held by non-affiliates of the registrant, based on the closing price of $29.61 for shares of the registrant’s Class A common stock on July 31, 2023 (the last business day of the registrant's second fiscal quarter), as reported by the Nasdaq Global Select Market on such date, was approximately $3.1 billion.
As of March 14, 2024 the number of registrant’s issued and outstanding shares of Class A common stock and Class B common stock was 126,447,252 and 73,097,984 , respectively.
DOCUMENTS INCORPORATED BY REFERENCE
Portions of the registrant’s definitive Proxy Statement relating to its fiscal year 2024 Annual Meeting of Stockholders are incorporated by reference into Part III of this Annual Report on Form 10-K where indicated. Such Proxy Statement will be filed with the United States Securities and Exchange Commission within 120 days after the end of the fiscal year to which this Annual Report on Form 10-K relates.
HashiCorp, Inc.
Form 10-K
For the Fiscal year Ended January 31, 2024
TABLE OF CONTENTS
| Page | ||||||||
| Item 1C. | ||||||||
| Page | ||||||||
| Page | ||||||||
| Page | ||||||||
SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS
This Annual Report on Form 10-K contains forward-looking statements about us and our industry that involve substantial risks and uncertainties, some of which cannot be predicted or quantified. All statements other than statements of historical fact contained in this Annual Report on Form 10-K, including statements regarding our future results of operations or financial condition, business strategy and plans, and objectives of management for future operations, are forward-looking statements. In some cases, you can identify forward-looking statements because they contain words such as “anticipate,” “believe,” “contemplate,” “continue,” “could,” “estimate,” “expect,” “hope,” “intend,” “may,” “might,” “objective,” “ongoing,” “plan,” “potential,” “predict,” “project,” “should,” “target,” “will,” or “would” or the negative of these words or other similar terms or expressions. In particular, information appearing under the sections titled “Business,” “Risk Factors,” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and other portions of this Annual Report on Form 10-K include forward-looking statements. These forward-looking statements include, but are not limited to, statements concerning the following:
•our future operating and financial performance, ability to generate positive cash flow and ability to achieve and sustain profitability;
•our ability to attract and retain customers to use our products;
•our ability to successfully anticipate and satisfy customer demands, including through the introduction of new features, products or services and the provision of professional services;
•our ability to increase usage of our platform and sell additional products to existing customers;
•future investments in our business, our anticipated capital expenditures, and our estimates regarding our capital requirements;
•the costs and success of our sales and marketing efforts, and our ability to promote our brand;
•the estimated addressable market opportunity for our products and growth rate of those markets;
•our reliance on key personnel and our ability to identify, recruit, and retain skilled personnel;
•our ability to continue to build and maintain credibility with the developer community;
•our ability to form new and expand existing strategic partnerships;
•our ability to maintain the security of our software and adequately address privacy concerns;
•our ability to accurately forecast our sales cycle and make changes to our pricing model;
•our ability to effectively manage our growth, including any international expansion;
•our ability to protect our intellectual property rights and any costs associated therewith;
•the future trading prices of shares of our Class A common stock;
•the effects of health epidemics;
•the effects of disruptions due to heightened risk of cybersecurity attacks, malware, ransomware, hacking, or similar breaches;
•our ability to compete effectively with existing competitors and new market entrants;
•market risks relevant to our operations in the United States and internationally;
•the future of our industry;
•the rate at which significant changes occur in our industry;
•the effects of any existing or future claims or litigation;
•the effects of inflation, including the volatility in the rate of inflation; and
•our ability to comply with modified or new laws and regulations applying to our business.
Actual events or results may differ from those expressed in forward-looking statements. Consequently, you should not rely on forward-looking statements as predictions of future events. We have based the forward-looking statements
1
contained in this Annual Report on Form 10-K primarily on our current expectations and projections about future events and trends that we believe may affect our business, financial condition, results of operations, prospects, strategy, and financial needs. The outcome of the events described in these forward-looking statements is subject to risks, uncertainties, assumptions, and other factors described in the section titled “Risk Factors” and elsewhere in this Annual Report on Form 10-K. Moreover, we operate in a highly competitive and rapidly changing environment. New risks and uncertainties emerge from time to time, and it is not possible for us to predict all risks and uncertainties that could have an impact on the forward-looking statements contained in this Annual Report on Form 10-K. The results, events, and circumstances reflected in the forward-looking statements may not be achieved or occur, and actual results, events, or circumstances could differ materially from those described in the forward-looking statements.
In addition, statements that “we believe” and similar statements reflect our beliefs and opinions on the relevant subject. These statements are based on information available to us as of the date of this Annual Report on Form 10-K. While we believe that such information provides a reasonable basis for these statements, such information may be limited or incomplete. Our statements should not be read to indicate that we have conducted an exhaustive inquiry into, or review of, all relevant information. These statements are inherently uncertain, and investors are cautioned not to unduly rely on these statements.
The forward-looking statements made in this Annual Report on Form 10-K relate only to our view of events as of the date on which the statements are made. We undertake no obligation to update any forward-looking statements made in this Annual Report on Form 10-K to reflect events or circumstances after the date of this Annual Report on Form 10-K, or to reflect new information, actual results, revised expectations, or the occurrence of unanticipated events, except as required by law. We may not actually achieve the plans, intentions, or expectations disclosed in our forward-looking statements, and you should not place undue reliance on our forward-looking statements.
2
Part I
ITEM 1. Business
Overview
At HashiCorp, we believe that infrastructure enables innovation.
Our foundational technologies solve the core infrastructure challenges of cloud adoption by enabling an operating model that unlocks the full potential of modern public and private clouds. Our cloud operating model provides consistent workflows and a standardized approach to automating the critical processes involved in delivering applications in the cloud: infrastructure provisioning, security, networking, and application deployment. With our solutions, companies of all sizes and in all industries can accelerate their time to market, reduce their cost of operations, and improve their security and governance of complex infrastructure deployments.
Organizations today are undergoing a digital transformation across every business function, driven by competition and ever-increasing consumer expectations. Underlying this digital transformation is a re-platforming of static on-premises infrastructure to dynamic and distributed cloud infrastructure. In this dynamic world, existing procedures are too inefficient to scale with distributed, multi-cloud infrastructure. Inconsistent, fragmented technologies and processes are time consuming and resource intensive to manage, exacerbated by inefficient, linear ticket-driven workflows that cannot facilitate scaled, real-time operations. This digital transformation demands a new cloud operating model for enterprise information technology, or IT, requiring automation to provision, secure, connect, and run infrastructure at scale and in real time. At HashiCorp, we build industry-leading products that enable this cloud operating model and accelerate cloud adoption. Our primary commercial products are Terraform, Vault, Consul, and Nomad:
•Terraform is our infrastructure provisioning product that allows users to easily set up and manage IT infrastructure. Terraform enables IT operations teams to apply an Infrastructure-as-Code approach, where processes and configuration required to support applications are codified and automated instead of being manual and ticket-based. Terraform is cloud-neutral, supporting all major public and private clouds, and has a broad ecosystem of more than a thousand integrations with multiple cloud, software, and hardware platforms.
•Vault is our secrets management and data protection product. Using Vault, security teams can apply policies based on application and user identity, integrating with both on-premises and cloud-native identity providers, to govern access to credentials and secure sensitive data. Vault makes it simple for practitioners to deploy zero-trust security and automate complex workflows.
•Consul is our application-centric networking automation product. It enables practitioners to manage application traffic, security teams to secure and restrict access between applications, and operations teams to automate the underlying network infrastructure.
•Nomad is our scheduler and workload orchestrator that enables organizations to deploy and manage applications. It provides practitioners with a self-service interface to manage the application lifecycle.
Our products can be adopted individually and are also designed to work together as a stack in order to solve larger, more complex challenges. For instance, deploying Vault, Consul, and Boundary is the basis for a complete Zero Trust security architecture with identity-driven controls, offering a full range of authentication, authorization, and access management for human users or machines, like servers or applications. We continue to innovate and deliver additional emerging products to supplement these core capabilities and provide adjacent solutions.
Today, our software is predominantly self-managed by users and customers who deploy it across public, private, and hybrid cloud environments. We also offer our HashiCorp Cloud Platform, or HCP, our fully-managed cloud platform for multiple products to further accelerate enterprise cloud migration by addressing resource and skills gaps, improving operational efficiency, and speeding up deployment time for customers.
We have deliberately built our products using an open-core software development model. All of our products are developed as open-source projects, with large communities of users, contributors, and partners collaborating on their development. We sell proprietary, commercial software that builds on our open-source products with additional enterprise
3
capabilities. Our products are available in a non-commercial form for users to download, learn, and adopt, leading to market standardization of our products. Developers now play a larger role in deciding which technology is used within the companies for which they work, and this broad community engagement assists our go-to-market strategy by enabling technical knowledge and adoption inside our customers’ organizations. As a result, our products are ubiquitous in the largest enterprises. Our products have been downloaded and are used in 85% of the Fortune 500 as of January 31, 2024.
Our sales efforts build on our broad open-source reach and are driven by an enterprise sales force that focuses on large organizations. In addition, HCP supplements our direct sales motion with a self-serve offering that enables us to serve small- and medium-sized businesses, or SMBs, through a low-touch solution. HCP is increasingly addressing the needs of our largest enterprise customers who are looking for fully managed, cloud-native solutions.
Our open-core software development model and sales efforts are further strengthened by our ecosystem of partners. Our partners, including cloud service providers and independent software vendors, or ISVs, build direct integrations for our mutual customers, playing a critical role in amplifying the reach and access of our products. We partner with global and regional systems integrators and resellers to facilitate transactions and provide scalable service engagements to ensure successful customer implementations. Chief Information Officers, or CIOs, as key IT deployment decision makers at many enterprises, standardize on our platform over time as they build their cloud adoption strategies and programs around their chosen cloud vendors and HashiCorp in concert with their cloud service providers of choice and existing ISVs. Enabling users to work within their existing infrastructure vendors creates a strong network effect with our products. We had over 3,900 providers and integrations and more than 1060 partners, including over 320 ISVs, as of January 31, 2024, and these numbers continue to grow as we become mission critical to our customers and increasingly integral to their entire ecosystem.
The combination of our open-core, self-service, direct sales, and partner ecosystem components enables our powerful adopt, land, expand, and extend motion. Our open-source engagement and self-serve cloud model help us identify and accelerate initial product adoption and use cases. This broad footprint then allows our enterprise sales teams to target and sign these customers with subscription contracts for our software. Our expansion motion focuses on up-selling additional modules and increasing the footprint of usage of a given product, including across multiple buying centers within our customers’ organizations. Importantly, the multiple capabilities of our deep product portfolio allow us to extend our reach by cross-selling additional products to customers. Our adopt, land, expand, and extend motion affords us many growth opportunities within our customer base as we focus our go-to-market strategy on developing and cultivating long-term customer relationships. As of January 31, 2024 and 2023 our last four-quarter average net dollar retention rates were 115% and 131%, respectively. We are still in the early stages of our expansion and extension journey with our customers. Our focus on winning lighthouse accounts in the Forbes Global 2000 accelerates our practitioner adoption by adding new users and driving partners to integrate our ecosystem, creating a powerful flywheel helping to drive our business.
Our transformative technologies, open-source reach, and market leadership have led us to experience rapid growth. We had 897, 798, and 655 customers with $100,000 or greater annual recurring revenue, or ARR as of January 31, 2024, 2023, and 2022 respectively. We served over 480 of the Forbes Global 2000 companies as of January 31, 2024. Our revenue was $583.1 million, $475.9 million, and $320.8 million for the fiscal year ended January 31, 2024, or fiscal 2024, the fiscal year ended January 31, 2023, or fiscal 2023, and the fiscal year ended January 31, 2022, or fiscal 2022, respectively, representing period-over-period growth of 23% and 48%, respectively. Customers with $100,000 or greater ARR represented 89%, 88%, and 88% of revenue for fiscal 2024, fiscal 2023, and fiscal 2022, respectively. We incurred net losses of $190.7 million, $274.3 million, and $290.1 million for fiscal 2024, fiscal 2023, and fiscal 2022, respectively. We expect we will incur net losses for the foreseeable future as we continue to invest into the market opportunity ahead of us.
Our Solution
HashiCorp products were all built with common design principles around the need to enable automation in infrastructure, broad ecosystem support, and self-service for practitioners. Our products embody those principles at every layer of infrastructure needed for enterprises to successfully operate in the cloud.
Our broader portfolio includes numerous other products solving adjacent challenges in achieving a cloud operating model.
4
Our solution has the following key characteristics that define our products and approach:
•Purpose-Built for Cloud. HashiCorp products are built for modern cloud-native architectures. To fully realize the value of cloud, HashiCorp enables infrastructure to be highly automated across provisioning, security, networking, and application deployment. Customers are able to leverage the differentiating capabilities of cloud services, while maintaining a consistency of management and governance.
•Cloud Platform- and Technology-Neutral. A key element of our design ethos is the focus on solving user workflows rather than specific technologies or platforms. All of our solutions are built to be cloud platform- and technology-neutral, which allows a common approach to be extended to any cloud platform or on-premises technology. Our products are used in all major public clouds and also in private data centers and in edge environments such as in retail, manufacturing, hospitality, and more.
•User-Centric Design. HashiCorp products are built by practitioners for practitioners. Traditional infrastructure management software was historically sold top-down to executives and was less focused on the experience of end users. We use the guiding principle of building tools that we would want to use ourselves to build our products. We invest heavily in product design and user research to make our products convenient and easy to use at initial adoption and in ongoing operations.
•Enabling Self-Service Use. HashiCorp products are designed to enable self-service use. Traditional ticket-based processes forced development teams to use a linear workflow to provision infrastructure, request credentials, deploy applications, update networks, and more. HashiCorp products allow centralized cloud platform teams to define the blueprints and set up guardrails while also empowering developers without ticketing workflows. This can result in saving development teams days, weeks, or months of effort when building or deploying new applications.
•Open-Source Community. Unlike traditional proprietary software, the core of all HashiCorp products is developed in open-source. This allows a large and vibrant community of users, contributors, and partners to participate. Users are able to give feedback directly, report issues, contribute features, and fix bugs. Partners are able to integrate their technology solutions and validate their integrations with continuous development. The community of users and partners creates a powerful network effect that drives further adoption and standardization of our open-source and paid solutions.
•Broad User Base. The open-source nature of our products means they are free to download and widely distributed. This broad, global usage extends from small startup organizations to Fortune 100 companies across industries. Our HashiCorp User Groups, or HUGs, are self-organizing chapters of users that advocate for our products, which include over 51,000 members in more than 180 chapters across over 60 countries as of January 31, 2024.
•Deep and Broad Ecosystem. Most enterprises have a large set of existing technology investments and platforms. It is critical that any new technologies are able to integrate into their environment. HashiCorp products are built with extensibility in mind, and we work closely with hundreds of partners to ensure interoperability of our solutions. A key component of our ecosystem is our collection of “providers.” Our providers are connections to integrate products like Terraform with cloud players, software applications, and hardware vendors using application programming interfaces, or APIs. These companies often build providers for their own technologies to connect with HashiCorp. We have certification programs for our major products so that users can be assured the integrations are validated.
•Self-Managed and Cloud Delivery. The adoption of cloud infrastructure is accelerating, and the future of most services will be cloud delivered. However, the world’s largest organizations have substantial investments in on-premises and private cloud environments and these will continue to have a large footprint for many years to come. HashiCorp products were initially built as self-managed, allowing them to be adopted in private clouds and by customers with a reluctance to offload critical infrastructure. As customers gain comfort and become increasingly cloud native, HCP enables the consumption of our products as a fully-managed service. This bi-modal delivery allows us to service the entire market with solutions that fit each customer's needs.
•Focused Products. Large organizations have many silos where independent technology and buying decisions are made. HashiCorp has purposely built a portfolio of products rather than a monolithic platform, so that individual products can be sold to relevant stakeholders. This provides us multiple opportunities to
5
engage customers and reduces the complexity of a sale by avoiding the need for a top-down mandate or broad consensus within an organization.
•End-to-End Solution. While our individual products solve specific problems, the broader HashiCorp portfolio provides a holistic approach to enabling a consistent cloud operating model. This integrated set of solutions enables us to become a strategic partner to customers, helping them define their technology strategy as they adopt a multi-cloud infrastructure.
Key Benefits to Customers
The key benefits of our solutions to our customers include:
•Accelerate time to delivery. HashiCorp customers use our products to automate the key processes involved in application delivery and enable self-service for application teams. This can result in saving such teams days, weeks, or months of effort when building or deploying new applications. This improved agility improves their time to market and allows for rapid iteration on products and services.
•Reduce risk and improve security and governance. While enabling self-service is a critical goal for most of our customers, it is equally important to maintain strong security and governance controls. Our products are designed with those needs in mind and enable security and compliance teams to set policies and audit interactions, while operations teams define consistent blueprints and templates to ensure standardization of best practices. This reduces total complexity and ensures that security controls are baked into the automation and consistently enforced.
•Business agility, flexibility, and resilience. Organizations that depend heavily on manual process become inflexible and their agility is impaired by the speed of human operations. HashiCorp customers have codified and automated their processes, which enables them to make changes rapidly at scale. This allows them to quickly respond to market opportunities, security incidents, technology failures, and other critical operational events.
•Improved operational efficiency. As organizations adopt a multi-cloud infrastructure, they are confronted with many different interfaces and workflows native to each environment. HashiCorp customers standardize their workflows and implement a consistent cloud operating model with our products and platform. This allows them to have a single set of workflows, reduce the employee training and onboarding burden, and simplify their security and governance challenges. This consistency improves the operational efficiency of managing infrastructure at scale.
•Access to talent. HashiCorp products represent an industry standard in infrastructure management. We believe our community has hundreds of thousands of users, over 55,000 of whom have completed our certification programs as of January 31, 2024. By leveraging our products, customers can more easily hire new employees, train and certify existing employees, and ensure their organizations retain expertise in managing their systems.
Our Growth Strategy
We intend to pursue the following growth strategies:
•Grow our customer base by acquiring new customers. We served 4,423 total customers as of January 31, 2024, including over 480 of the Forbes Global 2000. We believe that nearly all organizations will adopt a cloud strategy, resulting in a substantial opportunity to continue growing our customer base. Nearly all of our paid product adoption began with open-source usage. As we continue to cultivate those users and turn them into paid customers, we also intend to drive new paying customer additions by expanding our sales and marketing efforts and our product portfolio.
•Expand and extend within our existing customer base through increased usage, extensions to new products, and new use cases. Our customer base represents a significant growth opportunity as we enable customers' cloud adoption journeys. Our model is aligned with our customers’ usage in the cloud. As cloud adoption continues and our customers look to build more scalable and dynamic cloud architectures, they will likely move from adopting bare-necessities use cases to more complex deployments, expanding their usage of a given product. Additionally, our modular portfolio of products is structured to allow
6
customers to extend usage of our offerings by adopting additional products and features over time as new needs arise. As a result, we expect to expand in both scale and scope within our existing customer base, with extensions in horizontal use cases and cross-sell contributing to growth. We plan to continue to invest in sales and marketing to expand our relationships with existing customers.
•Unlock additional value and market share through HashiCorp Cloud Platform. HCP, released in 2020, addresses the needs of our largest enterprise customers and also enables us to better serve SMBs through a low-touch solution. HCP enables organizations that previously had no capacity or ability to self-manage HashiCorp products to benefit from our industry-leading product portfolio. Additionally, HCP not only increases the number and type of organizations we can serve, it also enables us to offer consumption-based pricing. The HashiCorp Flex pricing program initially launched in March 2022, offers certain customers consumption-based pricing, which in turn enables them to align spend with usage and naturally expand their adoption of our products.
•Extend our technology leadership through new products and continued investment in our platform and open-source community. We have a history of technological innovation, launching new innovative products, releasing new features on a regular basis, and making frequent updates to our products. We intend to continue making significant investments in research and development and hiring top technical talent to enable new use cases and increase our product differentiation. As we continually release new products, our open-source community drives adoption, maturity, and ecosystem development upon which additional enterprise functionality is built. Over time, we believe our focus on innovation will provide new avenues for growth and allow us to continually deliver meaningful, differentiated value to our customers.
•Expand and develop our technology partner and reseller ecosystem. Our HashiCorp Partner Network, which consists of the top systems integrators and resellers around the world, helps accelerate the adoption of our products and platform. In addition, we maintain and manage thousands of integrations, like our Terraform Providers. These include more than 30 official providers (created by us), more than 320 verified providers (created by our community and verified by us), and more than 3,500 community providers (created by our community) as of January 31, 2024. We plan to continue investing in building out our partner program to drive more consumption through our platform, broaden our distribution footprint, and create greater awareness of our platform.
•Expand our global reach. As organizations around the world increase their public cloud adoption, we believe there is a significant opportunity to expand the use of our products and platform even further outside of North America. Sales outside of the United States constituted 30% and 27% of our revenue for fiscal 2024 and 2023, respectively. We plan to make investments in sales and marketing and customer support in geographic areas of focus, and we believe there is a large opportunity to increase our global presence over time.
Our Products & Technology
Overview
HashiCorp products enable customers to adopt a cloud operating model that provides consistent workflows and a standardized approach to automating provisioning, security, networking, and application delivery to deliver applications to any environment. Our offerings require multiple foundational capabilities that span all environments. We organize our products around four primary functionalities:
•Provisioning. The underlying infrastructure that supports applications needs to be highly automated, scalable, and integrated with security and compliance controls. Our approach is focused on enabling at-scale automation by codifying how infrastructure is configured and deployed, along with the security and governance controls that provide guardrails.
•Security. The emergence of “Zero Trust” architectures changed the focus from traditional network perimeter security to identity-based controls, and strong enforcement of authentication and authorization everywhere. We are focused on enabling identity-based controls, managing application identity, securing machine-to-machine communication, and human-to-machine interactions.
7
•Networking. Modern networking is software-defined and driven by a proliferation in microservices, creating a need for service-to-service networking capable of responding to rapid and dynamic change. Organizations need a consistent approach to network automation that spans multiple platforms and multiple clouds, including public and private environments.
•Application Delivery. Internal development teams are limited by the speed by which they can deploy to the cloud. Increasingly, enterprises are building shared service platform teams to simplify and accelerate the process of deployment. Tooling that enables application teams to centrally manage infrastructure, while enabling self-service to developers, is key. We focus on application deployment tooling and platform abstractions to enable that developer self-service.
Our Principles (Tao) For Products and Technology
While the products are developed independently as part of a portfolio, they apply a shared ethos, described by the Tao of HashiCorp, that is consistent between them. Some of these guiding principles include:
•Build for workflows, not technology. We believe in solving for fundamental user workflows, rather than building capabilities around specific technologies. Workflows tend to be relatively consistent over time, while technology continues to change at a blistering pace. Making the products extensible and pluggable to support new technologies as they evolve keeps our products relevant and increases their utility for customers, who can embrace legacy and modern systems today and hedge against new systems emerging in the future.
•Codification to enable automation. There are many different processes required to manage infrastructure and deliver cloud-based applications. Codification of those processes enables automation, but also allows for versioning and applying the best practices from software development to infrastructure management.
•Composability over complexity. Software applications often solve adjacent problems by expanding on their features and capabilities typically at the cost of complexity. We prefer to build tools that are focused on a specific set of problems, and design them to work together as a stack. This clarity of scope allows for a simpler and better user experience.
•Pragmatism. We have strong convictions about how to best manage infrastructure in cloud environments. However, we understand that many organizations have existing investments in systems and processes that are difficult to change. We embrace that complexity with pragmatism in our solutions and ensure our products can integrate with existing legacy environments while being opinionated about best practices for operating in the cloud.
HashiCorp Cloud Platform
HCP is a common foundation for delivering our products through our fully-managed cloud platform across the public cloud providers. All of our products can be self-managed; our Terraform, Boundary, Consul, Vault, and Waypoint products are available as managed services through HCP. We believe enterprise customers will become increasingly comfortable, over the long term, with infrastructure services being provided by a third party, and SMB customers will benefit from the ease of adopting fully-managed products. Our ability to reduce operational complexity, speed up deployment and adoption times, provide multi-cloud consistency, and address the skills gap will be a critical driver of adoption. The shared identity and unified experience provided by the platform enable us to deeply integrate our products, creating a more powerful experience that drives additional usage of each product, as well as adoption of new products and services.
HCP also has significant implications for our go-to-market strategy. Through HCP we are able to offer a faster and more flexible solution with less upfront expenditure, which enables us to address SMB customers as well as our enterprise customers looking for a fully-managed offering. Customers can self-serve and pay based on consumption-based pricing. Product instrumentation allows us to discover qualified leads and use an inside-sales led motion to drive high velocity deals. Cloud customers can spend significantly less time focused on product deployment and immediately start product adoption, which enables higher retention and expansion.
8
Our Products
Across our portfolio of products, we have offerings at different stages of commercialization. Our core products, Terraform and Vault, are well established with commercial offerings at scale, and make up the majority of our current revenues. Emerging products, such as Boundary, Consul, Nomad and Packer, are earlier in the commercialization cycle, while our community products are focused on product development, market maturity, and community adoption. This framework enables us to continue innovating and adding new products to our portfolio while simultaneously executing on a go-to-market strategy for our commercial products.
Infrastructure Provisioning Products
Terraform. Operators and developers are increasingly overwhelmed by the need to manage infrastructure as organizations transition from running dedicated servers at limited scale to spinning up and down thousands of servers on-demand in dynamic, multi-cloud environments. Terraform is our foundational infrastructure-provisioning product and empowers practitioners to create and manage infrastructure at scale for any public cloud or private cloud environment. Terraform takes an infrastructure-as-code approach to provisioning and lifecycle management, transforming these workflows from ticket-based manual processes into end-to-end self-service infrastructure automation.
Terraform has a broad ecosystem of providers. Our providers are connections to integrate Terraform with cloud players, software applications, and hardware vendors using APIs. The companies that use APIs often build providers for their own technologies to connect with HashiCorp. As of January 31, 2024, Terraform has more than 30 official providers (created by us), more than 320 verified providers (created by our community and verified by us), and more than 3,500 community providers (created by our community).
Terraform Cloud and Terraform Enterprise are commercial offerings that provide a centralized way for users to collaborate on infrastructure, define and share reusable modules, provide central visibility, and enforce policy controls. The open-source Terraform product is focused on solving the technical challenge of provisioning, and our HashiCorp community provides thousands of provider integrations and shared blueprints in a public registry, allowing for the advancement of these products. Terraform Cloud and Terraform Enterprise, our commercial offerings, enable enterprises to operationalize Terraform, and pricing is based on the number of workspaces managed by our product. Key use cases include enabling self-service infrastructure, enabling multi-cloud consistency, and enforcing policy and governance.
Packer. As application teams move from development phases toward production environments, they must transform raw source code, application and system configuration, and security controls into a production-worthy artifact. Depending on the environment, that artifact could be a virtual machine, or VM, image for an on-premises infrastructure, a Cloud VM image, a container, or serverless package. Packer provides a consistent way to define the process of transforming the raw source inputs into a production worthy artifact, across any environment or packaging format. This allows for a consistent approach to packaging that handles the nuances and variations in packaging for each environment.
Vagrant. When application teams are developing software, they must set up development environments that provide all the software tools, libraries, packages, operating system, and dependencies required for their application. Vagrant allows teams to define how development environments are set up, so that applications teams can automatically provision them and quickly get started with the actual development rather than spend time on setup. The codified definitions can be easily maintained and kept in parity with production environments, to ensure a parity between development and production environments and avoiding the risks inherent in mismatched environments.
Security Products
Vault. Vault was designed around the premise that modern security needs to be identity based, rather than traditional approaches based in IP controls and network perimeters. Vault is used to authenticate applications using a set of extensible plugins, which allows it to support a broad range of platforms, including public cloud providers such as AWS, on-premises systems such as Active Directory, and applications platforms such as Kubernetes. Human users similarly authenticate with Vault using pluggable mechanisms, supporting traditional on-premises and modern cloud-based identity providers, or IDPs. Based on the identity of the client, Vault provides a consistent mechanism for authorizing access to secrets, performing administrative operations, and invoking cryptographic capabilities on sensitive data.
9
Vault has an extensible set of integrations which allow it to dynamically manage the lifecycle of credentials. For example, native database integrations with Oracle, MongoDB, or Snowflake allow users to be provisioned on demand, with restricted access, and a limited time to live. Vault manages the entire lifecycle of generation, scoping of permissions, and revocation. This allows developers to self-service credentials while security teams define the controls and policies. The dynamic credentials reduce the risk of a compromise and reduce the operational burden of frequent credential rotation.
As data protection becomes increasingly critical, Vault addresses the challenges of key management and cryptography. Vault allows security teams to define keys and grant the right to perform cryptographic operations, such as encrypting or decrypting data, to applications. Application teams can leverage a high-level API to integrate with Vault and offload key management and cryptography. This minimizes the risk of a key compromise or improper implementation of cryptography, which has many subtle nuances with which most developers are unfamiliar.
Our commercial Vault offering expands on open-source capabilities to solve for multi-tenancy of application teams, operational challenges of scale, additional security and governance needs of enterprises, and deeper sets of advanced data protection capabilities, such as tokenization and interoperability with the Key Management Interoperability Protocol, or KMIP. Vault is priced based on the number of clients (users, servers, applications etc.).
Boundary. Traditional approaches to Privileged Access Management, or PAM, have required users to interact with multiple systems, such as virtual private networks, to access private networks and PAM solutions to retrieve credentials and broker access to sensitive systems. This adds complexity for users, and for operations and security teams, makes administration more complex as controls are fragmented across multiple systems. Additionally, cloud infrastructure is more dynamic and ephemeral, making management of static IPs and hosts brittle. Boundary applies an identity-based approach to PAM and unifies the controls to a single system. User access is simplified to only using Boundary to establish sessions to sensitive systems. Security and operations teams only need to manage a single set of controls, which are based on the logical identity of users and applications, allowing for dynamic and ephemeral cloud infrastructure to be supported without an outsized burden.
Networking Products
Consul. Consul provides a central dynamic catalog of all applications, their locations, metadata, and current health status. This real-time view of applications provided by the catalog allows for dynamic applications and network automation. As application teams move from monolithic to microservices architectures, there is a proliferation of services that need to register and discover each other. Consul enables those application teams to have autonomy in managing the incoming traffic to their services. Applications can query Consul to determine how to connect to any services they depend on. For example, Consul can be used by a web server to query how to connect to a database. Consul’s real-time catalog allows applications and infrastructure to be dynamic and ephemeral, without the fragility and brittleness of static IPs or hostnames.
Consul also enables a modern service mesh architecture. Every application participates in actively authenticating and authorizing every connection. This enables a fine-grained approach to micro-segmentation, reducing the risk of a network compromise through lateral attacker movement. This focus on identity-based controls reduces the total number of controls that need to be managed and reduces the operational burden of static controls in dynamic cloud environments. Security teams can apply a consistent approach to network segmentation across all their environments regardless of the hardware or network fabric.
Integration with Terraform allows networking appliances, such as load balancers, firewalls, and API gateways to be automatically updated based on application changes. This enables an end-to-end automation without manual ticket processes. This automation allows for policies to be defined using application identity, and to have the underlying IP addresses be managed dynamically. This lets security teams focus on identity-based controls rather than managing static IP controls in a dynamic environment.
Our commercial Consul offering expands on open-source capabilities to solve the challenges of multiple teams collaborating and integrating infrastructure, operational challenges of scale, and the security and governance needs of enterprises. Consul is priced based on the number of server instances used.
10
Application Delivery Products
Nomad. With traditional VM-based applications, there is typically a tight coupling of the application with the underlying VM and operating system. This creates an organizational challenge where developers are not able to self-serve application deployments or manage application lifecycles because ownership is shared or owned by operations teams. Nomad decouples the underlying infrastructure from the application lifecycle. This allows operations teams to manage the infrastructure and provides a self-service interface for developers to manage application lifecycle. Nomad supports a broad range of technologies, including VM-based, containerized, and serverless applications spanning Linux, Windows, and other operating systems.
The commercial version of Nomad is differentiated by solving the challenges of teams being multi-tenant, operational challenges of scale, security and governance needs of enterprises, and a deeper set of functionalities around auto-scaling and capacity management. Nomad is priced based on the number of nodes used.
Waypoint. Waypoint provides a simple developer-focused workflow for the build, deploy, and release process. Developers typically start their development lifecycle by writing code, using version control to collaborate, and using continuous integration systems to test code. Once a developer is ready to push a change to production, there is a highly fragmented ecosystem of tools, and organizations often have custom-built solutions to manage the remaining lifecycle. Waypoint provides a standard workflow that is designed to be simple and prescriptive for developers, while being highly extensible to enable platform operators to integrate their existing tools and systems. This enables platform teams to hide the complexity of the underlying infrastructure and enable developers to have a consistent workflow for application delivery across environments.
Our Customers
Our products are used across the globe by organizations of all sizes, across a vast range of industries. We are used by practitioners at the most complex large enterprises. As of January 31, 2024, we had 4,423 total customers, including over 480 of the Forbes Global 2000. As of January 31, 2024, we had 897 customers with $100,000 or greater in ARR and 120 customers with $1.0 million or greater in ARR. For fiscal 2024, no single customer accounted for more than 10% of our total revenue. Our percentage of revenue generated by customers outside of the U.S. was 30%, 27%, and 27% for fiscal 2024, fiscal 2023, and fiscal 2022, respectively.
We also have a large and growing base of developers that contributes to our open-source community. As of January 31, 2024, we had more than 51,000 members in our user groups spanning over 60 countries.
Marketing
We focus our marketing efforts on two core priorities:
•community adoption by building awareness and relationships across user communities; and
•sales support with demand generation, pipeline acceleration and partner activation.
Community adoption. Users can download our open-source software products or sign up for cloud services for free and begin engaging with our software and the active user community immediately. We empower users to solve a wide array of cloud infrastructure automation tasks. As technology challenges are being recast to the cloud, the roles and skill sets of developers and operators solving those challenges are also migrating to the cloud. We provide free learning material, documentation, and forums alongside instructor-led training, and certification programs. In a recent survey, approximately 36% of those who took certification exams stated they were required to by their employer. We also provide experiences, such as our annual HashiConf and HashiDays community conferences in Europe and the United States, with approximately 5,000 participants, including both virtual and in-person attendees, at the Europe event in June 2023 and approximately 13,000 attendees at the U.S.-based global event in October 2023. We also support our HUGs and other community efforts globally.
Sales support. Community adoption provides a highly efficient channel for demand generation, due to the mission-critical nature of our platform. On our platform, users naturally demonstrate the value of our products to their organizations, as use of our platform scales with their cloud-adoption journeys. In this process, users drive further
11
awareness and expansion of our products and their features. Our commercial marketing team also provides an array of broad and deep campaigns, in-field marketing, and through- and to-partner marketing to support our adopt, land, expand, and extend business model.
Additionally, our marketing team provides the necessary brand, communications, product, and digital marketing capabilities to support community and commercial growth.
Sales
Our go-to-market strategy combines a viral bottom-up adoption model with a targeted top-down sales model. All of our products are developed as open-source offerings so that users can freely download, learn, and adopt them, improving the general market standardization of our products by removing barriers to use. Developers today have greater control of technology decision-making inside the companies where they work, and this broad community engagement assists our go-to-market model by enabling technical knowledge and adoption inside our customers’ organization.
Our sales efforts build on our wide open-source reach and are driven by an enterprise sales force that focuses on the world’s largest organizations. Our inside sales team also provides high velocity engagement for smaller customers. In addition, HCP supplements this direct sales motion with a self-service offering that addresses the needs of our largest enterprise customers and enables us to serve SMB and mid-market businesses through a low-touch solution.
In addition, we partner with global and regional systems integrators and resellers to facilitate transactions and provide scalable service engagements to ensure successful customer implementations. CIOs standardize on our platform over time as they build their cloud adoption strategies and programs based on their chosen cloud vendors and HashiCorp in concert with their cloud service providers of choice and existing ISVs.
Our sales organization comprises sales development, sales engineering, inside sales, and field sales personnel and is segmented both geographically, and by the size of prospective customers. As of January 31, 2024, we had more than 860 employees in our sales and marketing organization.
Research and Development
Our research and development efforts are focused on innovation to solve the challenges of adopting a cloud operating model through the development of new products as well as enhancements and new functionalities applicable to existing products. We believe rapid development of new products and enhancement of existing products and features is essential to maintaining our competitive position. We continuously incorporate feedback from our community and our customers in our software development efforts. Our multi-faceted approach to research and development allows us to continuously meet the changing demands of our customers.
As of January 31, 2024, we had more than 680 employees in our research and development organization. We intend to continue to invest in our research and development capabilities to extend our platform. Research and development expenses totaled $222.6 million, $195.4 million, and $165.0 million for fiscal 2024, fiscal 2023, and fiscal 2022, respectively.
Our Competition
Our market is highly competitive and characterized by rapid changes in technology, customer needs, frequent introductions of new offerings, and improvements to existing service offerings.
Internal IT teams sometimes attempt to “do it themselves” using open-source software. While individuals and small teams can sometimes use our open-source products to solve their technical problems, larger enterprises face more complex needs that require our commercial products. Our commercial products are substantially differentiated from their open-source versions and therefore companies using only open-source tools do not benefit from our full product offering.
For select companies adopting a single-cloud solution, we compete with the well-established public cloud providers such as AWS and their in-house offerings. We also compete with similar in-house offerings from Microsoft Azure, Google Cloud Platform, and other cloud providers.
12
We also compete with legacy providers with point products such as CyberArk, VMware, and IBM. We also compete with alternative open-source projects such as Google Istio.
We believe we compete favorably based on the following competitive factors:
•ability to offer consistency across clouds;
•ability to implement multi-cloud provisioning, security, networking, and application deployment;
•ability to integrate with existing cloud platforms;
•ability to engage community of open-source users and partners;
•ability to integrate with existing on-premises environments;
•ability to innovate around a cloud-delivered architecture;
•ability to offer ecosystem of vendors integrated with our products;
•ability to create new products and expand our existing platform;
•ability to scale up and down dynamically on demand;
•ease of use;
•speed of implementation and time to achieving value;
•product capabilities, including flexibility, scalability, performance and security; and
•brand recognition and reputation, particularly within the open-source community.
Our Employees and Human Capital Management
Our human capital resources objectives include identifying, recruiting, retaining, incentivizing and integrating our existing and new employees and consultants. In addition to competitive base salaries and cash compensation, the principal purpose of our share incentive plans is to attract, retain, and reward personnel through the granting of share-based compensation awards in order to increase stockholder value and the success of our company by motivating such individuals to perform to the best of their abilities and achieve our objectives.
As of January 31, 2024, we had over 2200 employees operating across the world. We recognize that everyone deserves respect and equal treatment, regardless of gender, race, ethnicity, age, disability, sexual orientation, gender identity, cultural background, or religious belief and we strive to emphasize this equality as part of our core values to create a diverse, equitable, and inclusive work environment. We believe that kindness should be extended at every opportunity, to our peers, users, partners, and customers. An internal environment that is friendly, kind, and forgiving of mistakes is positive and productive. None of our employees are represented by a labor union. In certain countries in which we operate, such as France, we are subject to, and comply with, local labor law requirements, which may automatically make our employees subject to industry-wide collective bargaining agreements. We have not experienced any work stoppages, and we consider our relations with our employees to be good.
Culture and Principles
Culture at HashiCorp is the result of interactions between people and systems practices, which are built on shared principles. Our people practices (hiring, promotions, and separation) and systems practices (writing, meetings, and operating cadence) are grounded in our nine core principles:
•Integrity
•Kindness
•Pragmatism
•Humility
•Vision
•Execution
•Communication
13
•Beauty Works Better
•Reflection
Hybrid Remote Distributed Workforce
HashiCorp is a hybrid remote company, meaning we optimize our workflows for decentralized remote teams. Since HashiCorp's inception, we recognized that creating high-functioning, effective hybrid remote teams would require careful planning and system design to not only establish the culture, but help it grow and evolve organically. We have designed our processes, systems, and teams so that people can perform their jobs without needing to be physically present in the same room or even in the same time zone. Part of supporting our hybrid remote culture also involves actively encouraging personal well-being through initiatives, including wellness programs, engagement programs (speaker series, employee resource groups, gift exchanges, mentorship opportunities, virtual events, etc.), community outreach activities, recognition programs, and groups to connect people with similar interests, life circumstances, or backgrounds no matter where they are geographically.
Engagement
We conduct regular, anonymous engagement surveys to help us understand the employee experience, maintain a real-time pulse on employee engagement, and continuously action areas of opportunity as an organization. It is a quick way for management to see trends in engagement and progress on action plans. By continuing to lift our engagement, we can impact retention and attraction of top talent to HashiCorp.
Learning and Development
We strive to provide a culture of curiosity and learning where employees can try new things and continually grow and develop. We offer a variety of resources to support this, and provide a quarterly learning program, which includes live workshops and presentations from internal and external facilitators, and on-demand learning and development, to help our employees develop their business acumen so they are ready to make decisions, drive impact, and focus on what matters most to HashiCorp.
Compensation and Benefits
We aim to provide compensation and benefits that are equitable and competitive, and meet the diverse needs of our global workforce. We believe it is important for our employees to have a stake in our success, which is why our total compensation packages include both cash and equity components for most levels. Our remote working model has been in our DNA since our start in 2012, which allows us to maintain a flexible working environment and gives us access to a global pool of diverse talent. In addition to our standard suite of benefits, which includes medical, dental, and vision insurance, a 401(k) saving plan, and paid time off, we are committed to supporting our employees’ mental health by offering the Employee Assistance Program, or EAP, and access to an on-demand behavioral healthcare benefit. We also support diverse and growing families through global parental leave programs and our family expansion benefits.
Diversity and Inclusion
We are committed to principles of fairness and equality. We believe that this commitment makes us a stronger, more vibrant, and more innovative company. We seek to build an environment where every employee, regardless of background, identity, or life experience, has an equal opportunity to grow and thrive.
Intellectual Property
We rely on a combination of patent, copyright, trademark and trade secret laws in the United States and other jurisdictions, as well as license agreements and other contractual protections, to protect our proprietary technology. We also rely on a number of registered and unregistered trademarks to protect our brand.
As of January 31, 2024, we held 18 issued U.S. patents, had three other U.S. patent applications allowed, and had at least eight pending U.S. patent applications, with several more patent applications in the pipeline. We have no pending or issued patents in any jurisdiction outside of the United States. Our issued patents are scheduled to expire between
14
2039-2042. As of January 31, 2024, we held twelve registered trademarks in the United States, and also held 85 registered trademarks in foreign jurisdictions. As of January 31, 2024, we held no pending U.S. trademark applications and 3 pending foreign trademark applications. We continually review our development efforts to assess the existence and patentability of new intellectual property.
We seek to protect our intellectual property rights by implementing a policy that requires our employees and independent contractors involved in development of intellectual property on our behalf to enter into agreements acknowledging that all works or other intellectual property generated or conceived by them on our behalf are our property, and assigning to us any rights, including intellectual property rights, they may claim or otherwise have in those works or property, to the extent allowable under applicable law.
Technology Infrastructure
We outsource substantially all of our cloud infrastructure to public cloud operators that host our products and platform, primarily AWS, Google Cloud, and Microsoft Azure. Because of the significant use of our platform on public clouds, our solutions must remain interoperable with them. Further, we are subject to the standard agreements, policies, and terms of service of these public clouds, as well as agreements, policies, and terms of service of the various application stores that make our solutions available to our developers, creators, customers, and users. These agreements, policies, and terms of service govern the availability, promotion, distribution, content, and operation generally of applications and experiences on such public clouds.
The substantial majority of the services for which we use public cloud operators are cloud-based server capacity and, to a lesser extent, storage and other optimization offerings. Public cloud operators allow us to order and reserve server capacity in varying amounts and sizes distributed across multiple regions. We access public cloud operator infrastructure through standard IP connectivity. Public cloud operators provide us with computing and storage capacity under agreements that continue until terminated by either party. Public cloud operators may terminate the agreements by providing 30 days’ prior written notice and may in some cases terminate the agreement immediately for cause upon notice.
Available Information
Our Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, and amendments to reports filed pursuant to Sections 13(a) and 15(d) of the Securities Exchange Act of 1934, as amended, the Exchange Act, are filed with the U.S. Securities and Exchange Commission, or the SEC. Such reports and other information filed by us with the SEC are available free of charge at ir.hashicorp.com/financial-information/sec-filings as soon as reasonably practicable after such reports are available on the SEC’s website, www.sec.gov. We periodically provide other information for investors on our corporate website, www.hashicorp.com, and our investor relations website, ir.hashicorp.com. This includes press releases and other information about financial performance, information on corporate governance, and details related to our annual meeting of stockholders. The information contained on, or that can be accessed through, the websites referenced in this Annual Report on Form 10-K is not incorporated by reference into this Annual Report on Form 10-K or any other filings we make with the SEC. Further, our references to website URLs are intended to be inactive textual references only.
RISK FACTORS
A description of the risks and uncertainties associated with our business is set forth below. You should carefully consider the risks and uncertainties described below, together with all of the other information in this Annual Report on Form 10-K, including the section titled “Management’s Discussion and Analysis of Financial Condition and Result of Operations” and our consolidated financial statements and the related notes thereto. Our business, results of operations, financial condition, or prospects could also be harmed by risks and uncertainties that are not presently known to us or that we currently believe are not material. If any of the risks actually occur, our business, results of operations, financial condition, and prospects could be materially and adversely affected. In that event, the market price of our Class A common stock could decline, and you could lose all or part of your investment.
15
Risk Factors Summary
This risk factors summary contains a high-level summary of risks associated with our business. It does not contain all the information that may be important to you, and you should read this risk factors summary together with the more detailed discussion of risks and uncertainties set forth following this summary. A summary of our risks includes, but is not limited to, the following:
•If we are unable to increase sales of subscriptions to our products to new customers, sell additional subscriptions to our products to our existing customers, or expand the value of our existing customers’ subscriptions to our products, our future revenue and results of operations will be harmed.
•If our existing customers stop using our products and renewing their subscriptions, our business and results of operations could suffer materially.
•Our business and operations have experienced periods of rapid growth and fluctuation, and if we do not appropriately manage future growth or change, if any, or are unable to improve our systems and processes, our business, financial condition, results of operations, and prospects will be adversely affected.
•We have a history of net losses and may not be able to achieve or sustain profitability or positive cash flows in the future. If we cannot achieve or sustain profitability or positive cash flows, our business, financial condition, and results of operations may suffer.
•Our limited operating history makes it difficult to evaluate our current business and prospects, and may increase the risk that we will not be successful.
•Our future quarterly results of operations may fluctuate significantly, and our recent results of operations may not be a good indication of our future performance.
•We rely significantly on revenue from subscriptions and, because we recognize a significant portion of the revenue from subscriptions over the term of the relevant subscription period, downturns or upturns in sales are not immediately reflected in full in our results of operations.
•The license for our free community edition products places certain limits on competitive use, but the permissive rights under our legacy open-source licenses makes it possible for third parties to offer and build upon older open-source versions of our products. Those competing versions could make it relatively easy for competitors to compete with us.
•If our paid products are not sufficiently compelling relative to our free community versions, our ability to sell paid subscriptions and retain customers may be limited and our business will suffer.
•We expect our revenue mix to vary over time, which could harm our gross margin and operating results.
•Our ability to increase sales of our products is highly dependent on the quality of our customer support, and our failure to offer high-quality support would have an adverse effect on our business, reputation, and results of operations.
•If we do not effectively focus our product development efforts, our business, results of operations, and financial condition could be adversely affected.
•We have limited experience with respect to determining the optimal prices for our products.
•We target enterprise customers, and sales to these customers involve risks that differ from risks associated with sales to smaller entities.
•Selling our HCP cloud offerings into large enterprises and regulated industries will require an ever-increasing level of features and compliance capabilities to satisfy customer requirements, and we may be unable to meet those requirements, which could limit the revenue growth we achieve from our cloud offerings.
•The length of our sales cycles can be unpredictable, and our sales efforts may require considerable time and expense.
16
•Our revenue growth depends in part on the success of our strategic relationships with our ecosystem of partners and the continued performance and engagement of these partners.
•We may not be capable of meeting the demand for professional services necessary to make our customers successful with our products.
•The estimates of market opportunity and forecasts of market growth included in our public disclosures may prove to be inaccurate, and even if the market in which we compete achieves the forecasted growth, our business could fail to grow at similar rates, if at all.
•The markets for some of our products are new, unproven, and evolving, and our future success depends on the growth and expansion of these markets and our ability to adapt and respond effectively to evolving markets.
•We face competition that we expect to become more intense over time, and which could adversely affect our business, financial condition, and results of operations.
•Problems with our internal systems, networks, or data, including actual or perceived breaches or failures by us or our partners, could cause our products to be perceived as insecure, underperforming, or unreliable, our reputation to be damaged, and our financial results to be negatively impacted.
•If our products do not meet our customers’ performance or support expectations or if we fail to meet service-level availability commitments made to our cloud platform customers, we could face subscription terminations, service-level penalty payments, and a reduction in renewals, which could significantly affect our current and future revenue.
•If we are unable to keep pace with technological and competitive developments or fail to integrate our products with a variety of technologies that are developed by others, our products may become less marketable, less competitive, or obsolete, and our results of operations may be adversely affected.
•Failure of our products to satisfy customer demands or to achieve increased market acceptance could adversely affect our business, results of operations, financial condition, and growth prospects.
•Unfavorable conditions in our industry or the global economy or reductions in spending for products like ours could limit our ability to grow our business and negatively affect our results of operations.
•Uncertainty regarding international conflicts, such as the ongoing hostility between Russia and Ukraine and the conflict in Israel and Gaza, and macroeconomic conditions could adversely impact our business.
•If we are unable to maintain and enhance our brand, especially among practitioners, our business and operating results may be adversely affected.
•We depend on cooperating with public cloud operators. Changes to arrangements with such operators may significantly harm our customer retention, new customer acquisition, and product extension or expansion, or require us to change our business strategies, operations, practices, or marketing activities, which could restrict our ability to maintain our platform through these clouds and would adversely impact our business.
•We rely upon public cloud operators to operate our platform and any disruption of or interference with our use of these operators’ services would adversely affect our business, results of operations, and financial condition.
•Interruptions or performance problems associated with our technology and infrastructure, and our reliance on technologies from third parties, may adversely affect our business operations and financial results.
Risks Related to Our Business and Operations
If we are unable to increase sales of subscriptions to our products to new customers, sell additional subscriptions to our products to our existing customers, or expand the value of our existing customers’ subscriptions to our products, our future revenue and results of operations will be harmed.
We offer certain features of our products as free community versions of our software with no payment required. Customers purchase subscriptions to our products in order to gain access to additional functionality and support. Our
17
future success depends on our ability to sell our subscriptions to new customers and to extend the deployment of our products with existing customers by selling paid subscriptions to our existing users and expanding the value and number of existing customers’ subscriptions. Our ability to sell new subscriptions depends on a number of factors, including the prices of our products, prices offered by our competitors, and the budgets of our customers, as well as their desire and ability to create new features and perform their own support relying on our public source available software products. We also face competition from public cloud operators, who may use our source available software products to provide and support hosted offerings that compete with our own. We rely in large part on our customers to identify new use cases for our products and new products to meet a broader set of their needs in order to expand such deployments and grow our business. If our customers do not recognize the potential of our products, our business would be materially and adversely affected. If our efforts to sell subscriptions to new customers and to expand deployments at existing customers are not successful, our total revenue and revenue growth rate may decline and our business will suffer.
If our existing customers do not continue using our products and renewing their subscriptions, our business and results of operations will suffer.
We expect to derive a significant portion of our revenue from renewals of existing subscriptions for our products. As a result, achieving a high renewal rate of our subscriptions will be critical to our business. Our customers have no contractual obligation to renew their subscriptions after the completion of their subscription term. Terms of our subscriptions typically range from one to three years.
Our customers’ usage of our products and renewal rates may decline or fluctuate as a result of a number of factors, including their satisfaction with our products and our customer support, our products’ ability to integrate with new and changing technologies, the frequency and severity of product outages, our product uptime or latency, the pricing of our products and that of our competitors, and our customers’ own budget priorities and fluctuations in spending. Even if our customers renew their subscriptions, they may renew for shorter subscription terms or on other terms that are less economically beneficial to us. We have limited historical data with respect to rates of customer renewals, so we may not accurately predict future renewal trends. If our customers do not renew their subscriptions, or renew on less favorable terms, our revenue may grow slower than expected or decline and our net expansion rate may decline.
If our paid products are not sufficiently compelling relative to our free community versions, our ability to sell paid subscriptions and retain customers may be limited and our business will suffer.
Historically, we have offered free community versions of our products in order to gain market acceptance and loyalty among software developers. We also offer paid subscriptions to the enterprise versions of our products, which offer features and capabilities we view as appropriate for scalable business use that are not included in our free versions. Our ability to sell paid subscriptions and retain customers largely depends on business purchasers finding sufficient value in the enterprise versions of our products. If we are unable to make our paid products sufficiently compelling to business customers as compared to our free community versions, we may have limited success selling paid subscriptions and retaining our enterprise customers.
Our business and operations have experienced periods of rapid growth and fluctuation, and if we do not appropriately manage future growth or change, if any, or are unable to improve our systems and processes, our business, financial condition, results of operations, and prospects will be adversely affected.
We have experienced periods of rapid growth and increased demand for our offerings. Our total revenues for fiscal 2024, fiscal 2023, and fiscal 2022 were $583.1 million, $475.9 million and $320.8 million, respectively, representing an annual growth rate of 23% from fiscal 2023 to fiscal 2024, and 48% from fiscal 2022 to fiscal 2023. In addition, we have experienced fluctuation in our growth rates over time. You should not rely on the revenue growth of any prior quarterly or annual period or combined periods as an indication of our future performance. Even if our revenue continues to increase, we expect our revenue growth rate to decline in future periods. We expect to continue growing our headcount in the future. The growth and expansion of our business and products place a continuous significant strain on our management, operational, and financial resources. In addition, as customers use more of our products for an increasing number of use cases, we have had to support more complex commercial relationships. We must continue to improve and expand our information technology and financial infrastructure, our operating and administrative systems, our relationships with
18
various partners and other third parties, and our ability to manage headcount and processes in an efficient manner to manage any future growth effectively.
We may not be able to sustain the diversity and pace of improvements to our products or implement systems, processes, and controls in an efficient or timely manner or in a manner that does not negatively affect our results of operations. Our failure to improve our systems, processes, and controls, or their failure to operate in the intended manner, may result in our inability to manage the growth of our business and to forecast our revenue, expenses, and earnings accurately, or to prevent losses.
In addition, our growth and the complexity of our multi-product business may make it difficult to evaluate our future prospects. Our ability to forecast our future results of operations is subject to a number of uncertainties, including our ability to effectively plan for and model future growth. We have encountered in the past, and may encounter in the future, risks and uncertainties frequently experienced by growing companies in rapidly changing industries. If we fail to achieve the necessary level of efficiency in our organization as it grows, or if we are not able to accurately forecast future growth, our business will be harmed. Moreover, if the assumptions we use to plan our business are incorrect or change in reaction to changes in our market or business, or we are unable to maintain consistent revenue or revenue growth, our share price could be volatile, and it may be difficult to achieve and maintain profitability.
We have a history of net losses and may not be able to achieve or sustain profitability or positive cash flows in the future, or as quickly as we expect. If we cannot achieve or sustain profitability or positive cash flows, or are slow to do so, our business, financial condition, and results of operations may suffer.
We incurred a net loss of $190.7 million, $274.3 million, and $290.1 million in fiscal 2024, fiscal 2023, and fiscal 2022, respectively. We had an accumulated deficit of $971.1 million as of January 31, 2024, and $780.4 million as of January 31, 2023. We anticipate that our operating expenses will increase in the foreseeable future as we continue to enhance our products, grow our relationships with existing customers, broaden our customer base, expand our sales and marketing activities, expand our operations, hire additional employees, and continue to develop our technology. These efforts may prove more expensive than we currently anticipate, and we may not succeed in increasing our revenue sufficiently, or at all, to offset these higher expenses. Because the markets for our products are rapidly evolving, it is difficult for us to predict our future results of operations. Revenue growth may slow or revenue may decline for a number of possible reasons, including slowing demand for our products or increasing competition. Any failure to increase our revenue as we grow our business could prevent us from achieving consistent profitability or positive cash flow at all, or in the time frame we expect, which could cause our business, financial condition, and results of operations to suffer.
Our limited operating history makes it difficult to evaluate our current business and prospects, and may increase the risk that we will not be successful.
We were incorporated in Delaware in 2013, but only began commercializing our software in 2016. Consequently, much of our growth has occurred in recent years. Our limited operating history makes it difficult to evaluate our current business and our future prospects, including our ability to plan for and model future growth. We have encountered and will continue to encounter risks and difficulties frequently experienced by rapidly growing companies in evolving industries. If we do not address these risks successfully, our business and results of operations will be adversely affected.
Further, we operate in a rapidly evolving market. Any predictions about our future revenue and expenses may not be as accurate as they would be if we had a longer operating history or operated in a more predictable market. We have a limited history with our products and pricing model and if, in the future, we are forced to change our pricing model or reduce prices for our products, our revenue and results of operations may be harmed.
As the market for our products evolves, or as new competitors enter our markets with new products or services, we may be unable to attract new customers or convert community users to paying customers on terms or based on pricing models that we have used historically. In the future, we may be required to reduce our prices or be unable to increase our prices, or it may be necessary for us to provide more products without additional revenue to remain competitive, all of which could harm our results of operations and financial condition.
Our future quarterly results of operations may fluctuate significantly, and our recent results of operations may not be a good indication of our future performance.
19
Our results of operations, including our revenue, cost of revenue, gross margin, operating expenses, cash flow, and deferred revenue have fluctuated from quarter-to-quarter in the past and may continue to vary significantly in the future so that period-to-period comparisons of our results of operations may not be meaningful. Accordingly, our financial results in any one quarter should not be relied upon as indicative of future performance. Our quarterly financial results may fluctuate as a result of a variety of factors, many of which are outside of our control, may be difficult to predict, and may or may not fully reflect the underlying performance of our business. Factors that may cause fluctuations in our quarterly financial results include:
•our ability to attract new customers;
•the loss of existing customers;
•fluctuations in customer renewal rates;
•our ability to successfully expand our business in the United States and internationally;
•our ability to foster an ecosystem of developers and users to maintain and expand the use cases of our products;
•our ability to sufficiently differentiate our paid offerings from our free community versions;
•our ability to gain new partners and retain existing partners;
•fluctuations in our number of customers, including those with $100,000 or greater in ARR;
•fluctuations in the mix of our revenue, which may impact our gross margins and operating income;
•the amount and timing of operating expenses related to the maintenance and expansion of our business and operations, including investments in sales and marketing, research and development, and general and administrative resources;
•network outages or performance degradation of our products;
•breaches of, or failures relating to, security, privacy, or data protection;
•general economic, industry, and market conditions;
•increases or decreases in the number of elements of our subscriptions or pricing changes upon any renewals of customer agreements;
•changes in our pricing policies or those of our competitors;
•the budgeting cycles and purchasing practices of customers;
•decisions by potential customers to purchase alternative solutions;
•decisions by potential customers to develop in-house solutions as alternatives to our products;
•insolvency or credit difficulties confronting our customers, which could adversely affect their ability to purchase or pay for our products;
•our ability to process all of the orders we receive late in our quarters before the quarters expire;
•our ability to collect timely on invoices or receivables;
•the cost and potential outcomes of future litigation or other disputes;
•future accounting pronouncements or changes in our accounting policies;
•short- and long-term interest rates;
•foreign exchange rate fluctuations;
•our overall effective tax rate, including impacts caused by any reorganization in our corporate tax structure and any new legislation or regulatory developments;
•fluctuations in stock-based compensation expense;
•the timing and success of new products introduced by us or our competitors or any other change in the competitive dynamics of our industry, including consolidation among competitors, customers, or partners;
20
•the timing of expenses related to the development or acquisition of technologies or businesses and potential future charges for impairment of goodwill from acquired companies; and
•other risk factors described in this Annual Report on Form 10-K.
The impact of one or more of the foregoing or other factors may cause our operating results to vary significantly. Such fluctuations could cause us to fail to meet the expectations of investors.
We rely significantly on revenue from subscriptions and, because we recognize a significant portion of the revenue from subscriptions over the term of the relevant subscription period, downturns or upturns in sales are not immediately reflected in full in our results of operations.
Subscription revenue accounts for the substantial majority of our revenue. We recognize a significant portion of our subscription revenue monthly over the term of the relevant time period. As a result, much of the subscription revenue we report each fiscal quarter is the recognition of deferred revenue from subscription contracts entered into during previous fiscal quarters. Consequently, a decline in new or renewed subscriptions in any one fiscal quarter will not be fully or immediately reflected in revenue in that fiscal quarter and will negatively affect our revenue in future fiscal quarters. Accordingly, the effect of significant downturns in new or renewed sales of our subscriptions will not be reflected in full in our results of operations until future periods.
The new license for our free community edition products places certain limits on competitive use, but the permissive rights under our open-source licenses prior to the change makes it possible for third parties to offer and build upon open-source versions of our products as they existed before the license change. Those competing versions could make it relatively easy for competitors, including public cloud operators, to enter our markets and compete with us.
Prior to August 2023, we licensed our free community products under the Mozilla Public License, which allows anyone, subject to compliance with the conditions of the applicable license, to redistribute our software and share certain source code components in modified or unmodified form and use it to build products that compete in our markets. Such competition can develop without the degree of overhead and lead time required by traditional proprietary software companies, due to the rights granted to licensees of open-source and source available software. Under our historical Mozilla Public License, it is possible for competitors and new entrants to develop their own software, including software based on open-source or our products, and for public cloud operators to expand their offerings to compete directly with ours, potentially reducing the demand for our products and putting pricing pressure on our subscriptions. For example, a new or existing competitor may dedicate its developers to building competing offerings based on open-source and source available software provided by us or third parties, and such offerings may reduce the demand for our offerings.
In August 2023, we changed the license for future versions of our free community software to the Business Source License, which is a source available license that also includes certain restrictions on using the community products to compete with our commercial offerings. However, that change does not prevent others from building competitive products using the versions that were released before the license change, and it does not restrict all forms of competition. We cannot guarantee we will compete successfully against current and future competitors that use the source available nature of our products to develop competitive offerings, or that we will be able to effectively enforce licensing restrictions on the competitive use of our community versions, or that competitive pressure or the availability of new software will not result in price reductions, reduced operating margins, or loss of market share, any of which would harm our business, financial condition, results of operations, and cash flows.
We expect our revenue mix to vary over time, which could harm our gross margin and operating results.
We expect our revenue mix to vary over time due to several factors, including the mix of our subscriptions for different products and our professional services and other revenue. For example, while Terraform and Vault are our most established products with commercial offerings at scale and make up the majority of our revenues, generating collectively over 88% and 85% of our revenues for fiscal 2024 and fiscal 2023, respectively, we believe that our emerging products represent a significant growth opportunity. We also believe that HCP, our fully managed cloud platform, represents a significant growth opportunity for our business, particularly as an increasing number of our customers look for a fully managed offering. Shifts in our business mix from quarter to quarter could produce substantial variation in the revenue we
21
recognize. Further, our gross margins and operating results could be harmed by changes in revenue composition and costs as we shift further managed offerings, together with numerous other factors, including entry into new markets or growth in lower margin markets; entry into markets with different pricing and cost structures; pricing discounts; and increased price competition. Any one of these factors or the cumulative effects of certain of these factors may result in significant fluctuations in our gross margin and operating results. This variability and unpredictability could result in our failure to meet internal expectations or those of investors for a particular period.
Our ability to increase sales of our products is highly dependent on the quality of our customer support, and our failure to offer high-quality support would have an adverse effect on our business, reputation, and results of operations.
Our customers depend on our technical support services to resolve issues relating to our products. If we do not succeed in helping our customers quickly resolve post-deployment issues or provide effective ongoing support and education on our products, our existing customers may not renew their subscriptions, our ability to sell additional subscriptions to existing customers or expand the value of existing customers’ subscriptions would be adversely affected, and our reputation with potential customers could be damaged. Many larger enterprise and government entity customers have more complex IT environments and require higher levels of support than smaller customers. If we fail to meet the requirements of these large enterprise customers, it may be more difficult to retain them or expand our relationship with them.
Additionally, it can take several months to recruit, hire, and train qualified technical support employees. We may not be able to hire such resources fast enough to keep up with demand, particularly if the sales of our products exceed our internal forecasts. To the extent we are unsuccessful in hiring, training, and retaining adequate support resources, our ability to provide adequate and timely support to our customers, and our customers’ satisfaction with our products, will be adversely affected. Our failure to provide and maintain high-quality support services would have an adverse effect on our business, financial condition, and results of operations.
If we do not effectively focus our product development efforts, our business, results of operations, and financial condition could be adversely affected.
We are a multi-product company. Our primary commercial products are Terraform, Vault, Consul, and Nomad, and our significant investments in research and development have resulted in a strong product pipeline. Our ability to attract new customers and increase revenue from existing customers depends in part on our ability to enhance and improve our existing products, increase adoption and usage of our products, and introduce new products. The success of any enhancements or new products depends on several factors, including timely completion, adequate quality testing, actual performance quality, market-accepted pricing levels, and overall market acceptance. Continuously enhancing our multiple products and advancing our new product pipeline may overextend our workforce and negatively affect product quality and development schedules. Enhancements and new products that we develop may not be introduced in a timely or cost-effective manner, may contain errors or defects, may require reworking features and capabilities, may have interoperability difficulties with our platform or other products, or may not achieve the broad market acceptance necessary to generate significant revenue. Some new products we develop may fail commercially, and we may incorrectly prioritize the development of products that do not become commercially successful over products which may have had a better chance of attaining commercial success. Workforce productivity spent on unsuccessful product development efforts may not be recovered. Furthermore, our ability to increase usage of our products depends, in part, on the development of new use cases for our products, which is typically driven by our developer community and may be outside of our control. In addition, adoption of new products or enhancements may put additional strain on our customer support team, which could shift the team’s resources away from supporting our current products or require us to make additional expenditures related to further hiring and training. If we are unable to timely and successfully enhance our existing products to meet evolving customer requirements, increase adoption and usage of our products, develop new products, or if our efforts do not render the outcomes we expect, then our business, results of operations, and financial condition will be adversely affected.
We have limited experience with respect to determining the optimal prices for our products.
We charge our customers subscription fees for use of our products. We expect that we may need to change our pricing from time to time. For example, we may need to adjust our fees based on customer usage of our products or
22
resistance to our pricing models. In the past, we have sometimes reduced our prices either for individual customers in connection with long-term agreements or for a particular product. We may also face increasing costs which we may be unable or unwilling to pass through to our customers given pricing pressure, which could adversely impact our business, results of operations, and financial condition.
Further, as competitors introduce new products or services that compete with ours or reduce their prices, we may be unable to attract new customers or retain existing customers based on our historical pricing. As we expand internationally, we also must determine the appropriate price to enable us to compete effectively in different locations. Moreover, enterprises, which are a primary focus for our direct sales efforts, may demand substantial price concessions. In addition, if the mix of our product sold changes, then we may need to, or choose to, revise our pricing. As a result, in the future we may be required or choose to reduce our prices or change our pricing models, which could materially harm our business, results of operations, and financial condition.
We target enterprise customers, and sales to these customers involve risks that differ from risks associated with sales to smaller entities.
We generally target large enterprise customers. Sales to large enterprise customers carry risks that may not be present or exceed those associated with smaller entities, such as longer sales cycles, more complex and demanding customer requirements and contract negotiations, substantial upfront sales costs, and less predictability in completing sales. For example, enterprise customers may require considerable time to evaluate and test our solutions and those of our competitors before making a purchase decision and placing an order. Multiple factors influence the length and variability of our sales cycle, including the need to educate potential customers about the uses and benefits of our solutions, economic pressure or uncertainty that prompts customers to seek cost savings on software purchases, the discretionary nature of purchasing and budget cycles, and the competitive nature of evaluation and purchasing approval processes. As a result, the length of our sales cycle, from identification of the opportunity to deal closure, may vary significantly from customer to customer, with sales to large enterprises typically taking longer to complete. Moreover, large enterprise customers often begin to deploy our products on a limited basis, but nevertheless demand integration services and pricing negotiations, with no guarantee they will deploy our products widely across their organization.
Selling our HCP cloud offerings into large enterprises and regulated industries will require an ever-increasing level of features and compliance capabilities to satisfy customer requirements. Our inability to meet those requirements could limit the revenue growth we achieve from our cloud offerings.
Expanding market share for our cloud platform is a high priority for our long-term revenue growth. We continue to make substantial investments in our HCP cloud platform to provide the full range of features, capabilities, and certifications that large enterprises and heavily regulated businesses often require of cloud vendors. Our ability to sell our HCP offerings into those enterprises will depend on their comfort levels with the features and compliance capabilities of our cloud platform. If we are unable to meet those requirements or keep up with new ones, we may not achieve our growth plans for our cloud offerings, which would have a negative impact on our cloud revenue and, ultimately, our long-term growth rates.
The length of our sales cycles can be unpredictable, and our sales efforts may require considerable time and expense.
Our results of operations may fluctuate, in part, because of the length and variability of the sales cycle of our subscriptions to our products and the difficulty in making short-term adjustments to our operating expenses. Our results of operations depend in part on sales to large subscription customers and increasing sales to existing customers. The length of our sales cycle, from initial contact with our sales team to contractually committing to our subscriptions, can vary substantially from customer to customer based on deal complexity. It is difficult to predict exactly when, or even if, we will make a sale to a potential customer or if we can increase sales to an existing customer. As a result, large individual sales have, in some cases, occurred in later quarters than we expected, or have not occurred at all. The loss or delay of one or more large transactions in a quarter could affect our cash flows and results of operations for that quarter and for future quarters. Customers often view a subscription to our products as a strategic decision and significant investment and, as a result, frequently require considerable time to evaluate, test, and qualify our products before purchasing or expanding a subscription. During the sales cycle, we expend significant time and money on sales and marketing and contract negotiation activities which may not result in a sale. Because a substantial proportion of our expenses are relatively fixed
23
in the short term, our results of operations may suffer if revenue falls below our expectations in a particular quarter due to extended sales cycles.
Our revenue growth depends in part on the success of our strategic relationships with our ecosystem of partners and the continued engagement and performance of these partners.
We maintain partnership relationships with a variety of partners, including public cloud providers, systems integrators, independent software vendors, channel partners, referral partners, and technology partners to jointly deliver offerings to our end customers and complement our broad community of users. Our partner agreements are generally non-exclusive, meaning our partners may offer customers the offerings of several different companies, including offerings that compete with ours, or may themselves be or become competitors. If our partners do not effectively market and sell our offerings, choose to use greater efforts to market and sell their own offerings or those of our competitors, or fail to meet the needs of our customers, our ability to grow our business and sell our offerings may be harmed. Our partners may cease marketing our offerings with limited or no notice and with little or no penalty. The loss of a substantial number of our partners, our possible inability to replace them, or the failure to recruit additional partners could harm our results of operations. Likewise, because the success of our products depends on integrations with partners’ technologies, if partners decide to no longer implement or support such integrations, or if they partner with our competitors and devote greater resources to implement and support the products of competitors, our business may be harmed.
We may not be capable of meeting the demand for professional services necessary to make our customers successful with our products.
Our customers often lack the expertise or resources to implement our products without assistance from our professional services team or those of our partners. This lack of skills and resources poses a severe risk of customers purchasing our products but not deploying them successfully, or in some cases, not deploying them at all. This constraint may even prevent potential customers from moving forward with a purchase. Consequently, our ability to acquire and retain customers depends heavily on our ability to offer effective professional services to customers, and our effectiveness in cultivating a sufficient network of partners to provide high quality professional services for our products. At times we have had trouble meeting customer demand for professional services. If we are unable to build and maintain enough professional services capacity to meet customer demand, either directly or through our partners, we will be at risk of increased customer attrition, slowing sales, and reputational damage from failed implementations, all of which could materially damage our business and our financial results.
Our estimates of market opportunity and forecasts of market growth included in our public disclosures may prove inaccurate, and even if the market in which we compete achieves the forecasted growth, our business could fail to grow at similar rates, if at all.
Market opportunity estimates and growth forecasts included in our public disclosure, including those we have generated ourselves, and those provided by third parties, such as the 650 Group, Gartner, or IDC, are subject to significant uncertainty and are based on assumptions and estimates that may prove inaccurate, including the risks described herein. Even if the market in which we compete achieves the forecasted growth, our business could fail to grow at similar rates, if at all.
The variables that go into the calculation of our market opportunity are subject to change over time, and there is no guarantee that estimates of addressable users or companies covered by our market opportunity will correspond to actual sales of our products or revenue. For example, negative conditions in the general economy both in the United States and abroad, including conditions resulting from uncertain interest rates, inflation, and geopolitical tensions, could diminish growth expectations in the U.S. economy and our market opportunity estimates. Any expansion in our market depends on multiple factors, including the cost, performance, and perceived value associated with our products and the products provided by our competitors. Even if the market in which we compete meets the size estimates and growth forecasts included in our public disclosures, our business could fail to grow at similar rates. Our growth is subject to many variables, including our success in implementing our business strategy, which carries many assumptions, risks and uncertainties. Accordingly, forecasts of market growth included in our public disclosures may not be indicative of our future growth.
24
The markets for some of our products are new, unproven, and evolving, and our future success depends on the growth and expansion of these markets and our ability to adapt and respond effectively to them.
The markets for certain of our products are relatively new, rapidly evolving, and unproven. Accordingly, it is difficult to predict customer demand, adoption and renewals for these products, the size, growth rate, expansion, and longevity of these markets, the entry of competitive products, or the success of existing competitive products. Our ability to penetrate new and evolving markets depends on a number of factors, including the cost, performance, and perceived value associated with our products. If these markets do not continue to grow as expected, or if we are unable to anticipate or react to changes in these markets, our competitive position would weaken, which would adversely affect our business and results of operations.
We face competition that we expect to intensify over time, which could adversely affect our business, financial condition, and results of operations.
The market for our products is developing and we expect competition to increase over time. Our business is impacted by rapid changes in technology, customer needs, frequent introductions of new offerings, and improvements to existing offerings, all of which may increase the competitive pressures that we face. We provide offerings to address the needs of a wide variety of prospective customers that compete with other approaches and solutions. For example, internal IT teams sometimes attempt to “do it themselves” using source available software. While individuals and small teams can sometimes use our community products to solve their technical problems, larger enterprises face more complex needs that require our commercial products. For select companies adopting a single-cloud solution, we compete with the well-established public cloud providers such as Amazon Web Services, or AWS, and their in-house offerings. We also compete with similar in-house offerings from Microsoft Azure, Google Cloud Platform, and other cloud providers; legacy providers with point products such as CyberArk, VMware, and IBM; and alternative open-source projects, such as Google Istio.
As the market for our products develops, the principal competitive factors in our market may include: product capabilities, including flexibility, scalability, performance, and security; ease of use; breadth of use cases; ability to integrate with existing IT infrastructure, cloud platforms, and on-premises environments; consistency of offerings across clouds; ability to implement multi-cloud provisioning, security, networking, and application deployment; speed of implementation and time to achieving value; ability to scale up and down dynamically on demand; robustness of professional services and customer support; price and total cost of ownership; adherence to certifications; size of customer base and level of user adoption; strength of sales and marketing efforts; scope of vendor ecosystem integrated with the products; ability to create new products and expanding the existing platform; ability to innovate around a cloud-delivered architecture; brand awareness, recognition, and reputation, particularly within the developer community; and ability to engage the community of users and partners. If we fail to innovate and improve our products and professional services to address these factors, we may become vulnerable to increased competition and therefore fail to attract new customers or lose or fail to renew existing customers, which would harm our business and results of operations.
Some of our actual and potential competitors, especially more established companies, may expand their offerings to compete with ours. These companies may have advantages over us, such as longer operating histories, more established relationships with current and potential customers and commercial partners, significantly greater financial, technical, marketing, or other resources, stronger brand recognition, larger intellectual property portfolios, and broader global distribution and presence. In addition, our business model largely assumes our customers are committed to a multi-cloud strategy and will not bundle their cloud services with a single provider. However, if this assumption inaccurately reflects the decisions of our customers, our business will suffer. Some of our larger potential competitors and other cloud providers have substantially greater resources than we do and therefore may afford to bundle competitively priced related products and services, which may allow them to leverage existing commercial relationships, incorporate functionality into existing products, sell products with which we compete at zero or negative margins, offer fee waivers and reductions or other economic and non-economic concessions, maintain closed technology platforms, or render our products unable to interoperate with such platforms. Our actual or potential customers may prefer to bundle their cloud services with one of our potential competitors even if such competitors’ individual products have more limited functionality compared to our software. These larger potential competitors are also often in a better position to withstand any significant reduction in technology spending and will therefore not be as susceptible to competition or economic downturns. Our potential competitors may also be able to respond more quickly and effectively than we can to new or changing opportunities, technologies, standards, or customer requirements. In addition, some potential competitors may offer products or services that address one or a limited number of functions at lower prices, with greater depth than our products or in geographies
25
where we do not operate. With the introduction of new technologies and new market entrants, we expect competition to grow in the future.
Furthermore, our actual and potential competitors may establish cooperative relationships among themselves or with third parties that may further enhance their resources and offerings in the markets we address. In addition, third parties with greater available resources may acquire current or potential competitors. As a result of such relationships and acquisitions, our actual or potential competitors might be able to adapt more quickly to new technologies and customer needs, devote greater resources to the promotion or sale of their products, initiate or withstand substantial price competition, take advantage of other opportunities more readily, or develop and expand their offerings more quickly than we do. For all these reasons, we may not be able to compete successfully against our current or potential competitors.
Problems with our internal systems, networks, or data, including actual or perceived breaches or failures by us or our partners, could cause our products to be perceived as insecure, underperforming, or unreliable, which would damage our reputation, and our financial results.
Our offerings involve the transmission and processing of data, which can include personal information and highly sensitive, proprietary, and confidential information we receive from our customers, our employees, and other third parties. In addition to threats from traditional attackers and insider threats, we also face security threats from malicious third parties, including individual hackers, sophisticated criminal groups, nation states, and state-sponsored organizations, that could disrupt or interrupt, or introduce ransomware, viruses, or other malicious code into our products, services, systems, or networks, obtain unauthorized access to our internal systems, networks, and data, as well as systems of organizations using our cloud products and services, and the information they store and process. Users and organizations using our services may also disclose or leak their passwords, API keys, or secrets that could lead to unauthorized access to their accounts and data within our products. Such incidents have become more prevalent in our industry, particularly against cloud services, and may in the future result in unauthorized, unlawful, or inappropriate access to, inability to access, disclosure of, or loss or other unauthorized processing of the sensitive, proprietary, and confidential information that we own, process, or control, such as customer information and proprietary data and information, including source code and trade secrets. In addition, the risks of data security failures has increased significantly based upon the growing number of new data protection laws throughout the world and intensive scrutiny from regulatory bodies. It is virtually impossible for us to entirely mitigate the risk of these security threats. While we have implemented security measures internally and have integrated security measures into our products, these measures may not function as expected and may not detect or prevent all unauthorized activity, prevent all security breaches and incidents, mitigate all security breaches or incidents, or protect against all attacks or incidents. Moreover, our products incorporate a variety of third-party components (including source available software components) which may expose us to additional security threats, and vulnerabilities in those components may be difficult or impossible to detect, control, and manage. We may also experience security breaches and other incidents that may remain undetected for an extended period and, therefore, may have a greater impact on our products, the networks and systems used in our business, and the proprietary and other confidential data contained on such networks and systems. We expect to incur significant costs in our efforts to detect and prevent security breaches and other security-related incidents, and we may face increased costs in the event of an actual or perceived security breach or other security-related incident. These cybersecurity risks pose a particularly significant risk to a business like ours that is focused on providing highly secure products to customers. Additionally, as a hybrid remote company, much of our workforce functions in a remote work environment that requires remote access to our corporate network, which in turn imposes additional risks to our business, including increased risk of industrial espionage, theft of assets, phishing, and other cybersecurity attacks, and inadvertent or unauthorized access to or dissemination of sensitive, proprietary, or confidential information.
We also engage third-party vendors and service providers to store and otherwise process some of our and our customers’ data, including sensitive and personal information. Our vendors and service providers may also be the targets of cyberattacks, malicious software, phishing schemes, fraud, and may face other cybersecurity threats and may suffer cybersecurity breaches and incidents from these and other causes. For example, in January 2023, one of our vendors, CircleCI, was compromised by an unauthorized third party, exposing certain environment variables, tokens and encryption keys of their customers, including HashiCorp, causing the vendor to have to rotate all customers’ GitHub OAuth tokens.
Our ability to monitor these parties’ data security is limited. There can be no assurance that any security measures that we or our third-party service providers, including third-party providers of cloud infrastructure services, have implemented will be effective against current or future security threats, and we cannot guarantee that our systems and
26
networks or those of our third-party service providers have not been breached or that they do not contain exploitable defects or bugs that could result in a breach of or disruption to our systems and networks or the systems and networks of third parties that support us and our products. While we maintain measures designed to protect the integrity, confidentiality, and security of our data and other data we maintain or otherwise process, our security measures or those of our third-party service providers could fail and result in unauthorized access to or disclosure, unavailability, modification, misuse, loss, destruction, or other processing of such data. Geopolitical events, including the ongoing hostility between Russia and Ukraine and the conflict in Israel and Gaza, may cause us and our vendors, contractors, and other third parties we work with to be vulnerable to a heightened risk of cybersecurity attacks, phishing attacks, viruses, malware, ransomware, hacking, or similar breaches and incidents from nation-state and affiliated actors, including attacks that could materially disrupt our supply chain and our systems, operations, and platform. Unauthorized access to, other security breaches of, or security incidents affecting, systems, networks, and data of our vendors, contractors, or those with which we have strategic relationships, even if not resulting in an actual or perceived breach of our customers’ networks, systems, or data, could result in the loss, compromise, unavailability, corruption, or other unauthorized processing of data, loss of business, reputational damage adversely affecting customer or investor confidence, regulatory investigations and orders, litigation, indemnity obligations, damages for contract breach, penalties for violation of applicable laws or regulations, significant costs for remediation, and other liabilities.
We also have incorporated artificial intelligence, or AI, features into certain of our offerings, and may continue to incorporate additional AI features into our offerings in the future. The use of AI may result in security incidents and our integration of AI and the use of AI features by our customers, and the use of AI solutions and offerings by our personnel, may create additional cybersecurity risks or increase cybersecurity risks, including risks of security breaches and incidents. Further, AI technologies may be used in connection with certain cybersecurity attacks, resulting in heightened risks of security breaches and incidents. In addition, our products may experience errors, failures, vulnerabilities, or bugs that cause our products not to perform as intended. Any such errors, failures, vulnerabilities, or bugs may not be found until after they are deployed to our customers and may create the perception that our platform and products are insecure, underperforming, or unreliable. We also provide frequent updates and fundamental enhancements to our platform and products, which increase the possibility of errors. Our quality assurance procedures and efforts to report, track, and monitor issues with our products may not be sufficient to ensure we detect any such defects in a timely manner. There can be no assurance that our software code is or will remain free from actual or perceived errors, failures, vulnerabilities, or bugs.
Many of our customers may use our software for controlling their infrastructure and processing, transmitting, and protecting their sensitive and proprietary information, including business strategies, financial and operational data, personal or identifying information, and other related data. Our Vault product is specifically designed to assist our customers with management of their private and sensitive information. Actual or perceived breaches or other security incidents from actual or perceived errors, failures, vulnerabilities, or bugs in our products or other causes could lead to claims and litigation, indemnity obligations, regulatory audits, proceedings, investigations and significant legal fees, significant costs for remediation, the expenditure of significant financial resources in efforts to analyze, correct, eliminate, remediate, or work around errors or defects, to address and eliminate vulnerabilities, and to address any applicable legal or contractual obligations relating to any actual or perceived security breach or incident. They could damage our relationships with our existing customers and have a negative impact on our ability to attract and retain new customers. Because our business is focused in part on providing security to our customers with Vault and our other products, we believe that such products could be targets for hackers and others, and that an actual or perceived breach of, or security incident affecting, our security products and customers, could be particularly detrimental to our reputation, customer confidence in our security products, and our business. The potential for an attack is compounded now that our Vault product is offered as a cloud service. Additionally, our products are designed to operate with little or no downtime. If a breach or security incident were to impact the availability of our products, our business, results of operations, and financial condition, as well as our reputation, could be adversely affected.
While we have taken steps designed to protect the confidentiality, integrity, and availability of our systems and the sensitive, proprietary, and confidential information that we own, process, or control, our security measures or those of third parties who we work with have been, and could from time to time in the future be, breached or otherwise not effective against security threats or preventing inadvertent or unauthorized access to or dissemination of sensitive, proprietary, or confidential information.
27
These risks are likely to increase as we continue to grow and process, control, store, and transmit increasing amounts of data.
If our offerings do not meet our customers’ performance or support expectations or if we fail to meet service-level availability commitments made to our cloud platform customers, we could face subscription terminations and a reduction in renewals, which could significantly affect our current and future revenue.
If we fail to meet the performance or support expectations that our customers have for our products, or the service-level availability commitments we have made to our cloud platform customers, then we may not retain our customers or renew them expected rates. With respect to service-level availability commitments, we may be obligated to pay monetary penalties to the impacted cloud customers. Additionally, we may be contractually obligated to provide cloud customers with additional capacity and reputationally obligated to provide customers with additional support, each of which could significantly affect our revenue.
Our reliance on public cloud providers may impact our ability to meet service-level targets or performance targets, as any interruption in all or any portion of the public cloud could result in negative impacts to the service we are able to provide. In some cases, we may not have a contractual right with our public cloud providers that compensates us for any losses due to interruptions, or we may have limited rights that fall short of the compensation obligations we have to our customers.
Further, the failure to meet our service-level commitments or performance targets on a chronic basis could result in damage to our reputation and we could face loss of revenue from reduced subscription levels from existing and prospective customers. Any service-level or performance failures could adversely affect our business, financial condition, and results of operations and, if made public, could harm our brand.
If we are unable to keep pace with technological and competitive developments or fail to integrate our products with a variety of technologies that are developed by others, our products may become less marketable, less competitive, or obsolete, and our results of operations may be adversely affected.
The success of our new product introductions depends on a number of factors including, but not limited to, timely and successful product development, market acceptance, our ability to manage the risks associated with new product releases, the effective management of development and other spending in connection with anticipated demand for new products, and the availability of newly developed products. As with many software companies, we have in the past experienced bugs, errors, or other defects or deficiencies in new products and product updates and delays in releasing new products, deployment options, and product enhancements and may have similar experiences in the future. As a result, some of our customers may either defer purchasing our products until we release new enhancements or switch to a competitor if we are not able to keep up with technological developments. If we are unable to successfully enhance our existing products to meet evolving customer requirements, increase adoption and use cases of our products, develop new products, quickly resolve security vulnerabilities, or if our efforts to increase the use cases of our products are more expensive than we expect, then our business, results of operations, and financial condition would be adversely affected.
In addition, our success depends on our ability to integrate our products with a variety of third-party technologies across any public or private platform or on-premises technology. Our technology partnership ecosystem powers significant extensibility of our products and offers our customers the ability to use external tools of their choice with our products and to deploy our products in their preferred environments and successfully support new package technologies as they arise. Further, our products must be compatible with the major cloud service providers in order to support local hosting of our products in geographies chosen by our customers. We also benefit from access to public and private vulnerability databases.
Changes in our relationship with any provider, the instability or vulnerability of any third-party technology, or the inability of our products to successfully integrate with third-party technology may adversely affect our business and results of operations. Any losses or shifts in the market position of these providers in general, in relation to one another or to new competitors or new technologies, could lead to losses in our relationships or customers, or to our need to identify and develop integrations with new third-party technologies. Such changes could consume substantial resources and may not be effective. Further, any expansion into new geographies may require us to integrate our products with new third-party technology and invest in developing new relationships with providers. If we are unable to respond to changes in a cost-
28
effective manner, our products may become less marketable, less competitive, or obsolete and our results of operations may be negatively impacted.
Failure of our products to satisfy customer demands or to achieve increased market acceptance could adversely affect our business, results of operations, financial condition, and growth prospects.
We derive and expect to continue to derive substantially all of our revenue from our products. As a result, market acceptance of our products is critical to our continued success. Demand for our products is affected by numerous factors beyond our control, including continued market acceptance, the timing of development and release of new products by our competitors, technological change, any developments or disagreements with the developer community, and growth or contraction in our market or the overall economy. We expect the growth and proliferation of data to lead to an increase in the data analyses demands of our customers and we may not be able to scale and perform to meet those demands or may not be chosen by users for those needs. If we are unable to continue to meet customer demands or to achieve more widespread market acceptance of our products, our business operations, financial results, and growth prospects will be materially and adversely affected.
Unfavorable conditions in our industry or the global economy or reductions in spending for products like ours could limit our ability to grow our business and negatively affect our results of operations.
Our results of operations may vary based on the impact of changes in our industry or the global economy on us or our customers. Current or future economic uncertainties or downturns could adversely affect our business and results of operations. Negative conditions in the general economy both in the United States and abroad, including conditions resulting from changes in gross domestic product growth, financial and credit market fluctuations, uncertain interest rates, inflationary pressures, interest rate increases, recessionary economic cycles, political turmoil, natural catastrophes, warfare, and terrorist attacks on the United States, Europe, the Asia-Pacific region, or elsewhere, could cause a decrease in business investments by our customers and potential customers, including spending on information technology, and negatively affect the growth of our business. For example, rising interest rates and high levels of inflation have affected businesses across many industries, which has significantly constrained and may continue to constrain the budgets of our customers and prospective customers. To the extent our offerings are perceived by customers and potential customers as discretionary, our revenue may be disproportionately affected by delays or reductions in general information technology spending. Also, customers may choose to develop in-house software as an alternative to using our products. Moreover, competitors may respond to market conditions by lowering prices. We cannot predict the timing, strength, or duration of any economic slowdown, instability, or recovery, generally or within any particular industry. If the economic conditions of the general economy or markets in which we operate do not improve, or worsen from present levels, our business, results of operations, and financial condition could be adversely affected.
If we are not able to maintain and enhance our brand, especially among practitioners, our business and operating results may be adversely affected.
We believe that developing and maintaining widespread awareness of our brand, especially with practitioners, is critical to achieving widespread acceptance of our products and attracting new users and customers. Brand promotion activities may not generate user or customer awareness or increase revenue, and even if they do, any increase in revenue may not offset the expenses we incur in building our brand. Expenditures intended to maintain and enhance our brand may not be cost-effective or effective at all. Changes to our business practices may cause our brand to be viewed negatively by the practitioner community. For example, in August 2023, we announced that we changed our source code license to Business Source License v1.1 on all future releases of our core products, which may be viewed less favorably by practitioners. If we do not successfully maintain and enhance our brand, including any unauthorized misuse of our brand, we may have reduced pricing power relative to our competitors, we could lose users and customers, or we could fail to attract potential new customers or expand sales to our existing customers, all of which could materially and adversely affect our business, results of operations, and financial condition.
Our international operations expose us to significant risks, and failure to manage those risks could materially and adversely impact our business.
Our customers and employees are located worldwide, and our strategy is to continue to expand internationally. Our future results of operations depend, in part, on our ability to sustain and expand our penetration of the international
29
markets in which we currently operate and to expand into additional international markets. We generated 30% and 27% of our revenue outside of the United States in fiscal 2024 and fiscal 2023, respectively. Our ability to expand internationally involves various risks, including the need to invest significant resources in such expansion, and the possibility that returns on such investments will not be achieved in the near future or at all in these less familiar competitive environments. We may also choose to conduct our international business through partnerships. If we are unable to identify partners or negotiate favorable terms, our international growth may be limited. In addition, we have incurred and may continue to incur significant expenses in advance of generating material revenue as we attempt to establish our presence in particular international markets. Additional risks associated with our international operations include:
•geopolitical conflicts, including military conflicts, that could damage the global economy;
•unexpected changes in regulatory requirements, taxes, trade laws, tariffs, export quotas, custom duties, or other trade restrictions;
•different labor regulations, especially in the European Union, where labor laws are generally more advantageous to employees as compared to the United States, including deemed hourly wage and overtime regulations in these locations;
•exposure to many stringent and potentially inconsistent laws and regulations relating to privacy, data protection, and data security, particularly in the European Union;
•changes in a specific country’s or region’s political or economic conditions, including, but not limited to, inflationary pressures, recessionary economic cycles, and resulting governmental responses;
•challenges inherent to efficiently managing an increased number of employees over large geographic distances, including the need to implement appropriate systems, policies, benefits, and compliance programs;
•severe fluctuations in currency exchange rates;
•risks relating to the implementation of exchange controls and trade protection regulations and measures in the United States or in other jurisdictions;
•risks relating to enforcement of U.S. export control laws and regulations including the Export Administration Regulations, or EAR, and trade and economic sanctions, including restrictions promulgated by the Office of Foreign Assets Control, or OFAC, and other similar trade protection regulations and measures in the United States or in other jurisdictions;
•greater difficulty in enforcing contracts and accounts receivable collection, and longer collection periods;
•limitations on our ability to reinvest earnings from operations derived from one country to fund the capital needs of our operations in other countries;
•limited or unfavorable intellectual property protection; and
•exposure to liabilities under anti-corruption and anti-money laundering laws, including the U.S. Foreign Corrupt Practices Act of 1977, as amended, or FCPA, and similar applicable laws and regulations in other jurisdictions.
The expansion of our existing international operations and entry into additional international markets will require significant management attention and financial resources. Our failure to successfully manage our international operations and the associated risks could limit the future growth of our business. If we are unable to address these difficulties and challenges or other problems encountered in connection with our international operations and expansion, we might incur unanticipated liabilities or we might otherwise suffer harm to our business generally.
Incorrect implementation or use of, or our customers’ failure to update, our products could result in customer dissatisfaction and negatively affect our business, operations, financial results, and growth prospects.
Our products are often operated in large scale, complex IT environments. Our customers and some partners require training and experience in the proper use of and the benefits that can be derived from our products to maximize their potential. If our customers do not implement, update or use our products correctly or as intended, inadequate performance, and/or security vulnerabilities may result. Because our customers rely on our software to manage a wide
30
range of operations, the incorrect implementation, use of, or our customers’ failure to update, our software or our failure to train customers on how to use our software productively may result in customer dissatisfaction, negative publicity and may adversely affect our reputation and brand. Our failure to effectively provide training and implementation services to our customers could result in lost opportunities for follow-on sales to these customers and decrease subscriptions by new customers, and adversely affect our business and growth prospects.
We depend on cooperation with public cloud operators. Changes to arrangements with such operators may significantly harm our customer retention, new customer acquisition, and product extension or expansion, or require us to change our business models, operations, practices, or advertising activities, which could restrict our ability to maintain our platform through these clouds and would adversely impact our business.
We depend upon the public cloud operators, primarily AWS, Google Cloud, and Microsoft Azure, to offer products to our customers. Because of the significant use of our platform on public clouds, our solutions must remain interoperable with them. Further, we are subject to the standard agreements, policies, and terms of service of these public clouds, as well as agreements, policies, and terms of service of the various application stores that make our solutions available to our developers, creators, customers, and users. These agreements, policies, and terms of service govern the availability, promotion, distribution, content, and operation generally of applications and experiences on such public clouds. As a result, we may not successfully cultivate relationships with key industry participants or develop products that operate effectively with these technologies, systems, networks, regulations, or standards. If it becomes more difficult for our customers or users to access and engage with our platform on the public clouds they are already using, if our customers choose not to access or use our platform application on their cloud accounts, or if our customers or users choose to use public clouds that do not offer or discontinue access to our platform, our business and customer retention, new customer acquisition, and product extension or expansion could be significantly harmed.
The owners and operators of these public clouds each have approval authority over our platform’s deployment on their systems and offer products that compete with ours. We have no control over these public clouds, and any changes to these clouds that degrade our platform’s functionality, or give preferential treatment to competitive products, could significantly harm our platform. Those companies have no obligation to test the interoperability of their clouds with our platform. If any of these companies introduced modifications to their clouds that purposefully or inadvertently made them incompatible with or not optimal for use of our platform, such disruption to our platform would harm our business. Additionally, such operators could make our platform, or certain features of our platform, inaccessible on their public clouds for a potentially significant period of time. An operator could also limit or discontinue our access to its public cloud if it establishes more favorable relationships with one or more of our competitors, launches a competing product itself, or it otherwise determines that it is in its business interests to do so. Such operators could display their competitive offerings more prominently than ours. We plan to continue to introduce new technologies on our platform regularly and it can take significant time to adjust such technologies to function with these public clouds, impacting the adoption of our new technologies and features, and we expect this trend to continue.
Each public cloud operator has broad discretion to change and interpret its agreements, terms of service, and policies with respect to our platform, and those changes may be unfavorable to us and our customers’ use of our platform. If we were to violate, or a public cloud operator believes that we have violated, its agreements, terms of service, or policies, that public cloud operator could limit or discontinue our access to its cloud. In some cases these requirements may not be clear or our interpretation of the requirements may not align with the interpretation of the public cloud operator, which could lead to inconsistent enforcement of these agreements, terms of service, or policies against us, and could also result in the public cloud operator’s limiting or discontinuing access to its cloud. Any limitation on or discontinuation of our access to any public cloud could adversely affect our business, financial condition or results of operations.
We rely upon public cloud operators to operate our platform and any disruption of or interference with our use of these operators’ services would adversely affect our business, results of operations, and financial condition.
We outsource substantially all of our cloud infrastructure to public cloud operators that host our products and platform, and our dependence will increase as we introduce new cloud products. Customers of our products need access to our platform at any time, without interruption or degradation of performance. Public cloud operators run their own platforms that we access, and we are, therefore, vulnerable to service interruptions of these platforms. We have experienced, and expect that in the future we may experience, interruptions, delays, and outages in service and availability from time to time due to a variety of factors, including infrastructure changes, human or software errors,
31
website hosting disruptions, and capacity constraints. Capacity constraints could be due to a number of potential causes including technical failures, natural disasters, fraud, or security attacks. In addition, if our security, or that of public cloud operators, is or is perceived to have been compromised, our products or platform are unavailable or our users are unable to use our products within a reasonable amount of time or at all, then our business, results of operations, and financial condition could be adversely affected. In some instances, we may not be able to identify the cause or causes of these performance problems within a period of time acceptable to our customers. It may become increasingly difficult to maintain and improve our platform performance, especially during peak usage times, as our products become more complex and the usage of our products increases. To the extent that we do not effectively address capacity constraints through our public cloud operators, our business, results of operations, and financial condition may be adversely affected. In addition, any changes in service levels from our public cloud operators may adversely affect our ability to meet our customers’ requirements.
The substantial majority of the services for which we use cloud service providers are server capacity and, to a lesser extent, storage and other optimization offerings. Public cloud operators allow us to order and reserve server capacity in varying amounts and sizes distributed across multiple regions. We access public cloud operator infrastructure through standard IP connectivity. Public cloud operators provide us with computing and storage capacity under agreements that continue until terminated by either party. Public cloud operators may terminate the agreements by providing a set amount of prior written notice and in some cases may terminate the agreements immediately for cause upon notice. Although we expect that we could receive similar services from other third parties, if any of our arrangements with public cloud operators are terminated, we could experience interruptions on our platform and in our ability to make our products available to customers, as well as delays and additional expenses in arranging alternative cloud infrastructure services.
Any of the above circumstances or events may harm our reputation, cause customers to stop using our products, impair our ability to increase revenue from existing customers, impair our ability to grow our customer base, subject us to financial penalties and liabilities under our service-level agreements, and otherwise harm our business, results of operations, and financial condition.
Interruptions or performance problems associated with our technology and infrastructure, and our reliance on technologies from third parties, may adversely affect our business operations and financial results.
Our website and internal technology infrastructure may experience performance issues due to a variety of factors, including infrastructure changes, human or software errors, website or third-party hosting disruptions, capacity constraints, technical failures, natural disasters, or fraud or security attacks. Our use and distribution of third-party source available software and reliance on other third-party services may increase this risk. For example, we depend on our relationship with a third-party processor for installation and packaging solutions in one of our products. If our website is unavailable or our users are unable to download our products or order subscriptions or services within a reasonable amount of time or at all, our business could be harmed. We expect to continue to make significant investments to maintain and improve website performance and to enable rapid releases of new features and applications for our products. To the extent we do not effectively upgrade our systems as needed and continually develop our technology to accommodate actual and anticipated changes in technology, our business and results of operations may be harmed.
If we experience an interruption in service for any reason, our cloud offerings may be similarly interrupted. An interruption in our services to our customers could cause our customers’ internal and consumer-facing applications to fail to function properly, which could have a material adverse effect on our business, operations, financial results, customer relationships, and reputation. In addition, we rely on cloud technologies from third parties in order to operate critical functions of our business, including financial management services, customer relationship management services, and lead generation management services. Accordingly, if these services become unavailable due to extended outages or interruptions or because they are no longer available on commercially reasonable terms or prices, our expenses could increase, our ability to manage our finances could be interrupted, our processes for managing sales of our products and supporting our customers could be impaired, and our ability to generate and manage sales leads could be weakened until equivalent services, if available, are identified, obtained, and implemented, all of which could harm our business and results of operations.
32
A real or perceived defect, security vulnerability, error, or performance failure in our products could cause us to lose revenue, damage our reputation, and expose us to liability.
Our products are inherently complex and, like all software, despite extensive testing and quality control, have in the past and may in the future contain defects or errors, especially when first introduced, or not perform as contemplated. These defects, security vulnerabilities, errors, or performance failures could cause damage to our reputation, loss of customers or revenue, product returns, order cancellations, service terminations, or lack of market acceptance of our software, which could expose us to liability. Because our products involve sensitive, secure and/or mission-critical uses by our customers, we may be subject to increased scrutiny, potential reputational risk, or potential liability should our software fail to perform as contemplated in such deployments. We have in the past and may in the future need to issue corrective releases of our software to fix these defects, errors, or performance failures, which could require us to allocate significant research and development and customer support resources to address these problems.
Techniques used to sabotage or obtain unauthorized access to systems or networks are constantly evolving and, in some instances, are not identified until launched against a target. We and our service providers may be unable to anticipate these techniques, react in a timely manner, or implement adequate preventative measures.
Further, there can be no assurance that any limitations of liability provisions in our customer and user agreements, contracts with third-party vendors and service providers, or other contracts would be enforceable or adequate or would otherwise protect us from any liabilities or damages with respect to any particular claim relating to a security breach or other security-related matter. Any cybersecurity insurance we carry may be insufficient to cover all liabilities we incur in connection with any privacy or cybersecurity incidents or may not cover the kinds of incidents for which we submit claims. For example, insurers may consider cyberattacks by a nation-state as an “act of war” and any associated damages as uninsured. We also cannot be certain that our insurance coverage will be adequate for data handling or data security liabilities actually incurred, that insurance will continue to be available to us on economically reasonable terms, or at all, or that any insurer will accept coverage as to any future claim. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could have a material adverse effect on our business, results of operations, and financial condition, as well as our reputation.
The use of AI in our offerings and in our business may result in reputational harm or liability.
We have incorporated and may continue to incorporate additional AI features into our offerings, including those based on large language models, and these features may become more important to our operations or to our future growth over time. We expect to rely on AI features to help drive future growth in our business, but there can be no assurance that we will realize the desired or anticipated benefits from AI or at all. We may also fail to properly implement or market our AI features. Our competitors or other third parties may incorporate AI into their offerings and solutions more quickly or more successfully than us, which could impair our ability to compete effectively and adversely affect our results of operations. Additionally, our use of AI may expose us to additional claims, demands, and proceedings by private parties and regulatory authorities and subject us to legal liability as well as brand and reputational harm. For example, if the content, analyses or recommendations that AI features assist in producing are or are alleged to be deficient, inaccurate or biased, or for such content, analyses, recommendations, or for such solutions or features or their development or deployment, including the collection, use, or other processing of data used to train or create such AI features, to infringe upon or to have misappropriated third-party intellectual property rights or to violate applicable laws, regulations, or other actual or asserted legal obligations to which we are or may become subject, then our reputation may be harmed and our business, financial condition, and results of operations may be adversely affected. The legal, regulatory, and policy environments around AI are evolving rapidly, and we may become subject to new and evolving legal and other obligations. These and other developments may require us to make significant changes to our use of AI, including by limiting or restricting our use of AI, and which may require us to make significant changes to our policies and practices, which may necessitate expenditure of significant time, expense, and other resources. AI also presents emerging ethical issues, and if our use of AI becomes controversial, we may experience brand or reputational harm.
We depend on our senior management and other key employees, and the loss of one or more of these employees or an inability to attract, train, and retain highly skilled employees could harm our business.
33
Our future success is substantially dependent on our ability to continue to attract and retain highly skilled personnel. The loss of the services of any of our key personnel, the inability to attract or retain qualified personnel, or delays in hiring required personnel, particularly in engineering and sales, may seriously harm our business, financial condition, and results of operations. We are also substantially dependent on the continued service of our existing engineering personnel because of the complexity of our products. Although we have entered into employment offer letters with our key personnel, these agreements have no specific duration and constitute at-will employment. The loss of one or more of our executive officers or key employees could seriously harm our business.
Our future performance also depends on the continued services and continuing contributions of our senior management to execute on our business plans and to identify and pursue new opportunities and product innovations. The loss of services of senior management could significantly delay or prevent the achievement of our development and strategic objectives, which could adversely affect our business, financial condition, and results of operations.
Our industry is generally characterized by significant competition for skilled personnel as well as high employee attrition. Additionally, many of the companies with which we compete for experienced personnel have greater resources than we have and may provide higher levels of compensation. We have from time to time experienced, and we expect to continue experiencing, difficulty in hiring and retaining employees with appropriate qualifications. Also, to the extent we hire personnel from competitors, we may be subject to allegations that they have been improperly solicited, that they have divulged proprietary or other confidential information, or that their former employers own their inventions or other work product.
In addition, newly hired employees require significant training and may take significant time to achieve full productivity. Our recent hires and planned hires may not become productive as quickly as we expect, and we may be unable to hire or retain sufficient numbers of qualified individuals in the markets where we do business or plan to do business.
Additionally, the growth of our direct sales force leads to increasing difficulty and complexity in its organization, management, and leadership, which we may not manage successfully. If we are unable to hire and train a sufficient number of effective sales personnel, we are ineffective at overseeing a growing sales force, or the sales personnel we hire are otherwise unsuccessful in obtaining new customers or increasing sales to our existing customer base, our business will be adversely affected.
Our corporate culture has contributed to our success, and if we cannot maintain this culture as we grow, we could lose the innovation, creativity, and entrepreneurial spirit we have worked to foster, which could harm our business.
We believe our culture has been and will continue to be a key contributor to our success. If we do not continue to maintain our corporate culture as we grow, we may be unable to foster the innovation, creativity, and entrepreneurial spirit we believe we need to support our growth. Any failure to preserve our culture also could further harm our ability to retain and recruit personnel, innovate and create new products, operate effectively, and execute on our business strategy.
Operating as a hybrid remote company may make it difficult for us to preserve our corporate culture, have a negative impact on workforce morale and productivity, and harm our future success, including our ability to retain and recruit personnel, innovate and operate effectively, and execute on our business strategy.
We have largely been a hybrid remote company since incorporation. This subjects us to heightened operational risks. For example, technologies in our employees’ and service providers’ homes may not be as robust as in our offices and could cause the networks, information systems, applications, and other tools available to employees and service providers to be more limited or less reliable than in our offices. Further, because the security systems in place at our employees’ and service providers’ homes may be less secure than those used in our offices, we may be subject to increased cybersecurity risk, which could expose us to risks of data or financial loss and disrupt our business operations. There is no guarantee that our data security and privacy safeguards will be completely effective or that we will not encounter risks associated with employees and service providers accessing company data and systems remotely.
Operating a hybrid work environment may make it more difficult for us to preserve our corporate culture, and our employees may have decreased opportunities to collaborate in meaningful ways. Further, we cannot guarantee that
34
having a large percentage of remote employees will not damage workforce morale and productivity. Any failure to preserve our corporate culture and foster collaboration could harm our future success, including our ability to retain and recruit personnel, innovate and operate effectively, and execute on our business strategy.
Additionally, working in a hybrid remote company allows employees to move freely while undertaking their work responsibilities. On occasion, employees have and may continue to fail to inform us of changes to their work location in a timely manner. Conducting business in certain geographies may expose use to risks associated with that location, including compliance with local laws and regulations or exposure to compromised internet infrastructure. If employees fail to inform us of changes in their work location, we may be exposed to various risks without our knowledge. For example, if employees create intellectual property on our behalf while residing in a jurisdiction with weak or uncertain intellectual property laws, our ownership of such intellectual property may be questioned. Similarly, if employees access our resources through unsecured internet infrastructure, they may expose us to a heightened risk of data theft or cyberattack.
Our business is affected by seasonal demands, and our quarterly operations results fluctuate as a result.
Historically our business has been highly seasonal, with the highest percentage of our sales occurring in our fiscal fourth quarter due to increased buying patterns of our enterprise customers prior to the end of the year and a lower percentage of our sales occurring in our second fiscal quarter due to the summer vacation slowdown that impacts many of our customers. We expect these seasonal trends to continue. We may also experience fluctuations due to factors that may be outside of our control that affect customer engagement with our platform. Additionally, activity levels may remain unpredictable due to the macroeconomic environment, including impacts of global military conflicts, inflationary pressures, or recessionary economic cycles. Episodic experiences may also contribute to fluctuations in our quarterly results of operations. As our business matures, other seasonal trends may develop, or existing seasonal trends may become more extreme.
A portion of our self-managed product revenue is recognized at the time we sell and deliver our software rather than on a ratable basis, and the amount we recognize can differ by product and contract length, which adds variability to our forecasting and could have a material negative impact on our revenue results.
More specifically, a portion of our self-managed license revenue is recognized upfront upon delivery of our software, particularly for multi-year agreements that are paid by customers on an annual basis. Generally, our multi-year self-managed contracts tend to have license revenue recognized upfront, while one-year self-managed contracts tend to have license revenue recognized ratably in one-month increments. In addition, the amount of revenue we recognize varies by product based on the allocation of value—from an accounting standpoint—between the license and support components of our product offerings.
We believe the benefit of securing multi-year customer commitments for our self-managed offerings far outweighs the resulting variability in forecasting revenue. Accordingly, we sell multi-year agreements whenever possible, but we also sell one-year agreements when our customers require them. The result is that in any given quarter, we can have a mix of one-year and multi-year agreements for our self-managed offerings, and that mix of contract lengths impacts the amount of revenue we recognize upfront versus over time. This variability is compounded by the fact that the amount of revenue we recognize at delivery also differs by product. We face challenges forecasting the percentage of customers who will choose multi-year agreements versus single-year subscriptions, as well as the final mix of products we will sell in each quarter. Any failure to make those forecasts with reasonable accuracy could cause us to miss our revenue forecasts and result in a decline in our stock price.
A high percentage of our sales often occur near the end of each quarter, which can create a processing backlog and negatively impact our revenue recognition and, consequently, our quarterly results.
Like many software companies, we transact many of our sales late in each quarter. For our self-managed offerings, this timing can affect our revenue recognition because delivery of the software is a prerequisite to recognizing revenue under applicable software accounting rules. If we are unable to deliver our software to a new customer before the quarter ends, we cannot recognize any revenue from the sale during the quarter in which the customer placed its order. Instead, we must wait until the quarter in which we actually delivered the software to begin recognizing revenue. In quarters where we have a high volume of late-quarter sales, we may be unable to sign or process a significant number of the orders we receive or deliver the purchased software before the quarter ends. As a result, we may need to prioritize some orders over
35
others and wait until the following quarter to recognize revenue for those orders we are unable to complete on time. In such cases, we will not be able to recognize as much revenue for the quarter as we otherwise would have if we had processed and delivered software for all orders we received before the quarter ended, which may lower our revenue results for the quarter. This in turn may harm our business by consistently underreporting our quarterly revenues to investors.
Sales to government entities are subject to a number of challenges and risks.
We sell to U.S. federal governmental agency customers. Sales to such entities currently constitute a small portion of our revenue. Selling to such entities can be highly competitive, expensive, and time-consuming, often requiring significant upfront time and expense without any assurance that these efforts will generate meaningful sales. Government certification or other requirements for products like ours may change, thereby restricting our ability to sell into the government sector until we have attained or updated the necessary certifications or satisfy other applicable requirements. Government demand and payment for our products may be affected by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our products. Additionally, any actual or perceived privacy, data protection, or data security incident, or even any perceived defect regarding our practices or measures in these areas, may negatively impact public sector demand for our products.
Government contracting requirements may change and could restrict our ability to sell into the government sector until we have met government-mandated requirements, which may require significant upfront cost, time, and resources. If we do not achieve and maintain government requirements, it may harm our competitive position against larger enterprises whose competitive offerings meet these requirements. We also can provide no assurance we will secure commitments or contracts with government entities even if we meet government requirements, which could harm our margins, business, financial condition, and results of operations. Further, government demand and payment for our offerings are affected by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our offering.
Additionally, we rely on certain partners to provide technical support services to certain of our government entity customers to resolve any issues relating to our products. If our partners do not effectively assist our government entity customers in deploying our products, succeed in helping our government entity customers quickly resolve post-deployment issues, or provide effective ongoing support, our ability to sell additional products to new and existing government entity customers would be adversely affected and our reputation could be damaged.
Further, governmental entities may demand contract terms that differ from our standard arrangements and are less favorable than terms agreed with private sector customers. Such entities may have statutory, contractual or other legal rights to terminate contracts with us or our partners for convenience or for other reasons. Any such termination may adversely affect our ability to contract with other government customers as well as our reputation, business, financial condition, and results of operations. Governments routinely investigate and audit government contractors’ administrative processes, and any unfavorable audit could result in the government refusing to continue buying our subscriptions, a reduction of revenue, or fines or civil or criminal liability if the audit uncovers improper or illegal activities, which could adversely affect our results of operations and reputation.
Risks Related to Our Intellectual Property
Some of our technology incorporates third-party open-source software, which could negatively affect our ability to sell our products, and subject us to possible litigation.
Our source available and proprietary technologies incorporate third-party open-source software, and we expect to continue using third-party open-source software in our products in the future, which may require using new and upgraded versions of these software applications. There can be no assurance that new versions of the third-party open-source projects we currently use will continue to be licensed under open-source licenses, or that new versions will not contain different open-source licenses that carry unacceptable limitations on distribution. In addition, where buying proprietary licenses is they only way to avoid onerous open-source distribution limitations, we may not succeed in obtaining those proprietary licenses on acceptable terms. Our inability to obtain certain licenses or other rights or to obtain such licenses or rights on favorable terms, could result in delays in product releases until equivalent technology can be identified, licensed, developed, and integrated into our products, which may have a material adverse effect on our business, results
36
of operations, and financial condition. In addition, third parties may allege that additional licenses are required for our use of their software or intellectual property, and we may be unable to obtain such licenses on commercially reasonable terms or at all.
In addition, few of the licenses applicable to open-source software have been interpreted by courts, and there is a risk these licenses could be construed in a manner that adversely impact our interests and the interests of our customers, both with respect to our use of third-party open-source as well as our distribution of our own software under source available licenses, including by imposing unanticipated conditions or restrictions on our ability to commercialize our products, or limiting our ability to enforce our rights in the manner we had anticipated. Moreover, we cannot ensure our software does not include open-source software that we are unaware of, or that we have not incorporated additional open-source software in our software in a manner that is inconsistent with the terms of the applicable license or our current policies and procedures, including requiring us to make some or all of our software available under an open-source license that is unacceptable to us or to our customers. If we incorporate third-party open-source software into our software products, then in certain circumstances, we and our customers may be subject to certain requirements, including requirements that we offer our solutions that incorporate such third-party open-source software under license terms that are inconsistent with our intended license, such as requiring portions of our products we create based upon, derived from, incorporating, or using such open-source software (and in turn, portions of our customers’ products that they create which are based upon, derived from, incorporating, or using our products) be made available for no cost and for the purpose of making and redistributing such software (including in source code form) and derivatives thereof. If an author or other third party that distributes such open-source software were to allege that we had not complied with the conditions of one or more of these licenses, we could be required to incur significant legal expenses defending against such allegations and could be subject to significant damages, enjoined from the sale of our products that contained the open-source software, and required to comply with onerous conditions or restrictions on these products, which could disrupt the distribution and sale of these products.
Moreover, there have been claims challenging the ownership rights in open-source software against companies that incorporate open-source software into their products, and the licensors of such open-source software provide no warranties or indemnities with respect to such claims. In the event such a claim is made with respect to a third-party open-source component included in our products, we and our customers could be required to seek licenses from third parties in order to continue offering our products, and to re-engineer our respective products or discontinue the sale of our respective products in the event re-engineering cannot be accomplished on a timely basis. We and our customers may also be subject to suits by parties claiming infringement, misappropriation or violation due to the reliance by our solutions on certain open-source software, and such litigation could be costly for us to defend or subject us to certain types of equitable remedies, such as an injunction. Some open-source projects have known vulnerabilities and architectural instabilities and are provided on an as-is basis, which, if not properly addressed, could negatively affect the performance of our product. Any of the foregoing could require us to devote additional research and development resources to re-engineer our solutions, provide an advantage to our competitors or other entrants to the market, create new security vulnerabilities, or highlight existing security vulnerabilities in products, result in customer dissatisfaction, and may adversely affect our business, results of operations, and financial condition. We cannot ensure that our processes for identifying and controlling our use of open-source software in our platform and products will be effective.
We develop our products in a source available software environment, which could negatively affect our ability to sell our offerings, or make it easier for competitors, some of whom may have greater resources than we have, to enter our markets and compete with us.
Unlike traditional proprietary software, the core of all of our products has its source code available, allowing our partners and third parties to give feedback directly, report issues, contribute features, and fix bugs, which we may accept and integrate into our products. Our partners are able to integrate their technology solutions and validate their integrations with continuous development. We plan to continue to develop our products in this source available environment, and enabling third-party contributions, and the integration of software from third parties into our codebase. While these software licenses state that any work of authorship licensed under it may be reproduced and distributed provided that certain conditions are met, we may nevertheless be subject to suits by parties claiming ownership rights in what we believe to be permissively licensed open-source software or claiming non-compliance with the applicable open-source licensing terms.
37
In addition, the use of third-party open-source software may expose us to greater risks than the use of third-party commercial software because open-source licensors generally do not provide warranties or controls on the functionality or origin of the software. Use of open-source software may also present additional security risks because the public availability of such software may publicize vulnerabilities or otherwise make it easier for hackers and other third parties to determine how to compromise our platform. Any of the foregoing could be harmful to our business, results of operations, financial condition, and cash flows and could help our competitors develop products that are similar to or better than ours.
Failure to obtain, maintain, protect, and enforce our proprietary technology and intellectual property rights could harm our business and results of operations.
Our success depends to a significant degree on our ability to obtain, maintain, protect, and enforce our intellectual property rights, including proprietary technology, methodologies, know-how, and brand. We rely on a combination of patents, trademarks, copyrights, service marks, trade secret laws, contractual restrictions, and other intellectual property laws and confidentiality procedures to establish and protect our proprietary rights. However, the steps we take to obtain, maintain, protect, and enforce our intellectual property rights may be inadequate. Our intellectual property rights may not protect our competitive position if we are unable to enforce our rights or if we do not detect unauthorized use of our intellectual property rights, or if others are successful in designing around the protections our intellectual property rights afford. If we fail to protect our intellectual property rights adequately, our competitors may gain access to our proprietary technology, develop and commercialize substantially identical products, services, or technologies, and our business may be harmed. In addition, defending our intellectual property rights might entail significant expense.
Any patents, trademarks, or other intellectual property rights that we have or may obtain may be challenged or circumvented by others or held unenforceable or invalidated through administrative process, including re-examination inter partes review, interference and derivation proceedings, and equivalent proceedings in foreign jurisdictions (e.g., opposition proceedings), or litigation. There can be no assurance that our patent applications will result in issued patents. Even if we continue to seek patent protection in the future, we may be unable to obtain further patent protection for our technology. In addition, any patents issued in the future may not provide us with competitive advantages or may be successfully challenged by third parties. There may be issued patents of which we are not aware, held by third parties that, if found to be valid and enforceable, could be alleged to be infringed by our current or future technologies or offerings. There also may be pending patent applications of which we are not aware that may result in issued patents, which could be alleged to be infringed by our current or future technologies or offerings.
Furthermore, legal standards relating to the validity, enforceability, and scope of protection of intellectual property rights are uncertain. Despite our precautions, it may be possible for unauthorized third parties to copy our products and use information that we regard as proprietary to create offerings that compete with ours. Effective patent, trademark, copyright, and trade secret protection may not be available to us in every country in which our products are available. We may be unable to prevent third parties from acquiring domain names or trademarks that are similar to, infringe upon, or diminish the value of our trademarks and other proprietary rights. We may be unable to successfully resolve these types of conflicts to our satisfaction. In some cases, litigation or other actions may be necessary to protect or enforce our trademarks and other intellectual property rights. Furthermore, third parties may assert intellectual property claims against us, and we may be subject to liability, required to enter into costly license agreements, or required to rebrand our offering or prevented from selling our offering if third parties successfully oppose or challenge our trademarks or successfully claim that we infringe, misappropriate or otherwise violate their trademarks or other intellectual property rights. The laws of some countries may not be as protective of intellectual property rights as those in the United States, and mechanisms for enforcement of intellectual property rights may be inadequate. As we expand our international activities, our exposure to unauthorized copying and use of our products and proprietary information will likely increase. Accordingly, despite our efforts, we may be unable to prevent third parties from infringing upon or misappropriating our intellectual property.
We enter into confidentiality and invention assignment agreements with our employees and consultants and enter into confidentiality agreements with other parties. We cannot assure these agreements will be effective in controlling access to and distribution of our proprietary information. Further, these agreements may not prevent our competitors from independently developing technologies that are substantially equivalent or superior to our products. These agreements may be breached, and we may not have adequate remedies for any such breach.
In order to protect our intellectual property rights, we may be required to spend significant resources to monitor and protect our intellectual property rights. Litigation may be necessary in the future to enforce our intellectual property rights
38
and to protect our trade secrets. Litigation brought to protect and enforce our intellectual property rights could be costly, time-consuming, and distracting to management, and could result in the impairment or loss of portions of our intellectual property. Further, our efforts to enforce our intellectual property rights may be met with defenses, counterclaims, and countersuits attacking the validity and enforceability of our intellectual property rights and if such defenses, counterclaims, or countersuits are successful, we could lose valuable intellectual property rights. Our inability to protect our proprietary technology against unauthorized copying or use, as well as any costly litigation or diversion of our management’s attention and resources, could delay further sales or the implementation of our products, impair the functionality of our products, delay introductions of new products, result in our substituting inferior or more costly technologies into our products, or injure our reputation.
We could incur substantial costs as a result of any claim of infringement, misappropriation, or violation of another party’s intellectual property rights.
In recent years, there has been significant litigation involving patents and other intellectual property rights in the software industry. Companies providing software are increasingly bringing and becoming subject to suits alleging infringement, misappropriation, or violation of proprietary rights, particularly patent rights, and to the extent we gain greater market visibility, we face a higher risk of being the subject of intellectual property infringement, misappropriation, or violation claims. Further, the software industry is characterized by the existence of a large number of patents, copyrights, trademarks, trade secrets, and other intellectual and proprietary rights. Companies in the software industry are often required to defend against litigation claims based on allegations of infringement, misappropriation, or other violations of intellectual property rights. Our technologies may not be able to withstand any third-party claims against their use. In addition, many companies have the capability to dedicate substantially greater resources to enforce their intellectual property rights and to defend claims that may be brought against them.
We cannot predict the outcome of lawsuits and cannot ensure that the results of any such actions will not have an adverse effect on our business, financial condition, or results of operations. Accordingly, we could incur substantial costs in prosecuting or defending any current or future intellectual property litigation. Any such intellectual property litigation could be expensive and could divert our management resources possibly leading to delays in development or commercialization of our products.
Any intellectual property litigation to which we might become a party, or for which we are required to provide indemnification, may require us to do one or more of the following:
•cease selling or using products that incorporate the intellectual property rights that we allegedly infringe, misappropriate, or violate;
•make substantial payments for legal fees, settlement payments, license fees, royalties, or other costs or damages;
•obtain a license, which may not be available on reasonable terms or at all, to sell or use the relevant technology; or
•redesign the allegedly infringing products to avoid infringement, misappropriation, or violation, which could be costly, time-consuming, or impossible.
Even if the claims do not result in litigation or are resolved in our favor, these claims, and the time and resources necessary to resolve them, could divert the resources of our management and harm our business and results of operations. We expect that the occurrence of infringement claims is likely to grow as the market for our platform for data in motion and our offering grows. Accordingly, our exposure to damages resulting from infringement claims could increase, which could strain our financial and management resources.
If we are required to make substantial payments or undertake any of the other actions noted above due to intellectual property infringement, misappropriation, or violation claims against us or any obligation to indemnify our customers for such claims, such payments or actions could harm our business.
Indemnity provisions in various agreements potentially expose us to substantial liability for intellectual property infringement, misappropriation, violation, and other losses.
39
Our agreements with customers and other third parties may include indemnification provisions under which we agree to indemnify them for losses suffered or incurred as a result of claims of intellectual property infringement, misappropriation, or violation, damages caused by us to property or persons, or other liabilities relating to or arising from our software, services, or other contractual obligations. Large indemnity obligations and payments could disrupt and harm our business, results of operations, and financial condition. Although we generally attempt to contractually limit our liability with respect to such indemnity obligations, our efforts may not always be successful, and we may still incur substantial liability related to them even when subject to limitations. Any dispute with a customer with respect to such obligations could have adverse effects on our relationship with that customer and other existing customers and new customers and harm our business and results of operations.
Risks Related to our Regulatory, Legal, Tax, and Accounting Environment
In connection with the operation of our business, we may collect, store, transfer, and otherwise process certain personal data and personally identifiable information, and our products help our customers do so as well. As a result, our business is subject to a variety of government and industry regulations, as well as other obligations, related to privacy, data protection, and data security.
Privacy, data protection, and data security have become significant issues in various jurisdictions where we offer our products and increasingly so as we sell more cloud offerings. We process certain personal data as part of our business operations, and our Vault product is specifically designed to assist our customers with management of their private and sensitive information. As we develop our cloud offerings and are able to process more data in the cloud, these issues become more significant. The regulatory frameworks for privacy, data protection, and data security issues worldwide are rapidly evolving and are likely to remain uncertain for the foreseeable future, particularly for data processed in the cloud. Federal, state, and non-U.S. government bodies or agencies have in the past adopted, and may in the future adopt, new laws and regulations or may make amendments to existing laws and regulations affecting data protection, data privacy, and/or data security and/or regulating the use of the internet as a commercial medium. Industry organizations also regularly adopt and advocate for new standards in these areas, and we are bound by certain contractual obligations relating to our use, storage, security, and other processing of personal data and other personally identifiable information. We also post privacy policies and have made, and may make, other representations regarding our privacy and data security practices. If we fail to comply with any of these laws, regulations, standards, or other obligations, or such public representations, or are alleged to have done so, we may be subject to investigations, enforcement actions, civil litigation, fines, and other penalties, all of which may generate negative publicity and have a negative impact on our business.
In the United States, we may be subject to investigation and/or enforcement actions brought by federal agencies and state attorneys general and consumer protection agencies. We publicly post policies and other documentation regarding our practices concerning the processing, use, and disclosure of personally identifiable information. Although we endeavor to comply with our published policies and documentation, we may at times fail to do so or be alleged to have failed to do so. The publication of our privacy policy and other documentation that provide promises and assurances about privacy and security can subject us to potential state and federal action if they are found to be deceptive, unfair, or misrepresentative of our actual practices.
Many states have enacted privacy and data security laws. For example, the California Consumer Privacy Act, or CCPA, which took effect on January 1, 2020, gives California residents expanded rights to access and delete their personal information, opt-out of certain personal information sharing, and receive detailed information about how their personal information is used. The CCPA provides for civil penalties for violations, as well as a private right of action for data breaches that is expected to increase data breach litigation. Some observers have noted that the CCPA could mark the beginning of a trend toward more stringent privacy legislation in the United States. California has already amended and expanded the CCPA with a new law, the California Privacy Rights Act of 2020, or CPRA, which came into effect as of January 1, 2023. Additionally, other U.S. states continue to propose, and in certain cases adopt, privacy-focused legislation. For example, Virginia, Colorado, Utah, and Connecticut have enacted comprehensive privacy legislation that has gone into effect in 2023; Florida, Montana, Oregon, and Texas have enacted similar legislation that will go into effect in 2024; Delaware Iowa, New Jersey, and Tennessee have enacted similar legislation that will go into effect in 2025; and Indiana has enacted similar legislation that will go into effect in 2026. Aspects of these state laws remain unclear, resulting in further uncertainty and potentially requiring us to modify our data practices and policies and to incur substantial additional costs and expenses in an effort to comply. A patchwork of differing state privacy and data security requirements will increase the cost and complexity of operating our business and increase our exposure to liability. Similarly, regulatory
40
bodies such as the US Securities and Exchange Commission have issued disclosure rules and signaled a more aggressive posture regarding data security failures.
Internationally, we or our customers must comply with the data security, privacy, and data protection requirements of each of the jurisdictions we operate in. Within the European Union, the European General Data Protection Regulation, or the GDPR, became fully effective on May 25, 2018, and applies to the processing (which includes the collection and use) of certain personal data. The GDPR imposes substantial obligations and risk upon our business. Administrative fines under the GDPR can amount up to 20 million Euros or four percent of the group’s annual global turnover, whichever is highest. We may be required to incur substantial expense and to make significant changes to our business operations in an effort to comply with the obligations imposed by the GDPR, all of which may adversely affect our revenue and our business overall. Additionally, because the GDPR lacks a long enforcement history, we are unable to predict fully how the GDPR may be applied to us. Despite our efforts to attempt to comply with the GDPR, a regulator may determine that we have not done so and subject us to fines and public censure, which could harm our company.
European privacy, data security, and data protection laws, including the GDPR, regulate and generally restrict the transfer of the personal data subject from Europe, including the European Economic Area, or EEA, the United Kingdom, and Switzerland, to third countries that have not been found to provide adequate protection to such personal data, including the United States unless the parties to the transfer have implemented specific safeguards to protect the transferred personal data. The safeguard on which we have primarily relied for such transfers has been implementation of the European Commission’s Standard Contractual Clauses, or SCCs, in our relevant data transfer agreements. We have undertaken certain efforts to conform transfers of personal data from the European Economic Area, or the EEA, to the United States and other jurisdictions based on our understanding of current regulatory obligations and the guidance of data protection authorities. The EU-U.S. Privacy Shield program administered by the U.S. Department of Commerce, to which we have self-certified, was invalidated by the Court of Justice of the European Union, or CJEU, on July 16, 2020. The Swiss Federal Data Protection and Information Commissioner invalidated the Swiss-U.S. Privacy Shield on similar grounds. In its July 16, 2020 opinion, the CJEU imposed additional obligations on companies when relying on SCCs to transfer personal data. The European Commission has published revised SCCs addressing the CJEU concerns on June 4, 2021, that are required to be implemented. The United Kingdom has adopted new standard contractual clauses, or the UK SCCs, that became effective as of March 21, 2022, and which are required to be implemented. The United States and European Union announced an “agreement in principle” to replace the EU-U.S. Privacy Shield transfer framework with the Trans-Atlantic Data Privacy Framework, or EU-U.S. DPF, on March 25, 2022. On July 10, 2023, the European Commission adopted an adequacy decision in relation to the EU-U.S. DPF, allowing the EU-U.S. DPF to be utilized as a means of legitimizing EU-U.S. personal data transfers for participating entities, including us. We also have self-certified under a UK Extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework, or the Swiss-U.S. DPF. The EU-U.S. DPF already has faced legal challenges, and the CJEU’s Schrems II decision, the revised SCCs and UK SCCs, guidance and opinions of regulators, and other developments relating to cross-border data transfer, including the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF may be subject to challenges, future reviews, suspension, amendment, repeal, or limitations, and may require us to implement additional contractual and technical safeguards for any personal data transferred out of Europe, which may increase compliance costs, lead to increased regulatory scrutiny or liability, and which may adversely impact our business, financial condition and operating results.
We may also experience hesitancy, reluctance, or refusal by European or multi-national customers to continue to use our products, or by current or potential new customers to consider or adopt our fully managed HCP cloud offerings, due to the potential risk exposure to such customers as a result of shifting business sentiment in Europe regarding international data transfers and the data protection obligations imposed on them. We may find it necessary to establish systems to maintain personal data originating from Europe in Europe, which may involve substantial expense and may cause us to need to divert resources from other aspects of our business, all of which may adversely affect our business. We may be unsuccessful in maintaining the conforming means of transferring personal data from Europe to other jurisdictions. We, and our customers, may face a risk of enforcement actions taken by European data protection authorities relating to cross-border personal data transfers.
In addition to the GDPR, the European Commission has another draft regulation in the approval process that focuses on a person’s right to conduct a private life. The proposed legislation, known as the Regulation of Privacy and Electronic Communications, or the ePrivacy Regulation, would replace the current ePrivacy Directive. Originally planned to be adopted and implemented at the same time as the GDPR, the ePrivacy Regulation is still being negotiated. Most recently, on February 10, 2021, the Council of the EU agreed on its version of the draft ePrivacy Regulation. If adopted, the earliest date for entry into force is in 2023, with broad potential impacts on the use of internet-based services and tracking technologies, such as cookies. Aspects of the ePrivacy Regulation remain for negotiation between the European
41
Commission and the Council. We expect to incur additional costs to comply with the requirements of the ePrivacy Regulation as it is finalized for implementation.
Further, the United Kingdom has enacted a Data Protection Act, and has implemented legislation referred to as the “UK GDPR,” that substantially implements the GDPR in the United Kingdom following Brexit and the transition period that ended on December 31, 2020. This legislation provides for substantial penalties for noncompliance of up to the greater of £17.5 million or four percent of worldwide revenues. While the EU has deemed the United Kingdom an “adequate country” to which personal data could be exported from the EEA, this decision is required to be renewed after four years of being in effect and may be modified, revoked, or challenged in the interim, creating uncertainty regarding transfers of personal data to the United Kingdom from the EEA. Some countries also are considering or have passed legislation requiring local storage and processing of data, or similar requirements, which could increase the cost and complexity of delivering our products.
Finally, we publish privacy policies and other documentation regarding our collection, use, disclosure, and other processing of personal information. Although we endeavor to adhere to these policies and documentation, we and the third parties on which we rely may at times fail to do so or may be perceived to have failed to do so. Such failures could subject us to regulatory enforcement action as well as costly legal claims by affected individuals or our customers.
Because the interpretation and application of many laws and regulations relating to privacy, data protection, and data security, along with industry standards, are uncertain, particularly as they relate to our cloud offerings, it is possible that these laws and regulations may be interpreted and applied in a manner that is inconsistent with our existing data management practices or the features of our products, and we could face fines, lawsuits, regulatory investigations, and other claims and penalties, and we could be required to fundamentally change our products or our business practices, which could have an adverse effect on our business. Any inability to adequately address privacy, data protection, and data security concerns, even if unfounded, or any actual or perceived failure to comply with applicable privacy, data protection, and data security laws, regulations, and other obligations, could result in additional cost and liability to us, damage our reputation, inhibit sales, and adversely affect our business. Furthermore, the costs of compliance with, and other burdens imposed by, the laws, regulations, and policies that are applicable to the businesses of our customers may limit the use and adoption of, and reduce the overall demand for, our products. Privacy, data protection, and data security concerns, whether valid or not valid, may inhibit market adoption of our products, particularly in certain industries and countries outside of the United States. If we are not able to adjust to changing laws, regulations, and standards related to the internet, our business may be harmed.
We are subject to governmental export and import controls that could impair our ability to compete in international markets or subject us to liability if we violate these controls.
Our products and services may be subject to U.S. export control laws and regulations including the Export Administration Regulations, or EAR, and trade and economic sanctions maintained by the Office of Foreign Assets Control, or OFAC. As such, an export license may be required to export or re-export our products and services to certain countries, end-users, and end-uses. Because we incorporate encryption functionality into some of our products, we also are subject to certain U.S. export control laws that apply to encryption items. If we fail to comply with such U.S. export controls laws and regulations, U.S. economic sanctions, or other similar laws, we could be subject to both civil and criminal penalties, including substantial fines, possible incarceration for employees and managers for willful violations, and the possible loss of our export or import privileges. Obtaining the necessary export license for a particular sale or offering may not be possible and may be time-consuming and may result in the delay or loss of sales opportunities. Furthermore, U.S. export control laws and economic sanctions prohibit the export of products and services to certain U.S. embargoed or sanctioned countries and persons, as well as for prohibited end-uses. Monitoring and ensuring compliance with these complex U.S. export control laws is particularly challenging because our offerings are widely distributed throughout the world and are available for download without registration. Even though we take precautions to ensure that we and our partners comply with all relevant export control laws and regulations, any failure by us or our partners to comply with such laws and regulations could have negative consequences for us, including reputational harm, government investigations, and penalties.
In addition, various countries regulate the import of certain encryption products and technology, including through import permit and license requirements, and have enacted laws that could limit our ability to distribute our products or
42
could limit our end-customers’ ability to implement our products or services in those countries. Changes in our products and services or changes in export and import regulations in such countries may create delays in the introduction of our products into international markets, prevent our end-customers with international operations from deploying our products globally, or, in some cases, prevent or delay the export or import of our products to certain countries, governments, or persons altogether. Any change in export or import laws or regulations, economic sanctions, or related legislation, shift in the enforcement or scope of existing export, import, or sanctions laws or regulations, or change in the countries, governments, persons, or technologies targeted by such export, import, or sanctions laws or regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products and services to, existing or potential end-customers with international operations. Any decreased use of our products or services or limitation on our ability to export to or sell our products and services in international markets could adversely affect our business, financial condition, and operating results.
Failure to comply with anti-bribery and anti-corruption laws, and anti-money laundering laws could subject us to penalties and other adverse consequences.
We are subject to the FCPA, the U.K. Bribery Act, and other anti-corruption, anti-bribery, and anti-money laundering laws in various jurisdictions, both domestic and abroad. We leverage third parties, including channel partners, to sell our offerings and conduct our business abroad. We and our third-party intermediaries may have direct or indirect interactions with officials and employees of government agencies or state-owned or affiliated entities and may be held liable for the corrupt or other illegal activities of these third-party business partners and intermediaries, our employees, representatives, contractors, partners, and agents, even if we do not explicitly authorize such activities. These laws also require that we keep accurate books and records and maintain internal controls and compliance procedures designed to prevent any such actions. While we have policies and procedures to address compliance with such laws, we cannot assure you that all of our employees, representatives, contractors, partners, and agents will not take actions in violation of our policies and applicable law, for which we may be ultimately held responsible. Any allegations or violation of the FCPA or other applicable anti-bribery, anti-corruption laws, and anti-money laundering laws could result in whistleblower complaints, adverse media coverage, investigations, loss of export privileges, severe criminal or civil sanctions, or suspension or debarment from U.S. government contracts, all of which may have an adverse effect on our reputation, business, operating results, and prospects. Responding to any investigation or action will likely result in a materially significant diversion of management’s attention and resources and significant defense costs and other professional fees.
Changes in laws and regulations related to the internet or changes in the internet infrastructure itself may diminish the demand for our products, and could adversely affect our business, results of operations, and financial condition.
The future success of our business depends upon the continued use of the internet as a primary medium for commerce, communications, and business applications. Federal, state, or foreign government bodies or agencies have in the past adopted, and may in the future adopt, laws or regulations affecting the use of the internet as a commercial medium. Changes in these laws or regulations could require us to modify our products and platform in order to comply with these changes. In addition, government agencies or private organizations have imposed and may impose additional taxes, fees, or other charges for accessing the internet or commerce conducted via the internet. These laws or charges could limit the growth of internet-related commerce or communications generally, or result in reductions in the demand for internet-based products such as our products and platform. In addition, the use of the internet as a business tool could be adversely affected due to delays in the development or adoption of new standards and protocols to handle increased demands of internet activity, security, reliability, cost, ease of use, accessibility, and quality of service. The performance of the internet and its acceptance as a business tool has been adversely affected by “viruses,” “worms,” and similar malicious programs. If use of the internet is reduced by these or other issues, then demand for our products could decline, which could adversely affect our business, results of operations, and financial condition.
Any legal proceedings or claims against us could be costly and time consuming to defend and could harm our reputation regardless of the outcome.
We are and may in the future become subject to legal proceedings and claims that arise in the ordinary course of business, including patent infringement, other intellectual property, privacy and data protection, data security, employment, securities, contractual rights, torts, or other legal claims. Such matters can be time-consuming, divert management’s attention and resources, cause us to incur significant expenses or liability, or require us to change our business practices.
43
In addition, the expense of litigation and the timing of this expense from period to period are difficult to estimate, subject to change, and could adversely affect our financial condition and results of operations. Because of the potential risks, expenses, and uncertainties of litigation, we may, from time to time, settle disputes, even where we have meritorious claims or defenses, by entering into settlement agreements. Any of the foregoing could adversely affect our business, financial condition, and results of operations.
Unanticipated changes in effective tax rates or adverse outcomes resulting from examination of our income or other tax returns could expose us to greater than anticipated tax liabilities.
Our income tax obligations are based in part on our corporate structure and intercompany arrangements, including the manner in which we develop, value, and use our intellectual property and the valuations of our intercompany transactions. The tax laws applicable to our business, including the laws of the United States and other jurisdictions, are subject to interpretation and certain jurisdictions may aggressively interpret their laws in an effort to raise additional tax revenue. The taxing authorities of the jurisdictions in which we operate may challenge our methodologies for valuing developed technology or intercompany arrangements, which could increase our worldwide effective tax rate and harm our financial position and results of operations. It is possible that tax authorities may disagree with certain positions we have taken and any adverse outcome of such a review or audit could have a negative effect on our financial position and results of operations. Further, the determination of our worldwide provision for income taxes and other tax liabilities requires significant judgment by management, and there are transactions where the ultimate tax determination is uncertain. Although we believe that our estimates are reasonable, the ultimate tax outcome may differ from the amounts recorded in our consolidated financial statements and may materially affect our financial results in the period or periods for which such determination is made.
Our ability to use our net operating loss carryforwards to offset future taxable income may be subject to certain limitations.
As of January 31, 2024, we had U.S. federal and state net operating loss carryforwards of $690.4 million and $602.2 million, respectively. The Federal NOL does not expire since all balances relate to losses incurred after January 1, 2018, whereas state NOL will start expiring from 2026, respectively. Limitations imposed by the applicable jurisdictions on our ability to utilize net operating loss carryforwards could cause income taxes to be paid earlier than would be paid if such limitations were not in effect and could cause such net operating loss carryforwards to expire unused, in each case reducing or eliminating the benefit of such net operating loss carryforwards. Furthermore, we may not be able to generate sufficient taxable income to utilize our net operating loss carryforwards before they expire. If any of these events occur, we may not derive some or all of the expected benefits from our net operating loss carryforwards.
Utilization of our net operating loss carryforwards and other tax attributes, such as research and development tax credits, may be subject to annual limitations, or could be subject to other limitations on utilization or benefit due to the ownership change limitations provided by Sections 382 and 383 of the U.S. Internal Revenue Code of 1986, as amended, or the Code, and other similar provisions. Under Sections 382 and 383 of the Code, if a corporation undergoes an “ownership change,” the corporation’s ability to use its pre-change net operating loss carryforwards and other pre-change attributes, such as research tax credits, to offset its post-change income may be limited. In general, an “ownership change” will occur if there is a cumulative change in our ownership by “5-percent stockholders” that exceeds 50 percentage points over a rolling three-year period. Similar rules may apply under state tax laws. We may have experienced various ownership changes, as defined by the Code, as a result of past financing transactions (or other activities), and we may experience ownership changes in the future as a result of subsequent changes in our stock ownership, some of which may be outside our control. Accordingly, our ability to use our net operating loss carryforwards and other tax attributes may be limited.
Further, the Tax Cuts and Jobs Act of 2017, as modified by the Coronavirus Aid, Relief, and Economic Security Act of 2020, or the Tax Act, changed the federal rules governing net operating loss carryforwards. For net operating loss carryforwards arising in tax years beginning after December 31, 2017, the Tax Act allows such net operating losses to be carried forward indefinitely but limits a taxpayer’s ability to use those carryforwards in tax years beginning after December 31, 2020, to 80% of taxable income for the tax year. Net operating loss carryforwards generated before January 1, 2018, will not be subject to the Tax Act’s 80% taxable income limitation, but will continue to have a twenty-year carryforward period. As such, our net operating loss carryforwards and other tax assets could expire before utilization and could be subject to limitations, which could harm our business, revenue, and financial results.
44
Our corporate structure and intercompany arrangements are subject to the tax laws of various jurisdictions, and we could be obligated to pay additional taxes, which would harm our business and results of operations.
Based on our current corporate structure, we may be subject to taxation in several jurisdictions around the world with increasingly complex tax laws, the application of which can be uncertain. The amount of taxes we pay in these jurisdictions could increase substantially due to changes in applicable tax principles, including increased tax rates, new tax laws, or revised interpretations of existing tax laws and precedents. In addition, the authorities in the jurisdictions in which we operate through our subsidiaries could review our tax returns or require us to file tax returns in jurisdictions in which we are not currently filing, and could impose additional tax, interest, and penalties. These authorities could also claim that various withholding requirements apply to us or our subsidiaries, assert that benefits of tax treaties are not available to us or our subsidiaries, or challenge our methodologies for valuing developed technology or intercompany arrangements, including our transfer pricing. The relevant taxing authorities may determine that the manner in which we operate our business does not achieve the intended tax consequences. If such a disagreement was to occur, and our position was not sustained, we could be required to pay additional taxes, interest, and penalties. Any increase in the amount of taxes we pay or that are imposed on us could increase our worldwide effective tax rate and harm our business and results of operations.
The enactment of tax legislation implementing changes in the United States and other jurisdictions or the adoption of other tax reform policies could materially impact our financial position and results of operations.
Legislation or other changes to tax laws of the United States and other jurisdictions could impact the tax treatment of our earnings. For example, the Tax Act has eliminated the option to deduct research and development expenditures currently and instead requires taxpayers to capitalize and amortize such expenditures over five or fifteen years, for U.S.-based and non-U.S. based research expenditures, respectively, beginning in 2022. However, recently proposed tax legislation, if enacted, would restore the ability to deduct currently U.S.-based research expenditures through 2025 and would retroactively restore this benefit for 2022 and 2023. Further, the United States recently enacted the Inflation Reduction Act of 2022, or the IRA, which introduced a 15% minimum tax on adjusted book income over one billion, and a 1% excise tax on stock buybacks. We do not currently expect the IRA will have a material impact on our income tax liability. Further, the Organization for Economic Cooperation and Development has proposed implementing a global minimum tax of 15%, which has been agreed to by over 136 countries. The Council of the European Union has adopted this proposed 15% global minimum tax, which has been implemented into the domestic laws of some jurisdictions, effective for fiscal years beginning on or after December 31, 2023. Due to expansion of our international business activities, such changes, as well as regulations and legal decisions interpreting and applying these changes may increase our worldwide effective tax rate and adversely affect our financial position and results of operations.
Taxing authorities may successfully assert that we should have collected or in the future should collect sales and use, value added, or similar taxes, and we could be subject to liability with respect to past or future sales, which could adversely affect our results of operation.
We may not collect sales and use, value added, or similar taxes in all jurisdictions in which we are deemed to have sales, and we have been advised that such taxes are not applicable to our products in certain jurisdictions. Sales and use, value added, and similar tax laws and rates vary greatly by jurisdiction. Certain jurisdictions in which we do not collect such taxes may assert that such taxes are applicable, which could result in tax assessments, penalties, and interest, to us or our end-customers for the past amounts, and we may be required to collect such taxes in the future. If we are unsuccessful in collecting such taxes from our end-customers, we could be held liable for such costs. Such tax assessments, penalties and interest, or future requirements may adversely affect our results of operations.
If our estimates or judgments relating to our critical accounting policies are based on assumptions that change or prove to be incorrect, our results of operations could fall below expectations of investors.
The preparation of our consolidated financial statements requires management to make estimates and assumptions that affect the amounts reported in those consolidated financial statements. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, the results of which form the basis for making judgments about the carrying values of assets, liabilities, equity, revenue, and expenses that are not readily apparent from other sources. Our results of operations may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our results of operations to fall below our publicly announced guidance or the expectations of investors. Significant assumptions and estimates used in
45
preparing our consolidated financial statements include those related to the determination of stand-alone selling prices of our performance obligations in revenue agreements, measurement of stock-based compensation expense, the capitalization and estimated period of benefit of deferred contract acquisition costs, and accounting for income taxes including deferred tax assets and liabilities.
Changes in accounting principles and guidance could result in unfavorable accounting charges or effects.
We prepare our consolidated financial statements in accordance with principles generally accepted in the United States. These principles are subject to interpretation by the SEC and various bodies formed to create and interpret appropriate accounting principles and guidance. Changes in existing accounting rules or practices, new accounting pronouncements rules, or varying interpretations of current accounting pronouncements practice could harm our results of operations or the manner in which we conduct our business. Further, such changes could potentially affect our reporting of transactions completed before such changes are effective. GAAP is subject to interpretation by the Financial Accounting Standards Board, or FASB, the SEC, and various bodies formed to promulgate and interpret appropriate accounting principles. A change in these principles or interpretations could have a significant effect on our reported financial results and affect the reporting of transactions completed before the announcement of a change. Additionally, if there are changes to certain of our facts-and-circumstances or if regulators changed their interpretation, we might be required to change the way we report our financial results.
General Risks Related to Us
Acquisitions, strategic investments, partnerships, or alliances could be difficult to identify, pose integration challenges, divert the attention of management, disrupt our business, dilute stockholder value, and adversely affect our business, financial condition, and results of operations.
We expect in the future to acquire or invest in businesses, joint ventures, and platform technologies that we believe could complement or expand our platform, enhance our technology, or otherwise offer growth opportunities. We have limited experience and expertise regarding acquisitions, and we may devote resources to exploring larger and more complex acquisitions and investments than we have previously attempted. Any such acquisitions or investments may divert the attention of management and cause us to incur various expenses in identifying, investigating, and pursuing suitable opportunities, whether or not the transactions are completed, and may result in unforeseen operating difficulties and expenditures. In particular, we may encounter difficulties assimilating or integrating the businesses, technologies, products, personnel, or operations of any acquired companies, particularly if the key personnel of an acquired company choose not to work for us, their software is not easily adapted to work with our platform, or we have difficulty retaining the customers of any acquired business due to changes in ownership, management, or otherwise. In addition, we have limited experience in acquiring other businesses. If an acquired business fails to meet our expectations, our operating results, and business and financial position may suffer. We may not be able to find and identify desirable acquisition targets, we may incorrectly estimate the value of an acquisition target, and we may not be successful in entering into an agreement with any particular target. Further, any such transactions that we close may not result in the synergies or other benefits we expect to achieve, including the introduction of new products or enhancements to existing products, which could result in substantial impairment charges. These transactions could also result in dilutive issuances of equity securities or the incurrence of debt, which could adversely affect our results of operations.
If we fail to maintain an effective system of internal control over financial reporting, we may be unable to maintain accurate financial records prevent fraud, or comply with applicable regulations, and investor confidence may, therefore, be adversely affected.
We maintain internal control over financial reporting designed to provide reasonable assurance regarding the preparation of financial statements in accordance with generally accepted accounting principles. Because of its inherent limitations, internal control over financial reporting may not prevent or detect all misstatements or prevent all fraud. Moreover, we may be subject to material weaknesses in such internal controls. Our design and implementation of internal controls is time-consuming, costly, and complicated. If we fail to maintain adequate internal control over financial reporting, we may suffer inaccuracies in our financial statements, we may be subject to increased likelihood of fraud, and investors may lose confidence in the accuracy and completeness of our financial statements, any of which could require additional financial and management resources.
46
Further, we are subject to the reporting requirements of the Exchange Act and the Sarbanes-Oxley Act. We expect that the requirements of these regulations will continue to increase our legal, accounting, and financial compliance costs and make certain activities more difficult, time-consuming, and costly. As of January 31, 2022, we were required to comply with the SEC rules that implement Section 404 of the Sarbanes-Oxley Act and are therefore required to make a formal assessment of the effectiveness of our internal control over financial reporting for that purpose. Our independent registered public accounting firm must also formally attest to the effectiveness of our internal control over financial reporting. Any failure to maintain effective disclosure controls and internal control over financial reporting could have an adverse effect on our business, financial condition and results of operations and could cause a decline in the market price of our Class A common stock.
Our failure to maintain capital at our current level, raise additional capital, or generate the capital necessary to expand our operations and invest in new products could reduce our ability to compete and could harm our business.
Historically, we have financed our operations primarily through the sale of our equity securities as well as payments received from customers using our products and services. We intend to continue to make investments to support our business growth and may require additional funds to respond to business challenges, including the need to develop new features or otherwise enhance our offerings, improve our operating infrastructure, or acquire complementary businesses and technologies. Accordingly, we may need to engage in equity or debt financings to secure additional funds. If we raise additional funds through future issuances of equity or convertible debt securities, our existing stockholders could suffer significant dilution, and any new equity securities we issue could have rights, preferences, and privileges superior to current holders of our securities. Any debt financing that we may secure in the future could involve restrictive covenants relating to our capital raising activities and other financial and operational matters, which may make it more difficult for us to obtain additional capital and to pursue business opportunities, including potential acquisitions. We may not be able to obtain additional financing on terms that are favorable to us, if at all.
If our goodwill or intangible assets become impaired, we may be required to record a significant charge to earnings.
We review our intangible assets for impairment when events or changes in circumstances indicate the carrying value may not be recoverable. Goodwill is required to be tested for impairment at least annually. An adverse change in market conditions, particularly if such change has the effect of changing one of our critical assumptions or estimates, could result in a change to the estimation of fair value that could result in an impairment charge to our goodwill or intangible assets. Any such charges may adversely affect our results of operations.
We are exposed to fluctuations in currency exchange rates, and interest rates, and inflation, which could negatively affect our results of operations and our ability to invest and hold our cash.
Our sales are denominated in U.S. dollars, and therefore our revenue is not subject to foreign currency risk. However, a strengthening of the U.S. dollar could increase the real cost of our platform to our customers outside of the United States, which could adversely affect our results of operations. In addition, an increasing portion of our operating expenses is incurred outside of the United States.
These operating expenses are denominated in foreign currencies and are subject to fluctuations due to changes in foreign currency exchange rates. In the future, we expect to have sales denominated in currencies other than the U.S. dollar, which will subject our revenue to foreign currency risk. If we are not able to successfully hedge against the risks associated with currency fluctuations, our results of operations could be adversely affected.
The United States has recently experienced historically high levels of inflation. If the inflation rate continues to increase, such as increases in the costs of labor and supplies, it will affect our expenses, such as employee compensation which accounts for a significant portion of our operating expenses. Additionally, the United States is experiencing historically low unemployment rates, which in turn, creates a competitive wage environment that may increase our operating costs. To the extent inflation leads to rising interest rates, resulting in higher borrowing costs to us, and has other adverse effects on the market, it may adversely affect our consolidated financial condition and results of operations.
Catastrophic events, or man-made problems such as terrorism or climate change, may disrupt our business.
47
A significant natural disaster, such as an earthquake, fire, flood, or significant power outage, and the risks associated with climate change could have an adverse impact on our business, results of operations, and financial condition. We have a number of our employees and executive officers located in the San Francisco Bay Area, a region known for seismic activity, drought, and wildfires, and the resultant air quality impacts and power outages associated with such wildfires. Furthermore, it is more difficult to mitigate the impact of these events on our employees while they work from home as we have a largely remote workforce.
In addition, acts of terrorism, pandemics, such as the outbreak of the novel coronavirus or another public health crisis, protests, riots, and the increasing frequency and impact of extreme weather events on critical infrastructure in the U.S. and elsewhere have the potential to disrupt our business, the business of our third-party suppliers, and the business of our customers, and may cause us to experience higher attrition, losses, and additional costs to maintain or resume operations. Additionally, any disruption in the business of our partners or customers that affects sales in a given fiscal quarter could have a significant adverse impact on our quarterly results for that and future quarters. All of these risks may increase further if our response to catastrophic events proves inadequate.
In February 2022, armed conflict escalated between Russia and Ukraine. The sanctions announced by the U.S. and other countries against Russia, following Russia’s invasion of Ukraine, to date include restrictions on selling or importing goods, services, or technology in or from affected regions and travel bans and asset freezes impacting connected individuals and political, military, business, and financial organizations in Russia. The United States and other countries could impose wider sanctions and take other actions should the conflict further escalate. It is not possible to predict the broader consequences of this conflict, which could include further sanctions, embargoes, regional instability, prolonged periods of higher inflation, geopolitical shifts, and adverse effects on macroeconomic conditions, currency exchange rates, and financial markets, all of which could have a material adverse effect on our business, financial condition, and results of operations.
Health epidemics could in the future have an adverse impact on our business, operations, and the markets and communities in which we, our partners, and customers operate.
Our business and operations could be adversely affected by health epidemics impacting the markets and communities in which we, our partners, and customers operate.
Health epidemics are also a contributing factor that could lead to existing and potential customers accelerating transitions to the cloud. However, if customers do not transition to the cloud at anticipated rates, we may not experience these anticipated benefits.
The extent of the impact of health epidemics on our customers and our customers’ response to the epidemics is difficult to assess or predict, and we may be unable to accurately forecast our revenues or financial results, especially when the long-term impact of the epidemic is uncertain. Our results of operations could be materially above or below our forecasts, which could adversely affect our results of operations, disappoint analysts and investors, and/or cause our stock price to decline.
The ultimate impact of health epidemics is highly uncertain and subject to change. We do not yet know the full extent of potential delays or impacts on our business, operations, ability to access capital, or the global economy as a whole. There is also no guarantee a future outbreak of any widespread epidemics will not occur, or that the global economy will recover, either of which could harm our business.
Risks Related to the Ownership of our Common Stock
The market price for our Class A common stock may be volatile or may decline regardless of our operating performance.
The market price of our Class A common stock may be highly volatile and may fluctuate or decline substantially as a result of a variety of factors, many of which are beyond our control, including:
•actual or anticipated changes or fluctuations in our results of operations;
48
•the financial projections we may provide to the public, any changes in these projections or our failure to meet these projections;
•announcements by us or our competitors of new offerings or new or terminated significant contracts, commercial relationships, or capital commitments;
•industry or financial analyst or investor reaction to our press releases, other public announcements, and filings with the SEC;
•rumors and market speculation involving us or other companies in our industry;
•future sales or expected future sales of shares of our Class A common stock;
•investor perceptions of us and the industries in which we operate;
•price and volume fluctuations in the overall stock market from time to time;
•changes in operating performance and stock market valuations of other technology companies generally, or those in our industry in particular;
•failure of industry or financial analysts to maintain coverage of us, changes in financial estimates by any analysts who follow our company, or our failure to meet these estimates or the expectations of investors;
•actual or anticipated developments in our business or our competitors’ businesses or the competitive landscape generally;
•litigation involving us, our industry or both, or investigations by regulators into our operations or those of our competitors;
•developments or disputes concerning our intellectual property rights or our solutions, or third-party proprietary rights;
•announced or completed acquisitions of businesses or technologies by us or our competitors;
•actual or perceived breaches of, or failures relating to, privacy, data protection, or data security;
•interruptions, delays, or outages of our platform;
•new laws or regulations or new interpretations of existing laws or regulations applicable to our business;
•any major changes in our management or our board of directors;
•general economic conditions and slow or negative growth of our markets; and
•other events or factors, including those resulting from war, incidents of terrorism, or responses to these events.
The dual-class structure of our common stock as contained in our amended and restated certificate of incorporation has the effect of concentrating voting control with those stockholders who held our stock prior to the initial public offering, including our executive officers, employees, and directors and their affiliates, and limiting your ability to influence corporate matters, which could adversely affect the trading price of our Class A common stock.
Our Class B common stock has 10 votes per share, and our Class A common stock has one vote per share. As of January 31, 2024, our executive officers and directors and their affiliates together hold and/or control approximately 43% of the voting power of our outstanding common stock, and Armon Dadgar, our co-founder, holds and/or controls approximately 18% of the voting power of our outstanding common stock. As a result, our executive officers, directors, and other affiliates have significant influence over our management and affairs and over all matters requiring stockholder approval, including election of directors and significant corporate transactions, such as a merger or other sale of the company or our assets, for the foreseeable future. Our other co-founder Mitchell Hashimoto ceased to be an employee of HashiCorp in fiscal 2024 and has no significant influence on the voting power of our outstanding common stock.
In addition, the holders of Class B common stock collectively will continue to be able to control all matters submitted to our stockholders for approval even if their stock holdings represent less than 50% of the outstanding shares of our common stock. Because of the 10-to-1 voting ratio between our Class B common stock and Class A common stock, the
49
holders of our Class B common stock collectively will continue to control a majority of the combined voting power of our common stock even when the shares of Class B common stock represent as little as 10% of all outstanding shares of our Class A common stock and Class B common stock. This concentrated control will limit your ability to influence corporate matters for the foreseeable future, and, as a result, the market price of our Class A common stock could be adversely affected.
Future transfers or voluntary conversions by holders of shares of Class B common stock will generally result in those shares converting to shares of Class A common stock, which will have the effect, over time, of increasing the relative voting power of those holders of Class B common stock who retain their shares in the long term. Certain permitted transfers, as specified in our amended and restated certificate of incorporation, will not result in shares of Class B common stock automatically converting to shares of Class A common stock, including certain estate planning transfers as well as transfers to our founders or our founders’ estates or heirs upon death or incapacity of such founder.
FTSE Russell does not allow most newly public companies with dual or multi-class capital structures to be included in their indices. Also, in 2017, MSCI, a leading stock index provider, opened public consultations on its treatment of no-vote and multi-class structures and temporarily barred new multi-class listings from certain of its indices; however, in October 2018, MSCI announced its decision to include equity securities “with unequal voting structures” in its indices and to launch a new index that specifically includes voting rights in its eligibility criteria. Under the announced policies, our dual-class capital structure makes us ineligible for inclusion in certain indices, and as a result, mutual funds, exchange-traded funds, and other investment vehicles that attempt to passively track these indices will not be investing in our stock. In addition, we cannot assure you that other stock indices will not take similar actions. Given the sustained flow of investment funds into passive strategies that seek to track certain indices, exclusion from certain stock indices would likely preclude investment by many of these funds and would make our Class A common stock less attractive to other investors. As a result, the trading price, volume, and liquidity of our Class A common stock could be adversely affected.
Future sales of substantial amounts of our Class A common stock in the public market, or the perception that they might occur, could reduce the price that our Class A common stock might otherwise attain.
Future sales of a substantial number of shares of Class A common stock in the public market, particularly sales by our directors, executive officers, and significant stockholders, or the perception that these sales could occur, could adversely affect the market price of our Class A common stock and may make it more difficult for you to sell your shares of Class A common stock at a time and price that you deem appropriate. Many of our equity holders who held our capital stock prior to completion of our initial public offering, or IPO, have substantial unrecognized gains on the value of the equity they hold based on recent market prices of our shares of Class A common stock, and therefore, they may take steps to sell their shares or otherwise secure the unrecognized gains on those shares. We are unable to predict the timing of or the effect that such sales may have on the prevailing market price of our Class A common stock.
Further, as of January 31, 2024, up to 4,484,297 shares of our Class B common stock and up to 13,945,779 shares of our Class A common stock may be issued upon exercise of outstanding stock options or vesting and settlement of outstanding restricted stock units, or RSUs, and 29,058,446 shares of our Class A common stock are available for future issuance under our 2021 Equity Incentive Plan and 2021 Employee Stock Purchase Plan, and will become eligible for sale in the public market to the extent permitted by the provisions of various vesting schedules, exercise limitations, and Rule 144 and Rule 701 under the Securities Act of 1933, as amended, or the Securities Act. We have registered all of the shares of Class A common stock issuable upon exercise of outstanding options and all shares of Class A common stock issuable upon vesting and settlement of RSUs, as well as other equity incentive awards we may grant in the future for public resale under the Securities Act. Shares of Class A common stock will become eligible for sale in the public market to the extent such options are exercised and RSUs settle, subject to compliance with applicable securities laws. If these additional shares of Class A common stock are sold, or if it is perceived that they will be sold, in the public market, the trading price of our Class A common stock could decline.
Additional stock issuances could result in significant dilution to our stockholders and additional issuances of debt or senior equity securities could impair the value of our Class A common stock.
We may issue common stock or securities convertible into common stock from time to time in connection with a financing, acquisition, investment, our share incentive plans, or otherwise. Any such issuance could result in dilution to our
50
existing stockholders unless pre-emptive rights exist. The amount of dilution could be substantial depending upon the size of the issuances or exercises.
Delaware law and provisions in our amended and restated certificate of incorporation and amended and restated bylaws could make a merger, tender offer, or proxy contest difficult, thereby depressing the market price of our Class A common stock.
Our status as a Delaware corporation and the anti-takeover provisions of the Delaware General Corporation Law may discourage, delay, or prevent a change in control by prohibiting us from engaging in a business combination with an interested stockholder for a period of three years after the date of the transaction in which the person became an interested stockholder, even if a change of control would be beneficial to our existing stockholders. In addition, our amended and restated certificate of incorporation and amended and restated bylaws contains provisions that may make the acquisition of our company more difficult, including the following:
•any amendments to our amended and restated certificate of incorporation or our amended and restated bylaws requires the approval of at least 66-2/3% of our then-outstanding voting power;
•our board of directors is classified into three classes of directors with staggered three-year terms and stockholders will only be able to remove directors from office for cause;
•our stockholders will only be able to take action at a meeting of stockholders and will not be able to take action by written consent for any matter;
•our amended and restated certificate of incorporation does not provide for cumulative voting;
•vacancies on our board of directors will be able to be filled only by our board of directors and not by stockholders;
•a special meeting of our stockholders may only be called by an officer pursuant to a resolution adopted by our board of directors, the chairperson of our board of directors, our Chief Executive Officer, or our President (in the absence of a chief executive officer);
•certain litigation against us can only be brought in Delaware, unless we consent in writing to the selection of an alternative forum;
•our amended and restated certificate of incorporation authorizes 100,000,000 shares of undesignated preferred stock, the terms of which may be established and shares of which may be issued without further action by our stockholders; and
•advance notice procedures apply for stockholders to nominate candidates for election as directors or to bring matters before an annual meeting of stockholders.
These provisions, alone or together, could discourage, delay or prevent a transaction involving a change in control of our company. These provisions could also discourage proxy contests and make it more difficult for stockholders to elect directors of their choosing and to cause us to take other corporate actions they desire, any of which, under certain circumstances, could limit the opportunity for our stockholders to receive a premium for their shares of our Class A common stock, and could also affect the price that some investors are willing to pay for our Class A common stock.
Our amended and restated bylaws provide that the Court of Chancery of the State of Delaware and the federal district courts of the United States will be the exclusive forums for substantially all disputes between us and our stockholders, which could limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us or our directors, officers, or employees.
Our amended and restated bylaws provide that the Court of Chancery of the State of Delaware (or, if the Court of Chancery does not have jurisdiction, another State court in Delaware or the federal district court for the District of Delaware) is the exclusive forum for the following (except for any claim as to which such court determines that there is an indispensable party not subject to the jurisdiction of such court (and the indispensable party does not consent to the personal jurisdiction of such court within ten days following such determination), which is vested in the exclusive jurisdiction of a court or forum other than such court or for which such court does not have subject matter jurisdiction):
•any derivative action or proceeding brought on behalf of us;
51
•any action asserting a claim of breach of a fiduciary duty;
•any action asserting a claim against us arising under the Delaware General Corporation Law, our amended and restated certificate of incorporation, or our amended and restated bylaws (as either may be amended from time to time); and
•any action asserting a claim against us that is governed by the internal affairs doctrine.
This provision would not apply to suits brought to enforce a duty or liability created by the Securities Exchange Act of 1934, as amended, or the Exchange Act, or any other claim for which the U.S. federal courts have exclusive jurisdiction.
Our amended and restated bylaws further provide that the federal district courts of the U.S. will be the exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act.
These exclusive-forum provisions may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or our directors, officers, or other employees, which may discourage lawsuits against us and our directors, officers, and other employees. Any person or entity purchasing or otherwise acquiring any interest in any of our securities shall be deemed to have notice of and consented to these provisions. There is uncertainty as to whether a court would enforce such provisions, and the enforceability of similar choice of forum provisions in other companies’ charter documents has been challenged in legal proceedings. We also note that stockholders cannot waive compliance (or consent to noncompliance) with the federal securities laws and the rules and regulations thereunder. It is possible that a court could find these types of provisions to be inapplicable or unenforceable, and if a court were to find either exclusive-forum provision in our amended and restated bylaws to be inapplicable or unenforceable in an action, we may incur additional costs associated with resolving the dispute in other jurisdictions, which could significantly harm our business.
If industry or financial analysts do not publish research or reports about our business, or if they issue inaccurate or unfavorable research about our business, the market price and trading volume of our Class A common stock could decline.
The market price and trading volume of our Class A common stock is heavily influenced by the way analysts interpret our financial information and other disclosures. We do not control these analysts, or the content and opinions included in their reports. If industry analysts cease coverage of us, our stock price would be negatively affected. Further, if any of the analysts who cover us do not publish research or reports about our business, downgrade our Class A common stock, or issue an inaccurate or unfavorable opinion regarding our company, our share price would likely decline. In addition, the share prices of many companies in the technology industry have declined significantly after those companies have failed to meet, or significantly exceed, the financial guidance publicly announced by the companies or the expectations of analysts. If our financial results fail to meet, or significantly exceed, our announced guidance or the expectations of analysts or public investors, analysts could downgrade our Class A common stock or publish unfavorable research about us. If one or more of these analysts cease coverage of our company or fail to publish reports on us regularly, our visibility in the financial markets could decrease, which in turn could cause our share price or trading volume to decline.
We do not intend to pay dividends in the foreseeable future.
We have never declared or paid cash dividends on our capital stock. We currently intend to retain all available funds and any future earnings for use in the operation of our business and do not anticipate paying any dividends in the foreseeable future. Any future determination to declare dividends will be made at the discretion of our board of directors and will depend on our financial condition, operating results, contractual restrictions, capital requirements, general business conditions and other factors that our board of directors may deem relevant. As a result, stockholders must rely on sales of their capital stock after price appreciation as the only way to realize any future gains on their investment; because there is no market for any of our equity securities, stockholders may not be able to sell their capital stock when desired, or at all.
Item 1B. Unresolved Staff Comments
None
52
Item 1C. Cybersecurity
Risk management and strategy
We recognize the importance of developing, implementing, and maintaining robust cybersecurity measures to help safeguard our information systems and protect the confidentiality, integrity, and availability of those systems and our data maintained on them.
Managing Material Risks & Integrated Overall Risk Management
We maintain risk management activities to identify, assess, prioritize, and address cybersecurity risks and we incorporate them into our overall risk management processes. Our Security team is responsible for performing cybersecurity risk assessments over various systems and processes on an ongoing basis. The results from risk assessment activities are reviewed to prioritize the mitigation of identified risks, and the need for risk mitigation may influence business or operational strategy, project roadmaps and timelines, or other decision-making, as needed.
Our Security Risk Committee is comprised of senior leaders across the company, and our Chief Security Officer briefs this committee on emerging risk topics and the company’s top security risks on a quarterly basis. The Chief Security Officer also participates in our Risk Management Committee and presents on security risks as part of that group’s discussion of enterprise risk.
Engagement of Third-parties on Risk Management
We engage cybersecurity assessors, and other service providers, as needed, in evaluating and testing our risk management systems. These engagements help us to leverage specialized knowledge and insights to better align our cybersecurity strategies and processes with applicable industry standards. Our collaboration with these third parties includes regular control assessments, threat and vulnerability assessments, and consultation on security enhancements.
Oversee Third-party Risk
We maintain standard processes to oversee and manage risks associated with use of third-party service providers. We conduct security assessments of third-party service providers with access to our information systems or sensitive data before engagement and maintain ongoing monitoring to ensure compliance with our cybersecurity standards. Such practices include recurring assessments of critical third-party service providers’ cybersecurity programs and ongoing monitoring, detection, and response capabilities used by our security engineers. This approach is designed to mitigate risks related to data breaches or other security incidents originating from third-party service providers. In addition, our Legal team reviews the associated vendor contracts to ensure they include appropriate terms, including applicable security provisions.
Risks from Cybersecurity Threats
We have not encountered risks from cybersecurity incidents or challenges that have materially impaired our business strategy, results of operations, or financial condition. Such risks may evolve in the future to have material impact, and our cybersecurity risk management processes, including those described here, may not always operate as designed or be effective. For additional information regarding whether any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect our company, including our business strategy, results of operations, or financial condition, please refer to Item 1A, “Risk Factors,” in this annual report on Form 10-K, including the risk factor entitled “Risks Related to Our Business and Operations: Problems with our internal systems, networks, or data, including actual or perceived breaches or failures by us or our partners, could cause our products to be perceived as insecure, underperforming, or unreliable, which would damage our reputation, and our financial results.”
53
Governance
Given the potential significance of cybersecurity threats to our operational integrity and stakeholder confidence, our Board of Directors has established oversight mechanisms to promote effective governance in managing such risks.
Board of Directors Oversight and Management’s Role Managing Risk
The Audit Committee is central to the Board’s oversight of cybersecurity risks and bears the primary responsibility for this domain. The CSO is responsible for informing the Audit Committee on cybersecurity risks and presents to the committee at least semi-annually. Additional discussions with the Audit Committee or the full Board of Directors may occur on an as-needed basis. These briefings encompass various topics, including:
● Current cybersecurity landscape and emerging threats;
● Status of ongoing cybersecurity initiatives and strategies;
● Incident reports and learnings from any cybersecurity events; and
● Compliance with regulatory requirements and industry standards.
The Audit Committee reviews and advises on Management’s strategic decisions related to cybersecurity, offering guidance and approval for major initiatives when deemed appropriate.
Risk Management Personnel
Cybersecurity risk management practices are ultimately led by our CSO, who has tenured experience in the cybersecurity field and is recognized within the industry. The CSO is supported by personnel across the Security organization in assessing, monitoring, and managing cybersecurity risks. Security personnel have relevant experience and credentials to perform their associated risk management responsibilities, and with the help of these individuals and teams, the CSO oversees governance programs, confirms compliance with relevant security requirements, manages known risks, and educates the company on cybersecurity.
Monitor Cybersecurity Incidents
The CSO implements and oversees processes for the regular monitoring of our information systems, primarily through Security’s Threat Detection & Response (TDR) team. This includes the deployment of technical security monitoring and alerting measures to identify potential incidents. In the event of a cybersecurity incident, the Security organization and relevant teams throughout the company follow a formalized, documented incident response plan. This plan includes immediate actions to assess and mitigate the impact of an incident, as well as subsequent actions to remediate and help prevent future incidents of a similar nature.
Item 2. Properties
Our principal executive office and world headquarters is located in San Francisco, California and consists of approximately 37,000 square feet of space under a lease that expires in May 2027. We are a hybrid remote company with a global distributed workforce.
We lease all of our facilities and do not own any real property. We believe our facilities are adequate and suitable for our current needs and that, should it be needed, suitable additional or alternative space will be available to accommodate our operations.
Item 3. Legal Proceedings
The information called for by this Item is incorporated herein by reference to Item 8, "Financial Statements and Supplementary Data," and Note 11, "Commitments and Contingencies" each included elsewhere in this Annual Report on Form 10-K.
54
Item 4. Mine Safety Disclosures
Not applicable.
55
PART II
Item 5. Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities
Market Information for Common Stock
Our Class A common stock shares began trading on the Nasdaq Global Select Market, or Nasdaq, under the symbol “HCP” on December 9, 2021. Prior to that date, there was no public trading market for our Class A common stock.
Holders of Record
As of March 14, 2024, there were 85 stockholders of record of our common stock, and the closing price of our common stock was $25.74 per share as reported on the Nasdaq Global Select Market. Because many shares of our Class A common stock are held by brokers and other institutions as record holders and on behalf of stockholders, we are unable to estimate the total number of stockholders represented by these record holders.
Dividend Policy
We have never declared or paid any dividends on our Class A common stock, and we do not anticipate declaring or paying dividends in the foreseeable future.
Use of Proceeds
On December 13, 2021, we closed our IPO of 15,300,000 shares of Class A common stock at a public offering price of $80.00 per share, and of an additional 1,230,000 shares of Class A common stock pursuant to the exercise of the underwriters' option to purchase additional shares of our Class A common stock, resulting in gross proceeds to us of $1.2 billion, net of the underwriting discounts, commissions and offering expenses. All of the shares issued and sold in our IPO were registered under the Securities Act pursuant to a registration statement on Form S-1 (File No. 333-260757), which was declared effective by the SEC on December 8, 2021. Morgan Stanley & Co. LLC, Goldman Sachs & Co. LLC, and J.P. Morgan Securities LLC acted as representatives of the underwriters. There has been no material change in the planned use of proceeds from our IPO as described in our prospectus relating to our IPO, dated as of December 8, 2021 and filed with the SEC pursuant to Rule 424(b)(4) on December 9, 2021.
Recent Sales of Unregistered Securities
None.
Stock Performance Graph
The performance graph below shall not be deemed “soliciting material” or “filed” with the SEC for purposes of Section 18 of the Exchange Act or otherwise subject to the liabilities under that Section, or incorporated by reference into any of our filings under the Securities Act or the Exchange Act.
The performance graph below compares the cumulative total stockholder return on our Class A common stock with the cumulative total return on the NASDAQ Composite Index and the NASDAQ Computer Index. The graph assumes $100 was invested at the market close on December 9, 2021, which was our initial trading day, in our Class A common stock through January 31, 2024. Data for the NASDAQ Composite Index and the NASDAQ Computer Index assume reinvestment of dividends. Our offering price of our Class A common stock in our IPO, which had a closing stock price of $85.19 on December 9, 2021, was $80.00 per share.
56
The comparisons in the graph above are based upon historical data and are not indicative of, nor intended to forecast, future performance of our Class A common stock.
Comparison of Cumulative Total Returns
Purchases of Equity Securities by the Issuer and Affiliated Purchasers
None.
Item 6. [Reserved].
Item 7.
MANAGEMENT’S DISCUSSION AND ANALYSIS
OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS
The following discussion and analysis of our financial condition and results of operations should be read in conjunction with our consolidated financial statements and related notes included elsewhere in this Annual Report on Form 10-K. This discussion contains forward-looking statements that involve risks and uncertainties. Our actual results could differ materially from those discussed below. Factors that could cause or contribute to such difference include, but are not limited to, those identified below and those discussed in the section titled “Risk Factors” included elsewhere in this Annual Report on Form 10-K. Our fiscal year end is January 31, and our fiscal quarters end on April 30, July 31, October 31, and January 31. Our fiscal year ended January 31, 2023 is referred to as fiscal 2023, and our fiscal year ending January 31, 2024 is referred to as fiscal 2024.
Overview
Our foundational technologies solve the core infrastructure challenges of cloud adoption by enabling an operating model that unlocks the full potential of modern public and private clouds. Our cloud operating model provides consistent workflows and a standardized approach to automating the critical processes involved in delivering applications in the cloud: infrastructure provisioning, security, networking, and application deployment. With our solutions, companies of all
57
sizes and in all industries can accelerate their time to market, reduce their cost of operations, and improve their security and governance of complex infrastructure deployments.
Organizations today are undergoing a digital transformation across every business function, driven by competition and ever-increasing consumer expectations. Underlying this digital transformation is a re-platforming of static on-premises infrastructure to dynamic and distributed cloud infrastructure. In this dynamic world, existing procedures are too inefficient to scale with distributed, multi-cloud infrastructure. Inconsistent, fragmented technologies and processes are time consuming and resource intensive to manage, exacerbated by inefficient, linear ticket-driven workflows that cannot facilitate scaled, real-time operations. This digital transformation demands a new cloud operating model for enterprise IT requiring automation to provision, secure, connect, and run infrastructure at scale and in real time. At HashiCorp, we build industry-leading products that enable this cloud operating model and accelerate cloud adoption. Our primary commercial products are Terraform, Vault, Consul, and Nomad.
Our products can be adopted individually and are also designed to work together as a stack in order to solve larger, more complex challenges. For instance, deploying Vault and Consul is the basis for a complete Zero Trust security architecture with identity-driven controls, offering a full range of authentication, authorization, and access management for human users or machines, like servers or applications. We continue to innovate and deliver additional emerging products to supplement these core capabilities and provide adjacent solutions.
Our Business Model
Our primary products are based on a combination of our free, source available community products and our proprietary software. We are committed to a model in which we maintain free community offerings while developing proprietary features for paid tiers of our software. These proprietary features include collaboration modules, governance and policy modules, enterprise use cases, and premium support and services. We provide our software under a licensing model that protects our intellectual property, grows our adoption, and supports our business.
We generate revenue primarily from sales of subscriptions to our software. We offer an enterprise-ready, self-managed software offering that can be deployed in our customers’ public cloud, private cloud, and on-premises environments. HashiCorp Cloud Platform, or HCP, is our fully-managed cloud platform. These two core offerings can be leveraged independently or together, spanning the various public cloud, private cloud, and on-premises environments in which our customers operate.
For our self-managed offerings, we offer various tiers that provide different levels of access to our proprietary products, modules, and support. Our licenses for self-managed deployments typically have terms of one to three years. We bill for one-year licenses upfront, and we primarily bill for multi-year term licenses annually in advance, with a multi-year payment schedule. The substantial majority of our revenue is recognized ratably over the subscription term. Each product is sold as a base module, with additional optional modules available that address needs like governance and policy, and a tiered pricing system that scales pricing with increased product usage. The unit of value for product usage varies by product, and generally scales with customer cloud adoption as workloads managed by our products move to cloud-based infrastructure.
HCP customers use our offering on a consumption-based model, or purchase annual subscription contracts. Customers who are on consumption-based contracts are predominantly billed in advance for committed consumption and revenue from them is recognized based on actual consumption of resources. Customers with annual subscriptions are typically billed annually in advance for their subscriptions and we typically recognize revenue from such subscriptions ratably over the subscription term. Our pricing schedule lists the hourly rate when deploying HCP for our various products, and actual usage is metered and calculated on a per-hour basis for increased accuracy.
We sell to organizations of all sizes across a broad range of industries, with a particular focus on enterprises that are managing and moving an increasing number of business-critical processes, applications, and large volumes of data to the cloud. Ultimately, we believe all enterprises will need to transition to the cloud to reduce operational burden, improve scalability and elasticity, and increase agility. We plan to continue to invest in our direct sales force to grow our large enterprise base domestically and internationally.
58
Our sales and marketing strategy combines the best of customer self-service with our direct sales approach. Our source available model allows developers and individuals focused on operations, IT, and security, or practitioners, to engage with and evaluate our software in a frictionless manner, which we believe has contributed to our software’s popularity. This leadership and the wider ecosystem around us, compels practitioners to adopt and implement our software in the enterprise. As organizations recognize the value of our products, our inside and field sales teams can nurture leads and develop direct relationships with key stakeholders across all segments. HCP has accelerated our self-service approach, as practitioners can now quickly deploy and experiment with our paid offering with a fully-managed cloud solution and no minimum commitments.
As adoption grows, our marketing organization is focused on building our brand reputation and awareness, and engages with prospective customers through our user conferences, email marketing, digital advertising, and other public relations activities. This sales and marketing strategy allows us to not only acquire new customers, but also drive increased usage within existing customers.
We operate an adopt, land, expand, and extend motion. Our source available engagement and self-serve cloud motion help us identify and accelerate initial product adoption and use cases in an account. Our enterprise sales teams land these customers with subscription contracts for our software. Our expansion motion focuses on up-selling additional modules and increasing the footprint of usage of a given product, including across multiple buying centers within our customers’ organizations. The multiple capabilities of our deep product portfolio allow us to extend by cross-selling additional integrated products to our customers. For example, a company may initially adopt a free community version use case of Terraform. After initial use of the source available product, we frequently land their first paid use of Terraform to add enterprise functionality and support mission-critical cloud workloads. As customers grow their cloud presence to support additional cloud-based workloads, they frequently expand the amount of Terraform they consume. In addition to this increased Terraform usage, customers also frequently extend into additional products such as Vault or Consul. This combination of adopt, land, expand, and extend affords us considerable growth opportunities within our customer base, and we focus our go-to-market strategy on developing and cultivating long-term customer relationships. The increased use of our platform by our customers is evidenced by our high net dollar retention rate. As of January 31, 2024, 2023 and 2022, our last four-quarter average net dollar retention rate was 115%, 131% and 131%, respectively.
Factors Affecting Our Performance
We believe that the growth and future success of our business depends on a number of key factors. While each of these factors presents significant opportunities for our business, they also pose important challenges that we must successfully address in order to sustain our growth and improve our results of operations.
Adoption of Our Products and Landing New Customers
We believe there is substantial opportunity to continue to grow our product adoption and our customer base. We intend to drive product adoption through our open-source distribution model and by continuing to cultivate our open-source community.
We intend to drive paid customer growth by continuing to invest significantly in sales and marketing and to increase brand awareness. HCP has also improved our self-service model, and we expect HCP to continue to support our sales model and drive paid adoption. As of January 31, 2024, we served over 4,400 customers spanning organizations of a broad range of sizes and industries, compared to over 3,800 and 2,700 customers as of January 31, 2023 and 2022, respectively. We also intend to continue to grow our base of large enterprises around the world.
Our ability to attract new customers will depend on a number of factors, including the effectiveness and pricing of our products, development of new products and features, offerings of our competitors, engagement with the developer community, and effectiveness of our marketing and community-building efforts. As of January 31, 2024, 483 of the Forbes Global 2000 were our customers. We believe this demonstrates our products have been adopted by many of the largest enterprises, and that there is a substantial opportunity to further cultivate these large customers.
59
Expanding and Extending Within Existing Customer Base
Our large base of customers represents a significant opportunity for further sales growth. Our customers often expand the deployment of our products across larger teams and more broadly within the enterprise as they do more with existing use cases and realize new use cases. At the same time, we often see customers extend to multiple products across our wider product portfolio as they realize the potential of integrating more of our products to better solve use cases. We intend to continue to invest in enhancing awareness of our brand and developing more products, features, and functionality, which we believe are important factors in achieving widespread adoption of our offerings. Our ability to increase sales to existing customers will depend on a number of factors, including our customers’ satisfaction with our products, the technical capabilities and security of our products, our customers’ progress on their cloud journey, competition, pricing, and overall changes in our customers’ spending levels.
Historically, we have experienced significant expansion after initial deployment of our products by our customers, with customers expanding usage as well as extending to additional products. We define ARR as the annualized value of all recurring subscription contracts with active entitlements as of the end of the applicable period, and in the case of our consumption-based customers the annualized value of their last three month’s spend. For our monthly customers, we calculate ARR according to the annualized value of their last month's spend. In the fourth quarter of fiscal 2024 we changed the definition of ARR for consumption-based customers from the annualized value of their last month's spend to the annualized value of their last three month's spend to better reflect longer term usage patterns. A further indication of the propensity of customer relationships to expand over time is our dollar-based net retention rate, which compares ARR from the same set of customers in one period relative to the prior year period. We define dollar-based net retention rate as the ARR at the end of a period for a base set of customers from which we generated ARR in the year prior to the date of calculation, divided by the ARR one year prior to the date of the calculation for that same set of customers. As of January 31, 2024, 2023 and 2022, our last four-quarter average net dollar retention rate was 115%, 131%, and 131%, respectively.
Increasing Adoption of HashiCorp Cloud Platform
We believe HCP represents a significant growth opportunity for our business. Since launching HCP in fiscal 2021, usage and sales of HCP have grown rapidly and have allowed us to better address the needs of potential customers looking for a fully-managed offering. We believe that as organizations increasingly look for a fully-managed cloud infrastructure platform, they will continue to adopt HCP. We expect HCP to continue to grow and represent an increasing percentage of our total revenue over time. For the fiscal year ended January 31, 2024, HCP subscription revenue was $76.1 million.
Accelerating Technology Leadership and Product Expansion
Our success depends on our ability to sustain innovation and technology leadership and maintain our competitive advantage. We have built highly differentiated products that we believe can adapt and evolve with the support of our engineering expertise, our approach to innovation, our developer community, and our ecosystem of partners. HashiCorp is a critical part of the daily operations of practitioners and our free products make HashiCorp frictionless to adopt. We have proven initial success of our modular approach with multiple innovations and product launches, including the launch of HCP in fiscal 2021, launch of Boundary and Waypoint in September 2020, launch of HCP Boundary in June 2022, launch of HCP Consul in October 2022, and launch of HCP Vault in June 2023. We see continued adoption from our customers in our new products and innovations and as of January 31, 2024, 45% of our customers with $100,000 or greater ARR were licensing more than one product.
We intend to continue to invest in building additional products, features, and functionality to expand our products to new use cases. Our future success is dependent on our ability to successfully develop, market, and sell existing and new products to new and existing customers.
Expanding Internationally
We believe there is a significant opportunity to expand usage of our products outside of the United States as enterprises globally look to take advantage of cloud computing and look to adopt a cloud operating model across multiple clouds. For fiscal 2024, fiscal 2023, and fiscal 2022, 30%, 27%, and 27% of our revenue, respectively, was generated by
60
customers outside of the United States. In addition, we have made and plan to continue to make investments in geographic expansion in Europe, the Middle East, Africa, and the Asia-Pacific region.
Key Business Metrics
We review a number of operating and financial metrics, including the following key metrics, to measure our performance, identify trends, formulate business plans, and make strategic decisions. The calculation of the key metrics discussed below may differ from other similarly titled metrics used by other companies, securities analysts, or investors.
| As of January 31, | ||||||||||||||||||||
| 2024 | 2023 | 2022 | ||||||||||||||||||
| (dollars in millions) | ||||||||||||||||||||
| Total customers | 4,423 | 3,870 | (3) | 2,715 | ||||||||||||||||
| Total customers with $100,000 or greater ARR | 897 | 798 | 655 | |||||||||||||||||
| Subscription revenue from HCP (and its predecessor cloud offerings) | $ | 76.1 | (1) | $ | 46.9 | (1) | $ | 18.5 | (1) | |||||||||||
| GAAP Remaining Performance Obligations (RPOs) | $ | 775.8 | $ | 647.1 | $ | 428.8 | ||||||||||||||
Non-GAAP RPOs(2) | $ | 801.4 | $ | 673.8 | $ | 452.2 | ||||||||||||||
(1)Represents subscription revenue for the year ended January 31, 2024, January 31, 2023, and January 31, 2022
(2)Non-GAAP RPOs is a non-GAAP financial measure. For more information regarding our use of this measure and a reconciliation to the most directly comparable financial measure calculated in accordance with GAAP, see the subsection titled “Non-GAAP Remaining Performance Obligations” elsewhere in this section
(3)Subsequent to the issuance of our Form 10-K for the fiscal year ended January 31, 2023, we identified an immaterial error in the calculation of our total customers count related to our self-service, or "pay as you use," customers, which we have corrected accordingly.
Total Customers
We define total customers as the number of customers we have at the end of each fiscal quarter. We define the number of customers we have at the end of each fiscal quarter as the number of accounts with a unique account identifier for which we have an active contract at the end of the period indicated. Users of our free products are not included in the total customers. A single organization with multiple divisions, segments, or subsidiaries is generally counted as a single customer, however, in some cases we may count separate divisions, segments, or subsidiaries as multiple customers in cases where they have separate billing terms. Our customer count may also fluctuate due to acquisitions, consolidations, spin-offs, and other market activity.
Total Customers with $100,000 or Greater ARR
We define ARR as the annualized value of all recurring subscription contracts with active entitlements as of the end of the applicable period, and in the case of our consumption-based customers, the annualized value of their last three month’s spend. For our monthly customers, we calculate ARR according to the annualized value of their last month's spend. In the fourth quarter of fiscal 2024 we changed the definition of ARR for consumption-based customers from the annualized value of their last month's spend to the annualized value of their last three month's spend to better reflect longer term usage patterns. This change in definition had no material effect on the amount of total customers with $100,000 or greater ARR. Relationships with large enterprise customers lead to scale and operating leverage in our business model, as large enterprise customers present a greater opportunity for us to sell additional usage and modules because they have larger budgets, a wider range of potential use cases, and greater potential for expanding to other products in our offering. As such, we count the number of customers contributing $100,000 or greater ARR as a measure of our ability to scale with our customers and attract large enterprise customers to our product offerings. For each applicable financial reporting period, we calculate revenue from customers with $100,000 or greater ARR by aggregating the quarterly revenue attributable to such customers within such period. Customers with $100,000 or greater ARR represented 89%, 88% and 88% of revenue for fiscal 2024, fiscal 2023, and fiscal 2022, respectively.
61
Quarterly Revenue from HCP
We believe that HCP represents an important growth opportunity for our business. As organizations continue their transition to the cloud, many will begin seeking fully-managed platforms and will begin to adopt HCP. We will continue to track the revenue generated by HCP (and its predecessor cloud offerings) as a way of measuring the adoption of our platform.
Non-GAAP Remaining Performance Obligations
Remaining performance obligations ("RPOs") represent the amount of contracted future revenue that has not yet been recognized, including both deferred revenue and non-cancelable contracted amounts that will be invoiced and recognized as revenue in future periods. RPOs exclude customer deposits, which are refundable amounts that are expected to be recognized as revenue in future periods. As of January 31, 2024 and 2023, our RPOs were $775.8 million and $647.1 million, respectively. As of January 31, 2024, we expect to recognize approximately 59% of RPOs as revenue over the next 12 months, and the remainder thereafter. The portion of RPOs that is expected to be recognized as revenue over the next 12 months represents an estimated minimum level of revenue for the applicable period and is not necessarily indicative of future product revenue growth because it does not account for revenue from customer renewals or new customer contracts. Moreover, RPOs are influenced by a number of factors, including the timing of renewals, average contract terms, seasonality and dollar amounts of customer contracts. Due to these factors, it is important to review RPOs in conjunction with revenue and other financial metrics disclosed elsewhere herein. For a further discussion of RPOs, see Note 5 to our consolidated financial statements included elsewhere in Annual Report on Form 10-K.
We calculate non-GAAP RPOs as RPOs plus customer deposits, which are refundable pre-paid amounts, based on the timing of when these customer deposits are expected to be recognized as revenue in future periods. As of January 31, 2024 and 2023, non-GAAP RPOs were $801.4 million and $673.8 million, respectively. As of January 31, 2024, we expect to recognize 60% of our non-GAAP RPOs as revenue over the next 12 months, and the remainder thereafter.
We use non-GAAP RPOs in conjunction with RPOs as part of our overall assessment of our performance, to evaluate the effectiveness of our business strategies and to communicate with our board of directors concerning our business and financial performance. Our management believes that presenting non-GAAP RPOs is useful to investors because the portion of non-GAAP RPOs that is expected to be recognized as revenue over the next 12 months represents an estimated minimum level of revenue for the applicable period, including customer deposits that are expected to be recognized as revenue in future periods but are not included in GAAP RPOs. Our definitions of non-GAAP RPOs may differ from the definitions used by other companies and therefore comparability may be limited. In addition, other companies may not publish these or similar metrics. Non-GAAP RPOs should be considered in addition to, not as substitutes for, or in isolation from, RPOs prepared in accordance with GAAP. We compensate for the limitations in the use of non-GAAP RPOs by providing a reconciliation of non-GAAP RPOs to RPOs. We encourage investors and others to review our results of operations and financial information in its entirety, not to rely on any single financial measure, and to view non-GAAP RPOs with RPOs and revenue.
The following table presents a reconciliation of our GAAP RPOs to our Non-GAAP RPOs for the periods presented (in thousands):
62
| As of | |||||||||||
| January 31, 2024 | January 31, 2023 | ||||||||||
| GAAP RPOs | |||||||||||
| GAAP short-term RPOs | $ | 460,170 | $ | 375,072 | |||||||
| GAAP long-term RPOs | 315,580 | 271,992 | |||||||||
| Total GAAP RPOs | $ | 775,750 | $ | 647,064 | |||||||
| Add: | |||||||||||
| Customer deposits | |||||||||||
| Customer deposits expected to be recognized within the next 12 months | $ | 22,882 | $ | 22,657 | |||||||
| Customer deposits expected to be recognized after the next 12 months | 2,745 | 4,042 | |||||||||
| Total customer deposits | $ | 25,627 | $ | 26,699 | |||||||
| Non-GAAP RPOs | |||||||||||
| Non-GAAP short-term RPOs | $ | 483,052 | $ | 397,729 | |||||||
| Non-GAAP long-term RPOs | 318,325 | 276,034 | |||||||||
| Total Non-GAAP RPOs | $ | 801,377 | $ | 673,763 | |||||||
Free Cash Flow and Free Cash Flow Margin
Free cash flow is a non-GAAP financial measure that we define as net cash provided by (used in) operating activities less purchases of property and equipment and capitalized internal-use software costs. Free cash flow margin is calculated as free cash flow divided by total revenue. We believe that free cash flow and free cash flow margin are useful indicators of liquidity that provide information to management and investors about the amount of cash generated from our core operations that, after the purchases of property and equipment, can be used for strategic initiatives, including investing in our business and selectively pursuing acquisitions and strategic investments. We further believe that historical and future trends in free cash flow and free cash flow margin, even if negative, provide useful information about the amount of net cash provided by (used in) operating activities that is available (or not available) to be used for strategic initiatives. For example, if free cash flow is negative, we may need to access cash reserves or other sources of capital to invest in strategic initiatives. One limitation of free cash flow and free cash flow margin is that they do not reflect our future contractual commitments. Additionally, free cash flow does not represent the total increase or decrease in our cash balance for a given period.
The following table presents our cash flow for the periods presented and a reconciliation of free cash flow and free cash flow margin to net cash provided by (used in) operating activities, the most directly comparable financial measure calculated in accordance with GAAP:
| Year Ended January 31, | |||||||||||||||||
| 2024 | 2023 | 2022 | |||||||||||||||
| (in thousands) | |||||||||||||||||
| GAAP net cash used in operating activities | $ | (10,851) | $ | (84,462) | $ | (56,215) | |||||||||||
| Add: purchases of property and equipment | (697) | (252) | (214) | ||||||||||||||
| Add: capitalized internal-use software | (11,333) | (8,746) | (6,382) | ||||||||||||||
| Free cash outflow | $ | (22,881) | $ | (93,460) | $ | (62,811) | |||||||||||
| GAAP net cash used in operating activities as a percentage of revenue | (2) | % | (18) | % | (18) | % | |||||||||||
| Free cash flow as a % of revenue | (4) | % | (20) | % | (20) | % | |||||||||||
63
Key Components of Results of Operations
Revenue
We generate revenue primarily from software subscriptions and, to a lesser extent, professional services and other revenue. Our software subscriptions are currently predominantly self-managed by users and customers who deploy it across public, private, and hybrid cloud environments. We also offer the HCP, our fully-managed cloud platform for multiple products.
Subscription revenue. We generate revenue primarily from subscriptions which include licenses of proprietary features, support and maintenance revenue, and cloud-hosted services.
Our contracts for self-managed software consist of term licenses that provide the customer with a right to use the software for a fixed term commencing upon delivery to the customer, bundled with support and maintenance for the term of the license period. Support and maintenance (collectively referred to as Support Revenue in the consolidated statements of operations) are not sold on a stand-alone basis. Our self-managed Subscription Revenue is disaggregated into License Revenue and Support Revenue in the consolidated statement of operations. The Company does not have observable standalone sales to determine the Standalone Selling Price, or SSP, for its licenses or its support as they are not sold separately. HashiCorp developed a model to estimate relative SSP for each performance obligation using an “expected cost-plus margin” approach. This model uses observable data points to develop the main assumptions including the estimated useful life of the intellectual property and appropriate margins.
Cloud-hosted services are provided on a subscription basis and give customers access to our cloud solutions, which include related customer support.
Subscription revenue on self-managed software includes both upfront revenue recognized when the license is delivered as well as revenue recognized ratably over the contract period for support and maintenance. The substantial majority of our revenue is recognized ratably over the subscription term. Revenue on committed cloud-hosted services is recognized ratably when we satisfy the performance obligation over the contract period, whereas revenue from non-committed, pay-as-you-go cloud-hosted services are recognized when usage occurs.
We generate subscription revenue from contracts with typical durations ranging from one to three years. We typically invoice our customers annually in advance and, to a lesser extent, multi-year in advance. Amounts that have been invoiced and are nonrefundable are recorded in deferred revenue, or they are recorded in revenue if the revenue recognition criteria have been met. Our current and non-current deferred revenue represents contracts that are invoiced annually in advance or multi-year in advance. Customer payments that are contractually refundable are recorded as customer deposits.
Professional services and other revenue. Professional services and other revenue consist of revenue from professional services, training services, which are predominantly sold on a fixed-fee basis and any other services provided to our customers. Revenue for professional services, training services, and other is recognized as these services are delivered. Professional services are services utilized by some of our self-managed customers to accelerate the deployment of our products.
Support and maintenance revenue and cloud-hosted services make up the majority of our revenue and are typically recognized ratably over the terms of our subscription contracts. Therefore, a substantial portion of the revenue that we report in each period is attributable to the recognition of deferred revenue relating to agreements that we entered into during previous periods. Consequently, increases or decreases in new sales or renewals in any one period may not be immediately reflected as revenue for that period. Any downturn in sales, however, may negatively affect our revenue in future periods. Accordingly, the effect of downturns in sales and market acceptance of our products, and potential changes in our rate of renewals, may not be fully reflected in our results of operations until future periods.
64
Cost of Revenue
Cost of Subscription Revenue. Cost of subscription revenue primarily includes personnel-related costs, such as salaries, bonuses and benefits, and stock-based compensation for employees associated with customer support and maintenance, third-party cloud infrastructure costs, amortization of internal-use software, amortization of acquired developed technology, and allocated overhead. We expect our cost of subscription revenue to increase as our subscription revenue increases.
Cost of Professional Services and other. Cost of professional services and other revenue primarily includes personnel-related costs, such as salaries, bonuses and benefits, and stock-based compensation for employees associated with our professional services, costs of third-party contractors, and allocated overhead. We expect our cost of professional services and other revenue to increase as our professional services and other revenue increases.
Gross Profit and Margin
Gross profit is revenue less cost of revenue.
Gross margin is gross profit expressed as a percentage of revenue. Our gross margin has been, and will continue to be affected by, a number of factors, including the average sales price of our subscriptions and professional services and other, changes in our revenue mix, the timing and extent of our investments in our global customer support personnel, hosting-related costs, and the amortization of internal-use software. We expect our gross margin to fluctuate over time depending on the factors described above. We expect our revenue from cloud-hosted services to increase as a percentage of total revenue, which we expect to lead to an increase in associated hosting and managing costs, which, in turn, would be expected to adversely impact our gross margin.
Operating Expenses
Our operating expenses consist of research and development, sales and marketing, and general and administrative expenses. Personnel costs, which consist of salaries, bonuses, benefits, stock-based compensation and, with regard to sales and marketing expenses, sales commissions, are the most significant component of our operating expenses. We also incur other non-personnel costs such as software and subscription services and an allocation of our general overhead costs for facilities, IT, and depreciation expenses.
Sales and Marketing
Sales and marketing expenses consist primarily of personnel-related costs, such as salaries, sales commissions that are recognized as expenses over the period of benefit, bonuses, benefits, stock-based compensation, costs related to marketing programs, travel-related costs, software and subscription services, and allocated overhead. Marketing programs consist of advertising, events, corporate communications, brand-building, and developer-community activities. We expect our sales and marketing expenses will increase over time and continue to be our largest operating expense for the foreseeable future as we expand our sales force, increase our marketing efforts, and expand into new markets. While we expect our sales and marketing expenses to decrease as a percentage of revenue over the long term due to business growth, our sales and marketing expenses may fluctuate as a percentage of revenue from period to period due to the timing and extent of these expenses.
Research and Development
Research and development expenses consist primarily of personnel-related costs, such as salaries, bonuses, benefits, and stock-based compensation, net of capitalized amounts, contractor and professional services fees, software and subscription services dedicated for use by our research and development organization and allocated overhead. We continue to focus our research and development efforts on the addition of new features and products and enhancing the functionality and ease of use of our existing products. We expect our research and development expenses will continue to increase as our business grows and we continue to invest in our offering. While we expect our research and development expenses to decrease as a percentage of revenue over the long term due to this business growth, our research and development expenses may fluctuate as a percentage of revenue from period to period due to the timing and extent of these expenses.
65
General and Administrative
General and administrative expenses for administrative functions including finance, legal, and human resources, consist primarily of personnel-related costs, such as salaries, bonuses, benefits, and stock-based compensation, as well as software and subscription services, and legal and other professional fees. We incur additional general and administrative expenses as a result of operating as a public company, including costs to comply with the rules and regulations applicable to companies listed on a national securities exchange, costs related to compliance and reporting obligations, and increased expenses for investor relations and professional services. We expect that our general and administrative expenses will increase as our business grows. However, we expect our general and administrative expenses to decrease as a percentage of revenue over the long term due to this business growth, our general and administrative expenses may fluctuate as a percentage of revenue from period to period due to the timing and extent of these expenses.
Interest Income
Interest income consists of interest earned on our cash, cash equivalents, and short-term investments, and amortization of premiums and accretion of discounts on short-term investments.
Other Expenses, Net
Other expense, net consists primarily of gains and losses from foreign currency transactions, and realized gains and losses on short-term investments.
Provision for Income Taxes
Provision for income taxes consists primarily of income taxes in certain foreign jurisdictions in which we conduct business, as well as state income taxes in the United States. We have recorded deferred tax assets and we provide a full valuation allowance on our U.S., Canada, and United Kingdom deferred tax assets. We expect to maintain this full valuation allowance on our U.S. deferred tax assets for the foreseeable future as it is more likely than not that some or all of those deferred tax assets may not be realized based on our history of losses.
66
Results of Operations
The following tables summarize our consolidated statements of operations data for the periods presented. The period-to-period comparison of results is not necessarily indicative of results for future periods.
| Year Ended January 31, | |||||||||||||||||
| 2024 | 2023 | 2022 | |||||||||||||||
(in thousands) | |||||||||||||||||
| Consolidated Statements of Operations: | |||||||||||||||||
| Revenue: | |||||||||||||||||
| License | $ | 67,612 | $ | 64,273 | $ | 47,504 | |||||||||||
| Support | 420,948 | 349,855 | 247,566 | ||||||||||||||
| Cloud-hosted services | 76,086 | 46,860 | 18,613 | ||||||||||||||
| Total subscription revenue | 564,646 | 460,988 | 313,683 | ||||||||||||||
| Professional services and other | 18,491 | 14,901 | 7,086 | ||||||||||||||
| Total revenue | 583,137 | 475,889 | 320,769 | ||||||||||||||
| Cost of revenue: | |||||||||||||||||
Cost of license | 1,968 | 1,753 | 221 | ||||||||||||||
Cost of support(1) | 58,208 | 48,112 | 38,080 | ||||||||||||||
Cost of cloud-hosted services(1) | 30,447 | 22,589 | 14,031 | ||||||||||||||
Total cost of subscription revenue(1) | 90,623 | 72,454 | 52,332 | ||||||||||||||
Cost of professional services and other(1) | 18,076 | 14,515 | 11,108 | ||||||||||||||
Total cost of revenue(1) | 108,699 | 86,969 | 63,440 | ||||||||||||||
| Gross profit | 474,438 | 388,920 | 257,329 | ||||||||||||||
| Operating expenses: | |||||||||||||||||
Sales and marketing(1) | 369,164 | 355,826 | 269,504 | ||||||||||||||
Research and development(1) | 222,553 | 195,384 | 165,031 | ||||||||||||||
General and administrative(1) | 136,999 | 134,997 | 112,108 | ||||||||||||||
| Total operating expenses | 728,716 | 686,207 | 546,643 | ||||||||||||||
| Loss from operations | (254,278) | (297,287) | (289,314) | ||||||||||||||
| Interest Income | 65,159 | 26,367 | 319 | ||||||||||||||
| Other expenses, net | (510) | (2,365) | (157) | ||||||||||||||
| Loss before income taxes | (189,629) | (273,285) | (289,152) | ||||||||||||||
| Provision for income taxes | 1,039 | 1,013 | 986 | ||||||||||||||
| Net loss | $ | (190,668) | $ | (274,298) | $ | (290,138) | |||||||||||
67
(1)Includes stock-based compensation expense as follows:
| Year Ended January 31, | ||||||||||||||||||||
| 2024 | 2023 | 2022 | ||||||||||||||||||
| (in thousands) | ||||||||||||||||||||
| Cost of revenue: | ||||||||||||||||||||
| Cost of support | $ | 9,819 | $ | 8,485 | $ | 8,073 | ||||||||||||||
| Cost of cloud-hosted services | 2,195 | 2,761 | 2,482 | |||||||||||||||||
| Total cost of subscription revenue | 12,014 | 11,246 | 10,555 | |||||||||||||||||
| Cost of professional services and other | 2,654 | 2,555 | 3,367 | |||||||||||||||||
| Total cost of revenue | 14,668 | 13,801 | 13,922 | |||||||||||||||||
| Sales and marketing | 54,861 | 58,205 | 64,991 | |||||||||||||||||
| Research and development | 49,401 | 46,255 | 67,865 | |||||||||||||||||
| General and administrative | 51,687 | 52,900 | 53,790 | |||||||||||||||||
| Total stock-based compensation expense, net of amounts capitalized | $ | 170,617 | $ | 171,161 | $ | 200,568 | * | |||||||||||||
* Fiscal 2022 stock-based compensation expense includes the initial expense related to RSUs subject to service-based and performance-based vesting conditions, which conditions were satisfied in connection with our IPO, and stock-based compensation expense related to the 2021 Employee Stock Purchase Plan, or ESPP, which commenced in the quarter ended January 31, 2022. See Note 12 to our consolidated financial statements included elsewhere in this Annual Report on Form 10-K for further details.
68
The following table sets forth our consolidated statements of operations expressed as a percentage of revenue for the periods indicated:
| Year Ended January 31, | |||||||||||||||||
| 2024 | 2023 | 2022 | |||||||||||||||
| Revenue: | |||||||||||||||||
| License | 12 | % | 14 | % | 15 | % | |||||||||||
| Support | 72 | % | 73 | % | 77 | % | |||||||||||
| Cloud-hosted services | 13 | % | 10 | % | 6 | % | |||||||||||
| Total subscription revenue | 97 | % | 97 | % | 98 | % | |||||||||||
| Professional services and other | 3 | % | 3 | % | 2 | % | |||||||||||
| Total revenue | 100 | % | 100 | % | 100 | % | |||||||||||
| Cost of revenue: | |||||||||||||||||
| Cost of license | - | % | - | % | - | % | |||||||||||
| Cost of support | 10 | % | 10 | % | 12 | % | |||||||||||
| Cost of cloud-hosted services | 5 | % | 5 | % | 4 | % | |||||||||||
| Total cost of subscription revenue | 16 | % | 15 | % | 16 | % | |||||||||||
| Cost of professional services and other | 3 | % | 3 | % | 4 | % | |||||||||||
| Total cost of revenue | 19 | % | 18 | % | 20 | % | |||||||||||
| Gross profit | 81 | % | 82 | % | 80 | % | |||||||||||
| Operating expenses: | |||||||||||||||||
| Sales and marketing | 63 | % | 75 | % | 84 | % | |||||||||||
| Research and development | 38 | % | 41 | % | 51 | % | |||||||||||
| General and administrative | 23 | % | 28 | % | 35 | % | |||||||||||
| Total operating expenses | 125 | % | 144 | % | 170 | % | |||||||||||
| Loss from operations | (44) | % | (62) | % | (90) | % | |||||||||||
| Interest income | 11 | % | 6 | % | - | % | |||||||||||
| Other expenses, net | - | % | (1) | % | - | % | |||||||||||
| Loss before income taxes | (33) | % | (57) | % | (90) | % | |||||||||||
| Provision for income taxes | - | % | 1 | % | - | % | |||||||||||
| Net loss | (33) | % | (58) | % | (90) | % | |||||||||||
69
Comparison of Fiscal 2024 and Fiscal 2023
Revenue
| Year Ended January 31, | Change | ||||||||||||||||||||||
| 2024 | 2023 | $ | % | ||||||||||||||||||||
| (in thousands, except percentages) | |||||||||||||||||||||||
| Revenue: | |||||||||||||||||||||||
| License | $ | 67,612 | $ | 64,273 | $ | 3,339 | 5 | % | |||||||||||||||
| Support | 420,948 | 349,855 | 71,093 | 20 | % | ||||||||||||||||||
| Cloud-hosted services | 76,086 | 46,860 | 29,226 | 62 | % | ||||||||||||||||||
| Total subscription revenue | 564,646 | 460,988 | 103,658 | 22 | % | ||||||||||||||||||
| Professional services and other | 18,491 | 14,901 | 3,590 | 24 | % | ||||||||||||||||||
| Total revenue | $ | 583,137 | $ | 475,889 | $ | 107,248 | 23 | % | |||||||||||||||
Subscription revenue increased by $103.7 million, or 22%, for fiscal 2024 compared to fiscal 2023. This increase is attributable to the addition of new customers, which contributed $47.0 million for fiscal 2024, as we increased our customer base by 14% from January 31, 2023 to January 31, 2024. The remaining $56.7 million of this increase in revenue is attributable to expanded product adoption among existing customers, as reflected by our average net dollar retention rate of 115% for the trailing four quarters ended January 31, 2024.
Professional services and other revenue increased by $3.6 million, or 24%, for fiscal 2024 compared to fiscal 2023. This increase is mainly attributable to a $7.0 million increase due to increased delivery of professional services and the completion of certain professional projects. The increase is offset by a $3.5 million decrease related to revenue recognized from a resale contract commitment in fiscal 2023.
Cost of Revenue and Gross Margin
| Year Ended January 31, | Change | ||||||||||||||||||||||
| 2024 | 2023 | $ | % | ||||||||||||||||||||
| (in thousands, except percentages) | |||||||||||||||||||||||
| Cost of revenue: | |||||||||||||||||||||||
| Cost of license | $ | 1,968 | $ | 1,753 | $ | 215 | 12 | % | |||||||||||||||
| Cost of support | 58,208 | 48,112 | 10,096 | 21 | % | ||||||||||||||||||
| Cost of cloud-hosted services | 30,447 | 22,589 | 7,858 | 35 | % | ||||||||||||||||||
| Total cost of subscription revenue | 90,623 | 72,454 | 18,169 | 25 | % | ||||||||||||||||||
| Cost of professional services and other | 18,076 | 14,515 | 3,561 | 25 | % | ||||||||||||||||||
| Total cost of revenue | $ | 108,699 | $ | 86,969 | $ | 21,730 | 25 | % | |||||||||||||||
| Year Ended January 31, | |||||||||||
| 2024 | 2023 | ||||||||||
| Gross margin | |||||||||||
| License | 97 | % | 97 | % | |||||||
| Support | 86 | % | 86 | % | |||||||
| Cloud-hosted services | 60 | % | 52 | % | |||||||
| Total subscription margin | 84 | % | 84 | % | |||||||
| Professional services and other | 2 | % | 3 | % | |||||||
| Total gross margin | 81 | % | 82 | % | |||||||
70
Cost of subscription revenue increased by $18.2 million, or 25%, for fiscal 2024 compared to fiscal 2023. The increase in cost of subscription revenue was driven by an increase in employee-related expenses of $12.5 million due to increases in headcount in our customer support organization. These employee-related expenses included a $0.8 million increase related to stock-based compensation expense. The increase was also attributable to a $0.7 million increase in cloud hosting fees, and a $5.0 million increase in amortization of internal-use software and acquired technology. As cloud becomes a larger portion of our revenue, our gross margin profile will change because we have a lower gross margin on cloud-hosted services due to headcount related to our cloud offering operations and cloud hosting fees.
Cost of professional services and other revenue increased by $3.6 million, or 25%, for fiscal 2024 compared to fiscal 2023. The increase in cost of professional services and other was driven by a $2.7 million increase in employee-related expenses and $0.9 million increased in spending on professional service.
Gross margin decreased to 81% for fiscal 2024 from 82% for fiscal 2023, primarily due to decreases in our professional services and other margin.
Operating Expenses
Sales and Marketing
| Year Ended January 31, | Change | ||||||||||||||||||||||
| 2024 | 2023 | $ | % | ||||||||||||||||||||
| (in thousands, except percentages) | |||||||||||||||||||||||
| Sales and marketing | $ | 369,164 | $ | 355,826 | $ | 13,338 | 4 | % | |||||||||||||||
Sales and marketing expenses increased by $13.3 million, or 4%, for fiscal 2024 compared to fiscal 2023. The increase was primarily driven by a $6.9 million increase in employee-related costs. The increase in employee-related costs includes a $12.1 million net increase in amortization of deferred contract acquisition costs driven by our increase in revenue offset by a $3.3 million decrease in stock-based compensation expense and $3.0 million decrease in payroll due to decreases in sales and marketing headcount from the reduction in workforce in the quarter ended July 31, 2023. The remainder of the increase in sales and marketing expenses was attributable to increase in marketing expenses and professional services by $3.9 million and $2.0 million, respectively.
Research and Development
| Year Ended January 31, | Change | ||||||||||||||||||||||
| 2024 | 2023 | $ | % | ||||||||||||||||||||
| (in thousands, except percentages) | |||||||||||||||||||||||
| Research and development | $ | 222,553 | $ | 195,384 | $ | 27,169 | 14 | % | |||||||||||||||
Research and development expenses increased by $27.2 million, or 14%, for fiscal 2024 compared to fiscal 2023 as we continued to develop and enhance the functionality of our existing products and release new products. This increase was primarily driven by a $23.3 million increase in employee-related costs. The increase in these employee-related costs includes a $16.1 million increase in payroll and benefit, a $5.0 million increase in stock-based compensation expense, and a $0.9 million increase in severance. The remainder of the increase in research and development expenses was attributable to increased software and subscription expenses of $0.6 million, and increased spending on employee development of $0.8 million.
General and Administrative
| Year Ended January 31, | Change | ||||||||||||||||||||||
| 2024 | 2023 | $ | % | ||||||||||||||||||||
| (in thousands, except percentages) | |||||||||||||||||||||||
| General and administrative | $ | 136,999 | $ | 134,997 | $ | 2,002 | 1 | % | |||||||||||||||
71
General and administrative expenses increased by $2.0 million, or 1%, for fiscal 2024 compared to fiscal 2023. The increase was primarily driven by a $0.3 million increase in employee-related costs, including a $0.9 million increase in payroll expense, a $0.6 million increase in severance, and a $0.2 million increase in payroll taxes. The increase in these employee-related costs was reduced by $1.3 million decrease in stock-based compensation expense. The remaining increase was attributable to increase in expenses related to facility allocation, software and subscription, employee development, and professional service by $2.6 million, $1.1 million, $0.5 million, and $0.2 million, respectively, and offset by a $2.5 million decrease in insurance costs.
Interest Income
| Year Ended January 31, | Change | ||||||||||||||||||||||
| 2024 | 2023 | $ | % | ||||||||||||||||||||
| (in thousands, except percentages) | |||||||||||||||||||||||
| Interest income | $ | 65,159 | $ | 26,367 | $ | 38,792 | 147 | % | |||||||||||||||
Interest income, increased by $38.8 million, or 147%, in fiscal 2024 compared to fiscal 2023. The increase was attributable to the interest income earned from cash equivalents and available-for-sale investments, and increases in the yields resulting from the Federal Reserve's interest rate increases.
Other Expenses, Net
| Year Ended January 31, | Change | ||||||||||||||||||||||
| 2024 | 2023 | $ | % | ||||||||||||||||||||
| (in thousands, except percentages) | |||||||||||||||||||||||
| Other expenses, net | $ | (510) | $ | (2,365) | $ | 1,855 | (78) | % | |||||||||||||||
Other expenses, net decreased by $1.9 million, or (78)%, in fiscal 2024 compared to fiscal 2023. The changes were primarily due to changes in foreign currency gains and losses on our cash balances in foreign jurisdictions due to changes in the US dollar against other currencies.
Provision for Income Taxes
| Year Ended January 31, | Change | ||||||||||||||||||||||
| 2024 | 2023 | $ | % | ||||||||||||||||||||
| (in thousands, except percentages) | |||||||||||||||||||||||
| Provision for income taxes | $ | 1,039 | $ | 1,013 | $ | 26 | 3 | % | |||||||||||||||
Provision for income taxes increased by de minimis, or 3%, in fiscal 2024 compared to fiscal 2023. The changes were primarily due to a partial release of valuation allowance, of which $0.4 million tax benefit was directly related to the acquisition of BluBracket, Inc. In connection with the BluBracket acquisition, we recorded a net deferred tax liability which provides an additional source of taxable income to support the realization of the pre-existing deferred tax assets and, accordingly, during fiscal 2024, we released a total of $0.4 million of our U.S. valuation allowance. We continue to maintain a full valuation allowance on our U.S. deferred tax assets, and the significant components of the tax expense recorded are current cash tax expenses in various jurisdictions. Current cash tax expenses are impacted by each jurisdiction’s individual tax rates, laws on the timing of recognition of income and deductions, and availability of net operating losses and tax credits. Our effective tax rate may fluctuate significantly on a quarterly basis and could be adversely affected to the extent earnings are lower than anticipated in countries that have lower statutory rates and higher than anticipated in countries that have higher statutory rates.
72
Liquidity and Capital Resources
As of January 31, 2024, we had cash, cash equivalents, and short-term investments of $1,278.6 million. Our cash and cash equivalents primarily consist of cash on hand, highly liquid investments in money market funds, and available-for-sale investments with an original maturity date of three months or less. Our short-term investments consist of U.S. treasury securities, corporate notes and bonds, U.S. agency obligations, commercial paper, and certificates of deposit. We have generated significant operating losses from our operations as reflected in our accumulated deficit of $971.1 million as of January 31, 2024, and negative cash flows from operations in fiscal 2024, fiscal 2023, and fiscal 2022. While we expect to continue to incur operating losses in the foreseeable future, we have generated positive cash flows from operations in recent quarters. We may continue to have positive cash flows in the future, or we may require additional capital resources to execute strategic initiatives to grow our business.
We believe our existing cash and cash equivalents will be sufficient to fund our operating and capital needs for at least the next 12 months, including our repurchases of common stock pursuant to our stock repurchase program. Our assessment of the period of time through which our financial resources will be adequate to support our operations is a forward-looking statement and involves risks and uncertainties. Our future capital requirements, both near-term and long-term, will depend on many factors, including our growth rate, the timing and extent of spending to support our research and development efforts, the expansion of sales and marketing and international operating activities, the timing of new introductions of solutions or features, and the continuing market acceptance of our services. We may in the future enter into arrangements to acquire or invest in complementary businesses, services and technologies, including intellectual property rights. We have based this estimate on assumptions that may prove to be wrong, and we could use our available capital resources sooner than we currently expect. We may be required to seek additional equity or debt financing. In the event that additional financing is required from outside sources, we may not be able to raise it on terms acceptable to us or at all. If we are unable to raise additional capital when desired, or if we cannot expand our operations or otherwise capitalize on our business opportunities because we lack sufficient capital, our business, operating results and financial condition would be adversely affected.
The following table summarizes our cash flows for the periods presented:
| Year Ended January 31, | |||||||||||||||||
| 2024 | 2023 | 2022 | |||||||||||||||
| Net cash used in operating activities | $ | (10,851) | $ | (84,462) | $ | (56,215) | |||||||||||
| Net cash used in investing activities | $ | (535,171) | $ | (8,998) | $ | (6,596) | |||||||||||
| Net cash provided by financing activities | $ | 23,302 | $ | 21,983 | $ | 1,147,846 | |||||||||||
Operating Activities
We typically invoice our customers annually in advance and to a lesser extent, multi-years in advance. Therefore, a substantial source of our cash is from such prepayments, which are included on our consolidated balance sheets in deferred revenue and customer deposits. We generally experience seasonality in terms of when we enter into agreements with our customers, particularly in our fourth fiscal quarter due to increased buying patterns of our enterprise customers and in our second fiscal quarter due to the summer vacation slowdown that impacts many of our customers. Given the seasonality in our business as discussed above, the operating cash flow benefit from increased collections from our customers generally occurs in the subsequent one to two quarters after billing. We expect seasonality, timing of billings, and collections from our customers to have a material impact on our cash flow from operating activities from period to period. Our primary uses of cash from operating activities are for personnel-related expenses, software and subscription expenses, sales and marketing expenses, third-party cloud infrastructure costs, professional services expenses, and overhead expenses.
Net cash used in operating activities during fiscal 2024 was $10.9 million, which resulted from a net loss of $190.7 million, adjusted for non-cash charges of $170.2 million and net cash inflow of $9.7 million from changes in operating assets and liabilities. Non-cash charges primarily consisted of $170.6 million for stock-based compensation expense, $9.5 million for depreciation and amortization expense, and $3.1 million for non-cash operating lease costs, offset by $12.7 million for accretion of discounts on investments and $0.4 million for deferred income taxes. The net cash inflow from
73
changes in operating assets and liabilities was primarily the result of a $59.3 million increase in deferred revenue due to increased billings and a $0.4 million increase in accrued expenses and other liabilities. These cash inflows were partially offset by a $20.4 million increase in account receivable due to higher billings and timing of collections from our customers, a $12.7 million increase in prepaid expenses and other assets, a $6.2 million increase in deferred contract acquisition costs as our sales commission payments increased due to addition of new customers and expansion of our existing customer subscriptions, a $3.7 million decrease in account payable due to timing of payments to our vendors, a $3.4 million decrease in lease liabilities due to payments to our landlords, a $2.6 million decrease in accrued compensation and benefits primarily due to accrued sales commissions and accrued payroll taxes, and a $1.1 million decrease in customer deposits from advance invoicing in accordance with our subscription contracts.
Net cash used in operating activities during fiscal 2023 was $84.5 million, which resulted from a net loss of $274.3 million, adjusted for non-cash charges of $178.6 million and net cash inflow of $11.2 million from changes in operating assets and liabilities. Non-cash charges primarily consisted of $171.2 million for stock-based compensation expense, $4.6 million for depreciation and amortization expense, and $2.9 million for non-cash operating lease costs. The net cash outflow from changes in operating assets and liabilities was primarily the result of a $35.6 million increase in account receivable due to higher billings and timing of collections from our customers, a $34.8 million increase in deferred contract acquisition costs as our sales commission payments increased due to addition of new customers and expansion of our existing customer subscriptions, a $3.1 million decrease in lease liabilities due to payments to our landlords, and a $1.8 million decrease in account payable due to timing of payments to our vendors. These cash outflows were partially offset by a $79.0 million increase in deferred revenue due to increased billings, a $3.3 million increase in customer deposits from advance invoicing in accordance with our subscription contracts, a $2.6 million increase in accrued expenses and other liabilities, a $1.7 million increase in accrued compensation and benefits primarily due to accrued sales commissions and accrued payroll taxes, and a $0.1 million decrease in prepaid expenses and other assets.
Investing Activities
Net cash used in investing activities during fiscal 2024 of $535.2 million was due to a $811.8 million cash outflow in purchases of short-term investments, a $20.9 million cash outflow in a business combination, and a $11.3 million outflow in capitalized internal-use software for our cloud platform, offset by a $283.2 million and $26.4 million of cash inflows from maturities and sales of investments, respectively.
Net cash used in investing activities during fiscal 2023 of $9.0 million was primarily comprised of $8.7 million capitalized internal-use software for our cloud platform and $0.3 million in purchases of property and equipment.
Financing Activities
Net cash provided by financing activities of $23.3 million during fiscal 2024 was due to $17.6 million proceeds from stock purchased by employees under the 2021 Employee Stock Purchase Plan ("ESPP"), and $6.0 million net proceeds from the exercise of stock options, offset by $0.3 million outflow for payment of taxes related to net share settlement.
Net cash provided by financing activities of $22.0 million during fiscal 2023 was due to $17.2 million proceeds from stock purchased by employees under the ESPP, and $5.0 million net proceeds from the exercise of stock options, offset by $0.2 million outflow for payment of taxes related to net share settlement.
Contractual Obligations and Commitments
Our commitments consist of obligations under non-cancellable real estate arrangements on an undiscounted basis, of which $4.6 million is due in the next 12 months and $10.8 million is due thereafter. As of January 31, 2024, we have non-cancellable hosting infrastructure commitments of $7.1 million due in the next 12 months and $2.9 million due thereafter. Also, as of January 31, 2024, we have non-cancelable purchase commitments with various parties to purchase products and services entered in the normal course of business payments of $10.5 million due in the next 12 months and $1.6 million due thereafter. We expect to fund these obligations with cash flows from operations and cash on our balance sheet.
The contractual commitment amounts described above are associated with agreements that are enforceable and legally binding. Obligations under contracts that we can cancel without a significant penalty are not included above.
74
Purchase orders issued in the ordinary course of business are not included above, as our purchase orders represent authorizations to purchase rather than binding agreements.
Critical Accounting Estimates
Critical accounting estimates are those estimates that are both most important to the portrayal of our net assets and results of operations and require the most difficult, subjective, or complex judgments, often as a result of the need to make estimates about the effect of matters that are inherently uncertain. These estimates are developed based on historical experience and various other assumptions that we believe to be reasonable under the circumstances. Critical accounting estimates are accounting estimates where the nature of the estimates is material due to the levels of subjectivity and judgment necessary to account for highly uncertain matters or the susceptibility of such matters to change, and the impact of the estimates on financial condition or operating performance is material.
We believe that the accounting policies described below involve a greater degree of judgment and complexity. Accordingly, these are the policies we believe are the most critical to aid in fully understanding and evaluating our consolidated financial condition and results of operations.
Revenue Recognition
See Note 2, Summary of Significant Accounting Policies, to our consolidated financial statements included elsewhere in this Annual Report on Form 10-K for information regarding our significant accounting policies over revenue recognition.
Our contracts with customers often contain multiple performance obligations. For these contracts, we allocate the transaction price to each performance obligation on a relative standalone selling price (“SSP”) basis. We consider our determination of SSP to be a critical accounting estimate. SSP is established based on multiple factors, including prices at which we separately sell standalone subscriptions and services. For license and support performance obligations, we developed a model to estimate relative SSP for each performance obligation using an expected cost-plus margin approach. This model uses observable data points to develop the main assumptions including the estimated useful life of the intellectual property and appropriate margins by allocating costs between enterprise and open-source features. There may be more than one SSP for individual subscriptions and services due to the stratification of subscription support tiers and services. We also consider if there are any additional material rights inherent in a contract, and if so, we allocate revenue to the material right as a performance obligation.
Deferred Contract Acquisition Costs
See Note 2, Summary of Significant Accounting Policies, to our consolidated financial statements included elsewhere in this Annual Report on Form 10-K for information regarding our significant accounting policies over deferred contract acquisition costs.
Deferred contract acquisition costs include sales commissions earned by our sales force which are considered incremental and recoverable costs of obtaining a contract with a customer. Sales commissions for initial contracts are deferred and then amortized commensurate with the pattern of revenue recognition over a period of benefit, determined to be five years. Significant judgment is required in arriving at this period of benefit. We determined the period of benefit by taking into consideration our customer contracts, technology, and other factors. Amounts anticipated to be recognized within one year of the balance sheet date are recorded as deferred contract acquisition costs, with the remaining portion recorded as deferred contract acquisition costs, non-current, on the consolidated balance sheets. Amortization expense of deferred contract costs is recorded as sales and marketing expense in the consolidated statements of operations.
Recent Accounting Pronouncements
Refer to Note 2 to our consolidated financial statements included elsewhere in this Annual Report on Form 10-K for more information regarding recent accounting pronouncements.
Item 7A. Quantitative and Qualitative Disclosures About Market Risk.
72
We have operations in the United States and internationally, and we are exposed to market risk in the ordinary course of our business. There have been no material changes in our market risk exposures during fiscal 2024.
Interest Rate Risk
Our cash and cash equivalents primarily consist of cash on hand and highly liquid investments in money market funds. As of January 31, 2024, we had cash, cash equivalents, and short-term investments of $1,278.6 million. The carrying amount of our cash equivalents reasonably approximates fair value due to the short maturities of these instruments. The primary objectives of our investment activities are the preservation of capital, the fulfillment of liquidity needs, and the fiduciary control of cash and investments. As of fiscal 2024, we have not entered into investments for trading or speculative purposes, but we may do so in the future. Due to the short-term nature of our investment portfolio and type of investments included in our portfolio, we do not believe an immediate 10% increase or decrease in interest rates would have a material effect on the fair market value of our portfolio. We, therefore, do not expect our operating results or cash flows to be materially affected by a sudden change in market interest rates. Declines in interest rates, however, would reduce our future interest income.
Foreign Currency Risk
All of our sales contracts are denominated in U.S. dollars. A portion of our operating expenses are incurred outside of the United States, denominated in foreign currencies, and subject to fluctuations due to changes in foreign currency exchange rates, particularly changes in the British Pound, Euro, Canadian Dollar, and Australian Dollar. Fluctuations in foreign currency exchange rates may cause us to recognize transaction gains and losses in our consolidated statements of operations. If the U.S. dollar weakened by 10%, our operating expense could increase by approximately 2%.
During the second quarter of fiscal 2024, we implemented a foreign currency risk management program and entered into foreign currency forward contracts to hedge a portion of our forecasted foreign currency-denominated expenses. These foreign currency derivative contracts have a maturity up to 12 months or less and are designated as cash flow hedges to protect our earnings subjected to foreign currency risk. We expect that the effect of a hypothetical 10% relative change in foreign exchange rates, after considering our hedging program, would not have a material impact on our financial condition, results of operations, or cash flows for the periods presented. As our international operations grow, we will continue to reassess our approach to manage our risk relating to fluctuations in foreign exchange rates.
Inflation Risk
We do not believe that inflation has had a material effect on our business, financial condition or results of operations.
74
Item 8. Financial Statements and Supplementary Data
HASHICORP, INC.
INDEX TO CONSOLIDATED FINANCIAL STATEMENTS
| Page | |||||
| Consolidated Financial Statements: | |||||
75
REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM
To the Stockholders and the Board of Directors of HashiCorp, Inc.
Opinion on the Financial Statements
We have audited the accompanying consolidated balance sheets of HashiCorp, Inc. and subsidiaries (the "Company") as of January 31, 2024 and 2023, the related consolidated statements of operations, comprehensive loss, redeemable convertible preferred stock and stockholders’ equity (deficit), and cash flows, for each of the three years in the period ended January 31, 2024, and the related notes (collectively referred to as the "financial statements"). In our opinion, the financial statements present fairly, in all material respects, the financial position of the Company as of January 31, 2024 and 2023, and the results of its operations and its cash flows for each of the three years in the period ended January 31, 2024, in conformity with accounting principles generally accepted in the United States of America.
We have also audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the Company's internal control over financial reporting as of January 31, 2024, based on criteria established in Internal Control—Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission and our report dated March 20, 2024, expressed an unqualified opinion on the Company's internal control over financial reporting.
Basis for Opinion
These financial statements are the responsibility of the Company's management. Our responsibility is to express an opinion on the Company's financial statements based on our audits. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.
We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether due to error or fraud. Our audits included performing procedures to assess the risks of material misstatement of the financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the financial statements. Our audits also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe that our audits provide a reasonable basis for our opinion.
Critical Audit Matter
The critical audit matter communicated below is a matter arising from the current-period audit of the financial statements that was communicated or required to be communicated to the audit committee and that (1) relates to accounts or disclosures that are material to the financial statements and (2) involved our especially challenging, subjective, or complex judgments. The communication of critical audit matters does not alter in any way our opinion on the financial statements, taken as a whole, and we are not, by communicating the critical audit matter below, providing a separate opinion on the critical audit matter or on the accounts or disclosures to which it relates.
Revenue Recognition – Refer to Notes 2 and 5 to the financial statements
Critical Audit Matter Description
The Company generates revenue primarily from self-managed software subscriptions which consist of term licenses bundled with support and maintenance for the term of the license period. Certain contracts with customers contain non-standard terms and conditions which require significant judgement by management to identify the distinct performance obligations in the contract. The determination of standalone selling prices for licenses and support, which are not sold separately, also required significant judgement by management and were developed using an expected cost-plus margin model based on multiple assumptions including the estimated useful life of the intellectual property and appropriate margins.
76
Given the complexity of certain self-managed contracts, including those with non-standard terms and conditions, and the significance of management’s judgments involved in identifying performance obligations and determining standalone selling prices, performing audit procedures to evaluate whether management properly identified performance obligations and determined standalone selling prices required a high degree of auditor judgment and an increased extent of effort, including the need to involve our fair value specialists.
How the Critical Audit Matter Was Addressed in the Audit
Our audit procedures related to management’s revenue recognition for its customer contracts included the following, among others:
•We tested the effectiveness of management’s controls over the review of customer contracts, including the identification of performance obligations, and the estimate of standalone selling prices for self-managed licenses and support.
•We selected a sample of recorded revenue transactions, obtained and read the customer contracts, including master agreements and related amendments, and independently assessed the terms of the contract, the identified performance obligations and compared to the performance obligations identified by management.
•We evaluated the reasonableness of management’s estimate of the standalone selling prices for self-managed licenses and support, which are not sold separately, by performing the following:
–With the assistance of our fair value specialists, we evaluated the reasonableness of the cost-plus margin valuation methodology used based on generally accepted valuation practices observed in the industry.
–Evaluated selected margins used by management for cost markups by comparing to margins of selected guideline public companies (“GPCs”), evaluating the appropriateness of selected GPCs, and obtaining the underlying market data and recalculating the margins of the respective GPCs.
–Evaluated the estimated useful life of the intellectual property by (i) discussing the Company’s product with members of the development team to understand expected changes in product development and the corresponding impact on the estimated life and (ii) comparison to industry peers.
–Evaluated the allocation of the engineering and support costs between the proprietary features and open-source features by (i) discussing with members of the development team to understand the relevant effort and considering published information regarding software releases, (ii) testing the completeness and accuracy of source data, and (iii) recalculating the allocation.
/s/ DELOITTE & TOUCHE LLP
March 20, 2024
We have served as the Company’s auditor since 2019.
77
HASHICORP, INC.
CONSOLIDATED BALANCE SHEETS
(in thousands, except per share data)
| January 31, | |||||||||||
| 2024 | 2023 | ||||||||||
| Assets | |||||||||||
| Current assets | |||||||||||
| Cash and cash equivalents | $ | $ | |||||||||
| Short-term investments | |||||||||||
| Accounts receivable, net of allowance | |||||||||||
| Deferred contract acquisition costs | |||||||||||
| Prepaid expenses and other current assets | |||||||||||
| Total current assets | |||||||||||
| Property and equipment, net | |||||||||||
| Operating lease right-of-use assets | |||||||||||
| Deferred contract acquisition costs, non-current | |||||||||||
| Acquisition-related intangible assets, net | |||||||||||
| Goodwill | |||||||||||
| Other assets, non-current | |||||||||||
| Total assets | $ | $ | |||||||||
| Liabilities and Stockholders’ Equity | |||||||||||
| Current liabilities: | |||||||||||
| Accounts payable | $ | $ | |||||||||
| Accrued expenses and other current liabilities | |||||||||||
| Accrued compensation and benefits | |||||||||||
| Operating lease liabilities | |||||||||||
| Deferred revenue | |||||||||||
| Customer deposits | |||||||||||
| Total current liabilities | |||||||||||
| Deferred revenue, non-current | |||||||||||
| Operating lease liabilities, non-current | |||||||||||
| Other liabilities, non-current | |||||||||||
| Total liabilities | |||||||||||
| Commitments and contingencies (Note 11) | |||||||||||
| Stockholders’ equity: | |||||||||||
Class A common stock, par value of $ | |||||||||||
Class B common stock, par value of $ | |||||||||||
| Additional paid-in capital | |||||||||||
| Accumulated other comprehensive loss | ( | ||||||||||
| Accumulated deficit | ( | ( | |||||||||
| Total stockholders’ equity | |||||||||||
| Total liabilities and stockholders’ equity | $ | $ | |||||||||
The accompanying notes are an integral part of these consolidated financial statements.
78
HASHICORP, INC.
CONSOLIDATED STATEMENTS OF OPERATIONS
(in thousands, except per share data)
| Year Ended January 31, | |||||||||||||||||
| 2024 | 2023 | 2022 | |||||||||||||||
| Revenue: | |||||||||||||||||
| License | $ | $ | $ | ||||||||||||||
| Support | |||||||||||||||||
| Cloud-hosted services | |||||||||||||||||
| Total subscription revenue | |||||||||||||||||
| Professional services and other | |||||||||||||||||
| Total revenue | |||||||||||||||||
| Cost of revenue: | |||||||||||||||||
| Cost of license | |||||||||||||||||
| Cost of support | |||||||||||||||||
| Cost of cloud-hosted services | |||||||||||||||||
| Total cost of subscription revenue | |||||||||||||||||
| Cost of professional services and other | |||||||||||||||||
| Total cost of revenue | |||||||||||||||||
| Gross profit | |||||||||||||||||
| Operating expenses: | |||||||||||||||||
| Sales and marketing | |||||||||||||||||
| Research and development | |||||||||||||||||
| General and administrative | |||||||||||||||||
| Total operating expenses | |||||||||||||||||
| Loss from operations | ( | ( | ( | ||||||||||||||
| Interest income | |||||||||||||||||
| Other expenses, net | ( | ( | ( | ||||||||||||||
| Loss before income taxes | ( | ( | ( | ||||||||||||||
| Provision for income taxes | |||||||||||||||||
| Net loss | $ | ( | $ | ( | $ | ( | |||||||||||
| Net loss per share attributable to common stockholders, basic and diluted | $ | ( | $ | ( | $ | ( | |||||||||||
| Weighted-average shares used to compute net loss per share attributable to common stockholders, basic and diluted | |||||||||||||||||
The accompanying notes are an integral part of these consolidated financial statements.
79
HASHICORP, INC.
CONSOLIDATED STATEMENTS OF COMPREHENSIVE LOSS
(in thousands)
| Year Ended January 31, | |||||||||||||||||
| 2024 | 2023 | 2022 | |||||||||||||||
| Net loss | $ | ( | $ | ( | $ | ( | |||||||||||
| Other comprehensive loss, net of tax: | |||||||||||||||||
| Available-for-sale investments: | |||||||||||||||||
| Unrealized gains on available-for-sale investments | |||||||||||||||||
| Foreign currency forward contracts: | |||||||||||||||||
| Unrealized losses on foreign currency forward contracts | ( | ||||||||||||||||
| Other comprehensive loss, net of tax | ( | ||||||||||||||||
| Total comprehensive loss | $ | ( | $ | ( | $ | ( | |||||||||||
The accompanying notes are an integral part of these consolidated financial statements.
80
HASHICORP, INC.
CONSOLIDATED STATEMENTS OF REDEEMABLE CONVERTIBLE PREFERRED STOCK AND STOCKHOLDERS’ EQUITY (DEFICIT)
(in thousands)
| Redeemable Convertible Preferred Stock | Class A and Class B Common Stock | Additional Paid-in Capital | Accumulated Other Comprehensive Loss | Accumulated Deficit | Total Stockholders' Equity (Deficit) | ||||||||||||||||||||||||||||||||||||||||||||||||
| Shares | Amount | Shares | Amount | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Balance as of January 31, 2021 | $ | $ | $ | $ | $ | ( | $ | ( | |||||||||||||||||||||||||||||||||||||||||||||
| Conversion of redeemable convertible preferred stock to common stock upon initial public offering | ( | ( | — | — | |||||||||||||||||||||||||||||||||||||||||||||||||
| Issuance of common stock upon initial public offering, net of underwriting discounts and issuance costs | — | — | — | — | |||||||||||||||||||||||||||||||||||||||||||||||||
| Issuance of common stock for restricted stock awards | — | — | — | — | — | — | — | ||||||||||||||||||||||||||||||||||||||||||||||
| Issuance of common stock upon exercise of stock options | — | — | — | — | — | ||||||||||||||||||||||||||||||||||||||||||||||||
| Vesting of early exercised stock options | — | — | — | — | — | — | |||||||||||||||||||||||||||||||||||||||||||||||
| Issuance of common stock upon settlement of restricted stock units | — | — | — | — | — | — | — | ||||||||||||||||||||||||||||||||||||||||||||||
| Tax withholdings on settlement of restricted stock units | — | — | ( | — | ( | — | — | ( | |||||||||||||||||||||||||||||||||||||||||||||
| Stock-based compensation | — | — | — | — | — | — | |||||||||||||||||||||||||||||||||||||||||||||||
| Net loss | — | — | — | — | — | — | ( | ( | |||||||||||||||||||||||||||||||||||||||||||||
| Balance as of January 31, 2022 | $ | $ | $ | $ | $ | ( | $ | ||||||||||||||||||||||||||||||||||||||||||||||
| Issuance of common stock upon exercise of stock options | — | — | — | — | — | ||||||||||||||||||||||||||||||||||||||||||||||||
| Vesting of early exercised stock options | — | — | — | — | — | — | |||||||||||||||||||||||||||||||||||||||||||||||
| Issuance of common stock upon settlement of restricted stock units | — | — | — | — | — | — | — | ||||||||||||||||||||||||||||||||||||||||||||||
| Tax withholdings on settlement of restricted stock units | — | — | ( | — | ( | — | — | ( | |||||||||||||||||||||||||||||||||||||||||||||
| Issuance of common stock under employee stock purchase plan | — | — | — | — | — | ||||||||||||||||||||||||||||||||||||||||||||||||
| Stock-based compensation | — | — | — | — | — | — | |||||||||||||||||||||||||||||||||||||||||||||||
| Net loss | — | — | — | — | — | — | ( | ( | |||||||||||||||||||||||||||||||||||||||||||||
| Balance as of January 31, 2023 | $ | $ | $ | $ | $ | ( | $ | ||||||||||||||||||||||||||||||||||||||||||||||
| Issuance of common stock upon exercise of stock options | — | — | — | — | — | ||||||||||||||||||||||||||||||||||||||||||||||||
| Issuance of common stock upon settlement of restricted stock units | — | — | — | — | — | — | — | ||||||||||||||||||||||||||||||||||||||||||||||
| Tax withholdings on settlement of restricted stock units | — | — | ( | — | ( | — | — | ( | |||||||||||||||||||||||||||||||||||||||||||||
| Issuance of common stock under employee stock purchase plan | — | — | — | — | — | ||||||||||||||||||||||||||||||||||||||||||||||||
| Stock-based compensation | — | — | — | — | — | — | |||||||||||||||||||||||||||||||||||||||||||||||
| Other comprehensive loss | — | — | — | — | — | ( | — | ( | |||||||||||||||||||||||||||||||||||||||||||||
| Net loss | — | — | — | — | — | — | ( | ( | |||||||||||||||||||||||||||||||||||||||||||||
| Balance as of January 31, 2024 | $ | $ | $ | $ | ( | $ | ( | $ | |||||||||||||||||||||||||||||||||||||||||||||
The accompanying notes are an integral part of these consolidated financial statements.
81
HASHICORP, INC.
CONSOLIDATED STATEMENTS OF CASH FLOWS
(in thousands)
| Year Ended January 31, | |||||||||||||||||
| 2024 | 2023 | 2022 | |||||||||||||||
| Cash flows from operating activities | |||||||||||||||||
| Net loss | $ | ( | $ | ( | $ | ( | |||||||||||
| Adjustments to reconcile net loss to cash from operating activities: | |||||||||||||||||
| Stock-based compensation expense, net of amounts capitalized | |||||||||||||||||
| Depreciation and amortization expense | |||||||||||||||||
| Non-cash operating lease cost | |||||||||||||||||
| Accretion of discounts on marketable securities | ( | ||||||||||||||||
| Deferred income taxes | ( | ||||||||||||||||
| Other | ( | ||||||||||||||||
| Changes in operating assets and liabilities: | |||||||||||||||||
| Accounts receivable | ( | ( | ( | ||||||||||||||
| Deferred contract acquisition costs | ( | ( | ( | ||||||||||||||
| Prepaid expenses and other assets | ( | ( | ( | ||||||||||||||
| Accounts payable | ( | ( | |||||||||||||||
| Accrued expenses and other liabilities | ( | ||||||||||||||||
| Accrued compensation and benefits | ( | ||||||||||||||||
| Operating lease liabilities | ( | ( | ( | ||||||||||||||
| Deferred revenue | |||||||||||||||||
| Customer deposits | ( | ||||||||||||||||
| Net cash used in operating activities | ( | ( | ( | ||||||||||||||
| Cash flows from investing activities | |||||||||||||||||
| Business combination, net of cash acquired | ( | ||||||||||||||||
| Purchases of property and equipment | ( | ( | ( | ||||||||||||||
| Capitalized internal-use software | ( | ( | ( | ||||||||||||||
| Purchases of short-term investments | ( | ||||||||||||||||
| Proceeds from sales of short-term investments | |||||||||||||||||
| Proceeds from maturities of short-term investments | |||||||||||||||||
| Net cash used in investing activities | ( | ( | ( | ||||||||||||||
| Cash flows from financing activities | |||||||||||||||||
| Proceeds from initial public offering, net of underwriting discounts and commissions | |||||||||||||||||
| Taxes paid related to net share settlement of equity awards | ( | ( | ( | ||||||||||||||
| Proceeds from issuance of common stock upon exercise of stock options | |||||||||||||||||
| Proceeds from issuance of common stock under employee stock purchase plan | |||||||||||||||||
| Payments of deferred offering costs | ( | ||||||||||||||||
| Net cash provided by financing activities | |||||||||||||||||
| Net increase (decrease) in cash, cash equivalents, and restricted cash | ( | ( | |||||||||||||||
| Cash, cash equivalents, and restricted cash beginning of period | |||||||||||||||||
| Cash, cash equivalents, and restricted cash end of period | $ | $ | $ | ||||||||||||||
| Supplemental disclosure of cash flow information | |||||||||||||||||
| Cash paid for income taxes, net of refund received | $ | $ | $ | ||||||||||||||
| Cash paid for operating lease liabilities | $ | $ | $ | ||||||||||||||
| Supplemental disclosure of noncash investing and financing activities | |||||||||||||||||
| Operating lease right-of-use assets obtained in exchange for new lease obligations | $ | $ | $ | ||||||||||||||
| Unpaid deferred offering costs | |||||||||||||||||
| Unpaid taxes related to net share settlement of equity awards | |||||||||||||||||
| Conversion of convertible preferred stock to common stock upon initial public offering | |||||||||||||||||
| Unpaid acquisition holdback | $ | $ | $ | ||||||||||||||
| Capitalized stock-based compensation expense | $ | $ | $ | ||||||||||||||
The accompanying notes are an integral part of these consolidated financial statements.
82
HASHICORP, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
1. Organization and Description of Business
Description of Business
2. Summary of Significant Accounting Policies
Basis of Presentation
The accompanying consolidated financial statements have been prepared in conformity with generally accepted accounting principles in the United States of America ("U.S. GAAP" or "GAAP").
Principles of Consolidation
The consolidated financial statements include the accounts of the Company and its wholly owned subsidiaries. All intercompany balances and transactions have been eliminated in consolidation.
Fiscal Year
Foreign Currency Transactions
Use of Estimates
The preparation of consolidated financial statements in accordance with GAAP requires management to make estimates and assumptions that affect the reported amounts of assets and liabilities and disclosure of contingent assets and liabilities at the date of the consolidated financial statements, and the reported amounts of income and expense during the reporting period. Such management estimates include, but are not limited to, the determination of standalone selling prices of the Company’s performance obligations, the estimated period of benefit of deferred contract acquisition costs, the fair value of share-based awards, capitalization of software development costs, discount rates used to measure operating leases, valuation of acquired intangible assets and goodwill, and the valuation allowance on deferred tax assets
83
and uncertain tax positions. These estimates are based on information available as of the date of the consolidated financial statements; therefore, actual results could differ from those estimates.
Cash and Cash Equivalents
Accounts Receivable and Allowance for Doubtful Accounts
Trade Accounts receivable primarily consists of amounts billed currently due from customers. The Company’s accounts receivable are subject to collection risk. Gross accounts receivable are reduced for this risk by an allowance for doubtful accounts. This allowance is for estimated losses resulting from the inability of the Company’s customers to make required payments. The Company determines the need for an allowance for doubtful accounts based upon various factors, including past collection experience, credit quality of the customer, age of the receivable balance, and current economic conditions, as well as specific circumstances arising with individual customers.
The allowance for credit losses reflects the Company’s best estimate of probable losses inherent in the Company’s receivables portfolio. Activity related to the Company’s allowance for doubtful accounts was as follows (in thousands):
| Year Ended January 31, | |||||||||||||||||
| 2024 | 2023 | 2022 | |||||||||||||||
| Beginning balance | $ | $ | $ | ||||||||||||||
| Bad debt expense | |||||||||||||||||
| Write-offs, net of recoveries | ( | ( | ( | ||||||||||||||
| Ending balance | $ | $ | $ | ||||||||||||||
Concentrations of Credit Risk and Significant Customers
As of January 31, 2024 and 2023, one cloud service provider marketplace represented 20 % and 11 %, respectively, of accounts receivable, net. As of January 31, 2023, one customer represented 11 %, of accounts receivable, net and no customer represented 10% or more of accounts receivable, net as of January 31, 2024.
Property and Equipment, net
84
Revenue Recognition
The Company generates revenue primarily from software subscriptions and, to a lesser extent, professional services and other revenue. The software subscriptions are currently predominantly self-managed by users and customers who deploy it across public, private, and hybrid cloud environments. The Company also offers the HashiCorp Cloud Platform, or HCP, our fully-managed cloud platform for multiple products.
Subscription revenue. The Company generates revenue primarily from subscriptions which include licenses of proprietary features, support and maintenance revenue, and cloud-hosted services.
Our contracts for self-managed software consist of term licenses that provide the customer with a right to use the software for a fixed term commencing upon delivery to the customer, bundled with support and maintenance for the term of the license period. Support and maintenance (collectively referred to as Support Revenue in the consolidated statements of operations) are not sold on a stand-alone basis. Our self-managed Subscription Revenue is disaggregated into License Revenue and Support Revenue in the consolidated statement of operations. The Company does not have observable standalone sales to determine the Standalone Selling Price, or SSP, for its licenses or its support as they are not sold separately. The Company developed a model to estimate relative SSP for each performance obligation using an “expected cost-plus margin” approach. This model uses observable data points to develop the main assumptions including the estimated useful life of the intellectual property and appropriate margins.
Cloud-hosted services are provided on a subscription basis and give customers access to our cloud solutions, which include related customer support.
Subscription revenue on self-managed software includes both upfront revenue recognized when the license is delivered as well as revenue recognized ratably over the contract period for support and maintenance. The substantial majority of our revenue is recognized ratably over the subscription term. Revenue on committed cloud-hosted services is recognized ratably when we satisfy the performance obligation over the contract period, whereas revenue from non-committed, pay-as-you-go cloud-hosted services are recognized when usage occurs.
The Company generates subscription revenue from contracts with typical durations ranging from to three years . We typically invoice our customers annually in advance and, to a lesser extent, multi-year in advance. Amounts that have been invoiced and are nonrefundable are recorded in deferred revenue, or they are recorded in revenue if the revenue recognition criteria have been met. Our current and non-current deferred revenue represents contracts that are invoiced annually in advance or multi-year in advance. Customer payments that are contractually refundable are recorded as customer deposits.
Professional services and other revenue. Professional services and other revenue consists of revenue from professional services, training services, which are predominantly sold on a fixed-fee basis and any other services provided to our customers. Revenue for professional services, training services and other is recognized as these services are delivered. Professional services are services utilized by some of our self-managed customers to accelerate the deployment of our products.
Support and maintenance revenue and cloud-hosted services make up the majority of our revenue and are typically recognized ratably over the terms of our subscription contracts. Therefore, a substantial portion of the revenue that we report in each period is attributable to the recognition of deferred revenue relating to agreements that we entered into during previous periods. Consequently, increases or decreases in new sales or renewals in any one period may not be immediately reflected as revenue for that period. Any downturn in sales, however, may negatively affect our revenue in future periods. Accordingly, the effect of downturns in sales and market acceptance of our products, and potential changes in our rate of renewals, may not be fully reflected in our results of operations until future periods.
The Company recognizes revenue when its customer obtains control of promised goods or services in an amount that reflects the consideration that the Company expects to receive in exchange for those goods or services. In determining the appropriate amount of revenue to be recognized as it fulfills its obligations under each of its agreements, the Company performs the following steps:
(i)identification of the contract with a customer;
85
The Company contracts with its customers typically through order forms or purchase orders which in most cases are governed by master sales agreements. At contract inception the Company evaluates whether two or more contracts should be combined and accounted for as a single contract and identifies the different performance obligations accordingly.
(ii)determination of whether the promised goods or services are performance obligations;
Performance obligations promised in a contract are identified based on the products and services that will be transferred to the customer that are both capable of being distinct and distinct in the context of the contract.
The Company’s self-managed subscriptions include both an obligation to provide the customer with the right to use its proprietary software, as well as an obligation to provide support (on both open-source and proprietary software) and maintenance. Support is contractually mandatory in order for the customer to legally use the proprietary software. Certain arrangements with customers include a renewal option that is separately evaluated for a material right.
The Company’s cloud-hosted services products provide access to hosted software as well as support, which the Company considers to be a single performance obligation. Professional services and other are not integral to the functionality of the subscription services and are generally distinct from the other performance obligations.
The Company has concluded that its contracts with customers do not contain warranties that give rise to a separate performance obligation.
(iii)measurement of the transaction price;
The transaction price is determined based on the consideration to which the Company expects to be entitled in exchange for transferring services and products to the customer. The Company records revenue net of any value added or sales tax.
Variable consideration is included in the transaction price if, in the Company’s judgment, it is probable that a significant future reversal of cumulative revenue under the contract will not occur. None of the Company’s contracts contain a significant financing component.
(iv)allocation of the transaction price to the performance obligations; and
The Company measures the transaction price with reference to the standalone selling price, or SSP, of the various performance obligations inherent within a contract. Management determines the SSP based on an observable standalone selling price when it is available, as well as other factors, including the price charged to customers, discounting practices, and overall pricing objectives, while maximizing observable inputs.
The Company does not have observable SSP for its licenses or its support as they are not sold separately. The Company developed a model to estimate relative SSP for each performance obligation using an “expected cost-plus margin” approach. This model uses observable data points to develop the main assumptions including the estimated useful life of the intellectual property and appropriate margins.
If a contract contains a single performance obligation, the entire transaction price is allocated to the single performance obligation. For contracts that contain multiple performance obligations, the Company allocates the transaction price to each performance obligation based on their relative SSP. The Company also considers if there are any additional material rights inherent in a contract, and if so, the Company allocates a portion of the transaction price to such rights based on its relative SSP.
For the Company’s contracts with customers which include a material right of renewal each month, the Company uses the practical alternative to allocate value to the future optional renewal of software and related mandatory support services. As the Company expects renewals over the full contractually stated term, the entire transaction price is allocated evenly to each monthly renewal option.
(v)recognition of revenue when the Company satisfies each performance obligation.
86
Revenue is recognized at the time the related performance obligation is satisfied by transferring the promised product or service to the customer. The Company’s self-managed subscriptions include both upfront revenue recognition when the license is delivered as well as revenue recognized ratably over the contract period for support and maintenance based on the stand-ready nature of these elements. When arrangements include material rights associated with monthly renewal options, the Company recognizes revenue each month equal to the allocated value of a one-month term license and one-month support and maintenance services.
In the event that the customer cancels support, the customer receives a refund for the remaining contractual balance of support while any remaining nonrefundable software balance is immediately recognized as revenue. The amount of potentially refundable contractual balance is included in customer deposits within the consolidated balance sheets.
Revenue on committed cloud-hosted services is recognized ratably when performance obligations are satisfied over the contract period, whereas revenue from non-committed, pay-as-you-go cloud-hosted services are recognized when usage occurs.
Revenue for professional services and other is recognized as these services are delivered. Professional services and other are services utilized by some self-managed customers to accelerate the deployment of the Company’s products.
Contract Balances
The Company generates subscription revenue from contracts with typical stated durations ranging from to three years . Customers are typically invoiced annually in advance and, to a lesser extent, multiple years in advance.
The Company receives payments from customers based upon contractual billing schedules; accounts receivable is recorded when the right to consideration becomes unconditional. Payment terms on invoiced amounts are typically 30 to 60 days. Contract assets include amounts related to the Company’s contractual right to consideration for both completed and partially completed performance obligations that may not have been invoiced. Contract assets were $3.8 million and $4.9 million as of January 31, 2024 and January 31, 2023, respectively, and are included in accounts receivable, net in the consolidated balance sheets.
Deferred Contract Acquisition Costs
Deferred contract acquisition costs represent costs that are incremental to the acquisition of customer contracts, which consist mainly of sales commissions and associated payroll taxes. The Company determines whether costs should be deferred based on sales compensation plans, by determining if the commissions are in fact incremental and would not have occurred absent the customer contract.
Sales commissions for the renewal of a contract are not considered commensurate with the commissions paid for the acquisition of the initial contract given the substantive difference in commission rates in proportion to their respective contract values. Commissions paid upon the initial acquisition of a contract are amortized over an estimated period of benefit of five years while commissions paid for renewal contracts are amortized over the contractual term of the renewals. Amortization of deferred contract acquisition costs is recognized commensurate with the same pattern of revenue recognition and included in sales and marketing expense in the consolidated statements of operations.
The Company determines the period of benefit for commissions paid for the acquisition of the initial contract by taking into consideration the expected contract term and expected renewals of customer contracts, the duration of relationships with the Company’s customers, customer retention data, the Company’s technology development lifecycle
87
Leases
Leases consist of the Company’s contractual obligations that convey the right to use office spaces for a period of time in exchange for consideration. The Company determines whether a contract contains a lease at inception. Operating leases are included in operating lease right-of-use assets, operating lease liabilities and operating lease liabilities, non-current on the Company’s consolidated balance sheets. The Company currently does not have any financing leases. A right-of-use asset represents the Company’s right to use an underlying asset and a lease liability represents the Company’s obligation to make payments during the lease term. The operating lease right-of-use asset also includes any advance lease payments made and excludes lease incentives. Lease payments include fixed payments and variable payments based on an index or rate, if any, and are recognized as lease expense on a straight-line basis over the term of the lease. The lease term includes options to extend or terminate the lease when it is reasonably certain they will be exercised. Variable lease payments not based on a rate or index are expensed as incurred. Lease expense for minimum lease payments is recognized on a straight-line basis over the lease term. The Company accounts for lease components and non-lease components as a single lease component. The Company applies the practical expedient to not recognize lease assets and lease liabilities for leases with an original term of 12 months or less.
Cost of Revenue
Cost of subscription revenue primarily includes personnel-related costs, such as salaries, bonuses and benefits, and stock-based compensation for employees associated with customer support and maintenance, third-party cloud infrastructure costs, amortization of internal-use software, amortization of acquired developed technology, and allocated overhead.
Sales and Marketing
Research and Development
88
General and Administrative
Capitalized Software Development Costs
Capitalization of software development costs for products to be sold to third parties begins upon the establishment of technological feasibility and ceases when the product is available for general release. There is generally no significant passage of time between achievement of technological feasibility and the availability of the Company’s enterprise software for general release, and the majority of the Company’s software is open-source. Therefore, the Company has not capitalized any software costs through fiscal 2024, fiscal 2023 and fiscal 2022. All software development costs have been charged to research and development expense in the consolidated statements of operations as incurred.
Advertising Costs
Impairment of Long-Lived Assets
Long-lived assets, such as property and equipment, acquired intangible assets, and capitalized software development costs subject to amortization, are reviewed for impairment whenever events or changes in circumstances indicate that the carrying amount of the asset may not be recoverable. If circumstances require a long-lived asset be tested for possible impairment, the Company first compares undiscounted cash flows expected to be generated by the asset to its carrying value. If the carrying value of the long-lived asset is not recoverable on an undiscounted cash flow basis, an impairment is recognized to the extent that the carrying value exceeds its fair value. Fair value is determined through various valuation techniques, including discounted cash flow models, quoted market values, and third-party independent appraisals, as considered necessary. For the fiscal years presented, there were no
Business Combinations
The Company recognizes identifiable assets acquired and liabilities assumed at their acquisition date fair value. Goodwill as of the acquisition date is measured as the excess of purchase consideration transferred over the net of the acquisition date fair values of the assets acquired and the liabilities assumed. While the Company uses its best estimates and assumptions as a part of the purchase price allocation process to accurately value assets acquired and liabilities assumed at the acquisition date, its estimates are inherently uncertain and subject to refinement. As a result, during the measurement period, which may be up to one year from the acquisition date, the Company records adjustments to the assets acquired and liabilities assumed, with the corresponding offset to goodwill to the extent that the Company identifies adjustments to the preliminary purchase price allocation. Upon the conclusion of the measurement period or final determination of the values of assets acquired or liabilities assumed, whichever comes first, any subsequent adjustments are recorded to the Company’s consolidated statements of operations. There has been no such adjustment as of January 31, 2024.
89
Goodwill
Goodwill represents the excess of the purchase price of an acquired business over the fair value of the underlying net identifiable tangible and intangible assets acquired and liabilities assumed. Goodwill is evaluated for impairment annually in the fourth quarter of the Company’s fiscal year, and whenever events or changes in circumstances indicate the carrying value of goodwill may not be recoverable. Triggering events that may indicate impairment include, but are not limited to, a significant adverse change in customer demand or business climate that could affect the value of goodwill, or a significant decrease in expected cash flows.
As of January 31, 2024, the Company has not had any goodwill impairment.
Short-term Investments
The Company’s short-term investments consist of U.S. treasury securities, corporate notes and bonds, U.S. agency obligations, commercial paper, and certificates of deposit. The Company determines the appropriate classification of its short-term investments at the time of purchase and reevaluates such determination at each balance sheet date. The Company has classified and accounted for its short-term investments as available-for-sale securities. The Company may sell these securities at any time for use in its current operations or for other purposes, even prior to maturity. As a result, the Company classifies its short-term investments, including those with maturities beyond twelve months, as current assets in the consolidated balance sheets.
Available-for-sale securities are recorded at fair value each reporting period, and are adjusted for amortization of premiums and accretion of discounts to maturity and such amortization and accretion are included in interest income in the consolidated statements of operations. Realized gains and losses are determined based on the specific identification method and are reported in other expense, net in the consolidated statements of operations. Unrealized gains and losses are reported as a separate component of accumulated other comprehensive income (loss) (“AOCI”) on the consolidated balance sheets until realized.
For available-for-sale securities in an unrealized loss position, the Company first assesses whether it intends to sell the security or it is more likely than not that the Company will be required to sell the security before the recovery of its entire amortized cost basis. If either of these criteria is met, the security’s amortized cost basis is written down to fair value through other expense, net in the consolidated statements of operations. If neither of these criteria is met, the Company evaluates whether the decline in fair value below amortized cost is due to credit or non-credit related factors. In making this assessment, the Company considers the extent to which fair value is less than amortized cost, any changes to the rating of the security by a rating agency, and any adverse conditions specifically related to the security, among other factors. Credit related unrealized losses are recognized as an allowance for expected credit losses of available-for-sale debt securities on the consolidated balance sheets with a corresponding charge in other expense, net, net in the consolidated statements of operations. Non-credit related unrealized losses are included in accumulated other comprehensive loss.
Derivative Instruments and Hedging
The Company enters into foreign currency forward contracts with certain financial institutions to mitigate the impact of foreign currency fluctuations on future cash flows and earnings. All of the Company’s foreign currency forward contracts are designated as cash flow hedges. The foreign currency forward contracts generally have maturities of 12 months or less.
The Company recognizes all forward contracts as either assets or liabilities on the consolidated balance sheets at fair value. Gains and losses on each forward contract are initially reported as a component of AOCI, and subsequently reclassified into cost of revenue or operating expense in the same period, or periods, during which the hedged transaction
90
affects earnings. The Company evaluates the effectiveness of its cash flow hedges on a quarterly basis and does not exclude any component of the changes in fair value of the derivative instruments for effectiveness testing purposes. The Company classifies cash flows related to its cash flow hedges as operating activities in its consolidated statements of cash flows.
Stock-Based Compensation
The Company estimates the fair value of stock-based awards on the date of grant (including stock options, restricted stock units ("RSU") and ESPP participation). For awards with a service-based vesting condition, the related stock-based compensation expense is recognized over the vesting period of the entire award using the straight-line attribution method. For awards that include both a performance and service condition, the Company amortizes stock-based compensation expense on a graded vesting basis over the vesting period, after assessing the probability of achieving requisite performance. The Company recognizes forfeitures as they occur.
The fair value of each RSU award is based on the fair value of the underlying common stock as of the grant date.
The fair value of stock purchase right granted under the ESPP is estimated on the grant date using the Black-Scholes option pricing model. The Black-Scholes option pricing model requires the input of highly subjective assumptions, including the fair value of the underlying common stock, the expected term of the award, the expected volatility of the price of our common stock, risk-free interest rates, and the expected dividend yield of our common stock.
Net Loss per Share Attributable to Common Stockholders
Accumulated Other Comprehensive Gain (Loss)
Accumulated other comprehensive loss was comprised of unrealized gain (losses) from available-for-sale investments and unrealized losses related to the effective portion of changes in the fair value of foreign currency forward contracts designated as cash flow hedges.
Segments
91
Income Taxes
Income taxes are accounted for under the asset and liability method. Deferred tax assets and liabilities are recognized for the future tax consequences attributable to differences between the consolidated financial statements carrying amounts of existing assets and liabilities and their respective tax bases and operating loss and tax credit carryforwards. Deferred tax assets and liabilities are measured using enacted tax rates expected to apply to taxable income in the years in which those temporary differences are expected to be recovered or settled. The effect on deferred tax assets and liabilities of a change in tax rates is recognized in income in the period that includes the enactment date. A valuation allowance is recorded for deferred tax assets if it is more likely than not that some portion or all of the deferred tax assets will not be realized. As of January 31, 2024 and 2023, the Company has recorded a full valuation allowance against its net U.S. federal and state deferred tax assets.
The Company recognizes the effect of income tax positions only if those positions are more likely than not of being sustained. Recognized income tax positions are measured at the largest amount that is greater than 50% likely of being realized. Changes in recognition or measurement are reflected in the period in which the change in judgment occurs.
The Company’s policy is to recognize interest and penalties associated with uncertain tax benefits as part of the income tax provision and include accrued interest and penalties with the related income tax liability on the Company’s consolidated balance sheets. To date, the Company has not recognized any interest and penalties in its consolidated statements of operations, nor has it accrued for or made payments for interest and penalties.
Fair Value Measurements
The Company’s financial instruments consist of cash equivalents, accounts receivable, short-term investments, derivative instruments, accounts payable, and accrued liabilities. Cash equivalents and short-term investments are stated at fair value. Accounts receivable, accounts payable and accrued liabilities are stated at their carrying value, which approximates fair value due to the short time to the expected receipt or payment date. See "Note 7. Fair Value Measurements" for additional information.
Employee Benefit Plan
Recent Accounting Pronouncements Not Yet Adopted
In November 2023, the Financial Accounting Standards Board (the "FASB") issued Accounting Standards Update ("ASU") 2023-07, Segment Reporting (Topic 280): Improvements to Reportable Segment Disclosures, which is intended to improve reportable segment disclosure requirements, primarily through enhanced disclosures about significant expenses. The amendments will require public entities to disclose significant segment expenses that are regularly provided to the chief operating decision maker and included within segment profit and loss. The amendments are effective for the Company's annual periods beginning January 31, 2024, and interim periods beginning April 30, 2025, with early adoption permitted, and will be applied retrospectively to all prior periods presented in the financial statements. The Company is currently evaluating the ASU to determine its impact on the Company’s disclosures.
In December 2023, the FASB issued ASU 2023-09, Income Taxes (Topic 740): Improvements to Income Tax Disclosures, which includes amendments that further enhance income tax disclosures, primarily through standardization and disaggregation of rate reconciliation categories and income taxes paid by jurisdiction. The amendments are effective for the Company’s annual periods beginning January 31, 2025, with early adoption permitted, and should be applied either prospectively or retrospectively. The Company is currently evaluating the ASU to determine its impact on the Company’s disclosures.
3. Business Combinations
92
On June 2, 2023 (the "Closing"), the Company acquired all outstanding share capital of BluBracket, Inc. (the “BluBracket acquisition”). BluBracket was a Palo Alto-based security startup that developed a code security solution that identifies, prevents, and resolves potential risks in source code, development environments, and pipelines. The Company expects that the BluBracket technology will enable our customers to have full visibility into their entire secrets inventory, complementing our Vault product offering. The aggregate purchase price was $25.1 million settled in cash (the "Purchase Price") of which $4.2 million was held back at Closing to satisfy indemnification obligations of BluBracket (the "Holdback"). As of January 31, 2024, $0.1 million of the Holdback has been paid, $3.6 million is accrued as a current liability, and $0.5 million is accrued as a non-current liability in the consolidated balance sheet. The Purchase Price excludes retention agreements entered into with certain employees of BluBracket, pursuant to which the Company will pay up to an aggregate of $5.0 million in cash (the “Retention Payments”). The vesting and payout of the Retention Payments is subject to continued employment and achievement of certain semi-annual milestones over two years following the Closing. The Retention Payment is recorded as post-combination compensation expense within research and development in the consolidated statements of operations over the requisite service period. In fiscal year 2024, the Company recognized compensation expense of $1.7 million related to the Retention Payment agreements.
The acquisition was accounted for as a business combination. A portion of the Purchase Price was allocated to the fair value of the developed technology and customer relationship acquired, net liabilities assumed and a deferred tax liability related to developed technology, as set forth below. The useful lives for these acquired developed technology and the customer relationship were estimated to be and three years , respectively. The remainder of the Purchase Price was recorded as goodwill, as set forth below. Goodwill generated from the acquisition was attributable to expected synergies from future growth and was not deductible for tax purposes. See “Note 4. Goodwill and Acquisition-related Intangible Assets, Net” for additional information.
The following table presents the purchase price allocation related to the acquisition (in thousands):
| Net liabilities | $ | ( | |||
| Developed technology | |||||
| Customer relationship | |||||
| Deferred tax liabilities | ( | ||||
| Goodwill | |||||
| Total purchase consideration | $ | ||||
The estimated fair value of developed technology and customer relationship acquired of $12.5 million and $1.0 million were determined using a replacement cost approach methodology, which is based on the cost that a market participant would incur to reconstruct a substitute asset of comparable utility and generate the acquired portfolio of customers, respectively. The financial results of BluBracket are included in the Company's consolidated financial statements from the date of acquisition. The business combination did not have a material impact on the consolidated financial statements and therefore historical and pro forma disclosures have not been presented.
The direct transaction costs of the acquisition were accounted for separately from the business combination and expensed as incurred. The Company incurred $0.5 million in acquisition-related costs which were recorded in general and administrative expense in the consolidated statements of operations during the twelve months ended January 31, 2024.
4. Goodwill and Acquisition-related Intangible Assets, Net
Goodwill
Goodwill as of January 31, 2024 was $12.2 million. No goodwill was recorded as of January 31, 2023. The changes in the carrying amount of goodwill for the periods presented were as follows (in thousands):
93
| Balance as of January 31, 2023 | $ | ||||
| BluBracket, Inc. (Note 3) | |||||
| Less: Measurement period adjustment | ( | ||||
| Balance as of January 31, 2024 | $ | ||||
Acquisition-related Intangible Assets, Net
Acquisition-related intangible assets, net consisted of the following as of January 31, 2024 (in thousands except for useful life):
| Gross Carrying Amount | Accumulated Amortization | Net Carrying Amount | Weighted Average Remaining Useful Life (in years) | ||||||||||||||||||||
| Developed technology | $ | $ | $ | ||||||||||||||||||||
| Customer relationship | $ | $ | $ | ||||||||||||||||||||
Acquired intangible assets are recorded at cost, net of accumulated amortization, and are amortized on a straight-line basis over their estimated useful lives. Amortization expense of acquired developed technology is included in cost of cloud-hosted services in the consolidated statements of operations and was $1.7 million during the year ended January 31, 2024. Amortization expense of customer relationship is included in sales and marketing in the consolidated statements of operations, and was $0.2 million during the year ended January 31, 2024.
Estimated future amortization expense as of January 31, 2024 is as follows (in thousands):
| Year ending January 31, | Amount | |||||||
| 2025 | $ | |||||||
| 2026 | ||||||||
| 2027 | ||||||||
| 2028 | ||||||||
| 2029 and thereafter | ||||||||
| Total | $ | |||||||
5. Revenue and Performance Obligations
Disaggregation of Revenue
The following table presents revenue by category (dollars in thousands):
94
| Year Ended January 31, | |||||||||||||||||||||||||||||||||||
| 2024 | 2023 | 2022 | |||||||||||||||||||||||||||||||||
| Amount | % of Total Revenue | Amount | % of Total Revenue | Amount | % of Total Revenue | ||||||||||||||||||||||||||||||
| License | $ | % | $ | % | $ | % | |||||||||||||||||||||||||||||
| Support | |||||||||||||||||||||||||||||||||||
| Cloud-hosted services | |||||||||||||||||||||||||||||||||||
| Total subscription revenue | |||||||||||||||||||||||||||||||||||
| Professional services and other | |||||||||||||||||||||||||||||||||||
| Total revenue | $ | % | $ | % | $ | % | |||||||||||||||||||||||||||||
The following table summarizes the revenue by region based on the billing address of customers who have contracted to use the Company's products and services (in thousands, except percentages):
| Year Ended January 31, | |||||||||||||||||||||||||||||||||||
| 2024 | 2023 | 2022 | |||||||||||||||||||||||||||||||||
| Amount | % of Total Revenue | Amount | % of Total Revenue | Amount | % of Total Revenue | ||||||||||||||||||||||||||||||
| United States | $ | % | $ | % | $ | % | |||||||||||||||||||||||||||||
| Rest of the world | |||||||||||||||||||||||||||||||||||
| Total | $ | % | $ | % | $ | % | |||||||||||||||||||||||||||||
No other country, outside of the United States, exceeded 10% of total revenue during the periods presented.
Contract Balances
Changes in deferred revenue and unbilled accounts receivable were as follows (in thousands):
| Year Ended January 31, | |||||||||||||||||
| 2024 | 2023 | 2022 | |||||||||||||||
| Balance, beginning of period | $ | $ | $ | ||||||||||||||
| Deferred revenue billings including reclassification to deferred revenue from customer deposits | |||||||||||||||||
| Recognition of revenue, net of change in unbilled accounts receivable* | ( | ( | ( | ||||||||||||||
| Balance, end of period | $ | $ | $ | ||||||||||||||
| * Reconciliation to Revenue Reported per Consolidated Statements of Operations: | |||||||||||||||||
| Revenue billed as of the end of the period | $ | $ | $ | ||||||||||||||
| Increase in total unbilled accounts receivable | ( | ||||||||||||||||
| Revenue reported per Consolidated Statements of Operations | $ | $ | $ | ||||||||||||||
Unbilled accounts receivable represent revenue recognized on contracts for which billings have not yet been presented to customers because the amounts were earned but not contractually billable as of the balance sheet date. The unbilled accounts receivable balance is due within one year . As of January 31, 2024 and 2023, unbilled accounts receivable of approximately $3.8 million and $4.9 million, respectively, were included in accounts receivable on the Company’s consolidated balance sheets.
Remaining Performance Obligations (RPOs)
The typical stated customer contract term is one year but can range up to three years . RPOs include both deferred revenue and non-cancelable contracted amounts that will be invoiced and recognized as revenue in future periods. As of January 31, 2024 and 2023, the Company had $775.8 million, and $647.1 million, respectively, of remaining performance
95
obligations, which is comprised of product and services revenue not yet delivered. As of January 31, 2024 and January 31, 2023, the Company expected to recognize approximately 59 % and 58 %, respectively, of its remaining performance obligations as revenue over the next 12
RPOs exclude customer deposits, which are refundable pre-paid amounts that are expected to be recognized as revenue in future periods. These balances are included in customer deposits in the consolidated balance sheets and are classified as current because contractually customers can cancel these obligations with 30 days' written notice. The customer deposit balance is amortized to revenue over the term of the underlying contract as the customer’s right to cancel expires. If no contracts with customers are cancelled, the existing customer deposit balance will be recognized to revenue over the remaining stated term of the underlying contract which may be over the next 12 months or longer as follows (in thousands):
| As of January 31, | |||||||||||
| 2024 | 2023 | ||||||||||
| Within the next 12 months | $ | $ | |||||||||
| After the next 12 months | |||||||||||
| Total | $ | $ | |||||||||
6. Short-term Investments
The following tables summarize the fair values of the Company’s short-term investments (in thousands):
| As of January 31, 2024 | |||||||||||||||||||||||
| Amortized Cost | Unrealized Gains | Unrealized Losses | Fair Value | ||||||||||||||||||||
| U.S. treasury securities | $ | $ | $ | ( | $ | ||||||||||||||||||
| U.S. agency obligations | ( | ||||||||||||||||||||||
| Corporate notes and bonds | ( | ||||||||||||||||||||||
| Commercial paper | |||||||||||||||||||||||
| Certificates of deposit | |||||||||||||||||||||||
| Total short-term investments | $ | $ | $ | ( | $ | ||||||||||||||||||
The Company does not hold any marketable securities that have been in a continuous unrealized loss position for over 12 months. For short-term investments with an unrealized loss at January 31, 2024, the unrealized losses were not due to credit-related factors, the Company does not intend to sell these short-term investments, and it is more likely than not that the Company will hold these short-term investments until maturity or a recovery of the cost basis. Therefore, no allowance for expected credit losses was recorded as of January 31, 2024. Realized gains (losses) were not material during the year ended January 31, 2024.
The following table summarizes the contractual maturities of the Company’s short-term investments (in thousands):
| As of January 31, 2024 | |||||||||||
| Amortized Cost | Fair Value | ||||||||||
| Due within one year | $ | $ | |||||||||
| Due after one year through five years | |||||||||||
| Total | $ | $ | |||||||||
7. Fair Value Measurements
The Company reports all financial assets and liabilities and nonfinancial assets and liabilities that are recognized or disclosed at fair value in the consolidated financial statements on a recurring basis. The authoritative guidance establishes a fair value hierarchy that prioritizes the inputs to valuation techniques used to measure fair value. The hierarchy gives the
96
highest priority to unadjusted quoted prices in active markets for identical assets or liabilities (Level 1 measurements) and the lowest priority to measurements involving significant unobservable inputs (Level 3 measurements). The three levels of the fair value hierarchy are as follows:
•Level 1—Inputs are quoted prices (unadjusted) in active markets for identical assets or liabilities that the Company has the ability to access at the measurement date.
•Level 2—Inputs are inputs other than quoted prices included within Level 1 that are observable for the asset or liability, either directly or indirectly.
•Level 3—Inputs are unobservable inputs for the asset or liability.
The level in the fair value hierarchy within which a fair value measurement in its entirety falls is based on the lowest-level input that is significant to the fair value measurement in its entirety.
The following table sets forth the financial assets, measured at fair value, by level within the fair value hierarchy on a recurring basis and indicates the fair value hierarchy of the valuation inputs used to determine such fair value (in thousands):
| Fair Value Measurement As of January 31, 2024 | |||||||||||||||||||||||||||||
| Fair Value Level | Amortized Cost | Gross Unrealized Gains | Gross Unrealized Losses | Estimated Fair Value | |||||||||||||||||||||||||
| Assets: | |||||||||||||||||||||||||||||
| Cash and cash equivalents: | |||||||||||||||||||||||||||||
| Money market funds | Level 1 | $ | $ | $ | $ | ||||||||||||||||||||||||
| U.S. treasury securities | Level 2 | ||||||||||||||||||||||||||||
| Commercial paper | Level 2 | ||||||||||||||||||||||||||||
| Total assets measured at fair value included in cash and cash equivalents | $ | $ | $ | $ | |||||||||||||||||||||||||
| Short-term Investments: | |||||||||||||||||||||||||||||
| U.S. treasury securities | Level 2 | $ | ( | $ | |||||||||||||||||||||||||
| U.S. agency obligations | Level 2 | ( | |||||||||||||||||||||||||||
| Corporate notes and bonds | Level 2 | ( | |||||||||||||||||||||||||||
| Commercial paper | Level 2 | ||||||||||||||||||||||||||||
| Certificates of deposit | Level 2 | ||||||||||||||||||||||||||||
| Total short-term investments | $ | $ | $ | ( | $ | ||||||||||||||||||||||||
| Derivative instruments: | |||||||||||||||||||||||||||||
| Foreign currency forward contracts | Level 2 | ||||||||||||||||||||||||||||
| Total assets measured at fair value | $ | $ | $ | ( | $ | ||||||||||||||||||||||||
| Derivative instruments: | |||||||||||||||||||||||||||||
| Foreign currency forward contracts | Level 2 | $ | — | $ | — | $ | $ | ||||||||||||||||||||||
| Total derivative instruments | — | — | |||||||||||||||||||||||||||
| Total liabilities measured at fair value | $ | — | $ | — | $ | $ | |||||||||||||||||||||||
97
| Fair Value Measurement As of January 31, 2023 | |||||||||||||||||||||||||||||
| Fair Value Level | Amortized Cost | Gross Unrealized Gains | Gross Unrealized Losses | Estimated Fair Value | |||||||||||||||||||||||||
| Assets: | |||||||||||||||||||||||||||||
| Cash and cash equivalents: | |||||||||||||||||||||||||||||
| Money market funds | Level 1 | $ | $ | $ | $ | ||||||||||||||||||||||||
| Total cash and cash equivalents | |||||||||||||||||||||||||||||
| Total assets measured at fair value | $ | $ | |||||||||||||||||||||||||||
Money market funds are cash equivalents with remaining maturities of three months or less at the date of purchase. The Company uses quoted prices in active markets for identical assets to determine the fair value of its Level 1 investments in money market funds.
8. Derivative Instruments and Hedging
In June 2023, the Company began entering into foreign currency forward contracts to manage its exposure to certain foreign currency exchange risks.
As of January 31, 2024, the Company’s foreign currency forward contracts had an aggregate notional amount of $49.3 million.
The following table summarizes the fair value of the Company’s derivative instruments on the consolidated balance sheets (in thousands):
| Balance Sheet Location | As of January 31, 2024 | ||||||||||
| Derivative Assets: | |||||||||||
| Foreign currency forward contracts designated as hedging instruments | Prepaid expenses and other current assets | $ | |||||||||
| Total derivative assets | |||||||||||
| Derivative Liabilities: | |||||||||||
| Foreign currency forward contracts designated as hedging instruments | Accrued expenses and other liabilities | $ | |||||||||
| Total derivative liabilities | $ | ||||||||||
The following table presents the activity of foreign currency forward contracts designated as hedging instruments and the impact of these derivatives on AOCI (in thousands):
| Year Ended January 31, 2024 | |||||
| Beginning balance | $ | ||||
| Net losses recognized in other comprehensive income | ( | ||||
| Net gains reclassified from AOCI to earnings | |||||
| Ending balance | $ | ( | |||
As of January 31, 2024, net unrealized loss included in the balance of accumulated other comprehensive loss related to foreign currency forward contracts designated as hedging instruments was $0.3 million, all of which the Company expects to reclassify from accumulated other comprehensive loss into earnings over the next 12 months. The
98
effect of foreign currency forward contracts were not material to consolidated statement of operations for the year ended January 31, 2024.
9. Balance Sheet Components
Property and Equipment, Net
Property and equipment, net are comprised of the following (in thousands):
| Estimated Useful life | As of January 31, | ||||||||||||||||
| 2024 | 2023 | ||||||||||||||||
| Furniture and fixtures | $ | $ | |||||||||||||||
| Computers, equipment and software | |||||||||||||||||
| Capitalized internal-use software development costs | |||||||||||||||||
| Leasehold improvements | |||||||||||||||||
Construction in progress(1) | |||||||||||||||||
| Total property and equipment | |||||||||||||||||
| Less: accumulated depreciation and amortization | ( | ( | |||||||||||||||
| Property and equipment, net | $ | $ | |||||||||||||||
(1)This represents internal-use software not yet available for general release.
Total depreciation and amortization expense for fiscal 2024, fiscal 2023, and fiscal 2022 was $7.6 million, $4.5 million, and $2.5 million, respectively.
The Company capitalized $16.1 million and $13.0 million in internal-use software development costs during fiscal 2024 and fiscal 2023, respectively. Amortization expense associated with internal-use software development costs totaled $6.4 million and $3.4 million for fiscal 2024 and fiscal 2023, respectively.
Accrued Expenses and Other Current Liabilities
Accrued expenses and other liabilities are comprised of the following (in thousands):
| As of January 31, | |||||||||||
| 2024 | 2023 | ||||||||||
| Acquisition holdback, current | $ | $ | |||||||||
| Accrued expenses | |||||||||||
| Customer overpayment | |||||||||||
| Sales tax payable | |||||||||||
| Accrued income taxes payable | |||||||||||
| Total accrued expenses and other current liabilities | $ | $ | |||||||||
99
Accrued Compensation and Benefits
Accrued compensation and benefits are comprised of the following (in thousands):
| As of January 31, | |||||||||||
| 2024 | 2023 | ||||||||||
| Accrued commissions | $ | $ | |||||||||
| Accrued bonus | |||||||||||
| Accrued vacation | |||||||||||
| Accrued payroll and withholding taxes | |||||||||||
| ESPP employee contributions | |||||||||||
| Other | |||||||||||
| Total accrued compensation and benefits | $ | $ | |||||||||
Deferred Contract Acquisition Costs
The following table summarizes the activity of the deferred contract acquisition costs (in thousands):
| Year Ended January 31, | |||||||||||||||||
| 2024 | 2023 | 2022 | |||||||||||||||
| Beginning balance | $ | $ | $ | ||||||||||||||
| Capitalization of contract acquisition costs | |||||||||||||||||
| Amortization of deferred contract acquisition costs | ( | ( | ( | ||||||||||||||
| Ending balance | $ | $ | $ | ||||||||||||||
| Deferred contract acquisition costs, current | $ | $ | $ | ||||||||||||||
| Deferred contract acquisition costs, non-current | |||||||||||||||||
| Total deferred contract acquisition costs | $ | $ | $ | ||||||||||||||
There were no
10. Leases
The Company leases office spaces under non-cancelable operating lease agreements, which expire at various dates through 2029. The Company is required to pay property taxes, insurance, and normal maintenance costs for certain of these facilities. Operating lease cost for these leases is recognized on a straight-line basis over the lease term, with variable lease costs recognized in the period incurred. These lease agreements do not contain residual value guarantees or restrictive covenants.
Lease costs
Lease costs were as follows (in thousands):
| Year Ended January 31, | |||||||||||||||||
| 2024 | 2023 | 2022 | |||||||||||||||
| Short-term lease costs | $ | $ | $ | ||||||||||||||
| Operating lease costs | |||||||||||||||||
| Total lease costs | $ | $ | $ | ||||||||||||||
100
Variable lease cost was not material for the years ended January 31, 2024, 2023, and 2022. There were no other lease components for the periods presented.
Lease term and discount rate information are summarized as follows:
| As of January 31, | |||||||||||||||||
| 2024 | 2023 | 2022 | |||||||||||||||
| Weighted average remaining lease terms (in years) | |||||||||||||||||
| Weighted average discount rate | % | % | % | ||||||||||||||
Future lease payments under non-cancelable operating leases on an undiscounted cash flow basis as of January 31, 2024 are as follows (in thousands):
| Years Ending January 31, | Amount | |||||||
| 2025 | $ | |||||||
| 2026 | ||||||||
| 2027 | ||||||||
| 2028 | ||||||||
| 2029 | ||||||||
| Total minimum lease payments | ||||||||
| Less imputed interest | ( | |||||||
| Present value of future minimum lease payments | ||||||||
| Less current lease liabilities | ( | |||||||
| Operating lease liabilities, non-current | $ | |||||||
There were no
11. Commitments and Contingencies
Letter of credit
As of January 31, 2024, the Company had one letter of credit outstanding which is not material. As of January 31, 2023 the Company had a total of $1.8 million in letters of credit outstanding as security deposits for the Company’s leased office spaces.
Purchase commitments
In the normal course of business, the Company enters into non-cancelable purchase commitments with various parties to purchase products and services such as software subscriptions and corporate events. As of January 31, 2024, the Company had outstanding hosting infrastructure commitments, and other commitments with a remaining term of 12 months or longer as follows (in thousands):
| Years Ending January 31, | Hosting Infrastructure Commitments | Other Commitments | Total | ||||||||||||||
| 2025 | $ | $ | $ | ||||||||||||||
| 2026 | |||||||||||||||||
| 2027 | |||||||||||||||||
| Total | $ | $ | $ | ||||||||||||||
101
Litigation
From time to time, the Company may become involved in various legal proceedings in the ordinary course of its business and may be subject to third-party infringement claims.
In the normal course of business, the Company may agree to indemnify third parties with whom it enters into contractual relationships, including customers, lessors, and parties to other transactions with the Company, with respect to certain matters. The Company has agreed, under certain conditions, to hold these third parties harmless against specified losses, such as those arising from a breach of representations or covenants, other third-party claims that the Company’s products when used for their intended purposes infringe the intellectual property rights of such other third parties, or other claims made against certain parties. It is not possible to determine the maximum potential amount of liability under these indemnification obligations due to the Company’s limited history of prior indemnification claims and the unique facts and circumstances that are likely to be involved in each particular claim.
12. Common Stock and Stockholders' Equity
Common Stock
The Company has two classes of common stock: Class A common stock and Class B common stock. The shares of Class A common stock and Class B common stock are identical, except with respect to voting, converting, and transfer rights. Each share of Class A common stock is entitled to one vote. Each share of Class B common stock is entitled to ten votes.
Each outstanding share of Class B common stock is convertible at any time at the option of the holder into one share of Class A common stock. Upon exercise, release, or transfer to a broker, equity plan administrator or other nominee, holders of shares of Class B common stock can convert Class B common stock to Class A common stock. Once converted or transferred and converted into Class A common stock, the Class B common stock may not be reissued. For the year ended January 31, 2024, a total of 27,223,638 shares of Class B common stock have been converted into Class A common stock.
All the outstanding shares of our Class B common stock will convert automatically into shares of Class A common stock upon the earlier of the tenth anniversary of the Company's filing and effectiveness of the amended and restated certificate of incorporation in connection with the IPO or the affirmative vote of the holders of 66-2/3% of the voting power of outstanding Class B common stock. Following such conversion, each share of Class A common stock will have one vote per share and the rights of the holders of all outstanding common stock will be identical.
Common Stock Reserved for Future Issuance
The Company reserved shares of common stock for future issuance as follows (in thousands):
| As of January 31, | |||||||||||
| 2024 | 2023 | ||||||||||
| Options outstanding | |||||||||||
| Restricted stock units outstanding | |||||||||||
| Remaining shares available for future issuance under the 2021 Plan | |||||||||||
| 2021 Employee Stock Purchase Plan | |||||||||||
| Total | |||||||||||
A total of 29,058,446 shares of the Company’s Class A common stock shares are available for issuance under the 2021 Equity Incentive Plan ("2021 Plan") and the ESPP as of January 31, 2024.
102
Stock Options
Stock options must be granted with an exercise price equal to the fair market value of a share of common stock at the date of grant. Stock options generally have a 10-year contractual term and vest over a four-year period starting from the date specified in each agreement.
The following table summarizes stock option activity for the 2021 Plan (number of options outstanding and aggregate intrinsic value are in thousands):
| Options Outstanding | |||||||||||||||||||||||
Number of Options Outstanding (in thousands) | Weighted- Average Exercise Price | Weighted- Average Remaining Contractual Term (in years) | Aggregate Intrinsic Value (in thousands) | ||||||||||||||||||||
| Balance as of January 31, 2023 | $ | $ | |||||||||||||||||||||
| Stock options exercised | ( | $ | $ | ||||||||||||||||||||
| Stock options cancelled/forfeited/expired | ( | $ | |||||||||||||||||||||
| Balance as of January 31, 2024 | $ | $ | |||||||||||||||||||||
| Exercisable as of January 31, 2024 | $ | $ | |||||||||||||||||||||
Exercisable shares consist of 6,350,960 shares that are vested as of January 31, 2024. All shares with an early exercise provision have fully vested as of January 31, 2024.
The total grant-date fair value of stock options vested was $1.1 million, $4.6 million and $6.5 million during fiscal 2024, fiscal 2023 and fiscal 2022, respectively.
The total intrinsic value of options exercised during fiscal 2024, fiscal 2023 and fiscal 2022 were $67.6 million, $94.1 million and $168.3 million, respectively.
Restricted Stock Units
For RSUs, the board of directors determines their vesting conditions, the period over which RSUs will vest, and the settlement. RSUs generally vest over a four-year period starting from the date specified in each agreement. The fair value of RSUs is estimated based on the fair value of the Company’s common stock on the date of grant. RSUs convert into common stock when they vest and settle.
RSUs granted prior to the IPO contained both service and performance conditions. The service-based vesting condition is subject to continuous service with the Company while the performance condition was satisfied in connection with the IPO. The performance-based vesting condition was not deemed probable until consummated, and therefore, stock-based compensation related to these RSUs remained unrecognized prior to the effectiveness of the IPO. Upon the effectiveness of the IPO, the performance-based condition became probable and the Company recognized a cumulative $190.5 million stock-based compensation expense related to the outstanding RSUs through January 31, 2022.
The Company’s summary of RSUs activity under the 2014 Plan and the 2021 Plan is as follows (shares in thousands):
103
| Number of Awards | Weighted-Average Grant Date Fair Value | ||||||||||
| Outstanding and unvested at January 31, 2023 | $ | ||||||||||
| RSUs granted | $ | ||||||||||
| RSUs released | ( | $ | |||||||||
| RSUs cancelled | ( | $ | |||||||||
| Outstanding and unvested at January 31, 2024 | $ | ||||||||||
The total grant-date fair value of RSUs vested was $212.7 million, $144.3 million, and $71.1 million during the year ended January 31, 2024, 2023 and 2022.
Employee Stock Purchase Plan
In December 2021, the Company adopted the ESPP, which became effective upon completion of the IPO. A total of 4,102,133 and 3,007,528 shares of Class A common stock are available for sale under the ESPP as of January 31, 2024 and January 31, 2023. For the year ended January 31, 2024, the Company recognized $13.1 million of stock-based compensation expense related to the ESPP. As of January 31, 2024, unrecognized stock-based compensation expense related to the ESPP was approximately $18.9 million, which is expected to be recognized over a weighted-average period of approximately 1.9 years. The Company’s current offering period began December 15, 2023 and is expected to end December 15, 2025.
In June 2023 and December 2023, employees purchased 426,193 and 378,806 shares of our common stock under the ESPP at a purchase price of $23.97 and $19.47 per share, resulting in total cash proceeds of $10.2 million and $7.4 million. ESPP employee payroll contributions accrued as of January 31, 2024 and January 31, 2023 were $3.3 million and $4.2 million, respectively, and are reported within accrued compensation and benefits in the consolidated balance sheets. Payroll contributions accrued as of January 31, 2024 will be used to purchase shares at the end of the current purchase period ending on June 15, 2024. Payroll contributions ultimately used to purchase shares will be reclassified as stockholders’ equity on the purchase date.
The ESPP offers a two-year look-back feature as well as a rollover feature that provides for an offering period to be rolled over to a new lower-priced offering if the offering price of the new offering period is less than that of the current offering period. An ESPP rollover initially occurred when the Company’s closing stock price on June 15, 2022 was below the closing stock price on December 8, 2021, triggering a new 24 -month offering period through June 15, 2024. This rollover was accounted for as a modification to the original offering and resulted in incremental compensation cost of $4.9 million. Another ESPP rollover occurred when the Company’s closing stock price on December 15, 2022 was below the closing stock price on June 15, 2022, triggering a new 24 -month offering period through December 15, 2024. This rollover was accounted for as a modification to the original offering and resulted in incremental compensation cost of $5.2 million. Subsequently, another ESPP rollover occurred when the Company's closing stock price on December 15, 2023 was below the closing stock price on June 15, 2023, triggering a new 24 -month offering period through December 15, 2025 and resulting in incremental compensation cost of $10.9 million. The unrecognized compensation cost from the original offering plus the incremental compensation cost as a result of the modification is recognized over the requisite service period of the new 24 -month offering through December 15, 2025.
The fair value of the purchase rights granted under the ESPP was estimated on the date of grant using the Black-Scholes option pricing model. The following table summarizes the assumptions used in the Black-Scholes option-pricing model to determine fair value of the Company’s common shares to be issued under the ESPP for the offering periods beginning in December 2021:
104
| Year Ended January 31, | |||||||||||
| 2024 | 2023 | ||||||||||
| Expected term (in years) | |||||||||||
| Expected volatility | |||||||||||
| Risk-free interest rate | |||||||||||
| Dividend yield | |||||||||||
Stock-Based Compensation Expense
Total stock-based compensation expense recognized in the Company’s consolidated statements of operations is as follows (in thousands):
| Year Ended January 31, | |||||||||||||||||
| 2024 | 2023 | 2022 | |||||||||||||||
| Cost of support | $ | $ | $ | ||||||||||||||
| Cost of cloud-hosted services | |||||||||||||||||
| Cost of professional services and other | |||||||||||||||||
| Sales and marketing | |||||||||||||||||
| Research and development | |||||||||||||||||
| General and administrative | |||||||||||||||||
| Stock-based compensation expenses, net of amounts capitalized | $ | $ | $ | ||||||||||||||
| Capitalized stock-based compensation | |||||||||||||||||
| Total stock-based compensation expense | $ | $ | $ | ||||||||||||||
As of January 31, 2024 and 2023, total unrecognized stock-based compensation expense related to RSUs was approximately $339.6 million and $352.2 million, respectively. This unrecognized stock-based compensation expense is expected to be recognized over a weighted-average period of approximately 2.7 years and 2.6 years, respectively.
As of January 31, 2024, and 2023, total unrecognized stock-based compensation expense related to unvested stock options was approximately $0.2 million and $1.3 million, respectively, which are expected to be recognized over a weighted-average period of approximately 1.0 year and 1.2 years, respectively.
13. Net Loss Per Share Attributable to Common Stockholders
For periods in which there were Class A and Class B shares outstanding, the rights, including the liquidation and dividend rights, of the holders of Class A and Class B common stock were identical, except with respect to voting, converting, and transfer rights. As the liquidation and dividend rights were identical for Class A and Class B common stock, the undistributed earnings were allocated on a proportionate basis and the resulting net loss per share would, therefore, be the same for both Class A and Class B common stock on an individual or combined basis.
105
The following table sets forth the computation of basic and diluted net loss per share attributable to common stockholders (in thousands, except per share data):
| Year Ended January 31, | |||||||||||||||||
| 2024 | 2023 | 2022 | |||||||||||||||
| Numerator: | |||||||||||||||||
| Net loss | $ | ( | $ | ( | $ | ( | |||||||||||
| Denominator: | |||||||||||||||||
| Weighted-average shares used to compute net loss per share attributable to Class A and Class B common stockholders, basic and diluted | |||||||||||||||||
| Net loss per share attributable to Class A and Class B common stockholders, basic and diluted | $ | ( | $ | ( | $ | ( | |||||||||||
The following outstanding potentially dilutive shares of common stock were excluded from the computation of diluted net loss per share attributable to common stockholders for the periods presented because the impact of including them would have been antidilutive (in thousands):
| Year Ended January 31, | |||||||||||||||||
| 2024 | 2023 | 2022 | |||||||||||||||
| Stock awards | |||||||||||||||||
| Share purchase rights under the ESPP | |||||||||||||||||
| Class A and Class B common stock subject to repurchase | |||||||||||||||||
| Total | |||||||||||||||||
14. Reduction In Workforce and Related Charges
On June 7, 2023, the Company announced a workforce reduction plan impacting approximately 8 % of the Company’s workforce. The workforce reduction plan was intended to increase operational efficiency, decrease costs and increase profitability. As of January 31, 2024, the Company has completed the reduction plan. As of January 31, 2024, the reduction in workforce liability was paid in full.
15. Income Taxes
The Company’s loss before income taxes was as follows (in thousands):
| Year Ended January 31, | |||||||||||||||||
| 2024 | 2023 | 2022 | |||||||||||||||
| Domestic | $ | ( | $ | ( | $ | ( | |||||||||||
| International | |||||||||||||||||
| Loss before income taxes | $ | ( | $ | ( | $ | ( | |||||||||||
106
The components of the provision for income taxes are as follows (in thousands):
| Year Ended January 31, | |||||||||||||||||
| 2024 | 2023 | 2022 | |||||||||||||||
| Current provisions for income taxes: | |||||||||||||||||
| Federal | $ | $ | $ | ||||||||||||||
| State | |||||||||||||||||
| Foreign | |||||||||||||||||
| Total current tax expense | |||||||||||||||||
| Deferred tax expense: | |||||||||||||||||
| Federal | ( | ||||||||||||||||
| State | |||||||||||||||||
| Foreign | ( | ( | ( | ||||||||||||||
| Total deferred tax expense | ( | ( | ( | ||||||||||||||
| Provision for income taxes | $ | $ | $ | ||||||||||||||
The reconciliation of the statutory federal income tax and the Company's effective income tax is as follows:
| Year Ended January 31, | |||||||||||||||||
| 2024 | 2023 | 2022 | |||||||||||||||
| U.S. federal tax benefit at statutory rate | % | % | % | ||||||||||||||
| State income taxes, net of federal benefit | % | % | % | ||||||||||||||
| Foreign earnings taxed at different rate | % | % | % | ||||||||||||||
| Stock-based compensation | ( | % | ( | % | % | ||||||||||||
| Non-deductible expenses and other | % | % | ( | % | |||||||||||||
| Research and development credits | % | % | % | ||||||||||||||
| Change in valuation allowance, net | ( | % | ( | % | ( | % | |||||||||||
| Effective tax rate | ( | % | ( | % | ( | % | |||||||||||
The components of the Company’s net deferred tax assets and liabilities were as follows (in thousands):
| Year Ended January 31, | |||||||||||
| 2024 | 2023 | ||||||||||
| Deferred tax assets: | |||||||||||
| Net operating losses | $ | $ | |||||||||
| Sec 174 Capitalization | |||||||||||
| Deferred revenue | |||||||||||
| Lease liability | |||||||||||
| Other accruals | |||||||||||
| Stock-based compensation | |||||||||||
| Credit carryforwards | |||||||||||
| Total deferred tax assets | $ | $ | |||||||||
107
| Year Ended January 31, | |||||||||||
| 2024 | 2023 | ||||||||||
| Deferred tax liabilities: | |||||||||||
| Fixed assets | $ | ( | $ | ( | |||||||
| Right-of-use asset | ( | ( | |||||||||
| Deferred commissions | ( | ( | |||||||||
| Total deferred tax liabilities | $ | ( | $ | ( | |||||||
| Net deferred tax assets | $ | $ | |||||||||
| Valuation allowance | ( | ( | |||||||||
| Deferred tax assets, net of valuation allowance | $ | $ | |||||||||
The Company has recorded income tax expense for the year ended January 31, 2024 in the amount of $1.0 million of tax expense for U.S. states as well as its foreign subsidiaries which are profitable as a result of intercompany compensation. The Company also recorded income tax benefits of $0.4 million due to the acquisition of BluBracket for the year ended January 31, 2024. Recognition of deferred tax assets is appropriate when realization of such assets is more likely than not. A valuation allowance has been provided by the Company against federal and state deferred tax assets. Overall, the valuation allowance increased by $50.7 million and $76.4 million for fiscal 2024 and fiscal 2023, respectively.
As of January 31, 2024, the Company has U.S. federal and state net operating loss ("NOL") carryforwards of approximately $690.4 million and $602.2 million, respectively. The federal NOL does not expire since all balances relate to losses incurred after January 1, 2018, whereas the state NOL will start expiring from 2026. The Company also has federal and state research credit carryforwards of $56.4 million and $19.7 million respectively. The federal tax credit carryforwards will begin to expire in 2035, if not utilized. The state credit carryforwards have no expiration date.
A limitation may apply to the use of the net operating loss and credit carryforwards, under provisions of the Internal Revenue Code of 1986, as amended, and similar state tax provisions that are applicable if the Company experiences an “ownership change.” An ownership change may occur, for example, as a result of issuance of new equity. Should these limitations apply, the carryforwards would be subject to an annual limitation, resulting in a potential reduction in the gross deferred tax assets before considering the valuation allowance.
Beginning in 2022, the 2017 Tax Cuts and Jobs Act amended Section 174 to eliminate current-year deductibility of research and experimentation ("R&E") expenditures and software development costs (collectively, R&E expenditures) and instead require taxpayers to charge their R&E expenditures to a capital account amortized over five years (15 years for expenditures attributable R&E activity performed outside the United States). The Company generated a deferred tax asset of $86.6 million for capitalized R&E expenditures for the year ended January 31, 2024 which is fully offset with a valuation allowance.
A deferred tax liability has not been recognized on the excess of the amount for financial reporting over the tax basis of investments in foreign subsidiaries that are indefinitely reinvested outside the U.S. Income taxes are generally incurred upon a repatriation of assets, a sale, or a liquidation of the subsidiary. The excess of the amount for financial reporting over the tax basis in the investments in foreign subsidiaries, as well as the unrecognized deferred tax liability, are not material for the periods presented.
108
Unrecognized Tax Benefits
The Company’s reconciliation of the total amounts of unrecognized tax benefits was as follows (in thousands):
| Year Ended January 31, | |||||||||||||||||
| 2024 | 2023 | 2022 | |||||||||||||||
| Unrecognized tax benefits as of the beginning of the year | $ | $ | $ | ||||||||||||||
| Increases related to prior year tax provisions | |||||||||||||||||
| Decrease related to prior year tax provisions | |||||||||||||||||
| Increase related to current year tax provisions | |||||||||||||||||
| Unrecognized tax benefits as of the end of the year | $ | $ | $ | ||||||||||||||
The Company had unrecognized tax benefits of approximately $15.3 million and $10.4 million, respectively, as of January 31, 2024 and 2023 which are attributable to federal and state research credits. These unrecognized tax benefits, if recognized, would not affect the effective tax rate and would be offset by the reversal of related deferred tax assets which are subject to a full valuation allowance.
The Company does not anticipate any significant change in the Company’s uncertain tax positions within 12 months of this date.
16. Subsequent Events
The Company evaluated subsequent events through March 20, 2024, which is the date the audited consolidated financial statements were available to be issued.
In February 2024, the Company signed an agreement with a cloud service provider. Under that agreement the Company has minimum spend commitments of $18.5 million in the 12 months ending February 2025, and $20.0 million in the 12 months ending February 2026, $22.5 million in the 12 months ending February 2027, $24.0 million in the 12 months ending February 2028, and $25.0 million in the 12 months ending February 2029.
109
Item 9. Changes in and Disagreements with Accountants on Accounting and Financial Disclosure.
None.
Item 9A. Controls and Procedures
Evaluation of Disclosure Controls and Procedures
We maintain “disclosure controls and procedures,” as defined in Rule 13a-15(e) and Rule 15d-15(e) under the Exchange Act of 1934 (the “Exchange Act”), that are designed to ensure that information required to be disclosed by a company in the reports that it files or submits under the Exchange Act is recorded, processed, summarized and reported, within the time periods specified in the SEC’s rules and forms. Disclosure controls and procedures include, without limitation, controls and procedures designed to ensure that information required to be disclosed by a company in the reports that it files or submits under the Exchange Act is accumulated and communicated to our management, including our principal executive and principal financial officers, as appropriate to allow timely decisions regarding required disclosure.
Our management, with the participation of our Chief Executive Officer and our Chief Financial Officer, has evaluated the effectiveness of our disclosure controls and procedures (as defined in Rules 13a-15(e) and 15d-15(e) under the Exchange Act) as of the end of the period covered by this Annual Report on Form 10-K. Based on such evaluation, our Chief Executive Officer and Chief Financial Officer have concluded that as of January 31, 2023, our disclosure controls and procedures were effective to provide reasonable assurance that the information required to be disclosed by us in this Annual Report on Form 10-K was (a) reported within the same periods specified by SEC rules and regulations and (b) communicated to our management, including our Chief Executive Officer and Chief Financial Officer, to allow timely decisions regarding any required disclosure.
Management's Report on Internal Control Over Financial Reporting
Our management is responsible for establishing and maintaining adequate “internal control over financial reporting,” as defined in Rule 13a-15(f) and Rule 15d-15(f) under the Exchange Act. Our management conducted an evaluation of the effectiveness of our internal control over financial reporting as of January 31, 2024 based on the criteria established in Internal Control Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission.
Based on the results of its evaluation, management concluded that our internal control over financial reporting was effective as of January 31, 2024. The effectiveness of our internal control over financial reporting as of January 31, 2024 has been audited by Deloitte & Touche LLP, an independent registered public accounting firm, as stated in its report which is included in Part II, Item 8 of this Annual Report on Form 10-K.
Changes in Internal Control Over Financial Reporting
There were no changes in our internal control over financial reporting identified in connection with the evaluation required by Rule 13a-15(d) and 15d-15(d) of the Exchange Act that occurred during the period covered by this Annual Report on Form 10-K that have materially affected, or are reasonably likely to materially affect, our internal control over financial reporting.
Inherent Limitations on Effectiveness of Controls
Our management, including our Chief Executive Officer and Chief Financial Officer, believes that our disclosure controls and procedures and internal control over financial reporting are designed to provide reasonable assurance of achieving their objectives and are effective at the reasonable assurance level. However, our management does not expect that our disclosure controls and procedures or our internal control over financial reporting will prevent all errors and all fraud. A control system, no matter how well conceived and operated, can provide only reasonable, not absolute, assurance that the objectives of the control system are met. Further, the design of a control system must reflect the fact that there are resource constraints, and the benefits of controls must be considered relative to their costs. Because of the inherent limitations in all control systems, no evaluation of controls can provide absolute assurance that all control issues
110
and instances of fraud, if any, have been detected. These inherent limitations include the realities that judgments in decision making can be faulty, and that breakdowns can occur because of a simple error or mistake. Additionally, controls can be circumvented by the individual acts of some persons, by collusion of two or more people or by management override of the controls. The design of any system of controls also is based in part upon certain assumptions about the likelihood of future events, and there can be no assurance that any design will succeed in achieving its stated goals under all potential future conditions; over time, controls may become inadequate because of changes in conditions, or the degree of compliance with policies or procedures may deteriorate. Because of the inherent limitations in a cost-effective control system, misstatements due to error or fraud may occur and not be detected.
111
REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM
To the Stockholders and the Board of Directors of HashiCorp, Inc.
Opinion on Internal Control over Financial Reporting
We have audited the internal control over financial reporting of HashiCorp, Inc. and subsidiaries (the “Company”) as of January 31, 2024, based on criteria established in Internal Control — Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). In our opinion, the Company maintained, in all material respects, effective internal control over financial reporting as of January 31, 2024, based on criteria established in Internal Control — Integrated Framework (2013) issued by COSO.
We have also audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the consolidated financial statements as of and for the year ended January 31, 2024, of the Company and our report dated March 20, 2024, expressed an unqualified opinion on those financial statements.
Basis for Opinion
The Company’s management is responsible for maintaining effective internal control over financial reporting and for its assessment of the effectiveness of internal control over financial reporting, included in the accompanying Management’s Report on Internal Control Over Financial Reporting. Our responsibility is to express an opinion on the Company’s internal control over financial reporting based on our audit. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.
We conducted our audit in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects. Our audit included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, testing and evaluating the design and operating effectiveness of internal control based on the assessed risk, and performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinion.
Definition and Limitations of Internal Control over Financial Reporting
A company’s internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company’s internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements.
Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.
/s/ DELOITTE & TOUCHE LLP
San Jose, California,
March 20, 2024
112
Item 9B. Other Information.
Rule 10b5-1 Trading Plans
No other officers or directors, as defined in Rule 16a-1(f), adopted terminated
113
PART III
Item 10. Directors, Executive Officers and Corporate Governance.
The information required by this item will be included in our definitive proxy statement for our 2024 annual general meeting of stockholders (the "Proxy Statement"), which will be filed with the SEC within 120 days after the end of our year ended January 31, 2024, and is incorporated herein by reference.
Item 11. Executive Compensation
The information required by this item will be set forth in the 2024 Proxy Statement and is incorporated herein by reference.
Item 12. Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters
The information required by this item will be set forth in the 2024 Proxy Statement and is incorporated herein by reference.
Item 13. Certain Relationships and Related Transactions, and Director Independence
The information required by this item will be set forth in the 2024 Proxy Statement and is incorporated herein by reference.
Item 14. Principal Accounting Fees and Services
The information required by this item will be set forth in the 2024 Proxy Statement and is incorporated herein by reference.
114
PART IV
Item 15. Exhibits, Financial Statement Schedules.
(a)(1)Financial Statements
See Index to Financial Statements in Item 8 of this Annual Report on Form 10-K.
(a)(2)Financial Statement Schedule
All financial statement schedules have been omitted as the information is not required under the related instructions or is not applicable or because the information required is already included in the financial statements or the notes to those financial statements.
(a)(3)Exhibits
We have filed or incorporated by reference the exhibits listed on the accompanying Exhibit Index.
EXHIBIT INDEX
| Exhibit Number | Description | Form | File No. | Exhibit | Filing Date | ||||||||||||
| 3.1 | 8-K | 001-41121 | 3.1 | 12/13/2021 | |||||||||||||
| 3.2 | 8-K | 001-41121 | 3.1 | 02/29/2024 | |||||||||||||
| 4.1 | S-1 | 333-260757 | 4.1 | 11/04/2021 | |||||||||||||
| 4.2 | S-1/A | 333-260757 | 4.2 | 11/17/2021 | |||||||||||||
| 4.3 | 10-K | 001-41121 | 4.3 | 03/25/2022 | |||||||||||||
| 10.1+ | S-1 | 333-260757 | 10.1 | 11/4/2021 | |||||||||||||
| 10.2+ | S-1 | 333-260757 | 10.2 | 11/4/2021 | |||||||||||||
| 10.3+ | S-1 | 333-260757 | 10.3 | 11/4/2021 | |||||||||||||
| 10.4+ | S-1 | 333-260757 | 10.4 | 11/4/2021 | |||||||||||||
| 10.5+ | S-1 | 333-260757 | 10.5 | 11/4/2021 | |||||||||||||
| 10.6+ | S-1 | 333-260757 | 10.6 | 11/4/2021 | |||||||||||||
115
| 10.7+ | S-1 | 333-260757 | 10.7 | 11/4/2021 | |||||||||||||
| 10.8+ | S-1 | 333-260757 | 10.8 | 11/4/2021 | |||||||||||||
| 10.9+ | S-1 | 333-260757 | 10.9 | 11/4/2021 | |||||||||||||
| 10.10+ | 10-Q | 001-41121 | 10.10 | 12/7/2023 | |||||||||||||
| 10.11*+ | |||||||||||||||||
| 10.12+ | S-1 | 333-260757 | 10.10 | 11/4/2021 | |||||||||||||
| 10.13+ | S-1/A | 333-260757 | 10.10 | 11/17/2021 | |||||||||||||
| 10.14+ | 10-K | 001-41121 | 10.12 | 3/27/2023 | |||||||||||||
| 21.1* | |||||||||||||||||
| 23.1* | |||||||||||||||||
| 31.1* | |||||||||||||||||
| 31.2* | |||||||||||||||||
| 32.1*† | |||||||||||||||||
| 32.2*† | |||||||||||||||||
| 97.1*+ | |||||||||||||||||
116
| 101 | The following financial information from HashiCorp, Inc.'s Annual Report on Form 10-K for the year ended January 31, 2024 formatted in Inline XBRL (Extensible Business Reporting Language) includes: (i) the Consolidated Balance Sheets, (ii) the Consolidated Statements of Operations, (iii) the Consolidated Statements of Comprehensive Loss, (iv) the Consolidated Statements of Redeemable Convertible Preferred Stock and Stockholders’ Equity (Deficit), (v) the Consolidated Statements of Cash Flows, and (vi) Notes to the Consolidated Financial Statements. | ||||||||||||||||
| 104 | Cover Page Interactive Data File (formatted as inline XBRL with applicable taxonomy extension information contained in Exhibits 101). | ||||||||||||||||
* Filed herewith
+ Indicates management contract or compensatory plan.
† The certifications attached as Exhibits 32.1 and 32.2 that accompany this Annual Report on Form 10-K are deemed furnished and not filed with the Securities and Exchange Commission and are not to be incorporated by reference into any filing of the Registrant under the Securities Act of 1933, as amended, or the Securities Exchange Act of 1934, as amended, whether made before or after the date of this Annual Report on Form 10-K, irrespective of any general incorporation language contained in such filing.
Item 16. Form 10-K Summary
None.
117
SIGNATURES
Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned thereunto duly authorized.
Date: March 20, 2024 | By: | /s/ Navam Welihinda | ||||||
| Navam Welihinda | ||||||||
Chief Financial Officer (Principal Financial and Accounting Officer) | ||||||||
POWER OF ATTORNEY
KNOW ALL PERSONS BY THESE PRESENTS, that each person whose signature appears below constitutes and appoints David McJannet and Navam Welihinda, and each one of them, as his or her true and lawful attorney-in-fact and agent, with the power of substitution and re-substitution, for him or her and in their name, place and stead, in any and all capacities, to sign any and all amendments to this Annual Report on Form 10-K and to file the same, with exhibits thereto and other documents in connection therewith, with the Securities and Exchange Commission, granting unto said attorneys-in-fact and agents, and each of them, full power and authority to do and perform each and every act and thing requisite and necessary to be done in connection therewith, as fully to all intents and purposes as they might or could do in person, hereby ratifying and confirming all that each of said attorneys-in-fact, or his or her substitute or substitutes, may do or cause to be done by virtue hereof.
Pursuant to the requirements of the Securities Act of 1934, this report has been signed by the following persons on behalf of the registrant and in the capacities and on the dates indicated.
118
| Signature | Title | Date | ||||||
| /s/ David McJannet | Chief Executive Officer and Chairman of the Board | March, 20, 2024 | ||||||
| David McJannet | (Principal Executive Officer) | |||||||
| /s/ Navam Welihinda | Chief Financial Officer | March, 20, 2024 | ||||||
| Navam Welihinda | (Principal Financial and Accounting Officer) | |||||||
| /s/ Armon Dadgar | Director | March, 20, 2024 | ||||||
| Armon Dadgar | ||||||||
| /s/ Susan St. Ledger | Director | March, 20, 2024 | ||||||
| Susan St. Ledger | ||||||||
| /s/ Todd Ford | Director | March, 20, 2024 | ||||||
| Todd Ford | ||||||||
| /s/ David Henshall | Director | March, 20, 2024 | ||||||
| David Henshall | ||||||||
| /s/ Glenn Solomon | Director | March, 20, 2024 | ||||||
| Glenn Solomon | ||||||||
| /s/ Sigal Zarmi | Director | March, 20, 2024 | ||||||
| Sigal Zarmi | ||||||||
119