RDVT Red Violet, Inc. - 10-K

Item 1A. Risk Factors .

Our business, financial condition, operating results, and cash flows may be impacted by a number of factors, many of which are beyond our control, including those set forth below and elsewhere in this 2025 Form 10-K, the occurrence of any one of which could have a material adverse effect on our actual results.

Cybersecurity and Technology Risks

Our products and services are highly technical and if they contain undetected errors, our business could be adversely affected and we may have to defend lawsuits or pay damages in connection with any alleged or actual failure of our products and services.

Our products and services are highly technical and complex. Our products and services have contained and may contain one or more undetected errors, defects, or security vulnerabilities. Some errors in our products and services may only be discovered after a product or service has been used by end customers. Any errors or security vulnerabilities discovered in our products after commercial release could result in loss of revenue or delay in revenue recognition, or loss of customers, any of which could adversely affect our business and results of operations. In addition, we could face claims for product liability or breach of personal information. Defending a lawsuit, regardless of its merit, is costly and may divert management’s attention. In addition, if our business liability insurance coverage is inadequate or future coverage is unavailable on acceptable terms or at all, our financial condition could be harmed.

If we fail to respond to rapid technological changes in the data and analytics sector, we may lose customers and/or our products and/or services may become obsolete.

The data and analytics sector is characterized by rapidly changing technology, frequent product introductions, and continued evolution of new industry standards. As a result, our success depends upon our ability to develop and introduce in a timely manner new products and services and enhancements to existing products and services that meet changing customer requirements and evolving industry standards. The development of technologically advanced product solutions is a complex and uncertain process requiring high levels of innovation, rapid response and accurate anticipation of technological and market trends. We cannot assure you that we will be able to identify, develop, manufacture, market, or support new or enhanced products and services successfully in a timely manner. Further, we or our competitors may introduce new products or services or product enhancements that shorten the life cycle of existing products or services or cause existing products or services to become obsolete.

Because our networks and information technology systems are critical to our success, if unauthorized persons access our systems or our systems otherwise cease to function properly, our operations could be adversely affected and we could lose revenue or proprietary information, all of which could materially adversely affect our business .

As our business is conducted largely online, it is dependent on our networks being accessible and secure. If an actual or perceived breach of network security occurs, regardless of whether the breach is attributable to our network security controls, the market perception of the effectiveness of our network security could be harmed resulting in loss of current and potential end user customers, data suppliers, or cause us to lose potential value-added resellers, distributors, or strategic partners. Our business is largely dependent on our customer-facing websites and our websites may be inaccessible because of service interruptions or subject to hacking or computer attacks. Because the techniques used by computer hackers to access or sabotage networks change frequently and generally are not recognized until launched against a target, we may be unable to anticipate these techniques. If an actual or perceived breach were to occur, we cannot assure you that we would not lose revenue or not sustain operating losses as a result.

We also rely heavily on large information technology databases and the ability to provide services using that information from those databases. A party who is able to breach the security measures on our networks or who otherwise is able to access our system through unauthorized means could misappropriate either our proprietary information or the personal information of consumers that we collect, or otherwise cause interruptions or malfunctions to our operations. Hacking of computer data systems is a growing problem. Hackers may especially target concerns that are known to maintain large repositories of proprietary information or personal information, which can then be exploited for the hacker's personal gain. If we grow and obtain more visibility, we may be more vulnerable to hacking or other attempts to gain unauthorized access to our system. Moreover, the increased use of mobile devices also increases the risk of theft or the intentional and unintentional disclosure of data including proprietary information or personal information. We may be unable to anticipate all of these vulnerabilities and implement adequate preventative measures and, in some cases, we may not be able to immediately detect a security incident. Any security incident could result in legal, regulatory, and financial liability, as well as harm to our reputation.

We may be required to expend significant capital and other resources to protect against such threats or to alleviate problems caused by breaches in security. Additionally, any server interruptions, break-downs or system failures, including failures which may be attributable to events within or outside our control, could increase our future operating costs and cause us to lose business. We maintain insurance policies covering losses relating to our network systems or other assets. However, these policies may not cover the entire cost of a claim. Any future disruptions in our information technology systems, whether caused by hacking or otherwise, may have a material adverse effect on our future results.

Privacy concerns relating to the collection, use, accuracy, correction and sharing of personal information and any perceived or actual unauthorized disclosure of personal information, whether through breach of our network by an unauthorized party, employee theft, misuse, or error could harm our reputation, impair our ability to attract website visitors and to attract and retain customers, result in a loss of confidence in the security of our products and services, or subject us to claims or litigation arising from damages suffered by consumers, and thereby harm our business and results of operations. In addition, we could incur significant costs which our insurance policies may not adequately cover, and we may need to expend significant resources to protect against security breaches, comply with any data breach notification provisions contained in our customer contracts, and comply with the multitude of state and federal laws regarding data privacy and data breach notification obligations.

Data security and integrity are critically important to our business, and breaches of security, unauthorized access to or disclosure of confidential information, disruption, including distributed denial of service (“DDoS”) attacks or the perception that confidential information is not secure, could result in a material loss of business, substantial legal liability or significant harm to our reputation.

As a nationwide provider of risk and information solutions, we aggregate, store, and process a large amount of sensitive and confidential consumer information including financial information and personal information. This data is often accessed through secure transmissions over public and private networks, including the internet. We have invested significant resources to implement technical and physical security policies, procedures and systems, as well as contractual precautions, that we believe are reasonably designed to identify, detect, and prevent the unauthorized access to and alteration and disclosure of our data. Despite these investments and precautions, we cannot assure you that systems that access our services and databases will not be compromised or disrupted, whether as a result of criminal conduct, DDoS attacks or other advanced persistent attacks by malicious actors, including hackers, nation states, and criminals, breaches due to employee error or malfeasance, or other disruptions during the process of upgrading or replacing computer software or hardware, power outages, computer viruses, telecommunication or utility failures, or natural disasters or other catastrophic events. Due to both the nature and volume of the information we aggregate, store, and process, it is not unusual for efforts to occur (coordinated or otherwise) by unauthorized persons to attempt to obtain access to our systems or data, or to inhibit our ability to deliver products or services to a customer. These efforts are likely becoming more sophisticated over time and may attempt to exploit obscure vulnerabilities. We must regularly monitor and develop our information technology networks and infrastructure to prevent, detect, address, and mitigate the risk of unauthorized access, misuse, computer viruses and other events that could have a security impact. Unauthorized disclosure, loss or corruption of our data or inability of our customers to access our systems could disrupt our operations, subject us to substantial legal liability, result in a material loss of business, and significantly harm our reputation.

Our precautions may be inadequate to thwart a cybersecurity incident. Furthermore, we may not be able to immediately address the consequences of a cybersecurity incident because a successful breach of our computer systems, software, networks, or other technology assets could occur and persist for an extended period of time before being detected due to, among other things:

the breadth and complexity of our operations and the high volume of transactions that we process;

the large number of customers, counterparties and third-party service providers with which we do business;

the proliferation and increasing sophistication of cyberattacks; and

the possibility that a third party, after establishing a foothold on an internal network without being detected, might obtain access to other networks and systems.

The extent of a particular cybersecurity incident and the steps that we may need to take to investigate it may not be immediately clear, and it may take a significant amount of time before such an investigation can be completed and full and reliable information about the incident is known. While such an investigation is ongoing, we may not necessarily know the extent of the harm or how best to remediate it, and certain errors or actions could be repeated or compounded before they are discovered and remediated, any or all of which could further increase the costs and consequences of a cybersecurity incident.

A growing number of legislative and regulatory bodies have adopted consumer notification and other requirements in the event that a consumer's personal information is accessed by unauthorized persons. It is likely that additional laws pertaining to the use, access, accuracy, and security of personal information will be adopted in the future. In the United States, federal and state laws provide for more than 50 disparate data breach notification regimes, all of which we may be subject to. Complying with such numerous and complex regulations in the event of unauthorized access would be expensive and difficult, and failure to comply with these regulations could subject us to regulatory scrutiny and additional liability.

If we fail to maintain and improve our systems, our certifications, our technology, and our interfaces with data and customers, demand for our services could be adversely affected.

In our industry, there are continuous improvements in computer hardware, network operating systems, programming tools, programming languages, operating systems, data matching, data filtering and other database technologies, as well as the use of the internet and emerging technologies, such as but not limited to, artificial intelligence. These improvements, as well as changes in customer preferences or regulatory requirements, may require changes in the technology used to gather and process our data and deliver our services. Our future success will depend, in part, upon our ability to:

internally develop and implement new and competitive technologies;

use leading third-party technologies effectively;

respond to changing customer needs and regulatory requirements, including being able to bring our new products to the market quickly; and

transition customers and data sources successfully to new interfaces or other technologies.

We cannot provide assurance that we will successfully implement new technologies, cause customers or data suppliers to implement compatible technologies, or adapt our technology to evolving customer, regulatory, and competitive requirements. If we fail to respond, or fail to cause our customers or data suppliers to respond, to changes in technology, regulatory requirements or customer preferences, the demand for our services, the delivery of our services or our market reputation could be adversely affected. Additionally, our failure to implement important updates could affect our ability to successfully meet the timeline for us to generate cost savings resulting from our investments in improved technology. Failure to achieve any of these objectives would impede our ability to deliver strong financial results.

Furthermore, we may be required to obtain various industry or technical certifications under our contracts or otherwise to keep pace with our competitors. If we fail to achieve and maintain these key industry or technical certifications, our customers may stop doing business with us and we may not be able to win new business, which would negatively affect our revenue.

Issues in the development and use of artificial intelligence and generative artificial intelligence may result in reputational harm, liability, or other adverse consequences to our business.

We use certain machine learning and artificial intelligence technologies and processes in our business, including the use of generative artificial intelligence, and we are making continuing investments in this area, including ongoing deployment and improvement of existing machine learning and artificial intelligence technologies. These AI-enabled technologies and processes are complex and continually evolving, and we face significant competition from other companies. Also, certain laws and regulations have been enacted related to the development and use of these technologies, and more are likely to be enacted in the future. Adapting our existing policies and controls to address the evolving legal and regulatory landscape may be costly and time consuming. In addition, the application, interpretation, and enforcement of these laws and regulations are often uncertain, particularly in the new and rapidly evolving industry in which we operate, and may be interpreted and applied inconsistently from jurisdiction to jurisdiction and inconsistently with our current policies and practices. Increasing our utilization of machine learning and artificial intelligence technologies within existing products or introducing them into new products may result in increased risks, such as the risk of government scrutiny, lawsuits, security risks, or other issues that could adversely affect our business, our reputation, and/or our financial results.

Also, artificial intelligence and generative artificial intelligence may create content that appears correct but is flawed or erroneous. Any flaws or errors discovered in our products after commercial release could result in loss of revenue or delay in revenue recognition, or loss of customers, any of which could adversely affect our business and results of operations. In addition, we could face claims for product liability. Defending a lawsuit, regardless of its merit, is costly and may divert management’s attention. In addition, if our business liability insurance coverage is inadequate or future coverage is unavailable on acceptable terms or at all, our financial condition could be harmed.

Computer hackers and others routinely attack the security of technology products, services, systems and networks using a wide variety of methods, and the increased use of generative artificial intelligence may introduce novel methods of attack. In the event of such actions, we, our customers and other third parties could be exposed to liability, litigation, and regulatory or other government action, including debarment, as well as the loss of existing or potential customers, damage to brand and reputation, damage to our competitive position, and other financial loss.

Legal, Regulatory and Compliance Risks

Our business is subject to various governmental regulations, laws, and orders, compliance with which may cause us to incur significant expenses or reduce the availability or effectiveness of our solutions, and the failure to comply with which could subject us to civil or criminal penalties or other liabilities.

Our business is subject to regulation under the GLBA, the DPPA, the FTC Act, and various other federal, state, and local laws and regulations, as well as, when we provide services to government agencies, applicable government procurement regulations and associated contract clauses. These laws and regulations, which generally are designed to protect consumers and to prevent the misuse of personal information are complex, change frequently, and have tended to become more stringent over time. We have already incurred significant expenses in our endeavors to comply with these laws.

Currently, public concern is high with regard to the collection, use, accuracy, correction, and sharing of personal information, including Social Security numbers, dates of birth, financial information, department of motor vehicle data, and other data which is personally identifiable or may be considered sensitive. In addition, many advocacy groups as well as some legislatures and government regulators believe that existing laws and regulations do not adequately protect privacy, and are otherwise concerned with businesses’ collection, storage, and use of personal information. There are calls to limit the availability of data made available for customer use cases that we may currently serve, such as for marketing purposes or for law enforcement purposes. Relatedly, several U.S. states have introduced and passed legislation to provide consumers with greater transparency and control over their personal information. Laws may allow consumers to request that businesses disclose to them what personal information is collected about them, delete or correct such personal information, and opt-them out of the sale or sharing of their personal information. There are approximately 20 states that have enacted some form of comprehensive data privacy legislation similar to the California Consumer Privacy Act and/or the Virginia Consumer Data Protection Act. While these laws include specific exemptions, including exemptions for practices and activities conducted pursuant to the GLBA and DPPA, they apply to other portions of our business that are not conducted pursuant to these laws. California has recently enacted the Delete Act, intending to make it easier for consumers to request the deletion of their personal information. Other states are actively considering privacy and security bills, and may pass laws, either similar or dissimilar to existing state privacy laws in the future.

These U.S. federal and state laws and regulations, which can be enforced by government entities or, in some cases, private parties, are constantly evolving and can be subject to significant change. Keeping our business in compliance with or bringing our business into compliance with new laws may be costly and may affect our revenue and/or harm our financial results. In addition, the application, interpretation, and enforcement of these laws and regulations are often uncertain, particularly in the new and rapidly evolving industry in which we operate, and may be interpreted and applied inconsistently from jurisdiction to jurisdiction and inconsistently with our current policies and practices. In addition, new laws or regulations or changes in enforcement of existing laws or regulations applicable to our customers could affect the activities or strategies of such customers and, therefore, lead to reductions in their level of business with us.

The following legal and regulatory developments also could have a material adverse effect on our business, financial condition, or results of operations:

amendment, enactment or interpretation of laws and regulations that restrict the access and use of personal information and reduce the availability or effectiveness of our solutions or the supply of data available to customers;

changes in public perception or the position of government actors in favor of further restrictions on information collection and sharing, which may lead to regulations that prevent full utilization of our solutions;

failure of customers, resellers, distributors, strategic business partners, or vendors to comply with laws or regulations, where these third parties' failures could reflect negatively on us or require us to cease or limit our business with them;

failure of our solutions to comply with current laws and regulations; and

failure of our solutions to adapt to changes in the regulatory environment in an efficient, cost-effective manner.

Changes in applicable legislation or regulations that restrict or dictate how we collect, maintain, combine, and disseminate information could adversely affect our business, financial condition or results of operations. In the future, we may be subject to significant additional expense to ensure continued compliance with applicable laws and regulations and to investigate, defend or remedy actual or alleged violations. Any failure by us to comply with applicable laws or regulations could also result in significant liability to us, including liability to private plaintiffs as a result of individual or class action litigation, or may result in the cessation of our operations or portions of our operations or impositions of fines and restrictions on our ability to carry on or expand our operations. Moreover, our compliance with privacy laws and regulations and our reputation depend in part on our customers’ adherence to privacy laws and regulations and their use of our services in ways consistent with consumer expectations and regulatory requirements. Certain of the laws and regulations governing our business are subject to interpretation by judges, juries, and administrative entities, creating substantial uncertainty for our business. We cannot predict what effect the interpretation of existing or new laws or regulations may have on our business.

The outcome of litigation, inquiries, investigations, examinations, or other legal proceedings in which we are involved, in which we may become involved, or in which our customers or competitors are involved, could subject us to significant monetary damages or restrictions on our ability to do business .

Legal proceedings arise as part of the normal course of our business. These may include actions between us and a current or former employee, actions between us and a current or former customer, individual consumer cases, class action lawsuits and inquiries, investigations, examinations, regulatory proceedings, or other actions brought by federal (e.g., the FTC) or state (e.g., state attorneys general) authorities. The scope and outcome of these proceedings is often difficult to assess or quantify. Plaintiffs in lawsuits may seek recovery of large amounts and the cost to defend such litigation may be significant. There may also be adverse publicity and uncertainty associated with investigations, litigation, and orders (whether pertaining to us, our customers or our competitors) that could decrease customer acceptance of our services or result in material discovery expenses. In addition, a court-ordered injunction or an administrative cease-and-desist order or settlement may require us to modify our business practices or may prohibit conduct that would otherwise be legal and in which our competitors may engage. Many of the technical and complex statutes to which we are subject, including state and federal financial privacy requirements, may provide for civil and criminal penalties and may permit consumers to maintain individual or class action lawsuits against us and obtain statutorily prescribed damages. Additionally, our customers might face similar proceedings, actions, or inquiries which could affect their business and, in turn, our ability to do business with those customers.

While we maintain various insurance policies that we believe provide us with suitable coverage and protection in the event of litigation or other legal proceedings, those policies may contain exclusions or limitations, resulting in some cases in us retaining all or a portion of the risk of loss.

While we do not believe that the outcome of any pending or threatened legal proceeding, investigation, examination, or supervisory activity will have a material adverse effect on our financial position, such events are inherently uncertain and adverse outcomes could result in significant monetary damages, penalties, or injunctive relief against us. Furthermore, we review legal proceedings and claims on an ongoing basis and follow appropriate accounting guidance, including Accounting Standards Codification (“ASC”) 450, “ Contingencies ,” when making accrual and disclosure decisions. We establish accruals for those contingencies where the incurrence of a loss is probable and can be reasonably estimated, and we disclose the amount accrued and the amount of a reasonably possible loss in excess of the amount accrued, if such disclosure is necessary for our financial statements to not be misleading. To estimate whether a loss contingency should be accrued by a charge to income, we evaluate, among other factors, the degree of probability of an unfavorable outcome and the ability to make a reasonable estimate of the amount of the loss. We do not record liabilities when the likelihood that the liability has been incurred is probable, but the amount cannot be reasonably estimated.

Our bylaws designate the Court of Chancery of the State of Delaware as the sole and exclusive forum for certain actions, including derivative actions, which could limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with the Company and its directors, officers, other employees, or the Company's stockholders, and may discourage lawsuits with respect to such claims.

Unless we consent in writing to the selection of an alternative forum, the sole and exclusive forum for (i) any derivative action or proceeding brought against or on behalf of the Company, (ii) any action asserting a claim of breach of a duty owed by any current or former director, officer, other employee or stockholder of the Company to the Company or the Company’s stockholders, (iii) any action asserting a claim arising pursuant to any provision of the Delaware General Corporation Law, (iv) any action as to which the Delaware General Corporation Law confers jurisdiction upon the Court of Chancery in the State of Delaware, or (v) any action asserting a claim governed by the internal affairs doctrine, shall, to the fullest extent permitted by law, be the Court of Chancery in the State of Delaware (or, only if the Court of Chancery in the State of Delaware declines to accept jurisdiction over a particular matter, any state or federal court located within the State of Delaware). However, Section 27 of the Exchange Act creates exclusive federal jurisdiction over all suits brought to enforce any duty or liability created by the Exchange Act or the rules and regulations thereunder, and as such, the exclusive jurisdiction clauses set forth above would not apply to such suits. Furthermore, Section 22 of the Securities Act of 1933, as amended (the "Securities Act") provides for concurrent jurisdiction for federal and state courts over all suits brought to enforce any duty or liability created by the Securities Act or the rules and regulations thereunder, and as such, the exclusive jurisdiction clauses set forth above would not apply to such suits.

Although we believe the exclusive forum provision benefits us by providing increased consistency in the application of Delaware law for the specified types of actions and proceedings, this provision may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with the Company and its directors, officers, or other employees, and may discourage lawsuits with respect to such claims.

Business and Operations Risks

Our future operating results remain uncertain.

We need to generate greater revenue from the sale of our products and services if we are to sustain profitability. If we are unable to generate greater revenue, we may not be able to continue to achieve profitability and generate positive cash flow from operations in the future

We depend, in part, on strategic alliances and joint ventures to grow our business. If we are unable to develop and maintain these strategic alliances and joint ventures, our growth may be adversely affected.

An important focus of our business is to identify business relationships that can enhance our services, enable us to develop solutions that differentiate us from our competitors, drive users to our websites and monetize our data. We have entered into several alliance agreements or license agreements with respect to certain of our datasets and services and may enter into similar agreements in the future. These arrangements may require us to restrict our use of certain of our technologies or datasets among certain customer industries, restrict content on our websites, or grant licenses on terms that ultimately may prove to be unfavorable to us, any of which could adversely affect our business, financial condition or results of operations. Relationships with our alliance agreement partners may include risks due to incomplete information regarding the marketplace and commercial strategies of our partners, and our alliance agreements or other licensing agreements may be the subject of contractual disputes. If we or our alliance agreements’ partners are not successful in maintaining or commercializing the alliance agreements’ services, such commercial failure could adversely affect our business.

If we consummate any future acquisitions, we will be subject to the risks inherent in identifying, acquiring, and operating a newly acquired business .

We may, in the future, acquire additional businesses, which we believe could complement or expand our current business or offer growth opportunities. We may experience difficulties in identifying potential acquisition candidates that complement our current business at appropriate prices, or at all. We cannot assure you that our acquisition strategy will be successful. We may spend significant management time and resources in analyzing and negotiating acquisitions or investments that are not consummated. Furthermore, the ongoing process of integrating an acquired business is distracting, time consuming, expensive, and requires continuous optimization and allocation of resources. Additionally, if we use stock as consideration, this would dilute our existing shareholders and if we use cash, this would reduce our liquidity and impact our financial flexibility. We may seek debt financing for particular acquisitions, which may not be available on commercially reasonable terms, or at all. We face the risks associated with the business acquisition strategy, including:

the potential disruption of our existing businesses, including the diversion of management attention and the redeployment of resources;

entering new markets or industries in which we have limited prior experience;

our failure in due diligence to identify key issues specific to the businesses we seek to acquire or the industries or other environments in which they operate, or, failure to protect against contingent liabilities arising from those issues;

unforeseen, hidden, or fraudulent liabilities;

our difficulties in integrating, aligning and coordinating organizations which will likely be geographically separated and may involve diverse business operations and corporate cultures;

our difficulties in integrating and retaining key management, sales, research and development, production, and other personnel;

the potential loss of key employees, customers, or distribution partners of the acquired business;

our difficulties in incorporating the acquired business into our organization;

the potential loss of customers, resellers, distributors, strategic business partners, or suppliers;

our difficulties in integrating or expanding information technology systems and other business processes to accommodate the acquired business;

the risks associated with integrating financial reporting and internal control systems, including the risk that significant deficiencies or material weaknesses may be identified in acquired entities;

the potential for future impairments of goodwill and other intangible assets if the acquired business does not perform as expected;

the inability to obtain necessary government approvals for the acquisition, if any; and

our successfully operating the acquired business.

If we cannot overcome these challenges, we may not realize actual benefits from past and future acquisitions, which will impair our overall business results. If we complete an investment or acquisition, we may not realize the anticipated benefits from the transaction.

Our relationships with key customers may be materially diminished or terminated, which could adversely affect our business, financial condition, and results of operations.

We have established relationships with a number of customers, many of whom could unilaterally terminate their relationship with us or materially reduce the amount of business they conduct with us at any time. Market competition, customer requirements, customer financial condition, and customer consolidation through mergers or acquisitions also could adversely affect our ability to continue or expand these relationships. There is no guarantee that we will be able to retain or renew existing agreements, maintain relationships with any of our customers on acceptable terms or at all, or collect amounts owed to us from insolvent customers. The loss of one or more of our major customers could adversely affect our business, financial condition and results of operations.

If we lose the services of key personnel, it could adversely affect our business.

Our future success depends, in part, on our ability to attract and retain key personnel. Our future also depends on the continued services of Derek Dubner, our Chief Executive Officer and Chairman, James Reilly, our President, Daniel MacLachlan, our Chief Financial Officer, and other key employees in all areas of our organization, each of whom is important to the management of certain aspects of our business and operations and the development of our strategic direction, and each of whom may be difficult to replace. The loss of the services of these key individuals and the process to replace these individuals would involve significant time and expense and could significantly delay or prevent the achievement of our business objectives.

Further, the FTC and certain other government entities have indicated a desire to limit the allowability of agreements that are designed to prevent employees from competing with their former employers. If the enforceability of these types of “non-compete” agreements is affected by future lawmaking or regulatory action, it may impede our ability to ensure that former employees, who received training and experience through their employment with us, refrain from using their knowledge of our business and operations to compete with us.

Our revenue is concentrated in the U.S. market across a broad range of industries. When these industries or the broader financial markets experience a downturn, demand for our services and revenue may be adversely affected.

Our customers, and therefore our business and revenue, sometimes depend on favorable macroeconomic conditions and are impacted by the availability of credit, the level and volatility of interest rates, inflation, tariffs, employment levels, consumer confidence, and housing demand. In addition, a significant amount of our revenue is concentrated in the U.S. market across a broad range of industries. Our customer base suffers when financial markets experience volatility, illiquidity, and disruption, which has occurred in the past and which could reoccur. Such market developments, and the potential for increased and continuing disruptions going forward, present considerable risks to our business and operations. Changes in the economy have resulted, and may continue to result, in fluctuations in volumes, pricing, and operating margins for our services. The imposition of tariffs by the United States on foreign goods, tensions over the imposition of such tariffs, and (both actual and anticipated) retaliation from other countries may exasperate these issues. This, in turn, may lead to a decline in the volume of services we provide to our customers in the banking or financial industry, or other industries that are affected by these types of disruptions. If businesses in these industries experience economic hardship, we cannot assure you that we will be able to generate future revenue growth and these types of disruptions could negatively impact our revenue and results of operations.

We could lose our access to data sources which could prevent us from providing our services.

Our products and services depend extensively upon continued access to and receipt of data from external sources, including data received from strategic partners and various government and public record databases. In some cases, we compete with our data suppliers. Our data suppliers could stop providing data, impose more stringent contractual restrictions on our use of data, provide untimely data or increase the costs for their data for a variety of reasons, including a perception that our systems are insecure as a result of a data security breach, budgetary constraints, a desire to generate additional revenue, or for regulatory or competitive reasons. We could also become subject to increased legislative, regulatory, or judicial restrictions or mandates on the collection, disclosure, or use of such data, in particular if such data is not collected by our providers in a way that allows us to legally use the data. If we were to lose access to this external data or if our access or use were restricted or were to become less economical or desirable, our ability to provide services could be negatively impacted, which would adversely affect our reputation, business, financial condition, and results of operations. We cannot provide assurance that we will be successful in maintaining our relationships with these external data source providers or that we will be able to continue to obtain data from them on acceptable terms or at all. Furthermore, we cannot provide assurance that we will be able to obtain data from alternative sources if our current sources become unavailable.

The foregoing risks are heightened with respect to our largest data supplier, with whom we have expanded our relationship while securing favorable business terms over the years. If we are unable to maintain our current relationship with our largest data supplier, the term of our agreement with which was extended during 2025 through April 30, 2031, our ability to provide services could be negatively impacted, as we would need to secure comparable data on similar terms, which would require significant time, expense, and resources, and may in the short-term adversely affect our reputation, business, financial condition, and results of operations and, if we are unable to establish a similar relationship with other data suppliers over time, could have a long-term material impact on our business and financial condition. Also see “Concentration of Suppliers” above.

We must adequately protect our intellectual property in order to prevent loss of valuable proprietary information.

We rely primarily upon a combination of patent, copyright, trademark, and trade secret laws, as well as other intellectual property laws, and confidentiality procedures and contractual agreements, such as non-disclosure agreements, to protect our proprietary technology. However, unauthorized parties may attempt to copy or reverse engineer aspects of our products or services or to obtain and use information that we regard as proprietary. Policing unauthorized use of our products or services is difficult, and we cannot be certain that the steps we have taken will prevent misappropriation of our intellectual property. If the protection of our intellectual property proves to be inadequate or unenforceable, others may be able to use our proprietary developments without compensation to us, resulting in potential cost advantages to our competitors.

Some of our systems and technologies are not covered by any copyright, patent, or patent application. We cannot guarantee that: (i) our intellectual property rights will provide us with a competitive advantage; (ii) our ability to assert our intellectual property rights against potential competitors or to settle current or future disputes will be effective; (iii) our intellectual property rights will be enforced in jurisdictions where competition may be intense or where legal protection may be weak; (iv) any of the patent, trademark, copyright, trade secret or other intellectual property rights that we presently employ in our business will not lapse or be invalidated, circumvented, challenged, or abandoned; (v) competitors will not design around our protected systems and technology; or (vi) that we will not lose the ability to assert our intellectual property rights against others.

Policing unauthorized use of our proprietary rights can be difficult and costly. Litigation, while it may be necessary to enforce or protect our intellectual property rights, could result in substantial costs and diversion of resources and management attention and could adversely affect our business, even if we are successful on the merits.

Additionally, third parties may independently develop intellectual property similar to ours, but without use of our trade secrets or proprietary information. In such cases, the value of our intellectual property may be diminished but we will lack any enforceable right or remedy.

We face intense competition from both start-up and established companies that may have significant advantages over us and our products.

The market for our products and services is intensely competitive. There are numerous companies competing with us in various segments of the data and analytics sector, and their products and services may have advantages over our products and services in areas such as conformity to existing and emerging industry standards, the use of artificial intelligence, performance, price, ease of use, scalability, reliability, flexibility, product features, and technical support.

Our principal competitors in the data and analytics sector include RELX Group (LexisNexis), TransUnion, and Thomson Reuters. Current and potential competitors may have one or more of the following significant advantages:

greater financial, technical, and marketing resources;

better name recognition;

more comprehensive solutions;

better or more extensive cooperative relationships; and

larger customer base.

We cannot assure you that we will be able to compete successfully with our existing or new competitors. Some of our competitors may have, in relation to us, one or more of the following: longer operating histories, longer-standing relationships with end-user customers, and greater customer service, public relations and other resources. As a result, these competitors may be able to more quickly develop or adapt to new or emerging technologies and changes in customer requirements, or devote greater resources to the development, promotion, and sale of their products and services. Additionally, it is likely that new competitors or alliances among existing competitors could emerge and rapidly acquire significant market share.

There may be further consolidation in our end-customer markets, which may adversely affect our revenue.

There has been, and we expect there will continue to be, merger, acquisition, and consolidation activity in our customer markets. If our customers merge with, or are acquired by, other entities that are not our customers, or that use fewer of our services, our revenue may be adversely impacted. In addition, industry consolidation could affect the base of recurring transaction-based revenue if consolidated customers combine their operations under one contract, since many of our contracts provide for volume discounts. In addition, our existing customers might leave certain geographic markets, which would no longer require them to purchase certain products from us and, consequently, we would generate less revenue than we currently expect.

To the extent the availability of free or relatively inexpensive consumer and/or business information increases, the demand for some of our services may decrease.

Public and commercial sources of free or relatively inexpensive consumer and business information have become increasingly available, and this trend is expected to continue. Public and commercial sources of free or relatively inexpensive consumer and/or business information may reduce demand for our services. To the extent that our customers choose not to obtain services from us and instead rely on information obtained at little or no cost from these public and commercial sources, our business, financial condition, and results of operations may be adversely affected.

If our newer products do not achieve market acceptance, revenue growth may suffer.

Our products and solutions may experience varying sales cycles depending on industry, customer size, and implementation complexity, and in certain markets competitors may have longer operating histories or more established customer relationships. Accordingly, we may not achieve the meaningful revenue growth needed to sustain operations. We cannot provide any assurances that sales of our newer products will continue to grow or generate sufficient revenues to sustain our business. If we are unable to recognize revenues due to longer sales cycles or other problems, our results of operations could be adversely affected.

We have not yet received broad market acceptance for our newer products. We cannot assure you that our present or future products will achieve market acceptance on a sustained basis. In order to achieve market acceptance and achieve future revenue growth, we must introduce complementary products, incorporate new technologies into existing product lines, and design and develop and successfully commercialize higher performance products in a timely manner. We cannot assure you that we will be able to offer new or complementary products that gain market acceptance quickly enough to avoid decreased revenues during current or future product introductions or transitions.

Our products and services can have long sales and implementation cycles, which may result in substantial expenses before realizing any associated revenue.

The sale and implementation of our products and services to large companies and government entities typically involves a lengthy education process and a significant technical evaluation and commitment of capital and other resources. This process is also subject to the risk of delays associated with customers’ internal budgeting and other procedures for approving capital expenditures, and testing and accepting new technologies that affect key operations. As a result, sales and implementation cycles for our products and services can be lengthy, and we may expend significant time and resources before we receive any revenues from a customer or potential customer. Our quarterly and annual operating results could be adversely affected if orders forecast for a specific customer and for a particular period are not realized.

If our outside service providers and key vendors are not able to or do not fulfill their service obligations, our operations could be disrupted and our operating results could be harmed.

We depend on a number of service providers and key vendors such as telecommunication companies, software engineers, cloud providers, data processors, and software and hardware vendors, who are critical to our operations. These service providers and vendors are involved with our service offerings, communications and networking equipment, computer hardware and software and related support and maintenance. Although we have implemented service-level agreements and have established monitoring controls, our operations could be disrupted if we do not successfully manage relationships with our service providers, if they do not perform or are unable to perform agreed-upon service levels, or if they are unwilling to make their services available to us at reasonable prices. If our service providers and vendors do not perform their service obligations, it could adversely affect our reputation, business, financial condition, and results of operations.

Consolidation in the data and analytics sector may limit market acceptance of our products and services.

Several of our competitors have acquired companies with complementary technologies in the past. We expect consolidation in the industries we serve to continue in the future. These acquisitions may permit our competitors to accelerate the development and commercialization of broader product lines and more comprehensive solutions than we currently offer. Acquisitions of vendors or other companies with whom we have a strategic relationship by our competitors may limit our access to commercially significant technologies and/or data. Further, business combinations are creating companies with larger market shares, customer bases, sales forces, product offerings and technology and marketing expertise, which may make it more difficult for us to compete.

We may incur substantial expenses defending the Company against claims of infringement.

There are numerous patents held by many companies relating to the design and manufacture of data and analytics solutions. Third parties may claim that our products and/or services infringe on their intellectual property rights. Any claim, with or without merit, could consume management’s time, result in costly litigation, cause delays in sales or implementation of products or services, or require entry into royalty or licensing agreements. In this respect, patent and other intellectual property litigation is becoming increasingly more expensive in terms of legal fees, expert fees, and other expenses. Royalty and licensing agreements, if required and available, may be on terms unacceptable to us or detrimental to our business. Moreover, a successful claim of product infringement against us or our failure or inability to license the infringed or similar technology on commercially reasonable terms could seriously harm our business.

Environmental issues, including any future reporting obligations in connection with environmental issues, may adversely impact our business and operations.

Extreme weather events and natural disasters may disrupt our operations or those of our customers and suppliers. These events may become more frequent and more severe as a result of climate change, and the long-term impacts to the economy and our industry are unknown. While we maintain business continuity and disaster recovery plans, we cannot be certain that those plans will be effective. Even if we are unaffected by an extreme weather event or natural disaster, or recover from one quickly, our customers or suppliers may be more severely impacted, thereby affecting their ability to continue to do business with us.

Risks Related to Our Common Stock

Our stock price has been and may continue to be volatile, and the value of an investment in our common stock may decline.

The trading price of our common stock has been and is likely to continue to be highly volatile and could be subject to wide fluctuations in response to various factors, some of which are beyond our control. These factors could include:

additions or departures of key personnel;

changes in laws or regulations affecting our industry;

changes in earnings estimates or recommendations by securities analysts;

the increasing prominence of new technologies, including AI, in the markets in which we compete;

any major change in our Board of Directors or management;

general economic conditions and slow or negative growth of our markets; and

political instability, natural disasters, pandemics, war, and/or events of terrorism.

From time to time, we estimate the timing of the accomplishment of various commercial and other product development goals or milestones. Also, from time to time, we expect that we will publicly announce the anticipated timing of some of these milestones. All of these milestones are based on a variety of assumptions. The actual timing of these milestones can vary dramatically compared to our estimates, in some cases for reasons beyond our control. If we do not meet these milestones as publicly announced, our stock price may decline.

In addition, the stock market has experienced extreme price and volume fluctuations that have often been unrelated or disproportionate to the operating performance of publicly traded companies. Broad market and industry factors may seriously affect the market price of companies’ stock, including ours, regardless of actual operating performance. These fluctuations may be even more pronounced in the trading market for our stock. In addition, in the past, following periods of volatility in the overall market and the market price of a particular company’s securities, securities class action litigation has often been instituted against these companies. This litigation, if instituted against us, could result in substantial costs and a diversion of our management’s attention and resources.

Future issuances of shares of our common stock in connection with acquisitions or pursuant to our stock incentive plans could have a dilutive effect on your investment.

Since the Spin-off and through December 31, 2025, we issued an aggregate of 4,182,714 shares of our common stock in connection with vesting of awards made under the Red Violet, Inc. 2018 Stock Incentive Plan, as amended and restated (the “2018 Plan”), 972,971 shares of which were retired and cancelled. Also, as of December 31, 2025, 63,717 shares underlying awards made under the 2018 Plan have vested but the delivery has been deferred by the recipients, and an additional 769,227 shares underlying awards made under the 2018 Plan are scheduled to vest and be delivered through 2030. Pursuant to the 2018 Plan, our Board of Directors may grant stock options, restricted stock units (“RSUs”), or other equity awards to our directors and employees. Future stock incentive plans may also allow our Board of Directors to issue these equity awards to our directors and employees. When these awards vest or are exercised, the issuance of shares of common stock underlying these awards will have a dilutive effect on our common stock. Future acquisitions may involve the issuance of our common stock as payment, in part or in full, for the business or assets acquired. The benefits derived by us from an acquisition might not exceed the dilutive effect of the shares issued as part of the acquisition. Additionally, we filed a shelf registration statement on Form S-3, which was declared effective on November 25, 2025 (the "Shelf Registration Statement"), allowing us to offer and sell our registered common stock, preferred stock, debt securities, depository shares, warrants and/or units from time to time pursuant to one or more offerings of up to $150.0 million. While we have not issued any shares under the Shelf Registration Statement, any issuance could have a dilutive effect. Future issuances of our common stock or other equity securities, or the perception that such sales may occur, could adversely affect the trading price of our common stock and impair our ability to raise capital through future offerings of shares or equity securities. No prediction can be made as to the effect, if any, that future sales of common stock or the availability of common stock for future sales will have on the trading price of our common stock.

The concentration of our stock ownership may limit individual stockholder ability to influence corporate matters.

As of December 31, 2025, officers and directors of the Company owned approximately 9% of our common stock (approximately 10% on a fully diluted basis). As a result, these stockholders may be in a position to exert significant influence over all matters requiring stockholder approval, including the election of directors and determination of significant corporate actions. The interests of these stockholders may not always coincide with the interests of other stockholders, and these stockholders may act in a manner that advances their interests and not necessarily those of other stockholders, and might affect the prevailing market price for our securities.

We are a “smaller reporting company,” and the reduced disclosure requirements applicable to smaller reporting companies may make our common stock less attractive to investors.

We are a “smaller reporting company” and may continue to be a smaller reporting company if either (i) the market value of our stock held by non-affiliates is less than $250.0 million or (ii) our annual revenue is less than $100.0 million during the most recently completed fiscal year and the market value of our stock held by non-affiliates is less than $700.0 million. As a smaller reporting company, we may continue to rely on exemptions from certain disclosure requirements that are available to smaller reporting companies. Specifically, we may choose to present only the two most recent fiscal years of audited financial statements in our Annual Report on Form 10-K and, similar to emerging growth companies, smaller reporting companies have reduced disclosure obligations regarding executive compensation. We cannot predict if investors will find our common stock less attractive because we may rely on these exemptions. If some investors find our common stock less attractive as a result, there may be a less active trading market for our common stock and our stock price may be more volatile.

We expect that we may need additional capital in the future; however, such capital may not be available to us on reasonable terms, if at all, when or as we require additional funding. If we issue additional shares of our common stock or other securities that may be convertible into, or exercisable or exchangeable for, our common stock, our existing stockholders would experience further dilution.

While we may need additional capital in the future, we cannot be certain that it will be available to us on acceptable terms when required, or at all. Disruptions in the global equity and credit markets may limit our ability to access capital. Since the Spin-off and through December 31, 2025, we issued an aggregate of 1,233,915 shares of our common stock in connection with registered direct offerings. To the extent that we raise additional funds by issuing equity securities, our shareholders would experience dilution, which may be significant and could cause the market price of our common stock to decline significantly. Any debt financing, if available, may restrict our operations. If we are unable to raise additional capital when required or on acceptable terms, we may have to significantly delay, scale back or discontinue certain operations. Any of these events could significantly harm our business and prospects and could cause our stock price to decline.

There is no assurance that we will continue to declare or pay dividends on our common stock in the future.

On December 3, 2024, we declared a special cash dividend of $0.30 per share on our common stock (the "Dividend") to shareholders of record as of January 31, 2025. The Dividend, totaling $4.2 million, was paid on February 14, 2025. However, there is no assurance that we will continue to declare or pay cash dividends in the future. Any future dividend payments are within the discretion of our Board of Directors and will depend upon, among other things, our results of operations, working capital requirements, capital expenditure requirements, financial condition, level of indebtedness, any contractual restrictions with respect to payment of dividends, business opportunities, anticipated cash needs, provisions of applicable law, and other factors that our Board of Directors may deem relevant.

Ite m 1B. Unresolved Staff Comments.

None.

Item 1C. Cybersecurity .

Risk Management and Strategy

We have implemented and maintained a comprehensive information security program designed to protect the confidentiality, integrity, and availability of our critical systems and information, as well as to identify, assess, manage, mitigate, and respond to cybersecurity threats. Our systems and processes are assessed by independent third parties for compliance with: the International Standard

Organization (“ISO”) 27001:2022; System and Organization Controls (“SOC”) 2, Type 2; and Payment Card Industry Data Security Standards (“PCI DSS”) Level 1.

Our information security program includes the following key elements to help identify, manage, mitigate, and respond to cybersecurity threats:

Risk assessments —We conduct annual enterprise-wide risk assessments designed to identify material cybersecurity risks to our operations, quantify the impact and probability of each identified risk, develop and implement mitigating controls, and reassess previously identified risks on an ongoing basis.

Testing —We conduct monthly vulnerability assessments and annual penetration testing of our systems and controls to identify and remediate potential vulnerabilities. Our testing program includes both automated scanning and manual security assessments performed by qualified internal and external security professionals.

Technical safeguards —We utilize multiple layers of technical safeguards designed to protect our information systems from cybersecurity threats, including network security controls, endpoint protection, data encryption, access controls, and security monitoring tools. We regularly review and update our technical safeguards in accordance with industry best practices and evolving threat landscapes.

Business continuity and disaster recovery planning —We maintain comprehensive business continuity and disaster recovery plans that are tested at least annually to ensure our ability to maintain critical operations and recover from potential disruptions, including those resulting from cybersecurity incidents.

Cybersecurity Incident Response —We maintain a cybersecurity incident response plan that governs the identification, containment, investigation, remediation, and reporting of cybersecurity incidents. We have designated an Incident Response Team with clearly defined roles and responsibilities, including escalation procedures to senior management and legal counsel for potentially material incidents. Our incident response procedures include protocols for timely communication with affected parties and regulatory authorities as required.

Cybersecurity insurance —We maintain cybersecurity insurance coverage designed to mitigate financial risks associated with cybersecurity incidents, including costs related to incident response, forensic investigation, legal expenses, regulatory fines, and business interruption.

Employee training and awareness programs —We provide mandatory annual cybersecurity training to all employees designed to help identify, avoid, and mitigate cybersecurity threats. Our training program includes insider threat awareness, simulated phishing exercises, secure coding practices for development personnel, and role-specific security training tailored to employee responsibilities. Additionally, our training program includes education on the secure and responsible use of AI and generative AI tools, covering topics such as data privacy considerations, prohibited uses of confidential information in AI systems, output validation requirements, and compliance with our AI usage policies.

Third-party risk management — We maintain a third-party risk management program designed to identify, assess, manage, and mitigate risks associated with our vendors, service providers, and other third parties. This program includes security assessments of vendors prior to engagement, contractual security requirements, and ongoing monitoring of vendors with access to our systems or sensitive data.

We regularly review our information security program and associated policies, making periodic updates as we deem necessary and appropriate in accordance with recognized best practices and standards.

Governance

Our information security program and cyber risk management program is managed and overseen by Jeff Dell, our Chief Information Officer (“CIO”) and a team of information security personnel reporting to the CIO. Our CIO reports directly to the CEO and is responsible for the assessment and management of material risks for cybersecurity threats. Mr. Dell brings over 30 years of experience in information technology and information security, working as an executive within data-driven companies for the last 25 years, including serving as CIO since our formation in August 2017 and continuing through our Spin-off from cogint. Mr. Dell holds a Bachelor of Science in Business from Arizona State University and has earned GCIA, GCWN, GWAPT and CISSP certifications. For additional information regarding Mr. Dell’s business experience, see Part 1, Item 1 Business – Information About Our Executive Officers included in this Annual Report.

Management holds monthly Information Security Management System (ISMS) meetings which include stakeholders, senior management as well as the CIO and other key individuals reporting to the CIO. Cybersecurity risks, threats, and vulnerabilities, as well as existing mitigating controls, are discussed in ISMS meetings. Our CIO also provides quarterly reports of our information security and IT compliance program, as well as any material cybersecurity risks, to the Board of Directors .

We did not experience a material cybersecurity incident during the year ended December 31, 2025, which has materially affected or is reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. However, the possibility of future cybersecurity incidents, as well as cybersecurity and technology risks more generally, could have a material adverse effect on our business, financial condition, results of operations, cash flows or reputation. See “Item 1A. Risk Factors – Cybersecurity and Technology Risks” for more information.

Management’s discussion and analysis of financial condition and results of operations are based upon our consolidated financial statements, which have been prepared in accordance with US GAAP. The preparation of these financial statements requires us to make estimates and judgments that affect the reported amounts of assets, liabilities, revenue and expenses, and related disclosure of contingent assets and liabilities. On an ongoing basis, we evaluate our estimates, including those related to the revenue recognition, allowance for doubtful accounts, useful lives of intangible assets, recoverability of the carrying amounts of goodwill and intangible assets, share-based compensation, and income tax provision. We base our estimates on historical experience and on various other assumptions that are believed to be reasonable under the circumstances, the results of which form the basis for making judgments about the carrying values of assets and liabilities that are not readily apparent from other sources. Actual results may differ from these estimates under different assumptions or conditions.

We believe the following critical accounting policies govern our more significant judgments and estimates used in the preparation of our consolidated financial statements.

Revenue recognition

We recognize revenue in accordance with ASC 606, “ Revenue from Contracts with Customers ” (“Topic 606”). Under this standard, revenue is recognized when control of goods or services is transferred to our customers, in an amount that reflects the consideration we expect to be entitled to in exchange for those goods or services. Our performance obligation is to provide on demand information and identity intelligence solutions to our customers by leveraging our proprietary technology and applying machine learning and advanced analytics to our extensive data repository. The pricing for the customer contracts is based on usage, a monthly fee, or a combination of both.

Revenue is generally recognized on (a) a transactional basis determined by the customers’ usage, (b) a monthly fee, or (c) a combination of both. Revenue pursuant to transactions determined by the customers’ usage is recognized when the transaction is complete, and either party may terminate the transactional agreement at any time. Revenue pursuant to contracts containing a monthly fee is considered to be a single performance obligation consisting of a series of distinct services, and is recognized ratably over the contract period, which is generally 12 months, and the contract shall automatically renew for additional, successive 12-month terms unless written notice of intent not to renew is provided by one party to the other at least 30 days or 60 days prior to the expiration of the then current term. Variable fees are allocated to each distinct month in the series for which they are earned. Our revenue is recorded net of applicable sales taxes billed to customers.

Available within Topic 606, we have applied the portfolio approach practical expedient in accounting for customer revenue as one collective group, rather than individual contracts. Based on our historical knowledge of the contracts contained in this portfolio and the similar nature and characteristics of the customers, we have concluded the financial statement effects are not materially different than if accounting for revenue on a contract by contract basis.

Revenue is recognized over a period of time. Our customers simultaneously receive and consume the benefits provided by our performance as and when provided. Furthermore, we have elected the “right to invoice” practical expedient, available within Topic 606, as our measure of progress, since we have a right to payment from a customer in an amount that corresponds directly with the value of our performance completed-to-date. In some arrangements, a right to consideration for our performance under the customer contract may occur before invoicing to the customer, resulting in an unbilled accounts receivable. As of December 31, 2025, the current and noncurrent portion unbilled accounts receivable of $1.1 million and $0.9 million, respectively, were included within accounts receivable and other noncurrent assets, respectively, on the consolidated balance sheets. As of December 31, 2024, the current and noncurrent portion unbilled accounts receivable of $0.9 million and $1.1 million, respectively, were included within accounts receivable and other noncurrent assets, respectively, on the consolidated balance sheets. Our revenue arrangements do not contain significant financing components.

For the years ended December 31, 2025 and 2024, 76% and 77% of total revenue was attributable to customers with pricing contracts, respectively, versus 24% and 23% attributable to transactional customers, respectively. Pricing contracts are generally annual contracts or longer, with auto renewal.

If a customer pays consideration before we transfer services to the customer, those amounts are classified as deferred revenue. As of December 31, 2025, 2024 and 2023, the balance of deferred revenue was $1.0 million, $0.7 million and $0.7 million, respectively, all of which is expected to be realized in the next 12 months. In relation to the deferred revenue balance as of December 31, 2024, $0.7 million was recognized into revenue during the year ended December 31, 2025.

As of December 31, 2025, $23.8 million of revenue is expected to be recognized in the future for performance obligations that are unsatisfied or partially unsatisfied, related to pricing contracts that have a term of more than 12 months, of which $12.7 million of revenue will be recognized in 2026, $8.0 million in 2027, $2.4 million in 2028, $0.6 million in 2029, and $0.1 million in 2030 and thereafter. The actual timing of recognition may vary due to factors outside of our control. We exclude variable consideration related entirely to wholly unsatisfied performance obligations and contracts and recognizes such variable consideration based upon the right to invoice the customer.

Sales commissions are incurred and recorded on an ongoing basis over the term of the customer relationship. These costs are recorded in sales and marketing expenses.

In addition, we elected the practical expedient to not disclose the value of unsatisfied performance obligations for (i) contracts with an original expected length of one year or less and (ii) contracts for which we recognize revenue at the amount to which we have the right to invoice for services performed.

Allowances for doubtful accounts

We maintain allowance for doubtful accounts for estimated losses resulting from the inability of our customers to make required payments. Management determines whether an allowance needs to be provided for an amount due from a customer depending on the aging of the individual receivable balance, recent payment history, contractual terms and other qualitative factors such as status of business relationship with the customer. Historically, our estimates for doubtful accounts have not differed materially from actual results. The amount of the allowance for doubtful accounts was $0.2 million as of December 31, 2025 and 2024, which was included within accounts receivable, net, on the consolidated balance sheets.

Income taxes

We account for income taxes in accordance with ASC 740, “Income Taxes,” which requires the use of the asset and liability method of accounting for income taxes. Under the asset and liability method, deferred tax assets and liabilities are computed based upon the difference between the financial statement and income tax basis of assets and liabilities using the enacted tax rate applicable when the related asset or liability is expected to be realized or settled. Deferred income tax expenses or benefits are based on the changes in the asset or liability each period. If available evidence suggests that it is more likely than not that some portion or all of the deferred tax assets will not be realized, a valuation allowance is required to reduce the deferred tax assets to the amount that is more likely than not to be realized. We concluded that, due to our established historical cumulative positive income before income taxes plus permanent differences for the recent years, projections of future taxable income, and the reversal of taxable temporary differences, the realization of the deferred tax assets as of December 31, 2025 and 2024 is more likely than not.

ASC 740 clarifies the accounting for uncertain tax positions. This interpretation requires that an entity recognizes in the consolidated financial statements the impact of a tax position, if that position is more likely than not of being sustained upon examination, based on the technical merits of the position. Recognized income tax positions are measured at the largest amount that is greater than 50% likely of being realized. Changes in recognition or measurement are reflected in the period in which the change in judgment occurs. The Company’s accounting policy is to accrue interest and penalties related to uncertain tax positions, if and when required, as interest expense and a component of other expenses, respectively, in the consolidated statements of operations.

Intangible assets other than goodwill

Our intangible assets are initially recorded at the capitalized actual costs incurred, their acquisition cost, or fair value if acquired as part of a business combination, and amortized on a straight-line basis over their respective estimated useful lives, which are the periods over which the assets are expected to contribute directly or indirectly to the future cash flows of the Company. The Company’s intangible assets include software developed for internal use and acquired intangible assets. Intangible assets have estimated useful lives of 5-10 years.

In accordance with ASC 350-40, “Software—internal use software,” we capitalize eligible costs, including personnel-related expenses, share-based compensation, and travel expenses incurred by relevant employees, and other directly attributable costs incurred during the application development stage. Once the software developed for internal use is ready for its intended use, it is amortized on a straight-line basis over its useful life. The acquired intangible assets reflect the acquisition cost of certain data assets for which we have obtained perpetual usage rights.

Goodwill

In accordance with ASC 350, “Intangibles—Goodwill and Other,” goodwill is tested at least annually for impairment, or when events or changes in circumstances indicate that the carrying amount of such assets may not be recoverable, by assessing qualitative factors or performing a quantitative analysis in determining whether it is more likely than not that its fair value exceeds the carrying value. A quantitative assessment involves determining the fair value of each reporting unit using market participant assumptions. An entity should recognize an impairment charge for the amount by which the carrying amount of a reporting unit exceeds its fair value up to the amount of goodwill allocated to that reporting unit. We have assessed that we have one operating segment and one reporting unit, and the consolidated net assets, including existing goodwill and other intangible assets, are considered to be the carrying value of the reporting unit.

On October 1, 2025 and 2024, we performed qualitative assessments on the reporting unit and, based on this assessment, no events have occurred to indicate that it is more likely than not that the fair value of the reporting unit is less than its carry amount. We did not record a goodwill impairment loss during the years ended December 31, 2025 and 2024, and as of December 31, 2025, there was no accumulated goodwill impairment loss.

For purposes of reviewing impairment and the recoverability of goodwill, we must make various assumptions regarding estimated future cash flows and other factors in determining the fair value of the reporting unit, including market multiples, discount rates, etc.

Impairment of long-lived assets

Finite-lived intangible assets are amortized over their respective useful lives and, along with other long-lived assets, are evaluated for impairment periodically whenever events or changes in circumstances indicate that their related carrying amounts may not be recoverable in accordance with ASC 360-10-15, “ Impairment or Disposal of Long-Lived Assets. ” In evaluating long-lived assets for recoverability, including finite-lived intangibles and property and equipment, the Company uses its best estimate of future cash flows expected to result from the use of the asset and eventual disposition in accordance with ASC 360-10-15. To the extent that estimated future undiscounted cash inflows attributable to the asset, less estimated future undiscounted cash outflows, are less than the carrying amount, an impairment loss is recognized in an amount equal to the difference between the carrying value of such asset and its fair value. Assets to be disposed of and for which there is a committed plan of disposal, whether through sale or abandonment, are reported at the lower of carrying value or fair value less costs to sell.

Asset recoverability is an area involving management judgment, requiring assessment as to whether the carrying value of assets can be supported by the undiscounted future cash flows. In calculating the future cash flows, certain assumptions are required to be made in respect of highly uncertain matters such as revenue growth rates, gross margin percentages and terminal growth rates.

We did not record an impairment loss of long-lived assets during the years ended December 31, 2025 and 2024.

Share-based compensation

We account for share-based compensation to employees in accordance with ASC 718, “Compensation—Stock Compensation.” Under ASC 718, we measure the cost of employee services received in exchange for an award of equity instruments based on the grant-date fair value of the award and, for those awards subject only to service condition, recognizes the costs on a straight-line basis over the period the employee is required to provide service in exchange for the award, which generally is the vesting period. For awards with performance and service conditions, we begin recording share-based compensation when achieving the performance criteria is probable and we recognize the costs using the accelerated attribution method. We account for forfeitures as they occur.

We have issued share-based awards with performance-based vesting criteria. Achievement of the milestones must be probable before we begin recording share-based compensation expense. When the performance-based vesting criteria is considered probable, we begin to recognize compensation expense at that time. In the period that achievement of the performance-based criteria is deemed probable, US GAAP requires the immediate recognition of all previously unrecognized compensation since the original grant date. As a result, compensation expense recorded in the period that achievement is deemed probable could include a substantial amount of previously unrecorded compensation expense related to the prior periods. For any share-based awards where performance-based vesting criteria is no longer considered probable, previously recognized compensation cost would be reversed. As of December 31, 2025, no share-based compensation expense has been recognized for 70,000 RSUs subject to the 2024 Performance Criteria, as defined in Note 10, “Share-based compensation,” included in “Notes to Consolidated Financial Statements,” because the Company determined that it is not probable that related performance criteria will be met.

Recently Issued Accounting Standards

See Item 8 of Part II, “Financial Statements and Supplementary Data – Note 2. Summary of significant accounting policies - (r) Recently issued accounting standards. ”

Fourth Quarter Financial Results

For the three months ended December 31, 2025 as compared to the three months ended December 31, 2024:

Total revenue increased 20% to $23.4 million.

Gross profit increased 23% to $16.8 million. Gross margin increased to 72% from 70%.

Adjusted gross profit increased 21% to $19.5 million. Adjusted gross margin increased to 83% from 82%.

Net income increased 226% to $2.8 million, which resulted in earnings of $0.20 and $0.19 per basic and diluted share, respectively. Net income margin increased to 12% from 4%.

Adjusted EBITDA increased 33% to $5.9 million. Adjusted EBITDA margin increased to 25% from 23%.

Adjusted net income increased 53% to $3.1 million, which resulted in adjusted earnings of $0.22 and $0.21 per basic and diluted share, respectively.

Cash from operating activities remained consistent at $6.7 million.

Cash and cash equivalents were $43.6 million as of December 31, 2025.

Full Year Financial Results

For the year ended December 31, 2025 as compared to the year ended December 31, 2024:

Total revenue increased 20% to $90.3 million.

Gross profit increased 26% to $65.1 million. Gross margin increased to 72% from 69%.

Adjusted gross profit increased 23% to $75.4 million. Adjusted gross margin increased to 84% from 81%.

Net income increased 88% to $13.2 million, which resulted in earnings of $0.94 and $0.91 per basic and diluted share, respectively. Net income margin increased to 15% from 9%.

Adjusted EBITDA increased 31% to $31.0 million. Adjusted EBITDA margin increased to 34% from 31%.

Adjusted net income increased 44% to $18.7 million, which resulted in adjusted earnings of $1.33 and $1.30 per basic and diluted share, respectively.

Cash from operating activities increased 22% to $29.3 million.

Use and Reconciliation of Non-GAAP Financial Measures

Management evaluates the financial performance of our business on a variety of key indicators, including non-GAAP metrics of adjusted EBITDA, adjusted EBITDA margin, adjusted net income, adjusted earnings per share, adjusted gross profit, adjusted gross margin, and free cash flow ("FCF"). Adjusted EBITDA is a non-GAAP financial measure equal to net income, the most directly comparable financial measure based on US GAAP, excluding interest income, income tax (benefit) expense, depreciation and amortization, share-based compensation expense, acquisition-related costs, litigation costs, and write-off of long-lived assets. We define adjusted EBITDA margin as adjusted EBITDA as a percentage of revenue. Adjusted net income is a non-GAAP financial measure equal to net income, the most directly comparable financial measure based on US GAAP, adjusted to exclude share-based compensation expense, amortization of share-based compensation capitalized in intangible assets, acquisition-related costs, litigation costs, and write-off of long-lived assets, and to include the tax effect of adjustments. We define adjusted earnings per share as adjusted net income divided by the weighted average shares outstanding. We define adjusted gross profit as gross profit plus depreciation and amortization of certain intangible assets, and adjusted gross margin as adjusted gross profit as a percentage of revenue. We define FCF as net cash provided by operating activities reduced by purchase of property and equipment and capitalized costs included in intangible assets.

The following is a reconciliation of net income, the most directly comparable US GAAP financial measure, to adjusted EBITDA:

Three Months Ended December 31,

Year Ended December 31,

(Dollars in thousands)

Net income

Interest income

Income tax (benefit) expense

Depreciation and amortization

Share-based compensation expense

Acquisition-related costs

Litigation costs

Write-off of long-lived assets

Adjusted EBITDA

Revenue

Net income margin

Adjusted EBITDA margin

The following is a reconciliation of net income, the most directly comparable US GAAP financial measure, to adjusted net income:

Three Months Ended December 31,

Year Ended December 31,

(Dollars in thousands, except share data)

Net income

Share-based compensation expense

Amortization of share-based compensation

capitalized in intangible assets

Acquisition-related costs

Litigation costs

Write-off of long-lived assets

Tax effect of adjustments (1)

Adjusted net income

Earnings per share:

Basic

Diluted

Adjusted earnings per share:

Basic

Diluted

Weighted average shares outstanding:

Basic

Diluted

(1) The tax effect of adjustments is calculated using the expected combined federal and state statutory income tax rate, which was approximately 26.0% for the three months and the years ended December 31, 2025 and 2024.

We refined the methodology for calculating the tax effect of adjustments used in arriving at non-GAAP adjusted net income. Prior period amounts have been revised to conform to the current presentation. These revisions did not affect previously reported GAAP financial statements.

The following is a reconciliation of gross profit, the most directly comparable US GAAP financial measure, to adjusted gross profit:

Three Months Ended December 31,

Year Ended December 31,

(Dollars in thousands)

Revenue

Cost of revenue (exclusive of depreciation and

amortization)

Depreciation and amortization related to cost of revenue

Gross profit

Depreciation and amortization of certain intangible

assets (1)

Adjusted gross profit

Gross margin

Adjusted gross margin

(1) Depreciation and amortization of certain intangible assets primarily consists of the amortization of capitalized internal-use software development costs, which are included within intangible assets and amortized over their estimated useful lives.

The following is a reconciliation of net cash provided by operating activities, the most directly comparable US GAAP financial measure, to FCF:

Three Months Ended December 31,

Year Ended December 31,

(Dollars in thousands)

Net cash provided by operating activities

Less:

Purchase of property and equipment

Capitalized costs included in intangible assets

Free cash flow

In order to assist readers of our consolidated financial statements in understanding the operating results that management uses to evaluate the business and for financial planning purposes, we present non-GAAP measures of adjusted EBITDA, adjusted EBITDA margin, adjusted net income, adjusted earnings per share, adjusted gross profit, adjusted gross margin, and FCF as supplemental measures of our operating performance. We believe they provide useful information to our investors as they eliminate the impact of certain items that we do not consider indicative of our cash operations and ongoing operating performance. In addition, we use them as an integral part of our internal reporting to measure the performance and operating strength of our business.

We believe adjusted EBITDA, adjusted EBITDA margin, adjusted net income, adjusted earnings per share, adjusted gross profit, adjusted gross margin, and FCF are relevant and provide useful information frequently used by securities analysts, investors and other interested parties in their evaluation of the operating performance of companies similar to ours and are indicators of the operational strength of our business. We believe adjusted EBITDA eliminates the uneven effect of considerable amounts of non-cash depreciation and amortization, and share-based compensation expense, and the impact of other items not indicative of our ongoing operating performance. Adjusted EBITDA margin is calculated as adjusted EBITDA as a percentage of revenue. We believe adjusted net income provides additional means of evaluating period-over-period operating performance by eliminating certain non-cash expenses and other items that might otherwise make comparisons of our ongoing business with prior periods more difficult and obscure trends in ongoing operations. Adjusted net income is a non-GAAP financial measure equal to net income, adjusted to exclude share-based compensation expense, amortization of share-based compensation capitalized in intangible assets, and other items not indicative of our ongoing operating performance, and to include the tax effect of adjustments. We define adjusted earnings per share as adjusted net income divided by the weighted average shares outstanding. Our adjusted gross profit is a measure used by management in evaluating the business’s current operating performance by excluding the impact of prior historical costs of assets that are expensed systematically and allocated over the estimated useful lives of the assets, which may not be indicative of the current operating activity. We define adjusted gross profit as gross profit plus depreciation and amortization of certain intangible assets. We believe adjusted gross profit provides useful information to our investors by eliminating the impact of certain non-cash depreciation and amortization, and primarily the amortization of software developed for internal use, providing a baseline of our core operating results that allow for analyzing trends in our underlying business consistently over multiple periods. Adjusted gross margin is calculated as adjusted gross profit as a percentage of revenue. We believe FCF is an important liquidity measure of the cash that is available, after capital expenditures, for operational expenses and investment in our business. FCF is a measure used by management to understand and evaluate the business’s operating performance and trends over time. FCF is calculated by using net cash provided by operating activities, less purchase of property and equipment and capitalized costs included in intangible assets.

Adjusted EBITDA, adjusted EBITDA margin, adjusted net income, adjusted earnings per share, adjusted gross profit, adjusted gross margin, and FCF are not intended to be performance measures that should be regarded as an alternative to, or more meaningful than, financial measures presented in accordance with US GAAP. In addition, FCF is not intended to represent our residual cash flow available for discretionary expenses and is not necessarily a measure of our ability to fund our cash needs. The way we measure adjusted EBITDA, adjusted EBITDA margin, adjusted net income, adjusted earnings per share, adjusted gross profit, adjusted gross margin, and FCF may not be comparable to similarly titled measures presented by other companies, and may not be identical to corresponding measures used in our various agreements.

Quarterly Financial Data (unaudited)

The following tables set forth the Company's unaudited quarterly consolidated statements of operations data and reconciliations of certain directly comparable US GAAP financial measures to non-GAAP financial measures, including adjusted EBITDA, adjusted EBITDA margin, adjusted net income, adjusted earnings per share, adjusted gross profit, adjusted gross margin, and FCF for each of the eight quarters in the two-year period ended December 31, 2025. The Company has prepared the quarterly unaudited consolidated statements of operations data on a basis consistent with the audited consolidated financial statements included elsewhere in this 2025 Form 10-K. In the opinion of management, the financial information in these tables reflects all adjustments, consisting only of normal recurring adjustments, which management considers necessary for a fair presentation of this data. This information should be read in conjunction with the audited consolidated financial statements and related notes included elsewhere in this 2025 Form 10-K. The results of historical periods are not necessarily indicative of the results for any future period.

Three Months Ended

(In thousands, except share data) (Unaudited)

Revenue

Costs and expenses:

Cost of revenue (exclusive of

depreciation and amortization)

Sales and marketing expenses

General and administrative expenses

Depreciation and amortization

Total costs and expenses

Income from operations

Interest income

Income before income taxes

Income tax expense (benefit)

Net income

Earnings per share:

Basic

Diluted

Weighted average shares

outstanding:

Basic

Diluted

Three Months Ended

(In thousands) (Unaudited)

Net income

Interest income

Income tax expense (benefit)

Depreciation and amortization

Share-based compensation expense

Litigation costs

Acquisition-related costs

Write-off of long-lived assets

Adjusted EBITDA

Revenue

Net income margin

Adjusted EBITDA margin

Three Months Ended

(In thousands, except share data) (Unaudited)

Net income

Share-based compensation expense

Amortization of share-based

compensation capitalized

in intangible assets

Acquisition-related costs

Litigation costs

Write-off of long-lived assets

Tax effect of adjustments (1)

Adjusted net income

Earnings per share:

Basic

Diluted

Adjusted earnings per share:

Basic

Diluted

Weighted average shares

outstanding:

Basic

Diluted

(1) We refined the methodology for calculating the tax effect of adjustments used in arriving at non-GAAP adjusted net income. Prior period amounts have been revised to conform to the current presentation. These revisions did not affect previously reported GAAP financial statements.

Three Months Ended

(In thousands) (Unaudited)

Revenue

Cost of revenue (exclusive of

depreciation and amortization)

Depreciation and amortization

related to cost of revenue

Gross profit

Depreciation and amortization

of certain intangible assets

Adjusted gross profit

Gross margin

Adjusted gross margin

Three Months Ended

(In thousands) (Unaudited)

Net cash provided by operating

activities

Less:

Purchase of property and equipment

Capitalized costs included in

intangible assets

Free cash flow

Results of Operations

Year ended December 31, 2025 compared to year ended December 31, 2024

Revenue

Revenue increased $15.1 million, or 20%, to $90.3 million for the year ended December 31, 2025, compared to $75.2 million in 2024. The increase was driven by strong onboarding of new customers and volume expansion across the existing customer base.

Revenue from new customers increased $0.7 million, or 11%, to $7.3 million.

Revenue from existing customers increased $14.3 million, or 21%, to $83.0 million.

Revenue from new customers represents total monthly revenue generated from customers during their first six full calendar months of revenue contribution. Revenue from existing customers represents total monthly revenue generated from customers beginning in their seventh full calendar month of revenue contribution.

Beginning in the first quarter of 2025, we consolidated our prior base revenue and growth revenue categories into a single revenue from existing customers metric to provide a more streamlined and meaningful view of ongoing customer contribution.

As of December 31, 2025, our IDI billable customer base increased to 10,022 customers, up from 8,926 customers a year earlier. Our FOREWARN user base increased to 390,018 users, up from 303,418 users a year earlier.

Cost of revenue (exclusive of depreciation and amortization)

Cost of revenue (exclusive of depreciation and amortization) increased $0.7 million, or 5%, to $14.7 million for the year ended December 31, 2025, compared to $14.0 million in 2024.

Our cost of revenue primarily consists of data acquisition costs, which includes the cost to acquire data under flat-fee licensing agreements, including unlimited usage arrangements, as well as purchases on a transactional basis. We continue to enhance the breadth and depth of our data by the addition and expansion of relationships with key data suppliers, including our largest data supplier, which accounted for 45% of our total data acquisition costs for the years ended December 31, 2025 and 2024. Effective on May 1, 2025, we entered into an amendment with our largest data supplier, extending the term of the agreement through April 30, 2031.

Additional components of our cost of revenue include cloud infrastructure fees and pertinent personnel-related costs.

Due to the fixed-cost nature of our primary data licensing structure, cost of revenue as a percentage of revenue decreased to 16% for the year ended December 31, 2025, compared to 19% in 2024. We expect this percentage to continue to decline over time as our revenue increases.

Sales and marketing expenses

Sales and marketing expenses increased $4.0 million, or 22%, to $21.8 million for the year ended December 31, 2025, compared to $17.8 million in 2024. The increase reflects our continued investment in expanding our go-to-market capabilities to support long-term revenue growth.

Sales and marketing expenses include personnel-related expenses, advertising, marketing and agency expenses, travel expenses, and share-based compensation expense incurred by our sales team, and provision for bad debts.

The increase was primarily driven by:

an increase of $2.8 million in personnel-related expenses;

an increase of $0.3 million in advertising, marketing and agency expenses;

an increase of $0.4 million in provision for bad debts, and

an increase of $0.2 million in share-based compensation expense.

General and administrative expenses

General and administrative expenses increased $4.1 million, or 16%, to $30.0 million for the year ended December 31, 2025, compared to $25.9 million in 2024. The increase reflects higher personnel-related expenses and share-based compensation expense to support the continued growth of the business.

For the years ended December 31, 2025 and 2024, general and administrative expenses consisted primarily of:

personnel-related expenses of $16.5 million and $13.8 million, respectively;

share-based compensation expense of $5.7 million and $5.3 million, respectively; and

professional fees of $5.3 million and $4.2 million, respectively. Professional fees included $0.4 million and $0, respectively, of acquisition-related costs incurred in connection with the due diligence of potential strategic targets.

Depreciation and amortization

Depreciation and amortization expenses increased $1.1 million, or 12%, to $10.7 million for the year ended December 31, 2025, compared to $9.6 million in 2024.

The increase was primarily driven by the amortization of intangible assets that became ready for their intended use after December 31, 2024.

Interest income

Interest income remained consistent at $1.4 million for the years ended December 31, 2025 and 2024.

The interest income was primarily attributable to yields on money market fund investments.

Income before income taxes

Income before income taxes increased $5.3 million, or 56%, to $14.6 million for the year ended December 31, 2025, compared to $9.3 million in 2024.

The increase was primarily driven by:

an increase of $15.1 million in revenue,

partially offset by:

an increase of $0.7 million in cost of revenue (exclusive of depreciation and amortization);

an increase of $5.5 million in personnel-related expenses;

an increase of $1.1 million in professional fees;

an increase of $0.6 million in share-based compensation expense; and

an increase of $1.1 million in depreciation and amortization expense.

Income tax expense

Income tax expense was $1.4 million for the year ended December 31, 2025, compared to $2.3 million in 2024.

The decrease in income tax expense was primarily driven by a decrease in the effective tax rate to 10% for the year ended December 31, 2025 from 25% in 2024, partially offset by higher pre-tax income.

On July 4, 2025, the One Big Beautiful Bill Act (the "OBBBA") was enacted into law, which makes permanent key elements of the Tax Cuts and Jobs Act, including the election for full expensing of domestic research and experimentation expenditures. We evaluated the impact of the OBBBA on our consolidated financial statements and concluded that it did not have a material impact.

For additional information, refer to Note 8, “Income Taxes,” included in “Notes to Consolidated Financial Statements.”

Net income

Net income increased $6.2 million, or 88%, to $13.2 million for the year ended December 31, 2025, compared to $7.0 million in 2024, as a result of the foregoing.

Effect of Inflation

We believe the persistent inflationary pressures during 2024 and into early 2025 contributed to a more challenging macroeconomic environment, increasing recessionary concerns and prompting some businesses to moderate discretionary spending. While the pace of inflation has shown signs of moderation more recently, macroeconomic uncertainty and higher interest rates have continued to influence business sentiment and spending patterns in certain sectors. These conditions have resulted in — and may continue to contribute to — fluctuations in transaction volumes, pricing dynamics, and operating margins across our services.

In addition, elevated interest rates implemented to curb inflation may reduce the demand for credit, which could in turn lead to lower usage of our services by customers in the banking, financial services, and adjacent industries.

Despite these broader market dynamics, inflation has not had a material impact on our financial results to date. Where feasible, we have taken proactive steps to mitigate inflation-related cost increases, including implementing pricing adjustments where permitted under contract terms and competitive conditions.

Liquidity and Capital Resources

Cash flows provided by operating activities

For the year ended December 31, 2025, net cash provided by operating activities was $29.3 million. This was primarily driven by:

net income of $13.2 million;

non-cash adjustments totaling $19.4 million, including share-based compensation expense, depreciation and amortization, write-off of long-lived assets, provision for bad debts, noncash lease expenses, and deferred income tax expense; and

changes in operating assets and liabilities, which resulted in a net use of cash of $3.2 million, primarily due to an increase in accounts receivable, and prepaid expenses and other current assets, and a decrease in operating lease liabilities, partially offset by the increase in accrued expenses and other current liabilities and deferred revenue.

For the year ended December 31, 2024, net cash provided by operating activities was $24.0 million. This was primarily driven by:

net income of $7.0 million;

non-cash adjustments totaling $18.5 million, including share-based compensation expense, depreciation and amortization, write-off of long-lived assets, provision for bad debts, noncash lease expenses, and deferred income tax expense; and

changes in operating assets and liabilities, which resulted in a net use of cash of $1.6 million, primarily due to an increase in accounts receivable, prepaid expenses and other current assets, and other noncurrent assets, and a decrease in operating lease liabilities, partially offset by the increase in accounts payable, and accrued expenses and other current liabilities.

Cash flows used in investing activities

For the years ended December 31, 2025 and 2024, net cash used in investing activities was $11.2 million and $9.6 million, respectively, primarily as a result of capitalized costs included in intangible assets.

Cash flows used in financing activities

For the year ended December 31, 2025, net cash used in financing activities was $11.1 million. This was primarily driven by:

the payment of the Dividend totaling $4.2 million;

taxes paid in connection with the net share settlement of vesting RSUs totaling $6.0 million; and

common stock repurchases totaling $0.9 million, conducted pursuant to our Stock Repurchase Program.

On December 3, 2024, we declared the Dividend of $0.30 per share on our common stock to shareholders of record as of January 31, 2025. The Dividend, totaling $4.2 million, was paid on February 14, 2025.

The Stock Repurchase Program was originally authorized by the Board of Directors on May 2, 2022, permitting repurchases of our common stock from time to time, which was subsequently amended on each of December 19, 2023 and March 28, 2024. On November 3, 2025, the Board of Directors further authorized the repurchase of an additional $15.0 million under the Stock Repurchase Program, bringing the total authorization to $30.0 million.

For the year ended December 31, 2024, net cash used in financing activities was $9.9 million. This was primarily driven by:

taxes paid in connection with the net share settlement of vesting RSUs totaling $4.1 million; and

common stock repurchases totaling $5.9 million, conducted pursuant to our Stock Repurchase Program.

Commitments

As of December 31, 2025, we had material commitments under data licensing agreements and a cloud service agreement totaling $42.0 million.

We expect to fund these commitments, as well as our ongoing operating and capital requirements, using available cash on hand and cash flows generated from operations over the next twelve months.

Capital Resources

We reported net income of $13.2 million and $7.0 million for the years ended December 31, 2025 and 2024, respectively. As of December 31, 2025, we had total shareholders’ equity of $100.9 million and cash and cash equivalents of $43.6 million.

Based on our projected growth in revenue and operating results over the next twelve months, and the available cash on hand, we believe that our existing resources will be sufficient to fund operations and expected capital expenditures for at least the next twelve months.

While we anticipate continuing to fund our business through internally generated cash flows, future capital needs may arise based on the pace of revenue growth, investment in technology, or strategic initiatives. In such cases, we may seek to raise additional capital through the issuance of equity and/or debt securities. However, any such financing, if available, could result in dilution to existing stockholders and may involve terms that are not favorable to the Company.

Off-Balance Sheet Arrangements

We do not have any outstanding off-balance sheet guarantees, interest rate swap transactions or foreign currency forward contracts. In addition, we do not engage in trading activities involving non-exchange traded contracts. In our ongoing business, we do not enter into transactions involving, or otherwise form relationships with, unconsolidated entities or financial partnerships that are established for the purpose of facilitating off-balance sheet arrangements or other contractually narrow or limited purposes.

CAUTIONARY NOTE REGARDING FORWARD-LOOKING STATEMENTS

This 2025 Form 10-K contains certain “forward-looking statements” within the meaning of the PSLRA, Section 27A of the Securities Act, and Section 21E of the Exchange Act. Such forward-looking statements contain information about our expectations, beliefs or intentions regarding our product development and commercialization efforts, business, financial condition, results of operations, strategies or prospects. You can identify forward-looking statements by the fact that these statements do not relate strictly to historical or current matters. Rather, forward-looking statements relate to anticipated or expected events, activities, trends or results as of the date they are made. Because forward-looking statements relate to matters that have not yet occurred, these statements are inherently subject to risks and uncertainties that could cause our actual results to differ materially from any future results expressed or implied by the forward-looking statements.

Many factors could cause our actual activities or results to differ materially from the activities and results anticipated in forward-looking statements. These factors include the following:

Our products and services are highly technical and if they contain undetected errors, our business could be adversely affected and we may have to defend lawsuits or pay damages in connection with any alleged or actual failure of our products and services.

If we fail to respond to rapid technological changes in the data and analytics sector, we may lose customers and/or our products and/or services may become obsolete.

Because our networks and information technology systems are critical to our success, if unauthorized persons access our systems or our systems otherwise cease to function properly, our operations could be adversely affected and we could lose revenue or proprietary information, all of which could materially adversely affect our business.

Data security and integrity are critically important to our business, and breaches of security, unauthorized access to or disclosure of confidential information, disruption, including DDoS attacks or the perception that confidential information is not secure, could result in a material loss of business, substantial legal liability or significant harm to our reputation.

If we fail to maintain and improve our systems, our certifications, our technology, and our interfaces with data and customers, demand for our services could be adversely affected.

Issues in the development and use of artificial intelligence and generative artificial intelligence may result in reputational harm, liability, or other adverse consequences to our business.

Our business is subject to various governmental regulations, laws, and orders, compliance with which may cause us to incur significant expenses or reduce the availability or effectiveness of our solutions, and the failure to comply with which could subject us to civil or criminal penalties or other liabilities.

The outcome of litigation, inquiries, investigations, examinations, or other legal proceedings in which we are involved, in which we may become involved, or in which our customers or competitors are involved, could subject us to significant monetary damages or restrictions on our ability to do business.

Our bylaws designate the Court of Chancery of the State of Delaware as the sole and exclusive forum for certain actions, including derivative actions, which could limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with the Company and its directors, officers, other employees, or the Company's stockholders, and may discourage lawsuits with respect to such claims.

Our future operating results remain uncertain.

We depend, in part, on strategic alliances and joint ventures to grow our business. If we are unable to develop and maintain these strategic alliances and joint ventures, our growth may be adversely affected.

If we consummate any future acquisitions, we will be subject to the risks inherent in identifying, acquiring, and operating a newly acquired business.

Our relationships with key customers may be materially diminished or terminated, which could adversely affect our business, financial condition, and results of operations.

If we lose the services of key personnel, it could adversely affect our business.

Our revenue is concentrated in the U.S. market across a broad range of industries. When these industries or the broader financial markets experience a downturn, demand for our services and revenue may be adversely affected.

We could lose our access to data sources which could prevent us from providing our services.

We must adequately protect our intellectual property in order to prevent loss of valuable proprietary information.

We face intense competition from both start-up and established companies that may have significant advantages over us and our products.

There may be further consolidation in our end-customer markets, which may adversely affect our revenue.

To the extent the availability of free or relatively inexpensive consumer and/or business information increases, the demand for some of our services may decrease.

If our newer products do not achieve market acceptance, revenue growth may suffer.

Our products and services can have long sales and implementation cycles, which may result in substantial expenses before realizing any associated revenue.

If our outside service providers and key vendors are not able to or do not fulfill their service obligations, our operations could be disrupted and our operating results could be harmed.

Consolidation in the data and analytics sector may limit market acceptance of our products and services.

We may incur substantial expenses defending against claims of infringement.

Environmental issues, including any future reporting obligations in connection with environmental issues, may adversely impact our business and operations.

Our stock price has been and may continue to be volatile, and the value of an investment in our common stock may decline.

Future issuances of shares of our common stock in connection with acquisitions or pursuant to our stock incentive plan could have a dilutive effect on your investment.

The concentration of our stock ownership may limit individual stockholder ability to influence corporate matters.

We are a “smaller reporting company,” and the reduced disclosure requirements applicable to smaller reporting companies may make our common stock less attractive to investors.

We expect that we may need additional capital in the future; however, such capital may not be available to us on reasonable terms, if at all, when or as we require additional funding. If we issue additional shares of our common stock or other securities that may be convertible into, or exercisable or exchangeable for, our common stock, our existing stockholders would experience further dilution.

There is no assurance that we will continue to declare or pay dividends on our common stock in the future.

It em 7A. Quantitative and Qualitative Disclosures About Market Risk.

As a smaller reporting company as defined in Rule 12b-2 of the Exchange Act, we are not required to include information otherwise required by this item.