Our dedication to making decisions based primarily on the best interests of our company and
stockholders may cause us to forgo short-term gains in pursuit of potential but uncertain long-term growth.
Our guiding principle
is to build our business by making decisions based primarily upon the best interests of our entire marketplace, including consumers and insurance providers, which we believe has been essential to our success in increasing our user growth rate and
engagement and best serves the long-term interests of our company and our stockholders. In the past, we have forgone, and we will in the future continue to forgo, certain expansion or short-term revenue opportunities that we do not believe are in
the best interests of our marketplace and its users, even if such decisions adversely affect our results of operations in the short term. However, this strategy may not result in the long-term benefits that we expect, in which case our user traffic
and engagement, business and financial results could be harmed.
We collect, process, store, share, disclose and use consumer information and other
data, and our actual or perceived failure to protect such information and data or respect users privacy could damage our reputation and brand and harm our business and operating results.
Use of our marketplace involves the storage and transmission of consumers information, including personal information, and security
breaches could expose us to a risk of loss or exposure of this information, which could result in potential liability, litigation and remediation costs, as well as reputational harm, all of which could materially adversely affect our business and
financial results. For example, unauthorized parties could steal our users names, email addresses, physical addresses, phone numbers and other information that we collect when providing referrals. While we use encryption and authentication
technology licensed from third parties designed to effect secure transmission of such information, we cannot guarantee the security of the transfer and storage of the personal information we collect from customers.
Like all information systems and technology, our websites, mobile applications and information systems may be subject to computer viruses, break-ins, phishing impersonation attacks, attempts to overload our servers with denial-of-service or other attacks, ransomware and
similar incidents or disruptions from unauthorized use of our computer systems, as well as unintentional incidents causing data leakage, any of which could lead to interruptions, delays or website shutdowns, or could cause loss of critical data or
the unauthorized disclosure, access, acquisition, alteration or use of personal or other confidential information. Although we have a chief information officer who coordinates our cybersecurity measures, policies and procedures, and our chief
information officer regularly reports to our board of directors regarding these matters, we cannot be certain that our efforts will be able to prevent breaches of the security of our information systems and technology. If we experience compromises
to our security that result in websites or mobile application performance or availability problems, the complete shutdown of our websites or mobile applications or the loss or unauthorized disclosure, access, acquisition, alteration or use of
confidential information, consumers and insurance providers may lose trust and confidence in us, and consumers and insurance providers may decrease the use of our website or stop using our website entirely. Further, outside parties may attempt to
fraudulently induce employees, consumers or insurance providers to disclose sensitive information in order to gain access to our information or consumers or insurance providers information. Because the techniques used to obtain
unauthorized access, disable or degrade service, or sabotage systems change frequently, often are not recognized until launched against a target, and may originate from less regulated and remote areas around the world, we may be unable to
proactively address these techniques or to implement adequate preventative measures.
Any or all of the issues above could adversely
affect our ability to attract new users and increase engagement by existing users, cause existing users to curtail or stop use of our marketplace, cause existing insurance provider customers to cancel their contracts or subject us to governmental or
third-party lawsuits, investigations, regulatory fines or other actions or liability, thereby harming our business, results of operations and financial condition. Although we are not aware of any material information security incidents to date, we
have detected common types of attempts to attack our information systems and data using means that have included viruses and phishing.
There are numerous federal, state and local laws in the United States and around the world regarding privacy and the collection, processing,
storing, sharing, disclosing, using, cross-border transfer and protecting of personal information and other data, the scope of which are changing, subject to differing interpretations, and which may be costly to comply with, may result in regulatory
fines or penalties, and may be inconsistent between countries and jurisdictions or conflict with other rules.
We are subject to the terms
of our privacy policies and privacy-related obligations to third parties. We strive to comply with all applicable laws, policies, legal obligations and industry codes of conduct relating to privacy and data protection, to the extent possible.
However, it is possible that these obligations may be interpreted and applied in new ways or in a manner that is inconsistent from one jurisdiction to another and may conflict with other rules or our practices or that new regulations could be
enacted. Any failure or perceived failure by us to comply with our privacy policies, our privacy-related obligations to consumers or other third parties, or our privacy-related legal obligations, or any compromise of security that results in the
unauthorized release or transfer of sensitive information, which could include personally identifiable information or other user data, may result in governmental investigations, enforcement actions, regulatory fines, litigation or public statements
against us by consumer advocacy groups or others, and could