recently passed California Privacy Rights Act (the “CPRA”), which amends the CCPA and has many provisions that will go into effect on January 1, 2023. The CPRA will impose additional obligations on companies covered by the legislation and will significantly modify the CCPA, including through expanding consumers’ rights with respect to sensitive personal information. The CPRA also creates a new state agency that will be vested with authority to implement and enforce the CCPA and CPRA. Further, we must also comply with laws on advertising, including the Telephone Consumer Protection Act and the Telemarketing Sales Rule and the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003. In addition to privacy and data security requirements under applicable laws, we are subject to the Payment Card Industry Data Security Standard (“PCI-DSS”), a self-regulatory standard that requires companies that process payment card data to implement certain data security measures. If we or our payment processors fail to comply with the PCI-DSS, we may incur significant fines or liability and lose access to major payment card systems. Industry groups may in the future adopt additional self-regulatory standards by which we are legally or contractually bound. Further, if we expand into Europe, we may also face additional particular privacy, data security, and data protection risks in connection with requirements of the General Data Protection Regulation (E.U.) 2016/679 (the “GDPR”), and other data protection regulations. Among other stringent requirements, the GDPR restricts transfers of personal data outside of the E.U. to countries deemed to lack adequate privacy protections (such as the United States), unless an appropriate safeguard specified by the GDPR is implemented. Currently, there is considerable uncertainty as to how to comply with the GDPR with respect to cross-border transfers. Any failure, or perceived failure, by us to comply with any federal, state, local, or foreign privacy or consumer protection-related laws, rules, regulations or other principles or orders to which we may be subject, or other legal obligations relating to privacy or consumer protection, could adversely affect our reputation, brand, and business, and may result in claims, investigations, proceedings, or actions against us by governmental entities or others or other penalties or liabilities or require us to change our operations or cease using certain data sets. Risks Related to Being a Public Company The requirements of being a public company have increased and may continue to increase our expenses, strain our resources, divert management’s attention, and place pressure on us to attract and retain qualified board members and skilled employees. As a public company, we are subject to the reporting requirements of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), the Sarbanes-Oxley Act of 2002, as amended, the Dodd-Frank Wall Street Reform and Consumer Protection Act, Nasdaq listing standards, as well as other applicable securities rules and regulations. The Securities and Exchange Commission (the “SEC”), Nasdaq, and other regulators continue to adopt new rules and regulations, and make changes to existing rules and regulations, that will require our compliance. Further, factors such as increased stockholder activism, the rising prominence of stockholder rights groups, the current volatile political environment, and the current high level of government intervention and regulatory reform may lead to new laws or regulations, new interpretations of existing laws or regulations, and additional governance obligations, all of which may lead to additional compliance costs, disclosure requirements and management oversight. Compliance with these rules and regulations may cause us to incur additional accounting, legal, and other expenses that we did not incur prior to our initial public offering (“IPO”) in November 2021. We have incurred, and expect to continue to incur, costs associated with corporate governance requirements, including requirements under securities laws, as well as rules and regulations implemented by the SEC and Nasdaq, particularly after we are no longer an “emerging growth company” or a “smaller reporting company.” We expect these rules and regulations may continue to increase our legal and financial compliance costs and make some activities more time-consuming and costly, while also diverting management’s time and attention from executing our growth strategies. 31
RkJQdWJsaXNoZXIy MTc1MzI0Mw==