RISK FACTORS SUMMARY
The following is a summary of the principal risks that could materially adversely affect our business, results of operations, and financial condition. Additional discussion of the risks included in this summary, and other risks that we face, can be found below and should be carefully considered, together with other information in this Annual Report on Form 10-K in its entirety before making investment decisions regarding our Class A common stock. This summary should not be relied upon as an exhaustive summary of the material risks facing our business.
• If we fail to manage our growth effectively and efficiently, we may be unable to execute our business plan, maintain high levels of service and customer satisfaction, or adequately address competitive challenges.
• If we do not attract new customers, retain existing customers, and increase our customers’ use of our platform, our business will suffer.
• We have a limited operating history in an evolving industry at our current scale, which makes it difficult to evaluate our future prospects and may increase the risk that we will not be successful.
• If we are unable to achieve adequate revenue growth while our expenses increase, we may not consistently maintain or increase profitability in the future.
• We use artificial intelligence in our platform and product offerings, and our success is dependent upon our ability to leverage data, develop competitive products, and manage related risks.
• Unfavorable conditions in the restaurant industry or the global economy could limit our ability to grow our business and materially impact our financial performance.
• The markets in which we participate are intensely competitive, and if we do not compete effectively, our operating results could be adversely affected.
• We depend upon third parties to manufacture our hardware products and to supply key components necessary to manufacture our hardware products. We do not have long-term agreements with all of our manufacturers and suppliers, and if these manufacturers or suppliers become unwilling or unable to provide an adequate supply of components, we may not be able to find alternative sources in a timely manner and our business would be impacted.
• Our future revenue will depend in part on our ability to expand the financial technology services we offer to our customers and increase adoption of those services.
• We rely on third-party payment processors to process and settle payments made by guests, payments made to customers, and payments made on behalf of customers, and if we cannot manage risks related to our relationships with our current or future third-party payment processors, our business, financial condition, and results of operations could be adversely affected.
• A majority of our customers are small- and medium-sized businesses, which can be more difficult and costly to retain than enterprise customers and are subject to increased impacts of economic fluctuations, which may adversely affect our business and operations.
• Our operating results depend in significant part on our payment processing services, and the revenue and gross profit we derive from our payment processing activity in a particular period can vary due to a variety of factors.
• We rely in part on revenue from subscription contracts, and because we recognize revenue from subscription contracts over the term of the relevant subscription period, downturns or upturns in sales are not immediately reflected in full in our results of operations.
• We depend on the experience and expertise of our management team and qualified personnel. Our ability to recruit, retain, and develop talent is critical to our success and growth.
• We are responsible for transmitting a high volume of sensitive and personal information through our platform and our success depends upon the security of this platform. Any actual or perceived breach of our system that would result in disclosure of such information could materially impact our business.
Table of Contents
• We are subject to risks associated with certain financial products we offer and our handling of customer funds, including counterparty risk with key partners, the ability of our customers to pay their obligations, and the risk of fraud.
• Interruptions or performance problems associated with our technology and infrastructure may adversely affe ct our business and operating results.
• Our success depends upon our ability to continually enhance the performance, reliability, and features of our platform.
• If we fail to adequately protect our intellectual property rights, our competitive position could be impaired and we may lose valuable assets or revenue and become subject to costly litigation to protect our rights.
• Our business is subject to a variety of U.S. and international laws and regulations, many of which are unsettled and still developing, and our or our customers’ failure to comply with such laws and regulations could subject us to claims or otherwise adversely affect our business, financial condition, or results of operations.
• The trading price of our Class A common stock may be volatile, and you could lose all or part of your investment.
• The dual-class structure of our common stock as contained in our amended and restated certificate of incorporation has the effect of concentrating voting control with those stockholders who held our capital stock prior to our initial public offering, including our directors, executive officers and their respective affiliates. This ownership will limit or preclude your ability to influence corporate matters, including the election of directors, amendments of our organizational documents, and any merger, consolidation, sale of all or substantially all of our assets, or other major corporate transactions requiring stockholder approval, and that may adversely affect the trading price of our Class A common stock.
Table of Contents
PART I
Item 1. Business
Our Mission
Our mission is to empower the restaurant community to delight their guests, do what they love, and thrive.
Overview
Toast, Inc., which we refer to as Toast, we, or the Company, is a cloud-based, all-in-one digital technology platform purpose-built for the entire restaurant community. We provide a comprehensive platform of software-as-a-service, or SaaS, products and financial technology solutions, including integrated payment processing, restaurant-grade hardware, and a broad ecosystem of third-party partners. We serve as the restaurant operating system, connecting front of house and back of house operations across service models including dine-in, takeout, delivery, catering, and retail.
Our Market
Restaurants and food and beverage retailers are highly diverse and complex and generally operate with low margins, high employee turnover, highly perishable products, and complex regulations. At the same time, these businesses operate in a dynamic environment with changing input costs, labor constraints, evolving consumer preferences, and the imperative to utilize technology and data to innovate. What was once primarily an on-site experience with antiquated solutions is now becoming an omnichannel experience with operators employing technology to enable a range of additional service models, including curbside pick-up, delivery, wholesale, and catering.
Over the last several years, consumer preference towards omnichannel commerce and digital engagement options has accelerated. With food service and retail businesses of varying sizes - from small and mid-sized operators to larger, multi-location and enterprise customers- operating in an increasingly dynamic environment, it is critical that we provide our customers with the tools they need to drive revenue and best serve their guests. As diversity grows in how guests order, where guests transact, and the means guests use to pay, operators must constantly adapt to support these trends. We have seen operators expanding into new service models in recent years, allowing guests to choose the type of service that best suits them.
We believe we are in the early stages of capturing our addressable market opportunity and we see a significant opportunity to increase sales to both new and existing customers, address more of the diverse needs of our customers, and expand our platform outside the United States and with different types of customers. See the section titled “Our Growth Strategy” below for additional details.
Our Products and Platform
Toast’s all-in-one technology platform is purpose-built to support the operational needs of restaurants and food and beverage retailers across a range of formats, sizes, and stages of growth. Our proprietary Android-based software powers our single platform of vertically integrated solutions, and combined with our purpose-built hardware and integrated payments solutions, we deliver a unified system that supports daily operations, employee workflows, and guest engagement.
Our platform is designed to serve as a central operating system for our customers’ businesses, with solutions that span point-of-sale, digital ordering and delivery, labor and workforce management, inventory and supply chain tools, marketing and loyalty, financial management, and related services. By offering these solutions on a single, integrated platform, we enable customers to manage operations more efficiently and to adopt additional capabilities as their businesses grow in scale and complexity.
Designed to work together, our solutions deliver increasing value as customers adopt more of the platform. For example, customers that use our digital ordering solutions can connect those orders directly with our marketing and loyalty tools, allowing them to promote offers to returning guests, encourage repeat visits, and
Table of Contents
drive more orders through their own digital channels, which can help customers save on third-party commissions and deliver incremental margins.
We continue to enhance the capabilities of our platform and expand its applicability across use cases, while maintaining a focus on reliability, scalability, and security. Our approach emphasizes delivering operational outcomes for customers through integrated workflows, data-driven insights, and ongoing innovation across the platform.
Point-of-Sale (POS) & Restaurant Operations
Toast’s in-store POS and restaurant operations offerings are built to help reduce time to take an order, optimize operations, and seamlessly handle payments. This includes software to run fixed-location POS terminals, handheld POS devices, and self-service kiosks that allow restaurant staff to take orders and guests to pay, all of which run on Toast hardware with proprietary technology. In the kitchen, our Kitchen Display System and kitchen printers allow operators to integrate in-store and online orders, helping keep kitchen staff organized and driving operational efficiencies.
Robust above-store offerings include our multi-location management and menu management tools that allow operators to configure our products to fit the specific needs of individual locations while also providing customers with the ability to view data across their locations for a centralized, clear view of business performance. Operators can analyze data generated by staff and guest interactions with our products to understand menu and operational performance. They can also assess performance against aggregated data from restaurants in their local markets using Toast Benchmarking.
Toast IQ
Toast IQ is a conversational artificial intelligence, or AI, assistant built into our platform that uses real-time and historical data from our customers’ operations to help surface actionable business insights and enable operators to ask questions in natural language and take actions directly within the Toast system. Toast IQ is intended to help operators identify trends, make informed decisions, and streamline routine operational workflows through data-driven intelligence and integrated platform actions.
Marketing
Toast’s marketing products provide simple, integrated solutions to deliver targeted email and SMS campaigns, reach new guests with advertising campaigns across third-party digital channels, build loyalty programs, offer gift cards, and take reservations to drive further engagement with guests.
Features within our marketing products, such as our writing assistant powered by AI, custom templates and one-click email campaigns, are designed to help operators save time on crafting marketing strategies. Additionally, certain of our products enable operators to create tailored marketing based on guest interactions across our product suite, such as visit frequency and spending patterns, to drive guest engagement and help improve retention. Data-driven insights within these products allow operators to easily create and optimize their marketing efforts over time. In addition, certain marketing products enable operators to create and manage advertising campaigns designed to reach new guests across third-party digital channels, helping to extend their visibility beyond existing customers.
Online Ordering & Delivery
We provide software solutions that allow customers to take control of and consolidate digital ordering and delivery across Toast-provided solutions and third-party ordering channels. Toast’s Websites and Branded App products aim to simplify building and managing a restaurant’s digital presence with templates and real-time menu updates integrated with the POS system. Our commission-free, first-party online ordering product and the consumer Local by Toast application are designed to simplify the digital ordering experience for guests, increase order accuracy, and allow restaurants to reduce reliance on third parties for driving online orders. We enable restaurants to offer delivery services in a variety of ways that can be tailored to the different needs and operations of restaurants. With our POS integrations, restaurants can streamline order intake, eliminate the need for third-party tablets, and seamlessly sync menus.
Table of Contents
Team Management
Toast’s payroll and team management products offer a centralized hub that streamlines the employee onboarding, management, and payroll process. Integrated POS and payroll creates a single employee record across systems, allowing for hours, tips, and employee data to synchronize seamlessly - helping managers save time and improving the employee experience. Our scheduling products facilitate simple shift scheduling, shift swapping and team communication to keep the whole team in sync.
Vendor Management
Toast’s vendor management offerings are built to help operators make more informed, data-driven decisions by integrating key data and automating processes to provide actionable insights across the back office. We enable operators to better manage costs and spend less time on administrative tasks - allowing them to focus more on their guests and teams.
xtraCHEF by Toast provides a comprehensive set of back-office tools for restaurants, including accounts payable automation, inventory management, ingredient price tracking, and recipe costing. By integrating POS, Toast Payroll, accounting software, and supplier data, we provide operators with valuable insights to help manage fluctuating costs, automate financial processes, and optimize back-office tasks to proactively manage margins.
Retail
Toast's food and beverage retail offering helps restaurants, convenience stores, bottle shops, and grocery stores of all shapes, sizes, and concepts save time, streamline inventory management, and enhance the customer experience. With Toast’s mobile-first SmartScan technology, operators can scan an item’s barcode with their mobile device and pull key information into their POS including an item’s name, brand, a high-quality image, and an AI-generated recommended description. Additionally, Toast’s smart inventory planning capabilities use historical sales data to predict the number of days before a retail item runs out on the shelf, enabling operators to plan ahead.
Food and beverage retailers can also leverage the rest of the Toast platform to manage their employees, finances, and guest touchpoints. For operators of hybrid restaurant and retail establishments, they can use one consolidated POS, reducing operational complexity and training needs, and use unified reporting tools to see a complete picture of their operations.
Financial Technology Solutions
Toast provides a fully-integrated platform that enables our customers to securely accept and process payments, while also providing valuable data-driven insights and driving our guest engagement programs. We maintain competitive and clear pricing, our systems are in compliance with the relevant PCI Security Council standards, and our hardware is EMVCo certified to allow customers to support both contact and contactless payments.
We also offer a number of ways for customers to reduce the upfront cost of our products. With an Easy Pay commercial lease, Toast customers can get up and running quickly while minimizing their upfront costs, such as hardware and onboarding fees, by making lease payments generally through a portion of their daily transactions. We also help tackle rising daily payment processing costs by offering automated, industry compliant credit card surcharging to help eligible customers offset their card processing fees.
Toast Capital offers eligible restaurants access to fast and flexible funding via loans issued by our bank partner that are generally repaid through a portion of their daily transactions. We are uniquely positioned to provide our restaurants with access to capital using proprietary systems to assist with loan origination that incorporate data science models, historical POS data, and payment processing volume. Toast Capital provides applicants with a straightforward process that allows approved borrowers access to funds as soon as the next business day after signing a credit agreement, allowing restaurateurs to focus on running and growing their
Table of Contents
businesses. In addition to Toast Capital, we also offer access to a number of other financial technology solutions.
Our Technology
Our proprietary technology underpins our products to provide a streamlined, integrated customer experience. Our platform is designed to be stable and secure, and provides our individual product teams common capabilities, shared services, and reusable components to build new products efficiently.
Our digital technology platform includes:
Software, cloud-based services, and partner ecosystem
• Reliable cloud services . Our highly scalable, services-based, multi-tenant architecture runs on Amazon Web Services.
• Offline POS capabilities. In the event of an internet or network disruption, Toast’s offline POS capabilities provide essential continuity of operations. This capability allows customers to continue to place orders, send orders to Kitchen Display Systems, print tickets and receipts, and take credit card payments. In offline mode, credit card information is securely encrypted and stored on the Toast device until it regains connection.
• Partner APIs . Toast has curated a portfolio of over 200 technology partners that utilize Toast APIs to deliver a broad range of specialized solutions.
Payments
Toast provides fast and secure, integrated payment processing through its POS devices, standalone contactless reader, or Toast Tap reader, and online ordering applications.
• Security and compliance. Toast is a PCI-DSS compliant Level 1 Service Provider. All of our card processing products and services are assessed annually by an independent security organization that has been qualified by the PCI Security Standards Council to validate an entity's adherence to PCI-DSS.
• Reliability. We leverage our extensive on-the-ground experience to provide a reliable payments experience that is resilient to issues with customers’ networks or internet service providers as well as Toast’s own cloud platform.
• Flexible omni-channel capabilities. Toast provides in-store, digital, and partner payment capabilities. In-store payments through the Toast integrated card reader and Toast Tap reader support card dipping, tapping, and swiping as well as Apple Pay, Google Pay, and Samsung Pay, with fraud detection capabilities to minimize transaction risks. Using Toast-provided payments across channels simplifies our customers’ experience, providing them with a single daily deposit of funds and consolidated reporting for easier accounting.
Hardware
• User-friendly, durable, and designed to last. Our custom-designed hardware is pre-configured to enable self-installation with limited support and is created to be restaurant grade for spills and drops with a long battery life.
• Device management. Our hardware utilizes the open-source Android mobile operating system which enables us to freely distribute the operating system to the Toast terminal and handheld devices. Proprietary management tools are designed to allow Toast to safely and efficiently upgrade POS software and device firmware as well as to monitor the health of devices across the fleet.
• Cellular backup. We provide optional cellular backup in Toast Go® 3 handhelds that allows seamless online operation including payments, kitchen syncing, and ticket printing when handhelds move beyond
Table of Contents
Wi-Fi. We provide optional cellular backup in routers to provide redundancy when our customers’ internet service is disrupted.
Our Growth Strategy
Our strategy is to continue to invest in areas that align with our customers’ needs and strategically open up new markets to serve new customer types. We expect that both we and our customers will continue to realize the value of our platform as we scale, make enhancements to our technology, offer more products and services, and help our customers increase revenue while saving time and money. Toast both drives and benefits from the success of our customers—when they grow, Toast grows through higher payments volume and increased adoption of our full platform.
• Fuel efficient location growth in our core U.S. market. Despite our rapid growth and scale, we estimate that U.S. restaurant locations on our platform account for approximately 20% of the U.S. restaurant market. We expect the restaurant industry to continue to shift toward innovative, digital, cloud-based solutions as restaurants seek to leverage technology to drive more growth and operate more efficiently. We therefore believe there is a substantial opportunity to grow our location footprint. To that end, we intend to invest in our field-based go-to-market engine, customer success through a combination of tailored onboarding services, customer support, and intuitive product design, as well as research and development of new products to serve the evolving needs of restaurants and provide solutions that cater to all segments of the restaurant industry. We also expect to see continued location growth among our existing customers, both as they open new locations and as we continue to roll out the Toast platform to more of our customers’ existing locations.
• Expand our addressable market . We believe there is a significant opportunity to expand outside of the United States as well as to expand the types of customers we serve. We see opportunities to use our technology and products to serve new customer types to expand our addressable market beyond restaurants, starting with food and beverage retail customers. We have small and growing investments in sales and research and development to address both the international and food and beverage retail opportunities. We are in the early stages of expanding our addressable market and it is a long-term initiative in our growth strategy.
• Increase adoption of our products . We believe that we are well-positioned to sell additional products to our existing customers through a combination of sales and marketing efforts and product-led growth. We believe our all-in-one, integrated platform approach is well-suited to a customer base that has historically struggled to adopt technology at the same pace as other industries due to a lack of dedicated information technology resources.
• Invest in and expand our product platform. We intend to further invest in research and development to expand the functionality of our current platform and to broaden the subscription services and financial technology solutions we offer. We believe our proven track record and continued strategy to build products that directly address key pain points for our stakeholders will differentiate us and help grow our addressable market. We also believe we have an opportunity to expand the ways in which we leverage the data on our platform to help our customers succeed.
• Further develop our partner ecosystem. Toast’s integrated platform currently connects customers to over 200 partners, providing our customers with the tools and features they need to run their business. Today, we have partnerships in place across a spectrum of solutions that include employee management, reservations, inventory, accounting, security, analytics, marketing and customer relationship management, loyalty, mobile pay, gift cards, online ordering, and more. We intend to continue expanding our technology and channel partnerships to deliver even more value to our customers and increase the strategic nature of our platform.
• Selectively pursue inorganic growth. We intend to selectively explore inorganic product and technology growth opportunities to build out our portfolio and strengthen our ecosystem advantage. We believe that the scale of our partner ecosystem provides additional visibility into what products would be most valuable to our customers.
Table of Contents
Customer Success
Our customer success team supports our customers through their entire lifecycle beginning with onboarding and extending to ongoing customer care, including product enablement and education around industry best practices. We invest in scalable and efficient onboarding solutions that offer a differentiated customer experience. We currently offer on-site, remote, and self-guided implementation options to our customers.
We offer multi-channel customer support 24 hours per day, 7 days a week, 365 days per year via chat or phone. We built our entire platform to be cloud-based, so our customer success team can provide seamless support remotely. Due to the all-in-one nature of our platform, we offer customers a single point of contact for any issues across their entire technology stack. We invest significantly in customer service and consider these investments to be a key competitive differentiator.
Sales and Marketing
The food and beverage industry is a local industry. Operators purchase everything from food and alcohol to equipment and table linens from individuals that they know and trust. Our sales and marketing motion is designed from the ground up to integrate into this dynamic by combining a high-volume marketing engine with a localized and consultative sales force.
We start with in-market sales teams that are deeply familiar with, and trusted by, the local community. This deep knowledge of the local food and beverage scene provides us with a competitive advantage. Our sales team consists of an acquisition team that is focused on new location growth and is organized by customer size (i.e., number of locations per customer), type, and geography. The acquisition team is complemented by a growth team that focuses on expansion into the install base.
To generate and capture demand we invest heavily in the primary discovery channels for restaurant and food and beverage retail operators. We combine our demand generation efforts with pricing and packaging that is designed to increase platform adoption and simplify the buying process for operators. This approach provides multiple entry points into the Toast platform ranging from a single terminal point of sale to a multi-product setup for a complex restaurant or food and beverage retail operation.
As Toast continues to grow, so does the importance of brand recognition and our investments into strengthening it. This brand recognition will help continue to drive growth in the restaurant and retail community and increase referrals.
Research and Development
Our product development strategy is grounded in deep customer understanding and focused on delivering reliable, scalable capabilities that address the critical operational workflows of restaurants and food and beverage retailers. Our development process incorporates insights from market and user research, strategic planning, and iterative financial analysis, but it is first and foremost driven by our customer obsession and our mission to empower the restaurant and food and beverage retail community to delight their guests, do what they love, and thrive. We believe this focus on solving real operational challenges for our customers is fundamental to building durable products and driving long-term platform value.
Our research and development teams operate on a full-stack development model, organized into cross-functional groups with end-to-end responsibility across product management, design, engineering, analytics, and data science. This structure enables teams to move quickly, make informed trade-offs, and deliver integrated solutions that align closely with customer needs. Our platform architecture provides shared services, common capabilities, and reusable components that allow product teams to build and scale new functionality efficiently while maintaining reliability, security, and consistency across the platform.
Our research and development personnel are distributed across North America, Europe, and Asia, enabling us to access global talent and support a growing and increasingly diverse customer base. Our teams include professionals with expertise across product management, user experience design, software engineering, data
Table of Contents
science, and quality assurance. This global footprint supports both the ongoing enhancement of our existing products and the development of new capabilities that extend the value of our platform over time.
Competition
The market is competitive and evolving rapidly. Our platform combines functionality from numerous product categories, and we therefore compete with a range of providers, including cloud-based point of sale platforms, legacy point of sale platform payments solutions, and point technology providers with products addressing specific front of house or back of house operations. We compete on the basis of a number of factors including:
• the ability to provide an all-in-one software and financial technology platform specifically designed to meet the existing and future technology needs of prospective customers, including comprehensive partner ecosystem integrations;
• product performance, flexibility, durability, ease of use, security, scalability, and reliability;
• brand recognition, reputation, and customer satisfaction;
• the availability and quality of support and other professional services, including the ability to onboard prospective customers in a timely and cost-efficient manner;
• the ability to operate and support all geographic markets specified by the prospective customer; and
• the ability to integrate systems seamlessly and at low costs to provide important data insights.
We believe that we compete favorably with respect to these factors. Furthermore, we expect that our industry will continue to attract new market entrants, including smaller emerging companies, which could introduce new offerings. We may also expand into new markets and encounter additional competitors in such markets.
For more information regarding the competitive risks we face, see “Risk Factors” included in Part I, Item 1A of this Annual Report on Form 10-K.
Seasonality
Information regarding seasonality is provided in this Annual Report on Form 10-K in Part II, Item 7, “Management’s Discussion and Analysis of Financial Condition and Results of Operations” under the heading “Seasonality.”
Human Capital
As of December 31, 2025, we had approximately 6,500 employees worldwide. We also engage consultants as needed to support our business and operations from time to time.
Core to our success is our passionate and diverse team of Toasters, led by a skilled and experienced leadership team with a proven track record of scaling leading platforms and organizations. Our Toast values guide our culture, and support a sense of belonging among Toasters. We have not experienced any work stoppages and consider our employee relations to be strong. We continue to maintain high employee engagement and satisfaction, as assessed by our annual internal culture and independent surveys.
Toast is committed to supporting employee safety and well-being. We offer competitive compensation and benefits that support our employees’ overall well-being, including healthcare, mental health support programs, and parental and family leave, as well as equity compensation, retirement savings, and company 401k match.
We believe that having a diverse and inclusive workforce is a strategic enabler to our business success. Our goal is to create a culture where all Toasters can thrive and our strategy is rooted in four key beliefs: great talent is everywhere; difference enables innovation; to reach our customers, we must understand them; and we want to be the best place to work for our Toasters.
Table of Contents
Corporate Social Responsibility
At Toast, we are committed to enriching the food experience for all and harnessing our people, products, and philanthropy to maximize our positive impact on the world.
Toast.org, our social impact arm, is focused on solving critical issues in the food ecosystem that impact communities and the planet. In furtherance of Toast’s values and these goals, we joined Pledge 1%, a global movement that encourages and empowers companies of all sizes and stages to donate 1% of their staff time, product, profit, and/or equity to the philanthropic pursuits of their choosing. As a part of this initiative, our Board reserved a total of 5.5 million Class A common shares, annual installments of which are transferred as bona fide gifts to a charitable organization to fund our social impact initiatives through Toast.org.
In 2025, Toast.org commitments focused on addressing hunger and food insecurity, and supporting the next generation of industry leaders through culinary training programs. We announced a $5 million, five-year commitment to address hunger and food insecurity globally, making grants to hunger-relief organizations as well as directly to U.S. restaurants fighting hunger in their local communities. Our support of culinary training programs expanded to include the provision of donated Toast systems for students to train on.
Environmental, Social, and Governance, or ESG, matters including diversity, social and climate-related matters, are guided by our corporate social responsibility executive committee and overseen by the Nominating and Corporate Governance Committee of our Board. We are committed to supporting efforts to minimize both our use of natural resources and waste production. Our environmental efforts span our operations, platform, and products — including our workplaces, the full life cycle of our hardware and how we can help our customers and their guests reduce their impacts.
Intellectual Property
We rely on a combination of patent, trade secret, copyright, and trademark laws, a variety of contractual arrangements, such as license agreements, assignment agreements, confidentiality and non-disclosure agreements, and confidentiality procedures and technical measures to gain rights to and protect the intellectual property used in our business.
We have also developed a patent program and a strategy to identify, apply for, and secure patents for innovative aspects of our platform and technology. As of December 31, 2025, we have 67 U.S. patent applications allowed/granted, and in addition we have 10 U.S. patent applications pending. Our issued patents are estimated to expire between 2034 and 2044. Such expiration dates may vary based on a variety of factors, including benefit claims, term adjustments, and/or extensions as well as the timely payment of maintenance fees. We intend to pursue additional patent protection to the extent we believe it would be beneficial and cost effective.
We have an ongoing trademark and service mark registration program pursuant to which we register our brand names and product names, taglines, and logos in the United States and other countries to the extent we determine appropriate and cost effective. We have multiple pending trademark applications and also have common law rights in some trademarks. In addition, we have registered domain names for websites that we use in our business, such as www.toasttab.com and other variations.
We intend to pursue additional intellectual property protection to the extent we believe it would be beneficial and cost effective. Despite our efforts to protect our intellectual property rights, they may not be respected in the future or may be invalidated, circumvented, or challenged. See the sections titled “Risk Factors,” including the section(s) titled “Risk Factors—Risks Related to Our Intellectual Property” for a description of the risks related to our intellectual property.
Table of Contents
Government Regulation
Various aspects of our business and service areas are subject to U.S. federal, state, and local regulation, as well as regulation outside the United States. As more fully described below, certain of our services also are, or may be in the future, subject to the laws, rules, and regulations that are related to acceptance of credit cards and debit cards, payments services (such as payment processing and settlement services), including laws concerning consumer financial protection, anti-money laundering and escheatment. From time to time, we may launch pilot programs or early-stage products, which may subject us to additional state or federal laws or regulations. We also are, or may be in the future, subject to rules promulgated and enforced by multiple authorities and governing bodies in the United States, including federal, state and local agencies, payment card networks and other authorities, and internationally. These descriptions are not exhaustive, and these laws, regulations, and rules frequently change and are increasing in number.
BSA and FinCEN Regulation
Certain of our payment technology solutions are or may become subject to anti-money laundering laws and regulations under the Bank Secrecy Act of 1970, as amended by the USA PATRIOT Act of 2001, or the BSA. The BSA requires certain financial institutions, including banks and money services business, or MSBs (such as money transmitters), to register with the Treasury Department’s Financial Crimes Enforcement Network, or FinCEN, as MSBs and to develop and implement risk-based anti-money laundering programs, report large cash transactions and suspicious activity, and maintain transaction records, among other things.
Our subsidiary, Toast Processing Services LLC, or TPS, is registered as an MSB with FinCEN in its capacity as a money transmitter. As an MSB, we are required to maintain a written anti-money laundering program, or AML Program, that meets the standards set forth in the FinCEN regulations implementing the BSA. In addition, our AML Program is designed to address and comply with the Money Laundering Control Act and other U.S. laws and regulations regarding anti-money laundering and countering the financing of terrorism, which we refer to as AML/CFT, and to control for the AML/CFT risks inherent to our business. The AML Program is also designed to prevent our platform from being used to facilitate business with certain individuals, entities, countries, and territories that are targets of economic or trade sanctions, including those imposed by the Treasury Department’s Office of Foreign Assets Control.
State Licensing Requirements
Certain of our payment technology solutions are or may become subject to state money transmitter or payroll processor laws and regulations. TPS is licensed as a money transmitter in most states in connection with certain payroll processing services we provide. Federal and state money transmitter laws and regulations impose a variety of requirements and restrictions on us, including anti-money laundering program requirements; record-keeping requirements; disclosure requirements; examination requirements; annual or biennial activity reporting and license renewal requirements; notification and approval requirements for changes in our officers, directors, stock ownership or corporate control; permissible investment requirements; capital or minimum net worth requirements; bonding; restrictions on marketing and advertising; qualified individual requirements; anti-money laundering and compliance program requirements; data security and privacy requirements; and review requirements for customer-facing documents.
Additionally, states impose a variety of licensing requirements on entities engaged in certain insurance related activities. Our subsidiary, Toast Insurance Services, Inc., has obtained certain insurance related licenses from all 50 states plus Washington, D.C. As a result, we are currently subject to a variety of, and may in the future become subject to additional or newly enacted, state insurance laws and regulations in various jurisdictions.
Table of Contents
Card Network and Nacha Rules
We rely on our relationships with financial institutions and third-party payment processors to access the payment card networks, such as Visa and Mastercard, which enable the acceptance of credit cards and debit cards by our customers, and our ability to explore and offer certain other products. We pay fees to such financial institutions and third-party payment processors for such services. We are required by these third-party payment processors to register with Visa, Mastercard, and other card networks and to comply with the rules and the requirements of these card networks’ self-regulatory organizations. The payment networks and their member financial institutions routinely update, generally expand, and modify requirements applicable to our customers, including rules regulating data integrity, third-party relationships, merchant chargeback standards and compliance with the Payment Card Industry Data Security Standard, or PCI DSS. PCI DSS is a set of requirements designed to ensure that all companies that process, store, or transmit payment card information maintain a secure environment to protect cardholder data. In addition, we pay interchange fees to the financial institutions and payment processors that process card payments. The amount of interchange fees we pay are subject to applicable laws and legal developments, including private litigation settlements between merchants and card networks. Changes in permissible interchange fee limits as a result of change in law or new legal developments may affect our results of operations.
We are also subject to the operating rules of Nacha, formerly the National Automated Clearing House Association. Nacha is a self-regulatory organization which administers and facilitates private-sector operating rules for ACH payments and defines the roles and responsibilities of financial institutions and other ACH network participants. The Nacha Rules and Operating Guidelines, which collectively are referred to as the Nacha Rules, impose obligations on us and our partner financial institutions, such as audit and oversight by the financial institutions and the imposition of mandatory corrective action, including termination, for serious violations.
State Loan Disclosure Requirements and Other Substantive Lending Regulations
Loans facilitated by Toast Capital are subject to state laws and regulations that impose requirements related to commercial loans, including loan disclosures and terms, credit discrimination, and credit reporting. State advertising, loan brokering, loan servicing, and debt collection laws may apply to the marketing and loan administration services we provide to our bank partner that makes the loans facilitated by Toast Capital. As state laws governing commercial lending continue to evolve, Toast Capital may now, or in the future, be required to make a regulatory filing or registration to provide commercial loan facilitation services in certain states.
FTC Act and Unfair and Deceptive Acts and Practices
Section 5 of the Federal Trade Commission Act, or FTC Act, prohibits unfair or deceptive acts or practices. The Federal Trade Commission, or FTC, enforces Section 5 of the FTC Act against non-banks and has a history of pursuing enforcement actions for alleged unfair or deceptive acts or practices in connection with the marketing or servicing of financial and other products and services that are marketed to consumers or small businesses. The FTC has jurisdiction over us and our business practices.
Payroll Card and On-Demand Pay Regulations
Together with our bank partner, we offer a payroll card, which allows the restaurant’s employees to receive wages, tips, and other compensation from their employers. These debit cards are subject to federal and state financial services laws, as well as the payment card network rules and Nacha Rules. The Durbin Amendment to the Dodd-Frank Act and its implementing regulation, Regulation II, limit the amount of interchange revenue that the bank partner may receive, and share with us, on transactions made using these cards.
Payroll cards are subject to additional consumer financial regulation under federal law and state law. For example, the Electronic Fund Transfer Act, and its implementing regulation, Regulation E, impose requirements on payroll cards, including requirements related to consumers’ rights and liabilities, treatment of funds on lost or stolen cards, error resolution and investigation, upfront fee disclosures, and access to account information. Additionally, state employment and payroll regulations impose regulations on the use of payroll cards to disburse wages and other compensation.
Further, Toast PayOut, a feature of the payroll card Toast offers, allows restaurant employees the ability to access a portion of their wages and tips prior to payday. While our PayOut product is structured as a
Table of Contents
commercial line of credit to the restaurants, proposals to adopt or change state and/or federal statutes or regulations or the issuance of agency guidance related thereto, may bring PayOut within the scope of on-demand pay services, which could affect PayOut’s operating environment in substantial and unpredictable ways. These proposals or issuances may impact our ability to offer PayOut in a particular jurisdiction, or at all.
Stored Value Services
Stored value cards, gift cards and electronic gift certificates may trigger various federal and state laws and regulations. The customers who utilize our gift card processing products and services may be subject to these laws and regulations, which may include the Credit Card Accountability Responsibility and Disclosure Act of 2009.
Communications Regulation
We send texts, emails, and other communications to our customers in a variety of contexts. We also provide services that allow our customers to send emails, texts, and other communications to their guests, for example, when providing digital receipts and marketing. Communications laws and regulations, including those promulgated by the Federal Communications Commission, apply to certain aspects of this activity in the United States and elsewhere.
Privacy and Consumer Information Security
In the ordinary course of our business, we access, collect, store, use, transmit and otherwise process certain types of data, including personal information, which subjects us to numerous federal and state privacy and information security laws, rules, industry standards and regulations designed to regulate consumer information and data privacy, security and protection, and mitigate identity theft. These laws, some of which are discussed below, impose obligations with respect to the collection, processing, storage, disposal, use, transfer, retention and disclosure of personal information, and, with limited exceptions, give consumers the right to restrict the use of their personal information and the disclosure of it to third parties. Such laws and regulations have been rapidly evolving in recent years with regulators signaling an increased focus on their application and enforcement. Our ongoing efforts to comply with them are likely to have a significant impact on our business and present an increased risk to our business in the event of any actual or perceived noncompliance.
Under certain U.S. federal laws, including, for example, the Gramm-Leach-Bliley Act, or GLBA, and Regulation P promulgated thereunder, we must disclose our privacy policy and practices, including those policies relating to the sharing of nonpublic personal information with third parties. The GLBA may restrict the purposes for which we may use personal information obtained from consumers and third parties. We may also be required to provide consumers the ability to opt-out from certain sharing of their personal information.
U.S. state consumer privacy laws, including the California Consumer Privacy Act, or the CCPA, as amended by the California Privacy Rights Act, has directly impacted our business operations in that it has created data use, sharing and transparency requirements and provides California residents certain rights concerning their personal information, such as access, correction, deletion and opt out of selling or sharing such data. In addition to the CCPA, numerous other states have enacted similar consumer privacy laws. We expect the number of states with such laws to continue to grow over time. While personal information that we process that is subject to the GLBA is exempt from the CCPA and many of these other state laws, the CCPA and these additional state laws will regulate other personal information that we collect and process and impose new consumer rights and limitations around personal information. Legislators and regulators at the state and federal level are continuing to propose new requirements, including layering requirements related to AI over existing privacy regulations, that may, if passed, deviate from or exceed the requirements of the laws and regulations that already apply to our business.
Additionally, as we grow our business internationally, we are subject to the European Union General Data Protection Regulation, or the EU GDPR, and the EU GDPR in such form as incorporated into the laws of the United Kingdom, collectively with EU GDPR, referred to as GDPR, to the extent it regulates the processing of personal information of individuals in these jurisdictions. The GDPR is wide-ranging in scope and imposes numerous requirements, including requirements relating to having legal bases and/or conditions for processing personal information, providing details to those, security measures, having data processing agreements with third parties, responding to individuals’ requests to exercise their rights, reporting security breaches involving
Table of Contents
personal information to the competent authorities and affected individuals, ensuring certain accountability measures are in place and record keeping. We may also be subject to Canada’s Personal Information Protection and Electronic Documents Act along with provincial legislation similarly impacting our operations on account of requirements related to collecting, processing and cross-border transfers of personal information. Similarly, we may become subject to the privacy and security laws of other jurisdictions as we continue to expand our international operations, and these laws may have impacts on our business similar to those already set out above.
Channels for Disclosure of Information
Our Annual Report on Form 10-K, quarterly reports on Form 10-Q, current reports on Form 8-K, and amendments to those reports, filed or furnished pursuant to Sections 13(a) or 15(d) of the Securities Exchange Act of 1934, as amended, are available, free of charge, on our website as soon as reasonably practicable after such reports are electronically filed with, or furnished to, the Securities and Exchange Commission, or the SEC. These reports may be accessed through our website’s investor relations page at investors.toasttab.com. Further, the SEC’s website, www.sec.gov, contains reports and other information regarding our filings.
Investors, the media, and others should note that we announce material information to the public through filings with the SEC, the investor relations page on our website, press releases and public conference calls and webcasts. The information disclosed by the foregoing channels could be deemed to be material information. As such, we encourage investors, the media, and others to follow the channels listed above and to review the information disclosed through such channels. Any updates to the list of disclosure channels through which we will announce information will be posted on the investor relations page on our website.
Corporate Information
We were incorporated under the laws of Delaware in December 2011 under the name Opti Systems, Inc. We changed our name to Toast, Inc. in May 2012. Our principal executive offices are located at 333 Summer Street, Boston, Massachusetts 02210 and our telephone number is (617) 297-1005. Our website address is www.toasttab.com. We do not incorporate the information on or accessible through our website into this Annual Report on Form 10-K, and you should not consider any information on, or that can be accessed through, our website to be part of this Annual Report on Form 10-K. We have included our website address in this Annual Report on Form 10-K solely as an inactive textual reference.
“Toast,” our logo, and our other registered or common law trademarks, service marks, or trade names appearing in this Annual Report on Form 10-K are the property of Toast, Inc. Other trademarks and trade names referred to in this Annual Report on Form 10-K are the property of their respective owners.
Table of Contents
Item 1A. Risk Factors
A description of the risks and uncertainties associated with our business is set forth below. You should carefully consider the risks and uncertainties described below, together with all of the other information in this Annual Report on Form 10-K, including Part II, Item 7, “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our financial statements and related notes appearing elsewhere in this Annual Report on Form 10-K. Additional risks and uncertainties that we are unaware of, or that we currently believe are not material, may also become important factors that adversely affect our business. If any of the risks actually occur, our business, financial condition, results of operations, and prospects could be materially and adversely affected. In that event, the trading price of our Class A common stock could decline.
Risks Related to Our Business and Business Development
If we fail to manage our growth effectively and efficiently, we may be unable to execute our business plan, maintain high levels of service and customer satisfaction, or adequately address competitive challenges.
We have experienced significant growth in recent periods and anticipate our operations will continue to expand. To manage our current and anticipated future growth effectively, we must continue to maintain, enhance and scale our finance and accounting systems and controls, as well as our information technology, or IT, and security infrastructure, including with respect to internal information sharing and interconnectivity between various systems within our infrastructure and other business systems. Failure to maintain and improve our technologies may hinder our growth potential and adversely impact our operations and overall financial performance.
To support our growth, we expect to continue to invest in sales and marketing activities as well as research and development to increase our brand awareness, attract and retain customers, increase the functionality of our platform, introduce additional related products and services, and to expand to new verticals and geographies. A significant portion of such investments will precede the benefits, and we cannot be sure that we will receive an adequate return on our investments. Failure to manage growth effectively could lead us to over-invest or under-invest in development and operations, resulting in weaknesses in our infrastructure, systems, or controls, giving rise to operational mistakes, financial losses, loss of productivity or business opportunities, reduce customer satisfaction, limit our ability to respond to competitive pressures, and could result in loss of employees and reduced productivity of remaining employees. In addition, our expenses may increase more than expected, our revenue may not increase or may grow more slowly than expected, and we may be to implement our business strategy.
If we do not attract new customers, retain existing customers, and increase our customers’ use of our platform, our business will suffer.
We derive, and expect to continue to derive, a majority of our revenue and cash inflows from our integrated cloud-based platform, which encompasses software, financial technology, and hardware components. As such, our ability to attract new customers, retain existing customers, and increase use of the platform by our customers is critical to our success.
Our future revenue will depend in large part on our success in attracting additional customers to our platform. Our ability to attract additional customers will depend on a number of factors, including the effectiveness of our sales team, the success of our marketing efforts, our levels of investment in expanding our sales and marketing teams, referrals by existing customers, and the availability of competitive restaurant technology platforms. We may not experience the same levels of success with respect to our customer acquisition strategies as seen in prior periods, and if the costs associated with acquiring new customers materially rise in the future, our expenses may rise significantly.
Table of Contents
In addition, while a majority of our current customer base consists of small- and medium-sized businesses, or SMBs, we continue to pursue customer growth within the enterprise and mid-market segments of the restaurant market, as well as among SMBs. We have also expanded into new verticals such as food and beverage retail and may continue to explore other opportunities. Each of those sub-markets poses different sales and marketing challenges, product-market fits, and has different requirements, and we cannot be sure that we will achieve the same success in those market segments as we have achieved to date. The long-term potential of our business may be adversely affected if we are unable to expand our business successfully into these sub-markets.
Our business also depends on retaining our existing customers. Our business is primarily subscription-based, and contract terms for our SaaS products generally range from 12 to 36 months. Customers are not obligated to, and may not, renew their subscriptions after their existing subscriptions expire. As a result, even though the number of customers using our platform has grown steadily in recent years, there can be no assurance that we will be able to retain these customers or any new customers that may enter into subscriptions. Renewals of subscriptions may decline or fluctuate as a result of a number of factors, including the level of satisfaction with our platform or support; the perception that a competitive platform, product or service presents a better or less expensive option; changes in our customers’ spending levels; changes in consumer behavior; or our failure to successfully deploy sales and marketing efforts towards existing customers as they approach the expiration of their subscription term. In addition, we may terminate our relationships with customers for various reasons, such as heightened credit risk, excessive card chargebacks, business practices, or contract .
Further, if customers on our platform were to cease operations, temporarily or permanently, or face financial distress or other business disruption, our ability to retain customers would suffer. This risk is particularly pronounced with restaurants, as each year a meaningful percentage of restaurants go out of business, and can be impacted by inflation and interest rate changes, policy changes and other global financial, economic, political, and health events.
In addition to attracting new customers and retaining existing customers, we seek to expand usage of our platform by broadening adoption of the various products included within our platform. Although we have seen the average number of modules adopted by our customers increase in recent periods, we cannot be certain that such trend will continue. Further, while many of our customers deploy our platform to all of their locations, some of our customers initially deploy our platform to a subset of locations. We also accommodate select enterprise customers by entering into certain arrangements that do not contain a minimum location commitment. For those customers, we seek to expand use of our platform to additional locations over time. Our ability to increase adoption of our products by our customers and to increase penetration of our existing customers’ locations will depend on a number of factors, including our customers’ satisfaction with our platform, competition, pricing, and our ability to demonstrate the value proposition of our products.
Our costs associated with renewals and generating sales of additional products to existing customers are substantially lower than our costs associated with entering into subscriptions with new customers. Accordingly, our business model relies to a significant extent on our ability to renew subscriptions and sell additional products to existing customers, and, if we are unable to retain revenue from existing customers or to increase revenue from existing customers, our operating results would be adversely impacted even if such lost revenue were offset by an increase in revenue from new customers.
We may not be able to sustain our recent revenue growth in future periods.
We have grown steadily over the last several years. For example, in the fiscal years ended December 31, 2025 and 2024, our revenue was $6,153 million and $4,960 million, respectively, representing a 24% growth rate. You should not rely on our revenue or key business metrics for any previous quarterly or annual period as indicative of our revenue, revenue growth, key business metrics, or key business metrics growth in future periods. In particular, our revenue growth rate has fluctuated in prior periods. We expect our revenue growth rate to continue to fluctuate over the short and long term. We may experience declines in our revenue growth rate as a result of a number of factors, including slowing demand for our platform, insufficient growth in the number of customers and their guests that utilize our platform, increasing competition, changing customer and guest behaviors, a decrease in the growth of our overall market, our failure to continue to capitalize on growth
Table of Contents
opportunities, the impact of regulatory requirements, the maturation of our business, and macroeconomic conditions, among others.
We have a limited operating history in an evolving industry at our current scale, which makes it difficult to evaluate our future prospects and may increase the risk that we will not be successful.
We launched our operations in 2013, have grown significantly in recent periods, and have a limited operating history, particularly at our current scale. In addition, we operate in an evolving industry and have frequently expanded our platform features and services and, from time to time, have changed our pricing methodologies. This limited operating history and our evolving business make it difficult to evaluate our future prospects and the risks and challenges we may encounter. These risks and challenges include, but are not limited to, our ability to:
• accurately forecast our revenue and plan our operating expenses;
• increase the number of and retain existing customers and their guests using our platform;
• successfully compete with current and future competitors;
• successfully expand our business in existing markets and enter new markets and geographies;
• anticipate and respond to macroeconomic changes and changes in the markets in which we operate;
• maintain and enhance the value of our reputation and brand;
• comply with regulatory requirements in highly regulated markets;
• adapt to rapidly evolving trends in the ways customers and their guests interact with technology;
• avoid interruptions or disruptions in our service, including prevention of cyber-attacks or otherwise;
• develop a scalable, high-performance technology infrastructure that can efficiently and reliably handle significant surges of usage by our customers and their guests as compared to historic levels and increased usage generally, as well as the deployment of new features and services;
• maintain, scale, and effectively manage our internal infrastructure systems, such as information strategy and sharing and interconnectivity between systems;
• hire, integrate, and retain talented technology, sales, customer service, and other personnel;
• effectively manage rapid growth in our personnel and operations; and
• effectively manage our costs.
Further, because we have limited historical financial data relevant to our current scale and operations and operate in a rapidly evolving market, any predictions about our future revenue and expenses may not be as accurate as they would be if we had a longer operating history or operated in a more predictable market. We have encountered in the past, and will encounter in the future, risks and uncertainties frequently experienced by growing companies with limited operating histories in rapidly changing industries. If our assumptions regarding these risks and uncertainties, which we use to plan and operate our business, are incorrect or change, or if we do not address these risks successfully, our results of operations could differ materially from our expectations and our business, financial condition, and results of operations could be adversely affected.
Table of Contents
Our platform includes our payment services, and our ability to attract new customers and retain existing customers depends in part on our ability to offer payment processing services with the desired functionality at an attractive price.
We generally sell subscriptions to our platform together with our payment services. Except for a small subset of our customers, businesses are unable to subscribe to our platform without also subscribing to our payment services. While we believe that offering a complete all-in-one platform that includes payment processing functionality along with all the other functionality of our platform offers our customers significant advantages over separate point of sale solutions, some potential or existing customers may not desire to use our payment processing services or to switch from their existing payment processing vendors. Some of our potential customers for our platform may not be willing to switch payment processing vendors for a variety of reasons, such as transition costs, business disruption, and loss of accustomed functionality. There can be no assurance that our efforts to overcome these factors will be successful, and this resistance may adversely affect our growth.
The attractiveness of our payment processing services also depends on our ability to integrate emerging payment technologies, including crypto currencies, other emerging or alternative payment methods, and credit card systems that we or our processing partners may not adequately support or for which we or they do not provide adequate processing rates. In the event such methods become popular among consumers, any failure to timely integrate emerging payment methods into our software, anticipate consumer behavior changes, or contract with processing partners that support such emerging payment technologies could reduce the attractiveness of our payment processing services and of our platform, and adversely affect our operating results.
Our operating results depend in significant part on our payment processing services, and the revenue and gross profit we derive from our payment processing activity in a particular period can vary due to a variety of factors.
Even if we succeed in increasing subscriptions to our platform and retaining subscription customers, the revenue we derive from payment processing services may vary from period to period depending on a variety of factors, many of which are beyond our control and difficult to predict. Our revenue from payment processing services is generally calculated as a percentage of payment volume plus a per-transaction fee and, accordingly, varies depending on the total dollar amount processed through the Toast platform. This amount may vary, depending on, among other things, the success of our customers’ businesses, the proportion of our customers’ payment volumes processed through our platform, ticket size, consumer spending levels in general, and overall economic conditions. In addition, the revenue and gross profit derived from our payment processing services varies depending on the particular type of payment processed on our platform. For example, card-not-present transactions, which are transactions for which the credit card is not physically present at the merchant location at the time of the transaction, are generally associated with higher payment processing revenue and gross profit compared to card-present transactions, and debit card transactions are generally also associated with higher gross profit compared to credit card transactions. The ratio of card-not-present and debit card transactions as a proportion of the total payment transactions processed through our platform can fluctuate from time to time and may be impacted by global events, to corresponding fluctuations in our revenue and gross profit.
A majority of our customers are SMBs, which can be more difficult and costly to retain than enterprise customers and are subject to increased impacts of economic fluctuations, which may adversely affect our business and operations.
A majority of our customers are SMBs and we expect they will continue to comprise a large portion of our customer base for the foreseeable future. Selling to and retaining SMBs can be more difficult than retaining enterprise customers, as SMBs often have higher rates of business failure and more limited resources, may have decisions related to the choice of payment processor dictated by their affiliated parent entity and are more readily able to change their payment processors than larger organizations.
Table of Contents
SMBs are also typically more susceptible to the adverse effects of policy changes and macroeconomic conditions including those caused by fluctuating inflation levels and interest rates. Adverse changes in the economic environment or business failures of our SMB customers may have a greater impact on us than on our competitors who do not focus on SMBs to the extent that we do. If the demand for restaurant management platforms by SMBs does not continue to grow, or if we are unable to maintain our market share with SMBs, our revenue and other growth rates could be adversely affected.
We rely in part on revenue from subscription contracts, and because we recognize revenue from subscription contracts over the term of the relevant subscription period, downturns or upturns in sales are not immediately reflected in full in our results of operations.
Subscription services revenue accounts for a significant portion of our total revenue. If our sales of new or renewal subscription contracts decline, our revenue and revenue growth may decline. We recognize subscription revenue ratably over the term of the relevant subscription period, which generally ranges from 12 to 36 months in duration. As a result, much of the subscription revenue we report each quarter is derived from subscription contracts that we sold in prior periods.
Consequently, a decline in new or renewed subscription contracts in any one quarter will not be fully reflected in revenue in that quarter, but will negatively affect our revenue in future quarters. Accordingly, the effect of significant downturns in new or renewal sales of our subscriptions is not reflected in full in our results of operations in a given period. Also, it is difficult for us to rapidly increase our subscription revenue through additional sales in any period, as revenue from new and renewal subscription contracts must be recognized ratably over the applicable subscription period. Furthermore, any increases in the average term of subscription contracts would result in revenue for those subscription contracts being recognized over longer periods of time.
Our future revenue will depend in part on our ability to expand the financial technology services we offer to our customers and increase adoption of those services.
We offer our customers a variety of financial technology products and services, and we intend to make available additional financial technology products and services to our customers in the future. A number of these services require that we enter into arrangements with financial institutions or other third parties. For example, one of our bank partners, which is a Utah-chartered and Federal Deposit Insurance Corporation, or the FDIC,-insured industrial bank, offers qualified customers working capital loans, which we service. In order to provide these and future financial technology products and services, we may need to establish additional partnerships with third parties, comply with a variety of regulatory requirements, and introduce internal processes and procedures to comply with applicable law and the requirements of our partners, all of which may involve significant cost, require substantial management attention, and expose us to new business and compliance risks. We cannot be sure that our current or future financial technology services will be widely adopted by our customers or that the revenue we derive from such services will justify our investments in developing and introducing these services.
We do not have sufficient history with our subscription or pricing models to accurately predict optimal pricing strategies necessary to attract new customers and retain existing customers.
As we optimize our subscription pricing and packaging models, we may not accurately predict or achieve the optimal pricing and packaging model at all times, which could lead to reduced profitability or market share. Changes to our pricing and packaging model may also lead to reputational damage, competitive harm, regulatory scrutiny, and potential legal liabilities, which could adversely affect our business and results of operations. Furthermore, as the market for our platform matures, or as competitors introduce new products or services that compete with ours, or change their pricing strategy, we may be unable to attract new customers at the same price or based on the same pricing and packaging models that we have used historically.
Moreover, while U.S. SMBs continue to comprise the majority of our customer base, we have and will continue to seek growth from enterprise customers and customers in other early expansion markets, which may be more likely to demand price concessions or request customized features and packaging. As a result, we may be required to adjust our prices and product offerings for certain customers, which could adversely affect our revenue, gross margin, profitability, financial position, and cash flow.
Table of Contents
We are subject to risks associated with certain financial products we offer and our handling of customer funds, including counterparty risk with key partners, the ability of our customers to pay their obligations, and the risk of fraud.
Our business offers various products and features to digitize financial operations for our customers, including payment processing, access to capital, and payment execution. Current and future financial products offered by Toast, its subsidiaries and affiliates, or through our bank partners, subject us to risks. If we cannot source capital or partner with financial institutions to fund financial solutions for our customers, we might have to reduce the availability of these services, or cease offering them altogether. For example, Toast Capital’s bank partner offers qualified Toast customers working capital loans in accordance with credit policies established by our bank partner. Toast Capital markets the loans and acts as servicer of the loans and receives a servicing fee based on the outstanding balance of loans being serviced as well as a fee that varies depending on the credit performance of the loans extended under the program. We do not currently have partnerships with other financial institutions for such loans and are reliant on our bank partner to support this program. If our bank partner were to terminate its relationship with us, it would be difficult for us to continue making working capital loans available to our customers without disruption, at least in the short-term, until we are able to enter into a relationship with another financial institution to offer similar loans. In addition, our bank partner may not expand its lending under this program to support future demand for such loans from our customers. There can be no assurance that we would be to enter into a similar relationship with another financial institution to make working capital loans available to our customers on terms our customers would find , or at all.
Our agreement with our bank partner that originates loans requires us to, on a monthly basis, purchase loans made in a particular quarter that have been (or are scheduled to be) charged off, are otherwise non-performing, or do not satisfy our bank partner’s credit policy, unless such purchase would cause the principal amount of such purchased loans to exceed 15% of the original principal amount of loans made in the applicable quarter. As a result of our purchase obligations under this agreement, our servicing fees and credit performance fees, and any performing loans that we may otherwise elect to purchase from our bank partner on a forward flow basis, we are subject to credit risk on the loans extended by our bank partner under this program and potential loss of fees that we earn on loans in repayment. Accordingly, if our models fail to accurately predict the likelihood of default or timely repayment of loans, our business may be materially and adversely affected. For example, if our customers undergo labor disruption or shortage, experience revenue decline, engage in behaviors, operations, or otherwise to repay their loans, our business may be materially and affected. Macroeconomic could also increase the risk of non-payment or and lead to a decrease in the number of customers eligible for loans or financing.
In addition, although our bank partners perform the regulated financial services for our customers, we are subject to numerous contractual and regulatory requirements in connection with our marketing and servicing activities in connection with these services. If we were to fail to comply with these requirements, we could be subject to liability, regulatory sanctions, or claims by our customers or our bank partners, and our bank partners could terminate their relationship with us. We intend to continue to explore additional financial or other solutions to offer to our customers. Some of those solutions may require, or be deemed to require, additional procedures, partnerships, licenses, regulatory approvals and requirements, or capabilities. Should we fail to address these requirements, or should these new solutions, or new regulations or interpretations of existing regulations, impose requirements on us that are impractical or that we cannot satisfy, the future growth and success of our financial business may be materially and adversely affected.
Table of Contents
Our business also handles payroll processing administration for a number of our customers. Consequently, at any given time, we may be disbursing funds on behalf of customers, or holding or directing funds of customers, while payroll payments are being processed. Given the handling of customer funds and the large volume of different financial transactions we manage, we are a target for parties who seek to commit acts of financial fraud using stolen identities and bank accounts, compromised business email accounts, employee or insider fraud, account takeover, false applications, check fraud, wire fraud, and stolen cards or card account numbers. The techniques used to perpetrate fraud on our platform are continually evolving, and we expend considerable resources to continue to monitor and combat them. As we continue our operations or introduce new products and features, we have and may in the future suffer losses from acts of financial committed by our customers and their guests or employees, our employees, or third parties. In addition, our customers may from acts of financial by third parties as us through account takeover, credential harvesting, use of identities, and various other techniques, which could our reputation, prompt us to reimburse our customers for such in order to maintain customer relationships, or us to civil and liabilities. Finally, if our partners or the financial institution in which we hold these funds any kind of or liquidity event, to have adequate controls or to deliver their services in a timely manner, we may at times experience with limited ability to recoup or to directly relevant controls. If we are to effectively manage the risks of offering financial solutions including payroll services, our business, financial condition, and results of operations would be impacted. Macroeconomic factors such as changes in interest rates may also increase our costs in servicing certain financial solutions or other products.
Any failure to offer high-quality customer support may adversely affect our relationships with our customers and could adversely affect our business, financial condition, and results of operations.
In deploying and using our platform, our customers depend on our 24/7 support team to resolve complex technical and operational issues, including ensuring that our platform is implemented in a manner that integrates with a variety of third-party platforms. We also rely on third parties to provide some support services, and our ability to provide effective support is partially dependent on our ability to attract and retain qualified and capable third-party service providers. As we continue to grow our business and improve our offerings, we may face challenges related to providing high-quality support services at scale. We may be unable to respond quickly enough to accommodate short-term increases in demand for customer support or to modify the nature, scope, and delivery of our customer support to compete with changes in customer support services provided by our competitors. Increased demand for customer support, without corresponding revenue, could increase costs and adversely affect our operating results. Our sales are highly dependent on our business reputation and on positive recommendations from our existing customers. Any failure to maintain high-quality customer support, or a market perception that we do not maintain high-quality customer support, could affect our reputation and brand, our ability to from referrals by existing customers, our ability to sell our platform to existing and prospective customers, and our business, financial condition, or results of operations.
The long-term potential of our business may be adversely affected if we are unable to expand our business successfully into international markets.
Although the majority of our revenue is derived from customers located in the United States, the long-term potential of our business will depend in part on our ability to expand our business into international markets. However, we have limited experience with international customers and in selling our platform internationally. Accordingly, we cannot be certain that our business model will be successful, or that our platform will achieve commercial acceptance, outside the United States.
Conducting international operations subjects us to risks that we have not generally faced in the United States, including but not limited to:
• managing geographically separate organizations, systems, and facilities;
• challenges caused by language and cultural differences;
• difficulties in staffing and managing foreign operations, including employment laws and regulations;
• presence of more established competitors and/or local competitors favored by local business practices;
Table of Contents
• compliance challenges related to the complexity of multiple, conflicting, and changing governmental laws and regulations, including data privacy, employment, tax, anti-money laundering, and anti-bribery laws and regulations and sanction regimes, including but not limited to, additional exposure to GDPR, rules and programs administered by the Treasury Department’s Office of Foreign Assets Control, or OFAC, domestic and international anti-corruption laws, such as the U.S. Foreign Corrupt Practices Act, or FCPA, and the U.K. Bribery Act, as well as other similar anti-bribery and anti-kickback laws and regulations;
• different pricing environments, sales cycles, and collections issues;
• financial and other impacts to our business resulting from fluctuations in currency exchange rates and unit economics across multiple jurisdictions, including the possibility of use of hedging arrangements to reduce potential foreign currency exchange exposure;
• increased financial accounting and other reporting burdens and complexities, including rapidly changing requirements with respect to corporate sustainability reporting;
• enforcing intellectual property rights outside of the United States;
• difficulty entering new non-U.S. markets due to, among other things, difficulties in achieving consumer acceptance of our platform in new markets and more limited business knowledge of these markets; and
• general economic and political conditions.
Expanding our business internationally requires significant additional investment in our platform, operations, infrastructure, compliance efforts, and sales and marketing organization, and any such investments may not be successful or generate an adequate return on our investment.
We depend on the experience and expertise of our management team and qualified personnel. Our ability to recruit, retain, and develop talent is critical to our success and growth .
Our business functions at the intersection of rapidly changing technological, social, economic, and regulatory environments that require a wide range of expertise and intellectual capital. Our success depends on the continued service of our management team and qualified personnel.
For us to successfully compete and grow, we must recruit, retain, and develop personnel who can provide the necessary expertise across a broad spectrum of disciplines. In addition, we must develop, maintain and, as necessary, implement appropriate succession plans to ensure we have the necessary human resources capable of maintaining continuity in our business. The loss of management team members and other qualified personnel may significantly delay or prevent the achievement of our business objectives and could harm our business and our customer relationships. Changes in our work environment and workforce, including those arising from any restructuring actions or hybrid work policies, may create operational and workplace culture challenges, which could negatively impact our ability to increase employee productivity or attract and retain our employees and could adversely affect our operations.
The market for qualified personnel is competitive, and we may not succeed in recruiting additional personnel or may fail to effectively replace current personnel who depart with qualified or effective successors. Our efforts to retain and develop personnel may also result in significant additional expenses, which could adversely affect our profitability. In addition, job candidates and existing employees often consider the value of the equity awards they receive in connection with their employment, which has been and could be subject to fluctuations from time to time. If the perceived value of our equity awards declines, it may adversely affect our ability to attract and retain highly qualified employees.
Table of Contents
We are also substantially dependent on our direct sales force to obtain new customers and increase sales to existing customers. There is significant competition for sales personnel with the skills and technical knowledge that we require. Our ability to achieve significant revenue growth will depend, in large part, on our success in recruiting, training, and retaining a sufficient number of sales personnel to support our growth. If we are unable to hire, train, and retain a sufficient number of qualified and successful sales personnel, our business, financial condition, and results of operations could be harmed.
From time to time, we are subject to various legal proceedings that could adversely affect our business, financial condition, or results of operations.
From time to time, we are or may become involved in claims, lawsuits (whether class actions or individual lawsuits), arbitration proceedings, government investigations, and other legal or regulatory proceedings involving commercial, corporate and securities matters; privacy, marketing and communications practices; labor and employment matters; alleged infringement of third-party patents and other intellectual property rights; and other matters. The results of any such claims, lawsuits, arbitration proceedings, government investigations, or other legal or regulatory proceedings cannot be predicted with any degree of certainty. Any claims against us, whether meritorious or not, could be time-consuming, result in costly litigation, require significant management attention, and divert significant resources. Determining reserves for our pending litigation is a complex and fact-intensive process that requires significant subjective judgment and speculation. It is possible that a resolution of one or more such proceedings could result in substantial , settlement costs, , and . These proceedings could also result in to our reputation and brand, sanctions, consent decrees, , or other orders requiring a change in our business practices. Any of these consequences could affect our business, financial condition, and results of operations. Further, under certain circumstances, we have contractual and other legal obligations to indemnify and to incur legal expenses on behalf of our business, customers, and commercial partners and current and former directors and officers. In addition, certain or the resolution of certain may affect the availability or cost of some of our insurance coverage, which could impact our results of operations and cash flows, us to increased risks that would be , and impact our ability to attract directors and officers.
Notwithstanding the terms of our agreements with our customers, it is possible that one or more of our customers could breach their obligations, which in the aggregate, could adversely affect our business, financial condition, or results of operations. For example, if a customer defaults on its obligations under a customer agreement or terminates a customer agreement prior to the contractual termination date, we may be required to assert a claim to acquire the amount in full due under the customer agreement, which we may choose not to pursue. However, if we choose to pursue any such claim, we may incur substantial costs to resolve claims or enter into litigation or arbitration, and even if we were to prevail in the event of claims, litigation or arbitration, such claims, litigation, or arbitration could be costly and time-consuming and the attention of our management and other employees from our business operations.
We also include arbitration and class action waiver provisions in our terms of service with the customers that utilize our platform and certain agreements with our employees. These provisions are intended to streamline the litigation process for all parties involved, as they can in some cases be faster and less costly than litigating disputes in state or federal court. However, arbitration can nevertheless be costly and burdensome, and the use of arbitration and class action waiver provisions subjects us to certain risks to our reputation and brand, as these provisions have been the subject of increasing public scrutiny. In order to minimize these risks to our reputation and brand, we may limit our use of arbitration and class action waiver provisions, or we may be required to do so in any particular legal or regulatory proceeding, either of which could cause an increase in our litigation costs and exposure. Additionally, we permit certain customers and other users of our platform to opt out of such provisions, which could cause an increase in our litigation costs and exposure.
Further, with the potential for conflicting rules regarding the scope and enforceability of arbitration and class action waivers on a state-by-state basis, as well as between state and federal law, there is a risk that some or all of our arbitration and class action waiver provisions could be subject to challenge or may need to be revised to exempt certain categories of protection. If these provisions were found to be unenforceable, in whole or in part, or specific claims are required to be exempted, we could experience an increase in our costs to litigate disputes and in the time involved in resolving such disputes, and we could face increased exposure to potentially costly lawsuits, each of which could adversely affect our business, financial condition, and results of operations.
Table of Contents
We have closed multiple acquisitions and may acquire or invest in other companies or technologies in the future, which could divert management’s attention, fail to meet our expectations, result in additional dilution to our stockholders, increase expenses, disrupt our operations, or harm our operating results.
We have closed multiple acquisitions and investments and may in the future acquire or invest in other businesses, products, or technologies that we believe could complement or expand our platform, enhance our technical capabilities, or otherwise offer growth opportunities. We may not be able to fully realize the anticipated benefits of our past or future acquisitions.
We cannot forecast the number, timing or size of any future acquisitions or other similar strategic transactions. We may not be able to successfully identify future acquisition opportunities or complete any such acquisitions if we cannot reach agreement on commercially favorable terms, if we lack sufficient resources to finance the transaction on our own and cannot obtain financing at a reasonable cost, or if regulatory authorities prevent such transactions from being completed. In addition, the pursuit of potential acquisitions may divert the attention of management and cause us to incur various expenses related to identifying, investigating, and pursuing suitable acquisitions, whether or not they are consummated. Further, we may have to pay cash, incur debt, or issue securities, including equity-based securities, to pay for acquisitions, joint ventures, or strategic investments, each of which could affect our financial condition or the value of our capital stock or result in dilution to our existing stockholders.
There are inherent risks in integrating and managing acquisitions. When we acquire additional businesses, we may not be able to assimilate or integrate the acquired personnel, operations, and technologies successfully or effectively manage the combined business following the acquisition. We also may not achieve the anticipated benefits from the acquired business due to a number of factors, including but not limited to: unanticipated costs associated with the acquisition, including but not limited to, integration and compliance costs; the inability to generate sufficient revenue to offset acquisition costs; the inability to maintain relationships with customers and partners of the acquired business; the difficulty of incorporating acquired technology into our platform and of maintaining quality and security standards consistent with our brand; harm to our existing business relationships as a result of the acquisition; and the potential loss of key employees. Acquisitions also increase the risk of unforeseen legal liability arising from prior or ongoing acts or by the acquired businesses which are not discovered by due diligence during the acquisition process or that prove to have a than anticipated impact. We have previously acquired and continue to evaluate companies that operate in highly regulated markets. There is no assurance that acquired businesses will have invested sufficient efforts in their own regulatory compliance, and we may need to invest in and seek to the regulatory compliance controls and systems of such businesses. Generally, if an acquired business to meet our expectations, or if we are to establish regulatory compliance controls with respect to an acquired business, our operating results, business, and financial condition may .
In addition, we have previously acquired and may in the future pursue acquisitions of companies with extensive operations outside the United States. These types of acquisitions often involve additional or increased risks compared to acquisitions of operations within the United States.
The diversion of management’s attention and any delays or difficulties encountered in connection with acquisitions and their integration could adversely affect our business, financial condition, or results of operations.
Risks Related to Our Technology and Privacy
We use AI in our platform and product offerings, and our success is dependent upon our ability to leverage data, develop competitive products, and manage related risks.
We utilize AI solutions both for internal productivity purposes and in products and services available to our customers. We also work with partners who have incorporated or may incorporate AI solutions in their products and services. While AI and machine learning present opportunities for enhanced productivity, AI also introduces cybersecurity, data privacy, IT, intellectual property, regulatory, legal, operational, competitive, reputational and other risks that could adversely impact our business. For example, if the content, recommendations or analyses
Table of Contents
that AI applications assist in producing, are or are alleged to be deficient or inaccurate, or if the data used to train these applications are or are alleged to be deficient or inaccurate or legally impermissible to train on, we could be subject to competitive risks, potential legal liability, and reputational harm. Furthermore, the integration of third-party AI models, including Large Language Models, within our products and services may rely, in part, on certain safeguards implemented by the third-party developers of the underlying AI models, including those related to the accuracy, bias, and other variables of the data, and these safeguards may be insufficient. In addition, AI may present evolving ethical issues. If our use of AI becomes controversial, we may experience reputational harm or legal liability.
Further, given the early stage of generative AI, the evolving regulatory landscape surrounding AI also poses a risk, as new laws and regulations could impose additional compliance burdens, resulting in increased operational costs to comply with U.S. and non-US laws concerning the use of AI. For example, the EU’s Artificial Intelligence Act, or AI Act, originally entered into force on August 1, 2024, and is expected to undergo amendments as introduced in the EU’s November 2025 Digital Omnibus. As enacted, the AI Act imposes significant obligations on providers and deployers of high-risk AI systems and encourages providers and deployers of AI systems to account for EU ethical principles in their development and use of these systems.
Likewise, within the United States, the regulatory landscape is rapidly evolving as evidenced by several US states introducing or enacting legislation that is designed to govern the development or use of AI. Our ability to use and offer AI and machine learning solutions may be constrained by current or future laws, regulatory, or self-regulatory requirements. At the federal level, the Trump Administration has endorsed a federal moratorium on the enforcement of state AI laws, including through a December 11, 2025 executive order on “Ensuring a National Policy Framework for Artificial Intelligence.” Federal efforts have thus far have not been successful in curtailing state action on AI regulation, which has contributed to an increasingly complicated regulatory landscape. The rapid evolution of AI, including potential additional government regulation of AI and its various uses, may require significant resources for us to implement compliant and ethical AI practices. We may also be subject to significant enforcement actions or litigation in the event of any perceived or actual non-compliance.
Our competitors or other third parties have incorporated and may also incorporate AI into their products and services. If they adopt the use of AI more quickly or more successfully than us, our ability to compete effectively may be impaired, which may adversely affect our results of operations.
Table of Contents
We are responsible for transmitting a high volume of sensitive and personal information through our platform and our success depends upon the security of this platform. Any actual or perceived breach of our system that would result in disclosure of such information could materially impact our business.
We, our customers, our partners, and other third parties, including third-party vendors, cloud service providers, and payment processors that we use, obtain and process large amounts of sensitive and personal information, including information related to our customers, their employees, their guests, and their transactions. We face risks, including to our reputation as a trusted brand, in the handling and protection of this information, and these risks will increase as our business continues to expand to include new products and technologies. Our operations involve the storage, transmission, and processing of our customers’ proprietary information and sensitive and personal information of our customers, their guests, and their employees, including contact information and payment information, purchase histories, lending information, and payroll information. Cyber incidents have been increasing in sophistication and frequency and can include third parties gaining access to employee or guest information using stolen or inferred credentials, computer malware, viruses, spamming, phishing attacks, ransomware, card skimming code, social engineering, and other deliberate attacks and attempts to gain unauthorized access. As AI technologies, including generative AI models, develop rapidly, actors are using these technologies to create new attack methods that are increasingly automated, targeted, and coordinated and more to detect and . In addition, our customers may authorize third-party technology providers to access their data and any use of the third-party technology may result in access to such data we obtain and process. These can also originate on our vendors’ websites or systems, which can then be leveraged to access our website or systems, further our ability to identify and mitigate the attack. As a result, access to, security of, or -of-service attacks our platform (or any platform of our third-party vendors) could result in the of service, access to or use of, and/or of, such data, as well as of intellectual property, guest information, employee data, trade secrets, or other confidential or proprietary information.
We have administrative, technical, and physical security measures in place and proactively employ multiple security measures at different layers of our systems to defend against intrusion and attack and to protect our information; however, we have experienced security and privacy incidents in the past, and we may face additional incidents in the future. Because the techniques used to obtain unauthorized access to or to sabotage systems change frequently and generally are not identified until they are launched against a target, we may be unable to anticipate these techniques or to implement adequate preventative measures that will be sufficient to counter all current and emerging technology threats. In addition, any security breaches that occur may remain undetected for extended periods of time. While we also have and will continue to make significant efforts to address any IT security and privacy issues with respect to acquisitions we make, we may still inherit such risks when we integrate these companies.
We also have policies and procedures in place to contractually require third parties to which we transfer data to implement and maintain appropriate security and privacy measures. Sensitive and personal information is processed and stored by our customers, software and financial institution partners and third-party service providers to whom we outsource certain functions. Threats to third-party systems can originate from human error, social engineering, fraud, or malice on the part of employees or third parties, or simply from accidental technological failure, and/or computer viruses and other malware that can be distributed and infiltrate systems of third parties on whom we rely. While we select third parties to which we transfer data carefully, we do not control their actions, and these third parties may experience breaches that result in unauthorized access of data and information stored with them despite these contractual requirements and the security measures these third parties employ.
Table of Contents
If any security breach involving our systems or the systems of third parties that store or process our data or significant denial-of-service attacks or other cyber attack occurs or is believed to have occurred, our reputation and brand could be damaged, we could be required to expend significant capital and other resources to alleviate problems caused by such actual or perceived breaches or attacks and remediate our systems. In addition, we could be exposed to a risk of loss, litigation, or regulatory action and possible liability, some or all of which may not be covered by insurance, and our ability to operate our business may be impaired. Unauthorized parties have in the past gained access, and may in the future gain access, to systems or facilities used in our business through various means, including access into our systems or facilities or those of customers and their guests, attempting to induce our employees, customers, their guests, or others into usernames, passwords, payment card information, or other sensitive or personal information, which may in turn be used to access our IT systems or transfer funds to actors.
If new or existing customers believe that our platform does not provide adequate security for the storage of personal or sensitive information or its transmission over the Internet, they may not adopt our platform or may choose not to renew their subscriptions to our platform, which could harm our business. Additionally, actual, potential, or anticipated attacks may cause us to incur increasing costs, including costs to deploy additional personnel and protection technologies, train employees, engage third-party experts and consultants, and other costs related to mitigation measures. Our errors and omissions insurance policies covering certain security and privacy damages and claim expenses may not be sufficient to compensate for all potential liability. Although we maintain cyber liability insurance, we cannot be certain that our coverage will be adequate for liabilities actually incurred or that insurance will continue to be available to us on economically reasonable terms, or at all.
Further, because data security is a critical competitive factor in our industry, we may make statements in our privacy statements and notices and in our marketing materials describing the privacy and security of our platform, including but not limited to descriptions of certain security measures we employ or such features embedded within our products. Should any of these statements be untrue, become untrue, or be perceived to be untrue, even if through circumstances beyond our reasonable control, we may face claims, including claims of unfair or deceptive trade practices, brought by the U.S. Federal Trade Commission, state, local, or foreign regulators (e.g., a European Union-based data protection agency), or private litigants. U.S. and global regulators have also adopted or proposed enhanced cyber risk management standards that would apply to us and our financial institution partners and that would address cyber risk governance and management, management of internal and external dependencies, and incident response, cyber resilience, and situational awareness. Legislation and regulations on cybersecurity, data privacy and data localization may compel us to or modify our systems, invest in new systems, or alter our business practices or our policies on data governance and security. If any of these outcomes were to occur, our operational costs could increase significantly. to comply with applicable laws in this area could also result in significant , , and reputational .
Interruptions or performance problems associated with our technology and infrastructure may adversely affect our business and operating results.
Our continued growth depends in part on the ability of our existing and potential customers to access our platform at any time and within an acceptable amount of time. Our platform is proprietary, and we rely on the expertise of members of our engineering, operations, and software development teams for our platform’s continued performance. We have experienced system outages in the past, including in some cases as a result of disruptions at our third-party vendors and may in the future experience, disruptions, outages, and other performance problems related to our platform due to a variety of factors, including infrastructure changes, introductions of new functionality, human or software errors, delays in scaling our technical infrastructure if we do not maintain enough excess capacity and accurately predict our infrastructure requirements, capacity constraints due to an overwhelming number of users accessing our platform simultaneously, denial-of-service attacks, actions or inactions attributable to third parties, earthquakes, hurricanes, floods, fires, natural , power , in telecommunications services, , military or political , terrorist attacks and other geopolitical , computer viruses, ransomware, malware, or other events. Our systems also may be subject to -ins, , theft, and acts of , including by our own employees. Some of our systems are not fully redundant and our recovery planning may not be sufficient for all eventualities. Further, our business and/or network insurance may not be sufficient to cover all of our that may result from in our service as a result of system and similar events.
Table of Contents
From time to time, we may experience limited periods of server downtime due to server failure or other technical difficulties. In some instances, we may not be able to identify the cause or causes of these performance problems within an acceptable period of time. It may become increasingly difficult to maintain and improve our performance, especially during peak usage times and as our platform becomes more complex and our user traffic increases. If our platform is unavailable or if our users are unable to access our platform within a reasonable amount of time, or at all, our business would be adversely affected and our brand could be harmed. In the event of any of the factors described above, or certain other failures of our infrastructure, customer or guest data may be permanently lost. Moreover, a limited number of our agreements with customers provide for limited service-level commitments, and we may enter into additional agreements providing such commitments from time to time. If we experience significant periods of service in the future, we may be subject to by our customers these service level commitments. These events have resulted in in revenue, though such have not been material to date. System in the future could result in significant of revenue.
We have and may, from time to time, voluntarily provide certain credits to our customers to compensate them for the inconvenience caused by a system failure or similar event, to support our customers and for the benefit of the restaurant community as part of our ongoing goodwill efforts. We are committed to providing our customers high platform reliability, and may utilize significant time, human capital and other resources to analyze the root causes of these performance problems and address any gaps identified, which in turn may take away resources from other business activities. To the extent that we do not effectively address capacity constraints, upgrade our systems as needed, and continually develop our technology and network architecture to accommodate actual and anticipated changes in technology, our business and operating results may be adversely affected.
Our success depends upon our ability to continually enhance the performance, reliability, and features of our platform.
The markets in which we compete are characterized by constant change and innovation, and we expect them to continue to evolve rapidly. To attract new customers, retain existing customers, and increase sales to both new and existing customers, we must develop products and services in a cost effective and timely manner that reflect the changing nature of restaurant management software, respond to new product offerings by competitors, technological advances, and emerging industry standards and practices, and expand beyond our core functionalities to other areas of managing relationships with our customers, as well as their relationships with their guests. As the number of our customers with higher volume sales and more locations increases on our platform, so does the need for us to offer increased functionality, scalability, and support, which requires us to devote additional resources to such efforts.
The success of these and any other enhancements to our platform depends on several factors, including timely completion, adequate quality testing and sufficient demand, and the accuracy of our estimates regarding the total addressable market for new products and/or enhancements and the portion of such total addressable market that we expect to capture for such new products and/or enhancements. Any new product or service that we develop may not be introduced in a timely or cost-effective manner, may contain defects, may not have an adequate total addressable market or market demand or may not achieve the market acceptance necessary to generate meaningful revenue.
We have scaled our business rapidly, and significant new platform features and services have in the past resulted in, and in the future may continue to result in, operational challenges affecting our business. Developing and launching enhancements to our platform and new services on our platform may involve significant technical risks and upfront capital investments that may not generate return on investment. For example, we may use new technologies ineffectively, or we may fail to adapt to emerging industry standards. We may experience difficulties with software development that could delay or prevent the development, introduction or implementation of new products and enhancements. Software development involves a significant amount of time, as it can take our developers months to update, code, and test new and upgraded products and integrate them into our platform. The continual improvement and enhancement of our platform requires significant investment, and we may not have the resources to make such investment.
Table of Contents
If we are unable to successfully develop new products or services, enhance the functionality, performance, reliability, design, security, and scalability of our platform in a manner that responds to our customers’ and their guests’ evolving needs, or gain market acceptance of our new products and services, or if our estimates regarding the total addressable market and the portion of such total addressable market which we expect to capture for new products and/or enhancements prove inaccurate, our business and operating results will be harmed.
Defects, errors, or vulnerabilities in our applications, backend systems, hardware, or other technology systems and those of third-party technology providers could harm our reputation and brand and adversely impact our business, financial condition, and results of operations.
The software underlying our platform is highly complex and may contain undetected errors or vulnerabilities, some of which may only be discovered after the code has been released. Our practice is to effect frequent releases of software updates. Third-party software that we incorporate into our platform and our backend systems, hardware, or other technology systems, or those of third-party technology providers, may also be subject to defects, errors, or vulnerabilities. Any such defects, errors, or vulnerabilities could result in negative publicity, a loss of customers or loss of revenue, and access or other performance issues. Such vulnerabilities could also be exploited by bad actors and result in exposure of customer or guest data, or otherwise result in a security or other security . We may need to expend significant financial and development resources to analyze, correct, eliminate, or work around or or to address and eliminate . Any to timely and effectively any such , , or could affect our business, reputation, brand, financial condition, and results of operations.
Risks Related to Our Financial Condition and Capital Requirements
If we are unable to achieve adequate revenue growth while our expenses increase, we may not consistently maintain or increase profitability in the future.
We expect to continue to invest in expanding our business, building software and hardware designed specifically for the markets we serve, and maintaining high levels of customer support, each of which we consider critical to our continued success. In addition, to support the continued growth of our business and to meet the demands of continuously changing security and operational requirements, we plan to continue investing in our technology infrastructure and expect to see a continued increase in total operating expenses. If we are unable to generate adequate revenue growth and manage our expenses, we may not consistently maintain or increase profitability in the future.
Further, we may make decisions that will adversely affect our short-term operating results if we believe those decisions will improve the experiences of our customers and their guests and if we believe such decisions will improve our operating results over the long term. For example, from time to time, we have implemented, and may in the future implement, expense cut initiatives and reduction to the size of our workforce to, among other things, align our cost structure with our business and longer term strategies, which may increase expenses in the short term and impact our ability to grow or quickly develop and introduce products. These decisions may not be consistent with the expectations of investors and may not produce the long-term benefits that we expect, in which case our business may be materially and adversely affected.
Unfavorable conditions in the restaurant industry or the global economy could limit our ability to grow our business and materially impact our financial performance.
Our operating results may vary based on the impact of global events, such as geopolitical events, presidential elections and resulting policy changes, natural disasters, public health concerns or epidemics, and macroeconomic conditions, such as sanctions and tariffs, changes in inflation and interest rates and their potential impact on consumer spending. For example, the COVID-19 pandemic impacted our business and operations in a variety of ways, including supply chain challenges, disruptions in our sales and marketing efforts, restrictions in our ability to conduct research and development and other business activities, uncertainty in restaurant technology spending, and fluctuations in the payment volume processed through our platform.
Table of Contents
Furthermore, our revenue growth and potential profitability depend on demand for business management software and platforms serving the restaurant industry. Historically, during economic downturns, there have been reductions in spending on IT as well as pressure for extended billing terms and other financial concessions. The adverse impact of economic downturns may be particularly acute among SMBs, which comprise the majority of our customer base. If economic conditions deteriorate, our current and prospective customers may elect to decrease their IT budgets, which would limit our ability to grow our business and adversely affect our operating results.
A deterioration in general economic conditions (including distress in financial markets, fluctuations in inflation and interest rates, policy changes or changes relating to tariffs, and turmoil in specific economies around the world) may adversely affect our financial performance by causing a reduction in locations through restaurant closures or a reduction in gross payment volume. A reduction in the amount of consumer spending or credit card transactions could result in a decrease of our revenue and profits. Adverse economic factors may accelerate the timing, or increase the impact of, risks to our financial performance. These factors could include:
• restrictions on credit lines to consumers or limitations on the issuance of new credit cards;
• uncertainty and volatility in the performance of our customers’ businesses, particularly SMBs;
• customers or consumers decreasing spending for value-added services we market and sell;
• declining economies and the pace of economic recovery which can change consumer spending behaviors;
• low levels of consumer and business confidence typically associated with inflationary or recessionary environments;
• high unemployment levels, which may result in decreased spending by consumers;
• budgetary concerns in the United States and other countries around the world, which could impact consumer confidence and spending; and
• government actions, including the effect of laws and regulations and any related government stimulus.
Our revolving credit facility provides our lenders with a first-priority lien against substantially all of our assets, and contains financial covenants and other restrictions on our actions that may limit our operational flexibility or otherwise adversely affect our results of operations.
We are party to a revolving credit and guaranty agreement which contains a number of covenants that restrict our and our subsidiaries’ ability to, among other things, incur additional indebtedness, create or incur liens, merge or consolidate with other companies, sell substantially all of our assets, liquidate or dissolve, make distributions to equity holders, pay dividends, make redemptions and repurchases of stock, or engage in transactions with affiliates. We are also required to maintain a minimum liquidity balance. While we have no outstanding debt under this agreement, we are still required to comply with certain covenants and restrictions under this agreement, which may make it more difficult for us to successfully execute our business strategy, invest in our growth strategy, and compete against companies who are not subject to such restrictions.
A failure by us to comply with these covenants or payment requirements specified in the revolving credit and guaranty agreement could result in an event of default under the agreement, which would give the lenders the right to terminate their commitments to provide loans and extensions of credit and to declare any and all debt outstanding, together with accrued and unpaid interest and fees, to be immediately due and payable. In addition, the lenders would have the right to proceed against the collateral in which we granted a security interest to them, which consists of substantially all our assets.
Table of Contents
Our ability to use our net operating loss carryforwards and certain other tax attributes may be limited.
As of December 31, 2025, we had accumulated $928 million and $873 million of federal and state net operating loss carryforwards, or NOLs, respectively, available to reduce future taxable income. Of the federal NOLs, $843 million have an indefinite carryforward period but may not offset more than 80% of current taxable income annually, and $85 million will expire at various dates through 2037. Of the state NOLs, the majority will begin to expire in 2034. It is possible that we will not generate taxable income in time to use NOLs before their expiration, or at all. Under Section 382 and Section 383 of the Internal Revenue Code of 1986, as amended, or the Code, if a corporation undergoes an “ownership change,” the corporation’s ability to use its pre-change NOLs and other tax attributes, including R&D tax credits, to offset its post-change income may be limited. In general, an “ownership change” will occur if there is a cumulative change in our ownership by “5 percent stockholders” that exceeds 50 percentage points over a rolling three-year period. Similar rules may apply under state tax laws. We have completed a historical ownership change analysis and while we have experienced ownership changes in the past, none of our existing federal and state tax attributes are currently subject to historical limitations that are expected to materially limit our utilization. Our ability to utilize our federal and state attributes could be limited by ownership changes that may occur in the future.
We experience elements of seasonal fluctuations in our financial results, which could cause our stock price to fluctuate .
Our business is highly dependent on the behavior patterns of our customers and their guests. We experience seasonality in our financial technology revenue which is largely driven by the level of payment volume processed through our platform. For example, our average customers typically have greater sales during the warmer months, though this seasonal effect varies regionally. As a result, our financial technology revenue per location has historically been stronger in the second and third quarters. As a result, seasonality may cause fluctuations in our financial results, and other trends that develop may similarly impact our results of operations.
Our failure or perceived failure to achieve our environmental, social, and governance, or ESG, goals or maintain ESG practices that meet evolving stakeholder expectations could adversely affect us.
We have published ESG initiatives, goals, and commitments. These goals, commitments, and targets reflect our current plans and aspirations and are not guarantees that we will be able to achieve them. We are also subject to the evolving and divergent views on ESG matters by different stakeholders including investors, employees, and regulatory agencies. New laws and regulations relating to ESG matters, including climate change, human capital, and diversity, have been implemented, or are being developed and formalized in the U.S. and elsewhere. These regulations may entail specific, target-driven frameworks and other disclosure requirements. Our failure or perceived failure to achieve some or all of our ESG goals or maintain ESG-related practices that meet evolving stakeholder expectations or regulatory requirements could harm our reputation, adversely impact our ability to attract and retain employees or customers, and expose us to increased scrutiny from the investment community, regulatory authorities, and others or subject us to liability.
We rely primarily on third-party insurance policies to insure our operations-related risks. If our insurance coverage does not cover a particular loss or is insufficient for the needs of our business or our insurance providers are unable to meet their obligations, we may not be able to mitigate the risks facing our business, which could adversely affect our business, financial condition, and results of operations.
Table of Contents
We procure third-party insurance policies to cover various operations-related risks including employment practices liability, workers’ compensation, business interruptions, cybersecurity and data breaches, crime, directors’ and officers’ liability, and general business liabilities, but our insurance may not cover 100% of the costs and losses from all events. For certain types of operations-related risks or future risks related to our new and evolving services, we may not be able to, or may choose not to, acquire insurance. In addition, we may not obtain enough insurance to adequately mitigate such operations-related risks or risks related to our new and evolving services, and we may have to pay high premiums, self-insured retentions, or deductibles for the coverage we do obtain. Additionally, if any of our insurance providers becomes insolvent, it would be unable to pay any operations-related claims that we make. Further, some of our agreements with customers may require that we procure certain types of insurance, and if we are unable to obtain and maintain such insurance, we would be in of the terms of these customer agreements.
We are responsible for certain retentions and deductibles that vary by policy, and we may suffer losses that exceed our insurance coverage by a material amount. If the amount of one or more operations-related claims were to exceed our applicable aggregate coverage limits, we would bear the excess, in addition to amounts already incurred in connection with deductibles, or self-insured retentions. Insurance providers have raised premiums and deductibles for many businesses and may do so in the future. As a result, our insurance and claims expenses could increase, or we may decide to raise our deductibles or self-insured retentions when our policies are renewed or replaced. Our business, financial condition, and results of operations could be adversely affected if the cost per claim, premiums, or the number of claims significantly exceeds our historical experience and coverage limits; we experience a claim in excess of our coverage limits; our insurance providers fail to pay on our insurance claims; we experience a claim for which coverage is not provided; or the number of claims under our deductibles or self-insured retentions differs from historical averages.
Risks Related to Competition, Sales, and Marketing
The markets in which we participate are intensely competitive, and if we do not compete effectively, our operating results could be adversely affected.
The overall market for restaurant management software is rapidly evolving and subject to changing technology, shifting customer and guest needs, and frequent introductions of new applications. Our competitors vary in size and in the breadth and scope of the products and services they offer. In addition, there are a number of companies that are not currently direct competitors but that could in the future shift their focus to the restaurant industry and offer competing products and services, which could compete directly in our entire customer community or in a certain segment within the restaurant industry. There is also a risk that certain of our current customers and business partners could terminate their relationships with us and use the insights they have gained from partnering with us to introduce their own competing products.
Some of our current and future competitors may enjoy competitive advantages, such as greater name recognition, longer operating histories, greater category share in certain markets, market-specific knowledge, established relationships with restaurants, larger existing user bases in certain markets, more successful marketing capabilities, more integrated products and/or platforms, and substantially greater financial, technical, sales, and marketing, and other resources than we have. Additionally, some potential customers in the restaurant industry, particularly large organizations, have elected, and may in the future elect, to develop their own business management and point of sale software and platforms. Certain of our competitors have partnered with, or have acquired or been acquired by, and may in the future partner with or acquire, or be acquired by, other competitors, thereby leveraging their collective competitive positions and making it more difficult to compete with them. We believe that there are significant opportunities to further increase our revenue by expanding our addressable market. As we continue to expand our business in retail and international markets and in other verticals in the future, we will also face competition from incumbents in these markets.
Table of Contents
Additionally, many of our competitors are well capitalized and offer discounted products and services, lower customer processing rates and fees, customer discounts and promotions, innovative platforms and offerings, and alternative pay models, any of which may be more attractive than those that we offer. Such competitive pressures may lead us to maintain or lower our processing rates and fees or maintain or increase our incentives, discounts, and promotions in order to remain competitive, particularly in markets where we do not have a leading position. Such efforts have negatively affected, and may continue to negatively affect, our financial performance, and there is no guarantee that such efforts will be successful. Further, the markets in which we compete have attracted significant investments from a wide range of funding sources, and we anticipate that many of our competitors will continue to be highly capitalized. These investments, along with the other competitive advantages discussed above, may allow our competitors to continue to lower their prices and fees, or increase the incentives, discounts, and promotions they offer and thereby compete more effectively against us.
Some of our competitors offer specific point solutions, including subscriptions to software products without the requirement to use related payment processing services. While we believe that our integrated software and payments platform offers significant advantages over such point solutions and permit certain enterprise brands to utilize third-party payment service, customers who have specific needs that are addressed by these point solutions, and customers who do not want to change from an existing payment processing relationship to use our payment processing services, may believe that products and services offered by competitors better address their needs.
Additionally, our competitors may be able to respond more quickly and effectively than us to new or changing opportunities, technologies, standards, or customer requirements. With the introduction of new technologies and new market entrants, we expect competition to intensify in the future. For example, our competitors may adopt certain of our platform features or may adopt innovations that customers value more highly than ours, which would render our platform less attractive and reduce our ability to differentiate our platform. Pricing pressures and increased competition generally could result in reduced sales, reduced margins, increased churn, reduced customer retention, losses, or the failure of our platform to achieve or maintain more widespread market acceptance. For all of these reasons, we may fail to compete successfully against our current and future competitors. If we fail to compete successfully, our business will be .
Potential changes in competitive landscape, including disintermediation from other participants in the payments chain, could harm our business.
We expect the competitive landscape in the hospitality technology industry will continue to change in a variety of ways, including:
• rapid and significant changes in technology, resulting in new and innovative payment methods and programs, that could place us at a competitive disadvantage and reduce the use of our platform and services;
• competitors, including third-party processors and integrated payment providers, customers, governments, and/or other industry participants may develop products and services that compete with or replace our platform and services, including products and services that enable payment networks and banks to transact with consumers directly;
• competitors may also elect to focus exclusively on one segment of the restaurant industry and develop product offerings uniquely tailored to that segment, which could impact our addressable market and reduce the use of our platform and services;
• participants in the financial services, payments, and payment technology industries may merge, create joint ventures, or form other business alliances that may strengthen their existing business services or create new payment services that compete with our platform and services; and
• new services and technologies that we develop may be impacted by industry-wide solutions and standards related to migration to Europay, Mastercard, and Visa standards, including chip technology, tokenization, and other safety and security technologies.
Table of Contents
Certain competitors could use strong or dominant positions in one or more markets to gain a competitive advantage against us, such as by integrating competing platforms or features into products they control, including search engines, web browsers, mobile device operating systems, or social networks; by making acquisitions; or by making access to our platform more difficult. Failure to compete effectively against any of these or other competitive threats could adversely affect our business, financial condition, or results of operations.
We expend significant resources pursuing sales opportunities, and if we fail to close sales after expending significant time and resources to do so, our business, financial condition, and results of operations could be adversely affected.
The initial installation and set-up of many of our services often involve significant resource commitments by our customers, particularly those with larger operational scale. Potential customers generally commit significant resources to an evaluation of available services and may require us to expend substantial time, effort, and money educating them as to the value of our services. Our sales cycle may be extended due to our customers’ budgetary constraints or for other reasons. In addition, as we seek to sell subscriptions to our platform to additional enterprise customers, we anticipate that the sales cycle associated with those potential customers will be longer than the typical sales cycle for SMB customers, and that sales to enterprise customers will require us to expend greater sales and marketing and management resources. If we are unsuccessful in closing sales after expending significant funds and management resources, or we experience delays or incur greater than anticipated costs, our business, financial condition, and results of operations could be adversely affected.
Risks Related to Our Partners and Other Third Parties
We rely on third-party payment processors to process and settle payments made by guests, payments made to customers, and payments made on behalf of customers, and if we cannot manage risks related to our relationships with our current or future third-party payment processors, our business, financial condition, and results of operations could be adversely affected.
We rely on third-party payment processors to process and settle payments made by guests and payments made to customers on our platform. While we may continue to seek payment processing relationships with additional payment processors from time to time, we expect to continue to rely on a limited number of payment processors for the foreseeable future. We have experienced interrupted operations with respect to payments processed through our third-party payment partners, which in some cases resulted in the temporary inability of our customers to collect payments from their guests through our platform and disruptions in certain features, and we may experience similar events in the future. In the event that any of our current or future third-party payment processors fail to maintain adequate levels of support, experience interrupted operations, do not provide high quality service, increase the fees they charge us, discontinue their lines of business, terminate their contractual arrangements with us, or cease or reduce operations, we may suffer additional costs and be required to pursue new third-party relationships, which could materially our operations and our ability to provide our products and services, and could management’s time and resources. In addition, such have resulted in and may result in periods of time during which our platform cannot function properly, and therefore cannot collect payments from customers and their guests, which could affect our relationships with our customers and our business, reputation, brand, financial condition, and results of operations. It would be to replace third-party processors in a timely manner if they were or to provide us with these services in the future, and our business and operations could be affected. If these services or are of quality, our business, reputation, and operating results could be .
Table of Contents
Further, our contracts with third-party payment processors require, and additional contracts may in the future require, us to bear risk for compliance with the operating rules, or the Payment Network Rules, of Visa, Mastercard, and other payment networks, or collectively, the Payment Networks, with whom we are registered as a payment facilitator or certified service provider, and applicable law, and the risk of fraud. In the event any of our current or future third-party payment processors are subjected to losses, including any fines for reversals, chargebacks, or fraud assessed by the Payment Networks, that are caused by us or our customers due to failure to comply with the Payment Network Rules or applicable law, our third-party payment processor may impose penalties on us, increase our transaction fees, or restrict our ability to process transactions through the Payment Networks, and we may lose our ability to process payments through one or more Payment Networks. Thus, in the event of a significant loss by a third-party payment processor, we may be required to expend a large amount of cash promptly upon notification of the occurrence of such an event. A contractual with our processing partner could affect our business, financial condition, or results of operations.
We are also dependent upon various large banks and regulators to execute electronic payments and wire transfers as part of our client payroll, tax, and other money movement services. Termination of any such banking relationship, a bank’s refusal or inability to provide services on which we rely, outages, delays, or systemic shutdown of the banking industry would impede our ability to process funds on behalf of our payroll, tax, and other money movement services clients and could have an adverse impact on our financial results and liquidity.
If we fail to comply with the applicable requirements of payment networks, they could seek to fine us, suspend us, or terminate our registrations. If our customers incur fines or penalties that we cannot collect from them, we may have to bear the cost of such fines or penalties.
In order to provide our transaction processing services, we are registered as a payment facilitator or certified service provider with the Payment Networks. We and our customers must comply with the Payment Network Rules. The Payment Network Rules require us to also comply with the Payment Card Industry Data Security Standard, or the Security Standard, which is a set of rules and standards designed to ensure that all companies that process, store, or transmit payment card information maintain a secure environment to protect cardholder data.
If we fail to, or are alleged to have failed to, comply with the Payment Network Rules or the Security Standard, we may be subject to fines, penalties, or restrictions, including, but not limited to, higher transaction fees that may be levied by the Payment Networks for failure to comply with the Payment Network Rules. If a customer fails or is alleged to have failed to comply with the Payment Network Rules, we could also be subject to a variety of fines or penalties that may be levied by the Payment Networks. If we cannot collect such amounts from the applicable customer, we may have to bear the cost of the fines or penalties, and we may also be unable to continue processing payments for that customer. These potential or may result in lower earnings for us. In addition to these and , if we or our customers do not comply with the Payment Network Rules or the Security Standard, we may our status as a payment facilitator or certified service provider. Our to comply with such rules and standards could mean that we may no longer be to provide certain of our services as they are currently offered, and that existing customers, sales partners, or other third parties may using or referring our services. Prospective merchant customers, financial institutions, sales partners, or other third parties may choose to negotiations with us or or choose not to consider us for their processing needs. In each of these instances, our business, financial condition, and results of operations would be affected.
In addition to the Payment Network Rules and other applicable laws governing payment cards, our transaction processing services are subject to Nacha Rules, formerly the National Automated Clearing House Association Rules. Any changes in the Nacha Rules that increase our cost of doing business or limit our ability to provide processing services to our customers will adversely affect the operation of our business. If we or our customers fail to comply with the Nacha Rules or if our processing of customer transactions is materially or routinely delayed or otherwise disrupted, our partner financial institutions could suspend or terminate our access to Nacha’s clearing and settlement network, which would make it impossible for us to conduct our business on its current scale.
Additionally, we periodically conduct audits and self-assessments to verify our compliance with Nacha Rules. If an audit or self-assessment under Nacha Rules identifies any deficiencies that we need to remediate,
Table of Contents
the remediation efforts may distract our management team and other staff and be expensive and time consuming. Nacha may update its operating rules and guidelines at any time, which could require us to take more costly compliance measures or to develop more complex monitoring systems. Our partner financial institutions could also change their interpretation of Nacha requirements, similarly requiring costly remediation efforts and potentially preventing us from continuing to provide services through such partner financial institutions until we have remediated such issues to their satisfaction.
As our business continues to develop and expand, and we create new product offerings, we may become subject to additional rules, regulations, and industry standards. We may not always accurately interpret or predict the scope or applicability of certain regulations and standards, including the Security Standard, to our business, particularly as we expand into new product offerings, which could lead us to fall out of compliance with the Security Standard or other rules. Further, the Payment Networks could adopt new operating rules or interpret or re-interpret existing rules in ways that might prohibit us from providing certain services to some users, be costly to implement, or be difficult to follow. Any changes in the Payment Network Rules or the Security Standard, including our interpretation and implementation of the Payment Network Rules or the Security Standard to our existing or future business offerings, or additional contractual obligations imposed on us by our customers relating to privacy, data protection, or information security, may increase our cost of doing business, require us to modify our data processing practices or policies, or increase our potential liability in connection with breaches or incidents relating to privacy, data protection, and information security, including resulting in termination of our registrations with the Payment Networks. The of our registrations, or any changes in the Payment Network Rules that would our registrations, could require us to stop providing payment facilitation services relating to the affected Payment Network, which would affect our business, financial condition, or results of operations.
The Payment Network Rules, including rules related to the assessment of interchange and other fees, may be influenced by our competitors. Increases in Payment Network fees or new regulations could negatively affect our earnings.
The Payment Network Rules are set by their boards, which may be influenced by card issuers, and some of those issuers are our competitors with respect to these processing services. Many banks directly or indirectly sell processing services to customers in direct competition with us. These banks could attempt, by virtue of their influence on the Payment Networks, to alter the Payment Networks’ rules or policies to the detriment of other members and non-members including certain of our businesses.
We pay interchange, assessment, transaction, and other fees set by the Payment Networks to such networks and, in some cases, to the card issuing financial institutions for each transaction we process. From time to time, the Payment Networks increase the fees that they charge members or certified service providers. We could attempt to pass these increases along to our customers and their guests, but this strategy might result in the loss of customers to our competitors that do not pass along the increases. If competitive practices prevent us from passing along the higher fees to our customers and their guests in the future, we may have to absorb all or a portion of such increases, which may increase our operating costs and reduce our earnings.
In addition, regulators are subjecting interchange and other fees to increased scrutiny, and new regulations or interpretations of existing regulations could require greater pricing transparency of the breakdown in fees or fee limitations, which could lead to increased price-based competition, lower margins, and higher rates of customer attrition, and affect our business, financial condition, or results of operations.
We rely on customers on our platform for many aspects of our business, and any failure by them to maintain their service levels or any changes to their operating costs could adversely affect our business.
We rely on customers on our platform to provide quality foods, beverages, and service and experience to their guests. Further, an increase in customer operating costs could cause customers on our platform to raise prices, cease operations, or renegotiate processing rates, which could in turn adversely affect our financial condition and results of operations. Many of the factors affecting customer operating costs, including the cost of offering off-premise dining, are beyond the control of customers and include inflation, costs associated with the goods provided, labor and employee benefit costs, costs associated with third-party delivery services, rent costs, and energy costs. Additionally, if customers try to pass along increased operating costs by raising prices
Table of Contents
for their guests, order volume may decline, which we expect would adversely affect our financial condition and results of operations.
We depend upon third parties to manufacture our hardware products and to supply key components necessary to manufacture our hardware products. We do not have long-term agreements with all of our manufacturers and suppliers, and if these manufacturers or suppliers become unwilling or unable to provide an adequate supply of components, we may not be able to find alternative sources in a timely manner and our business would be impacted.
Many of the key components used to manufacture our hardware products, such as our customer-facing displays, come from limited or single sources of supply, and therefore a disruption with one manufacturer in our supply chain may have an adverse effect on other aspects of our supply chain and may disrupt our ability to effectively and timely deliver our hardware products. In addition, in some cases, we rely only on one hardware manufacturer to fabricate, test, and assemble our products. In general, our contract manufacturers fabricate or procure components on our behalf, subject to certain approved procedures or supplier lists, and we do not have firm commitments from all of these manufacturers to provide all components, or to provide them in quantities and on timelines that we may require. Due to our reliance on the components or products produced by suppliers such as these, we are subject to the risk of shortages and long lead times in the supply of certain components or products. We have been and will continue exploring and working with alternative manufacturers for the assembly of our products and certain single-sourced components used in our products. In the case of off-the-shelf components, we are subject to the risk that our suppliers may discontinue or modify them, or that the components may to be available on commercially reasonable terms, or at all. We have in the past experienced, and may in the future experience, component , or or other in product assembly, and the availability and cost of these components or products may be to predict. For example, the recent increase in demand for memory chips, driven by the rapid development of generative AI and large language models, could affect our ability to source certain components for our hardware products, potentially to higher sourcing costs, increased delivery lead times, and production or delivery . Additionally, our manufacturers may experience temporary or permanent in their manufacturing operations due to equipment , labor strikes or , natural , disease outbreaks, civil , hostilities or wars, component or material , cost increases, acquisitions, , changes in legal or regulatory requirements, or other similar .
As the scale of our hardware production increases, we will also need to accurately forecast, purchase, warehouse, and transport components at high volumes to our manufacturing facilities and servicing locations. If we are unable to accurately match the timing and quantities of component purchases to our actual needs or successfully implement automation, inventory management, and other systems to accommodate the increased complexity in our supply chain and parts management, or if we are affected by adverse global supply chain dynamics, such as fluctuation in freight costs, we may incur unexpected production disruption, storage, transportation, and write off costs, which may harm our business and operating results. Given the uncertainty and instability of global economic and political environment, we cannot predict how, the duration of, or the extent to which our operations and financial results may be affected.
In the event of a shortage or supply interruption from suppliers of components used in our hardware products, we may not be able to develop alternate sources quickly, cost effectively, or at all. This supply interruption could harm our relationships with our customers, prevent us from acquiring new customers, and materially and adversely affect our business. Additionally, various sources of supply-chain risk, including strikes or shutdowns at delivery ports or loss of or damage to our products while they are in transit or storage, intellectual property theft, losses due to tampering, third-party vendor issues with quality or sourcing control, failure by our suppliers to comply with applicable laws and regulations, existing and potential tariffs and sanctions, including those applicable to our relationships with vendors in China, or other trade restrictions, or other similar problems could increase our cost of production, limit or the supply of our products, or our reputation.
We also rely on certain suppliers located internationally as part of our supply chain, and the supply risks described above may similarly apply to or be more pronounced in respect of those international suppliers. For example, we have several long-term contracts with companies based in Asia. Issues and claims relating to these contracts and business arrangements may require us to bring a claim in a jurisdiction where it may be difficult and expensive to arbitrate, litigate, enforce, or otherwise resolve. In addition, there is uncertainty as to
Table of Contents
whether the courts in these international jurisdictions would recognize or enforce judgments of U.S. courts. Any litigation in international jurisdictions may be protracted and result in substantial costs and diversion of resources and management attention.
We primarily rely on Amazon Web Services to deliver our services to customers on our platform, and any disruption of or interference with our use of Amazon Web Services could adversely affect our business, financial condition, and results of operations.
We currently host our platform and support our operations on multiple data centers provided by AWS, a third-party provider of cloud infrastructure services. We do not have control over the operations of the facilities of AWS that we use. AWS’ facilities have been and could in the future be subject to damage or interruption from natural disasters, cybersecurity attacks, terrorist attacks, power outages, and similar events or acts of misconduct. The occurrence of any of the above circumstances or events and the resulting impact on our platform may harm our reputation and brand, reduce the availability or usage of our platform, lead to a significant short-term loss of revenue, increase our costs, and impair our ability to retain existing customers or attract new customers, any of which could adversely affect our business, financial condition, and results of operations.
Even though our platform is hosted in the cloud solely by AWS, we believe that we could transition to one or more alternative cloud infrastructure providers on commercially reasonable terms. In the event that our agreement with AWS is terminated or we add additional cloud infrastructure service providers, we may experience significant costs or downtime for a short period in connection with the transfer to, or the addition of, new cloud infrastructure service providers. However, we do not believe that such transfer to, or the addition of, new cloud infrastructure service providers would cause substantial harm to our business, financial condition, or results of operations over the longer term.
We depend on the interoperability of our platform across third-party applications and services that we do not control.
We have integrations with various third parties, both within and outside the restaurant ecosystem. Third-party applications, products, and services are constantly evolving, and we may not be able to maintain or modify our platform to ensure its compatibility with third-party offerings. In addition, some of our competitors or customers on our platform may take actions that disrupt the interoperability of our platform with their own products or services, or they may exert strong business influence on our ability to, and the terms on which we operate and distribute our platform. As our platform evolves, we expect the types and levels of competition we face to increase. Should any of our competitors or customers on our platform modify their technologies, standards, or terms of use in a manner that degrades the functionality or performance of our platform or is otherwise unsatisfactory to us or gives preferential treatment to our competitors’ products or services, our platform, business, financial condition, and results of operations could be adversely affected.
Our partnerships with third parties are an important source of new business for us, and, if those third parties were to reduce their referral of customers to us, our ability to increase our revenue would be adversely affected.
We have partnerships with third parties that are an important source of new business. If any of our third-party partners, such as our partners in the online food marketplace that provide referrals, were to switch to providing marketing support for another payment processor, terminate their relationship with us, merge with or be acquired by one of our competitors, or shut down or become insolvent, we may no longer receive the benefits associated with that relationship, such as new customer referrals, and we also risk losing existing customers and the related payment processing that were originally referred to us by such third-party. Any of these events could adversely affect our ability to increase our revenue.
Table of Contents
Our business is subject to a variety of U.S. and international laws and regulations, many of which are unsettled and still developing, and our or our customers’ failure to comply with such laws and regulations could subject us to claims or otherwise adversely affect our business, financial condition, or results of operations.
The restaurant technology industry and the offering of financial products therein is relatively nascent and rapidly evolving. We are or may become subject to a variety of laws and regulations. Laws, regulations, and standards governing issues such as worker classification, labor and employment, anti-discrimination, online credit card payments and other electronic payments, money transmission and money services, payment and payroll processing, on-demand pay, lending and loan brokering, loan servicing, debt collection, insurance, financial services, gratuities, pricing and commissions, text messaging, subscription services, intellectual property, data retention, privacy, data security, consumer protection, background checks, accessibility, wages, and tax are often complex and subject to varying interpretations, in many cases due to their lack of specificity. The scope and interpretation of existing and new laws, and whether they are applicable to us, is often uncertain and may be conflicting, including varying standards and interpretations between state and federal law, between individual states, and even at the city and municipality level. As a result, their application in practice may change or develop over time through judicial decisions or as new guidance or interpretations are provided by regulatory and governing bodies, such as federal, state, and local administrative agencies.
It is also likely that if our business grows and evolves and our services are used in a greater number of geographies, we would become subject to laws and regulations in additional jurisdictions. It is difficult to predict how existing laws would be applied to our business and the new laws to which it may become subject.
We may not be able to respond quickly or effectively to regulatory, legislative, and other developments, and these changes may in turn impair our ability to offer our existing or planned features, products, and services, and/or increase our cost of doing business. While we have and will need to continue to invest in the development of policies and procedures in order to comply with the requirements of the evolving, highly regulated regulatory regimes applicable to our business and those of our customers, our compliance programs are relatively nascent and we cannot assure that our compliance programs will prevent the violation of one or more laws or regulations. If we are not able to comply with these laws or regulations or if we become liable under these laws or regulations, including any future laws or obligations that we may not be able to anticipate at this time, we could be adversely affected, and we may be forced to implement new measures to reduce our exposure to this liability. This may require us to expend substantial resources, discontinue certain services or platform features, limit our customer base, or find ways to limit our offerings in particular jurisdictions, which would affect our business. Any to comply with applicable laws and regulations could also subject us to and other legal and regulatory proceedings, , or other , and civil proceedings, of significant assets, of licenses, to offer our products and services in all jurisdictions as we do currently, and other enforcement actions. In addition, the increased attention focused upon liability issues as a result of lawsuits and legislative proposals could affect our reputation or otherwise impact the growth of our business.
Further, from time to time, we may leverage third parties to help conduct our businesses in the United States or abroad. We may be held liable for any corrupt or other illegal activities of these third-party partners and intermediaries, our employees, representatives, contractors, channel partners, and agents, even if we do not explicitly authorize such activities. While we have policies and procedures to address compliance with such laws, we cannot assure you that our employees and agents will not take actions in violation of our policies and applicable law, for which we may be ultimately held responsible.
Illegal or improper activities of customers or customer noncompliance with laws and regulations governing, among other things, online credit card payments, financial services, gratuities, pricing and commissions, insurance, data retention, privacy, data security, consumer protection, wages, and tax could expose us to liability and adversely affect our business, brand, financial condition, and results of operations. While we have implemented various measures intended to anticipate, identify, and address the risk of these types of activities, these measures may not adequately address or prevent all illegal or improper activities by these parties from occurring and such conduct could expose us to liability, including through litigation, or adversely affect our brand or reputation.
Table of Contents
We are subject to extensive and complex rules and regulations, licensing, and examination by various federal, state and local government authorities and government agencies, and a failure to comply with the laws and regulations applicable to us could have a material adverse effect on our business. Further, changes in legislative and regulatory policy affecting payment processing or small business lending could have a material adverse effect on our business.
In connection with our financial technology solutions, we must comply with a number of federal, state and local laws and regulations, including state and federal unfair, deceptive, or abusive acts and practices laws, the Federal Trade Commission Act, the Equal Credit Opportunity Act, the Servicemembers Civil Relief Act, the Electronic Fund Transfer Act, the Gramm-Leach-Bliley Act, and the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act, or the Dodd Frank Act. We must also comply with any applicable laws related to lending, loan brokering, loan servicing, debt collection, payroll processing, on-demand pay, insurance, anti-money laundering, money transfers, and advertising, as well as a number of domestic and international privacy and information security laws, including the CCPA and the GDPR. The GDPR in the EU and the UK, which have been incorporated into their respective laws, impose stringent requirements on the processing of personal data. These requirements encompass: (i) providing information to individuals regarding data processing activities; (ii) ensuring a legal basis or condition applies to the processing of personal data and, where applicable, obtaining consent from individuals to whom the data processing relates; (iii) responding to data subject requests; (iv) imposing requirements to notify the competent national data protection authorities and data subjects of personal data ; (v) implementing safeguards in connection with the security and confidentiality of the personal data; (vi) accountability requirements; and (vii) taking certain measures when engaging third-party processors. with these privacy and security laws could result in significant and remediation obligations. For example, under the GDPR, can result in up to the of 4% of worldwide annual revenue or €20 million (£17.5 million in the UK) depending on the circumstances. Additionally, we are or may become subject to a wide range of complex laws and regulations concerning the withholding, filing, and remittance of income and payroll taxes in connection with our payroll processing business. We may, in the future, offer additional financial technology solutions to guests of our customers that may be subject to additional laws and regulations or be subject to the aforementioned laws and regulations in novel ways.
Lending facilitated through the Toast Capital platform must comply with anti-discrimination statutes such as the Equal Credit Opportunity Act and state law equivalents that prohibit creditors from discriminating against loan applicants and borrowers based on certain characteristics, such as race, religion and national origin. In addition to reputational harm, violations of the Equal Credit Opportunity Act can result in actual damages, punitive damages, injunctive or equitable relief, attorneys’ fees, and civil money penalties.
In addition, federal and state financial services regulators are aggressively enforcing existing laws, regulations, and rules and enhancing their supervisory expectations regarding the management of legal and regulatory compliance risks. This shift in government enforcement policies and priorities may increase the risk that we will be subject to penalties and other materially adverse consequences through government enforcement actions. A finding that we failed to comply with applicable federal, state, and local law could result in actions that make our platform less convenient and attractive to, and potentially unsuitable for, customers and their guests or that have other materially adverse effects on our operations or financial condition. Further, in June 2024, the U.S. Supreme Court reversed its longstanding approach under the Chevron doctrine, which provided for judicial deference to regulatory agencies. As a result of this decision, we cannot be sure whether there will be increased challenges to existing agency regulations or how lower courts will apply the decision in the context of other regulatory schemes without more specific guidance from the U.S. Supreme Court. For example, the U.S. Supreme Court's decision could significantly impact consumer protection, advertising, privacy, artificial intelligence, anti- and anti-money practices and other regulatory regimes with which we are required to comply. Any such regulatory developments could result in uncertainty about and changes in the ways such regulations apply to us, and may require additional resources to ensure our continued compliance.
Table of Contents
Our subsidiary, TPS, holds money transmitter licenses or similar authorizations in multiple states where they may be required in order for us to offer our payroll processing products. Each of the issuers of licenses has the authority to supervise and examine our activities. Licensing determinations are matters of regulatory interpretation and could change over time. For example, certain states may have a more expansive view than others of what activities qualify as lending, loan brokering, loan servicing, debt collection, on-demand pay, money transmission, or payroll processing and require a license. Government authorities could disagree with our licensing position or our reliance on certain exemptions from licensing requirements or determine that Toast, TPS, or another Toast subsidiary or affiliate should have applied for licenses sooner, and they could require us to obtain such licenses, fine us for unlicensed activity, require us to enter into a consent agreement, or subject us to other investigations and enforcement actions. They could also require us to cease conducting certain aspects of our business until we are properly licensed or deny us a license. An adverse licensing determination or the revocation of a license in one jurisdiction could affect our licensing status in other jurisdictions. There can be no assurance that we will be to obtain any such licenses, and, even if we are to do so, we could be required to make product and service changes in order to obtain and maintain such licenses, which could have a material and effect on our business. As we obtain such licenses, we are and will become subject to many additional requirements and , including those with respect to the custody of customer funds; record-keeping requirements; disclosure requirements; examination requirements; annual or biennial activity reporting and license renewal requirements; notification and approval requirements for changes in our officers, directors, stock ownership, or corporate control; permissible investment requirements; capital or minimum net worth requirements; bonding; restrictions on marketing and advertising; qualified individual requirements; anti-money and compliance program requirements; data security and privacy requirements; and review requirements for customer-facing documents. The cost of obtaining and maintaining licenses can be material.
Our subsidiary, Toast Insurance Services, Inc., and certain personnel hold insurance related licenses. We cannot assure you that we, or our licensed personnel, are and will remain at all times in full compliance with insurance laws and regulations, and we may be subject to fines, enforcement actions, void contracts, or our insurance operations in that state may be suspended or prohibited in the event of any non-compliance. If we, or our licensed personnel, apply for new licenses, we may become subject to additional licensing requirements, which we may not be in compliance with at all times.
We provide our financial technology solutions in a constantly changing legal and regulatory environment. New laws or regulations, or new interpretations of existing laws or regulations, affecting our financial technology solutions could have a materially adverse impact on our ability to operate as currently intended and cause us to incur significant expense in order to ensure compliance. For example, government agencies may impose new or additional rules that (i) prohibit, restrict, and/or impose taxes or fees on payment processing transactions in, to or from certain countries or with certain governments, individuals, and entities; (ii) impose additional client identification and client due diligence requirements; (iii) impose additional reporting or recordkeeping requirements, or require enhanced transaction monitoring; (iv) limit the types of entities capable of providing payment processing services, or impose additional licensing or registration requirements; (v) impose minimum capital or other financial requirements; (vi) require enhanced disclosures to our payment processing clients; (vii) cause loans facilitated through the Toast Capital platform, or any of the underlying terms of those loans, to be unenforceable against the relevant borrowers; (viii) limit the number or principal amount of payment processing transactions that may be sent to or from a jurisdiction, whether by an individual or in the aggregate; and (ix) restrict or limit our ability to facilitate processing transactions using centralized databases. These regulatory changes and uncertainties make our business planning more and could require us to invest significant resources and devote significant management attention to pursuing new business activities, change certain of our business practices or our business model, or us to additional costs (including increased compliance costs and/or customer remediation), any of which could impact our results of operations. If we to comply with new laws or regulations, or new interpretations of existing laws or regulations, our ability to operate our business, our relationships with our customers, our brand, and our financial condition and results of operations could be affected.
Proposals to change the statutes affecting working capital loans facilitated through the Toast Capital platform may periodically be introduced in Congress and state legislatures. If enacted, those proposals could affect Toast Capital’s operating environment in substantial and unpredictable ways.
As we expand our presence internationally, we may become subject to the laws, regulations, licensing schemes, industry standards, and payment card networks rules applicable in such jurisdictions, which may require us to invest additional resources to adopt appropriate compliance policies and measures. If we are unable to comply with the rules or laws of new jurisdictions in which we conduct business, our business or reputation may be adversely affected.
Table of Contents
Our relationship with our bank partner that makes loans to our customers may subject us to regulation as a service provider or a lender, and loans found to be made in violation of applicable law may be unenforceable, which could damage our commercial relationships and adversely affect our business and results of operations.
The working capital loans that we market to our customers are made by our bank partner. We are a service provider of this bank, providing marketing and loan administration services. Our contract with our bank partner requires us to comply with state and federal lending and servicing-related laws and regulations. These contracts with bank partners may make us responsible for program compliance. In the future, we may enter into similar partner arrangements with other state or federally chartered financial institutions that may require us to comply with the laws to which such third parties are subject. As a service provider to financial institutions, such as banks, we are or may become subject to regulatory oversight and examination by the Federal Financial Institutions Examination Council, an interagency body, the Board of Governors of the Federal Reserve System, or the Federal Reserve, the Office of the Comptroller of the Currency, or the OCC, the FDIC, the Consumer Financial Protection Bureau, or CFPB, and various other federal and state regulatory authorities. We also may be subject to similar review by state agencies that regulate our partner financial institutions.
The Interagency Guidance on Third-Party Relationships: Risk Management, jointly adopted by the federal banking regulators in 2023, provides a framework for clarifying the supervisory expectation on financial institutions that engage in financial services (such as lending activities) through third parties. The guidance includes supervisory expectations for third-party risk management programs, diligence, monitoring, and examination. The increased supervisory attention on bank partnership arrangements could make bank service provider arrangements more costly, and lead to increases in our operating costs. Going forward, we may have increased difficulty in establishing or maintaining such arrangements, each of which could have a material adverse effect on our business, financial condition, and results of operations.
These and other potential changes to laws and regulations and enhanced regulatory oversight of our partner financial institutions may require us to divert more resources to our compliance programs and maintaining our relationships with our partner financial institutions, terminate or modify our relationships with our partner financial institutions, or otherwise limit the manner in which we conduct our business. If we are unable to adapt our products and services to conform to the new laws and regulations, or if these laws and regulations have a negative impact on our clients, we may experience client losses or increased operating costs, which could have a material adverse effect on our business, financial condition, and results of operations.
We may also be challenged that our bank partner is not the “true lender” of the loans. Loans facilitated by Toast Capital are made by our bank partner in reliance on the position that the bank is the “true lender” for such loans. That true lender status determines various elements of the structure of the loan program, including that we do not hold licenses required solely for being the party that makes loans to our customers, and loans facilitated through the Toast Capital platform may involve pricing and payment structures permissible at origination because the lender is a bank, and/or the disclosures provided to borrowers are accurate and compliant in reliance on the status of the lender as a bank. Because the loans facilitated through the Toast Capital platform are made by our bank partner, many state financial regulatory requirements, including usury restrictions (other than the restrictions of the state in which our bank partner made a particular loan is located) and many licensing requirements and substantive requirements under state lender licensing laws, are treated as inapplicable based on principles of federal preemption or express exemptions provided in relevant state laws for certain types of financial institutions or loans they make.
Certain recent litigation and regulatory enforcement have challenged, or is currently challenging, the characterization of bank partners as the “true lender” in connection with programs involving marketing, processing, and/or servicing relationships between a bank partner and non-bank lending platforms. In addition, lawmakers have expressed concerns that bank partner arrangements undermine consumer safeguards, including state usury laws, and encouraged federal regulators to intervene. If we were to be determined the “true lender” of loans facilitated through the Toast Capital platform, we could face penalties and/or loans facilitated through the Toast Capital platform may be or become void, voidable, or otherwise impaired in a manner that may have adverse effects on our operations (either directly or as a result of an adverse impact on our relationship with our bank partner).
Table of Contents
There have been no formal proceedings against us or indications of any proceedings against us to date, but there can be no assurance that state agencies or regulators will not make assertions with respect to the loans facilitated by our platform in the future. If a court or a state or federal enforcement agency were to deem Toast or Toast Capital, rather than our bank partner, the “true lender” for loans facilitated through our platform, and if for this reason (or any other reason) the loans were deemed subject to and in violation of certain state lender licensing and usury laws, we could be subject to fines, damages, injunctive relief (including required modification or discontinuation of our business in certain areas), and other penalties or consequences, and the loans could be rendered void or unenforceable in whole or in part, any of which could have a material adverse effect on our business (directly, or as a result of adverse impact on our relationships with our bank partner).
Last, terms of certain loans facilitated through the Toast Capital platform could, or may in the future, be challenged as violating applicable lending regulations. When establishing the fixed fee and payment structures that are charged to borrowers on loans we market and service, our bank partner relies on certain authority under federal law to export the interest requirements of the state where the bank is located to borrowers located in other states. Further, we rely on the ability of subsequent holders to continue charging such fee and payment structures and to enforce other contractual terms of the loans that are permissible under federal banking laws following the acquisition of the loans. In some states, the fee of some loans facilitated through the Toast Capital platform, if considered interest, may exceed the maximum interest rate permitted from time to time for loans made by non-bank lenders to borrowers located in such states. In addition, the rate structures for some loans facilitated through the Toast Capital platform may not be permissible in all states for non-bank lenders and/or the amounts charged in connection with loans facilitated through the Toast Capital platform may not be permissible in all states for non-bank lenders.
Usury, fee, and disclosure related claims involving loans facilitated through the Toast Capital platform may be raised in multiple ways. We and our bank partner may face litigation, government enforcement, or other challenge, for example, based on claims that the bank did not establish loan terms that were permissible in the state in which it is located or did not correctly identify the home or host state in which it is located, or in which the borrower is located, for purposes of interest exportation authority under federal law.
If a borrower or any state agency were to successfully bring a claim against us or our bank partner for a state licensing or usury law violation and the rate at issue on the loan was deemed impermissible under applicable state law, we and our bank partner may face various commercial and legal repercussions, including not receiving the total amount of payments expected, and in some cases, the loans could be deemed void, voidable, rescindable, or otherwise impaired or we or our bank partner may be subject to monetary, injunctive or criminal penalties. Were such repercussions to apply to us, they could have a material adverse effect on our business, financial condition and results of operations; and were such repercussions to apply to our bank partner, it could be discouraged from making loans to our customers. We may also be subject to the payment of damages in situations where we agreed to provide indemnification to our bank partner, as well as and assessed by state and federal regulatory agencies.
Our involvement in our payroll, transaction processing services, and other financial technology solutions, could be subject to federal and state money service business or money transmitter registration and licensing requirements that could result in substantial compliance costs, and our business could be adversely affected if we fail to predict how a particular law or regulation should be applied to our business. Failure to comply with anti-money laundering, economic and trade sanctions regulations, the FCPA, and similar laws could subject us to penalties and other adverse consequences.
Toast and certain of its subsidiaries offer access to certain other financial technology products and services that are provided to our customers by bank partners. Our contracts with these bank partners, and our role in providing these services, requires us to comply with state and federal laws and regulations as well.
Table of Contents
While we believe we have defensible arguments in support of our positions that our involvement in our transaction processing services is not subject to federal money services business, or MSB, registration and state money transmitter licensing in all states, we have not expressly obtained confirmation of such positions from FinCEN or all state regulators that administer the state money transmission or payroll processor laws. It is possible that certain state regulators may determine that our activities are subject to licensing. Any determination that we are in fact required to be licensed in a state where we do not already hold a license may require substantial expenditures of time and money and could lead to liability in the nature of penalties or fines, costs, legal fees, reputational damage, or other negative consequences as well as cause us to be required to cease operations in some of the states we service, which would have a material adverse effect on our business, financial condition, results of operations, and reputation. In the past, certain competitors have been found to violate laws and regulations related to money transmission, and they have been subject to and other by regulatory authorities. Regulators and third-party auditors have also identified gaps in how similar businesses have implemented anti-money programs. The adoption of new money transmitter, payroll processor, or money services business laws in jurisdictions, or changes in regulators’ interpretation of existing state and federal money transmitter, payroll processor, or money services business laws or regulations, could subject us to new registration or licensing requirements. There can be no assurance that we will be to obtain or maintain any such licenses in all states where we offer transaction processing services, and, even if we were to do so, there could be substantial costs and potential product changes involved in maintaining such licenses, which could have a material effect on our business. In addition, there are substantial costs and potential product changes involved in maintaining and renewing such licenses, and we could be subject to , license , or other enforcement action if we are found to disclosure, reporting, anti-money , capitalization, corporate governance, or other requirements of such licenses. An licensing determination or the of a license in one jurisdiction could prevent us from operating certain aspects of our business in that jurisdiction, and could affect our licensing status in other jurisdictions. These factors could impose substantial additional costs, involve considerable in the development or provision of our products or services, require significant and operational changes, or prevent us from providing our products or services in any given market.
In addition, our offering of stored value cards, gift cards and electronic gift certificates may trigger various federal and state laws and regulations. The customers who utilize our gift card processing products and services may be subject to these laws and regulations, which may include the Credit Card Accountability Responsibility and Disclosure Act of 2009. In addition, the payroll cards that are offered to our customers’ workers are issued by a bank partner. We are a service provider of this bank, providing marketing and account administration services.
TPS is registered with FinCEN as an MSB. Registration as an MSB subjects us to the regulatory and supervisory jurisdiction of FinCEN, the anti-money laundering provisions of the BSA, and its implementing regulations applicable to MSBs. FinCEN may also interpret the BSA and its regulations as requiring registration of our parent company or other subsidiaries as MSBs. State regulators often impose similar requirements on licensed money transmitters. In addition, our contracts with financial institution partners and other third parties may contractually require us to maintain an anti-money laundering program. We are also subject to economic and trade sanctions programs, including those administered by OFAC, which prohibit or restrict transactions to or from or dealings with specified countries, their governments, and in certain circumstances, their nationals, and with individuals and entities that are specially-designated nationals of those countries, narcotics traffickers, terrorists or terrorist organizations, and other sanctioned persons and entities.
Table of Contents
We may in the future operate our business in foreign countries where companies often engage in business practices that are prohibited by U.S. and other regulations applicable to us. We are subject to anti-corruption laws and regulations, including the FCPA and other laws that prohibit the making or offering of improper payments to foreign government officials and political figures, including anti-bribery provisions enforced by the Department of Justice and accounting provisions enforced by the SEC. These laws prohibit improper payments or offers of payments to foreign governments and their officials and political parties by the United States and other business entities for the purpose of obtaining or retaining business. We have implemented policies, procedures, systems, and controls designed to identify and address potentially impermissible transactions under such laws and regulations; however, there can be no assurance that all of our employees, consultants, and agents, including those that may be based in or from countries where practices that violate U.S. or other laws may be customary, will not take actions in violation of our policies, for which we may be ultimately responsible.
Our failure to comply with anti-money laundering, economic, and trade sanctions regulations, the FCPA, and similar laws could subject us to substantial civil and criminal penalties or result in the loss or restriction of our federal MSB registration and state money transmitter licenses (or the inability to obtain new licenses necessary to operate in certain jurisdictions). We may also face liability under our contracts with third parties, which may significantly affect our ability to conduct some aspects of our business. Additionally, changes in this regulatory environment may significantly affect or change the manner in which we currently conduct some aspects of our business. For example, bank regulators are imposing additional and stricter requirements on banks to ensure they are meeting their BSA obligations, and banks are increasingly viewing money services businesses, as a class, to be higher risk customers for money laundering. As a result, our bank partners may limit the scope of services they provide to us or may impose additional requirements on us. These regulatory restrictions on banks and changes to banks’ internal risk-based policies and procedures may result in a decrease in the number of banks that may do business with us, may require us to change the manner in which we conduct some aspects of our business, may decrease our revenue and earnings and could have a materially effect on our results of operations or financial condition.
Our platform regularly collects and stores personal information and, as a result, both domestic and international privacy and data security laws apply. As these laws are enhanced or new laws are introduced, our business could incur additional costs and liabilities and our ability to perform our services and generate revenue could be impacted.
As we seek to build a trusted and secure platform for and to expand our network of customers and facilitate their transactions and interactions with their guests, we will increasingly be subject to laws and regulations relating to the collection, use, retention, privacy, security, and transfer of information, including the personal information of their employees and guests. Domestically, this includes federal as well as state-specific legislation, including but not limited to the CCPA. Additionally, a number of U.S. state-specific privacy laws have recently become effective or will become effective in 2024. As we expand internationally, international privacy laws pertaining to the processing and security of personal information become more relevant to our business, including but not limited to the GDPR, the United Kingdom GDPR and local privacy legislation, as well as Canadian privacy legislation, including Canada’s Personal Information Protection and Electronic Documents Act and local provincial legislation. As with the other laws and regulations noted above, these laws and regulations may change or be interpreted and applied differently over time and from jurisdiction to jurisdiction, and it is possible they will be interpreted and applied in ways that will materially and adversely affect our business.
Table of Contents
As noted above, many states in which we operate have laws that protect the privacy and security of sensitive and personal information. Certain state laws may be more stringent or broader in scope, or offer greater individual rights, with respect to sensitive and personal information than federal or other state laws, and such laws may differ from each other, which may complicate compliance efforts. For example, the CCPA was amended by the California Privacy Rights Act, which went into effect in January 2023, significantly amended the CCPA and requires companies covered by the legislation to provide disclosures to California consumers and afford such consumers rights with respect to their personal information, including the right to request deletion of their personal information, the right to receive the personal information on record for them, the right to know what categories of personal information generally are maintained about them, as well as the right to opt-out of certain sales of personal information and sharing personal information for certain advertising purposes. The CCPA also granted a new state agency, the California Privacy Protection Agency, powers to adopt and enforce regulations interpreting the CCPA, and the agency is continuing to adopt new rules that may require us to evolve and adapt our compliance strategies. The effects of the CCPA are potentially significant and may require us to modify our data collection or processing practices and policies and to incur substantial costs and expenses in an effort to comply and increase our potential exposure to regulatory enforcement and/or . In addition, the CCPA provides for civil for , as well as a private right of action for certain data that result in the of personal information. This private right of action may increase the likelihood of, and risks associated with, data .
A number of states have enacted and implemented various forms of consumer privacy legislation similar to the CCPA. We anticipate that more states may enact legislation similar to the CCPA and other state privacy laws, which provide consumers with new privacy rights and increase the privacy and security obligations of entities handling certain personal information of such consumers. Moreover, states may pass consumer privacy laws that deviate from or exceed the requirements of the existing laws, or that regulate specific business practices. For example, Washington state’s My Health My Data Act came into effect in 2024 and requires regulated businesses to apply specific protections for consumer health data, which is defined broadly to include certain data categories that are not directly related to health, such as location information. These state privacy developments have prompted a number of proposals for new federal and state-level privacy legislation and regulation. Such proposed legislation and regulation, if enacted, may add additional complexity, variation in requirements, restrictions and potential legal risk, require additional investment of resources in compliance programs, impact strategies, and the availability of previously useful data, and could result in increased compliance costs and/or changes in business practices and policies.
The regulatory framework governing the collection, processing, storage, use, and sharing of certain information, particularly financial and other personal information, is rapidly evolving and is likely to continue to be subject to uncertainty and varying interpretations. It is possible that these laws may be interpreted and applied in a manner that is inconsistent with our existing data practices or the features of our services and platform capabilities. Any failure or perceived failure by us, or any third parties with which we do business, to comply with our posted privacy statements or notices, changing consumer expectations, evolving laws, rules and regulations, industry standards, or contractual obligations to which we or such third parties are or may become subject, may result in actions or other claims against us by governmental entities or private actors, the expenditure of substantial costs, time, and other resources or the incurrence of significant fines, penalties, or other liabilities. In addition, any such action, particularly to the extent we were found to have engaged in violations or otherwise liable for , would our reputation and affect our business, financial condition, and results of operations.
Table of Contents
We cannot yet fully determine the impact these or future laws, rules, regulations, and industry standards may have on our business or operations. Any such laws, rules, regulations, and industry standards may be inconsistent among different jurisdictions, subject to differing interpretations or may conflict with our current or future practices. Additionally, our partners and our customers and their guests may be subject to differing privacy laws, rules, and legislation, which may mean that our partners or customers require us to be bound by varying contractual requirements applicable to certain other jurisdictions. If our customers fail to comply with such privacy laws, rules, or legislation, we could be exposed to liability and our business, financial condition, results of operations, and brand could be adversely affected. Adherence to contractual requirements imposed by our partners or customers may impact our collection, use, processing, storage, sharing, and disclosure of various types of information including financial information and other personal information, and may mean we become bound by, or voluntarily comply with, self-regulatory or other industry standards relating to these matters that may further change as laws, rules, and regulations evolve. Complying with these requirements and changing our policies and practices may be onerous and , and we may not be to respond quickly or effectively to regulatory, legislative, and other developments. These changes may in turn our ability to offer our existing or planned features, products, and services, and/or increase our cost of doing business. As we expand our partnerships and our customer base, these requirements may vary from customer to customer, and from guest to guest, further increasing the cost of compliance and doing business.
We publicly post documentation regarding our practices concerning the collection, processing, use, and disclosure of information. Although we endeavor to comply with our published statements, notices, and documentation, we may at times fail to do so or be alleged to have failed to do so. Any failure or perceived failure by us to comply with our privacy statements, notices, or any applicable privacy, security, or data protection, information security, or consumer-protection related laws, regulations, orders, or industry standards could expose us to costly litigation, significant awards, fines or judgments, civil and/or criminal penalties, or negative publicity, and could materially and adversely affect our business, financial condition, and results of operations. The publication of our privacy statements, notices, and other documentation that provide promises and assurances about privacy and security can subject us to potential state and federal action if they are found to be non-compliant, , , or misrepresentative of our actual practices, which could, individually or in the aggregate, materially and affect our business, financial condition, and results of operations.
We have incurred, and may continue to incur, significant expenses to comply with evolving mandatory privacy and security standards and protocols imposed by law, regulation, industry standards, shifting customer and guest expectations, or contractual obligations, both in the U.S. and internationally. We post on our website our privacy statement and practices concerning the collection, use, and disclosure of information. In particular, with laws and regulations such as the CCPA and similar laws in the United States imposing new and relatively burdensome obligations, and with substantial uncertainty over the interpretation and application of these and other laws and regulations, we may face challenges in addressing their requirements and making necessary changes to our policies and practices and may incur significant costs and expenses in an effort to do so. This also applies in the context of international privacy legislation such as the GDPR, UK GDPR and applicable Canadian privacy legislation. Any failure, real or perceived, by us to comply with our posted privacy statements or notices, changing customer and guest expectations, or with any evolving regulatory requirements, interpretations, or orders, other local, state, federal, or international privacy, data protection, information security, or consumer protection-related laws and regulations, industry standards, or contractual obligations could cause our customers to reduce their use of our products and services, disrupt our supply chain or third-party vendor or developer partnerships, and materially and affect our business.
Changes in tax law may adversely affect our financial position and results.
We are subject to taxation in the United States and certain other jurisdictions in which we operate. Changes in applicable tax laws or regulations may be proposed or enacted that could materially and adversely affect our effective tax rate, tax payments, results of operations, financial condition and cash flows. While we believe our income tax provisions are reasonable, the actual tax outcomes could differ from what is recorded in our consolidated financial statements and may significantly impact our financial results in the period when these differences are resolved. Factors such as changes in tax rates, shifts in income and losses across regions with different tax rates, non-deductible expenses, adjustments to deferred tax assets and liabilities or valuation allowance could negatively affect our effective tax rate. Any increase in our tax rate could reduce our profitability or, in some cases, deepen our losses.
Table of Contents
Our future tax rates could be influenced by modifications in accounting standards or alterations in tax laws at the federal, state, or international levels, as well as new tax rulings. The U.S. Department of Treasury can issue regulations and provide interpretive guidance, which could affect our compliance with the law and potentially impact our operational results when issued. Many countries are actively considering or have proposed or enacted changes to their tax laws based on the model rules adopted by the Organization for Economic Developments, defining a 15% global minimum tax (often referred to as Pillar 2). Such changes might elevate our tax responsibilities in the countries where we conduct business or necessitate adjustments in our operational strategies. Evolving global tax regulations affecting multinational corporations could significantly influence our operations, lead to an increase in our global effective tax rate and adversely impact our financial performance.
Under state tax law, we may be deemed responsible for collecting and remitting sales taxes directly to certain states. State tax authorities may raise questions about, or challenge or disagree with, our calculation, reporting, or collection of taxes and may require us to collect taxes or to remit additional taxes and interest and could impose associated penalties and fees. Moreover, an increasing number of states have considered or adopted laws or administrative practices that attempt to impose obligations for online marketplaces, payment service providers, and other intermediaries. These obligations may require us to collect and remit taxes on the merchant customers’ behalf and take on additional reporting and record-keeping obligations. Any failure by us to prepare for and to comply with these and similar reporting and record-keeping obligations could result in substantial monetary penalties and other sanctions, adversely impact our ability to do business in certain jurisdictions, and harm our business.
Government regulation of the Internet, mobile devices, and e-commerce is evolving, and unfavorable changes could substantially adversely affect our business, financial condition, and results of operations.
We are subject to general business regulations and laws as well as federal and state regulations and laws specifically governing the Internet, mobile devices and other hardware, social media, advertising, and e-commerce that are constantly evolving. Existing and future laws and regulations, or changes thereto, may impede the growth of our business, increase the cost of providing online services, require us to change our business practices, or raise compliance costs or other costs of doing business. These evolving regulations and laws may cover taxation, tariffs, user privacy, data protection, pricing and commissions, content, copyrights, trademarks, patents, distribution, social media marketing, advertising practices, sweepstakes, mobile, electronic contracts and other communications, consumer protection, and the characteristics and quality of our services. It is not clear how existing laws governing issues such as property ownership, sales, use, and other taxes, and privacy apply to the Internet, e-commerce, and other new technologies. In addition, in the future, it is possible that foreign government entities in jurisdictions in which we have expanded or seek to expand our business may seek to or may even attempt to block access to our mobile applications and website. Any failure, or perceived failure, by us to comply with any of these laws or regulations could result in damage to our reputation and brand, a in business, and proceedings or actions us by governmental entities or others, which could affect our business, financial condition, and results of operations.
Table of Contents
Risks Related to Our Intellectual Property
If we fail to adequately protect our intellectual property rights, our competitive position could be impaired and we may lose valuable assets or revenue and become subject to costly litigation to protect our rights.
Our success is dependent, in part, upon protecting our intellectual property rights. We rely on a combination of patents, copyrights, trademarks, service marks, trade secret laws, and contractual restrictions to establish and protect our intellectual property rights in our products and services. However, the steps we take to protect our intellectual property may be inadequate. We will not be able to protect our intellectual property if we are unable to enforce our rights or if we do not detect unauthorized use of our intellectual property. Despite our precautions, it may be possible for unauthorized third parties to copy our products and use information that we regard as proprietary to create products and services that compete with ours. Some provisions in our licenses of our technology to customers and other third parties protecting against unauthorized use, copying, transfer, and disclosure of our products may be unenforceable under the laws of certain jurisdictions and foreign countries. Further, the laws of some countries do not protect proprietary rights to the same extent as the laws of the United States. To the extent we expand our international activities, our exposure to copying and use of our products and proprietary information may increase.
Our issued patents and any patents issued in the future may not provide us with any competitive advantages, and our patent applications may never be granted. Additionally, the process of obtaining patent protection is expensive and time consuming, and we may not be able to file and prosecute all necessary or desirable patent applications, or we may not be able to do so at a reasonable cost or in a timely manner. Even if issued, these patents may not adequately protect our intellectual property, as the legal standards relating to the infringement, validity, enforceability, and scope of protection of patent and other intellectual property rights are complex and often uncertain.
Additionally, we have registered, among other trademarks, the name “Toast” in the United States and other jurisdictions. As we expand internationally, we will apply for trademark protection for our name and certain product and service marks in foreign jurisdictions. However, trademark applications may not be approved in all jurisdictions, and in some countries, existing third-party rights or local laws may prevent us from registering or enforcing our marks. If we are unable to obtain trademark protection for our name or other key marks in foreign markets, or if our trademark rights are successfully challenged, we may be required to rebrand our products or services in those jurisdictions, which could result in significant costs, loss of brand recognition, and adverse effects on our business and operating results. Competitors have and may continue to adopt service names similar to ours, thereby harming our ability to build brand identity and possibly leading to user confusion. There could also be potential trade name or trademark infringement brought by owners of other trademarks that are similar to our trademarks. or proceedings before the U.S. Patent and Trademark Office or other governmental authorities and administrative bodies in the United States and abroad may be necessary in the future to enforce our intellectual property rights and to determine the validity and scope of the proprietary rights of others. Further, we may not timely or register our trademarks or otherwise secure our intellectual property.
We also have registered domain names that we use in, or are related to, our business, most importantly www.toasttab.com. If we are unable to protect our domain names, our brand recognition and reputation would suffer, we would incur significant expense establishing new brands or protecting and maintaining rights in existing domain names and our results of operations would be adversely impacted.
We enter into confidentiality and invention assignment agreements with our employees and consultants and enter into confidentiality agreements with the parties with whom we have strategic relationships and business alliances. These agreements may not be effective in preventing unauthorized use or disclosure of confidential information or controlling access to and distribution of our products or other proprietary information. Further, these agreements do not prevent our competitors from independently developing technologies that are substantially equivalent or superior to our products.
Table of Contents
In order to protect our intellectual property rights, we may be required to spend significant resources to monitor and protect these rights. Litigation may be necessary in the future to enforce our intellectual property rights and to protect our trade secrets. Litigation brought to protect and enforce our intellectual property rights could be costly, time consuming, and distracting to management, and could result in the impairment or loss of portions of our intellectual property. Furthermore, our efforts to enforce our intellectual property rights may be met with defenses, counterclaims, and countersuits attacking the validity and enforceability of our intellectual property rights. Our inability to protect our proprietary technology against unauthorized copying or use, as well as any costly litigation or diversion of our management’s attention and resources, could further sales or the implementation of our existing products, the functionality of our products, introductions of new products, result in our substituting or more technologies into our products, or our reputation or brand. In addition, we may be required to license additional technology from third parties to develop and market new products, and we may not be to license that technology on commercially reasonable terms or at all. Our to license this technology could our ability to compete.
We have been, and may in the future be, subject to intellectual property rights claims by third parties, which are extremely costly to defend, could require us to pay significant damages and could limit our ability to use certain technologies.
Companies in the software and technology industries, including some of our current and potential competitors, own large numbers of patents, copyrights, trademarks, and trade secrets and frequently enter into litigation based on allegations of infringement or other violations of intellectual property rights. In addition, many of these companies have the capability to dedicate substantially greater resources to enforce their intellectual property rights and to defend claims that may be brought against them than we do. Any intellectual property litigation in which we become involved may involve patent holding companies or other adverse patent owners that have no relevant product revenue and against which our patents may therefore provide little or no deterrence. From time to time, third parties have asserted and may assert patent, copyright, trademark, or other intellectual property rights us, our partners, or our customers. We have received, and may in the future receive, notices that claim we have , or other parties’ intellectual property rights and, to the extent we market visibility, especially as a public company, we face a higher risk of being the subject of intellectual property , which is not uncommon with respect to the restaurant technology market. In addition, our agreements with customers include indemnification provisions, under which we agree to indemnify them for or incurred as a result of of intellectual property and, in some cases, for caused by us to property or persons or other third-party . Large indemnity payments could our business, financial condition, and results of operations.
The outcome of intellectual property claims, with or without merit, could be very time consuming, could be expensive to settle or litigate and could divert our management’s attention and other resources. These claims could also subject us to significant liability for damages, potentially including treble damages if we are found to have willfully infringed patents or copyrights, or result in us having to stop using technology found to be in violation of a third-party’s rights. We might be required to seek a license for the intellectual property, which may not be available on reasonable terms or at all. Even if a license were available, we could be required to pay significant royalties, which would increase our operating expenses. As a result, we may be required to develop alternative non-infringing technology, which could require significant effort and expense. If we cannot license or develop technology for any infringing aspect of our business, we would be to limit or stop sales of certain products or services and may be to compete effectively. Any of these results could our business, financial condition, and results of operations.
Table of Contents
Our platform makes use of open-source software components, and a failure to comply with the terms of the underlying open-source software licenses could negatively affect our ability to sell our products and subject us to possible litigation.
Our products incorporate and are dependent to a significant extent upon the use of open-source software, and we intend to continue our use of open-source software in the future. Such open-source software is generally licensed by its authors or other third parties under open-source licenses and is typically freely accessible, usable, and modifiable. Pursuant to such open-source licenses, we may be subject to certain conditions, including requirements, depending on how the licensed software is used or modified, that we offer our proprietary software that incorporates the open-source software for little or no cost, that we make available source code for modifications or derivative works we create based upon incorporating or using the open-source software and that we license such modifications or derivative works under the terms of the particular open-source license. These potential conditions could enable our competitors to create similar offerings with lower development effort and time and ultimately could result in a loss of our competitive advantage. Further, if an author or other third-party that uses or distributes such open-source software were to allege that we had not complied with the conditions of one or more of these licenses, we could be required to incur significant legal expenses defending such and could be subject to significant , from the sale of our products that contained or are dependent upon the open-source software, and required to comply with the foregoing conditions, which could the distribution and sale of some of our products. could be for us to , affect our operating results and financial condition or require us to devote additional research and development resources to change our platform. The terms of many open-source licenses to which we are subject have not been interpreted by U.S. or foreign courts, and there is a risk that these licenses could be construed in a way that could impose conditions or restrictions on our ability to provide or distribute our platform. As there is little or no legal precedent governing the interpretation of many of the terms of certain of these licenses, the potential impact of these terms on our business is uncertain and may result in obligations regarding our products and technologies. Any requirement that we make available source code for modifications or derivative works we create based upon incorporating or using open-source software or that we license such modifications or derivative works under the terms of open-source licenses, could be to our business, financial condition, or results of operations, and could help our competitors develop products and services that are similar to or than ours. In addition, to the extent that we have to comply with our obligations under particular licenses for open-source software, we may the right to continue to use and such open-source software in connection with our operations and products, which could and affect our business.
In addition to risks related to license requirements, usage, and distribution of open-source software can lead to greater risks than the use of third-party commercial software, as open-source licensors generally do not provide support, warranties, indemnification, controls on the origin or development of the software, remedies against the licensors or other contractual provisions regarding infringement claims or the quality of the code. Many of the risks associated with usage of open-source software cannot be eliminated and could adversely affect our business.
Although we have established procedures to monitor the use of open-source software, we rely on multiple software programmers to design our proprietary software and we cannot be certain that our programmers have never, directly or indirectly, incorporated open-source software into, or otherwise used open-source software in connection with, our proprietary software of which, or in a manner in which, we are not aware, or that they will not do so in the future. It is also possible that we may not be aware of all of our corresponding obligations under open-source licenses. We cannot guarantee that we have incorporated open-source software in our software in a manner that will not subject us to liability or in a manner that is consistent with our current policies and procedures.
Table of Contents
Risks Related to Our Class A Common Stock
The trading price of our Class A common stock may be volatile, and you could lose all or part of your investment.
We cannot predict the prices at which our Class A common stock will trade. The market price of our Class A common stock has fluctuated and may fluctuate in the future substantially and will depend on a number of factors, including those described in this “Risk Factors” section, many of which are beyond our control and may not be related to our operating performance. These fluctuations could cause you to lose all or part of your investment in our Class A common stock, because you might not be able to sell your shares at or above the price you paid. Factors that could cause fluctuations in the trading price of our Class A common stock include, but are not limited to, the following:
• actual or anticipated changes or fluctuations in our results of operations;
• the financial projections we may provide to the public, any changes in these projections, or our failure to meet these projections;
• announcements by us or our competitors of new products or new or terminated significant contracts, commercial relationships, or capital commitments;
• industry or financial analyst or investor reaction to our press releases, other public announcements, and filings with the SEC;
• our ability to execute on our share repurchase program as planned, including whether we meet internal or external expectations around the timing or price of share repurchases, and any increases, reductions, discontinuances or other changes to our share repurchase program and the repurchases thereunder;
• rumors and market speculation involving us or other companies in our industry;
• price and volume fluctuations in the overall stock market from time to time;
• changes in operating performance and stock market valuations of other technology companies generally, or those in our industry in particular;
• failure of securities analysts to maintain coverage of us, changes in financial estimates by securities analysts who follow our company, the downgrading of our stock or our industry, or the stock of any of our competitors, the publication of inaccurate or unfavorable research about our business, or our failure to meet these estimates or the expectations of investors;
• whether investors or securities analysts view our stock structure unfavorably, particularly our dual-class structure and the significant voting control of our executive officers, directors and their affiliates;
• actual or anticipated developments in our business, or our competitors’ businesses, or the competitive landscape generally;
• litigation involving us, our industry, or both, or investigations by regulators into our operations or those of our competitors;
• actual or perceived privacy or security breaches or other incidents;
• developments or disputes concerning our intellectual property rights, our products, or third-party proprietary rights;
• announced or completed acquisitions of businesses or technologies by us or our competitors;
Table of Contents
• new laws or regulations or new interpretations of existing laws or regulations applicable to our business;
• changes in accounting standards, policies, guidelines, interpretations, or principles;
• any significant changes in our management or our Board;
• general economic conditions, such as fluctuating inflation and interest rates, global recessionary conditions, and slow or negative growth of our markets; and
• other events or factors, including those resulting from political events such as the presidential election and transition, hostilities or wars, incidents of terrorism, natural disasters, public health concerns or epidemics, or responses to these events.
In addition, the stock market in general, and the market for technology companies in particular, has experienced extreme price and volume fluctuations that have often been unrelated or disproportionate to the operating performance of those companies. Broad market and industry factors may seriously affect the market price of our Class A common stock, regardless of our actual operating performance. In addition, in the past, following periods of volatility in the overall market and the market price of a particular company’s securities, securities class action litigation has often been instituted against these companies. Securities litigation, if instituted against us, could result in substantial costs and divert our management’s attention and resources from our business. This risk could materially adversely affect our business, financial condition, results of operations, and prospects.
The dual-class structure of our common stock as contained in our amended and restated certificate of incorporation has the effect of concentrating voting control with those stockholders who held our capital stock prior to our initial public offering, including our directors, executive officers and their respective affiliates. This ownership will limit or preclude your ability to influence corporate matters, including the election of directors, amendments of our organizational documents, and any merger, consolidation, sale of all or substantially all of our assets, or other major corporate transactions requiring stockholder approval, and that may adversely affect the trading price of our Class A common stock.
Our Class B common stock has ten votes per share, and our Class A common stock has one vote per share. As of December 31, 2025, we had 66 million shares of Class B common stock outstanding, representing approximately 55% of the voting power of our outstanding capital stock; our 5% stockholders, directors, executive officers, and their affiliates beneficially owned in the aggregate approximately 55% of the voting power of our outstanding capital stock. These stockholders will have significant influence with respect to the election of our Board and approval of significant corporate actions, even after they no longer have a service relationship with us. In addition, because of the ten-to-one voting ratio between our Class B and Class A common stock, the holders of our Class B common stock collectively could continue to control a majority of the combined voting power of our common stock and therefore control all matters submitted to our stockholders for approval until (i) the date the holders of two-thirds of our outstanding Class B common stock elect to convert the Class B common stock to Class A common stock, or (ii) September 24, 2028.
The concentrated voting power of these stockholders could have the effect of delaying or preventing an acquisition of our company or another significant corporate transaction, and may limit or preclude your ability to influence corporate matters for the foreseeable future, including the election of directors and amendments of our organizational documents. As a result, such concentrated control may adversely affect the market price of our Class A common stock.
Future transfers by holders of Class B common stock will generally result in those shares converting to Class A common stock, subject to limited exceptions as specified in our amended and restated certificate of incorporation, such as transfers to family members and certain transfers effected for estate planning purposes. The conversion of Class B common stock to Class A common stock will have the effect, over time, of increasing the relative voting power of those holders of Class B common stock who retain their shares in the long term. As a result, it is possible that one or more of the persons or entities holding our Class B common stock could gain significant voting control as other holders of Class B common stock sell or otherwise convert their shares into Class A common stock.
Table of Contents
We cannot predict the effect our dual-class structure may have on the market price of our Class A common stock.
We cannot predict whether our dual-class structure will result in a lower or more volatile market price of our Class A common stock, adverse publicity or other adverse consequences. For example, FTSE Russell and S&P Dow Jones had previously restricted the inclusion of companies with multiple-class share structures in certain of their indices, including the S&P 500, although the S&P Dow Jones has revised this position and now includes companies with multiple-class share structures in their indices. Under such restrictions, the dual-class structure of our common stock would make us ineligible for inclusion in certain indices and, as a result, mutual funds, exchange-traded funds and other investment vehicles that attempt to passively track those indices would not invest in our Class A common stock. It is unclear what effect, if any, these policies will have on the valuations of publicly-traded companies excluded from such indices, but it is possible that they may adversely affect valuations, as compared to similar companies that are included. Due to the dual-class structure of our common stock, we will likely be excluded from certain indices and we cannot assure you that other stock indices will not take similar actions. Given the sustained flow of investment funds into passive strategies that seek to track certain indices, exclusion from certain stock indices would likely investment by many of these funds and could make our Class A common stock less to other investors. As a result, the market price of our Class A common stock could be affected.
Future sales, or the perception of future sales, by us or our existing stockholders in the public market could cause the market price for our Class A common stock to decline.
Sales of a substantial number of shares of our Class A common stock in the public market, or the perception that such sales could occur in large quantities, could harm the prevailing market price of shares of our Class A common stock. These sales, or the possibility that these sales may occur, also might make it more difficult for us to sell equity securities in the future at a time and at a price that we deem appropriate.
The market price of our Class A common stock could drop significantly if our stockholders sell, or are perceived as intending to sell, shares of our Class A common stock. These factors could also make it more difficult for us to raise additional funds through future offerings of our shares of Class A common stock or other securities.
You may incur dilution as a result of future equity issuances.
Any common stock that we issue under our existing equity incentive plans or other equity incentive plans that we may adopt in the future would dilute the percentage ownership held by our other equity holders. We have, and may in the future, issue securities in connection with investments, acquisitions, or capital raising activities. In particular, the number of shares of our Class A common stock issued in connection with an investment or acquisition, or to raise additional equity capital, could constitute a material portion of our then-outstanding shares of our Class A common stock. Any such issuance of additional securities in the future may result in additional dilution to you or may adversely impact the price of our Class A common stock. While our board of directors have approved a shareholder repurchase program, which is intended to enhance long-term stockholder value, there is no assurance this program would do so because the market price of our Class A common stock may decline below the levels at which we repurchase shares and short-term stock price fluctuations could reduce the effectiveness of our repurchase programs. Furthermore, there is no guarantee that our stock repurchases in the past or in the future will be able to successfully mitigate our equity dilution.
Certain provisions in our charter documents and Delaware law could make an acquisition of our company more difficult, limit attempts by our stockholders to replace or remove members of our Board or current management and may adversely affect our stock price.
Our amended and restated certificate of incorporation and our second amended and restated bylaws contain provisions that could delay or prevent a change in control. These provisions could also make it difficult for stockholders to elect directors that are not nominated by the current members of our Board or take other corporate actions, including effecting changes in our management. These provisions include:
• a classified Board with three-year staggered terms, which could delay the ability of stockholders to change the membership of a majority of our Board;
Table of Contents
• the denial of any right of our stockholders to remove members of our Board except for cause and, in addition to any other vote required by law, upon the approval of not less than two-thirds of the total voting power of all our outstanding voting stock then entitled to vote in the election of directors;
• the ability of our Board to issue shares of preferred stock and to determine the price and other terms of those shares, including preferences and voting rights, without stockholder approval, which could be used to significantly dilute the ownership of a hostile acquirer;
• the exclusive right of our Board to elect a director to fill a vacancy created by the expansion of our Board or the resignation, death, or removal of a director, which prevents stockholders from being able to fill vacancies on our Board;
• provide for a dual-class common stock structure in which holders of our Class B common stock have the ability to control the outcome of matters requiring stockholder approval, even if they own significantly less than a majority of the outstanding shares of our Class A and Class B common stock, including the election of directors and significant corporate transactions, such as a merger or other sale of our company or its assets;
• a prohibition on stockholder action by written consent, which forces stockholder action to be taken at an annual or special meeting of our stockholders;
• the requirement that a special meeting of stockholders may be called only by the chairperson of our Board, chief executive officer, or by the Board acting pursuant to a resolution adopted by a majority of our Board, which could delay the ability of our stockholders to force consideration of a proposal or to take action, including the removal of directors;
• certain amendments to our amended and restated certificate of incorporation will require the approval of two-thirds of the then-outstanding voting power of our capital stock; and
• advance notice procedures with which stockholders must comply to nominate candidates to our Board or to propose matters to be acted upon at a stockholders’ meeting, which may discourage or deter a potential acquirer from conducting a solicitation of proxies to elect the acquirer’s own slate of directors or otherwise attempting to obtain control of us.
These provisions may discourage proxy contests and delay or prevent attempts by our stockholders to replace or remove our Board and to cause us to take corporate actions they desire. In addition, because we are incorporated in Delaware, we are subject to Section 203 of the Delaware General Corporation Law, which, subject to certain exceptions, generally prohibits a Delaware corporation from engaging in any of a broad range of business combinations with an “interested stockholder” for a specified period of time. Any of these provisions of our amended and restated certificate of incorporation, second amended and restated bylaws, and Delaware law could limit the price that investors might be willing to pay for shares of our Class A common stock and deter potential acquirers of our company, thereby reducing the likelihood that you would receive a premium for your shares of Class A common stock in an acquisition.
We do not intend to pay dividends for the foreseeable future.
We have never declared or paid dividends on our capital stock and do not anticipate to declare or pay any dividends in the foreseeable future. Any determination to pay dividends in the future will be at the discretion of our Board. Accordingly, investors must rely on sales of their Class A common stock after price appreciation, which may never occur, as the only way to realize any future gains on their investments.
Table of Contents
Our third amended and restated bylaws designate certain specified courts as the sole and exclusive forums for certain disputes between us and our stockholders, which could limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us or our directors, officers, or employees.
Our third amended and restated bylaws provide that, unless we consent in writing to the selection of an alternative forum, the Court of Chancery of the State of Delaware, or the Chancery Court, will be the sole and exclusive forum for state law claims for (i) any derivative action or proceeding brought on our behalf, (ii) any action asserting a claim of, or a claim based on, a breach of a fiduciary duty owed by any of our directors, officers or other employees to us or our stockholders, (iii) any action asserting a claim pursuant to any provision of the Delaware General Corporation Law, our certificate of incorporation or our bylaws, (iv) any action to interpret, apply, enforce or determine the validity of our certificate of incorporation or bylaws, or (v) any action asserting a claim governed by the internal affairs doctrine, or the Delaware Forum Provision. The Delaware Forum Provision does not apply to any causes of action arising under the Securities Act or the Exchange Act. Our third amended and restated bylaws further provide that, unless we consent in writing to the selection of an alternative forum, the federal district courts of the United States of America will be the sole and exclusive forum for resolving any asserting a cause of action arising under the Securities Act, or the Federal Forum Provision. Our third amended and bylaws provide that any person or entity purchasing or otherwise acquiring any interest in shares of our capital stock is deemed to have notice of and consented to the foregoing Delaware Forum Provision and the Federal Forum Provision; provided, however, that stockholders cannot and will not be deemed to have waived our compliance with the federal securities laws and the rules and regulations thereunder.
The Delaware Forum Provision and the Federal Forum Provision may impose additional litigation costs on stockholders in pursuing the claims identified above. Additionally, the Delaware Forum Provision and the Federal Forum Provision may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or our directors, officers or other employees, which may discourage such lawsuits, even though an action, if successful, might benefit our stockholders. In addition, Section 22 of the Securities Act creates concurrent jurisdiction for federal and state courts over all suits brought to enforce any duty or liability created by the Securities Act or the rules and regulations thereunder. While the Delaware Supreme Court and other state courts have upheld the validity of federal forum selection provisions purporting to require claims under the Securities Act be brought in federal court, there is uncertainty as to whether other courts will enforce our Federal Forum Provision. If the Federal Forum Provision is found to be unenforceable in an action, we may incur additional costs associated with resolving such an action. The Federal Forum Provision may also impose additional costs on stockholders who assert that the provision is not enforceable or . The Chancery Court or the federal district courts of the United States of America may also reach different judgments or results than would other courts, including courts where a stockholder considering an action may be located or would otherwise choose to bring the action, and such judgments may be more or less to us than our stockholders.
General Risk Factors
As a public reporting company, we are subject to rules and regulations established from time to time by the SEC and PCAOB regarding our internal control over financial reporting. If we fail to establish and maintain effective internal control over financial reporting and disclosure controls and procedures, we may not be able to accurately report our financial results or report them in a timely manner.
As a public reporting company, we are subject to the rules and regulations established from time to time by the SEC and the Public Company Accounting Oversight Board, or PCAOB. These rules and regulations require, among other things, that we establish and periodically evaluate procedures with respect to our internal control over financial reporting. Reporting obligations as a public company place a considerable strain on our financial and management systems, processes, and controls, as well as on our personnel.
Table of Contents
We are also required, pursuant to Section 404 of the Sarbanes-Oxley Act, to furnish a report on the effectiveness of our internal control over financial reporting as of the end of each fiscal year, which requires us to document and test our internal control over financial reporting. Our compliance with Section 404 of the Sarbanes-Oxley Act requires that we incur substantial expenses and expend significant management efforts. In particular, as we continue to grow our business, we will need to continue to develop and refine our disclosure controls, and to improve our internal control over financial reporting, which may result in hiring additional accounting and financial personnel to implement such processes and controls.
This assessment must include disclosure of any material weaknesses identified by our management in our internal control over financial reporting. In addition, our independent registered public accounting firm is required to attest to the effectiveness of our internal control over financial reporting. An independent assessment of the effectiveness of our internal controls could detect problems that our management’s assessment might not. Undetected material weaknesses in our internal controls could lead us to restate our financial statements, which could cause investors to lose confidence in our reported financial information, have a negative effect on the trading price of our common stock, and result in additional costs to remediate such material weaknesses. We previously identified material weaknesses in our internal control over financial reporting and may identify additional material weaknesses in the future or otherwise fail to maintain an system of internal control, which may result in material of our consolidated financial statements or cause us to to meet our periodic reporting obligations.
If we identify future deficiencies in our internal control over financial reporting or if we are unable to comply with the demands that are placed upon us as a public company, including the requirements of Section 404 of the Sarbanes-Oxley Act, in a timely manner, we may be unable to accurately report our financial results, or report them within the timeframes required by the SEC. We also could become subject to sanctions or investigations by the SEC or other regulatory authorities. In addition, if we are unable to assert that our internal control over financial reporting is effective, or if our independent registered public accounting firm is unable to express an opinion as to the effectiveness of our internal control over financial reporting when required, investors may lose confidence in the accuracy and completeness of our financial reports, we may face restricted access to the capital markets and our stock price may be adversely affected.
Our current controls and any new controls that we develop may also become inadequate because of changes in our business, and weaknesses in our disclosure controls and internal control over financial reporting may be discovered in the future. Any failure to develop or maintain effective controls or any difficulties encountered in their implementation or improvement could cause us to fail to meet our reporting obligations, result in a restatement of our financial statements for prior periods, undermine investor confidence in us, and adversely affect the trading price of our Class A common stock. In addition, if we are unable to continue to meet these requirements, we may not be able to remain listed on the New York Stock Exchange.
We incur significant costs as a result of operating as a public company.
We are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act, the Dodd-Frank Act, the listing requirements of the New York Stock Exchange and other applicable securities laws and regulations. The expenses incurred by public companies generally for reporting and corporate governance purposes are greater than those for private companies. For example, the Exchange Act requires, among other things, that we file annual, quarterly, and current reports with respect to our business, financial condition, and results of operations. Compliance with these rules and regulations have increased our legal and financial compliance costs and will increase demand on our systems. In addition, as a public company, we may be subject to stockholder activism, which can lead to additional substantial costs, distract management, and impact the manner in which we operate our business in ways we cannot currently anticipate. As a result of disclosure of information in our public filings, our business and financial condition has become more visible, which may result in threatened or actual litigation, including by competitors. These rules and regulations have and will increase our legal and financial compliance costs and have and will make some activities more difficult, time-consuming, and costly, although we are currently to estimate these costs with any degree of certainty.
Table of Contents
As a public company subject to enhanced rules and regulations, it is also more expensive for us to obtain directors and officers liability insurance, and we may be required to accept reduced coverage or incur substantially higher costs to obtain coverage. These laws and regulations could also make it more difficult for us to attract and retain qualified persons to serve on our Board, our Board committees or as our executive officers. Furthermore, if we are unable to satisfy our obligations as a public company, we could be subject to delisting of our Class A common stock, fines, sanctions, and other regulatory action and potentially civil litigation. These factors may therefore strain our resources, divert management’s attention, and affect our ability to attract and retain qualified Board members and executive officers.
