UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
FORM 10-K
(Mark One)
For the fiscal year ended January 31 , 2023
or
For the transition period from to
Commission File Number: 001-40895
(Exact name of registrant as specified in its charter)
(State or other jurisdiction of incorporation or organization) | (I.R.S. Employer Identification Number) | |||||||||||||
Address Not Applicable1 | Zip Code Not Applicable1 | |||||||||||||
(Address of Principal Executive Offices) | Zip Code | |||||||||||||
(Registrant’s telephone number, including area code)
Not Applicable
(Former name, former address and former fiscal year, if changed since last report)
Securities registered pursuant to Section 12(b) of the Act:
| Title of Each Class | Trading Symbol(s) | Name of each exchange on which registered | ||||||
per share | ||||||||
Securities registered pursuant to Section 12(g) of the Act: None
Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes ☐ No x
Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act. Yes ☐ No x
Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. x Yes ☐ No
Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). x Yes o No
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.
| x | Accelerated filer | o | ||||||||||||
Non-accelerated filer | o | Smaller reporting company | ||||||||||||
Emerging growth company | ||||||||||||||
Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. ☒
If securities are registered pursuant to Section 12(b) of the Act, indicate by check mark whether the financial statements of the registrant included in the filing reflect the correction of an error to previously issued financial statements. ☐
Indicate by check mark whether any of those error corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the registrant’s executive officers during the relevant recovery period pursuant to §240.10D-1(b). ☐
Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act). ☐ Yes x No
The aggregate market value of the voting and non-voting common equity held by non-affiliates of the registrant, based on the closing price of $57.40 per share on July 29, 2022 (the last business day of the registrant’s most recently completed second fiscal quarter) as reported by the Nasdaq Stock Market on such date was approximately $5.0 billion.
As of March 20, 2023, the number of shares of the registrant’s Class A common stock outstanding was 95.3 million and the number of shares of the registrant’s Class B common stock outstanding was 56.5 million.
DOCUMENTS INCORPORATED BY REFERENCE
Portions of the registrant’s Definitive Proxy Statement (“Proxy Statement”) relating to the 2023 Annual Meeting of Stockholders will be filed with the Securities and Exchange Commission within 120 days after the end of the registrant’s fiscal year ended January 31, 2023 and is incorporated by reference into Part III of this Report.
_____________________________
1 We are a remote-only company. Accordingly, we do not maintain a headquarters. For purposes of compliance with applicable requirements of the Securities Act of 1933, as amended, or the Securities Act and Section 21E of the Securities Exchange Act of 1934, as amended, or the Exchange Act, any stockholder communication required to be sent to our principal executive offices may be directed to the agent for service of process at Corporation Service Company, 251 Little Falls Drive , Wilmington , Delaware 19808 , or to the email address: reach.gitlab@gitlab.com.
TABLE OF CONTENTS
| Page | ||||||||
| Item 1. | ||||||||
| Item 1A. | ||||||||
| Item 1B. | ||||||||
| Item 2. | ||||||||
| Item 3. | ||||||||
| Item 4. | ||||||||
| Item 5. | ||||||||
| Item 6. | ||||||||
| Item 7. | ||||||||
| Item 7A. | ||||||||
| Item 8. | ||||||||
| Item 9. | ||||||||
| Item 9A. | ||||||||
| Item 9B. | ||||||||
| Item 9C. | ||||||||
Part III | ||||||||
| Item 10. | ||||||||
| Item 11. | ||||||||
| Item 12. | ||||||||
| Item 13. | ||||||||
| Item 14. | ||||||||
Part IV | ||||||||
| Item 15. | ||||||||
| Item 16. | ||||||||
1
SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS
This Annual Report on Form 10-K, or this Annual Report, contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, or the Securities Act and Section 21E of the Securities Exchange Act of 1934, as amended, or the Exchange Act. All statements contained in this Form 10-K other than statements of historical fact, including statements regarding our future operating results and financial condition, our business strategy and plans, market growth, and our objectives for future operations, are forward-looking statements. The words “believe,” “may,” “will,” “potentially,” “estimate,” “continue,” “anticipate,” “intend,” “could,” “would,” “project,” “target,” “plan,” “expect,” and similar expressions are intended to identify forward-looking statements.
Forward-looking statements contained in this Annual Report include, but are not limited to, statements about:
•our future financial performance, including our expectations regarding our total revenue, cost of revenue, gross profit or gross margin, operating expenses, including changes in operating expenses and our ability to achieve and maintain future profitability;
•our business plan and our ability to effectively manage our growth;
•our total market opportunity;
•anticipated trends, growth rates, and challenges in our business and in the markets in which we operate;
•market acceptance of The DevSecOps Platform and our ability to increase adoption of The DevSecOps Platform;
•beliefs and objectives for future operations;
•our ability to further penetrate our existing customer base and attract, retain, and expand our customer base;
•our ability to timely and effectively scale and adapt The DevSecOps Platform;
•our ability to develop new features and bring them to market in a timely manner;
•our expectations to grow our partner network;
•our ability to maintain, protect, and enhance our intellectual property;
•our ability to continue to expand internationally;
•the effects of increased competition in our markets and our ability to compete effectively;
•future acquisitions or investments in complementary companies, products, services, or technologies;
•our ability to stay in compliance with laws and regulations that currently apply or become applicable to our business both in the United States and internationally;
•economic and industry trends, projected growth, or trend analysis;
•the impact of macroeconomic conditions and global events, including inflation, rising interest rates, increased volatility in the capital markets, and regional and global conflict, including the armed conflict in Ukraine, on our operations, financial results, and liquidity and capital resources, including on customers, sales, expenses, and team members;
•increased expenses associated with being a public company; and
2
•other statements regarding our future operations, financial condition, and prospects and business strategies.
These forward-looking statements are subject to a number of risks, uncertainties, and assumptions, including those described in the section titled “Risk Factors” and elsewhere in this Annual Report. Moreover, we operate in a very competitive and rapidly changing environment, and new risks emerge from time to time. It is not possible for our management to predict all risks, nor can we assess the impact of all factors on our business or the extent to which any factor, or combination of factors, may cause actual results to differ materially from those contained in any forward-looking statements we may make. In light of these risks, uncertainties, and assumptions, the forward-looking events and circumstances discussed in this Annual Report may not occur, and actual results could differ materially and adversely from those anticipated or implied in the forward-looking statements.
You should not rely upon forward-looking statements as predictions of future events. The events and circumstances reflected in the forward-looking statements may not be achieved or occur. We undertake no obligation to update any of these forward-looking statements for any reason after the date of this Annual Report or to conform these statements to actual results or to changes in our expectations, except as required by law.
You should read this report and the documents that we reference in this report and have filed with the Securities and Exchange Commission, or the SEC, as exhibits to this report with the understanding that our actual future results, performance, and events and circumstances may be materially different from what we expect.
Summary Risk Factors
Our business is subject to numerous risks and uncertainties, including those risks more fully described below in the section titled “Risk Factors.” These risks include, among others, the following, which we consider our most material risks:
•Our business and operations have experienced rapid growth, and if we do not appropriately manage future growth, if any, or are unable to improve our systems, processes and controls, our business, financial condition, results of operations, and prospects will be adversely affected.
•Our recent growth may not be indicative of our future growth, and we may not be able to sustain our revenue growth rate in the future. Our growth also makes it difficult to evaluate our future prospects and may increase the risk that we will not be successful.
•We have a history of losses, anticipate increases in our operating expenses in the future, and may not achieve or sustain profitability on a consistent basis. If we cannot achieve and sustain profitability, our business, financial condition, and operating results may be adversely affected.
•We face intense competition and could lose market share to our competitors, which would adversely affect our business, operating results, and financial condition.
•The market for our services is new and unproven and may not grow, which would adversely affect our future results and the trading price of our Class A common stock.
•Our business depends on our customers purchasing and renewing subscriptions and purchasing additional subscriptions and services from us. Any decline in our customer renewals and expansions could harm our future operating results.
•Transparency is one of our core values. While we will continue to prioritize transparency, we must also promote “responsible” transparency as transparency can have unintended negative consequences.
3
•We have a publicly available company Handbook that may not be up to date or accurate which at times may result in negative third-party scrutiny or be used in ways that adversely affects our business.
•Security and privacy breaches may hurt our business.
•Customers may choose to stay on our free self-managed or SaaS product offerings instead of converting into a paying customer.
•Our operating results may fluctuate significantly, which could make our future results difficult to predict and could adversely affect the trading price of our Class A common stock.
•We have a limited operating history which makes it difficult to evaluate our current business and future prospects and may increase the risks associated with your investment.
•We have experienced rapid growth in recent periods. If we fail to manage our growth effectively, we may be unable to execute our business plan, maintain high levels of service or adequately address competitive challenges.
•We may not be able to respond to rapid technological changes with new solutions, which could have a material adverse effect on our operating results.
•We do not have an adequate history with our subscription or pricing models to accurately predict the long-term rate of customer subscription renewals or adoption, or the impact these renewals and adoption will have on our revenues or operating results.
•We rely on our management team and other key team members and will need additional personnel to grow our business, and the loss of one or more key team members or our inability to hire, integrate, train and retain qualified personnel, could harm our business.
•We contract with our team members in various ways, including hiring directly, through professional employer organizations, or PEOs, and as independent contractors. As a result of these methods of engagement, we face certain challenges and risks that can affect our business, operating results, and financial condition.
4
PART I
ITEM 1. BUSINESS
Overview
In today’s world, software defines the speed of innovation. Every industry, business, and function within a company is dependent on software. To remain competitive and survive, nearly all companies must digitally transform and become experts at building, delivering, and securing software.
To meet these market needs, GitLab pioneered The DevSecOps Platform, a fundamentally new approach to software development and delivery. Our platform is uniquely built as a single application and interface with a unified data model, enabling all stakeholders in the software delivery lifecycle – from development teams to operations teams to security teams – to work together in a single tool with a single workflow. With GitLab, they can build better, more secure software faster.
GitLab is the solution to significant business transformation needs. Across every industry – and across companies of every size – technology leaders want to make developers more productive so they can deliver better products faster; they want to measure productivity, so they can increase operational efficiency; they want to secure the software supply chain, so they can reduce security and compliance risk; and, they want to accelerate cloud migration, so they can unlock digital transformation results. These technology leaders need a platform that enables a value stream-driven mindset – a mindset that shortens the time from idea to customer value – and establishes a powerful flywheel for data collection and aggregation. And they are looking for a platform approach that unifies the entire development experience, so that customers can be faster than their competition in moving from idea to customer value.
GitLab is designed to consolidate point solutions to cut costs and boost efficiency, and provides end-to-end visibility across the entire software development lifecycle, from planning to production to security.
We believe GitLab is the shortest path to unlocking business and technology transformation results. Our DevSecOps Platform accelerates our customers’ ability to create business value and innovate by reducing their software development cycle times from weeks to minutes. It removes the need for point tools and delivers enhanced operational efficiency by eliminating manual work, increasing productivity, and creating a culture of innovation and velocity. The DevSecOps Platform also embeds security earlier into the development process, improving our customers’ software security, quality, and overall compliance.
GitLab is available to any team, regardless of the size, scope, and complexity of their deployment. As a result, we have more than 30 million registered users and more than 50% of the Fortune 100 companies are GitLab customers. For purposes of determining the number of our active customers, we look at our customers with more than $5,000 of Annual Recurring Revenue, or ARR, in a given period, who we refer to as our Base Customers. For purposes of determining our Base Customers, a single organization with separate subsidiaries, segments, or divisions that use The DevSecOps Platform is considered a single customer for determining each organization’s ARR.
GitLab is the only DevSecOps platform built on an open-core business model. We enable any customer and contributor to add functionality to our platform. In 2022, nearly 800 people contributed more than 3,000 merge requests back to the core product, extending GitLab’s in-house R&D efforts and empowering our most passionate users to make improvements to the DevOps tool they use every day. Our open-core approach has enabled us to build trust with our customers, and to maintain our high velocity of innovation so that we can rapidly create the most comprehensive DevSecOps platform.
GitLab exists today in large part thanks to the vast and growing community of open source contributors around the world. We actively work to grow open source community engagement by operating with transparency. We make our strategy, direction, and product roadmap available to the wider community, where we encourage and solicit their feedback. By making non-sensitive information public,
5
we create a deeper level of trust with our customers and we make it easier to solicit contributions and collaboration from our users and customers. See the section entitled “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Key Business Metrics—Dollar-Based Net Retention Rate and ARR” below for additional information about how we define ARR.
We make our plans available through our self-managed and software-as-a-service, or SaaS offering. For our self-managed offering, the customer installs GitLab in their own on-premise or hybrid cloud environment. For our SaaS offering, the platform is managed by GitLab and hosted either in our public cloud or in our private cloud based on the customer’s preference. For more information regarding our customers, refer to the section titled “Business—Our Customers.”
DevOps is the set of practices that combines software development (dev) and IT operations (ops). It allows teams to collaborate and work together to shorten the development lifecycle and evolve from delivering software on a slow, periodic basis to rapid, continuous updates. When DevOps started, each team bought their own tools in isolation, leading to a “Bring Your Own DevOps” environment. The next evolution was standardizing company-wide on the same tool for each stage across the DevOps lifecycle. However, these tools were not connected, leading to a “Best in Class DevOps” environment. Teams tried to remedy this fragmentation and inefficiency by manually integrating these DevOps point solutions together defining the next phase: “Do-It-Yourself (or DIY) DevOps.”
At the same time, the faster delivery of software required more DevOps tools per project. Increased adoption of a microservice architecture led to more projects. The combination caused an exponential increase in the number of tool-project integrations. This has often led to poor user experiences, higher costs, and increased time to deliver new software. As a result, business outcomes often failed and the potential for DevOps was never fully realized. In short, an entirely new platform for DevOps was needed.
The DevSecOps Platform replaces the DIY DevOps approach. It enables teams to realize the full potential of DevOps and become software-led businesses. It spans all stages of the DevOps lifecycle, from project planning (Plan), to source code management (Create), to continuous integration (Verify), to application security testing (Secure), to packaging artifacts (Package), to continuous delivery and deployment (Release) to configuring infrastructure for optimal deployment (Configure), to monitoring it for incidents (Monitor), to protecting the production deployment (Protect), and managing the whole cycle with value stream analytics (Manage). It also allows customers to manage and secure their applications across any cloud through a single platform.
GitLab’s DevSecOps Platform has broad use across teams. It helps product and business teams work with developers to introduce new features and drive successful business outcomes. It helps Chief Technology Officers, or CTOs, modernize their software development and delivery environment and drive developer productivity. It helps Chief Information Officers, or CIOs, adopt microservices and cloud native development to improve the efficiency, scale, and performance of their software architecture. It helps Chief Information Security Officers, or CISOs, reduce security vulnerabilities without compromising speed to market. It helps teams attract and retain top talent by creating a superior developer experience that allows people to focus more time on their job and less time managing tools.
The majority of our customers begin their GitLab journey by using our Source Code Management, Continuous Integration and Continuous Delivery (CI/CD) solutions, referred to as Create and Verify. Developers use these solutions to collaborate together on the same code base without conflicting or accidentally overwriting each other's changes. Create also maintains a running history of software contributions from each developer to allow for version control. Teams use Verify to ensure changes to code go through defined quality standards with automatic testing and reporting. We believe serving as this system of record for code and our high engagement with developers is a competitive advantage in realizing our single application vision as it creates interdependence and adoption across more stages of the DevSecOps lifecycle, such as Package, Secure, and Release. As more stages are addressed within a single application, the benefits of The DevSecOps Platform are enhanced.
6
Innovation is a key differentiated competitive advantage. We have a dual flywheel innovation strategy that leverages both development spend from our research and development team members as well as community contributions via our open-core business model. By leveraging the power of each, we create a virtuous cycle where more contributions lead to more features, which leads to more users, leading back to more contributions.
We emphasize iteration to drive rapid innovation in our development strategy. This iterative approach has enabled us to release a new version of our software on the 22nd day of every month for 136 months in a row as of January 31, 2023. This is also due in part to our over 3,500 contributors in our global open source community as of January 31, 2023. GitLab team members also use The DevSecOps Platform to power our own DevSecOps lifecycle. By doing so, we benefit from the inherent advantages of using a single application. We leverage these learnings to establish a rapid feedback loop to continually and rapidly improve The DevSecOps Platform.
We have been a 100% remote workforce since inception and, as of January 31, 2023, had approximately 2,170 team members in over 65 countries. Operating remotely allows us access to a global talent pool that enables us to hire talented team members, regardless of location, providing a strong competitive advantage. We foster a culture of results built on our core values of collaboration, results, efficiency, diversity-inclusion-belonging, iteration, and transparency. We aim to be transparent to build alignment and affinity with our community and customers. This is exemplified through our corporate handbook, or the Handbook, our central repository that details how we run GitLab and is shared with the world. It consists of over 2,700 webpages of text, including our strategy and roadmap. We welcome everyone, both inside and outside of GitLab, to contribute to the Handbook.
We have a simple pricing structure to enable broad-based adoption from organizations and teams of all sizes. We offer a free tier with a large number of features to encourage use of The DevSecOps Platform, solicit contributions, and serve as targeted lead generation for paid customers. We also offer two paid subscription tiers - effective April 3, 2023 the monthly list price will be $29 for Premium and $99 for Ultimate - with access to additional features that are more relevant to managers, directors, and executives. Our subscription plans are available as a self-managed offering, where the customer installs GitLab in their own on-premise or hybrid cloud environment or a SaaS offering where the platform is managed by GitLab and hosted either in the public cloud or in a private cloud based on the customer’s preference.
GitLab’s DevSecOps platform is used globally by teams of all sizes across a broad range of industries. To reach, engage and help drive success at each, we have strong partnerships with cloud hyperscalers, including Google Cloud and Amazon Web Services, or AWS, who offer GitLab on their marketplaces. We also benefit from strategic alliance partnerships, which resell GitLab to large enterprise customers, and our strong channel partnerships ranging from large global systems integrators to regional digital transformation specialists, and volume resellers.
We have a multi-faceted land-and-expand bottom up and top down sales strategy. Our customer journey can begin with developers and then expand to more teams and up to senior executive buyers. Equally so, the customer journey can start with executive level buying decision-makers looking for a solution to their business and technology challenges, such as developer productivity, efficiency, security and compliance, and cloud migration. As of January 31, 2023 and 2022, our Dollar-Based Net Retention Rate was above 130% and above 152%, respectively. Our Base Customers grew to 7,002 as of January 31, 2023 from 4,593 as of January 31, 2022. Our cohort of customers generating $1.0 million or more in ARR grew to 63 as of January 31, 2023 from 39 as of January 31, 2022.
Our business has experienced rapid growth. We generated revenue of $424.3 million and $252.7 million in fiscal 2023 and 2022, respectively, representing growth of 68%. During this period, we continued to invest in growing our business to capitalize on our market opportunity. The net loss attributable to GitLab was $172.3 million and $155.1 million in fiscal 2023 and fiscal 2022, respectively. Our operating cash flow margin, which we define as operating cash flows as a percentage of revenue,
7
was (18.2)% and (19.7)% for fiscal 2023 and fiscal 2022, respectively. Our gross profit margin was 88% for each of fiscal 2023 and fiscal 2022.
The DevSecOps Platform
GitLab has pioneered The DevSecOps Platform, a single application that brings together development, operations, IT, security, and business teams to deliver desired business outcomes through efficient software development. It represents a step change in how teams plan, build, secure and deliver software.
The DevSecOps Platform is built on a single codebase, unified data model, and user interface. Organizations can deploy The DevSecOps Platform as a self-managed offering in their own hybrid-cloud, or on-premises environments, and as a SaaS offering is hosted in either the public cloud or in a private cloud based on the customer’s preference.
The DevSecOps Platform is designed in a way that enables our customers to move their DevOps workflow across any hybrid or multi-cloud environment while maintaining full feature parity and a single application experience.
The DevSecOps Platform is purpose-built to address every stage of the software development and delivery DevSecOps lifecycle:
•Manage. GitLab enables all stakeholders – from executives to practitioners – to get visibility and insights into their value stream delivery in order to measure the flow of work, from idea to customer value. With capabilities such as Value Streams Dashboard and Value Stream Analytics, GitLab is uniquely positioned to be the tool of choice for data-driven organization – enabling teams to understand software delivery performance and value to the business without complex configurations or data scientists. GitLab helps teams organize multiple projects into a single collaborative portfolio, track important events across the DevSecOps lifecycle, measure using key performance indicators how the organization is adopting and performing with DevSecOps, audit activity and permissions across stages to ensure compliance while simplifying audit, and optimize and analyze the flow of work through the full DevSecOps value stream.
•Plan. To create software, teams require collaborative planning from disparate groups, each with shared and unique objectives. Planning together in the same system in which all of the work will take place enables faster and more efficient work in all other stages of The DevSecOps Platform. We enable portfolio planning and management through epics, groups (programs) and milestones to organize and track progress. GitLab helps teams organize, plan, align, and track project work to ensure teams are working on the right things at the right time and maintain end to end visibility and traceability of issues throughout the delivery lifecycle from idea to production.
•Create. Helps teams design, develop, and securely manage code and project data from a single distributed version control system to enable rapid iteration and delivery of business value. GitLab repositories provide a scalable single source of truth for collaborating on projects and code which enables teams to be productive without disrupting their workflows.
•Verify. Helps software teams fully embrace Continuous Integration, or CI, to automate the builds, integration, and verification of their code. GitLab’s CI capabilities enable automated accessibility, usability, performance testing, and code quality analysis to provide fast feedback to developers and testers about the quality of their code. With pipelines that enable concurrent testing and parallel execution, teams quickly get insight about every commit, allowing them to deliver higher quality code faster.
•Package. Enables teams to package their applications and dependencies, manage containers, and build artifacts with ease. The private, secure, container, and package registries are built-in
8
and preconfigured out-of-the box to work seamlessly with GitLab source code management, or SCM, security scanners, and Continuous Integration/Continuous Delivery, or CI/CD, pipelines.
•Secure. Provides Static Application Security Testing, or SAST, Dynamic Application Security Testing, or DAST, Fuzz Testing, Container Scanning, and Dependency Scanning to help users deliver secure applications along with license compliance.
•Release. Helps automate the release and delivery of applications, shortening the delivery lifecycle, streamlining manual processes, and accelerating team velocity. With zero-touch CD built right into the pipeline, deployments can be automated to multiple environments like staging and production, and the system executes without additional manual intervention - even for more advanced patterns like canary deployments. With feature flags, built-in auditing/traceability, on-demand environments, and GitLab Pages for static content delivery, users are able to deliver faster and with more confidence than ever before.
•Configure. Helps teams to configure and manage their application environments. Strong integration to Kubernetes reduces the effort needed to define and configure the infrastructure required to support an application. Protects access to key infrastructure configuration details such as passwords and login information by using ‘secret variables’ to limit access to only authorized users and processes.
•Monitor. Provides feedback in the form of errors, traces, metrics, logs, and alerts to help reduce the severity and frequency of incidents so that users can release software frequently with confidence.
•Govern. Extends an existing operation's practices to help teams manage their security vulnerabilities, project dependencies, and compliance policies to reduce overall risk. This enables teams to identify risks by providing them with a high degree of visibility into their projects' dependencies, security findings, and user activities. This visibility is then coupled with management tools to respond to those risks. Lastly, policies can be used to automate compliance and to help secure the software supply chain.
Key Benefits Delivered to our Customers
•Run their entire DevSecOps lifecycle from a single application. The DevSecOps Platform lets our customers operate their entire DevSecOps lifecycle across a single application. This single codebase, unified data model, user permissioning, and interface can centralize and unify every aspect of our customers’ DevSecOps lifecycle to streamline workflows and processes, and enhance overall productivity and efficiency.
•Enhanced innovation and revenue growth due to faster time to market. The DevSecOps Platform enables businesses to shorten their cycle times to meet the growing business demand to deliver new capabilities and increase responsiveness to change. With The DevSecOps Platform, our customers can often increase the number of their software releases from the tens to thousands and reduce the time it takes to release new software from months to days, helping them generate more revenue.
•Reduce vulnerabilities and increase security. The DevSecOps Platform lets teams shift left and embed security decisions earlier in the development process, without sacrificing speed or quality. It also eliminates the need for multiple data repositories, multiple security tools, and reduces the number of hand-offs between development, operations, and security teams. The DevSecOps Platform provides a single consolidated view of vulnerabilities across software increasing the efficiency of vulnerability management and remediation. This enables our customers to find and correct security vulnerabilities in their software earlier or eliminate inefficiencies in the software development process altogether.
9
•Enable audit and compliance. The DevSecOps Platform eliminates fragmented tools and point integrations that create blind spots and poor visibility across work streams. This allows compliance and audit teams to more easily log, track, and trace different steps across the DevSecOps lifecycle, better understand governance, and improve their compliance posture.
•Boost team member morale and productivity. The DevSecOps Platform enables our customers to spend more time building, deploying, and securing software, and less time managing, integrating, and triaging across different tools. In a single application, each team member can follow the entire lifecycle from beginning to end with contextual history and understanding at each process. This helps to deliver outsized productivity gains, helping our customers increase their revenue, and generate greater profits.
•Reduce costs by enhancing productivity, consolidating point tools, and eliminating integrations. The DevSecOps Platform fulfills the functionality of multiple point products, enabling teams to consolidate the number of tools they use. Further, The DevSecOps Platform also delivers cost savings to our customers by eliminating the hidden costs and time it takes to manually integrate these point products and drives greater efficiency gains and productivity. Based on a 2022 study conducted by Forrester Consulting, commissioned by us and covering a limited number of our customers, the cost savings and business benefits achievable by deploying The DevSecOps Platform to revenue-generating applications can enable customers to deliver a 427% return on investment within three years of deployment.
•Embrace the benefits of a portable workload and multi-cloud strategy. The DevSecOps Platform enables application portability by allowing customers to seamlessly secure and manage their applications across clouds. This allows our customers to provide full value stream analytics on their DevSecOps workflow and simplify their application security and compliance across clouds. It also allows them to optimize their cloud costs and embrace the best services across each cloud, without becoming overly reliant on a single public cloud provider.
Competitive Strengths
Our business benefits from the following competitive strengths:
•Best-In-Class DevSecOps – GitLab is an all-in-one DevSecOps solution with security built in (not bolted on) to the platform.
•Flexibility - GitLab offers flexible deployment options serving every type of organization. This includes SaaS for customers who want to consume DevSecOps as a service, self-management for customers who want deployment control, and GitLab Dedicated – our single tenant SaaS service – for customers in highly regulated industries and with complex compliance and security requirements.
•Cloud Agnostic – GitLab can be deployed anywhere, enabling a multi-cloud strategy. And, we have no preferential treatment for any specific cloud, which enables our customers to avoid vendor lock-in.
•User Experience – GitLab has a superior user experience with an integrated platform enabling developers to prevent context switching.
•Open Core Platform – GitLab is open core built with our customers creating a fast pace of innovation.
10
Our Growth Strategy
We intend to invest in our business to advance adoption of The DevSecOps Platform. Our growth strategies include:
•Advance our feature maturity across more stages of the DevSecOps lifecycle. We intend to continue making strategic investments in research and development and hiring top technical talent to mature our features in more stages of the DevSecOps lifecycle. For example, in fiscal 2023, we have invested a significant portion of our human capital on development into the Secure, Govern, and Plan stages. Our acquisition of Opstrace, Inc. in fiscal 2022 demonstrates our aim to deliver functionality in our Monitor stage, leveraging the entire DevSecOps Platform to provide advanced observability. We will continue to make many of our features open source or source-code available to encourage contributions, which in turn, accelerates our ability to innovate and provide a better platform to our customers.
•Drive growth through enhanced sales and marketing. We believe that nearly all teams will modernize from DIY DevOps into DevSecOps Platforms and that the opportunity to continue growing our customer base is substantial. To drive new customer growth, we intend to continue investing in sales and marketing, with a focus on replacing DIY DevOps within larger teams. We also continue to focus on acquiring users with our free product and converting free users to paying customers, with a special emphasis on improving the self-service purchasing experience.
•Drive increased expansion within our existing customer base. As customers realize the benefits of a single application, they typically increase their spend with us by adding more users or purchasing higher tiered plans. As a result, for fiscal 2023 and fiscal 2022, our Dollar-Based Net Retention Rate was above 130% and above 152%, respectively. We plan to continue investing in sales and marketing, with a focus on driving expansion of The DevSecOps Platform within existing customers, particularly for our larger customers.
•Further grow adoption of our SaaS offering. As teams move more workloads to the cloud and consume technology as a service, we believe our SaaS offering will continue to grow at a faster rate than our self-managed offering. We intend to continue making investments in research and development to enhance new SaaS features, as well as in sales and marketing, to drive further adoption of our SaaS offering.
•Grow and invest in our partner network. We have been investing in our global partner ecosystem, composed of hyperscalers and cloud providers, including Google Cloud and AWS, technology and independent software vendor partners, global resellers, and system integrators. We plan to continue investing in building out our partner program to expand our distribution footprint, to broaden the awareness of The DevSecOps Platform, and to more efficiently add new customers. We will also continue to invest in building out our partnerships to deliver transformation services to help our enterprise customers accelerate the deployment of The DevSecOps Platform.
•Expand our global footprint. We believe there is significant opportunity to continue to expand internationally. We grew our international revenue to $71.4 million for fiscal 2023 from $41.1 million for fiscal 2022, representing an increase of 73%. We intend to grow our international revenue by increasing our investments strategically in our international sales and marketing operations, including headcount in the EMEA and APAC regions.
Human Capital
Our Unique Culture and Values
Our success is driven by our culture. We believe that our values and culture are a competitive advantage within our industry, and we will continue to invest time and resources in building our culture to
11
drive superior business results. We are highly dependent on our management, highly-skilled engineers, sales team members and other professionals. It is crucial that we continue to identify, attract and retain valuable team members. To facilitate hiring and retention, we strive to make GitLab a diverse, inclusive workplace where every team member feels they belong and has the opportunity to grow and develop their career.
We were recognized by Fortune as one of 2022’s Best Workplaces in Technology and by Fast Company as one of 2022’s Best Workplaces for Innovators. We also have a 96% CEO approval rating and a 4.5 overall workplace approval rating on Glassdoor.com, as of January 31, 2023. As a result, we trust that our values have led and will continue to lead to results that distinguish us from other companies. They include:
•Our mission is to ensure that everyone can contribute. This mission guides our path, and we live our values along that path. Our values are a living document, and we encourage our team members to make suggestions to improve our company values constantly. We have established six core C.R.E.D.I.T. values:
◦Collaboration - Helping others is a priority; we rely on each other for help and advice;
◦Results - We follow through on our promises to each other, customers, users, and investors;
◦Efficiency - We are about working on the right things to achieve more progress faster;
◦Diversity, Inclusion & Belonging - We aim to foster an environment where everyone can thrive;
◦Iteration - We do the smallest thing possible and get it out as quickly as possible; and
◦Transparency - We strive to be open about as many things as possible to reduce the threshold to contribution and to make collaboration easier.
•Measure results, not hours. Our all-remote culture helps us to practice our values. As an all-remote company, we are able to recruit from a wider, more diverse, and more uniquely skilled pool of talent across the world. The freedom and flexibility that comes with an all-remote workforce enables team members to view work in an entirely new light, one which focuses on results and productivity over the number of hours spent working. For example, product engineers have measurable objectives to hit rather than prescribed hours to work and team members have on-call shifts based on when they are most productive and best able to contribute to our success.
•We seek to be transparent in everything we do. We publicly share non-sensitive information, including our strategy and objectives, in written form to encourage innovation and trust amongst our team members, customers, and the wider open source community. Our process of being public by default reduces the threshold to contribution and makes collaboration easier. Transparency creates awareness for GitLab, allows us to recruit people who care about our values, gets us more and faster feedback from people outside GitLab, and makes it easier to collaborate. We believe that our transparency creates more value than it captures, and our ability to execute on our strategy far exceeds the abilities of our competitors.
•We do the smallest thing possible and get it out as quickly as we can. We aim to take an iterative approach in everything we do, including our day to day work and building The DevSecOps Platform. Our process is centered on dividing work into small increments, not completing everything at once, and pursuing each stage with speed and efficiency. Approaching work this way, we are able to rapidly get input from end-users who are actively using our platform, continuously revisit what we are doing with a fresher perspective, and gradually gain a greater
12
sense of visibility into what the end picture should look like. By adopting this approach, we are able to work with a greater sense of speed and efficiency, getting more done in less time.
Team Members
Our mission is to make it so everyone can contribute. When everyone can contribute, consumers become contributors, and we greatly increase the rate of human progress through changing creative work from unilateral read-only to collective collaboration and innovation. This mission is integral to our culture, and how we hire, build products, and lead our industry. The DevSecOps Platform brings together developers, operations, and security professionals and elevates their innovation to new levels, making it faster, safer, and more accessible. We are an all-remote company, and we pride ourselves in how we work through enabling our team members the individualized flexibility to reach their business results. We believe this leads to a team that is continually engaged and passionate about the positive impact of GitLab.
As of January 31, 2023, we had approximately 2,170 team members in over 65 countries. In February 2023, in connection with our ongoing efforts to drive towards profitable growth, we announced a plan to reduce our global headcount by approximately 130 team members, which represents approximately 7% of our total headcount. We engage our team members in various ways, including through direct employment, Professional Employer Organizations (“PEOs”), and as independent contractors. In the locations where we use PEOs, we contract with the PEO for it to serve as “Employer of Record” for team members engaged through such PEO. Team members are employed by the PEO but provide services to GitLab. We also engage team members through a PEO self-employed model in certain jurisdictions where we contract with the PEO, which in turn contracts with individual team members as independent contractors. None of our team members are represented by a labor union. In certain countries in which we operate, we are subject to, and comply with, local labor law requirements which may automatically make our team members subject to industry-wide collective bargaining agreements or works councils. We have not experienced any work stoppages. We work to identify, attract, and retain team members who are aligned with and will help us progress with our mission, and we seek to provide competitive cash and equity compensation. We believe we have a strong and open relationship with our team members and our unique mission, culture and values differentiate us and continue to be key drivers of our business success.
Diversity, Inclusion and Belonging Mission
Diversity, Inclusion & Belonging is fundamental to our success. We include it in every way possible and in all that we do. We strive for a transparent environment where all globally dispersed voices are heard and welcomed. We strive for an environment where people can show up as their full selves each day and can contribute to their best ability. And with over an estimated 30 million users utilizing GitLab across the globe (both free and paid tiers), we strive for a team that is representative of our users.
Compensation, Benefits and Perks
We provide team members with competitive compensation packages that include base salaries and equity awards, including restricted stock units. We are an open organization, and we want to be as transparent as possible about our compensation principles. Our compensation model is open to data driven iterations. Additional benefits programs (which vary by country and region) include a 401(k) Plan with a company match, healthcare, vision, and dental insurance benefits, health savings and flexible spending accounts, flexible paid time off, parental leave, and other benefits tailored to the specific needs of our team members such as family forming, caregiving, and mental health resources. Throughout the course of the year, we also encourage team members to take part in various sponsorship and volunteer initiatives that support and ultimately uplift their local communities. As with our unique ways of working, GitLab and its team members have identified and sought out opportunities for impact that speak back not only to our values but our all-remote nature.
13
Our Open Source Philosophy
We recognize that it is imperative to balance our need to generate revenue with the needs of the open source software project. To determine what is available in our free tier and what is available only in our paid tiers, we first assess who cares the most about the feature. Individual contributors rarely purchase The DevSecOps Platform, and thus, if the feature is something primarily individuals care about it will be open source. If the features are something primarily managers, directors, or executives care about, then it will be source-available. When considering buyers as part of product tiering decisions, we use the following guidance:
•Premium is for team(s) usage, with the purchasing decision led by one or more managers or directors
•Ultimate is for strategic organizational usage, with the purchasing decision led by one or more executives
We want to be good stewards of our open source solution, so we aim to provide much of The DevSecOps Platform to the market for free. Having all stages of the platform available to users for free encourages cross-stage adoption and more collaboration and helps users see the benefit of a single application approach. Including all major features in our free tier helps us keep our codebase for the free and paid tiers similar, which helps us carry forward our promise of being good stewards of our open source solution without diverging codebases. We seek to clearly and consistently articulate our monetization strategy on teams and organizations to provide predictability to both our customers as well as the community of contributors.
Our open source approach is intended to increase our development velocity as the developer pool who contributes to our codebase is greater than the size of any single engineering team. As of January 31, 2023, more than 3,500 individuals have contributed to The DevSecOps Platform and since April 30, 2019, merge code contributions have averaged more than 250 per month. Because people outside of our organization can read our code, users can contribute to identifying and solving issues, which accelerates the time we can release new software to market. This has also been a big contribution to enabling us to release a new version of our software for 136 months in a row and counting as of January 31, 2023.
We believe our open source approach helps us acquire, retain, and grow our paying customer base. Our customers benefit from the advanced innovation that comes from distributed development, the documentation, best practices, and knowledge sharing across our community, as well as the engagement of making their own contributions back to our codebase.
The DevSecOps Platform and Plans
We offer The DevSecOps Platform in three different subscription tiers: Free, Premium and Ultimate. While our Free tier platform includes significant functionality for individual users, our paid tiers include features that are more relevant for managers, directors, and executives.
•Our Free tier caters to capabilities needed by individual contributors to do their daily jobs.
•Our Premium tier builds on the capabilities of the Free Plan while also adding functionality intended specifically for managers and directors to help teams enhance collaboration between development and operations teams, manage projects and portfolios, and accelerate the deployment of code.
•Our Ultimate tier provides further functionality for executives and has functions to help teams establish better collaboration between development, operations, and security teams, instill organizational wide security, compliance and planning practices, and implement full value stream measurement, analytics, and reporting, across the DevSecOps lifecycle.
14
Our subscription plans are available as a self-managed offering which customers download to run in their own on-premise environment or hybrid cloud environments, and also a SaaS offering which is managed by us and is hosted in either the public cloud or in a private cloud based on the customer’s preference.
Research and Development Strategy
We ship features and components of features at a high velocity in the smallest possible increments to optimize for code quality, efficiency and speed. As each feature is typically similar in size, we are able to measure and track our development team's efficacy by counting the number of merge requests, or a request to merge one branch of code into another. We believe that our development approach, using The DevSecOps Platform, is a key competitive advantage.
We make product investment decisions based on each stage’s contribution to revenue, monthly active usage, and served addressable market size. Currently, the majority of our development costs are in Create (Source Code Management), Verify (Continuous Integration), Secure (Application Security Testing), and Manage (Analytics and Administrative capabilities).
Our research and development team consists of our architects, software engineers, security experts, DevSecOps engineers, product management, user experience, quality assurance, and data collection teams. We intend to continue to invest in our research and development capabilities to extend The DevSecOps Platform and products.
Our Technology
Our single application strategy means that we have one codebase to author, test, secure, package, and distribute. This also means that we are able to give users the most choice. Our customers can use a SaaS subscription or run The DevSecOps Platform themselves in a self-managed way in their own cloud environments. For self-managed users, GitLab is the only truly public-cloud-agnostic solution. Customers can also run The DevSecOps Platform in their own data centers if they wish. They can further choose to run GitLab on traditional servers, or they can use containers and an orchestration system like Kubernetes.
From an end user standpoint, our single application strategy provides one consistent user interface across all stages of the DevSecOps lifecycle. We see this result in a manifold reduction in lifecycle time for software development teams. For integrators, GitLab has a single application programming interface (“API”) to write integrations against, as opposed to a fragmented tool chain. For IT system administrators and internal security teams this also means they have one application environment and authentication system to inspect and certify according to their team’s standards.
Our Customers
We serve organizations of all sizes across industries and regions. As of January 31, 2023, we had customers in over 140 countries. We believe that our customer growth is best represented by the number of our Base Customers, which increased to 7,002 as of January 31, 2023 from 4,593 as of January 31, 2022. In 2019, we began to invest more heavily in our enterprise sales motion and have had strong success in attracting, retaining, and growing ARR from our larger customers. For the year ended January 31, 2023, more than 69% of our ARR came from public sector and enterprise customers. Our success has been exemplified by the growth in our $100,000 ARR customers to 697 as of January 31, 2023 from 492 as of January 31, 2022. Further, during the same period, we grew our $1.0 million ARR customers to 63 from 39, an increase of 62%. We have key reference customers across a breadth of industry verticals that we believe validate The DevSecOps Platform, and our customers range from small and medium-sized teams to Fortune 500 companies. No individual customer represented more than 10% of our revenue in fiscal 2023 or fiscal 2022.
15
Sales and Marketing
Our go-to-market strategy spans a self-service buying experience, high velocity inside sales, and a dedicated outbound enterprise sales team. We segment our sales organization by size and region, with an additional vertical focus on the public sector. Our sales organization succeeds because of our transparent, cross-functional collaboration and a commitment to over-performance, efficiency, diversity, and constant improvement.
Our customer success team, or CS, manages our technical relationships with customers both pre-sale and long-term partnerships post-sale. CS works to help customers achieve positive business results with GitLab by building awareness, adoption, usage, performance, and modern DevOps capabilities. We believe that this focus on business results and engaged partnership maximizes long-term, sustainable customer value and drives expansion with our existing customers.
Through our commitment to open collaboration, we also have select technology and channel partners who increase efficient access to new customers and support growth of existing customers through trusted relationships, existing contracts, service delivery capability and capacity, and collaboration on large digital transformations. These partners include systems integrators, cloud platform partners, independent software vendors, managed service providers, resellers, distributors, and ecosystem partners. Our partnership program provides additional rewards for partners that make commitments to and investments in a deeper GitLab relationship.
Our marketing department is focused on generating awareness of The DevSecOps Platform to our developer community, existing customers and users, and potential customers. We utilize diverse tactics such as digital demand generation, account based marketing, nurture programs, sales development, virtual and field events, sponsored webinars, gated content downloads, whitepapers, display advertising and integrated campaigns to connect with prospective customers. We also host and present at regional, national and global industry events.
We offer our free tier and/or a free trial to prospective customers allowing them to try before they buy, allowing customers to see the strengths of The DevSecOps Platform and the business benefits. We are then able to engage with these users to encourage them to upgrade to a paid version. Once a customer is onboarded with GitLab, our teams work to identify additional business units and parent/child/subsidiary prospects that would benefit from The DevSecOps Platform. Finally, as engaged members of the open-source community, our contributors often serve as subject matter experts at market-leading developer events, and The DevSecOps Platform is presented on the cutting edge of innovation.
Competition
The markets we serve are highly competitive and rapidly evolving. With the introduction of new technologies and innovations, we expect the competitive environment to remain intense.
We view our primary current competition as customers’ legacy approach of DIY DevOps, using a combination of point tools manually integrated together. Our offering is substantially different in that it is one platform, one codebase, one interface and a unified data model that spans the entire DevSecOps lifecycle. We expect that the competition from DIY DevOps will decrease over time as companies realize the shortcomings in this approach. To ensure easy transitions for customers and support for dependencies on internal and external tools, we support staged adoption while continuing the use of some legacy tools.
Beyond this legacy approach of DIY DevOps, our principal competitor is Microsoft Corporation following their acquisition of GitHub. There are also a number of other private and public companies whose products address only a portion of the DevSecOps lifecycle and/or are cobbled together from several point solutions. These are essentially third-party DIY DevOps and are not a single application.
16
We believe we compete favorably based on the following competitive factors:
•ability to provide a single application that is purpose-built to span the entire DevSecOps lifecycle;
•ability to rapidly innovate and consistently ship and release more features and versions of our software;
•maturity of features in the Create (Source Code Management) and Verify (Continuous Integration) stages;
•ability to run natively across any public cloud, private cloud, hybrid cloud, or on-premises environment;
•ability to enable collaboration between developers, IT operations, and security teams;
•ability to reduce handoffs, friction, and switching costs across different stages of the DevSecOps lifecycle;
•ability to reduce software development times to release better software faster;
•ability to consolidate multiple tools into a single platform;
•ability to eliminate manual integrations that are costly and time-effective to maintain;
•ability to provide a seamless, consistent, and single user experience through one user interface;
•ability to deliver a large, engaging community of open source contributors;
•performance, scalability, and reliability;
•ability to implement more differentiated security and governance;
•quality of service and overall customer satisfaction; and
•strong documentation and transparency of information.
Corporate Philanthropy
As part of our mission to make it so everyone can contribute, we believe that it is important to support teams that can further this goal at local and global levels. To further this mission, in September 2021, our board of directors approved the reservation of up to 1,635,545 shares of Class A common stock for the issuance to charitable organizations, to be further designated by our board of directors. To date, we have made no contributions.
Government Regulation
We are subject to many varying laws and regulations in the United States and throughout the world, including those related to data privacy, security and protection, intellectual property, worker classification, employment and labor, workplace safety, consumer protection, anti-bribery, import and export controls, immigration, federal securities, and tax.
Moreover, new and existing laws and regulations (or changes in interpretation of existing laws and regulations) may also be adopted, implemented, or interpreted to apply to us or our contributors, and uncertainty around the application of these laws may affect demand for our platform. Additionally, as our platform’s geographic scope continues to expand, regulatory agencies or courts may claim that we are subject to additional requirements, or are prohibited from conducting our business in or with certain jurisdictions, either generally or with respect to certain services, or that we are otherwise required to change our business practices. We believe that we are in material compliance with such laws and regulations and do not expect continued compliance to have a material impact on our capital
17
expenditures, earnings, or competitive position. We continue to monitor existing and pending laws and regulations and while the impact of regulatory changes cannot be predicted with certainty, we do not expect compliance to have a material adverse effect on our business. See Part I, Item 1A, “Risk Factors” in this Annual Report on Form 10-K for a more comprehensive description of risks related to government regulation affecting our business.
Intellectual Property
The protection of our technology and intellectual property is an important aspect of our business. We rely upon a combination of trademarks, trade secrets, know-how, copyrights, patents, confidentiality procedures, contractual commitments, domain names, and other legal rights to establish and protect our intellectual property. We generally enter into confidentiality agreements and invention or work product assignment agreements with our officers, team members, agents, contractors, and business partners to control access to, and clarify ownership of, our proprietary information.
As of January 31, 2023, we had five issued patents and four pending patent applications in the United States and abroad. These patents and patent applications seek to protect proprietary inventions relevant to our business. The issued patents are scheduled to expire on or around the years between 2034 and 2036 and cover a means of undertaking metaphor-based language code fuzzing relating to testing of code.
As of January 31, 2023, we had ten trademark registrations and applications in the United States, including for “GITLAB” and our logo. We also had 21 trademark registrations and applications in certain other jurisdictions and regions. Additionally, we are the registered holder of a number of domain names, including gitlab.com.
We are dedicated to open source software. Our product incorporates many components subject to open source software licenses, and in turn we license many significant components of our software under open source software licenses. Such licenses grant licensees broad permissions to use, copy, modify, and redistribute the covered software which can limit the value of our software copyright assets.
Legal Proceedings
We are, and from time to time, we may become involved in legal proceedings or be subject to claims arising in the ordinary course of our business. We are not presently a party to any legal proceedings that in the opinion of our management, if determined adversely to us, would individually or taken together have a material adverse effect on our business, financial condition or operating results.
Defending such proceedings is costly and can impose a significant burden on management and team members. The results of any current or future litigation cannot be predicted with certainty, and regardless of the outcome, litigation can have an adverse impact on us because of defense and settlement costs, diversion of management resources and other factors.
Corporate Information
We were incorporated in the State of Delaware as GitLab Inc. in September 2014. We are a remote-only company, meaning that all of our team members work remotely. Due to this, we do not currently have a headquarters. Our website address is https://about.gitlab.com. The information contained on, or that can be accessed through, our website is not a part of this Annual Report on Form 10-K. Investors should not rely on any such information in deciding whether to conduct any transactions involving our Class A common stock. Unless otherwise indicated, the terms “GitLab,” the “Company,” “we,” “us,” and “our” refer to GitLab Inc. and our subsidiaries, and our variable interest entity as “JiHu”. References to our “common stock” include our Class A common stock and Class B common stock.
Available Information
18
We file electronically with the Securities and Exchange Commission, or the SEC, our Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, and amendments to reports filed or furnished pursuant to Section 13(a) or 15(d) of the Securities Exchange Act of 1934, as amended. The SEC maintains a website at www.sec.gov that contains reports, proxy and information statements and other information that we file with the SEC electronically. We make available on our website at https://about.gitlab.com, free of charge, copies of these reports and other information as soon as reasonably practicable after we electronically file such material with, or furnish it to, the SEC.
We use our investor relations page on our website (https://ir.gitlab.com/), press releases, public conference calls, public webcasts, our Twitter account (@gitlab), our Facebook page, our LinkedIn page, our company news site (https://about.gitlab.com/press/) and our corporate blog (https://about.gitlab.com/blog/) as means of disclosing material nonpublic information and for complying with our disclosure obligations under Regulation FD. The information disclosed by the foregoing channels could be deemed to be material information. As such, we encourage investors, the media, and others to follow the channels listed above and to review the information disclosed through such channels. Any updates to the list of disclosure channels through which we announce information will be posted on the investor relations page on our website.
The contents of the websites referred to above are not incorporated into this Annual Report on Form 10-K. Further, our references to the URLs for these websites are intended to be inactive textual references only.
19
ITEM 1A. RISK FACTORS
Investing in our Class A common stock involves a high degree of risk. You should carefully consider the risks and uncertainties described below, together with all of the other information in this Annual Report, including the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” and our consolidated financial statements and the accompanying notes included elsewhere in this Annual Report before making a decision to invest in our Class A common stock. Our business, financial condition, operating results, or prospects could also be adversely affected by risks and uncertainties that are not presently known to us or that we currently believe are not material. If any of the risks occur, our business, financial condition, operating results, and prospects could be adversely affected. In that event, the market price of our Class A common stock could decline, and you could lose all or part of your investment.
Risks Related to Our Business and Financial Position
Our business and operations have experienced rapid growth, and if we do not appropriately manage future growth, if any, or are unable to improve our systems, processes and controls, our business, financial condition, results of operations, and prospects will be adversely affected.
We have experienced rapid growth, both in terms of employee headcount and customer growth, as well as increased demand for our products. Our total number of Base Customers has grown to 7,002 as of January 31, 2023 from 4,593 as of January 31, 2022. The growth and expansion of our business places a continuous significant strain on our management and operational and financial resources. In addition, as customers adopt our products for an increasing number of use cases, we have had to support more complex commercial relationships. To effectively manage and capitalize on our growth periods, we need to manage headcount capital and processes efficiently, while continuing to make investments to improve and expand our information technology and financial infrastructure, our security and compliance requirements, our operating and administrative systems, our relationships with various partners and other third parties.
We may not be able to sustain the pace of improvements to our products successfully or implement systems, processes, and controls in an efficient or timely manner or in a manner that does not negatively affect our results of operations. Our failure to improve our systems, processes, and controls, or their failure to operate in the intended manner, may result in our inability to manage the growth of our business and to forecast our revenue, expenses, and earnings accurately, or to prevent losses.
Our recent growth may not be indicative of our future growth, and we may not be able to sustain our revenue growth rate in the future. Our growth also makes it difficult to evaluate our future prospects and may increase the risk that we will not be successful.
Our total revenue for the years ended January 31, 2023 and 2022 was $424.3 million and $252.7 million, respectively, representing a growth rate of 68%. You should not rely on the revenue growth of any prior quarter or annual period as an indication of our future performance. As a result of our limited operating history, our ability to accurately forecast our future results of operations is limited and subject to a number of uncertainties, including our ability to plan for and model future growth. Our historical revenue growth should not be considered indicative of our future performance.
Further, in future periods, our revenue could decline or our revenue growth rate could slow. Many factors may contribute to this decline, including changes to technology, increased competition, slowing demand for The DevSecOps Platform, the maturation of our business, a failure by us to continue capitalizing on growth opportunities, our failure, for any reason, to continue to take advantage of growth opportunities and a global economic downturn, among others. If our growth rate declines, investors’ perceptions of our business and the market price of our Class A common stock could be adversely affected.
20
In addition, we expect to continue to responsibly expend financial and other resources to align with our:
•expansion and enablement of our sales, services, and marketing organization to increase brand awareness and drive adoption of The DevSecOps Platform;
•product development, including investments in our product development team and the development of new features and functionality for The DevSecOps Platform;
•technology and sales channel partnerships;
•international expansion;
•acquisitions or strategic investments; and
•general administration, including increased legal and accounting expenses associated with being a public company.
These investments may not result in increased revenue in our business. If we are unable to maintain or increase our revenue at a rate sufficient to offset the expected increase in our costs, our business, financial position and results of operations will be harmed, and we may not be able to achieve or maintain profitability.
Our ability to forecast our future results of operations is subject to a number of uncertainties, including our ability to effectively plan for and model future growth. We have encountered in the past, and may encounter in the future, risks and uncertainties frequently experienced by growing companies in rapidly changing industries. If we fail to achieve the necessary level of efficiency in our organization as it grows, or if we are not able to accurately forecast future growth, our business would be harmed. Moreover, if the assumptions that we use to plan our business are incorrect or change in reaction to changes in our market, or we are unable to maintain consistent revenue or revenue growth, our share price could be volatile, and it may be difficult to achieve and maintain profitability.
We have a history of losses, anticipate increases in our operating expenses in the future, and may not achieve or sustain profitability on a consistent basis. If we cannot achieve and sustain profitability, our business, financial condition, and operating results may be adversely affected.
We have incurred losses in each year since our inception, including net losses of approximately $192.2 million, $155.1 million and $172.3 million in fiscal 2021, fiscal 2022 and fiscal 2023, respectively. As of January 31, 2023, we had an accumulated deficit of approximately $725.6 million. While we have experienced significant growth in revenue in recent periods, we cannot assure you that we will achieve profitability in future periods or that, if at any time we are profitable, we will sustain profitability. We also expect our operating and other expenses to increase in the foreseeable future as we continue to invest in our future growth, including expanding our research and development function to drive further development of The DevSecOps Platform, expanding our sales and marketing activities, developing the functionality to expand into adjacent markets, and reaching customers in new geographic locations, which will negatively affect our operating results if our total revenue does not increase. While we consistently evaluate opportunities to reduce our operating costs and optimize efficiencies, including, for example, through our workforce reduction in February 2023, we cannot guarantee that these efforts will be successful or that we will not re-accelerate operating expenditures in the future in order to capitalize on growth opportunities. In addition to the anticipated costs to grow our business, we also expect to continue to incur significant legal, accounting, and other expenses as a public company. These efforts and expenses may be more costly than we expect, and we cannot guarantee that we will be able to increase our revenue to offset our operating expenses. Our revenue growth may slow or our revenue may decline for a number of reasons, including reduced demand for The DevSecOps Platform, increased competition, an increased use of our free product offerings, a decrease in the growth or reduction in size of our overall market, or any inability on our part to capitalize on growth opportunities. Further, as our SaaS offering
21
makes up an increasing percentage of our total revenue, we expect to see increased associated cloud-related costs, such as hosting and managing costs, which may adversely impact our gross margins. Any failure to increase our revenue or to manage our costs as we continue to grow and invest in our business would prevent us from achieving or maintaining profitability or achieving or maintaining positive operating cash flow at all or on a consistent basis, which would cause our business, financial condition, and results of operations to suffer.
As we continue to invest in infrastructure, develop our services and features, responsibly manage our headcount and expand our sales and marketing activity, we may continue to have losses in future periods and these may increase significantly. As a result, our losses in future periods may be significantly greater than the losses we would incur if we developed our business more slowly. In addition, we may find that these efforts require greater investment of time and human and capital resources than we currently anticipate and/or that they may not result in increases in our revenues or billings. Any failure by us to achieve and sustain profitability on a consistent basis could cause the value of our Class A common stock to decline.
We face intense competition and could lose market share to our competitors, which would adversely affect our business, operating results, and financial condition.
The markets for our services are highly competitive, with limited barriers to entry. Competition presents an ongoing threat to the success of our business. We expect competition in the software business generally, and in all of the stages of the software development lifecycle that our product covers, in particular, to continue to increase. We expect to continue to face intense competition from current competitors, as well as from new entrants into the market. If we are unable to anticipate or react to these challenges, our competitive position would weaken, and we would experience a decline in revenue or reduced revenue growth, and loss of market share that would adversely affect our business, financial condition, and operating results.
We face competition in several areas due to the nature of our product. Our product offering is broad across all stages of the software development lifecycle which has us competing with many providers with offerings across all stages. We compete with well-established providers such as Atlassian and Microsoft as well as other companies with offerings in fewer stages including with respect to both code hosting and code collaboration services, as well as file storage and distribution services. Many of our competitors are significantly larger than we are and have more capital to invest in their businesses.
We believe that our ability to compete depends upon many factors both within and beyond our control, including the following:
•the ability of our products or of those of our competitors to deliver the positive business outcomes prioritized and valued by our customers and prospects;
•our ability to price our products competitively, including our ability to transition users of our free product offering to a paid version of The DevSecOps Platform;
•the amount and quality of communications, postings, and sharing by our users on public forums, which can promote improvements on The DevSecOps Platform but may also lead to disclosure of commercially sensitive details;
•the timing and market acceptance of services, including the developments and enhancements to those services offered by us or our competitors;
•our ability to monetize activity on our services;
•customer service and support efforts;
•sales and marketing efforts;
22
•ease of use, performance and reliability of solutions developed either by us or our competitors;
•our ability to manage our operations in a cost effective manner;
•insolvency or credit difficulties confronting our customers, affecting their ability to purchase or pay for our product offering;
•our reputation and brand strength relative to our competitors;
•introduction of new technologies or standards that compete with or are unable to be adopted in our products;
•ability to attract new team members or retain existing team members which could affect our ability to attract new customers, service existing customers, enhance our product or handle our business needs;
•our ability to maintain and grow our community of users; and
•the length and complexity of our sales cycles.
Many of our current and potential competitors have greater financial, technical, marketing and other resources and larger customer bases than we do. Furthermore, our current or potential competitors may be acquired by third parties with greater available resources and the ability to initiate or withstand substantial price competition. In addition, many of our competitors have established sales and marketing relationships and have access to larger customer bases. Our competitors may also establish cooperative relationships among themselves or with third parties that may further enhance their product offerings or resources. These factors may allow our competitors to respond more quickly than we can to new or emerging technologies and changes in customer preferences. These competitors may engage in more extensive research and development efforts, undertake more far-reaching marketing campaigns and adopt more aggressive pricing policies which may undercut our pricing policies and allow them to build a larger user base or to monetize that user base more effectively than us. If our competitors’ products, platforms, services or technologies maintain or achieve greater market acceptance than ours, if they are successful in bringing their products or services to market earlier than ours, or if their products, platforms or services are more technologically capable than ours, then our revenues could be adversely affected. In addition, some of our competitors may offer their products and services at a lower price or for free, or may offer a competing product with other services or products that together result in offering the competing product for free. If we are unable to achieve our target pricing levels, our operating results would be negatively affected. Pricing pressures and increased competition could result in reduced sales, reduced margins, losses or a failure to maintain or improve our competitive market position, any of which could adversely affect our business.
The market for our services is relatively new and unproven and may not grow, which would adversely affect our future results and the trading price of our Class A common stock.
Because the market for our services is relatively new and rapidly evolving, it is difficult to predict customer adoption, customer demand for our services, the size and growth rate of this market, the entry of competitive products or the success of existing competitive services. Any expansion or contraction in our market depends on a number of factors, including the cost, performance and perceived value associated with our services and the appetite and ability of customers to use and pay for the services we provide. Further, even if the overall market for the type of services we provide continues to grow, we face intense competition from larger and more well-established providers and we may not be able to compete effectively or achieve market acceptance of our products. If we or other software and SaaS providers experience security incidents, loss of customer data, or disruptions in delivery or service, the market for these applications as a whole, including The DevSecOps Platform and products, may be negatively affected. If the market for our services does not achieve widespread adoption, we do not compete effectively in this market, or there is a reduction in demand for our software or our services in our market
23
caused by a lack of customer acceptance, implementation challenges for deployment, technological challenges, lack of accessible data, competing technologies and services, decreases in corporate spending, including as a result of global business or macroeconomic conditions, including inflation, rising interest rates, volatility of the global debt and equity markets, or otherwise, it could result in reduced customer orders and decreased revenues, which could require slowing our rate of headcount growth and would adversely affect our business operations and financial results.
We are dependent on sales and marketing strategies to drive our growth in our revenue. These sales and marketing strategies may not be successful in continuing to generate sufficient sales opportunities. Any decline in our customer renewals and expansions could harm our future operating results.
Our business model depends on generating and maintaining a large user base that is extremely satisfied with The DevSecOps Platform. We rely on satisfied customers to expand their footprint by buying new products and services and onboarding additional users. The model is based on the assumption that we will convert non-paying users to paying users. We have limited historical data with respect to the number of current and previous free users and the rates in which customers convert to paying customers, so we may not accurately predict future customer purchasing trends. In future periods, our growth could slow or our profits could decline for several reasons, including decreased demand for our product offerings and our professional services, increased competition, a decrease in the growth of our overall market, a decrease in corporate spending, including as a result of global business or macroeconomic conditions, including inflation, rising interest rates, or otherwise, or our failure, for any reason, to continue to capitalize on growth opportunities. We may be forced to change or abandon our subscription based revenue model in order to compete with our competitors’ offerings.
It could also become increasingly difficult to predict revenue and timing of collections as our mix of annual, multi-year and other types of transactions changes as a result of our expansion into cloud-based offerings. Our failure to execute on our revenue projections could impair our ability to meet our business objectives and adversely affect our results of operations and financial condition.
Our future success also depends in part on our ability to sell more subscriptions and additional services to our current customers. Even if customers choose to renew their current subscriptions with us, they may decline to purchase additional services or they may choose to downtier or otherwise decrease the number of seats in their subscription. If our customers do not purchase additional subscriptions and services from us, our revenue may decline and our operating results may be harmed. Paying customers may decline or fluctuate as a result of a number of factors, including their satisfaction with our services and our end-customer support, the frequency and severity of product outages, our product uptime or latency, their satisfaction with the speed of delivering new features, the pricing of our, or competing, services, and the impact of macroeconomic conditions on our customers and their corporate spending. We have limited historical data with respect to rates of paying customers buying more seats, uptiering, downtiering and churning, so we may not accurately predict future customer trends.
Our customer expansions and renewals may decline or fluctuate, and conversely, contractions and downtiers may increase, or fluctuate, as a result of a number of factors, including: quality of our sales efforts, customer usage, customer satisfaction with our services and customer support, our prices (including price increases for our Premium tier that we announced in the first quarter of fiscal year 2024 and which are generally effective in the same fiscal quarter depending on whether it is a new or existing customer), the prices of competing services, mergers and acquisitions affecting our customer base, the effects of global economic conditions, including increased interest rates and inflation, or reductions in our customers’ spending levels generally (including, our customers that have or may have to downsize their operations or headcount). If we cannot use our marketing strategies in a cost-effective manner or if we fail to promote our services efficiently and effectively, our ability to acquire new customers or expand the services of our existing customers may suffer. In addition, an increase in the use of online and social media for product promotion and marketing may increase the burden on us to monitor compliance of such
24
materials and increase the risk that such materials could contain problematic product or marketing claims in violation of applicable regulations.
Further, we have discontinued our starter and bronze tier product offerings, and users of these products will be required to switch to another paid offering, switch to our free product or discontinue using our products. Additionally, in the first quarter of fiscal year 2023, we announced a user limit for our SaaS Free tier, which is expected to be implemented in fiscal year 2024 followed by storage and transfer limitations. We also announced in the first quarter of fiscal year 2023 storage and transfer limitations, the extent and implementation of which varies depending on the tier. We cannot assure you that our customers will purchase our products, and if our end customers do not purchase our products, our revenues may grow more slowly than expected or decline.
Our operating results may fluctuate significantly, which could make our future results difficult to predict and could adversely affect the trading price of our Class A common stock.
Our operating results may vary significantly from period to period, which could adversely affect our business, operating results and financial condition. Our operating results have varied significantly from period to period in the past, and we expect that our operating results will continue to vary significantly in the future such that period-to-period comparisons of our operating results may not be meaningful. Accordingly, our financial results in any one quarter or fiscal year should not be relied upon as indicative of future performance. Our quarterly or annual financial results may fluctuate as a result of several factors, many of which are outside of our control and may be difficult to predict, including:
•our ability to attract and retain new customers;
•the addition or loss of material customers, including through acquisitions or consolidations;
•the timing of recognition of revenues;
•the amount and timing of operating expenses related to the maintenance and expansion of our business, operations and infrastructure;
•general economic, industry and market conditions, in both domestic and our foreign markets, including increasing interest rates and inflation, the potential effects of health pandemics or epidemics global events, including the ongoing armed conflict in Ukraine;
•customer renewal rates;
•our ability to convert users of our free product offerings into subscribing customers;
•increases or decreases in the number of elements of our services or pricing changes upon any renewals of customer agreements;
•software development allocation decisions by customers;
•seasonal variations in sales of our products;
•the timing and success of new service introductions by us or our competitors or any other change in the competitive dynamics of our industry, including consolidation among competitors, customers or strategic partners;
•decisions by potential customers to use products of our competitors;
•the timing of expenses related to the development or acquisition of technologies or businesses and potential future charges for impairment of goodwill from acquired companies;
•extraordinary expenses such as litigation or other dispute-related settlement payments or outcomes;
25
•future accounting pronouncements or changes in our accounting policies or practices;
•negative media coverage or publicity;
•political events;
•the amount and timing of operating costs and capital expenditures related to the expansion of our business, in the U.S. and foreign markets;
•the cost to develop and upgrade The DevSecOps Platform to incorporate new technologies; and
•increases or decreases in our expenses caused by fluctuations in foreign currency exchange rates.
In addition, we experience seasonal fluctuations in our financial results as we typically receive a higher percentage of our annual orders from new customers, as well as renewal orders from existing customers, in our last two fiscal quarters as compared to the first two fiscal quarters due to the annual budget approval process of many of our customers, the timing of our customers’ decisions to make a purchase, changes our customers experienced, or may experience, in their businesses, and other variables some of which are outside of our and our customers’ control, such as macroeconomic and general economic conditions, including inflation and increased interest rates.
Any of the above factors, individually or in the aggregate, may result in significant fluctuations in our financial and other operating results from period to period. As a result of this variability, our historical operating results should not be relied upon as an indication of future performance. Moreover, this variability and unpredictability could result in our failure to meet our operating plan or the expectations of investors or analysts for any period. If we fail to meet such expectations for the reasons described above or any other reasons, our stock price could fall substantially.
We have experienced rapid growth in recent periods. If we fail to manage our growth effectively, we may be unable to execute our business plan, maintain high levels of service, or adequately address competitive challenges.
We have experienced a period of rapid growth in our operations and headcount. We anticipate that we will continue to expand our operations and responsibly grow our headcount in the near term. This growth has placed, and future growth will place, a significant strain on our management and administrative, operational and financial infrastructure. Our success will depend in part on our ability to manage this growth effectively. To manage the responsible growth of our operations, we will need to continue to improve our operational, financial and management controls and our reporting systems and procedures. Failure to effectively manage growth could result in difficulty or delays in deploying customers, declines in quality or customer satisfaction, increases in costs, difficulties in introducing new features or other operational difficulties, and any of these difficulties could adversely impact our business performance and results of operations. Furthermore, there is no assurance that our rate of growth will continue at its current pace, if at all. Our rate of growth may also be impacted as a result of global business or macroeconomic conditions, including inflation and rising interest rates, and investment decisions by our customers.
We do not have an adequate history with our subscription or pricing models to accurately predict the long-term rate of customer subscription renewals or adoption, or the impact these renewals and adoption will have on our revenues or operating results.
We have limited experience with respect to determining the optimal prices for our services. As the markets for our services mature, or as new competitors introduce new products or services that are similar to or compete with ours, we may be unable to attract new customers at the same price or based on the same pricing model as we have used historically. Moreover, some customers may demand greater price concessions or additional functionality at the same price levels. As a result, in the future we may be
26
required to reduce our prices or provide more features without corresponding increases in price, which could adversely affect our revenues, gross margin, profitability, financial position and cash flow.
In addition, our customers have no obligation to renew their subscriptions for our services after the expiration of the initial subscription period. A majority of our subscriptions are on a one-year period. Our customers may renew for fewer elements of our services or negotiate for different pricing terms. We have limited historical data with respect to rates of customer subscription renewals, so we cannot accurately predict customer renewal rates. Our customers’ renewal rates may decline or fluctuate as a result of a number of factors, including their dissatisfaction with our pricing or our services, their ability to continue their operations and spending levels, and changes in other technology components used within the customer’s organization. Changes in product packaging, pricing strategy, or product offerings, or the implementation or execution of the foregoing, may not be seen favorably by our customers and may have an adverse effect on our ability to retain our current customers and acquire new ones. For example, we have discontinued our starter and bronze tier product offerings, and we recently announced a price increase in our Premium tier product offering, which may cause customers who previously used these tiers to opt for our free version or to cease using our products completely. We may also decide to raise the prices of our product offerings in the future. If our customers do not renew their subscriptions on similar pricing terms, our revenues may decline, and our business could suffer. In addition, over time the average term of our contracts could change based on renewal rates or for other reasons.
Transparency is one of our core values. While we will continue to prioritize transparency, we must also promote "responsible" transparency as transparency can have unintended negative consequences.
Transparency is one of our core values. As an all-remote open-source software company, we believe transparency is essential to how we operate our business and interact with our team members, the community, and our customers. We also find it to be critical for team member recruitment, retention, efficiency and our culture. In addition, our transparency is highly valued by both our customers and our contributors. While we will continue to emphasize transparency, we also promote and educate our team members about responsible internal and external transparency, as openly sharing certain types of information can potentially lead to unintended, and sometimes negative, consequences.
As a result of our transparency, our competitors and other outside parties may have access to certain information that is often kept confidential or internal at other companies through our Handbook, our team members’ open and public use of The DevSecOps Platform to run our business, and other avenues of communication we commonly use. The public availability of this information may allow our competitors to take advantage of certain of our innovations, and may allow parties to take other actions, including litigation, that may have an adverse impact on our operating results or cause reputational harm, which in turn may have a negative economic impact.
We are also subject to Regulation FD, which imposes restrictions on the selective disclosure of material information to stockholders and other market participants, and other regulations. While we have implemented internal controls to maintain compliance with Regulation FD, if as a result of our transparency, we disclose material information in a non-Regulation FD compliant matter, we may be subject to heightened regulatory and litigation risk.
The Handbook may not be up to date or accurate, which may result in negative third-party scrutiny or be used in ways that adversely affects our business.
Consistent with our commitment to our transparency and efficiency values, we maintain a publicly available company Handbook that contains important information about our operations and business practices. This Handbook is open to the public and may be used by our competitors or bad actors in malicious ways that may adversely affect our business, operating results, and financial condition. Although we aim to keep the Handbook updated, the information in the Handbook may not be up to date at all times. Also, because any of our team members can contribute to the Handbook, the information in
27
the Handbook may not be accurate. We have implemented disclosure controls and procedures, including internal controls over financial reporting, that comply with the U.S. securities laws; however, if we fail to successfully maintain the appropriate controls, we may face unintended disclosures of material information about the company through our Handbook, which may lead to disclosure control failures, potential securities law violations, and reputational harm.
Security and privacy breaches may hurt our business.
The DevSecOps Platform processes, stores, and transmits our customers’ proprietary and sensitive data, including personal information, and financial data. We also use third-party service providers and sub-processors to help us deliver services to our customers and their end-users. These vendors may store or process personal information, or other confidential information of our team members, our partners, our customers, or our customers’ end-users. We collect such information from individuals located both in the United States and abroad and may store or process such information outside the country in which it was collected. While we, our third-party cloud providers, our third-party processors, and our customers have implemented security measures designed to protect against security breaches, these measures could fail or may be insufficient, resulting in the unauthorized access or disclosure, modification, misuse, destruction, or loss of our or our customers’ data or other sensitive information. Any security breach of The DevSecOps Platform, our operational systems, physical facilities, or the systems of our third-party processors, or the perception that a breach has occurred, could result in litigation, indemnity obligations, regulatory enforcement actions, investigations, compulsory audits, fines, penalties, mitigation and remediation costs, disputes, reputational harm, diversion of management’s attention, and other liabilities and damage to our business. Even though we do not control the security measures of our customers and other third parties, we may be considered responsible for any breach of such measures or suffer reputational harm even where we do not have recourse to the third party that caused the breach, if it is found that GitLab failed to conduct comprehensive third party risk due diligence. In addition, any failure by our vendors to comply with applicable law or regulations could result in proceedings against us by governmental entities or others.
Security incidents compromising the confidentiality, integrity, and availability of our confidential or personal information and our third-party service providers’ information technology systems could result from cyber-attacks, including denial-of-service attacks, web scraping, ransomware attacks, business email compromises, computer malware, viruses, and social engineering (including phishing), which are prevalent in our industry and our customers’ industries. Any security breach or disruption could result in the loss or destruction of or unauthorized access to, or use, alteration, disclosure, or acquisition of confidential and personal information, which may result in damage to our reputation, early termination of our contracts, litigation, regulatory investigations or other liabilities. If our, our customers’, or our partners’ security measures are breached as a result of third-party action, team member error, misconfiguration, malfeasance (including bribery) or otherwise and, as a result, someone obtains unauthorized access to the GitLab application or data, including personal and/or confidential information of our customers, our reputation could be damaged, our business may suffer loss of current customers and future opportunities and we could incur significant financial liability including fines, cost of recovery, and costs related to remediation measures.
Techniques used to obtain unauthorized access or to sabotage systems change frequently. As a result, we may be unable to fully anticipate these techniques or to implement adequate preventative measures. If an actual or perceived security breach occurs, the market perception of our security measures could be harmed, and we could lose sales and customers. If we are, or are perceived to be, not in compliance with data protection, consumer privacy, or other legal or regulatory requirements or operational norms bearing on the collection, processing, storage, or other treatment of data records, including personal information, our reputation and operating performance may suffer. Further, we need to continually monitor and remain compliant with all applicable changes in local, state, national, or international legal or regulatory requirements. Any significant violations of data privacy could result in the loss of business, litigation, and regulatory investigations and penalties that could damage our reputation and adversely impact our results of operations and financial condition.
28
We have contractual and legal obligations to notify relevant stakeholders of security breaches. Most jurisdictions have enacted laws requiring companies to notify affected individuals, regulatory authorities, and relevant others of security breaches involving certain types of data, including personal information. In addition, our agreements with certain customers and partners may require us to notify them in the event of a security breach. Such mandatory disclosures are costly, could lead to negative publicity, may cause our customers to lose confidence in the effectiveness of our security measures, and require us to expend significant capital and other resources to respond to or alleviate problems caused by the actual or perceived security breach.
A security breach may cause us to breach customer contracts. Our agreements with certain customers may require us to use industry-standard or reasonable measures to safeguard sensitive personal information or confidential information. A security breach could lead to claims by our customers, their end-users, or other relevant stakeholders that we have failed to comply with such legal or contractual obligations. As a result, we could be subject to legal action or our customers could end their relationships with us. There can be no assurance that any limitations of liability in our contracts would be enforceable or adequate or would otherwise protect us from liabilities or damages.
Litigation resulting from security breaches may adversely affect our business. Unauthorized access to The DevSecOps Platform, systems, networks, or physical facilities could result in litigation with our customers, our customers’ end-users, or other relevant stakeholders. These proceedings could force us to spend money in defense or settlement, divert management’s time and attention, increase our costs of doing business, or adversely affect our reputation. We could be required to fundamentally change our business activities and practices or modify The DevSecOps Platform capabilities in response to such litigation, which could have an adverse effect on our business. If a security breach were to occur, and the confidentiality, integrity or availability of our data or the data of our partners, our customers or our customers’ end-users was disrupted, we could incur significant liability, or The DevSecOps Platform, systems, or networks may be perceived as less desirable, which could negatively affect our business and damage our reputation.
If we fail to detect or remediate a security breach in a timely manner, or a breach otherwise affects a large amount of data of one or more customers, or if we suffer a cyber-attack that impacts our ability to operate The DevSecOps Platform, we may suffer material damage to our reputation, business, financial condition, and results of operations. Further, while we maintain cyber insurance that may provide coverage for these types of incidents, such coverage may not be adequate to cover the costs and other liabilities related to these incidents. In addition, we cannot be sure that our existing insurance coverage and coverage for errors and omissions will continue to be available on acceptable terms or that our insurers will not deny coverage as to any future claim. Our risks are likely to increase as we continue to expand The DevSecOps Platform, grow our customer base, and process, store, and transmit increasingly large amounts of proprietary and confidential data.
We face heightened risk of security breaches because we use third-party open source technologies and incorporate a substantial amount of open source code in our products.
The DevSecOps Platform is built using open-source technology. Using or incorporating any third-party technology can become a vector for supply-chain cyber-attacks, denial-of-service attacks, ransomware attacks, business email compromises, computer malware, viruses, and social engineering (including phishing) attacks. Such attacks are prevalent in our industry and our customers’ industries, and our use of open-source technology may, or may be perceived to, leave us more vulnerable to security attacks. We have previously been, and may in the future become, the target of cyber-attacks by third parties seeking unauthorized access to our or our customers’ data or to disrupt our operations or ability to provide our services. If we are the target of cyber-attacks as a result of our use of open source code, it may substantially damage our reputation and adversely impact our results of operations and financial condition.
29
Customers may choose to stay on our self-managed or SaaS product offerings instead of converting into a paying customer.
Our future success depends, in part, on our ability to convert users of our free self-managed or SaaS product offerings into paying customers by selling additional products, and by upselling additional subscription services. The total number of users of our free product may decline as a result of, or due to, the limitations on the number of users for a product and limitations on storage and transfers applicable to the free product offering (all of which were announced in the first quarter of fiscal year 2023 and is expected to be implemented in fiscal year 2024). As a result of our investment in new capabilities and improvements to our free product offering, users of our free product may decline to purchase additional products or subscription services if they perceive the free product to be more attractive as compared to our paid offerings. Converting users of our free product offering may require increasingly sophisticated and costly sales efforts and may not result in additional sales. In addition, the rate at which our end-customers purchase additional products and services depends on a number of factors, including the perceived need for additional products and services, the limitations on the number of users and limitations on storage and transfers applicable to the free product offering as well as general economic conditions. If our efforts to sell additional products and services to our end-customers are not successful, our business may suffer.
We may not be able to respond to rapid technological changes with new solutions, which could have a material adverse effect on our operating results.
The DevSecOps market is characterized by rapid technological change, fluctuating price points, and frequent new product and service introductions. Our ability to increase our user base and increase revenue from existing customers will depend heavily on our ability to enhance and improve our existing solutions, introduce new features and products, both independently and in conjunction with third-party developers, reach new platforms and sell into new markets. Customers may require features and capabilities that our current solutions do not have. If we fail to develop solutions that satisfy customer preferences in a timely and cost-effective manner, we may fail to renew our subscriptions with existing customers and create or increase demand for our solutions, and our business may be materially and adversely affected.
The introduction of new services by competitors or the development of entirely new technologies to replace existing offerings could make our solutions obsolete or adversely affect our business. In addition, any new markets or countries into which we attempt to sell our solutions may not be receptive. We may experience difficulties with software development, design, or marketing that could delay or prevent our development, introduction, or implementation of new solutions and enhancements. We have in the past experienced delays in the planned release dates of new features and upgrades, and have discovered defects in new solutions after their introduction. There can be no assurance that new solutions or upgrades will be released according to schedule, or that when released they will not contain defects. Either of these situations could result in adverse publicity, loss of revenue, delay in market acceptance, or claims by customers brought against us, all of which could have a material adverse effect on our reputation, business, operating results, and financial condition. Moreover, upgrades and enhancements to our solutions may require substantial investment and we have no assurance that such investments will be successful. If users do not widely adopt enhancements to our solutions, we may not be able to realize a return on our investment. If we are unable to develop, license, or acquire enhancements to our existing solutions on a timely and cost-effective basis, or if such enhancements do not achieve market acceptance, our business, operating results, and financial condition may be adversely affected.
Failure to effectively expand our marketing and sales capabilities could harm our ability to increase our customer base and achieve broader market acceptance of our services.
Our ability to increase our customer base and achieve broader market acceptance of our services will depend to a significant extent on our ability to continue to expand our marketing and sales operations. We plan to continue expanding our sales force. We also plan to dedicate significant and increasing resources
30
to sales and marketing programs. We are expanding our marketing and sales capabilities to target additional potential customers, including some larger organizations, but there is no guarantee that we will be successful attracting and maintaining these businesses as customers, and even if we are successful, these efforts may divert our resources away from and negatively impact our ability to attract and maintain our current customer base. All of these efforts will require us to invest significant financial and other resources. If we are unable to find efficient ways to deploy our marketing spend or to hire, develop, and retain talent in numbers required to maintain and support our growth, if our new sales talent are unable to achieve desired productivity levels in a reasonable period of time, or if our sales and marketing programs are not effective, our ability to increase our customer base and achieve broader market acceptance of our services could be harmed.
Any failure to offer high-quality technical support services may adversely affect our relationships with our customers and our financial results.
Once our products are deployed, our customers depend on our technical support organization to resolve technical issues. We may be unable to respond quickly enough to accommodate short-term increases in customer demand for support services. We also may be unable to modify the format of our support services to compete with changes in support services provided by our competitors. Increased customer demand for these services, without corresponding revenues, could increase costs and adversely affect our operating results. In addition, our sales process is highly dependent on our services and business reputation and on positive recommendations from our existing customers. Any failure to maintain high-quality technical support, or a market perception that we do not maintain high-quality support, could adversely affect our reputation, our ability to sell our services to existing and prospective customers, and our business, operating results and financial position.
Customers may demand more configuration and integration services, or customized features and functions that we do not offer, which could adversely affect our business and operating results.
Our current and future customers may demand more configuration and integration services, which increase our up-front investment in sales and deployment efforts, with no guarantee that these customers will increase the scope of their subscription. As a result of these factors, we may need to devote a significant amount of sales support and professional services resources to individual customers, increasing the cost and time required to complete sales. If prospective customers require customized features or functions that we do not offer, and that would be difficult for them to deploy themselves, then the market for our applications will be more limited and our business could suffer.
If we fail to adapt and respond effectively to rapidly changing technology, evolving industry standards, and changing customer needs, requirements, or preferences, our services may become less competitive.
Our industry is subject to rapid technological change, evolving industry standards and practices, and changing customer needs, requirements, and preferences. The success of our business will depend, in part, on our ability to adapt and respond effectively to these changes on a timely basis, including our ability to provide enhancements and new features for our existing services or new services that achieve market acceptance or that keep pace with rapid technological developments and the competitive landscape. The success of new services and enhancements depends on several factors, including the timely delivery, introduction, and market acceptance of such services. If we are unable to develop and sell new services that satisfy our customers and provide enhancements and new features for our existing services that keep pace with rapid technological and industry change, our revenue and operating results could be adversely affected. If new technologies emerge that are able to deliver competitive products at lower prices, more efficiently, more conveniently, or more securely, such technologies could adversely impact our ability to compete.
Our services must also integrate with a variety of network, hardware, mobile, cloud, and software platforms and technologies, and we need to continuously modify and enhance our services to adapt to
31
changes and innovation in these technologies, including changes in internet-related hardware, operating systems, cloud computing infrastructure, and other software, communication, browser and open source technologies. If developers widely adopt new software platforms, we would have to develop new versions of our products to work with those new platforms. This development effort may require significant engineering, marketing, and sales resources, all of which would affect our business and operating results. Any failure of our services to operate effectively with future infrastructure platforms and technologies could reduce the demand for our products and significantly impair our revenue growth. We may not be successful in either developing these modifications and enhancements or in bringing them to market in a timely fashion. Furthermore, uncertainties about the timing and nature of new network platforms or technologies, or modifications to existing platforms or technologies, could increase our research and development expenses. If we are unable to respond to these changes in a timely or cost-effective manner, our services may become less marketable and less competitive or obsolete, which may result in customer dissatisfaction, and adversely affect our business.
If our services fail to perform properly, whether due to material defects with the software or external issues, our reputation could be adversely affected, our market share could decline, and we could be subject to liability claims.
Our products are inherently complex and may contain material defects, software “bugs” or errors. Any defects in functionality or that cause interruptions in the availability of our products could result in:
•loss or delayed market acceptance and sales;
•loss of data;
•breach of warranty claims;
•sales credits or refunds for prepaid amounts related to unused subscription services;
•loss of customers;
•diversion of development and customer service resources;
•loss of operational time; and
•injury to our reputation.
The costs incurred in correcting any material defects, software “bugs” or errors might be substantial and could adversely affect our operating results.
We increasingly rely on information technology systems to process, transmit and store electronic information. Our ability to effectively manage our business depends significantly on the reliability and capacity of these systems. The future operation, success and growth of our business depends on streamlined processes made available through information systems, global communications, internet activity, and other network processes. The future operation, success and growth of our business depends on streamlined processes made available through information systems, global communications, internet activity, and other network processes.
Our information technology systems may be subject to damage or interruption from telecommunications problems, data corruption, software errors, fire, flood, global pandemics and natural disasters, power outages, systems disruptions, system conversions, and/or human error. Our existing safety systems, data backup, access protection, user management and information technology emergency planning may not be sufficient to prevent data loss or long-term network outages. In addition, we may have to upgrade our existing information technology systems or choose to incorporate new technology systems from time to time in order for such systems to support the increasing needs of our expanding business. Costs and potential problems and interruptions associated with the implementation
32
of new or upgraded systems and technology or with maintenance or adequate support of existing systems could disrupt or reduce the efficiency of our operations.
We may also encounter service interruptions due to issues interfacing with our customers’ IT systems, including stack misconfigurations or improper environment scaling, or due to cyber security attacks on ours or our customers’ IT systems. Any such service interruption may have an adverse impact on our reputation and future operating results.
Because of the large amount of data that our customers collect and manage by means of our services, it is possible that failures or errors in our systems could result in data loss or corruption, or cause the information that we or our customers collect to be incomplete or contain inaccuracies that our customers regard as material. Furthermore, the availability or performance of our products could be adversely affected by a number of factors, including customers’ inability to access the internet, the failure of our network or software systems, security breaches, or variability in user traffic for our services. We may be required to issue credits or refunds for prepaid amounts related to unused services or otherwise be liable to our customers for damages they may incur resulting from certain of these events. For example, our customers access our products through their internet service providers. If a service provider fails to provide sufficient capacity to support our products, otherwise experiences service outages, or intentionally or unintentionally restricts or limits our ability to send, deliver, or receive electronic communications or provide services, such failure could interrupt our customers’ access to our products, adversely affect their perception of our products’ reliability and reduce our revenues. In addition to potential liability, if we experience interruptions in the availability of our products or services, our reputation could be adversely affected and we could lose customers. Further, while we have in place a data recovery plan, our data backup systems are not geographically diverse or multi-hosted and our data recovery plans may be insufficient to fully recover all of ours or our customers’ data hosted on our system.
While we currently maintain errors and omissions insurance, it may be inadequate or may not be available in the future on acceptable terms, or at all. In addition, our policy may not cover all claims made against us and defending a suit, regardless of its merit, could be costly and divert management’s attention.
Our channel partners may provide a poor experience to customers putting our brand or company growth at risk. Channel partners may deliver poor services or a poor selling experience delaying customer purchase or hurting the company brand.
In addition to our direct sales force, we use channel partners to sell and support our products. Channel partners may become an increasingly important aspect of our business, particularly with regard to enterprise, governmental, and international sales. Our future growth in revenue and ability to achieve and sustain profitability may depend in part on our ability to identify, establish, and retain successful channel partner relationships in the United States and internationally, which will take significant time and resources and involve significant risk. If we are unable to maintain our relationships with these channel partners, or otherwise develop and expand our indirect distribution channel, our business, operating results, financial condition, or cash flows could be adversely affected.
We cannot be certain that we will be able to identify suitable indirect sales channel partners. To the extent we do identify such partners, we will need to negotiate the terms of a commercial agreement with them under which the partner would distribute The DevSecOps Platform. We cannot be certain that we will be able to negotiate commercially-attractive terms with any channel partner, if at all. In addition, all channel partners must be trained to distribute The DevSecOps Platform. In order to develop and expand our distribution channel, we must develop and improve our processes for channel partner introduction and training. If we do not succeed in identifying suitable indirect sales channel partners, our business, operating results, and financial condition may be adversely affected.
We also cannot be certain that we will be able to maintain successful relationships with any channel partners and, to the extent that our channel partners are unsuccessful in selling our products, our ability
33
to sell our products and our business, operating results, and financial condition could be adversely affected. Our channel partners may offer customers the products and services of several different companies, including products and services that compete with our products. Because our channel partners generally do not have an exclusive relationship with us, we cannot be certain that they will prioritize or provide adequate resources to sell our products. Moreover, divergence in strategy by any of these channel partners may materially adversely affect our ability to develop, market, sell, or support our products. We cannot assure you that our channel partners will continue to cooperate with us. In addition, actions taken or omitted to be taken by such parties may adversely affect us. In addition, we rely on our channel partners to operate in accordance with the terms of their contractual agreements with us. For example, our agreements with our channel partners limit the terms and conditions pursuant to which they are authorized to resell or distribute our products and offer technical support and related services. We also typically require our channel partners to represent to us the dates and details of products sold through to our customers. If our channel partners do not comply with their contractual obligations to us, our business, operating results, and financial condition may be adversely affected.
We track certain performance metrics with internal tools and data models and do not independently verify such metrics. Certain of our performance metrics are subject to inherent challenges in measurement, and real or perceived inaccuracies in such metrics may harm our reputation and negatively affect our business.
Our internal tools and data models have a number of limitations and our methodologies for tracking these metrics may change over time, which could result in unexpected changes to our metrics, including the metrics we report. We calculate and track performance metrics with internal tools, which are not independently verified by any third party. While we believe our metrics are reasonable estimates of our customer base for the applicable period of measurement, the methodologies used to measure these metrics require significant judgment and may be susceptible to algorithmic or other technical errors. For example, the accuracy and consistency of our performance metrics may be impacted by changes to internal assumptions regarding how we account for and track customers, limitations on system implementations, and limitations on the ability of third-party tools to match our database. If the internal tools we use to track these metrics undercount or overcount performance or contain algorithmic or other technical errors, the data we report may not be accurate. In addition, limitations or errors with respect to how we measure data (or the data that we measure) may affect our understanding of certain details of our business, which could affect our longer-term strategies. If our performance metrics are not accurate representations of our business, user base, or traffic levels; if we discover material inaccuracies in our metrics; or if the metrics we rely on to track our performance do not provide an accurate measurement of our business, our reputation may be harmed, we may be subject to legal or regulatory actions, and our operating and financial results could be adversely affected.
We rely to a significant degree on a number of independent open source contributors, to develop and enhance the open source technologies we use to provide our products and services.
In our development process we rely upon numerous open core software programs which are outside of our direct control. Members of corresponding leadership committees and core teams, many of whom are not employed by us, are primarily responsible for the oversight and evolution of the codebases of these open source technologies. If the project committees and contributors fail to adequately further develop and enhance open source technologies, or if the leadership committees fail to oversee and guide the evolution of the open source technologies in the manner that we believe is appropriate to maximize the market potential of our offerings, then we would have to rely on other parties, or we would need to expend additional resources, to develop and enhance our offerings. We also must devote adequate resources to our own internal contributors to support their continued development and enhancement of open source technologies, and if we do not do so, we may have to turn to third parties or experience delays in developing or enhancing open source technologies. We cannot predict whether further developments and enhancements to these technologies will be available from reliable alternative sources. In either event, our development expenses could be increased, and our technology release and upgrade schedules could be delayed. Delays in developing, completing, or delivering new or enhanced offerings
34
could cause our offerings to be less competitive, impair customer acceptance of our offerings and result in delayed or reduced revenue for our offerings.
Our failure or inability to protect our intellectual property rights, or claims by others that we are infringing upon or unlawfully using their intellectual property, could diminish the value of our brand and weaken our competitive position, and adversely affect our business, financial condition, operating results, and prospects.
We currently rely on a combination of copyright, trademark, trade secret, and unfair competition laws, as well as confidentiality agreements and procedures and licensing arrangements, to establish and protect our intellectual property rights. We have devoted substantial resources to the development of our proprietary technologies and related processes. In order to protect our proprietary technologies and processes, we rely in part on trade secret laws and confidentiality agreements with our team members, licensees, independent contractors, commercial partners, and other advisors. These agreements may not effectively prevent disclosure of confidential information and may not provide an adequate remedy in the event of unauthorized disclosure of confidential information. We cannot be certain that the steps taken by us to protect our intellectual property rights will be adequate to prevent infringement of such rights by others. Additionally, the process of obtaining patent or trademark protection is expensive and time-consuming, and we may not be able to prosecute all necessary or desirable patent applications or apply for all necessary or desirable trademark applications at a reasonable cost or in a timely manner. Moreover, intellectual property protection may be unavailable or limited in some foreign countries where laws or law enforcement practices may not protect our intellectual property rights as fully as in the United States, and it may be more difficult for us to successfully challenge the use of our intellectual property rights by other parties in these countries. Costly and time-consuming litigation could be necessary to enforce and determine the scope of our proprietary rights, and our failure or inability to obtain or maintain trade secret protection or otherwise protect our proprietary rights could adversely affect our business.
We may in the future be subject to intellectual property infringement claims and lawsuits in various jurisdictions, and although we are diligent in our efforts to protect our intellectual property we cannot be certain that our products or activities do not violate the patents, trademarks, or other intellectual property rights of third-party claimants. Companies in the technology industry and other patent, copyright, and trademark holders seeking to profit from royalties in connection with grants of licenses own large numbers of patents, copyrights, trademarks, domain names, and trade secrets and frequently commence litigation based on allegations of infringement, misappropriation, or other violations of intellectual property or other rights. As we face increasing competition and gain an increasingly high profile, the likelihood of intellectual property rights claims against us may grow.
Further, from time to time, we may receive letters from third parties alleging that we are infringing upon their intellectual property rights or inviting us to license their intellectual property rights. Our technologies and other intellectual property may be found to infringe upon such third-party rights, and such successful claims against us could result in significant monetary liability, prevent us from selling some of our products and services, or require us to change our branding. In addition, resolution of claims may require us to redesign our products, license rights from third parties at a significant expense, or cease using those rights altogether. We may in the future bring claims against third parties for infringing our intellectual property rights. Costs of supporting such litigation and disputes may be considerable, and there can be no assurances that a favorable outcome will be obtained. Patent infringement, trademark infringement, trade secret misappropriation, and other intellectual property claims and proceedings brought against us or brought by us, whether successful or not, could require significant attention of our management and resources and have in the past and could further result in substantial costs, harm to our brand, and have an adverse effect on our business.
35
Our open source and source code-available business model makes our software vulnerable to authorized and unauthorized distribution and sale.
We license many significant components of our software under permissive open source software licenses which grant licensees broad permissions to use, copy, modify, and distribute the covered software. Under these licenses, third parties are entitled to distribute and sell the covered software without payment to us.
Features available on our paid tiers are source code-available subject to a proprietary software license. This proprietary license prohibits, amongst other things, distribution and sale of the covered software. Notwithstanding these prohibitions, by virtue of the source code’s being publicly available, the covered software is vulnerable to unauthorized distribution and sale by third parties.
We are or may be the defendant in lawsuits or other claims that could cause us to incur substantial liabilities.
We have from time to time been, and are likely to in the future become, defendants in actual or threatened lawsuits brought by or on behalf of our current and former team members, competitors, governmental or regulatory bodies, or third parties who use The DevSecOps Platform. The various claims in such lawsuits may include, among other things, negligence or misconduct in the operation of our business and provision of services, intellectual property infringement, unfair competition, or violation of employment or privacy laws or regulations. Such suits may seek, as applicable, direct, indirect, consequential, punitive or other penalties or monetary damages, injunctive relief, and/or attorneys’ fees. Litigation is inherently unpredictable, and it is not possible to predict the outcome of any such lawsuits, individually or in the aggregate. However, these lawsuits may consume substantial amounts of our financial and managerial resources and might result in adverse publicity, regardless of the ultimate outcome of the lawsuits. In addition, we and our subsidiaries may become subject to similar lawsuits in the same or other jurisdictions. An unfavorable outcome with respect to these lawsuits and any future lawsuits could, individually or in the aggregate, cause us to incur substantial liabilities that may have a material adverse effect upon our business, financial condition or results of operations. In addition, an unfavorable outcome in one or more of these cases could cause us to change our compensation plans for our team members, which could have a material adverse effect upon our business.
We may engage in merger and acquisition activities and joint ventures, which could require significant management attention, disrupt our business, dilute stockholder value, and adversely affect our operating results.
As part of our business strategy, we may make investments in other companies, products, or technologies and may seek to acquire other companies, products, or technologies in the future. We may not be able to find suitable acquisition candidates and we may not be able to complete acquisitions on favorable terms, if at all. Even if we complete acquisitions or joint ventures, we may not ultimately strengthen our competitive position or achieve our goals, and any acquisitions or joint ventures we complete could be viewed negatively by users or investors. In addition, if we fail to successfully integrate such acquisitions, or the assets, technologies or talent associated with such acquisitions, into our company, we may have depleted the company’s capital resources without attractive returns, and the revenue and operating results of the combined company could be adversely affected.
Acquisitions and joint ventures may disrupt our ongoing operations, divert management from their primary responsibilities, dilute our corporate culture, subject us to additional liabilities, increase our expenses, and adversely impact our business, financial condition, operating results, and cash flows. We may not successfully evaluate or utilize the acquired technology and accurately forecast the financial impact of an acquisition transaction, including accounting charges. We may have to pay cash, incur debt, or issue equity securities to pay for any such acquisition or joint venture, each of which could affect our financial condition or the value of our capital stock and could result in dilution to our stockholders. If we incur more debt it would result in increased fixed obligations and could also subject us to covenants or
36
other restrictions that would impede or may be beyond our ability to manage our operations. Additionally, we may receive indications of interest from other parties interested in acquiring some or all of our business. The time required to evaluate such indications of interest could require significant attention from management, disrupt the ordinary functioning of our business, and adversely affect our operating results.
If our estimates or judgments relating to our critical accounting policies prove to be incorrect, our operating results could be adversely affected.
The preparation of financial statements in conformity with U.S. GAAP requires management to make estimates and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, as described in the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations” included elsewhere in this Annual Report. The results of these estimates form the basis for making judgments about the carrying values of assets, liabilities, and equity, and the amount of revenue and expenses that are not readily apparent from other sources. Significant assumptions and estimates used in preparing our consolidated financial statements include those related to revenue recognition, deferred contract acquisition costs, income taxes, business combination, stock-based compensation and common stock valuations. Our operating results may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our operating results to fall below the expectations of securities analysts and investors, resulting in a decline in the price of our common stock.
Adverse tax laws or regulations could be enacted or existing laws could be applied to us or our customers, which could increase the costs of our services and adversely impact our business.
The application of federal, state, local, and international tax laws to services provided electronically is evolving. New sales, use, value-added tax, digital service or other tax laws, statutes, rules, regulations or ordinances could be enacted at any time (possibly with retroactive effect), and could be applied solely or disproportionately to services provided over the internet. If we are unsuccessful in collecting such taxes from our customers, we could be held liable for such costs, thereby adversely impacting our operating results and cash flows. Moreover, we are subject to the examination of our sales, use, and value-added tax returns by U.S. state and foreign tax authorities. We regularly assess the likelihood of outcomes resulting from these examinations and have reserved for potential adjustments that may result from these examinations. We cannot provide assurance that the final determination of these examinations will not have an adverse effect on our financial position and results of operations.
The termination of our relationship with our payment solutions providers could have a severe, negative impact on our ability to collect revenue from customers.
All web direct customers purchase our solution using online payment solutions such as credit cards, which represent the majority of the payment transactions we receive, and our business depends upon our ability to offer such payment options. The termination of our ability to process payments on any material payment option would significantly impair our ability to operate our business and significantly increase our administrative costs related to customer payment processing. If we fail to maintain our compliance with the data protection and documentation standards adopted by our payment processors and applicable to us, these processors could terminate their agreements with us, and we could lose our ability to offer our customers a credit card or other payment option. If these processors increase their payment processing fees because we experience excessive chargebacks or refunds or for other reasons, it could adversely affect our business and operating results. Increases in payment processing fees would increase our operating expense and adversely affect our operating results.
37
We process, store and use personal information and other data, which subjects us to governmental regulation and other legal obligations, including in the United States, the European Union, or the E.U., the United Kingdom, or the U.K., Canada, and Australia, related to privacy, and our actual or perceived failure to comply with such laws, regulations and contractual obligations could result in significant liability and reputational harm.
We receive, store and process personal information and other customer data. There are numerous federal, state, local and foreign laws regarding privacy and the storing, sharing, access, use, processing, disclosure and protection of personal information, personal data and other customer data, the scope of which are changing, subject to differing interpretations, and which may be inconsistent among countries or conflict with other rules.
With respect to E.U. and U.K. team members, contractors and other personnel, as well as for our customers’ and prospective customers’ personal data, such as contact and business information, we are subject to the E.U. General Data Protection Regulation, or the GDPR, and applicable national implementing legislation of the GDPR, and the U.K. General Data Protection Regulation and U.K. Data Protection Act 2018, or the U.K. GDPR, respectively. We are a controller with respect to this data.
The GDPR and U.K. GDPR impose stringent data protection requirements and, where we are acting as a controller, includes requirements to: provide detailed disclosures about how personal data is collected and processed (in a concise, intelligible and easily accessible form); demonstrate that an appropriate legal basis is in place or otherwise exists to justify data processing activities; grant rights for data subjects in regard to their personal data including the right to be “forgotten,” the right to data portability and data subject access requests; notify data protection regulators or supervisory authorities (and in certain cases, affected individuals) of significant data breaches; define pseudonymized (key-coded) data; limit the retention of personal data; maintain a record of data processing; and comply with the principle of accountability and the obligation to demonstrate compliance through policies, procedures, training and audit. Where we act as a processor and process personal data on behalf of our customers, we are required to execute mandatory data processing clauses with those customers and maintain a record of data processing, among other requirements under the GDPR and U.K. GDPR. The GDPR and U.K. GDPR provide for penalties for noncompliance of up to the greater of €20 million or 4% of worldwide annual revenues (in the case of the GDPR) or £17 million and 4% of worldwide annual revenue (in the case of the U.K. GDPR). As we are required to comply with both the GDPR and the U.K. GDPR, we could be subject to parallel enforcement actions with respect to breaches of the GDPR or U.K. GDPR which affects both E.U. and U.K. data subjects. In addition to the foregoing, a breach of the GDPR or U.K. GDPR could result in regulatory investigations, reputational damage, orders to cease or change our processing of our personal data, enforcement notices, and/or assessment notices (for a compulsory audit). We may also face civil claims including representative actions and other class action type litigation (where individuals have suffered harm), potentially amounting to significant compensation or damages liabilities, as well as associated costs, diversion of internal resources, and reputational harm.
The GDPR and U.K. GDPR requires, among other things, that personal information only be transferred outside of the European Economic Area, or the E.E.A., or the U.K., respectively, to jurisdictions that have not been deemed adequate by the European Commission or by the U.K. data protection regulator, respectively, including the United States, if certain safeguards are taken to legitimize those data transfers. Recent legal developments in the E.U. have created complexity and uncertainty regarding such transfers. For example, on July 16, 2020, the European Court of Justice, or the CJEU, invalidated the E.U.-U.S. Privacy Shield framework, or the Privacy Shield. Further, the CJEU also advised that the Standard Contractual Clauses (a standard form of contract approved by the European Commission as an adequate personal data transfer mechanism and potential alternative to the Privacy Shield) were not alone sufficient to protect data transferred to the United States or other countries not deemed adequate. Use of the data transfer mechanisms must now be assessed on a case-by-case basis taking into account the legal regime applicable in the destination country, in particular applicable surveillance laws and rights of individuals, and additional measures and/or contractual provisions may need to be put in place. The European Data Protection Board issued additional guidance regarding the
38
CJEU’s decision in November 2020, which imposes higher burdens on the use of data transfer mechanisms, such as the Standard Contractual Clauses, for cross-border data transfers. The CJEU also stated that if a competent supervisory authority believes that the standard contractual clauses cannot be complied with in the destination country and that the required level of protection cannot be secured by other means, such supervisory authority is under an obligation to suspend or prohibit that transfer. Since the decision by the CJEU, Supervisory Authorities, including the CNIL and the Austrian Data Protection Authority, are now looking at cross-border transfers more closely, and have publicly stated in January 2022 that the transfer of data to the US using certain analytics tools is illegal. While these decisions related specifically to analytics tools, it has been suggested that it is far-reaching and applies to any transfer of E.U. personal data to the U.S. We will continue to monitor this, but this may require the removal of tools from our services and websites where data is transferred from the E.U. to the U.S., or impact the manner in which we provide our services, which could adversely affect our business. Further, the European Commission published new versions of the Standard Contractual Clauses on June 4, 2021, which required implementation by September 27, 2021 for new transfers, and by December 2022 for all existing transfers. While we have implemented the new Standard Contractual Clauses for all new transfers, these changes require us to review and amend our existing uses of Standard Contractual Clauses involving the transfer of E.E.A. data outside of the E.E.A. which could increase our compliance costs and adversely affect our business. The transfer of U.K. data outside of the U.K. and the E.E.A. will remain subject to the previous set of Standard Contractual Clauses as approved at the time of Brexit. However, new Standard Contractual Clauses came into effect in the U.K. on March 21, 2022. Companies have until March 21, 2024 to update existing contracts, and should use the new Standard Contractual Clauses for any new contracts as of September 21, 2022. We may be required to implement new or revised documentation and processes in relation to our data transfers subject to U.K. data protection laws within the relevant time periods, which may result in further compliance costs.
In addition, following the U.K.’s withdrawal from the E.U., the E.U. issued an adequacy decision in June 2021 in favor of the U.K. permitting data transfers from the E.U. to the U.K. However, this adequacy decision is subject to a four-year term, and the E.U. could intervene during the term if it determines that the data protection laws in the U.K. are not sufficient. If the adequacy decision is not renewed after its term, or the E.U. intervenes during the term, data may not be able to flow freely from the E.U. to the U.K. unless additional measures are taken. In which case, we may be required to find alternative solutions for the compliant transfer of personal data into the U.K. from the E.U. As supervisory authorities continue to issue further guidance on personal information (including regarding data export and circumstances in which we cannot use the standard contractual clauses), we could suffer additional costs, complaints, or regulatory investigations or fines, and if we are otherwise unable to transfer personal data between and among countries and regions in which we operate, it could affect the manner in which we provide our services, the geographical location or segregation of our relevant systems and operations, and could adversely affect our financial results. Loss, retention or misuse of certain information and alleged violations of laws and regulations relating to privacy and data security, and any relevant claims, may expose us to potential liability and may require us to expend significant resources on data security and in responding to and defending such allegations and claims.
We are also subject to evolving E.U. and U.K. privacy laws on cookies and e-marketing. In the E.U. and the U.K., regulators are increasingly focusing on compliance with requirements in the online behavioral advertising ecosystem, and current national laws that implement the ePrivacy Directive are highly likely to be replaced by an E.U. regulation known as the ePrivacy Regulation which will significantly increase fines for non-compliance. In the E.U. and the U.K., informed consent is required for the placement of a cookie or similar technologies on a user’s device and for direct electronic marketing. The U.K. GDPR also imposes conditions on obtaining valid consent, such as a prohibition on pre-checked consents and a requirement to ensure separate consents are sought for each type of cookie or similar technology. While the text of the ePrivacy Regulation is still under development, a recent European court decision and regulators’ recent guidance are driving increased attention to cookies and tracking technologies. If regulators start to enforce the strict approach in recent guidance, this could lead to substantial costs, limit the effectiveness of our marketing activities, divert the attention of our technology
39
personnel, adversely affect our margins, increase costs and subject us to additional liabilities. Regulation of cookies and similar technologies, and any decline of cookies or similar online tracking technologies as a means to identify and potentially target users, may lead to broader restrictions and impairments on our marketing and personalization activities and may negatively impact our efforts to understand users.
We depend on a number of third parties in relation to the operation of our business, a number of which process personal data on our behalf or as our sub-processor. To the extent required by applicable law, we attempt to mitigate the associated risks of using third parties by performing security assessments and detailed due diligence, entering into contractual arrangements to ensure that providers only process personal data according to our instructions or equivalent instructions to the instructions of our customer (as applicable), and that they have sufficient technical and organizational security measures in place. Where we transfer personal data outside the E.U. or the U.K. to such third parties, we do so in compliance with the relevant data export requirements, as described above. There is no assurance that these contractual measures and our own privacy and security-related safeguards will protect us from the risks associated with the third-party processing, storage and transmission of such information. Any violation of data or security laws by our third-party processors could have a material adverse effect on our business and result in the fines and penalties under the GDPR and the U.K. GDPR outlined above.
Additionally, we are subject to the California Consumer Privacy Act, or the CCPA, which came into effect in 2020 and increases privacy rights for California consumers and imposes obligations on companies that process their personal information. The CCPA requires covered companies to, among other things, provide new disclosures to California consumers and affords such consumers new privacy rights such as the ability to opt out of certain sales of personal information and expanded rights to access and require deletion of their personal information, opt out of certain personal information sharing, and receive detailed information about how their personal information is collected, used and shared. The CCPA provides for civil penalties for violations, as well as a private right of action for security breaches that may increase the likelihood of, and the risks associated with, security breach litigation. Additionally, in November 2020, California passed the California Privacy Rights Act, or the CPRA, which expands the CCPA significantly, including by expanding consumers’ rights with respect to certain personal information and creating a new state agency to oversee implementation and enforcement efforts, potentially resulting in further uncertainty and requiring us to incur additional costs and expenses in an effort to comply. Many of the CPRA’s provisions have become effective on January 1, 2023. Further, Virginia enacted the Virginia Consumer Data Protection Act, or the VCDPA, another comprehensive state privacy law, that has become effective January 1, 2023. Similarly, three other states have enacted comprehensive state privacy laws: Connecticut enacted the Connecticut Data Privacy Act, or the CTDPA, effective July 1, 2023; Colorado enacted the Colorado Privacy Act, or the CPA, effective July 1, 2023; Utah enacted the Utah Consumer Privacy Act, or the UCPA, effective December 31, 2023. The CCPA, CPRA, VCDPA, CTDPA, CPA and UCPA may increase our compliance costs and potential liability, particularly in the event of a data breach, and could have a material adverse effect on our business, including how we use personal information, our financial condition, the results of our operations or prospects. The CCPA has also prompted a number of proposals for new federal and state privacy legislation that, if passed, could increase our potential liability, increase our compliance costs and adversely affect our business. Changing definitions of personal information and information may also limit or inhibit our ability to operate or expand our business, including limiting strategic partnerships that may involve the sharing of data. Also, some jurisdictions require that certain types of data be retained on servers within these jurisdictions. Our failure to comply with applicable laws, directives, and regulations may result in enforcement action against us, including fines, and damage to our reputation, any of which may have an adverse effect on our business and operating results.
We are also currently subject to China’s Personal Information Protection Law, or PIPL, which came into effect in November 2021 and which increases the protections of Chinese residents. In particular, the law is intended to protect the rights and interests of individuals, to regulate personal information processing activities, to safeguard the lawful and “orderly flow” of data, and to facilitate reasonable use of personal information. Our failure to comply with the PIPL may result in enforcement action against us,
40
including fines, and damage to our reputation, any of which may have an adverse effect on our business and operating results. Also, the Cyberspace Administration of China has begun to develop measures to govern cross-border transfers of personal information, such as security assessments, certifications, and standard contractual clauses, all of which may impact our ability to transact with customers with operations in China. To reduce the impact of PIPL, we are in the process of transitioning certain users who are resident in China to our JiHu entity.
Further, we are subject to Payment Card Industry Data Security Standard, or PCI-DSS, a security standard applicable to companies that collect, store or transmit certain data regarding credit and debit cards, holders and transactions. We rely on vendors to handle PCI-DSS matters and to ensure PCI-DSS compliance. Despite our compliance efforts, we may become subject to claims that we have violated the PCI-DSS based on past, present, and future business practices. Our actual or perceived failure to comply with the PCI-DSS can subject us to fines, termination of banking relationships, and increased transaction fees. In addition, there is no guarantee that PCI-DSS compliance will prevent illegal or improper use of our payment systems or the theft, loss or misuse of payment card data or transaction information.
We generally seek to comply with industry standards and are subject to the terms of our privacy policies and privacy-related obligations to third parties. We strive to comply with all applicable laws, policies, legal obligations and industry codes of conduct relating to privacy and data protection to the extent possible. However, it is possible that these obligations may be interpreted and applied in a manner that is inconsistent from one jurisdiction to another and may conflict with other rules or our practices. Any failure or perceived failure by us to comply with applicable privacy and data security laws and regulations, our privacy policies, or our privacy-related obligations to users or other third parties, or any compromise of security that results in the unauthorized release or transfer of personal information or other customer data, may result in governmental enforcement actions, litigation, or public statements against us by consumer advocacy groups or others and could cause our users to lose trust in us, which would have an adverse effect on our reputation and business. It is possible that a regulatory inquiry might result in changes to our policies or business practices. Violation of existing or future regulatory orders or consent decrees could subject us to substantial monetary fines and other penalties that could negatively affect our financial condition and operating results. In addition, it is possible that future orders issued by, or enforcement actions initiated by, regulatory authorities could cause us to incur substantial costs or require us to change our business practices in a manner materially adverse to our business.
Any significant change to applicable laws, regulations or industry practices regarding the use or disclosure of our users’ data, or regarding the manner in which the express or implied consent of users for the use and disclosure of such data is obtained – or in how these applicable laws, regulations or industry practices are interpreted and enforced by state, federal and international privacy regulators – could require us to modify our services and features, possibly in a material manner, may subject us to regulatory enforcement actions and fines, and may limit our ability to develop new services and features that make use of the data that our users voluntarily share with us.
We are subject to various governmental export controls, trade sanctions, and import laws and regulations that could impair our ability to compete in international markets or subject us to liability if we violate these controls.
In some cases, our software is subject to export control laws and regulations, including the Export Administration Regulations administered by the U.S. Department of Commerce, and our activities may be subject to trade and economic sanctions, including those administered by the United States Department of the Treasury’s Office of Foreign Assets Control, or OFAC, and collectively, Trade Controls. As such, a license may be required to export or re-export our products, or provide related services, to certain countries and end-users, and for certain end-uses. For example, the recent Trade Controls targeting Russia and Belarus, impose a license requirement for the export of our product to those countries and have sanctioned various entities and individuals located there. Those Trade Controls, which are unprecedented and expansive, continue to evolve and further restrict our ability to do business in that region. Processing payments from those customers, even when legally permissible, has become very
41
difficult, in part because most U.S. and E.U. banks are unwilling to facilitate those transactions. Further, our products incorporating encryption functionality may be subject to special controls applying to encryption items and/or certain reporting requirements.
We have procedures in place designed to ensure our compliance with Trade Controls, with which failure to comply could subject us to both civil and criminal penalties, including substantial fines, possible incarceration of responsible individuals for willful violations, possible loss of our export or import privileges, and reputational harm. We are currently working to enhance these procedures. Trade Controls are complex and dynamic regimes, and monitoring and ensuring compliance can be challenging, particularly given that our products are widely distributed throughout the world and are available for download without registration. Prior to implementing certain control procedures, we inadvertently exported our software to entities located in embargoed countries and listed on denied parties lists administered by the U.S. Department of Commerce’s Bureau of Industry and Security, or BIS, and OFAC. In September 2019, we disclosed these apparent violations to BIS and OFAC, which resulted in a BIS Warning Letter and an OFAC Cautionary Letter, in January and February 2020, respectively. While BIS and OFAC did not assess any penalties, we understand that BIS and OFAC may consider our regulatory history, including these prior disclosures and warning/cautionary letters, if the company is involved in a future enforcement case for failure to comply with export control laws and regulations. Any future failure by us or our partners to comply with applicable laws and regulations would have negative consequences for us, including reputational harm, government investigations, and penalties.
In addition, various countries regulate the import of certain encryption technology, including through import permit and license requirements, and have enacted laws that could limit our ability to distribute our products or could limit our end-customers’ ability to implement our products in those countries. Changes in our products or changes in export and import regulations in such countries may create delays in the introduction of our products into international markets, prevent our end-customers with international operations from deploying our products globally or, in some cases, prevent or delay the export or import of our products to certain countries, governments, or persons altogether. Any change in export or import laws or regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing export, import or sanctions laws or regulations, or change in the countries, governments, persons, or technologies targeted by such export, import or sanctions laws or regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential end-customers with international operations. Any decreased use of our products or limitation on our ability to export to or sell our products in international markets could adversely affect our business, financial condition, and results of operations.
Failure to comply with anti-bribery, anti-corruption, anti-money laundering laws, and similar laws, could subject us to penalties and other adverse consequences.
We are subject to the U.S. Foreign Corrupt Practices Act of 1977, as amended, or the FCPA, the U.S. domestic bribery statute contained in 18 U.S.C. § 201, the U.S. Travel Act, the USA PATRIOT Act, the United Kingdom Bribery Act 2010 and possibly other anti-bribery and anti-money laundering laws in countries outside of the United States in which we conduct our activities. Anti-corruption and anti-bribery laws have been enforced aggressively in recent years and are interpreted broadly to generally prohibit companies, their team members, and their third-party intermediaries from authorizing, offering, or providing, directly or indirectly, improper payments or benefits to recipients in the public or private sector.
We sometimes leverage third parties to sell our products and services and conduct our business abroad. We and our third-party intermediaries may have direct or indirect interactions with officials and employees of government agencies or state-owned or affiliated entities and may be held liable for the corrupt or other illegal activities of these third-party business partners and intermediaries, our team members, representatives, contractors, partners, and agents, even if we do not explicitly authorize such activities. We cannot assure you that all of our team members and agents will not take actions in violation of applicable law, for which we may be ultimately held responsible. As we increase our international sales and business, our risks under these laws may increase.
42
Any allegations or actual violation of the FCPA or other applicable anti-bribery, anti-corruption laws, and anti-money laundering laws could result in whistleblower complaints, sanctions, settlements, prosecution, enforcement actions, fines, damages, adverse media coverage, investigations, loss of export privileges, severe criminal or civil sanctions, or suspension or debarment from U.S. government contracts, all of which may have an adverse effect on our reputation, business, results of operations, and prospects. Responding to any investigation or action will likely result in a materially significant diversion of management’s attention and resources and significant defense costs and other professional fees. In addition, the U.S. government may seek to hold us liable for successor liability for FCPA violations committed by companies in which we invest or that we acquire. As a general matter, investigations, enforcement actions and sanctions could harm our reputation, business, results of operations, and financial condition.
A portion of our revenue is generated by sales to government entities, which are subject to a number of challenges and risks.
Sales to government entities are subject to a number of risks. Selling to government entities can be highly competitive, expensive, and time-consuming, often requiring significant up-front time and expense without any assurance that these efforts will generate a sale. Government certification requirements for products like ours may change, thereby restricting our ability to sell into the U.S. federal government, U.S. state governments, or non-U.S. government sectors until we have attained the revised certification. Government demand and payment for our products may be affected by public sector budgetary cycles, funding authorizations, government shutdowns, and general political priorities, with funding reductions or delays adversely affecting public sector demand for our products. Additionally, any actual or perceived privacy, data protection, or data security incident, or even any perceived defect with regard to our practices or measures in these areas, may negatively impact public sector demand for our products.
Additionally, we rely on certain partners to provide technical support services to certain of our government entity customers to resolve any issues relating to our products. If our partners do not effectively assist our government entity customers in deploying our products, succeed in helping our government entity customers quickly resolve post-deployment issues, or provide effective ongoing support, our ability to sell additional products to new and existing government entity customers would be adversely affected and our reputation could be damaged.
Government entities may have statutory, contractual, or other legal rights to terminate contracts with us for convenience or due to a default, and any such termination may adversely affect our future results of operations. Governments routinely investigate and audit government contractors’ administrative processes, and any unfavorable audit could result in the government refusing to continue buying our subscriptions, a reduction of revenue, or fines or civil or criminal liability if the audit uncovers improper or illegal activities, which could adversely affect our results of operations in a material way.
Our success depends on our ability to provide users of our products and services with access to an abundance of useful, efficient, high-quality code which in turn depends on the quality and volume of code contributed by our open source contributors.
We believe that one of our competitive advantages is the quality, quantity and collaborative nature of the code on GitLab, and that access to open source code is one of the main reasons users visit GitLab. In furtherance of the foregoing competitive advantages and access, we seek to foster a broad and engaged contributor community, and we encourage individuals, companies, governments, and institutions to use our products and services to learn, code and work. If contributors, including influential contributors, do not continue to contribute code, our customer base and contributor engagement may decline. Additionally, if we are not able to address user concerns regarding the safety and security of our products and services or if we are unable to successfully prevent abusive or other hostile behavior on The DevSecOps Platform, the size of our customer base and contributor engagement may decline. If there is a decline in the number of contributors, customer or contributor growth rate or engagement, including as a result of the loss of influential contributors and companies who provide innovative code on GitLab, paying customers
43
of our online services may be deterred from using our products or services or reduce their spending with us or cease doing business with us, which would harm our business and operating results.
Seasonality may cause fluctuations in our sales and results of operations.
Historically, we have experienced seasonality in new customer contracts, as we typically enter into a higher percentage of subscription agreements with new customers and renewals with existing customers in the last two fiscal quarters of each year. We believe that this results from the procurement, budgeting, and deployment cycles of many of our customers, particularly our enterprise customers, along with variables outside of our and our customers' control, such as macroeconomic and general economic conditions, including inflation and increased interest rates. We expect that this seasonality, which can itself at times be unpredictable, will continue to affect our bookings, deferred revenue, and our results of operations in the future and might become more pronounced as we continue to target larger enterprise customers.
We recognize a significant portion of revenue from subscriptions over the term of the relevant subscription period, and as a result, downturns or upturns in sales are not immediately reflected in our results of operations. Further, we recognize a significant portion of our subscription revenue over the term of the relevant subscription period. As a result, much of the subscription revenue we report each fiscal quarter is the recognition of deferred revenue from subscription contracts entered into during previous fiscal quarters. Consequently, a decline in new or renewed subscriptions in any one fiscal quarter will not be fully or immediately reflected in revenue in that fiscal quarter and will negatively affect our revenue in future fiscal quarters. Accordingly, the effect of significant downturns in new or renewed sales of our subscriptions is not fully reflected in our results of operations until future periods.
The length of our sales cycle can be unpredictable, particularly with respect to sales to large customers, and our sales efforts may require considerable time and expense.
Our results of operations may fluctuate, in part, because of the length and variability of the sales cycle of our subscriptions and the difficulty in making short-term adjustments to our operating expenses. The length of our sales cycle, from initial contact from a prospective customer to contractually committing to our paid subscriptions can vary substantially from customer to customer based on deal complexity as well as whether a sale is made directly by us. It is difficult to predict exactly when, or even if, we will make a sale to a potential customer or if we can increase sales to our existing customers, the timing of our customers’ decisions to make a purchase, greater deal scrutiny by our customers, changes our customers experienced, or may experience, in their businesses, and other variables some of which are outside of our and our customers’ control, such as macroeconomic and general economic conditions, including inflation and increased interest rates. Our results of operations depend in part on sales to new large customers and increasing sales to existing customers. As a result, in particular, large individual sales have, in some cases, occurred in quarters subsequent to those we anticipated, or have not occurred at all. Because a substantial proportion of our expenses are relatively fixed in the short term, our results of operations will suffer if revenue falls below our expectations in a particular quarter, which could cause the price of our Class A common stock to decline.
Risks Related to our People and Culture
We rely on our management team and other key team members and will need additional personnel to grow our business, and the loss of one or more key team members or our inability to hire, integrate, train and retain qualified personnel, could harm our business.
Our future success is dependent, in part, on our ability to hire, integrate, train, retain and motivate the members of our management team and other key team members throughout our organization. The loss of key personnel, including key members of our management team, as well as certain of our key marketing, sales, finance, support, product development, human resources, or technology personnel, could disrupt our operations and have an adverse effect on our ability to grow our business. In particular, we are highly dependent on the services of Sytse Sijbrandij, our co-founder, Chair of the Board of
44
Directors and Chief Executive Officer, who is critical to the development of our technology, services, future vision and strategic direction.
In March 2023, Mr. Sijbrandij announced that he has been diagnosed with cancer and was undergoing treatment, including chemotherapy. Mr. Sijbrandij plans to continue in his role as Chief Executive Officer and Chair of the Board of Directors during his treatment period and to work closely with our Board of Directors and management team to execute on our business priorities. However, his condition may change and prevent him from continuing to perform his role. In the event that Mr. Sijbrandij is no longer able to perform his duties as Chief Executive Officer, we will be required to identify, recruit and hire a new Chief Executive Officer. While our Board of Directors has reviewed and continues to review potential interim and longer-term contingency plans that could be activated as needed to minimize business disruption and to ensure the continued execution of our business priorities, the recruitment of a new Chief Executive Officer can be lengthy and distracting. In addition, we may be required to implement temporary or interim executive management to support the leadership of our company during a transition period. A change in the leadership of the company is a significant event and may result in additional volatility in our stock price.
Competition for highly skilled personnel in our industry is intense, and we may not be successful in hiring or retaining qualified personnel to fulfill our current or future needs. We have, from time to time, experienced, and we expect to continue to experience, difficulty in hiring and retaining highly skilled team members with appropriate qualifications. In February 2023, we announced a reduction in workforce by approximately 7% across all areas of our business. While we conducted this spending reprioritization to align with the economic conditions, this cost savings plan may be disruptive to our operations and could yield unanticipated consequences, such as attrition beyond planned staff reductions, or disruptions in our day-to-day operations. Our workforce reduction could also harm our ability to attract and retain qualified management, technology software professionals or other personnel who are critical to our business. For example, in recent years, recruiting, hiring, and retaining team members with expertise in the technology software industry has become increasingly difficult as the demand for technology software professionals has continued to increase. Further, unfavorable media coverage of us could significantly impact our ability to recruit and retain talent. Many of the companies with which we compete for experienced personnel have greater resources than we have. Our competitors also may be successful in recruiting and hiring members of our management team or other key team members, and it may be difficult for us to find suitable replacements on a timely basis, on competitive terms, or at all. We have in the past, and may in the future, be subject to allegations that team members we hire have been improperly solicited, or that they have divulged proprietary or other confidential information or that their former employers own such team member’s inventions or other work product, or that they have been hired in violation of non-compete provisions or non-solicitation provisions.
In addition, job candidates and existing team members often consider the value of the equity awards they receive in connection with their employment. If the perceived value of our equity or equity awards declines, it may adversely affect our ability to retain highly skilled team members. If we fail to attract new personnel or fail to retain and motivate our current personnel, our business and future growth prospects would be severely harmed.
We engage our team members in various ways, including direct hires, through PEOs and as independent contractors. As a result of these methods of engagement, we face certain challenges and risks that can affect our business, operating results, and financial condition.
In the locations where we directly hire our team members into one of our entities, we must ensure that we are compliant with the applicable local laws governing team members in those jurisdictions, including local employment and tax laws. In the locations where we utilize PEOs, we contract with the PEO for it to serve as “Employer of Record” for those team members engaged through the PEO in each applicable location. Under this model, team members are employed by the PEO but provide services to GitLab. We also engage team members through a PEO self-employed model in certain jurisdictions where we contract with the PEO, which in turn contracts with individual team members as independent
45
contractors. In all locations where we utilize PEOs, we rely on those PEOs to comply with local employment laws and regulations. We also issue equity to a substantial portion of our team members, including team members engaged through PEOs and to independent contractors, and must ensure we remain compliant with securities laws of the applicable jurisdiction where such team members are located.
Additionally, in some cases, we contract directly with team members who are independent contractors. When we engage team members through a PEO or independent contractor model, we may not be utilizing the appropriate hiring model needed to be compliant with local laws or the PEO may not be complying with local regulations. Additionally, the agreements executed between PEOs and our team members or between us and team members engaged under the independent contractor model, may not be enforceable depending on the local laws because of the indirect relationship created through these engagement models. Accordingly, as a result of our engagement of team members through PEOs, and of our relationship with independent contractors, our business, financial condition and results of operations could be materially and adversely affected. Furthermore, litigation related to our model of engaging team members, if instituted against us, could result in substantial costs and divert our management’s attention and resources from our business.
If we do not effectively hire, integrate, and train additional sales personnel, and expand our sales and marketing capabilities, we may be unable to increase our customer base and increase sales to our existing customers.
Our ability to increase our customer base and achieve broader market adoption of The DevSecOps Platform will depend to a significant extent on our ability to continue to expand our sales and marketing operations. We plan to dedicate significant resources to sales and marketing programs and to expand our sales and marketing capabilities to target additional potential customers, but there is no guarantee that we will be successful in attracting and maintaining additional customers. If we are unable to find efficient ways to deploy our sales and marketing investments or if our sales and marketing programs are not effective, our business and operating results would be adversely affected.
Furthermore, we plan to continue expanding our sales force and there is significant competition for sales personnel with the skills and technical knowledge that we require. Our ability to achieve revenue growth will depend, in part, on our success in hiring, integrating, training, and retaining sufficient numbers of sales personnel to support our growth, particularly in international markets. New hires require significant training and may take significant time before they achieve full productivity. Our recent hires and planned hires may not become productive as quickly as we expect, and we may be unable to hire or retain sufficient numbers of qualified individuals in the markets where we do business or plan to do business. If we are unable to hire and train a sufficient number of effective sales personnel, or the sales personnel we hire are not successful in obtaining new customers or increasing sales to our existing customer base, our business, operating results, and financial condition will be adversely affected.
We are a remote-only company, meaning that our team members work remotely which poses a number of risks and challenges that can affect our business, operating results, and financial condition. We are increasingly dependent on technology in our operations and if our technology fails, our business could be adversely affected.
As a remote-only company, we face a number of unique operational risks. For example, technologies in our team members’ homes may not be robust enough and could cause the networks, information systems, applications, and other tools available to team members and service providers to be limited, unreliable, or unsecure. Additionally, we are increasingly dependent on technology as a remote-only company and if we experience problems with the operation of our current IT systems or the technology systems of third parties on which we rely, that could adversely affect, or even temporarily disrupt, all or a portion of our operations until resolved. In addition, in a remote-only company, it may be difficult for us to develop and preserve our corporate culture and our team members may have decreased opportunities to collaborate in meaningful ways. Any impediments to preserving our corporate culture and fostering
46
collaboration could harm our future success, including our ability to retain and recruit personnel, innovate and operate effectively, and execute on our business strategy.
Unfavorable media coverage could negatively impact our business.
We receive a high degree of media coverage, including due to our commitment to transparency. Unfavorable publicity or consumer perception of our service offerings could adversely affect our reputation, resulting in a negative impact on the size of our user base and the loyalty of our users. It could negatively impact our ability to acquire new customers and could lead to customers choosing to leave GitLab. As a result, our business, financial condition and results of operations could be materially and adversely affected.
Our corporate culture has contributed to our success, and if we cannot maintain this culture as we grow, we could lose the innovation, creativity, and teamwork fostered by our culture, and our business may be harmed.
We believe that our corporate culture has been and will continue to be a key contributor to our success. If we do not continue to develop our corporate culture as we grow and evolve, it could harm our ability to foster the innovation, creativity, and teamwork that we believe is important to support our growth. As our organization grows and we are required to implement more complex organizational structures, we may find it increasingly difficult to maintain the beneficial aspects of our corporate culture, which could negatively impact our future success.
Our brand, reputation, and business may be harmed if our customers, partners, team members, contributors or the public at large disagrees with, or finds objectionable, our policies and practices or organizational decisions that we make or with the actions of members of our management team.
Our customers, partners, team members, contributors or the public at large may, from time to time, disagree with, or find objectionable, our policies and practices or organizational decisions that we make or with the actions of members of our management team. As a result of these disagreements and any negative publicity associated therewith, we could lose customers or partners, or we may have difficulty attracting or retaining team members or contributors and such disagreements may divert resources and the time and attention of management from our business. Our culture of transparency may also result in customers, partners, team members, contributors or the public at large having greater insight into our policies and practices or organizational decisions. Additionally, with the importance and impact of social media, any negative publicity regarding our policies and practices or organizational decisions or actions by members of our management team, may be magnified and reach a large portion of our customer, partner, team member base or contributors in a very short period of time, which could harm our brand and reputation and adversely affect our business.
Risk Related to Our International Operations
We plan to continue expanding our international operations which could subject us to additional costs and risks, and our continued expansion internationally may not be successful.
We plan to expand our operations internationally in the future. Outside of the United States, we currently have direct and indirect subsidiaries in the United Kingdom, Netherlands, Germany, France, Ireland, Japan, South Korea, Canada, Singapore, and Australia and have team members in over 60 countries. We also have a joint venture in China. There are significant costs and risks inherent in conducting business in international markets, including:
•establishing and maintaining effective controls at foreign locations and the associated increased costs;
•adapting our technologies, products, and services to non-U.S. consumers’ preferences and customs;
47
•increased competition from local providers;
•compliance with foreign laws and regulations;
•adapting to doing business in other languages and/or cultures;
•compliance with the laws of numerous taxing jurisdictions where we conduct business, potential double taxation of our international earnings, and potentially adverse tax consequences due to U.S. and foreign tax laws as they relate to our international operations;
•compliance with anti-bribery laws, such as the FCPA and the U.K. Bribery Act, by us, our team members, our service providers, and our business partners;
•difficulties in staffing and managing global operations and the increased travel, infrastructure, and compliance costs associated with multiple international locations;
•complexity and other risks associated with current and future foreign legal requirements, including legal requirements related to data privacy frameworks, such as the GDPR and U.K. GDPR;
•currency exchange rate fluctuations or limitations and related effects on our operating results;
•economic and political instability in some countries, including the potential effects of health pandemics or epidemics and the war in Ukraine;
•the uncertainty of protection for intellectual property rights in some countries and practical difficulties of enforcing rights abroad; and
•other costs of doing business internationally.
These factors and other factors could harm our international operations and, consequently, materially impact our business, operating results, and financial condition. Further, we may incur significant operating expenses as a result of our international expansion, and it may not be successful. We have limited experience with regulatory environments and market practices internationally, and we may not be able to penetrate or successfully operate in new markets. If we are unable to continue to expand internationally and manage the complexity of our global operations successfully, our financial condition and operating results could be adversely affected.
We have a limited operating history in China and we face risks with respect to conducting business in connection with our joint venture in China due to certain legal, political, economic and social uncertainties relating to China. Our ability to monetize our joint venture in China may be limited.
In February 2021, we partnered with two Chinese investment partners to form an independent company called GitLab Information Technology (Hubei) Co., Ltd. (极狐, pinyin: JiHu, pronounced Gee Who) which was formed to specifically serve the Chinese market. This company offers a dedicated distribution of The DevSecOps Platform available as both a self-managed and SaaS that is only available in mainland China, Hong Kong and Macau. The autonomous company has its own governance structure, management team, and business support functions including Engineering, Sales, Marketing, Finance, Legal, Human Relations and Customer Support.
Our participation in this joint venture in China is subject to general, as well as industry-specific, economic, political and legal developments and risks in China. The Chinese government exercises significant control over the Chinese economy, including but not limited to controlling capital investments, allocating resources, setting monetary policy, controlling and monitoring foreign exchange rates, implementing and overseeing tax regulations, providing preferential treatment to certain industry segments or companies and issuing necessary licenses to conduct business. In addition, we could face additional risks resulting from changes in China’s data privacy and cybersecurity requirements, including China’s adoption of the Personal Information Protection Law, or PIPL, which went into effect on
48
November 1, 2021. The PIPL shares similarities with the GDPR, including extraterritorial application, data minimization, data localization, and purpose limitation requirements, and obligations to provide certain notices and rights to citizens of China. Accordingly, any adverse change in the Chinese economy, the Chinese legal system or Chinese governmental, economic or other policies could have a material adverse effect on our business and operations in China and our prospects generally.
We face additional risks in China due to China’s historically limited recognition and enforcement of contractual and intellectual property rights. We may experience difficulty enforcing our intellectual property rights in China. Unauthorized use of our technologies and intellectual property rights by Chinese partners or competitors may dilute or undermine the strength of our brands. If we cannot adequately monitor the use of our technologies and products, or enforce our intellectual property rights in China or contractual restrictions relating to use of our intellectual property by Chinese companies, our revenue from JiHu could be adversely affected.
Our joint venture is subject to laws and regulations applicable to foreign investment in China. There are uncertainties regarding the interpretation and enforcement of laws, rules and policies in China. Because many laws and regulations are relatively new, the interpretations of many laws, regulations and rules are not always uniform. Moreover, the interpretation of statutes and regulations may be subject to government policies reflecting domestic political agendas. Enforcement of existing laws or contracts based on existing law may be uncertain and sporadic. As a result of the foregoing, it may be difficult for us to obtain swift or equitable enforcement of laws ostensibly designed to protect companies like ours, which could have a material adverse effect on our business and results of operations. Our ability to monetize our joint venture in China may also be limited. Although the joint venture entity is an autonomous company, it is the exclusive seller of GitLab in mainland China, Hong Kong and Macau and is therefore the public face of GitLab in those areas. Additionally, under U.S. GAAP, we currently consolidate the joint venture’s financials within our own and rely on the joint venture’s management for accurate and timely delivery of the joint venture’s financials. Therefore, we face reputational and brand risk as a result of any negative publicity faced by the joint venture entity. Any such reputational and brand risk can harm our business and operating results.
We are exposed to fluctuations in currency exchange rates and interest rates, which could negatively affect our results of operations and our ability to invest and hold our cash.
Revenue generated is primarily billed in U.S. dollars while expenses incurred by our international subsidiaries and activities are often denominated in the currencies of the local countries. As a result, our consolidated U.S. dollar financial statements are subject to fluctuations due to changes in exchange rates as the financial results of our international subsidiaries are translated from local currencies into U.S. dollars. Our financial results are also subject to changes in exchange rates that impact the settlement of transactions in non-local currencies. To date, we have not engaged in currency hedging activities to limit the risk of exchange fluctuations and, as a result, our financial condition and operating results could be adversely affected by such fluctuations.
Our fixed-income investment portfolio is subject to fluctuations in fair value due to change in interest rates, which could adversely affect our results of operations due to a rise in interest rates in the future.
Risks Related to Financial and Accounting Matters
We have identified material weaknesses in our internal controls over financial reporting and if our remediation of such material weaknesses is not effective, or if we fail to develop and maintain an effective system of disclosure controls and internal controls over financial reporting, our ability to produce timely and accurate financial statements or comply with applicable laws and regulations could be impaired.
As a public company, we are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act, and the rules and regulations of the applicable listing standards of the Nasdaq Global Select Market.
49
The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting. In order to maintain and improve the effectiveness of our internal controls and procedures, we have expended, and anticipate that we will continue to expend, significant resources, including accounting related costs and significant management oversight.
We have identified material weaknesses in our internal control over financial reporting. A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of our annual or interim financial statements will not be prevented or detected on a timely basis. As of January 31, 2023, we determined that the following material weaknesses exist due to a lack of policies and procedures related to the operation of control activities and inadequate communication of information to control owners and operators related to the objectives and responsibilities for internal control in a manner which supports the internal control environment at the company. As a result, the following material weaknesses exist:
•We did not design and maintain effective controls over certain information technology, or IT, general controls for information systems that are relevant to the preparation of our consolidated financial statements. In particular, we did not design and maintain effective (i) program change management controls to ensure that IT programs, data changes and migrations affecting financial IT applications and underlying records are identified, tested, authorized and implemented appropriately and (ii) user access controls to ensure appropriate segregation of duties, restricted user and privileged access to our financial applications, data and programs to the appropriate personnel. The ineffective design and operation of IT general controls resulted in the ineffective operation of automated controls and manual controls using reports and information from the impacted information systems used in all financial reporting processes,
•We did not retain sufficient contemporaneous documentation to demonstrate the operation of controls over manual journal entries,
•We did not retain sufficient contemporaneous documentation to demonstrate the operation of review controls over stock-based compensation at a sufficient level of precision and such controls relied on reports, and
•As previously reported, we did not design and maintain effective and timely review procedures over the accounting for and disclosure of non-routine transactions. This material weakness has not been remediated, as the new controls designed rely on reports and information adversely impacted by the IT general control deficiencies.
The aforementioned material weaknesses did not result in a material misstatement to our annual or interim financial statements, however, the deficiencies, when aggregated, could result in misstatements potentially impacting all financial statements accounts and disclosures that would not be prevented or detected. Therefore we concluded that the deficiencies represent material weaknesses in the Company’s internal control over financial reporting and our internal control over financial reporting was not effective as of January 31, 2023.
Our independent registered public accounting firm, KPMG LLP, who audited the consolidated financial statements included in this Annual Report on Form 10-K, issued an adverse opinion on the effectiveness of the Company’s internal control over financial reporting for the year ended January 31, 2023. To address our material weaknesses, we have commenced certain steps to enhance our internal control environment and remediate these material weaknesses. See the section entitled “Controls and Procedures—Remediation Plan for Material Weaknesses” below for additional information.
However, we cannot guarantee that the measures we have taken to date, and actions we may take in the future, will be sufficient to remediate the control deficiencies that led to our material weaknesses in our internal control over financial reporting or that they will prevent or avoid potential future material weaknesses. Our current controls and any new controls we develop may become inadequate because of
50
changes in conditions in our business. Further, additional weaknesses in our internal controls may be discovered in the future. Any failure to develop or maintain effective controls, or any difficulties encountered in their implementation or improvement, could harm our operating results, may result in a restatement of our financial statements for prior periods, cause us to fail to meet our reporting obligations, and could adversely affect the results of periodic management evaluations and annual independent registered public accounting firm attestation reports regarding the effectiveness of our internal control over financial reporting that we are required to include in the periodic reports we will file with the SEC. Because we are a large accelerated filer as of January 31, 2023, our independent registered public accounting firm is required to annually audit the effectiveness of our internal control over financial reporting commencing with the year ended January 31, 2023, which has, and will continue to, require increased costs, expenses, and management resources. Undetected material weaknesses in our internal control over financial reporting could lead to financial statement restatements and require us to incur the expense of remediation. We are also required to disclose changes made in our internal control over financial reporting that have materially affected, or are reasonably likely to materially affect, internal control over financial reporting on a quarterly basis. To comply with the requirements of being a public company, we have undertaken, and may need to further undertake in the future, various actions, such as implementing new internal controls and procedures and hiring additional accounting staff.
As a public company, significant resources and management oversight are required. As a result, management’s attention may be diverted from other business concerns, which could harm our business, financial condition and operating results.
We incur significant increased costs and devote increased management resources as a result of operating as a public company.
As a public company, we incur and, particularly now that we are no longer an emerging growth company, will further incur significant legal, accounting, compliance and other expenses that we did not incur as a private company. Our management and other personnel devote a substantial amount of time and incur significant expense in connection with compliance initiatives. As a public company, we bear all of the internal and external costs of preparing and distributing periodic public reports in compliance with our obligations under the securities laws.
In addition, regulations and standards relating to corporate governance and public disclosure, including the Sarbanes-Oxley Act, and the related rules and regulations implemented by the SEC, have increased legal and financial compliance costs and will make some compliance activities more time consuming. Moreover, since we ceased to be an “emerging growth company” on January 31, 2023, we may no longer take advantage of certain exemptions from various reporting requirements that are applicable to public companies. This increase in reporting requirements will further increase our compliance burden. We intend to continue to invest resources to comply with evolving laws, regulations and standards, and this investment will result in increased general and administrative expenses and may divert management’s time and attention from our other business activities. If our efforts to comply with new laws, regulations and standards differ from the activities intended by regulatory or governing bodies due to ambiguities related to practice, regulatory authorities may initiate legal proceedings against us, and our business may be harmed. In connection with our initial public offering, we also increased our directors’ and officers’ insurance coverage, which increased our insurance cost. In the future, it may be more expensive or more difficult for us to obtain director and officer liability insurance, and we may be required to accept reduced coverage or incur substantially higher costs to obtain coverage. These factors would also make it more difficult for us to attract and retain qualified members of our board of directors, particularly to serve on our audit committee and compensation and leadership development committee, and qualified executive officers.
We may in the future need to raise additional capital to grow our business, and we may not be able to raise capital on terms acceptable to us or at all. In addition, any inability to generate or obtain such capital may adversely affect our operating results and financial condition.
51
In order to support our growth and respond to business challenges, such as developing new features or enhancements to our services to stay competitive, acquiring new technologies, and improving our infrastructure, we have made significant financial investments in our business and we intend to continue to make such investments. As a result, we may need to engage in additional equity or debt financings to provide the funds required for these investments and other business endeavors. If we need to engage in such additional equity or debt financings, we may not be able to raise needed cash on terms acceptable to us or at all. Financing may be on terms that are dilutive or potentially dilutive to our stockholders, and the prices at which new investors would be willing to purchase our securities may be significantly lower than the current price per share of our Class A common stock. The holders of new debt or equity securities may also have rights, preferences, or privileges that are senior to those of existing holders of our common stock. If new sources of financing are required, but are insufficient or unavailable, we will be required to modify our growth and operating plans based on available funding, if any, which would harm our ability to grow our business.
If we raise additional funds through equity or convertible debt issuances, our existing stockholders may suffer significant dilution and these securities could have rights, preferences, and privileges that are superior to those of holders of our common stock. If we obtain additional funds through debt financing, we may not be able to obtain such financing on terms favorable to us. Such terms may involve restrictive covenants making it difficult to engage in capital raising activities and pursue business opportunities, including potential acquisitions. The trading prices of technology companies have been highly volatile as a result of recent global events, including increasing interest rates and inflation and the recent armed conflict in Ukraine, which may reduce our ability to access capital on favorable terms or at all. In addition, a recession, depression, or other sustained adverse market event resulting from such global events could adversely affect our business and the value of our Class A common stock. If we are unable to obtain adequate financing or financing on terms satisfactory to us when we require it, our ability to continue to support our business growth and to respond to business challenges could be significantly impaired and our business may be adversely affected, requiring us to delay, reduce, or eliminate some or all of our operations.
Future acquisitions, strategic investments, partnerships or alliances could be difficult to identify and integrate, divert the attention of key management personnel, disrupt our business, dilute stockholder value and adversely affect our business, operating results and financial condition.
As part of our business strategy, we have in the past and expect to continue to make investments in and/or acquire complementary companies, services or technologies. Our ability as an organization to acquire and integrate other companies, services or technologies in a successful manner in the future is not guaranteed. We may not be able to find suitable acquisition candidates, and we may not be able to complete such acquisitions on favorable terms, if at all. If we do complete acquisitions, we may not ultimately strengthen our competitive position or ability to achieve our business objectives, and any acquisitions we complete could be viewed negatively by our end customers or investors. In addition, if we are unsuccessful at integrating such acquisitions, or the technologies associated with such acquisitions, into our company, the revenue and operating results of the combined company could be adversely affected. Any integration process may require significant time and resources, and we may not be able to manage the process successfully. We may not successfully evaluate or utilize the acquired technology or personnel, or accurately forecast the financial impact of an acquisition transaction, including accounting charges. We may have to pay cash, incur debt or issue equity securities to pay for any such acquisition, each of which could adversely affect our financial condition and the market price of our Class A common stock. The sale of equity or issuance of debt to finance any such acquisitions could result in dilution to our stockholders. The incurrence of indebtedness would result in increased fixed obligations and could also include covenants or other restrictions that would impede our ability to manage our operations.
Additional risks we may face in connection with acquisitions include:
•diversion of management time and focus from operating our business to addressing acquisition integration challenges;
52
•coordination of research and development and sales and marketing functions;
•integration of product and service offerings;
•retention of key team members from the acquired company;
•changes in relationships with strategic partners as a result of product acquisitions or strategic positioning resulting from the acquisition;
•integration of customers from the acquired company;
•cultural challenges associated with integrating team members from the acquired company into our organization;
•integration of the acquired company’s accounting, management information, human resources and other administrative systems;
•the need to implement or improve controls, procedures and policies at a business that prior to the acquisition may have lacked sufficiently effective controls, procedures and policies;
•additional legal, regulatory or compliance requirements;
•financial reporting, revenue recognition or other financial or control deficiencies of the acquired company that we do not adequately address and that cause our reported results to be incorrect;
•liability for activities of the acquired company before the acquisition, including intellectual property infringement claims, violations of laws, commercial disputes, tax liabilities and other known and unknown liabilities;
•unanticipated write-offs or charges; and
•litigation or other claims in connection with the acquired company, including claims from terminated team members, customers, former stockholders or other third parties.
Our failure to address these risks or other problems encountered in connection with acquisitions and investments could cause us to fail to realize the anticipated benefits of these acquisitions or investments, cause us to incur unanticipated liabilities, and harm our business generally.
Changes in tax laws or other tax guidance could adversely affect our effective tax rates, financial condition and results of operations.
We are a U.S.-based multinational company subject to taxes in multiple U.S. and foreign tax jurisdictions. In the United States and other countries where we conduct business and in jurisdictions in which we are subject to taxes, including those covered by governing bodies that enact tax laws applicable to us, such as the European Commission of the European Union, we are subject to potential changes in relevant tax, accounting and other laws, regulations, guidance, and interpretations, including changes to tax laws applicable to corporate multinationals such as GitLab. These countries, governmental bodies, and intergovernmental economic organizations such as the Organization for Economic Cooperation and Development, have or could make unprecedented assertions about how taxation is determined in their jurisdictions that are contrary to the way in which we have interpreted and historically applied the rules and regulations described above in such jurisdictions. In the current global tax policy environment, any changes in laws, regulations, guidance and/or interpretations related to these assertions could adversely affect our effective tax rates, cause us to respond by making changes to our business structure, or result in other costs to us which could adversely affect our operations and financial results.
In December 2017, the U.S. federal government enacted the tax reform legislation known as the Tax Cuts and Jobs Act, or the 2017 Tax Act. The 2017 Tax Act significantly changed the existing U.S. corporate income tax laws by, among other things, lowering the U.S. corporate tax rate, implementing a
53
partially territorial tax system, and imposing a one-time deemed repatriation tax on certain post-1986 foreign earnings. Recently the U.S. Treasury Department issued regulations aimed principally at disallowing foreign tax credits for taxes which are dissimilar to income taxes. Also, the Inflation Reduction Act of 2022 (the “IRA”), enacted on August 16, 2022, further amended the U.S. federal tax code, imposing a 15% minimum tax on “adjusted financial statement income” of certain corporations as well as an excise tax on the repurchase or redemption of stock by certain corporations, beginning in the 2023 tax year.
Over the last several years, the Organization for Economic Cooperation and Development has been working on a Base Erosion and Profit Shifting Project that, if implemented, would change various aspects of the existing framework under which our tax obligations are determined in many of the countries in which we do business. In 2021, more than 140 countries tentatively signed on to a framework that imposes a minimum tax rate of 15%, among other provisions. As this framework is subject to further negotiation and implementation by each member country, the timing and ultimate impact of any such changes on our tax obligations are uncertain. Similarly, the European Commission and several countries have issued proposals that would apply to various aspects of the current tax framework under which we are taxed. These proposals include changes to the existing framework to calculate income tax, as well as proposals to change or impose new types of non-income taxes, including taxes based on a percentage of revenue. For example, several jurisdictions have proposed or enacted taxes applicable to digital services, which include business activities on digital advertising and online marketplaces, and which apply to our business.
The European Commission has conducted investigations in multiple countries focusing on whether local country tax rulings or tax legislation provides preferential tax treatment that violates E.U state aid rules and concluded that certain member states, including Ireland, have provided illegal state aid in certain cases. These investigations may result in changes to the tax treatment of our foreign operations.
Due to the large and expanding scale of our international business activities, many of these types of changes to the taxation of our activities described above could increase our worldwide effective tax rate, increase the amount of non-income taxes imposed on our business, and harm our financial position, results of operations, and cash flows. Such changes may also apply retroactively to our historical operations and result in taxes greater than the amounts estimated and recorded in our financial statements. There can be no assurance that future tax law changes will not increase the rate of the corporate income tax, impose new limitations on deductions, credits or other tax benefits, or make other changes that may adversely affect our business, cash flows or financial performance. Among other considerations, the applicability and impact of these tax provisions, and of other U.S. or international tax law changes could adversely affect our effective income tax rate and cash flows in future years.
We may have exposure to greater than anticipated tax liabilities.
The tax laws applicable to our business, including the laws of the United States and other jurisdictions, are subject to interpretation and certain jurisdictions are aggressively interpreting their laws in new ways. Our existing corporate structure has been implemented in a manner we believe is in compliance with current tax laws. However, the taxing authorities of the jurisdictions in which we operate may challenge our methodologies, including for valuing developed technology or intercompany arrangements, which could impact our worldwide effective tax rate and adversely affect our financial condition and results of operations, possibly with retroactive effect. Moreover, changes to our corporate structure could impact our worldwide effective tax rate and adversely affect our financial condition and results of operations.
Furthermore, U.S. and OECD Transfer Pricing Guidelines require us to analyze the functions performed by our entities, the risks incurred, and the assets owned. This functional analysis is a control to sustain the operating margins of our entities and confirm arm’s length pricing for intercompany transactions. Competent authorities could interpret, change, modify or apply adversely, existing tax laws, statutes, rules, regulations or ordinances to us (possibly with retroactive effect); which could require us to
54
make transfer pricing corrections or to pay fines, penalties or interest for past amounts. If we are unable to make corresponding adjustments with our related entities, we would effectively be liable for additional tax, thereby adversely impacting our operating results and cash flows.
Significant judgment is required in evaluating our tax positions and our worldwide provision for taxes. During the ordinary course of business, there are many activities and transactions for which the ultimate tax determination is uncertain. Our tax obligations and effective tax rates could be adversely affected by changes in the relevant tax, accounting and other laws, regulations, principles and interpretations, including those relating to income tax nexus. The relevant taxing authorities may disagree with our determinations as to the income and expenses attributable to specific jurisdictions. If such a disagreement were to occur, and our position was not sustained, we could be required to pay additional taxes, interest and penalties, which could result in one-time tax charges, higher effective tax rates, reduced cash flows and lower overall profitability of our business, with some changes possibly affecting our tax obligations in future or past years. We regularly assess the likelihood of outcomes resulting from possible examinations to determine the adequacy of our provision for income taxes and have reserved for potential adjustments that may result from these examinations. We cannot provide assurance that the final determination of any of these examinations will not have an adverse effect on our financial position and results of operations.
Our cash and cash equivalents could be adversely affected if the financial institutions in which we hold our cash and cash equivalents fail.
We regularly maintain cash balances at third-party financial institutions in excess of the FDIC insurance limit and similar regulatory insurance limits outside the United States. If a depository institution where we maintain deposits fails or is subject to adverse conditions in the financial or credit markets, we may not be able to recover all, if any, of our deposits, which could adversely impact our operating liquidity and financial performance.
Risks Related to Ownership of Our Class A Common Stock
The market price of our Class A common stock may be volatile, and you could lose all or part of your investment.
Technology stocks historically have experienced high levels of volatility. The market price of our Class A common stock depends on a number of factors, including those described in this “Risk Factors” section, many of which are beyond our control and may not be related to our operating performance. In addition, the limited public float of our Class A common stock may increase the volatility of the trading price of our Class A common stock. These fluctuations could cause you to lose all or part of your investment in our Class A common stock, since you might not be able to sell your shares at or above the price initially paid for the stock. Factors that could cause fluctuations in the market price of our Class A common stock include the following:
•actual or anticipated changes or fluctuations in our operating results;
•the financial projections we may provide to the public, any changes in these projections or our failure to meet these projections;
•announcements by us or our competitors of new products or new or terminated significant contracts, commercial relationships or capital commitments;
•industry or financial analyst or investor reaction to our press releases, other public announcements and filings with the SEC;
•rumors and market speculation involving us or other companies in our industry;
•price and volume fluctuations in the overall stock market from time to time;
55
•changes in operating performance and stock market valuations of other technology companies generally, or those in our industry in particular;
•failure of industry or financial analysts to maintain coverage of us, changes in financial estimates by any analysts who follow our company, or our failure to meet these estimates or the expectations of investors;
•actual or anticipated developments in our business or our competitors’ businesses or the competitive landscape generally;
•litigation involving us, our industry or both, or investigations by regulators into our operations or those of our competitors;
•developments or disputes concerning our intellectual property rights or our solutions, or third-party proprietary rights;
•announced or completed acquisitions of businesses or technologies by us or our competitors;
•new laws or regulations or new interpretations of existing laws or regulations applicable to our business;
•the impact of interest rate increases on the overall stock market and the market for technology company stocks;
•any major changes in our management or our board of directors;
•effects of public health crises, pandemics, and epidemics;
•general economic conditions, changes in the capital markets generally, inflation and slow or negative growth of our markets; and
•other events or factors, including those resulting from war, incidents of terrorism or responses to these events, including those related to the ongoing armed conflict in Ukraine.
In addition, the stock market in general, and the market for technology companies in particular, has experienced extreme price and volume fluctuations that have often been unrelated or disproportionate to the operating performance of those companies. Broad market and industry factors may seriously affect the market price of our Class A common stock, regardless of our actual operating performance. In addition, in the past, following periods of volatility in the overall market and the market prices of a particular company’s securities, securities class action litigation has often been instituted against that company. Securities litigation, if instituted against us, could result in substantial costs and divert our management’s attention and resources from our business. This could have an adverse effect on our business, operating results and financial condition.
Sales of substantial amounts of our Class A common stock in the public markets, or the perception that they might occur, could cause the market price of our Class A common stock to decline.
Sales of a substantial number of shares of our Class A common stock into the public market, particularly sales by our directors, executive officers, and greater than 5% stockholders, or the perception that these sales might occur, could cause the market price of our Class A common stock to decline or make it more difficult for you to sell your Class A common stock at a time and price that you deem appropriate.
Moreover, the holders of a significant portion of shares of our capital stock also have rights, subject to some conditions, to require us to file registration statements for the public resale of such capital stock or to include such shares in registration statements that we may file for us or other stockholders.
56
We may also issue our shares of our capital stock or securities convertible into shares of our capital stock from time to time in connection with a financing, acquisition, investment, or otherwise.
The dual class structure of our common stock will have the effect of concentrating voting control with those stockholders who hold our Class B capital stock, including our directors, executive officers, and beneficial owners of 5% or greater of our outstanding capital stock who hold in the aggregate 65.8% of the voting power of our capital stock, which will limit or preclude your ability to influence corporate matters, including the election of directors and the approval of any change of control transaction.
Our Class B common stock has ten votes per share, and our Class A common stock has one vote per share. As of January 31, 2023, the holders of our outstanding Class B common stock hold a substantial majority of the voting power of our outstanding capital stock, with our directors, executive officers, and holders of more than 5% of our common stock, and their respective affiliates, holding a majority of the voting power of our capital stock. Because of the ten-to-one voting ratio between our Class B and Class A common stock, the holders of our Class B common stock collectively will continue to control a majority of the combined voting power of our common stock and therefore will be able to control all matters submitted to our stockholders for approval until the earlier of (i) October 14, 2031, (ii) the death or disability, as defined in our restated certificate of incorporation, of Sytse Sijbrandij, (iii) the date specified by a vote of the holders of two-thirds of the then outstanding shares of Class B common stock and (iv) the first date on which the number of shares of outstanding Class B common stock (including shares of Class B common stock subject to outstanding stock options) is less than 5% of the aggregate number of shares of outstanding common stock. This concentrated control will limit or preclude your ability to influence corporate matters for the foreseeable future, including the election of directors, amendments of our organizational documents, and any merger, consolidation, sale of all or substantially all of our assets, or other major corporate transaction requiring stockholder approval. In addition, this may prevent or discourage unsolicited acquisition proposals or offers for our capital stock that you may feel are in your best interest as one of our stockholders.
Future transfers by holders of our Class B common stock will generally result in those shares converting to Class A common stock, subject to limited exceptions, such as certain transfers effected for estate planning purposes. The conversion of Class B common stock to Class A common stock will have the effect, over time, of increasing the relative voting power of those holders of our Class B common stock who retain their shares in the long term.
The dual class structure of our common stock may adversely affect the trading market for our Class A common stock.
Certain stock index providers, such as S&P Dow Jones, exclude companies with multiple classes of shares of common stock from being added to certain stock indices, including the S&P 500. In addition, several stockholder advisory firms and large institutional investors oppose the use of multiple class structures. As a result, the dual class structure of our common stock may prevent the inclusion of our Class A common stock in such indices, may cause stockholder advisory firms to publish negative commentary about our corporate governance practices or otherwise seek to cause us to change our capital structure, and may result in large institutional investors not purchasing shares of our Class A common stock. Any exclusion from stock indices could result in a less active trading market for our Class A common stock. Any actions or publications by stockholder advisory firms or institutional investors critical of our corporate governance practices or capital structure could also adversely affect the value of our Class A common stock.
If industry or financial analysts do not continue to publish research or reports about our business, or if they issue inaccurate or unfavorable research regarding our Class A common stock, our stock price and trading volume could decline.
57
The trading market for our Class A common stock will depend in part on the research and reports that industry or financial analysts publish about us or our business. We do not control these analysts or the content and opinions included in their reports. As a new public company, the analysts who publish information about our Class A common stock will have had relatively little experience with our company, which could affect their ability to accurately forecast our results and make it more likely that we fail to meet their estimates. If any of the analysts who cover us issues an inaccurate or unfavorable opinion regarding our stock price, our stock price may decline. In addition, the stock prices of many companies in the technology industry have declined significantly after those companies have failed to meet, or exceed, the financial guidance publicly announced by the companies or the expectations of analysts. If our financial results fail to meet, or exceed, our announced guidance or the expectations of analysts or public investors, analysts could downgrade our Class A common stock or publish unfavorable research about us. If one or more of these analysts cease coverage of our Class A common stock or fail to publish reports on us regularly, our visibility in the financial markets could decrease, which in turn could cause our stock price or trading volume to decline.
We do not intend to pay dividends in the foreseeable future. As a result, your ability to achieve a return on your investment will depend on appreciation in the price of our Class A common stock.
We have never declared or paid any cash dividends on our capital stock. We currently intend to retain all available funds and any future earnings for use in the operation of our business and do not anticipate paying any dividends in the foreseeable future. Any determination to pay dividends in the future will be at the discretion of our board of directors. Accordingly, investors must for the foreseeable future rely on sales of their Class A common stock after price appreciation, which may never occur, as the only way to realize any future gains on their investments.
Provisions in our organizational documents and under Delaware law could make an acquisition of us, which could be beneficial to our stockholders, more difficult and may limit attempts by our stockholders to replace or remove our current management.
Provisions in our restated certificate of incorporation and amended and restated bylaws may have the effect of delaying or preventing a merger, acquisition or other change of control of our company that our stockholders may consider favorable. In addition, because our board of directors is responsible for appointing the members of our management team, these provisions may frustrate or prevent any attempts by our stockholders to replace or remove our current management by making it more difficult for stockholders to replace members of our board of directors. Among other things, our restated certificate of incorporation and amended and restated bylaws include provisions that:
•provide that our board of directors is classified into three classes of directors with staggered three-year terms;
•permit our board of directors to establish the number of directors and fill any vacancies and newly created directorships;
•require supermajority voting to amend some provisions in our restated certificate of incorporation and amended and restated bylaws;
•authorize the issuance of “blank check” preferred stock that our board of directors could use to implement a stockholder rights plan;
•provide that only our chief executive officer or a majority of our board of directors will be authorized to call a special meeting of stockholders;
•eliminate the ability of our stockholders to call special meetings of stockholders;
•do not provide for cumulative voting;
58
•provide that directors may only be removed “for cause” and only with the approval of two-thirds of our stockholders;
•provide for a dual class common stock structure in which holders of our Class B common stock may have the ability to control the outcome of matters requiring stockholder approval, even if they own significantly less than a majority of the outstanding shares of our common stock, including the election of directors and other significant corporate transactions, such as a merger or other sale of our company or its assets;
•prohibit stockholder action by written consent, which requires all stockholder actions to be taken at a meeting of our stockholders;
•provide that our board of directors is expressly authorized to make, alter, or repeal our amended and restated bylaws; and
•establish advance notice requirements for nominations for election to our board of directors or for proposing matters that can be acted upon by stockholders at annual stockholder meetings.
Moreover, Section 203 of the Delaware General Corporation Law, or DGCL, may discourage, delay, or prevent a change in control of our company. Section 203 imposes certain restrictions on mergers, business combinations, and other transactions between us and holders of 15% or more of our common stock.
Our restated certificate of incorporation and amended and restated bylaws contain exclusive forum provisions for certain claims, which may limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us or our directors, officers, or team members.
Our restated certificate of incorporation provides that the Court of Chancery of the State of Delaware, to the fullest extent permitted by law, will be the exclusive forum for any derivative action or proceeding brought on our behalf, any action asserting a breach of fiduciary duty, any action asserting a claim against us arising pursuant to the DGCL, our restated certificate of incorporation, or our amended and restated bylaws, or any action asserting a claim against us that is governed by the internal affairs doctrine.
Moreover, Section 22 of the Securities Act creates concurrent jurisdiction for federal and state courts over all claims brought to enforce any duty or liability created by the Securities Act or the rules and regulations thereunder. Our restated certificate of incorporation and amended and restated bylaws provide that the federal district courts of the United States will, to the fullest extent permitted by law, be the exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act, such provision, the Federal Forum Provision. Our decision to adopt a Federal Forum Provision followed a decision by the Supreme Court of the State of Delaware holding that such provisions are facially valid under Delaware law. While there can be no assurance that federal or state courts will follow the holding of the Delaware Supreme Court or determine that the Federal Forum Provision should be enforced in a particular case, application of the Federal Forum Provision means that suits brought by our stockholders to enforce any duty or liability created by the Securities Act must be brought in federal court and cannot be brought in state court.
Section 27 of the Exchange Act creates exclusive federal jurisdiction over all claims brought to enforce any duty or liability created by the Exchange Act or the rules and regulations thereunder. In addition, the Federal Forum Provision applies to suits brought to enforce any duty or liability created by the Exchange Act. Accordingly, actions by our stockholders to enforce any duty or liability created by the Exchange Act or the rules and regulations thereunder must be brought in federal court.
Our stockholders will not be deemed to have waived our compliance with the federal securities laws and the regulations promulgated thereunder.
59
Any person or entity purchasing or otherwise acquiring or holding any interest in any of our securities shall be deemed to have notice of and consented to our exclusive forum provisions, including the Federal Forum Provision. These provisions may limit a stockholders’ ability to bring a claim in a judicial forum of their choosing for disputes with us or our directors, officers, or team members, which may discourage lawsuits against us and our directors, officers, and team members. Alternatively, if a court were to find the choice of forum provisions contained in our restated certificate of incorporation or amended and restated bylaws to be inapplicable or unenforceable in an action, we may incur additional costs associated with resolving such action in other jurisdictions, which could harm our business, financial condition, and operating results.
General Risk Factors
We may be adversely affected by natural disasters, pandemics and other catastrophic events, and by man-made problems such as acts of war, terrorism, that could disrupt our business operations and our business continuity and disaster recovery plans may not adequately protect us from a serious disaster.
Natural disasters, pandemics, and epidemics, or other catastrophic events such as fire or power shortages, along with man-made problems such as acts of war and terrorism, including the war in Ukraine, and other events beyond our control may cause damage or disruption to our operations, international commerce, and the global economy, and could have an adverse effect on our business, operating results, and financial condition. While we do not have a corporate headquarters, we have team members around the world, and any such catastrophic event could occur in areas where significant portions of our team members are located. Moreover, these conditions can affect the rate of software development operations solutions spending and could adversely affect our customers’ ability or willingness to attend our events or to purchase our services, delay prospective customers’ purchasing decisions or project implementation timing, reduce the value or duration of their subscription contracts, affect attrition rates, or result in requests from customers for payment or pricing concessions, all of which could adversely affect our future sales and operating results. As a result, we may experience extended sales cycles; our ability to close transactions with new and existing customers and partners may be negatively impacted; our ability to recognize revenue from software transactions we do close may be negatively impacted due to implementation delays or other factors; our demand generation activities, and the efficiency and effect of those activities, may be negatively affected. Recent macroeconomic conditions, including inflation and rising interest rates, have, and may continue to, put pressure on overall spending for our products and services, and may cause our customers to modify spending priorities or delay or abandon purchasing decisions, thereby lengthening sales cycles, and may make it difficult for us to forecast our sales and operating results and to make decisions about future investments. These and other potential effects on our business may be significant and could materially harm our business, operating results and financial condition.
In the event of a natural disaster, including a major earthquake, blizzard, or hurricane, or a catastrophic event such as a fire, power loss, or telecommunications failure, we may be unable to continue our operations and may endure system interruptions, reputational harm, delays in development of our solutions, lengthy interruptions in service, breaches of data security, and loss of critical data, all of which could have an adverse effect on our future operating results. Additionally, all of the aforementioned risks may be further increased if we do not implement a disaster recovery plan or the disaster recovery plans put in place by us or our partners prove to be inadequate.
We could be subject to securities class action litigation.
In the past, securities class action litigation has often been instituted against companies following periods of volatility in the market price of a company’s securities. This type of litigation, if instituted, could result in substantial costs and a diversion of management’s attention and resources, which could adversely affect our business, operating results, or financial condition. Additionally, the dramatic increase in the cost of directors’ and officers’ liability insurance may cause us to opt for lower overall policy limits or
60
to forgo insurance that we may otherwise rely on to cover significant defense costs, settlements, and damages awarded to plaintiffs.
ITEM 1B. UNRESOLVED STAFF COMMENTS
None.
ITEM 2. PROPERTIES
We are a remote-only company. Accordingly, we do not maintain a headquarters. Our China entity (JiHu) leases small sales offices.
ITEM 3. LEGAL PROCEEDINGS
We are, and from time to time we may become, involved in legal proceedings or be subject to claims arising in the ordinary course of our business. Defending such proceedings is costly and can impose a significant burden on management and team members. We are not presently a party to any legal proceedings that in the opinion of our management, if determined adversely to us, would individually or taken together have a material adverse effect on our business, financial condition or operating results.
The results of any current or future litigation cannot be predicted with certainty, and regardless of the outcome, litigation can have an adverse impact on us because of defense and settlement costs, diversion of management resources and other factors.
ITEM 4. MINE SAFETY DISCLOSURES
None.
61
PART II
ITEM 5. MARKET FOR REGISTRANT'S COMMON EQUITY, RELATED STOCKHOLDER MATTERS AND ISSUER PURCHASES OF EQUITY SECURITIES
Market Information
Our Class A common stock is traded on The Nasdaq Global Select Market, or Nasdaq, under the symbol “GTLB” and began trading on October 14, 2021. Prior to that date, there was no public trading market for our Class A common stock. Our Class B common stock is not listed or traded on any exchange.
Holders of Record
As of March 20, 2023, there were 8 holders of record of our Class A common stock and 157 holders of record of our Class B common stock. The actual number of holders of our Class A common stock and Class B common stock is greater than the number of record holders and includes stockholders who are beneficial owners, but whose shares are held in street name by brokers or other nominees. The number of holders of record presented here also does not include stockholders whose shares may be held in trust by other entities.
Dividend Policy
We have never declared or paid cash dividends on our capital stock. We currently intend to retain all available funds and future earnings, if any, to fund the development and expansion of our business, and we do not anticipate paying any cash dividends in the foreseeable future. Any future determination regarding the declaration and payment of dividends, if any, will be at the discretion of our board of directors and will depend on then-existing conditions, including our financial condition, operating results, contractual restrictions, capital requirements, business prospects, and other factors our board of directors may deem relevant.
Recent Sales of Unregistered Equity Securities
None.
Use of Proceeds
On October 18, 2021, we closed our initial public offering, or IPO, of 8,940,000 shares of our Class A common stock at an offering price of $77.00 per share, including 520,000 shares pursuant to the exercise of the underwriters’ option to purchase additional shares of our Class A common stock, resulting in net proceeds to us of $654.6 million, after deducting underwriting discounts of $33.8 million. All of the shares issued and sold in our IPO were registered under the Securities Act pursuant to a registration statement on Form S-1 (File No. 333-259602), which was declared effective by the SEC on October 13, 2021. As of such date, we also incurred offering costs of $4.7 million.
No payments were made to our directors or officers or their associates, holders of 10% or more of any class of our equity securities, or to our affiliates in connection with the issuance and sale of the securities registered. There has been no material change in the planned use of proceeds from our IPO from those disclosed in the Final Prospectus for our IPO dated as of October 13, 2021 and filed with the SEC pursuant to Rule 424(b)(4) on October 14, 2021.
Issuer Purchases of Equity Securities
None.
62
Stock Performance Graph
The graph below compares the cumulative total stockholder return on our Class A common stock from October 14, 2021 (the date our Class A common stock commenced trading on Nasdaq) through January 31, 2023 with the cumulative total return on the S&P 500 Index and the S&P 500 Information Technology Index. All values assume a $100 initial investment and data for the S&P 500 Composite Index and the S&P Information Technology Index assume reinvestment of dividends. The comparisons are based on historical data and are not indicative of, nor intended to forecast, the future performance of our Class A common stock.
This performance graph shall not be deemed “soliciting material” or to be “filed” with the SEC for purposes of Section 18 of the Exchange Act, or otherwise subject to the liabilities under that Section, and shall not be deemed to be incorporated by reference into any of our filings under the Securities Act.
ITEM 6. [RESERVED]
63
ITEM 7. MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS
The following discussion and analysis of our financial condition and results of operations should be read in conjunction with our consolidated financial statements and the related notes included elsewhere in this Annual Report. You should review the section titled “Special Note Regarding Forward-Looking Statements” above in this Annual Report for a discussion of forward-looking statements and important factors that could cause actual results to differ materially from the results described in or implied by the forward-looking statements contained in the following discussion and analysis. Factors that could cause or contribute to such differences include, but are not limited to, those identified below, and those discussed in the section titled “Risk Factors” in this Annual Report. Our historical results are not necessarily indicative of the results that may be expected for any period in the future.
A discussion regarding our financial condition and results of operations for the year ended January 31, 2023 compared to the year ended January 31, 2022 is presented below. A discussion regarding our financial condition and results of operations for the year ended January 31, 2022 compared to the year ended January 31, 2021 can be found in “Management's Discussion and Analysis of Financial Condition and Results of Operations” in our Annual Report on Form 10-K for the fiscal year ended January 31, 2022, which was filed with the SEC on April 8, 2022.
Overview
In today’s world, software defines the speed of innovation. Every industry, business, and function within a company is dependent on software. To remain competitive and survive, nearly all companies must digitally transform and become experts at building, delivering, and securing software.
To meet these market needs, GitLab pioneered The DevSecOps Platform, a fundamentally new approach to software development and delivery. Our platform is uniquely built as a single application and interface with a unified data model, enabling all stakeholders in the software delivery lifecycle – from development teams to operations teams to security teams – to work together in a single tool with a single workflow. With GitLab, they can build better, more secure software faster.
GitLab is the solution to significant business transformation needs. Across every industry – and across companies of every size – technology leaders want to make developers more productive so they can deliver better products faster; they want to measure productivity, so they can increase operational efficiency; they want to secure the software supply chain, so they can reduce security and compliance risk; and, they want to accelerate cloud migration, so they can unlock digital transformation results. These technology leaders need a platform that enables a value stream-driven mindset – a mindset that shortens the time from idea to customer value – and establishes a powerful flywheel for data collection and aggregation. And they are looking for a platform approach that unifies the entire development experience, so that customers can be faster than their competition in moving from idea to customer value.
GitLab is designed to consolidate point solutions to cut costs and boost efficiency, and provides end-to-end visibility across the entire software development lifecycle, from planning to production to security.
We believe GitLab is the shortest path to unlocking business and technology transformation results. Our DevSecOps Platform accelerates our customers’ ability to create business value and innovate by reducing their software development cycle times from weeks to minutes. It removes the need for point tools and delivers enhanced operational efficiency by eliminating manual work, increasing productivity, and creating a culture of innovation and velocity. The DevSecOps Platform also embeds security earlier into the development process, improving our customers’ software security, quality, and overall compliance.
GitLab is available to any team, regardless of the size, scope, and complexity of their deployment. As a result, we have more than 30 million registered users and more than 50% of the Fortune 100 companies are GitLab customers. For purposes of determining the number of our active customers, we
64
look at our customers with more than $5,000 of Annual Recurring Revenue, or ARR, in a given period, who we refer to as our Base Customers. For purposes of determining our Base Customers, a single organization with separate subsidiaries, segments, or divisions that use The DevSecOps Platform is considered a single customer for determining each organization’s ARR.
GitLab is the only DevSecOps platform built on an open-core business model. We enable any customer and contributor to add functionality to our platform. In 2022, nearly 800 people contributed more than 3,000 merge requests back to the core product, extending GitLab’s in-house R&D efforts and empowering our most passionate users to make improvements to the DevOps tool they use every day. Our open-core approach has enabled us to build trust with our customers, and to maintain our high velocity of innovation so that we can rapidly create the most comprehensive DevSecOps platform.
GitLab exists today in large part thanks to the vast and growing community of open source contributors around the world. We actively work to grow open source community engagement by operating with transparency. We make our strategy, direction, and product roadmap available to the wider community, where we encourage and solicit their feedback. By making non-sensitive information public, we create a deeper level of trust with our customers and we make it easier to solicit contributions and collaboration from our users and customers. See the section entitled “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Key Business Metrics—Dollar-Based Net Retention Rate and ARR” below for additional information about how we define ARR.
We make our plans available through our self-managed and software-as-a-service, or SaaS offering. For our self-managed offering, the customer installs GitLab in their own on-premise or hybrid cloud environment. For our SaaS offering, the platform is managed by GitLab and hosted either in our public cloud or in our private cloud based on the customer’s preference. For more information regarding our customers, refer to the section titled “Business—Our Customers.”
Key Business Metrics
We monitor the following key metrics to help us evaluate our business, identify trends affecting our business, formulate business plans, and make strategic decisions.
Dollar-Based Net Retention Rate and ARR
We believe that our ability to retain and expand our revenue generated from our existing customers is an indicator of the long-term value of our customer relationships and our potential future business opportunities. Dollar-Based Net Retention Rate measures the percentage change in our ARR derived from our customer base at a point in time. Our calculation of ARR and by extension Dollar-Based Net Retention Rate, includes both self-managed and SaaS subscription revenue. We report Dollar-Based Net Retention Rate on a threshold basis of 130% each quarter, and provide a tighter threshold as of each fiscal year end.
We calculate ARR by taking the monthly recurring revenue, or MRR, and multiplying it by 12. MRR for each month is calculated by aggregating, for all customers during that month, monthly revenue from committed contractual amounts of subscriptions, including our self-managed and SaaS offerings but excluding professional services. We calculate Dollar-Based Net Retention Rate as of a period end by starting with our customers as of the 12 months prior to such period end, or the Prior Period ARR. We then calculate the ARR from these customers as of the current period end, or the Current Period ARR. The calculation of Current Period ARR includes any upsells, price adjustments, user growth within a customer, contraction, and attrition. We then divide the total Current Period ARR by the total Prior Period ARR to arrive at the Dollar-Based Net Retention Rate.
As of January 31, | |||||||||||||||||
| 2023 | 2022 | 2021 | |||||||||||||||
| Dollar-Based Net Retention Rate | > 130% | >152% | >145% | ||||||||||||||
65
Customers with ARR of $100,000 or More
We believe that our ability to increase the number of $100,000 ARR customers is an indicator of our market penetration and strategic demand for The DevSecOps Platform. A single organization with separate subsidiaries, segments, or divisions that use The DevSecOps Platform is considered a single customer for determining each organization’s ARR. We do not count our reseller or distributor channel partners as customers. In cases where customers subscribe to The DevSecOps Platform through our channel partners, each end customer is counted separately.
As of January 31, | |||||||||||||||||
| 2023 | 2022 | 2021 | |||||||||||||||
| $100,000 ARR customers | 697 | 492 | 283 | ||||||||||||||
Components of Our Results of Operations
Revenue
Subscription - self-managed and SaaS
Subscription - self-managed
Our self-managed subscriptions include support, maintenance, upgrades, and updates on a when-and-if-available basis. Revenue for self-managed subscriptions is recognized ratably over the contract period based on the stand-ready nature of subscription elements.
SaaS
Our SaaS subscriptions provide access to our latest managed version of our product hosted in a public or private cloud based on the customer’s preference. Revenue from our SaaS offerings is recognized ratably over the contract period when the performance obligation is satisfied.
The typical term of a subscription contract for self-managed or SaaS offering is one to three years.
License - self-managed and other
The license component of our self-managed subscriptions reflects the revenue recognized by providing customers with access to proprietary software features. License revenue is recognized up-front when the software license is made available to our customer.
Other revenue consists of professional services revenue which is derived from fixed fee and time and materials offerings, subject to customer acceptance. Given the Company’s limited history of providing professional services, uncertainty exists about customer acceptance and therefore, control is presumed to transfer upon confirmation from the customer, as defined in each professional services contract. Accordingly, revenue is recognized upon satisfaction of all requirements per the applicable contract. Revenue from professional services provided on a time and material basis is recognized over the periods services are delivered. Revenue from professional services accounted for 2%, 2% and 3% of our total revenue for the years ended January 31, 2023, 2022 and 2021, respectively.
Cost of Revenue
Subscription - self-managed and SaaS
Cost of revenue for self-managed and SaaS subscriptions consists primarily of allocated cloud-hosting costs paid to third-party service providers, personnel-related costs associated with our customer support personnel, including contractors, and allocated overhead. Personnel-related expenses consist of salaries, benefits, bonuses, and stock-based compensation. We expect our cost of revenue for self-managed and SaaS subscriptions to increase in absolute dollars as our self-managed and SaaS
66
subscription revenue increases. As our SaaS offering makes up an increasing percentage of our total revenue, we expect to see increased associated cloud-related costs, such as hosting and managing costs, which may adversely impact our gross margins.
License - self-managed and other
Cost of self-managed license and other revenue consists primarily of contractor and personnel-related costs, including stock-based compensation expenses, associated with the professional services team and customer support team, and allocated overhead. We expect our cost of revenue for self-managed license and other to increase in absolute dollars as our self-managed and other revenue increases.
Operating Expenses
Our operating expenses consist of sales and marketing, research and development, and general and administrative expenses. Personnel-related expenses are the most significant component of operating expenses and consist of salaries, benefits, bonuses, stock-based compensation, and sales commissions. Operating expenses also include IT overhead costs.
Sales and Marketing
Sales and marketing expenses consist primarily of personnel-related expenses associated with our sales and marketing personnel, advertising, travel and entertainment related expenses, branding and marketing events, promotions, software subscriptions, and our allocated hosting expenses for our free tier. Sales and marketing expenses also include sales commissions paid to our sales force. Such costs incurred on acquisition of an initial contract are capitalized and amortized over an estimated period of benefit of three years, and any such expenses paid for the renewal of a subscription are capitalized and amortized over the contractual term of the renewal. However, costs for commissions that are incremental to obtain a self-managed license contract are expensed immediately.
We expect sales and marketing expenses to increase in absolute dollars as we continue to make strategic investments in our sales and marketing organization to drive additional revenue, further penetrate the market, and expand our global customer base, but to decrease as a percentage of our total revenue over time, although our sales and marketing expenses may fluctuate as a percentage of our total revenue from period-to-period depending on the timing of these expenses.
Research and Development
Research and development expenses consist primarily of personnel-related expenses, including contractors, as well as third-party cloud infrastructure expenses to support our internal development efforts, allocated overhead associated with developing new features or enhancing existing features, and software and subscription services. Costs related to research and development are expensed as incurred.
We expect research and development expenses to increase in absolute dollars as we continue to increase investments in our existing products and services. However, we anticipate research and development expenses to decrease as a percentage of our total revenue over time, although our research and development expenses may fluctuate as a percentage of our total revenue from period-to-period depending on the timing of these expenses.
General and Administrative
General and administrative expenses consist primarily of personnel-related expenses for our executives, finance, legal, and human resources. General and administrative expenses also include external legal, accounting, and director and officer insurance, as well as other consulting and professional services fees, software and subscription services, other corporate expenses, and any contract termination fees.
67
We have incurred and expect to incur additional expenses as a result of operating as a public company, including costs to comply with the rules and regulations applicable to companies listed on a national securities exchange, costs related to compliance and reporting obligations, costs related to Sarbanes-Oxley compliance, costs related to Environmental, Social, and Governance (ESG) compliance and increased expenses for insurance, investor relations, and related professional services. We expect that our general and administrative expenses will increase in absolute dollars as our business grows but will decrease as a percentage of our total revenue over time, although our general and administrative expenses may fluctuate as a percentage of our total revenue from period-to-period depending on the timing of these expenses.
Interest Income, and Other Income (Expense), Net
Interest income consists primarily of interest earned on our cash equivalents and short-term investments.
Other income (expense), net consists primarily of the gain from the deconsolidation of Meltano Inc., as well as foreign currency transaction gains and losses.
Loss from Equity Method Investment, Net of Tax
Loss from equity method investment, net of tax consists of our share of losses from the results of operations of Meltano Inc., following its deconsolidation, net of tax.
Provision for (Benefit from) Income Taxes
Provision for (benefit from) income taxes consists primarily of income taxes in the foreign and state jurisdictions in which we conduct business. We maintain a full valuation allowance against our deferred tax assets in certain jurisdictions because we have concluded that it is not more likely than not that the deferred tax assets will be realized.
68
Results of Operations
The following table sets forth our results of operations for the periods presented (in thousands):
| Fiscal Year Ended January 31, | |||||||||||||||||
| 2023 | 2022 | 2021 | |||||||||||||||
| Revenue: | |||||||||||||||||
| Subscription—self-managed and SaaS | $ | 369,349 | $ | 226,163 | $ | 132,763 | |||||||||||
| License—self-managed and other | 54,987 | 26,490 | 19,413 | ||||||||||||||
| Total revenue | 424,336 | 252,653 | 152,176 | ||||||||||||||
Cost of revenue:(1) | |||||||||||||||||
| Subscription—self-managed and SaaS | 40,841 | 23,668 | 14,453 | ||||||||||||||
| License—self-managed and other | 10,839 | 6,317 | 4,010 | ||||||||||||||
| Total cost of revenue | 51,680 | 29,985 | 18,463 | ||||||||||||||
| Gross profit | 372,656 | 222,668 | 133,713 | ||||||||||||||
| Operating expenses: | |||||||||||||||||
Sales and marketing(1) | 309,992 | 190,754 | 154,086 | ||||||||||||||
Research and development(1) | 156,143 | 97,217 | 106,643 | ||||||||||||||
General and administrative(1) | 117,932 | 63,654 | 86,868 | ||||||||||||||
| Total operating expenses | 584,067 | 351,625 | 347,597 | ||||||||||||||
| Loss from operations | (211,411) | (128,957) | (213,884) | ||||||||||||||
| Interest income | 14,496 | 736 | 1,070 | ||||||||||||||
Other income (expense), net(2) | 21,585 | (30,850) | 23,452 | ||||||||||||||
| Loss before income taxes and loss from equity method investment | (175,330) | (159,071) | (189,362) | ||||||||||||||
| Loss from equity method investment, net of tax | (2,468) | — | — | ||||||||||||||
| Provision for (benefit from) income taxes | 2,898 | (1,511) | 2,832 | ||||||||||||||
| Net loss | $ | (180,696) | $ | (157,560) | $ | (192,194) | |||||||||||
Net loss attributable to noncontrolling interest(3) | (8,385) | (2,422) | — | ||||||||||||||
| Net loss attributable to GitLab | $ | (172,311) | $ | (155,138) | $ | (192,194) | |||||||||||
(1)Includes stock-based compensation expense as follows:
| Fiscal Year Ended January 31, | |||||||||||||||||
| 2023 | 2022 | 2021 | |||||||||||||||
| (in thousands) | |||||||||||||||||
| Cost of revenue | $ | 5,078 | $ | 1,300 | $ | 1,185 | |||||||||||
| Research and development | 36,325 | 8,305 | 31,519 | ||||||||||||||
| Sales and marketing | 48,001 | 10,550 | 21,504 | ||||||||||||||
| General and administrative | 33,163 | 9,854 | 57,638 | ||||||||||||||
| Total stock-based compensation expense | $ | 122,567 | $ | 30,009 | $ | 111,846 | |||||||||||
69
(2)Includes $17.8 million gain for the year ended January 31, 2023 from the deconsolidation of Meltano Inc. in April 2022. See “Note 11. Joint Venture and Equity Method Investment” to our consolidated financial statements for additional details.
(3)Our results of operations include our variable interest entity, JiHu. The ownership interest of other investors is recorded as a noncontrolling interest. See “Note 11. Joint Venture and Equity Method Investment” to our consolidated financial statements for additional details.
The following table sets forth the components of our consolidated statements of operations as a percentage of total revenue for each of the periods presented:
| Fiscal Year Ended January 31, | |||||||||||||||||
| 2023 | 2022 | 2021 | |||||||||||||||
| (as a percentage of total revenue) | |||||||||||||||||
| Revenue | 100 | % | 100 | % | 100 | % | |||||||||||
| Cost of revenue | 12 | 12 | 12 | ||||||||||||||
| Gross profit | 88 | 88 | 88 | ||||||||||||||
| Operating expenses: | |||||||||||||||||
| Sales and marketing | 73 | 76 | 101 | ||||||||||||||
| Research and development | 37 | 38 | 70 | ||||||||||||||
| General and administrative | 28 | 25 | 57 | ||||||||||||||
| Total operating expenses | 138 | 139 | 228 | ||||||||||||||
| Loss from operations | (50) | (51) | (141) | ||||||||||||||
| Interest income | 3 | — | 1 | ||||||||||||||
| Other income (expense), net | 5 | (12) | 15 | ||||||||||||||
| Loss before income taxes and loss from equity method investment | (41) | (63) | (124) | ||||||||||||||
| Loss from equity method investment, net of tax | (1) | — | — | ||||||||||||||
| Provision for (benefit from) income taxes | 1 | (1) | (2) | ||||||||||||||
| Net loss | (43) | % | (62) | % | (126) | % | |||||||||||
| Net loss attributable to noncontrolling interest | (2) | % | (1) | % | — | % | |||||||||||
| Net loss attributable to GitLab | (41) | % | (61) | % | (126) | % | |||||||||||
Comparison of the Fiscal Year Ended January 31, 2023 and 2022
Revenue
| Fiscal Year Ended January 31, | Change | ||||||||||||||||||||||
| 2023 | 2022 | $ | % | ||||||||||||||||||||
| (in thousands, except percentages) | |||||||||||||||||||||||
| Subscription—self-managed and SaaS | $ | 369,349 | $ | 226,163 | $ | 143,186 | 63 | % | |||||||||||||||
| License—self-managed and other | 54,987 | 26,490 | 28,497 | 108 | |||||||||||||||||||
| Total revenue | $ | 424,336 | $ | 252,653 | $ | 171,683 | 68 | % | |||||||||||||||
70
Revenue increased $171.7 million, or 68%, to $424.3 million for fiscal 2023 from $252.7 million for fiscal 2022. The increase was primarily due to the ongoing demand for The DevSecOps Platform, including adding new customers, the expansion within our existing paid customers, and an increase in our number of customers with $100,000 or greater in ARR. As of January 31, 2023 and 2022, our expansion is reflected by our Dollar-Based Net Retention Rate being above 130% and above 152%, respectively. We had 697 customers with ARR over $100,000 as of January 31, 2023, increasing from 492 customers with ARR over $100,000 as of January 31, 2022.
Revenue attributed to our variable interest entity, JiHu, was $4.7 million and $1.2 million for fiscal 2023 and 2022, respectively. See “Note 11. Joint Venture and Equity Method Investment” to our consolidated financial statements for additional details.
Cost of Revenue, Gross Profit, and Gross Margin
| Fiscal Year Ended January 31, | Change | ||||||||||||||||||||||
| 2023 | 2022 | $ | % | ||||||||||||||||||||
| (in thousands, except percentages) | |||||||||||||||||||||||
| Cost of revenue | $ | 51,680 | $ | 29,985 | $ | 21,695 | 72 | % | |||||||||||||||
| Gross profit | 372,656 | 222,668 | 149,988 | 67 | |||||||||||||||||||
| Gross margin | 88 | % | 88 | % | |||||||||||||||||||
Cost of revenue increased by $21.7 million, to $51.7 million for fiscal 2023 from $30.0 million for fiscal 2022, primarily due to an increase of $8.1 million in personnel-related expenses, driven by an increase in our average customer support and professional services headcount and an increase of $3.8 million in stock-based compensation expenses (as discussed in the section titled “Stock-Based Compensation Expense” below). The remaining change was primarily attributable to an increase of $7.3 million in third-party hosting costs for increased usage of our paid SaaS offering, $1.7 million in consulting expense, $1.5 million in amortization of intangible assets, and $0.9 million in credit card fees related to our self-serve online web store. Gross margin remained at 88% for fiscal 2023 compared to fiscal 2022.
Cost of revenue attributed to our variable interest entity, JiHu, was $1.7 million and $0.9 million fiscal 2023 and 2022, respectively. See “Note 11. Joint Venture and Equity Method Investment” to our consolidated financial statements for additional details.
71
Sales and Marketing
| Fiscal Year Ended January 31, | Change | ||||||||||||||||||||||
| 2023 | 2022 | $ | % | ||||||||||||||||||||
| (in thousands, except percentages) | |||||||||||||||||||||||
| Sales and marketing expenses | $ | 309,992 | $ | 190,754 | $ | 119,238 | 63 | % | |||||||||||||||
Sales and marketing expenses increased by $119.2 million, to $310.0 million for fiscal 2023 from $190.8 million for fiscal 2022, primarily due to an increase of $94.9 million in personnel-related expenses, driven by an increase in our average sales and marketing headcount, and an increase of $37.5 million in stock-based compensation expenses (as discussed in the section titled “Stock-Based Compensation Expense” below). The remaining change was mainly due to an increase of $7.8 million in marketing events and brand-related expenses, an increase of $3.8 million in software and consulting expenses, and an increase of $3.2 million in hosting expenses. The purpose of our investment activities was to increase the effectiveness of our sales motions, increase our sales capacity, generate demand for our products and acquire more customers.
Sales and marketing expenses attributed to our variable interest entity, JiHu, were $7.7 million and $3.2 million for fiscal 2023 and 2022, respectively. See “Note 11. Joint Venture and Equity Method Investment” to our consolidated financial statements for additional details.
Research and Development
| Fiscal Year Ended January 31, | Change | ||||||||||||||||||||||
| 2023 | 2022 | $ | % | ||||||||||||||||||||
| (in thousands, except percentages) | |||||||||||||||||||||||
| Research and development expenses | $ | 156,143 | $ | 97,217 | $ | 58,926 | 61 | % | |||||||||||||||
Research and development expenses increased by $58.9 million, to $156.1 million for fiscal 2023 from $97.2 million for fiscal 2022, primarily due to an increase of $52.6 million in personnel-related expenses, driven by an increase in our average research and development headcount and an increase of $28.0 million in stock-based compensation expenses (as discussed in the section titled “Stock-Based Compensation Expense” below). The remaining change was mainly due to an increase of $2.7 million in hosting expenses.
Research and development expenses attributed to our variable interest entity, JiHu, was $6.8 million and $2.3 million for fiscal 2023 and 2022, respectively. See “Note 11. Joint Venture and Equity Method Investment” to our consolidated financial statements for additional details.
72
General and Administrative
| Fiscal Year Ended January 31, | Change | ||||||||||||||||||||||
| 2023 | 2022 | $ | % | ||||||||||||||||||||
| (in thousands, except percentages) | |||||||||||||||||||||||
| General and administrative expenses | $ | 117,932 | $ | 63,654 | $ | 54,278 | 85 | % | |||||||||||||||
General and administrative expenses increased by $54.3 million, to $117.9 million for fiscal 2023 from $63.7 million for fiscal 2022, primarily due to an increase of $43.0 million in personnel-related expenses, mainly attributable to an increase in our average general and administrative headcount and an increase of $23.3 million in stock-based compensation expenses (as discussed in the section titled “Stock-Based Compensation Expense” below). The remaining change was primarily driven by an increase of $6.1 million in consulting and software expenses to support our growth.
General and administrative expenses attributed to our variable interest entity, JiHu, was $10.5 million and $3.6 million for fiscal 2023 and 2022, respectively. See “Note 11. Joint Venture and Equity Method Investment” to our consolidated financial statements for additional details.
Stock-Based Compensation Expense
| Fiscal Year Ended January 31, | Change | ||||||||||||||||||||||
| 2023 | 2022 | $ | % | ||||||||||||||||||||
| (in thousands, except percentages) | |||||||||||||||||||||||
| Cost of revenue | $ | 5,078 | $ | 1,300 | $ | 3,778 | 291 | % | |||||||||||||||
| Research and development | 36,325 | 8,305 | 28,020 | 337 | |||||||||||||||||||
| Sales and marketing | 48,001 | 10,550 | 37,451 | 355 | |||||||||||||||||||
| General and administrative | 33,163 | 9,854 | 23,309 | 237 | |||||||||||||||||||
| Total stock-based compensation expense | $ | 122,567 | $ | 30,009 | $ | 92,558 | 308 | % | |||||||||||||||
Stock-based compensation expense increased by $92.6 million, to $122.6 million for fiscal 2023 from $30.0 million for fiscal 2022, primarily due to a $60.9 million expense from restricted stock units, or RSUs, we started granting since December 2021 and $20.5 million expense from our 2021 Employee Stock Purchase Plan, or ESPP, introduced in November 2021. Stock-based compensation expense for fiscal 2023 also includes $7.8 million attributable to our variable interest entity, JiHu. See “Note 11. Joint Venture and Equity Method Investment” to our consolidated financial statements for additional details.
73
Interest Income, and Other Income (Expense), Net
| Fiscal Year Ended January 31, | Change | ||||||||||||||||||||||
| 2023 | 2022 | $ | % | ||||||||||||||||||||
| (in thousands, except percentages) | |||||||||||||||||||||||
| Interest income | $ | 14,496 | $ | 736 | $ | 13,760 | 1870 | % | |||||||||||||||
| Gain from deconsolidation of Meltano Inc. | $ | 17,798 | $ | — | $ | 17,798 | 100 | % | |||||||||||||||
| Foreign exchange gains (losses), net | 4,364 | (29,140) | 33,504 | (115) | |||||||||||||||||||
| Other expense, net | (577) | (1,710) | 1,133 | (66) | |||||||||||||||||||
| Total other income (expense), net | $ | 21,585 | $ | (30,850) | $ | 52,435 | (170) | % | |||||||||||||||
For fiscal 2023 compared to fiscal 2022, interest income increased primarily due to income earned from our cash equivalents and short-term investments as a result of investing the proceeds from our initial public offering, or IPO, into marketable securities in fiscal 2023 as well as higher interest rates during fiscal 2023 compared to fiscal 2022.
The change in other income (expense), net is primarily due to the recognized gain of $17.8 million on the fair valuation of our retained interest in Meltano Inc., our formerly controlled subsidiary. The remaining change in other income (expense), net is mainly due to strengthening of the U.S dollar.
Loss from Equity Method Investment, Net of Tax
| Fiscal Year Ended January 31, | Change | ||||||||||||||||||||||
| 2023 | 2022 | $ | % | ||||||||||||||||||||
| (in thousands, except percentages) | |||||||||||||||||||||||
| Loss from equity method investment, net of tax | $ | (2,468) | $ | — | $ | (2,468) | 100 | % | |||||||||||||||
Loss from equity method investment, net of tax consists of our share of losses from the results of operations of Meltano Inc., net of tax. Effective April 4, 2022, due to a loss of control over Meltano Inc., we account for Meltano investment under the equity method.
Provision for (Benefit from) Income Taxes
| Fiscal Year Ended January 31, | Change | ||||||||||||||||||||||
| 2023 | 2022 | $ | % | ||||||||||||||||||||
| (in thousands, except percentages) | |||||||||||||||||||||||
| Provision for (benefit from) income taxes | $ | 2,898 | $ | (1,511) | $ | 4,409 | (292) | % | |||||||||||||||
| Effective tax rate | (1.7) | % | 0.9 | % | (2.6)% | ||||||||||||||||||
Our effective tax rate decreased by approximately 2.6% in the fiscal year ended January 31, 2023 as compared to the fiscal year ended January 31, 2022. The lower effective tax rate was primarily due to an increase in current tax liability from operations and the establishment in the year ended January 31, 2023
74
of a deferred tax liability relating to the deconsolidation of a majority-owned entity, Meltano Inc., and simultaneous establishment of our equity method investment.
Our effective tax rate for fiscal 2023 was lower than the U.S. federal statutory tax rate of 21%, primarily due to an increase in valuation allowance associated with the net operating losses generated during the year.
Under the provisions of Accounting Standard Codification (“ASC”) 740, Income Taxes, the determination of our ability to recognize our deferred tax assets requires an assessment of both negative and positive evidence when determining our ability to recognize deferred tax assets. We determined that it was not more likely than not that we could recognize certain deferred tax assets. The evidence we evaluated included operating results during the most recent three-year period and future projections, with more weight given to historical results than expectations of future profitability, which are inherently uncertain. Certain entities’ net losses in recent periods represented sufficient negative evidence to require a valuation allowance against its net deferred tax assets. This valuation allowance will be evaluated periodically and could be reversed partially or totally if business results have sufficiently improved to support realization of deferred tax assets.
We have not recorded a provision for deferred U.S. tax expense that could result from the remittance of foreign undistributed earnings since we intend to reinvest the earnings of the foreign subsidiaries indefinitely. Our share of the undistributed earnings of foreign corporations not included in our consolidated federal income tax returns that could be subject to additional U.S. income tax if remitted is immaterial. As of January 31, 2023, the amount of unrecognized U.S federal deferred income tax liability for undistributed earnings is immaterial.
As of January 31, 2023, the statutes for our U.S. federal 2018 through 2022 tax years were open and the results from such tax years remained subject to potential examination in one or more jurisdictions. In addition, in the United States, any net operating losses or credits that were generated in prior years but not yet fully utilized in a year that is closed under the statute of limitations may also be subject to examination. We are currently under examination in the Netherlands for the 2015 and 2016 tax years. We are currently unable to estimate the financial outcome of this examination due to its preliminary status. We regularly assess the likelihood of adverse outcomes resulting from these examinations to determine the adequacy of our provision for income taxes. We continue to monitor the progress of ongoing discussions with tax authorities and the effect, if any, of the expected expiration of the statute of limitations in various taxing jurisdictions.
As of January 31, 2023, unrecognized tax benefits were $7.5 million, of which $0.5 million would affect the effective tax rate if recognized. We anticipate an immaterial amount of unrecognized tax benefits to reverse in the next 12 months. We are unable to reasonably estimate the timing of the long-term payments or the amount by which the liability will increase or decrease.
It is our policy to classify accrued interest and penalties related to unrecognized tax benefits in the provision for income taxes. For fiscal 2023 and 2022, we recognized an insignificant amount of interest and penalties related to unrecognized tax benefits. Accrued interest and penalties were $0.2 million and $0.1 million as of January 31, 2023 and January 31, 2022, respectively.
Liquidity and Capital Resources
Since inception, we have financed operations primarily through proceeds received from issuances of equity securities, preferred stock and payments received from our customers.
As of January 31, 2023 and January 31, 2022, our principal source of liquidity was cash, cash equivalents, and short-term investments aggregating to $936.7 million and $934.7 million, respectively, which were held for working capital and strategic investment purposes. As of January 31, 2023, cash and cash equivalents consist of cash in banks, money markets funds, agency securities, and treasuries, while short-term investments mainly consist of treasuries, corporate debt securities, and commercial paper.
75
We believe that our existing cash, cash equivalents, and short-term investments will be sufficient to support working capital and capital expenditure requirements for at least the next 12 months. Our future capital requirements will depend on many factors, including our revenue growth rate, the timing and the amount of cash received from customers, the expansion of sales and marketing activities, the timing and extent of spending to support research and development efforts, the price at which we are able to procure third-party cloud infrastructure, expenses associated with our international expansion, the introduction of platform enhancements, and the continuing market adoption of The DevSecOps Platform. In the future, we may enter into arrangements to acquire or invest in complementary businesses, products, and technologies. We may be required to seek additional equity or debt financing. In the event that we require additional financing, we may not be able to raise such financing on terms acceptable to us or at all. If we are unable to raise additional capital or generate cash flows necessary to expand our operations and invest in continued innovation, we may not be able to compete successfully, which would harm our business, operating results, and financial condition.
The following table shows a summary of our cash flows for the periods presented:
| Fiscal Year Ended January 31, | |||||||||||||||||
| 2023 | 2022 | 2021 | |||||||||||||||
| (in thousands) | |||||||||||||||||
| Net cash used in operating activities | $ | (77,408) | $ | (49,814) | $ | (73,580) | |||||||||||
| Net cash used in investing activities | $ | (605,686) | $ | (53,895) | $ | (842) | |||||||||||
| Net cash provided by financing activities | $ | 97,482 | $ | 701,185 | $ | 12,945 | |||||||||||
Operating Activities
Our largest source of operating cash is payments received from our customers. Our primary uses of cash from operating activities are for personnel-related expenses, sales and marketing expenses, third-party cloud infrastructure expenses, and overhead expenses. We have generated negative cash flows from operating activities and have supplemented working capital through net proceeds from the issuance of equity securities.
Cash used in operating activities during fiscal 2023 was $77.4 million, primarily consisting of our net loss of $180.7 million, adjusted for non-cash items of $148.1 million (mainly attributable to stock-based compensation expense of $122.6 million), and net cash outflows of $44.9 million used by changes in our operating assets and liabilities. The main drivers of the changes in operating assets and liabilities were the decrease in accrued compensation and related expenses of $11.7 million, the increase in deferred contract acquisition costs of $48.6 million, and the increase in accounts receivable of $54.2 million, partially offset by the increase in deferred revenue of $73.0 million.
Cash used in operating activities during fiscal 2022 was $49.8 million, primarily consisting of our net loss of $157.6 million, adjusted for non-cash items of $85.2 million (including amortization of deferred contract acquisition costs of $33.4 million, stock-based compensation of $30.0 million, and unrealized foreign exchange loss of $20.4 million) and net cash inflows of $22.6 million provided by changes in our operating assets and liabilities. The main drivers of the changes in operating assets and liabilities were the increase in deferred revenue of $79.1 million and the increase in accrued compensation and related expenses of $19.8 million, partially offset by the increase in deferred contract acquisition costs of $42.6 million and the increase in accounts receivable of $38.2 million.
Investing Activities
Cash used in investing activities during fiscal 2023 was $605.7 million, primarily consisting of $590.0 million in purchases of short-term investments, net of proceeds from maturities, $9.6 million cash outflow
76
as a result of a deconsolidation of an erstwhile subsidiary, and $6.1 million in purchases of property and equipment.
Cash used in investing activities during fiscal 2022 was $53.9 million, primarily consisting of purchases of short-term investments, net of maturities of $50.0 million and purchases of property and equipment of $3.5 million.
Financing Activities
Cash provided by financing activities during fiscal 2023 was $97.5 million, primarily attributable to $61.7 million of contributions received from noncontrolling interests, $24.5 million of proceeds from the issuance of common stock upon stock options exercises, and $14.4 million of proceeds from the issuance of common stock under our ESPP, offset by the partial settlement of acquisition related contingent consideration of $3.1 million.
Cash provided by financing activities during fiscal 2022 was $701.2 million, primarily attributable to $654.6 million in proceeds from our IPO, net of underwriting discounts, $26.5 million of contributions received from noncontrolling interests and $25.4 million of proceeds from issuance of common stock upon stock options exercises.
Contractual Obligations and Commitments
For more information regarding our contractual obligations, refer to “Note 14. Commitments and Contingencies” to our consolidated financial statements.
Critical Accounting Estimates
We prepare our consolidated financial statements in accordance with accounting principles generally accepted in the United States of America. In doing so, we have to make estimates and assumptions. Our critical accounting estimates are those estimates that involve a significant level of uncertainty at the time the estimate was made, and changes in them have had or are reasonably likely to have a material effect on our financial condition or results of operations. Accordingly, actual results could differ materially from our estimates. We base our estimates on past experience and other assumptions that we believe are reasonable under the circumstances, and we evaluate these estimates on an ongoing basis. We believe our judgments and estimates associated with the determination of standalone selling price for each performance obligation in revenue recognition and the accounting for stock-based compensation, which we discuss further below, could have a material impact on our consolidated financial statements.
See “Note 2. Basis of Presentation and Summary of Significant Accounting Policies” to our consolidated financial statements for a summary of significant accounting policies and the effect on our financial statements.
Revenue Recognition
For contracts that contain multiple performance obligations, we allocate the transaction price for each contract to each performance obligation based on the relative standalone selling price or SSP for each performance obligation. We use judgment in determining SSP for our products and services. To determine SSP, we maximize the use of observable standalone sales and observable data, where available. In instances where performance obligations do not have observable standalone sales, we utilize available information that may include other observable inputs or use the expected cost-plus margin approach to estimate the price we would charge if the products and services were sold separately.
Self-managed subscriptions include both (i) a right to use the underlying software and (ii) a right to receive post-contract customer support during the subscription term. Post-contract customer support comprises maintenance services (including updates and upgrades to the software on a when and if available basis) and support services. We have concluded that the right to use the software, which is recognized upon delivery of the license, and the right to receive technical support and software fixes and
77
updates, which is recognized ratably over the term of the arrangement, are two distinct performance obligations. Since neither of these performance obligations are sold on a standalone basis, we estimate the stand-alone selling price for each performance obligation using a model based on the “expected cost plus margin” approach and update the model on an annual basis or when facts and circumstances change. This model uses observable data points to develop the main inputs and assumptions which include the estimated historical costs to develop the paid features in the software license and the estimated future costs to provide post-contract customer support. Based on this model, we determined the SSP allocation for each of our paid tiers across various subscription tenures. Accordingly, we have allocated up to 23% of the entire transaction price to the right to use the underlying software (License revenue - Self managed) and allocated the remaining value of the transaction to the right to receive post-contract customer support (Subscription revenue - Self managed) during the period covered by these consolidated financial statements.
Stock-Based Compensation
The Company has granted equity classified stock-based awards to team members, members of our board of directors, and non-employee advisors. The cost of stock-based awards granted to team members is measured at the grant date, based on the fair value of the award. The following awards involve a greater degree of judgment and complexity:
The Company has elected to use the Black-Scholes option pricing model to determine the fair value of stock options and ESPP. The Black-Scholes option-pricing model requires the input of highly subjective assumptions, including the fair value of the underlying common stock, the expected term of the option, the expected volatility of the price of our common stock, risk-free interest rates, and the expected dividend yield of our common stock. The assumptions used in our option-pricing model represent management’s best estimates. These estimates involve inherent uncertainties and the application of management’s judgment. For stock options and ESPP the expense is recognized on a straight-line basis.
In fiscal 2023, the board of directors of JiHu approved an employee stock option plan (“JiHu ESOP”) for its employees. The fair value of restricted stock awards (“RSAs”) and stock option awards is measured on the date of grant using the Binomial lattice model which includes the following highly subjective assumptions: value per share, risk-free rate, volatility, dividend yield, employee exit rate and early exercise multiple. The compensation costs related to these awards are recognized on a graded attribution method as the grants include a performance condition.
The Company granted restricted stock units (“RSUs”) settleable for 3 million shares of our Class B common stock to Mr. Sijbrandij, our founder and CEO. The RSUs involve a greater degree of judgment and complexity as they contain a service condition and a performance condition based on the achievement of eight separate stock price hurdles/tranches ranging from $95 to $500 per share. The fair value of the RSUs was determined utilizing a Monte Carlo valuation model. Any portion of these RSUs may only be earned upon a corporate transaction or after a liquidity event and only to the extent Mr. Sijbrandij continues to lead the company as our CEO. We will recognize total stock-based compensation expense over the derived service period of each tranche using the accelerated attribution method, regardless of whether the stock price hurdles are achieved.
Our performance stock units (“PSUs”), issued to the senior members of the management team are subject to a revenue performance condition and service conditions. The number of PSUs that will ultimately vest will depend on the revenue achieved by us in fiscal 2025 relative to the defined target. The fair value of PSUs is measured at the market price of our Class A common stock on the date of grant and compensation costs related to these awards are recognized on a graded-vesting method over the requisite service period. The estimate of awards expected to vest is reassessed by management at each reporting period.
78
Recently Issued Accounting Pronouncements
See “Note 2. Basis of Presentation and Summary of Significant Accounting Policies” to our consolidated financial statements included elsewhere in this Annual Report for more information regarding recently issued accounting pronouncements.
79
ITEM 7A. QUANTITATIVE AND QUALITATIVE DISCLOSURE ABOUT MARKET RISK
We have operations both within the United States and internationally. We are exposed to market risk in the ordinary course of our business. Market risk represents the risk of loss that may impact our financial condition due to adverse changes in financial market prices and rates. Our market risk exposure is primarily the result of fluctuations in interest rates and foreign currency exchange rates.
Interest Rate Risk
As of January 31, 2023 and January 31, 2022, we had $936.7 million and $934.7 million of cash, cash equivalents, and short-term investments, respectively. Our cash equivalents and short-term investments of $704.3 million as of January 31, 2023, mainly consist of money market funds, treasuries, corporate debt securities and commercial paper. Our cash equivalents and short-term investments of $830.2 million as of January 31, 2022, mainly consist of money market accounts and certificates of deposit. Our cash, cash equivalents, and short-term investments are held for working capital and strategic investment purposes. We do not enter into investments for trading or speculative purposes. Our fixed-income portfolio is subject to fluctuations in interest rates, which could affect our results of operations. Based on our investment portfolio balance as of January 31, 2023, a hypothetical increase or decrease in interest rates of 1% (100 basis points) would result in a decrease or an increase in the fair value of our portfolio of approximately $4.4 million. Such losses would only be realized if we sell the investments prior to maturity. The weighted-average life of our investment portfolio was approximately 7 months as of January 31, 2023.
Foreign Currency Exchange Risk
To date, all of our sales contracts have been denominated in U.S. dollars, except for our variable interest entity, JiHu, which sells in local currency in its designated area. Our revenue is not subject to a material foreign currency risk. Operating expenses within the United States are primarily denominated in U.S. dollars, while operating expenses incurred outside the United States are primarily denominated in each country’s respective local currency. Our consolidated results of operations and cash flows are, therefore, subject to fluctuations due to changes in foreign currency exchange rates and may be adversely affected in the future due to changes in foreign exchange rates.
Our reporting currency is the U.S. dollar, and the functional currency of our foreign subsidiaries is each country’s respective local currency. Assets and liabilities of the foreign subsidiaries are translated into U.S. dollars at the exchange rates in effect at the reporting date, and income and expenses are translated at average exchange rates during the period, with the resulting translation adjustments directly recorded as a component of accumulated other comprehensive income (loss). Foreign currency transaction gains and losses are recorded in other income (expense), net in the consolidated statements of operations. The volatility of exchange rates depends on many factors that we cannot forecast with reliable accuracy. In the event our foreign currency denominated assets, liabilities, or expenses increase, our operating results may be more greatly affected by fluctuations in the exchange rates of the currencies in which we do business. Moreover, as of January 31, 2023, we have $83.6 million of cash and cash equivalents denominated in currencies other than the U.S. dollar, predominantly Chinese yuan for our variable interest entity, JiHu. The value of these cash balances may materially change along with the weakness or strength of the U.S. dollar. As of January 31, 2023, a hypothetical 10% change in foreign currency exchange rates would have a material impact on our consolidated financial statements.
We have not engaged in the hedging of foreign currency transactions to date, although we may choose to do so in the future.
80
ITEM 8. FINANCIAL STATEMENTS AND SUPPLEMENTARY DATA
INDEX TO CONSOLIDATED FINANCIAL STATEMENTS
| Page | |||||
Reports of Independent Registered Public Accounting Firm ( | |||||
81
Report of Independent Registered Public Accounting Firm
To the Stockholders and the Board of Directors
GitLab Inc.:
Opinion on the Consolidated Financial Statements
We have audited the accompanying consolidated balance sheets of GitLab Inc. and subsidiaries (the Company) as of January 31, 2023 and January 31, 2022, the related consolidated statements of operations, comprehensive loss, convertible preferred stock and stockholders’ equity (deficit), and cash flows for each of the years in the three-year period ended January 31, 2023, and the related notes and financial statement schedule II - valuation and qualifying accounts (collectively, the consolidated financial statements). In our opinion, the consolidated financial statements present fairly, in all material respects, the financial position of the Company as of January 31, 2023 and January 31, 2022, and the results of its operations and its cash flows for each of the years in the three-year period ended January 31, 2023, in conformity with U.S. generally accepted accounting principles.
We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the Company’s internal control over financial reporting as of January 31, 2023, based on criteria established in Internal Control – Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission, and our report dated March 30, 2023 expressed an adverse opinion on the effectiveness of the Company’s internal control over financial reporting.
Basis for Opinion
These consolidated financial statements are the responsibility of the Company’s management. Our responsibility is to express an opinion on these consolidated financial statements based on our audits. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.
We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the consolidated financial statements are free of material misstatement, whether due to error or fraud. Our audits included performing procedures to assess the risks of material misstatement of the consolidated financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the consolidated financial statements. Our audits also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the consolidated financial statements. We believe that our audits provide a reasonable basis for our opinion.
Critical Audit Matters
The critical audit matters communicated below are matters arising from the current period audit of the consolidated financial statements that were communicated or required to be communicated to the audit committee and that: (1) relate to accounts or disclosures that are material to the consolidated financial statements and (2) involved our especially challenging, subjective, or complex judgments. The communication of critical audit matters does not alter in any way our opinion on the consolidated financial statements, taken as a whole, and we are not, by communicating the critical audit matters below, providing separate opinions on the critical audit matters or on the accounts or disclosures to which they relate.
Impact of ineffective control environment
As disclosed in management’s report on internal control over financial reporting, the Company identified a material weakness as of January 31, 2023 associated with ineffective information technology general
82
controls (ITGCs) in the areas of user access and change-management over information technology (IT) systems that support the Company’s financial reporting processes. Automated and manual business process controls dependent on ITGCs were also deemed ineffective, because they could have been adversely impacted by the ineffective ITGCs. This material weakness affects substantially all financial statement accounts.
We identified the evaluation of the sufficiency of audit evidence in response to the material weakness as a critical audit matter. Evaluating the sufficiency of the audit evidence obtained required significant auditor judgment because of the pervasive nature of the material weakness identified above.
The following are the primary procedures we performed to address this critical audit matter.
•We applied significant auditor judgment to determine the timing, nature and extent of procedures to be performed over processes impacted by the material weakness.
•We reflected the effect of the material weakness in our assessment of risk and performed the procedures closer to the balance sheet date.
•These procedures included lowering testing thresholds, increasing sample sizes and manually testing the completeness and accuracy of system generated reports.
•We evaluated the overall sufficiency of audit evidence obtained by assessing the results of the procedures performed.
Evaluation of standalone selling prices (SSPs) for self-managed subscription and self-managed license performance obligations
As discussed in Note 3 to the consolidated financial statements, the Company recognized self-managed subscription revenue and self-managed license revenue of $275.3 million and $46.0 million, respectively, for the year ended January 31, 2023. The Company allocates the transaction price to each performance obligation based on the relative SSP. To determine SSP the Company maximizes the use of observable standalone sales and observable data where available. In instances where performance obligations do not have observable standalone sales, the Company utilizes available information that may include market conditions, pricing strategies, the economic life of the software, and other observable inputs and uses the expected cost plus margin approach to estimate the price the Company would charge if the products and services were sold separately.
We identified the evaluation of SSPs for self-managed subscription and self-managed license performance obligations as a critical audit matter. We performed a sensitivity analysis to determine the key assumption used to determine SSP, which required challenging auditor judgment. Specifically, challenging and subjective auditor judgment was required to evaluate the estimated costs to develop the paid features in the expected cost plus margin approach. Additionally, the estimate of SSP was sensitive to variation in this key assumption.
The following are the primary procedures we performed to address this critical audit matter.
•We evaluated the overall methodology used to determine the estimate of SSPs based on the expected cost plus a margin approach.
•We performed sensitivity analyses over the Company’s assumptions used to determine the SSPs to identify the costs to develop the paid features as the key assumption and to assess the impact of changes in the assumption on the Company’s SSPs.
•We assessed the reasonableness of the key assumption by comparing it to historical data, internal data, and relevant peer data, where available.
83
•We evaluated the data utilized by management to estimate the cost to develop the paid features by examining a selection of requests to merge code and interviewing the Company’s engineering team.
•We tested the mathematical accuracy of management’s calculations of estimated selling prices.
/s/ KPMG LLP
We have served as the Company’s auditor since 2019.
Pittsburgh, Pennsylvania
March 30, 2023
84
Report of Independent Registered Public Accounting Firm
To the Stockholders and the Board of Directors
GitLab Inc.:
Opinion on Internal Control Over Financial Reporting
We have audited GitLab Inc. and subsidiaries' (the Company) internal control over financial reporting as of January 31, 2023, based on criteria established in Internal Control – Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission. In our opinion, because of the effect of the material weaknesses, described below, on the achievement of the objectives of the control criteria, the Company has not maintained effective internal control over financial reporting as of January 31, 2023, based on criteria established in Internal Control – Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission.
We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the consolidated balance sheets of the Company as of January 31, 2023 and January 31, 2022, the related consolidated statements of operations, comprehensive loss, convertible preferred stock and stockholders’ equity (deficit), and cash flows for each of the years in the three-year period ended January 31, 2023, and the related notes and financial statement schedule II - valuation and qualifying accounts (collectively, the consolidated financial statements), and our report dated March 30, 2023 expressed an unqualified opinion on those consolidated financial statements.
A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company’s annual or interim financial statements will not be prevented or detected on a timely basis. Material weaknesses related to the following have been identified and included in management’s assessment: The Company had a lack of policies and procedures related to the operation of control activities and inadequate communication of information to control owners and operators related to the objectives and responsibilities for internal control in a manner which supports the internal control environment at the Company. As a result, the Company had ineffective information technology general controls in the areas of user access and change-management over information technology systems that are relevant to the Company’s preparation of their consolidated financial statements; and ineffective process level controls that use information that cannot be relied on from the affected systems, including those related to stock-based compensation and non-routine transactions. In addition, the Company had ineffective process level controls over manual journal entries and over stock-based compensation resulting from insufficient documentation maintained to support the operation of controls including the level of precision at which controls are executed. The material weaknesses were considered in determining the nature, timing, and extent of audit tests applied in our audit of the 2023 consolidated financial statements, and this report does not affect our report on those consolidated financial statements.
Basis for Opinion
The Company’s management is responsible for maintaining effective internal control over financial reporting and for its assessment of the effectiveness of internal control over financial reporting, included in the accompanying Management's Report on Internal Control over Financial Reporting. Our responsibility is to express an opinion on the Company’s internal control over financial reporting based on our audit. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.
We conducted our audit in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects. Our audit of internal control over financial reporting included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, and testing and evaluating the design and operating effectiveness of
85
internal control based on the assessed risk. Our audit also included performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinion.
Definition and Limitations of Internal Control Over Financial Reporting
A company’s internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company’s internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements.
Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.
/s/ KPMG LLP
Pittsburgh, Pennsylvania
March 30, 2023
86
GitLab Inc.
Consolidated Balance Sheets
(in thousands, except per share data)
January 31, 2023(1) | January 31, 2022(1) | |||||||||||||
| ASSETS | ||||||||||||||
| CURRENT ASSETS: | ||||||||||||||
| Cash and cash equivalents | $ | $ | ||||||||||||
| Short-term investments | ||||||||||||||
Accounts receivable, net of allowance for doubtful accounts of $ | ||||||||||||||
| Deferred contract acquisition costs, current | ||||||||||||||
| Prepaid expenses and other current assets | ||||||||||||||
| Total current assets | ||||||||||||||
| Property and equipment, net | ||||||||||||||
| Operating lease right-of-use assets | — | |||||||||||||
| Equity method investment | ||||||||||||||
| Goodwill | ||||||||||||||
| Intangible assets, net | ||||||||||||||
| Deferred contract acquisition costs, non-current | ||||||||||||||
| Other long-term assets | ||||||||||||||
| TOTAL ASSETS | $ | $ | ||||||||||||
| LIABILITIES AND STOCKHOLDERS’ EQUITY | ||||||||||||||
| CURRENT LIABILITIES: | ||||||||||||||
| Accounts payable | $ | $ | ||||||||||||
| Accrued expenses and other current liabilities | ||||||||||||||
| Accrued compensation and benefits | ||||||||||||||
| Deferred revenue, current | ||||||||||||||
| Total current liabilities | ||||||||||||||
| Deferred revenue, non-current | ||||||||||||||
| Other non-current liabilities | ||||||||||||||
| TOTAL LIABILITIES | ||||||||||||||
Commitments and contingencies (Note 14) | ||||||||||||||
| STOCKHOLDERS’ EQUITY: | ||||||||||||||
Preferred stock, $ | ||||||||||||||
Class A Common stock, $ | ||||||||||||||
Class B Common stock, $ | ||||||||||||||
| Additional paid-in capital | ||||||||||||||
| Accumulated deficit | ( | ( | ||||||||||||
| Accumulated other comprehensive income (loss) | ( | |||||||||||||
| Total GitLab stockholders’ equity | ||||||||||||||
| Noncontrolling interests | ||||||||||||||
| TOTAL STOCKHOLDERS’ EQUITY | ||||||||||||||
| TOTAL LIABILITIES AND STOCKHOLDERS’ EQUITY | $ | $ | ||||||||||||
The accompanying notes are an integral part of these consolidated financial statements.
87
GitLab Inc.
Consolidated Statements of Operations
(in thousands, except per share data)
| Fiscal Year Ended January 31, | |||||||||||||||||
| 2023 | 2022 | 2021 | |||||||||||||||
| Revenue: | |||||||||||||||||
| Subscription—self-managed and SaaS | $ | $ | $ | ||||||||||||||
| License—self-managed and other | |||||||||||||||||
| Total revenue | |||||||||||||||||
| Cost of revenue: | |||||||||||||||||
| Subscription—self-managed and SaaS | |||||||||||||||||
| License—self-managed and other | |||||||||||||||||
| Total cost of revenue | |||||||||||||||||
| Gross profit | |||||||||||||||||
| Operating expenses: | |||||||||||||||||
| Sales and marketing | |||||||||||||||||
| Research and development | |||||||||||||||||
| General and administrative | |||||||||||||||||
| Total operating expenses | |||||||||||||||||
| Loss from operations | ( | ( | ( | ||||||||||||||
| Interest income | |||||||||||||||||
| Other income (expense), net | ( | ||||||||||||||||
| Loss before income taxes and loss from equity method investment | ( | ( | ( | ||||||||||||||
| Loss from equity method investment, net of tax | ( | ||||||||||||||||
| Provision for (benefit from) income taxes | ( | ||||||||||||||||
| Net loss | $ | ( | $ | ( | $ | ( | |||||||||||
| Net loss attributable to noncontrolling interest | ( | ( | |||||||||||||||
| Net loss attributable to GitLab | $ | ( | $ | ( | $ | ( | |||||||||||
| Net loss per share attributable to GitLab Class A and Class B common stockholders, basic and diluted | $ | ( | $ | ( | $ | ( | |||||||||||
| Weighted-average shares used to compute net loss per share attributable to GitLab Class A and Class B common stockholders, basic and diluted | |||||||||||||||||
The accompanying notes are an integral part of these consolidated financial statements.
88
GitLab Inc.
Consolidated Statements of Comprehensive Loss
(in thousands)
| Fiscal Year Ended January 31, | |||||||||||||||||
| 2023 | 2022 | 2021 | |||||||||||||||
| Net loss | $ | ( | $ | ( | $ | ( | |||||||||||
| Foreign currency translation adjustments | ( | ( | |||||||||||||||
| Net change in unrealized losses on available-for-sale securities | ( | $ | |||||||||||||||
| Comprehensive loss including noncontrolling interest | $ | ( | $ | ( | $ | ( | |||||||||||
| Net loss attributable to noncontrolling interest | ( | ( | |||||||||||||||
| Foreign currency translation adjustments attributable to noncontrolling interest | ( | ||||||||||||||||
| Comprehensive loss attributable to noncontrolling interest | ( | ( | |||||||||||||||
| Comprehensive loss attributable to GitLab | $ | ( | $ | ( | $ | ( | |||||||||||
The accompanying notes are an integral part of these consolidated financial statements.
89
GitLab Inc.
Consolidated Statements of Convertible Preferred Stock and Stockholders’ Equity (Deficit)
(in thousands)
| Twelve Months Ended January 31, 2023 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Convertible Preferred Stock | Class A Common Stock | Class B Common Stock | Additional Paid-in Capital | Accumulated Deficit | Accumulated Other Comprehensive (Loss) Income | Noncontrolling Interests | Total Stockholders’ Equity | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Shares | Amount | Shares | Amount | Shares | Amount | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Balance at January 31, 2020 | $ | $ | $ | $ | $ | ( | $ | $ | $ | ( | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Repurchase of common stock | — | — | — | — | ( | — | ( | — | — | — | ( | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Issuance of common stock upon conversion of preferred stock | ( | ( | — | — | — | — | — | — | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Issuance of common stock related to vested exercised stock options | — | — | — | — | — | — | — | — | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Issuance of common stock related to early exercised stock options, net of repurchases | — | — | — | — | — | — | — | — | — | — | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Vesting of early exercised stock options | — | — | — | — | — | — | — | — | — | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Stock-based compensation expense | — | — | — | — | — | — | — | — | — | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Foreign currency translation adjustments | — | — | — | — | — | — | — | — | ( | — | ( | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Net loss | — | — | — | — | — | — | — | ( | — | — | ( | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Balance at January 31, 2021 | $ | $ | $ | $ | $ | ( | $ | ( | $ | $ | ( | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Conversion of convertible preferred stock to Class B common stock upon initial public offering | ( | ( | — | — | — | — | — | — | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Conversion of Class B common stock to Class A common stock by the selling stockholder (CEO) upon initial public offering | — | — | — | ( | — | — | — | — | — | — | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Issuance of common stock upon initial public offering, net of underwriting discounts and other offering costs | — | — | — | — | — | — | — | — | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Conversion of Class B common stock to Class A common stock | — | — | — | ( | — | — | — | — | — | — | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Issuance of common stock in connection with business combination, net | — | — | — | — | — | — | — | — | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Contingent stock consideration in connection with business combination | — | — | — | — | — | — | — | — | — | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Repurchase of common stock | — | — | — | — | ( | — | ( | — | — | — | ( | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Issuance of common stock related to vested exercised stock options | — | — | — | — | — | — | — | — | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Issuance of common stock related to early exercised stock options, net of repurchases | — | — | — | — | — | — | — | — | — | — | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Vesting of early exercised stock options | — | — | — | — | — | — | — | — | — | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Warrant exercised | — | — | — | — | — | — | — | — | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Stock-based compensation expense | — | — | — | — | — | — | — | — | — | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Foreign currency translation adjustments | — | — | — | — | — | — | — | — | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Capital contributions from noncontrolling interest holders | — | — | — | — | — | — | — | — | — | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Net loss | — | — | — | — | — | — | — | ( | — | ( | ( | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Balance at January 31, 2022 | $ | $ | $ | $ | $ | ( | $ | $ | $ | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Conversion of Class B common stock to Class A common stock | — | — | — | ( | — | — | — | — | — | — | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Issuance of common stock related to vested exercised stock options | — | — | — | — | — | — | — | — | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Issuance of common stock under employee stock purchase plan | — | — | — | — | — | — | — | — | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Repurchases, net of early exercised stock options | — | — | — | — | ( | — | — | — | — | — | — | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Issuance of common stock related to RSUs vested, net of tax withholdings | — | — | — | — | — | — | — | — | — | — | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Vesting of early exercised stock options | — | — | — | — | — | — | — | — | — | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Stock-based compensation expense | — | — | — | — | — | — | — | — | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Other comprehensive loss | — | — | — | — | — | — | — | — | ( | ( | ( | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Change in noncontrolling interest ownership due to capital contributions from noncontrolling interest holders, net of issuance costs | — | — | — | — | — | — | — | — | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Deconsolidation of Meltano Inc. | — | — | — | — | — | — | — | — | — | ( | ( | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Net loss | — | — | — | — | — | — | — | ( | — | ( | ( | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Balances at January 31, 2023 | $ | $ | $ | $ | $ | ( | $ | ( | $ | $ | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The accompanying notes are an integral part of these consolidated financial statements.
90
GitLab Inc.
Consolidated Statements of Cash Flows
(in thousands)
| Fiscal Year Ended January 31, | |||||||||||||||||
| 2023 | 2022 | 2021 | |||||||||||||||
| CASH FLOWS FROM OPERATING ACTIVITIES: | |||||||||||||||||
| Net loss, including amounts attributable to noncontrolling interest | $ | ( | $ | ( | $ | ( | |||||||||||
| Adjustments to reconcile net loss to net cash used in operating activities: | |||||||||||||||||
| Stock-based compensation expense | |||||||||||||||||
| Operating lease non-cash expense | — | — | |||||||||||||||
| Gain from the fair value change of acquisition related contingent consideration | ( | ||||||||||||||||
| Amortization of intangible assets | |||||||||||||||||
| Depreciation expense | |||||||||||||||||
| Amortization of deferred contract acquisition costs | |||||||||||||||||
| Gain from deconsolidation of Meltano Inc. | ( | ||||||||||||||||
| Loss from equity method investment | |||||||||||||||||
| Net amortization of premiums or discounts on short-term investments | ( | ||||||||||||||||
| Unrealized foreign exchange (gain) loss | ( | ( | |||||||||||||||
| Other non-cash expense, net | |||||||||||||||||
| Changes in assets and liabilities: | |||||||||||||||||
| Accounts receivable | ( | ( | ( | ||||||||||||||
| Prepaid expenses and other current assets | ( | ( | |||||||||||||||
| Deferred contract acquisition costs | ( | ( | ( | ||||||||||||||
| Other long-term assets | ( | ||||||||||||||||
| Accounts payable | |||||||||||||||||
| Accrued expenses and other current liabilities | |||||||||||||||||
| Accrued compensation and benefits | ( | ||||||||||||||||
| Deferred revenue | |||||||||||||||||
| Other long-term liabilities | ( | ||||||||||||||||
| Net cash used in operating activities | ( | ( | ( | ||||||||||||||
| CASH FLOWS FROM INVESTING ACTIVITIES: | |||||||||||||||||
| Purchases of short-term investments | ( | ( | |||||||||||||||
| Proceeds from maturities of short-term investments | |||||||||||||||||
| Purchases of property and equipment | ( | ( | |||||||||||||||
| Deconsolidation of Meltano Inc. | ( | ||||||||||||||||
| Payments for business combination, net of cash acquired and consideration withheld in an escrow | ( | ||||||||||||||||
| Payments for asset acquisitions | ( | ||||||||||||||||
| Other investing activities | |||||||||||||||||
| Net cash used in investing activities | ( | ( | ( | ||||||||||||||
| CASH FLOWS FROM FINANCING ACTIVITIES: | |||||||||||||||||
| Proceeds from initial public offering, net of underwriting discounts | |||||||||||||||||
| Proceeds from the issuance of common stock upon exercise of stock options, including early exercises, net of repurchases | |||||||||||||||||
| Issuance of common stock under employee stock purchase plan | |||||||||||||||||
| Proceeds from warrants exercised | |||||||||||||||||
| Repurchase of common stock in a tender offer | ( | ( | |||||||||||||||
| Contributions received from noncontrolling interests, net of issuance costs | |||||||||||||||||
| Partial settlement of acquisition related contingent cash consideration | ( | ||||||||||||||||
91
| Payments of deferred offering costs | ( | ||||||||||||||||
| Net cash provided by financing activities | |||||||||||||||||
| Impact of foreign exchange on cash and cash equivalents | ( | ||||||||||||||||
| Net increase (decrease) in cash and cash equivalents | ( | ( | |||||||||||||||
| Cash, cash equivalents, and restricted cash at beginning of period | |||||||||||||||||
| Cash, cash equivalents, and restricted cash at end of period | $ | $ | $ | ||||||||||||||
| Supplemental disclosure of cash flow information: | |||||||||||||||||
| Cash paid for income taxes | $ | $ | $ | ||||||||||||||
| Cash donations | $ | $ | $ | ||||||||||||||
| Supplemental disclosure of non-cash investing and financing activities: | |||||||||||||||||
| Vesting of early exercised stock options | $ | $ | $ | ||||||||||||||
| Issuance of common stock upon conversion of preferred stock | $ | $ | $ | ||||||||||||||
| Unpaid property and equipment in accrued expenses | $ | $ | $ | ||||||||||||||
| Unpaid deferred offering costs | $ | $ | $ | ||||||||||||||
| Reconciliation of cash, cash equivalents and restricted cash within the consolidated balance sheets to the amounts shown in the consolidated statements of cash flows above: | |||||||||||||||||
| Cash and cash equivalents | $ | $ | $ | ||||||||||||||
| Restricted cash, included in prepaid expenses and other current assets | |||||||||||||||||
| Restricted cash, included in other long-term assets | |||||||||||||||||
| Total cash, cash equivalents and restricted cash | $ | $ | $ | ||||||||||||||
The accompanying notes are an integral part of these consolidated financial statements.
92
GitLab Inc.
Notes to Consolidated Financial Statements
1. Organization and Description of Business
GitLab Inc. (the “Company”) began as an open source project in 2011 and was incorporated in Delaware on September 12, 2014. While the Company is headquartered in San Francisco, California, it operates on an all-remote model. The Company is a technology company and its primary offering is “GitLab”, a complete DevSecOps platform delivered as a single application. GitLab is used by a wide range of organizations. The Company also provides related training and professional services. GitLab is offered on both self-managed and software-as-a-service ("SaaS") models. The principal markets for GitLab are currently located in the United States, Europe, and Asia Pacific. The Company is focused on accelerating innovation and broadening the distribution of its platform to companies across the world to help them become better software-led businesses.
2. Basis of Presentation and Summary of Significant Accounting Policies
Basis of Presentation
The consolidated financial statements have been prepared in conformity with accounting principles generally accepted in the United States of America (“U.S. GAAP”).
Fiscal Year
The Company's fiscal year ends on January 31. For example, references to fiscal 2023 and 2022 refer to the fiscal year ended January 31, 2023 and 2022, respectively.
Use of Estimates
The preparation of the consolidated financial statements in conformity with U.S. GAAP requires management to make estimates and assumptions that affect the reported amounts of assets and liabilities, disclosure of contingent assets and liabilities at the date of the financial statements, and the reported amounts of revenue and expenses during the reporting period. Such estimates include, but are not limited to, allocation of revenue to the license element in the Company's self-managed subscriptions, estimating the amortization period for capitalized costs to obtain a contract, allowance for doubtful accounts, stock-based compensation expense, fair value of contingent consideration, fair valuation of retained interest in an investee on loss of control, valuation allowance for deferred income taxes, valuation of intangibles assets and impairment of goodwill and equity method investments. The Company bases these estimates on historical and anticipated results, trends, and various other assumptions that it believes are reasonable under the circumstances, including assumptions as to future events. Actual results could differ from those estimates.
Principles of Consolidation
The consolidated financial statements include 100% of the accounts of wholly owned and majority owned subsidiaries as well as a variable interest entity for which our Company is the primary beneficiary. The ownership interest of other investors is recorded as noncontrolling interest. All intercompany accounts and transactions have been eliminated in consolidation.
93
Foreign Currency
The reporting currency of the Company is the U.S. dollar. The Company determines the functional currency of each foreign subsidiary and the variable interest entity in accordance with ASC 830, Foreign Currency Matters, based on the currency of the primary economic environment in which each subsidiary and the variable interest entity operate. Items included in the financial statements of such subsidiaries and the variable interest entity are measured using that functional currency.
For subsidiaries where the U.S. dollar is the functional currency, foreign currency denominated monetary assets and liabilities are re-measured into U.S. dollars at current exchange rates and foreign currency denominated non-monetary assets and liabilities are re-measured into U.S. dollars at historical exchange rates.
Gains or losses from foreign currency remeasurement and settlements are included in foreign exchange gains (losses), net which is presented within other income (expense), net on the consolidated statements of operations. For the years ended January 31, 2023, 2022 and 2021, the Company recognized foreign exchange gains (losses), net of $4.4 million, $(29.1 ) million and $23.4 million, respectively.
For subsidiaries and the variable interest entity where the functional currency is other than the U.S. dollar, the Company uses the period-end exchange rates to translate assets and liabilities, the average monthly exchange rates to translate revenue and expenses, and historical exchange rates to translate stockholders’ equity (deficit) into U.S. dollars. The Company records translation gains and losses in accumulated other comprehensive income (loss) as a component of stockholders’ equity (deficit) in the consolidated balance sheets. For the years ended January 31, 2023, 2022 and 2021, the Company recognized foreign translation adjustments of $(5.9 ) million, $27.6 million and $(24.0 ) million, respectively.
Cash, Cash Equivalents, and Restricted Cash
Cash and cash equivalents as of January 31, 2023 and 2022, consists of cash held in checking and savings accounts, investments in money market accounts and certain highly-liquid investments. The Company considers all highly-liquid investments purchased with an original or remaining maturity of three months or less at the date of purchase to be cash equivalents.
Short-Term Investments - Marketable Securities
The Company classifies its marketable securities with stated maturities of three months and greater at the date of purchase as short-term investments due to its ability to use these securities to support the Company’s current operations.
As of January 31, 2023, all short-term investments are classified as available-for-sale and are reported at fair value, which is based on quoted market prices for such securities, if available, or based on quoted market prices of financial instruments with similar characteristics. If the fair value of a security falls below its amortized cost, the carrying value is reduced to its fair value if management intends to sell or it is more likely than not that it will be required to sell before recovery of the amortized cost basis. If neither of these conditions are satisfied, impairment is assessed for credit losses by comparing the present value of expected cash flows with the amortized cost basis, and an allowance for credit losses is recorded for the excess of amortized cost over expected cash flows. Impairment losses not attributable to credit losses are reported as a separate component of other comprehensive loss, net of tax.
94
As of January 31, 2022, short-term investments comprised of certificates of deposit with a bank with an original maturity of greater than three months at the date of purchase. Such investments were carried at amortized cost, which approximated their fair value.
The cost of securities sold is based on the specific-identification method and realized gains and losses on available-for-sale securities are recognized upon sale and are included in other income (expense), net in the consolidated statements of operations. Interest on securities classified as available-for-sale is included within Interest income on our consolidated statements of operations.
Accounts Receivable and Allowance for Doubtful Accounts
Accounts receivable, which represent trade receivables from the Company’s customers, are recorded at the invoiced amount and do not bear interest. The Company extends credit of typically 30 to 60 days to its customers in the normal course of business and does not require collateral from its customers. The allowance for doubtful accounts is the Company’s best estimate of the amount of expected credit losses in existing accounts receivable.
As of January 31, 2023 and 2022, the allowance for doubtful accounts was $1.6 million and $1.1 million, respectively. Accounts receivable deemed uncollectible are written off against the allowance when identified.
Concentration of Credit Risk and Significant Customers
Financial instruments that potentially subject the Company to concentrations of credit risk consist primarily of cash, cash equivalents, restricted cash, short-term investments, and accounts receivable. At times, cash deposits may be in excess of insured limits. The Company believes that the financial institutions or corporations that hold its cash, cash equivalents, restricted cash, and short-term investments are financially sound and, accordingly, minimal credit risk exists with respect to these balances. The Company maintains allowances for potential credit losses on accounts receivable when deemed necessary.
There were no customers whose revenue represented more than 10% of total revenue during the years ended January 31, 2023, 2022 and 2021.
Fair Value of Financial Instruments
We define fair value as the price that would be received from selling an asset, or paid to transfer a liability, in an orderly transaction between market participants at the measurement date. When determining the fair value measurements for assets and liabilities which are required to be recorded at fair value, we consider the principal or most advantageous market in which to transact and the market-based risk. We apply fair value accounting for all financial assets and liabilities that are recognized or disclosed at fair value in the financial statements on a recurring basis. The carrying amounts reported in the consolidated financial statements approximate the fair value for cash equivalents, restricted cash, short-term investments, accounts receivable, accounts payable and accrued liabilities due to their short-term nature. The Company also recorded at fair value acquisition related contingent considerations further discussed in “Note 7. Business Combination.”
The Company measures assets and liabilities at fair value at each reporting period using a fair value hierarchy which requires it to maximize the use of observable inputs and minimize the use of unobservable inputs when measuring fair value. U.S. GAAP describes a fair value hierarchy based on
95
three levels of inputs, of which the first two are considered observable and the last unobservable, to measure the fair value:
Level 1 – Inputs are unadjusted quoted prices in active markets for identical assets or liabilities.
Level 2 – Inputs other than Level 1 that are observable, either directly or indirectly, such as quoted prices for similar assets or liabilities, quoted prices in markets that are not active, or other inputs that are observable or can be corroborated by observable market data for substantially the full term of the assets or liabilities.
Level 3 – Inputs are unobservable based on the Company’s own assumptions used to measure assets and liabilities at fair value. The inputs require significant management judgment or estimation.
Fair value estimates are made at a specific point in time based on relevant market information and information about the financial or nonfinancial asset or liability.
Revenue Recognition
The Company generates revenue primarily from offering self-managed (on-premise) and SaaS subscriptions. Revenue is also generated from professional services, including consulting and training.
In accordance with ASC 606, revenue is recognized when a customer obtains control of the promised products and services. The amount of revenue recognized reflects the consideration that the Company expects to be entitled to receive in exchange for these products and services. To achieve the core principle of this standard, the Company applies the following five-step model as a framework:
1)Identify the contract with a customer. We consider the terms and conditions of our arrangements with customers to identify contracts under ASC 606. We consider that we have a contract with a customer when the contract is approved, we can identify each party's rights regarding the products and services to be transferred, we can identify the payment terms for the products and services, we have determined the customer has the ability and intent to pay, and the contract has commercial substance. We apply judgment in determining the customer's ability and intent to pay, which is based upon factors including the customer's historical payment experience or, for new customers, credit and financial information pertaining to the customers. At contract inception, we also evaluate whether two or more contracts should be combined and accounted for as a single contract. Further, contract modifications generally qualify as a separate contract.
The typical term of a subscription contract for self-managed or SaaS offering is one to three years. Our contracts are non-cancelable over the contract term and we act as principal in all our customer contracts. Customers have the right to terminate their contracts generally only if we breach the contract and we fail to remedy the breach in accordance with the contractual terms.
2)Identify the performance obligations in the contract. Performance obligations in our contracts are identified based on the products and services that will be transferred to the customer that are both capable of being distinct, whereby the customer can benefit from the product or service either on its own or together with other resources that are readily available from third parties or from us, and are distinct in the context of the contract, whereby the transfer of the product or service is separately identifiable from other promises in the contract.
Our self-managed subscriptions include two performance obligations: (i) to provide access to proprietary features in our software, and (ii) to provide support and maintenance (including the combined obligation to provide software updates on a when-and-if-available basis).
Our SaaS products provide access to hosted software as well as support, which is evaluated to be a single performance obligation.
96
Services-related performance obligations relate to the provision of consulting and training services. These services are distinct from subscriptions and do not result in significant customization of the software except in certain limited unique contracts.
Some of our customers have the option to purchase additional licenses or renew at a stated price. These options are evaluated on a case-by-case basis but generally do not provide a material right as they are either at the same price as the existing licenses or are within our range of standalone selling price (“SSP”) and, as such, would not result in a separate performance obligation. Where material rights are identified in our contracts, they are treated as separate performance obligations.
3)Determine the transaction price. We determine transaction price based on the consideration to which we expect to be entitled in exchange for transferring products and services to the customer.
Variable consideration is included in the transaction price only to the extent it is probable that a significant future reversal of cumulative revenue under the contract will not occur when the uncertainty associated with the variable consideration is resolved. Our contracts are non-refundable and non-cancellable. We do not offer refunds, rebates, or credits to our customers in the normal course of business. The impact of variable considerations has not been material.
For contracts with a one year term, we applied a practical expedient available under ASC 606 and made no evaluation for the existence of a significant financing component. In these contracts, at contract inception, the period between when we expect to transfer a promised product or service to the customer and when the customer pays for that product or service will be one year or less. For contracts with terms of more than a year, we have applied judgment in determining that advance payments in such contracts are not collected with the primary intention of availing finance and therefore, do not represent a significant financing component. Revenue is recognized net of any taxes collected from customers which are subsequently remitted to governmental entities (e.g., sales tax and other indirect taxes). We do not offer the right of refund in our contracts.
4)Allocate the transaction price to the performance obligations in the contract. If the contract contains a single performance obligation, the entire transaction price is allocated to the single performance obligation. For contracts that contain multiple performance obligations, we allocate the transaction price for each contract to each performance obligation based on the relative SSP for each performance obligation. We use judgment in determining the SSP for our products and services. We typically assess the SSP for our products and services on an annual basis or when facts and circumstances change. To determine SSP, we maximize the use of observable standalone sales and observable data, where available. In instances where performance obligations do not have observable standalone sales, we utilize available information that may include other observable inputs or use the expected cost-plus margin approach to estimate the price we would charge if the products and services were sold separately. The expected cost-plus margin approach is currently used to determine SSP for each distinct performance obligation for self-managed subscriptions.
We have concluded that (i) the right to use the software and (ii) the right to receive technical support and software fixes and updates are two distinct performance obligations in our self-managed subscriptions. Since neither of these performance obligations are sold on a standalone basis, we estimate SSP for each performance obligation using a model based on the “expected cost-plus margin” approach and update the model on an annual basis or when facts and circumstances change. This model uses observable data points to develop the main inputs and assumptions, which include the estimated historical costs to develop the paid features in the software license and the estimated future costs to provide post-contract customer support.
5)Revenue is recognized when or as we satisfy a performance obligation. Revenue is recognized at the time the related performance obligation is satisfied by transferring the promised products
97
and services to a customer. We recognize revenue when we transfer control of the products and services to our customers for an amount that reflects the consideration that we expect to receive in exchange for those products and services. All revenue is generated from contracts with customers.
Subscription - self-managed and SaaS
Subscription - self-managed
The Company's self-managed subscriptions include support, maintenance, upgrades, and updates on a when-and-if-available basis. Revenue for self-managed subscriptions is recognized ratably over the contract period based on the stand-ready nature of subscription elements.
The Company offers two tiers of paid subscriptions as part of the self-managed model: Premium and Ultimate. Subscriptions for self-managed licenses include both (i) a right to use the underlying software (License revenue - Self managed) and (ii) a right to receive post-contract customer support during the subscription term (Subscription revenue - Self managed). Post-contract customer support comprises maintenance services (including updates and upgrades to the software on a when-and-if-available basis) and support services. The Company has concluded that the right to use the software, which is recognized upon delivery of the license, and the right to receive technical support and software fixes and updates, which is recognized ratably over the term of the arrangement, are two distinct performance obligations. Since neither of these performance obligations are sold on a standalone basis, the Company estimates the SSP for each performance obligation using a model based on the “expected cost-plus margin” approach and updates the model on an annual basis or when facts and circumstances change. This model uses observable data points to develop the main inputs and assumptions which include the estimated historical costs to develop the paid features in the software license and the estimated future costs to provide post-contract customer support. Based on this model, the Company allocated between 1 to 23 % of the entire transaction price to the right to use the underlying software (License revenue - Self managed) and allocated the remaining value of the transaction to the right to receive post-contract customer support (Subscription revenue - Self managed) during the period covered by these consolidated financial statements.
The typical term of a subscription contract for self-managed offering is one to three years.
As of January 2021, Starter tier is no longer offered to new customers but remains available for a limited transitory period to our existing customers.
SaaS
We also offer two tiers of paid SaaS subscriptions: Premium and Ultimate. These subscriptions provide access to our latest managed version of our product hosted in a public or private cloud based on the customer’s preference. Revenue from our SaaS products (Subscription revenue - SaaS) is recognized ratably over the contract period when the performance obligation is satisfied.
The typical term of a subscription contract for SaaS offering is one to three years.
As of January 2021, Starter tier is no longer offered to new customers but remains available for a limited transitory period to our existing customers.
License - self-managed and other
The license component of our self-managed subscriptions reflects the revenue recognized by providing customers with rights to use proprietary software features. The Company allocates between 1 to 23 % of the transaction value to License revenue, which is recognized upfront when the software license is made available to our customers.
98
Other revenue consists of professional services revenue which is derived from fixed fee and time and materials offerings, subject to customer acceptance. Given the Company’s limited history of providing professional services, uncertainty exists about customer acceptance and therefore, control is presumed to transfer upon confirmation from the customer, as defined in each professional services contract. Accordingly, revenue is recognized upon satisfaction of all requirements per the applicable contract. Revenue from professional services provided on a time and material basis is recognized over the periods services are delivered.
The Company presents financial information about disaggregation of revenue in “Note 3. Revenues” of the consolidated financial statements.
Deferred Revenue and Contract Assets
Contract liabilities consist of deferred revenue and include payments received in advance of performance under the contract. Such amounts are recognized as revenue over the contractual period. The portion of deferred revenue that the Company will recognize during the twelve-month period from the balance sheet date is recorded within current liabilities and the remaining portion is recorded as long-term.
The Company receives payments from customers based upon contractual billing schedules and accounts receivable are recorded when the right to consideration becomes unconditional. Customers are generally billed in advance, including some multi-year contracts, but the majority of customers in multi-year contracts specifically request to pay annually in advance. Payment terms on invoiced amounts are typically 30 to 60 days. In limited cases, the Company has offered deferred payment terms of a maximum of one year in contracts with a one year contractual term. For multi-year license subscriptions, we generally invoice customers annually at the beginning of each annual coverage period and the license revenue for the full multi-year term is recognized upfront on delivery from deferred revenue. Where the value of revenue recognized exceeds the value of amounts invoiced for a contract at the end of a reporting period, it is reclassed from deferred revenue to contract assets until invoiced. Contract assets are included in prepaid expenses and other current assets on the consolidated balance sheets.
During the years ended January 31, 2023, 2022 and 2021, $145.9 million, $87.1 million and $58.1 million, respectively, of revenue was recognized, which was included in the corresponding deferred revenue balance at the beginning of the reporting periods presented. The increase in deferred revenue balances for the periods presented is mainly attributable to the growth of contracts with new as well as existing customers.
Remaining Performance Obligations
As of January 31, 2023 and 2022, the aggregate amount of the transaction price allocated to billed and unbilled remaining performance obligations for which revenue has not yet been recognized was approximately $435.9 million and $312.4 million, respectively. As of January 31, 2023, the Company expected to recognize approximately 71 % of the transaction price as product or services revenue over the next 12 months and 92 % over the next 24 months.
Deferred Contract Acquisition Costs
Sales commissions and bonuses that are direct and incremental costs of the acquisition of contracts with customers are capitalized. These costs are recorded as deferred contract acquisition costs on the consolidated balance sheets. The Company determines whether costs should be deferred when the costs are direct and incremental and would not have occurred absent the customer contract. The deferred commission and bonus amounts are recoverable through the future revenue streams from our customer contracts all of which are non-cancelable.
Commissions and bonuses paid upon the acquisition of an initial contract are amortized over an estimated period of benefit which has been determined generally to be three years based on historical
99
The following table presents the change in deferred contract acquisition costs (in thousands):
| January 31, | |||||||||||||||||
| 2023 | 2022 | 2021 | |||||||||||||||
| Beginning balance | $ | $ | $ | ||||||||||||||
| Added during the year | |||||||||||||||||
| Amortized during the year | ( | ( | ( | ||||||||||||||
| Ending balance | $ | $ | $ | ||||||||||||||
Cost of Revenue
Cost of revenue for self-managed and SaaS subscriptions consists primarily of allocated cloud-hosting costs paid to third party service providers, personnel-related costs associated with our customer support personnel, including contractors; and allocated overhead. Personnel-related expenses consist of salaries, benefits, bonuses, and stock-based compensation.
Research and Development
Costs related to research and development of the Company’s software offerings are expensed as incurred. These costs consist primarily of compensation paid to the Company's research and development personnel, including contractors; and allocated overhead associated with developing new features or enhancing existing features.
The Company’s internal customer software development process follows an iterative process that results in more frequent software releases than do traditional sequential or waterfall development methodologies and also results in internal validation of the software releases very shortly before they are made available to customers. Therefore, to date, costs to develop software that is marketed externally have not been capitalized as the current software development process is essentially completed concurrently with the establishment of technological feasibility through internal validation of the software releases. As such, all related software development costs are expensed as incurred and included in research and development expenses in the consolidated statements of operations. To date, software development for internal use has been immaterial and no such costs have been capitalized.
100
Loss Contingencies
If an exposure to any potential claim or legal proceeding is considered probable and the amount can be reasonably estimated, the Company records a liability for the estimated loss. Significant judgment is required in both the determination of probability and the determination as to whether an exposure is reasonably estimable. If applicable, the Company records receivables for probable insurance or other third-party recoveries. Due to uncertainties related to these matters, accruals are based on the best information available at the time. As additional information becomes available, the Company reassesses the potential liability and may revise its estimates. These revisions in the estimates of the potential liabilities could have a material impact on the Company’s results of operations and financial position. Legal fees and other costs associated with such actions are expensed as incurred.
Income Taxes
The Company is subject to income taxes in the United States and several foreign jurisdictions. The Company records a provision for income taxes for the anticipated tax consequences of the reported results of operations using the asset and liability method. Under this method, the Company recognizes deferred tax assets and liabilities for the expected future tax consequences of temporary differences between the financial reporting and the tax basis of assets and liabilities, as well as for operating losses and tax credit carryforwards. Deferred tax assets and liabilities are measured using the tax rates that are expected to apply to taxable income for the years in which those tax assets and liabilities are expected to be realized or settled.
Valuation allowances are established when necessary to reduce deferred tax assets to the amounts more likely than not expected to be realized. Management applies significant judgment in assessing the positive and negative evidence available in the determination of the amount of deferred tax assets that were more likely than not to be realized in the future. Future realization of deferred tax assets ultimately depends on the existence of sufficient taxable income of the appropriate character (for example, ordinary income or capital gain) within the carryback or carryforward periods available under the tax law. The Company regularly reviews the deferred tax assets for recoverability based on historical taxable income, projected future taxable income, the expected timing of the reversals of existing temporary differences, and tax planning strategies. The Company’s judgments regarding future profitability may change due to many factors, including future market conditions and the ability to successfully execute its business plans and/or tax planning strategies. Should there be a change in the ability to recover deferred tax assets, the tax provision would increase or decrease in the period in which the assessment is changed.
Compliance with income tax regulations requires the Company to take certain tax positions. In assessing the exposure associated with various filing positions, the Company determines whether a tax position is more likely than not to be sustained upon examination, including resolution of any related appeals or litigation processes, based on the technical merits of the position. The Company uses a two-step approach to recognizing and measuring uncertain tax positions. The first step is to evaluate the tax position for recognition by determining if the weight of the available evidence indicates that it is more likely than not that the position will be sustained upon tax authority examination, including resolution of related appeals or litigation processes, if any. The second step is to measure the tax benefit as the largest amount that is more than fifty percent likely of being realized upon ultimate settlement. Interest and penalties related to unrecognized tax benefits, if any, are included within the provision for income taxes in the consolidated statement of operations.
Comprehensive Loss and Accumulated Other Comprehensive Income (Loss)
Comprehensive loss includes net loss and changes in stockholders’ equity (deficit) that are excluded from net loss due to changes in the Company’s cumulative foreign currency translation account and unrealized gains or losses on short-term investments.
101
Net Loss per Share Attributable to Common Stockholders
Basic net loss per share is based on the weighted-average effect of all common shares issued and outstanding and is calculated by dividing net loss attributable to common stockholders by the weighted-average shares outstanding during the period. Diluted net loss per share is calculated by dividing net loss by the weighted-average number of common shares used in the basic loss per share calculation plus the number of common shares that would be issued assuming exercise or conversion of all potentially dilutive instruments. We exclude equity instruments from the calculation of diluted loss per share if the effect of including such instruments is anti-dilutive. Since we are in a net loss position for all periods presented, basic net loss per share is the same as diluted net loss per share for all periods as the inclusion of all potentially dilutive securities outstanding would have been anti-dilutive. For this calculation, convertible preferred stock, warrants and stock options are considered potentially dilutive instruments. While the convertible preferred stock had participating rights for dividends, it did not participate in losses and hence did not qualify as a participating security in the periods in which the Company generated a loss.
Stock-Based Compensation
The Company has granted equity classified stock-based awards to team members, members of its board of directors, and non-employee advisors. The majority of the Company's stock-based awards have been granted to team members and the service-based vesting condition for the majority of these awards is satisfied over four years .
The cost of stock-based awards granted to team members is measured at the grant date, based on the fair value of the award, and is generally recognized as expense on a straight-line basis over the requisite service period. Forfeitures are recorded as they occur. The Company has elected to use the Black-Scholes option pricing model to determine the fair value of stock options.
The Company records incremental stock-based compensation expense when certain affiliated stockholders or new investors purchase shares from team members and founders of the Company in excess of the fair value of such shares as part of secondary stock purchase transactions. The Company recognized any such excess value as stock-based compensation expense in the consolidated statements of operations.
In May 2021, the Company granted 3 million shares of restricted stock units (“RSUs”) tied to our Class B common stock to Mr. Sijbrandij, our founder and CEO. The RSUs contain a service condition and a performance condition based on the achievement of eight separate stock price hurdles/tranches ranging from $95 to $500 per share. The fair value of the RSUs was determined utilizing a Monte Carlo valuation model. We recognize total stock-based compensation expense over the derived service period of each tranche using the accelerated attribution method, regardless of whether the stock price hurdles are achieved. Refer to “Note 10. Equity” for further discussion.
In September 2021, our board of directors and our stockholders approved the 2021 Employee Stock Purchase Plan (“ESPP”) to enable eligible team members to purchase shares of our Class A common stock with accumulated payroll deductions. We recognize stock-based expenses related to the shares to be issued under the ESPP on a straight-line basis over the offering period, using the Black-Scholes option-pricing model, and determine volatility over an expected term based on the historical volatility of the Company’s peer group, until we establish a sufficient public trading history of our own stock price.
In June 2022, the Company granted 0.4 million performance stock units (“PSUs”) to senior members of its management team subject to a revenue performance condition and service conditions. The number of PSUs that will ultimately vest will depend on the revenue achieved by the Company in fiscal 2025 relative to the defined target and these estimates are regularly reviewed by the Company. The fair value of PSUs is measured at the market price of the Company’s Class A common stock on the date of grant and compensation costs related to awards expected to vest are recognized on a graded-vesting method over the requisite service period. The estimate of awards expected to vest is reassessed by management at each reporting period.
102
Segment Reporting
Our primary business activity is to sell subscriptions on both self-managed and SaaS models. Our chief operating decision maker, who is the Co-founder and Chief Executive Officer, reviews financial information presented on a consolidated basis for the purposes of making operating decisions, allocating resources and evaluating financial performance. Accordingly, we operate our business as one operating segment and one reporting unit. The Company presents financial information about geographical mix of revenue in “Note 3. Revenues” of the consolidated financial statements.
Business Combination
We include the results of operations of the businesses that we acquire beginning from the respective dates of acquisition. We allocate the fair value of the purchase price of our acquisitions to the tangible and intangible assets acquired, and liabilities assumed, based on their estimated fair values. The excess of the fair value of purchase price over the fair values of these identifiable assets and liabilities is recorded as goodwill.
We amortize our acquired intangible assets in business combinations and asset acquisitions on a straight-line basis with definite lives over a period of three years .
The liabilities for any contingent consideration are established at the time of the acquisition and will be evaluated at each reporting date. Any change in the fair value adjustment is recorded in general and administrative expenses.
103
Leases
The Company determines whether an arrangement is or contains a lease at inception, based on whether there is an identified asset and whether the Company controls the use of the identified asset throughout the period of use. At the lease commencement date, the Company determines the lease classification between finance and operating and recognizes a right-of-use asset and corresponding lease liability for each lease component. A right-of-use asset represents the Company’s right to use an underlying asset and a lease liability represents the Company’s obligation to make payments during the lease term. The Company only has operating leases of office premises leased by JiHu. The Company accounts for lease components and non-lease components separately. We do not recognize operating lease right-of-use assets and operating lease liabilities that arise from short-term leases (i.e., leases with a term of 12 months or less).
The lease liability is initially measured as the present value of the remaining lease payments over the lease term. Lease terms may include options to extend or terminate the lease when it is reasonably certain that the Company will exercise that option. The discount rate used to determine the present value is the Company’s incremental borrowing rate unless the interest rate implicit in the lease is readily determinable. The Company estimates its incremental borrowing rate based on the information available at lease commencement date for borrowings with a similar term. The right-of-use asset is initially measured as the present value of the lease payments adjusted for prepaid lease payments to lessors.
Impairment of Long-lived Assets
We evaluate long-lived assets (including intangible assets) for impairment whenever events or changes in circumstances indicate that the carrying amount of a long-lived asset (including an intangible asset) may not be recoverable. An asset is considered impaired if its carrying amount exceeds the future undiscounted cash flow the asset is expected to generate. We measure recoverability of these assets by comparing the carrying amounts to the future undiscounted cash flows the assets are expected to generate. If a long-lived asset (including an intangible asset) is considered to be impaired, the impairment to be recognized equals the amount by which the carrying value of the asset exceeds its fair market value. We have made no material adjustments to our long-lived assets (including intangible assets) in any of the years presented.
We test our goodwill for impairment at least annually in the fourth fiscal quarter of each year, or more frequently if events or changes in circumstances indicate that this asset may be impaired. Based on an analysis of qualitative and quantitative factors, including our market capitalization, we determined no
Equity Method Investment
The Company applies the equity method of accounting to investments when it has significant influence, but not controlling interest in the investee. The Company’s equity method investments are reported at cost and adjusted each period for its proportionate share of the investee’s income or loss. The cost on initial recognition of retained interest in an erstwhile subsidiary is based on fair value on the date of loss of control. The Company’s proportionate share of the net loss resulting from the investment is reported under loss from equity method investment, net of tax in our consolidated statements of operations. The carrying value of the Company’s equity method investments is reported in equity method investment in the consolidated balance sheets. The Company assesses investments for impairment whenever events or changes in circumstances indicate that the carrying value of an investment may not be recoverable.
104
Recently Adopted Accounting Standards
In December 2019, the Financial Accounting Standards Board (“FASB”) issued Accounting Standards Update (“ASU”) 2019-12, Income Taxes (Topic 740): Simplifying the Accounting for Income Taxes (“ASU 2019-12”), which simplifies the accounting for income taxes by eliminating some exceptions to the general approach in ASC 740, Income Taxes in order to reduce cost and complexity of its application. The Company adopted ASU 2019-12 as of February 1, 2022 with no material impact.
In February 2016, the FASB issued ASU 2016-02, Leases (Topic 842) (“Topic 842”). Topic 842 supersedes the lease requirements in ASC Topic 840, Leases. Under Topic 842, lessees are required to recognize assets and liabilities on the consolidated balance sheet for most leases and provide enhanced disclosures. The Company has adopted the Topic 842 effective February 1, 2022 by utilizing the modified retrospective transition method through a cumulative-effect adjustment to the operating lease right-of-use assets and operating lease liabilities on our consolidated balance sheet as on February 1, 2022 in the amount of $0.7 million and $0.8 million, respectively. The adoption of Topic 842 did not have an impact on accumulated deficit as of February 1, 2022. Refer to “Note 11. Joint Venture and Equity Method Investment” for more information.
In June 2016, the FASB issued ASU No. 2016-13, Financial Instruments-Credit Losses (Topic 326): Measurement of Credit Losses on Financial Instruments (“ASU 2016-13”), which requires the measurement and recognition of expected credit losses for financial assets held at amortized cost. ASU 2016-13 replaces the existing incurred loss impairment model with an expected loss methodology, which will result in more timely recognition of credit losses. These expected credit losses for financial assets held at the reporting date are to be based on historical experience, current conditions, and reasonable and supportable forecasts. This ASU requires enhanced disclosures relating to significant estimates and judgments used in estimating credit losses, as well as the credit quality. As an erstwhile emerging growth company (EGC), the Company had previously elected to adopt ASU 2016-13 for its fiscal year beginning February 1, 2023. However, due to the loss of EGC status as on January 31, 2023, the Company has adopted ASU 2016-13 for fiscal year 2023. The adoption of this ASU did not have a material impact on the consolidated financial statements.
There are no recently issued accounting pronouncements that we believe will have a material impact on our financial position, results of operations or cash flows.
3. Revenues
Disaggregation of Revenue
The following table shows the components of revenues and their respective percentages of total revenue for the periods indicated (in thousands, except percentages):
| Fiscal Year Ended January 31, | |||||||||||||||||||||||||||||||||||
| 2023 | 2022 | 2021 | |||||||||||||||||||||||||||||||||
| Subscription—self-managed and SaaS | $ | % | $ | % | $ | % | |||||||||||||||||||||||||||||
| Subscription—self-managed | |||||||||||||||||||||||||||||||||||
| SaaS | |||||||||||||||||||||||||||||||||||
| License—self-managed and other | $ | % | $ | % | $ | % | |||||||||||||||||||||||||||||
| License—self-managed | |||||||||||||||||||||||||||||||||||
| Professional services and other | |||||||||||||||||||||||||||||||||||
| Total revenue | $ | % | $ | % | $ | % | |||||||||||||||||||||||||||||
105
Total Revenue by Geographic Location
The following table summarizes the Company’s total revenue by geographic location based on the region of the Company’s contracting entity, which may be different than the region of the customer (in thousands):
| Fiscal Year Ended January 31, | |||||||||||||||||
| 2023 | 2022 | 2021 | |||||||||||||||
| United States | $ | $ | $ | ||||||||||||||
| Europe | |||||||||||||||||
| Asia Pacific | |||||||||||||||||
| Total revenue | $ | $ | $ | ||||||||||||||
During the years ended January 31, 2023, 2022 and 2021, the United States accounted for 83 %, 84 % and 83 % of total revenue, respectively. No other individual country exceeded 10% of total revenue for any of the periods presented.
The Company operates its business as a single reportable segment.
4. Cash, Cash Equivalents and Short-Term Investments
The following table summarizes the Company’s cash, cash equivalents and short-term investments by category (in thousands):
As of January 31, 2023 | |||||||||||||||||||||||
| Amortized Cost | Gross Unrealized Gains | Gross Unrealized Losses | Fair Value | ||||||||||||||||||||
| Cash and cash equivalents: | |||||||||||||||||||||||
| Cash | $ | $ | $ | $ | |||||||||||||||||||
| Money market funds | |||||||||||||||||||||||
| U.S. Agency securities | |||||||||||||||||||||||
| Total cash and cash equivalents | $ | $ | $ | $ | |||||||||||||||||||
| Short-term investments: | |||||||||||||||||||||||
| Commercial paper | ( | ||||||||||||||||||||||
| Corporate debt securities | ( | ||||||||||||||||||||||
| Municipal bonds | ( | ||||||||||||||||||||||
| Foreign government bonds | ( | ||||||||||||||||||||||
| U.S. Agency securities | ( | ||||||||||||||||||||||
| U.S. Treasury securities | ( | ||||||||||||||||||||||
| Total short-term investments | $ | $ | $ | ( | $ | ||||||||||||||||||
As of January 31, 2022, the Company had $884.7 million of cash and cash equivalents, and $50.0 million of short-term investments, comprised of certificates of deposit with a bank with an original maturity of greater than three months at the date of purchase. Such investments were carried at amortized cost, which approximated their fair value and matured during the year ended January 31, 2023.
The Company uses the specific-identification method to determine any realized gains or losses from the sale of our short-term investments classified as available-for-sale. For the periods presented, the Company did not have any material realized gains or losses as a result of maturities or sale of short-term investments.
106
During the year ended January 31, 2023, the Company recorded $14.5 million of interest income on cash equivalents and short-term investments which includes $6.1 million of net amortization of premiums or discounts on short-term investments during the year ended January 31, 2023. During the year ended January 31, 2022 and 2021, the Company recorded $0.7 million and $1.1 million of interest income on cash equivalents and short-term investments, respectively. The Company did no
As of January 31, 2023, the Company does not have any cash equivalents and short-term investments that have been in a continuous unrealized gain or loss position for more than 12 months as of the periods presented. The following table summarizes unrealized losses on our cash equivalents and short-term investments by category that have been in a continuous unrealized loss position for less than 12 months as of the periods presented (in thousands):
| Carrying Value | Gross Unrealized Losses | ||||||||||
January 31, 2023 | |||||||||||
| U.S. Agency securities | $ | $ | ( | ||||||||
| Commercial paper | ( | ||||||||||
| Corporate debt securities | ( | ||||||||||
| Municipal bonds | ( | ||||||||||
| Foreign government bonds | ( | ||||||||||
| U.S. Treasury securities | ( | ||||||||||
| Total cash equivalents and short-term investments | $ | $ | ( | ||||||||
The following table classifies the Company’s short-term investments by contractual maturities (in thousands):
| January 31, 2023 | January 31, 2022 | ||||||||||||||||||||||
| Amortized cost | Fair Value | Amortized cost | Fair Value | ||||||||||||||||||||
| Due within 1 year | $ | $ | $ | $ | |||||||||||||||||||
| Due between 1 year to 2 years | |||||||||||||||||||||||
| Total | $ | $ | $ | $ | |||||||||||||||||||
All available-for-sale securities have been classified as current, based on management’s ability to use the funds in current operations.
5. Fair Value Measurements
The Company determines fair value based on the fair value hierarchy, which requires an entity to maximize the use of observable inputs and minimize the use of unobservable inputs when measuring fair value. Fair value is defined as the price that would be received to sell an asset or paid to transfer a liability in an orderly transaction between market participants at the measurement date. The fair value assumes that the transaction to sell the asset or transfer the liability occurs in the principal or most advantageous market for the asset or liability and establishes that the fair value of an asset or liability shall be determined based on the assumptions that market participants would use in pricing the asset or liability. The classification of a financial asset or liability within the hierarchy is based upon the lowest level input that is significant to the fair value measurement. The fair value hierarchy prioritizes the inputs into three levels that may be used to measure fair value:
Level 1: Inputs are unadjusted quoted prices in active markets for identical assets or liabilities.
107
Level 2: Inputs other than Level 1 that are observable, either directly or indirectly, such as quoted prices for similar assets or liabilities, quoted prices in markets that are not active, or other inputs that are observable or can be corroborated by observable market data for substantially the full term of the assets or liabilities.
Level 3: Inputs are unobservable based on the Company’s own assumptions used to measure assets and liabilities at fair value. The inputs require significant management judgment or estimation.
The fair value of the Company’s Level 1 financial instruments, such as money market funds which are traded in active markets, is based on quoted market prices for identical instruments. The fair value of the Company’s Level 2 financial instruments such as commercial paper, corporate debt and U.S. government securities are obtained from an independent pricing service, which may use inputs other than quoted prices that are directly or indirectly observable in the market, including readily available pricing sources for the identical underlying security that may not be actively traded. The Company’s marketable securities are held by custodians who obtain investment prices from a third-party pricing provider that incorporates standard inputs in various asset price models.
Financial assets measured at fair value on a recurring basis are summarized below (in thousands):
| Level 1 | Level 2 | Level 3 | Fair Value | ||||||||||||||||||||
January 31, 2023 (1) | |||||||||||||||||||||||
| Cash equivalents: | |||||||||||||||||||||||
| Money market funds | $ | $ | $ | $ | |||||||||||||||||||
| U.S. Agency securities | |||||||||||||||||||||||
| Short-term investments: | |||||||||||||||||||||||
| Commercial paper | |||||||||||||||||||||||
| Corporate debt securities | |||||||||||||||||||||||
| Municipal bonds | |||||||||||||||||||||||
| Foreign government bonds | |||||||||||||||||||||||
| U.S. Agency securities | |||||||||||||||||||||||
| U.S. Treasury securities | |||||||||||||||||||||||
| Total | $ | $ | $ | $ | |||||||||||||||||||
108
6. Supplemental Financial Statement Information
Prepaid Expenses and Other Current Assets
Prepaid expenses and other current assets consisted of the following (in thousands):
| January 31, 2023 | January 31, 2022 | ||||||||||
| Prepaid software subscriptions | $ | $ | |||||||||
| Prepaid insurance | |||||||||||
| Prepaid expenses for the Company’s events | |||||||||||
| Prepaid taxes | |||||||||||
| Prepaid advertising costs | |||||||||||
| Other prepaid expenses | |||||||||||
Restricted cash(1) | |||||||||||
| Interest receivable | |||||||||||
| Revenue contract asset | |||||||||||
| Security and other deposits | |||||||||||
| Other current assets | |||||||||||
| Total prepaid expense and other current assets | $ | $ | |||||||||
(1) Refer to “Note 7. Business Combination”.
Property and Equipment, Net
Property and equipment, net of the following (in thousands):
| January 31, 2023 | January 31, 2022 | ||||||||||
| Computer and office equipment | $ | $ | |||||||||
| Leasehold improvements | |||||||||||
Less: Accumulated depreciation(1) | ( | ( | |||||||||
Total property and equipment, net(1) | $ | $ | |||||||||
109
Depreciation expense of property and equipment was $3.2 million, $0.5 million and zero for the years ended January 31, 2023, 2022 and 2021, respectively.
Other Long-Term Assets
Other long-term assets consisted of the following (in thousands):
| January 31, 2023 | January 31, 2022 | ||||||||||
| Security and other deposits | $ | $ | |||||||||
Restricted cash (1) | |||||||||||
| Deferred software implementation costs | |||||||||||
| Other long-term assets | |||||||||||
| Total other long-term assets | $ | $ | |||||||||
(1) Refer to “Note 7. Business Combination”.
Accrued Expenses and Other Current Liabilities
Accrued expenses and other current liabilities consisted of the following (in thousands):
| January 31, 2023 | January 31, 2022 | ||||||||||
| Accrued expenses | $ | $ | |||||||||
| Indirect taxes payable | |||||||||||
| Customer refunds | |||||||||||
| ESPP employee contributions | |||||||||||
Acquisition related consideration withheld in escrow (1) | |||||||||||
| Income taxes payable | |||||||||||
| — | |||||||||||
Acquisition related contingent cash consideration (1) | |||||||||||
| Other current liabilities | |||||||||||
| Total accrued expenses and other current liabilities | $ | $ | |||||||||
(1) Refer to “Note 7. Business Combination”.
Accrued Compensation and Benefits
Accrued compensation and benefits consisted of the following (in thousands):
| January 31, 2023 | January 31, 2022 | ||||||||||
| Accrued commissions | $ | $ | |||||||||
| Payroll taxes payable | |||||||||||
| Other accrued team member related payables | |||||||||||
| Total accrued compensation and benefits | $ | $ | |||||||||
110
Other Long-Term Liabilities
Other long-term liabilities consisted of the following (in thousands):
| January 31, 2023 | January 31, 2022 | ||||||||||
Acquisition related contingent cash consideration (1) | $ | $ | |||||||||
Provision towards labor matters (2) | |||||||||||
| Early exercised options liability | |||||||||||
| Deferred tax liabilities | |||||||||||
| Long term taxes payable | |||||||||||
| — | |||||||||||
Acquisition related consideration withheld in escrow (1) | |||||||||||
| Other long-term liabilities | |||||||||||
| Total other long-term liabilities | $ | $ | |||||||||
(1) Refer to “Note 7. Business Combination”.
(2) Refer to “Note 14. Commitments and Contingencies”.
Other Income (Expense), Net
Other income (expense), net consisted of the following (in thousands):
| Fiscal Year Ended January 31, | |||||||||||||||||
| 2023 | 2022 | 2021 | |||||||||||||||
Gain from deconsolidation of Meltano Inc. (1) | $ | $ | $ | ||||||||||||||
| Foreign exchange gains (losses), net | ( | ||||||||||||||||
| Other expense, net | ( | ( | |||||||||||||||
| Total other income (expense), net | $ | $ | ( | $ | |||||||||||||
(1) Refer to “Note 11. Joint Venture and Equity Method Investment”.
7. Business Combination
On December 3, 2021, the Company completed the acquisition of Opstrace, Inc., a technology company based in San Francisco, California.
The transaction was accounted for as a business combination. The acquisition date fair value of the consideration transferred consisted of the following (in thousands):
| Cash consideration | $ | ||||
| Fair value of common stock issued on closing | |||||
| Contingent common stock consideration (classified under additional paid-in capital) | |||||
Contingent cash consideration | |||||
Contingent cash consideration (classified under other long-term liabilities) | |||||
| Total consideration | $ | ||||
Cash consideration includes $2.5 million held back as partial security for post-closing indemnification claims made within 18 months of the closing date recorded in accrued expenses and other current
111
liabilities on the consolidated balance sheet as of January 31, 2023 and in other long-term liabilities as of January 31, 2022.
As a result of acquisition, the fair value of the consideration transferred included contingent cash considerations of $7.9 million in aggregate. These contingent cash considerations are determined based upon the satisfaction of certain defined operational milestones and are remeasured at fair value at each reporting period through earnings. As the fair value is based on unobservable inputs, the liabilities are included in Level 3 of the fair value measurement hierarchy.
In September 2022, one of the operational milestones was achieved and the Company paid $4.2 million of contingent cash consideration, part of which was previously recorded in accrued expenses and other current liabilities. The difference of $1.1 million between the amount accrued and the amount paid was attributable to the change in fair value of the original measurement and was recorded as a loss in general and administrative expenses during the year ended January 31, 2023.
We reassessed the fair value of outstanding operational milestones and recorded the fair value gain of $1.7 million in general and administrative expenses for the year ended January 31, 2023.
Accretion expense was $0.3 million for the year ended January 31, 2023. There was no
Results of operations of the business acquired have been included in our consolidated financial statements subsequent to the date of acquisition. The revenue and net loss earned by the business acquired following the acquisition are not material to our consolidated results of operations.
8. Goodwill and Intangible Assets, Net
Goodwill
The carrying amount of goodwill was as follows (in thousands):
| Carrying Amount | |||||
Balance as of January 31, 2023 and January 31, 2022 | $ | ||||
There was no
112
Intangible Assets
Intangible assets, net consisted of the following (in thousands):
| January 31, 2023 | Gross Carrying Amount | Accumulated Amortization | Net Book Value | Weighted average remaining amortization period (years) | |||||||||||||||||||
| Developed technology from business combination | $ | $ | ( | $ | |||||||||||||||||||
Developed technology from asset acquisitions (1) | ( | ||||||||||||||||||||||
| Total | $ | $ | ( | $ | |||||||||||||||||||
| January 31, 2022 | Gross Carrying Amount | Accumulated Amortization | Net Book Value | Weighted average remaining amortization period (years) | |||||||||||||||||||
| Developed technology from business combination | $ | $ | ( | $ | |||||||||||||||||||
Developed technology from asset acquisitions (1) | ( | ||||||||||||||||||||||
| Total | $ | $ | ( | $ | |||||||||||||||||||
(1) The amounts in the tables above include cumulative foreign currency translation adjustments, reflecting movement in the currencies of the underlying intangibles.
Amortization expense was $2.4 million, $0.7 million and $0.2 million for the years ended January 31, 2023, 2022 and 2021, respectively.
As of January 31, 2023, future amortization expense related to the intangibles assets is expected to be as follows (in thousands):
| Fiscal Years | |||||
| 2024 | $ | ||||
| 2025 | |||||
| Total future amortization | $ | ||||
113
10. Equity
In connection with our initial public offering (the “IPO”), on October 18, 2021, the Company filed a restated certificate of incorporation that authorized the issuance of 1,500,000,000 shares of Class A common stock, 250,000,000 shares of Class B common stock, and 50,000,000 shares of preferred stock at $0.0000025 one vote and the holder of each share of Class B common stock is entitled to ten votes.
Common Stock
The Company had shares of common stock reserved for future issuance as follows (in thousands):
| January 31, 2023 | January 31, 2022 | ||||||||||
| Class A and Class B common stock | |||||||||||
| Options issued and outstanding | |||||||||||
| Shares available for issuance under Equity Incentive Plans | |||||||||||
| RSUs and PSUs issued and outstanding | |||||||||||
| Shares reserved for issuance to charitable organizations | |||||||||||
| 2021 ESPP | |||||||||||
| Total | |||||||||||
Early Exercised Options (subject to a repurchase right)
Certain stock option holders have the right to exercise unvested options, subject to a repurchase right held by the Company at the original exercise price, in the event of voluntary or involuntary termination of employment of the holder. As of January 31, 2023 and January 31, 2022, there were 194,304 and 713,967 shares, respectively, of unvested options that had been early exercised and were subject to repurchase for a total liability of $1.8 million and $6.8 million, respectively. The liability associated with early exercised options is included in other long-term liabilities in the consolidated balance sheets.
For accounting purposes, issuance of shares will be recognized only on vesting. However, shares issued for the early exercise of options are included in issued and outstanding shares as they are legally issued and outstanding.
Convertible Preferred Stock
Upon the closing of the IPO, all 79.6 million shares of the Company’s convertible preferred stock outstanding were automatically converted into an equal number of shares of Class B common stock and their carrying value of $424.9 million was reclassified into stockholders’ equity. As of January 31, 2023 and January 31, 2022, there were no
Equity Incentive Plans
In 2015, the Company adopted the 2015 Equity Incentive Plan (the “2015 Plan”), in which shares of common stock of the Company are reserved for issuance of stock options to team members, directors, or consultants. The options generally vest 25 % upon completion of one year and then ratably over 36 months. Options generally expire ten years from the date of grant. All these options qualify as equity settled awards and contain no performance conditions.
In September 2021, in connection with the IPO, the board of directors and stockholders approved the 2021 Equity Incentive Plan (the “2021 Plan”) as a successor to the Company’s 2015 Plan (together the “Plans”). The 2021 Plan authorizes the award of both stock options, which are intended to qualify for tax
114
treatment under Section 422 of the Internal Revenue Code, and nonqualified stock options, as well for the award of restricted stock awards (“RSAs”), stock appreciation rights (“SARs”), restricted stock units (“RSUs”), performance stock units (“PSUs”) and stock bonus awards. Pursuant to the 2021 Plan, incentive stock options may be granted only to the Company’s team members. The Company may grant all other types of awards to its team members, directors, and consultants. The Company initially reserved 13,032,289 shares of its Class A common stock, plus any reserved shares of Class B common stock not issued or subject to outstanding grants under the 2015 Plan on the effective date of the 2021 Plan, for issuance as Class A common stock pursuant to awards granted under the 2021 Plan. The number of shares reserved for issuance under the 2021 Plan increases automatically on February 1 of each of the years from 2022 through 2031.
The awards available for grant under the above Plans for the periods presented were as follows (in thousands):
| January 31, 2023 | January 31, 2022 | ||||||||||
Available at beginning of period | |||||||||||
| Awards authorized | |||||||||||
| Options granted | ( | ||||||||||
| RSUs and PSUs granted | ( | ( | |||||||||
| RSUs and PSUs canceled and forfeited | |||||||||||
| Options canceled and forfeited | |||||||||||
| Options repurchased | |||||||||||
Available at end of period | |||||||||||
In the event that shares previously issued under the above Plans are reacquired by the Company, such shares shall be added to the number of shares then available for issuance under the 2021 Plan. In the event that an outstanding stock option for any reason expires or is canceled, the shares allocable to the unexercised portion of such stock option will be added to the number of shares then available for issuance under the 2021 Plan.
Both Plans allow the grantees to early exercise stock options.
115
Stock Options, RSUs and PSUs
The following table summarizes options activity under the Plans, and related information:
| Number of Stock Options Outstanding (in thousands) | Weighted Average Exercise Price | Weighted Average Remaining Years | Aggregate Intrinsic value (in millions) | ||||||||||||||||||||
Balances at January 31, 2020 | $ | $ | |||||||||||||||||||||
| Options granted | |||||||||||||||||||||||
| Options exercised | ( | ||||||||||||||||||||||
| Options canceled | ( | — | |||||||||||||||||||||
| Options forfeited | ( | — | |||||||||||||||||||||
| Balances at January 31, 2021 | $ | $ | |||||||||||||||||||||
| Options granted | |||||||||||||||||||||||
| Options exercised | ( | ||||||||||||||||||||||
| Options canceled | ( | — | |||||||||||||||||||||
| Options forfeited | ( | — | |||||||||||||||||||||
| Balances at January 31, 2022 | $ | $ | |||||||||||||||||||||
| Options granted | |||||||||||||||||||||||
| Options exercised | ( | ||||||||||||||||||||||
| Options canceled | ( | ||||||||||||||||||||||
| Options forfeited | ( | ||||||||||||||||||||||
Balances at January 31, 2023 | $ | $ | |||||||||||||||||||||
Options vested at January 31, 2023 | $ | $ | |||||||||||||||||||||
Options vested and expected to vest at January 31, 2023 | $ | $ | |||||||||||||||||||||
As of January 31, 2023 and January 31, 2022, approximately $46.2 million and $80.3 million, respectively, of total unrecognized compensation cost was related to stock options granted, that is expected to be recognized over a weighted-average period of 2.1 years and 2.7 years, respectively. The expected stock compensation expense remaining to be recognized reflects only outstanding stock awards as of the periods presented, and assumes no forfeitures.
116
The fair value of each stock option grant was estimated on the date of grant, using a Black-Scholes option-pricing model, with the following weighted-average assumptions:
| Fiscal Year Ended January 31, | |||||||||||
| 2022 | 2021 | ||||||||||
| Risk-free interest rate | % | % | |||||||||
| Weighted-average volatility | % | % | |||||||||
| Weighted-average expected term (in years) | |||||||||||
| Dividend yield | % | % | |||||||||
Prior to the IPO, the Company estimated the volatility of common stock on the date of grant based on the average historical stock price volatility of comparable publicly-traded companies in the Company's industry group. After the IPO, the Company will continue to use the historical volatility of comparable publicly-traded companies until we establish a sufficient public trading history.
The expected term is based on the simplified method for grants to employees and on the contractual term for non-employees. The simplified method is used given the lack of historical exercise behavior data in the Company.
The risk-free interest rate is based on the U.S. Treasury yield curve in effect at the time of grant. The expected dividend yield is zero percent as the Company has not paid and does not anticipate paying dividends on common stock.
The following table summarizes the Company’s RSU activity (in thousands):
Number of Shares (1) | Weighted- Average grant date fair value | ||||||||||
| Balances at January 31, 2021 | $ | ||||||||||
| Granted | |||||||||||
| Vested | |||||||||||
| Canceled/forfeited | |||||||||||
| Balances at January 31, 2022 | $ | ||||||||||
| Granted | |||||||||||
| Vested | ( | ||||||||||
| Canceled/forfeited | ( | ||||||||||
Balances at January 31, 2023 | $ | ||||||||||
These RSUs are grants of shares of the Company’s common stock, the vesting of which is based on the requisite service requirement. Generally, the Company’s RSUs are subject to forfeiture and are expected to vest over to four years ratably on a combination of bi-annual and quarterly basis.
As of January 31, 2023 and January 31, 2022, approximately $254.8 million and $21.5 million, respectively, of total unrecognized compensation cost was related to restricted stock units granted to
117
team members other than the CEO, that is expected to be recognized over a weighted-average period of 3.2 years and 3.9 years, respectively. The expected stock compensation expense remaining to be recognized reflects only outstanding stock awards as of the periods presented, and assumes no forfeitures.
In June 2022, the Company granted 0.4 million PSUs to senior members of its management team subject to revenue performance condition and service conditions. The number of awards granted represents 100 % of the target goal; under the terms of the awards, the recipient may earn between 0 % and 200 % of the original grant. The performance condition is set to be achieved in fiscal 2025 and the service condition in the calendar year 2025. The Company recorded $1.6 million of stock-based compensation expense related to PSUs during the year ended January 31, 2023. As of January 31, 2023, unrecognized stock-based compensation expense related to these PSUs was $7.4 million to be recognized over a period of 2.9 years.
CEO Performance Award
In May 2021, the Company granted 3 million RSUs tied to its Class B common stock to Mr. Sijbrandij, the Company’s co-founder and CEO, with an estimated aggregate grant date fair value of $8.8 million. The Company recorded $1.7 million and $1.2 million of stock-based compensation expense related to the CEO RSUs during the years ended January 31, 2023 and 2022, respectively. As of January 31, 2023, unrecognized stock-based compensation expense related to these RSUs was $5.9 million which will be recognized over the remaining derived service period of the respective tranches which ranges from 2 to 7 years.
2021 Employee Stock Purchase Plan
In September 2021, the Company’s board of directors and its stockholders approved the ESPP to enable eligible team members to purchase shares of the Company’s Class A common stock with accumulated payroll deductions and provides a 15 % purchase price discount of the fair market value of the Company’s Class A common stock on the IPO date or purchase date, whichever is lower. The ESPP also provides up to a 27-month look-back period with four purchase dates in May and November of each year, and the first purchase occurred in May 2022.
If the closing price of the Company’s Class A common stock on the first day of the current offering period is higher than the price on the last day of any applicable purchase period, the ESPP requires the price to be reset based on the lower fair market value and the offering period to be rolled over for a new period of 24 months. During fiscal 2023, this reset and rollover was triggered only on the May 31, 2022 purchase date. The original offering period commencing on the IPO date through November 30, 2023 was modified to a new offering period commencing June 1, 2022 through May 31, 2024 and the ESPP price was reset based on the closing price of the Company’s Class A common stock on May 31, 2022. In accordance with ASC 718, Stock-Based Compensation, the modification in respect of the reset of the ESPP price and rollover resulted in an incremental charge of stock-based compensation expense of $2.8 million during the year ended January 31, 2023. The remaining modification charge of $6.2 million will be recognized over the remainder of the new offering period.
118
| Fiscal Year Ended January 31, | Fiscal Year Ended January 31, | ||||||||||
| 2023 | 2022 | ||||||||||
| Risk-free interest rate | |||||||||||
| Volatility | |||||||||||
| Expected term (in years) | |||||||||||
| Dividend yield | |||||||||||
The Company recorded $25.7 million and $5.1 million of stock-based compensation expense related to the ESPP during the years ended January 31, 2023 and 2022, respectively. As of January 31, 2023, approximately $21.1 million of total unrecognized compensation cost was related to the ESPP that is expected to be recognized over 1.8 years.
As of January 31, 2023, the Company issued 0.4 million shares of Class A common stock to team members through the ESPP.
Stock-Based Compensation Expense
The Company recognized stock-based compensation expense as follows (in thousands):
| Fiscal Year Ended January 31, | |||||||||||||||||
| 2023 | 2022 | 2021 | |||||||||||||||
| Cost of revenue | $ | $ | $ | ||||||||||||||
| Research and development | |||||||||||||||||
| Sales and marketing | |||||||||||||||||
| General and administrative | |||||||||||||||||
Total stock-based compensation expense (1) (2) | $ | $ | $ | ||||||||||||||
(1) The table above includes stock-based compensation of JiHu. Refer to “Note 11. Joint Venture and Equity Method Investment” for further discussion.
(2) The table above includes stock-based compensation related to the tender offers. The Company recognized $0.3 million and $103.3 million of incremental stock-based compensation expense related to the tender offers for fiscal 2022 and 2021, respectively.
The corporate income tax benefit recognized in the consolidated statements of operations for stock-based compensation expense was $7.7 million and $7.0 million for the years ended January 31, 2023 and 2022, respectively, and no t material for the year ended January 31, 2021.
119
11. Joint Venture and Equity Method Investment
Joint Venture
In February 2021, the Company along with Sequoia CBC Junyuan (Hubei) Equity Investment Partnership (Limited Partnership) and Suzhou Gaocheng Xinjian Equity Investment Fund Partnership (Limited Partnership) executed an investment agreement (the “Investment Agreement”) to establish GitLab Information Technology (Hubei) Co., LTD (“JiHu”), a legal entity in the People’s Republic of China. The Company accounted for JiHu as a variable interest entity and consolidated the entity in accordance with ASC Topic 810, Consolidation.
On March 29, 2022, JiHu closed its Series A-1 round of common stock financing where investors contributed $27.7 million, net of issuance costs. On July 1, 2022, JiHu closed its Series A-2 round of common stock financing where investors contributed $22.8 million, net of issuance costs. On September 7, 2022, JiHu closed its Series A-3 round of financing with an external investor who contributed $4.1 million, net of issuance costs. The Company accounted for these funding events as equity transactions with the carrying amount of the non-controlling interest adjusted to reflect the change in the ownership interest in JiHu, and the difference was recognized in the Company’s additional paid-in capital. Subsequent to the closing of the rounds, the Company retains control over JiHu with its equity stake reduced from 72 % to 55 %.
In March 2022, one of the potential investors who could not participate in the Series A-1 financing round provided a $2.9 million loan to JiHu as an advance pending a capital contribution. The loan was repayable within ten business days of receipt of capital contribution from the investor. JiHu received an equity contribution from this investor during the Series A-2 round and repaid the loan in full in July 2022.
During the year ended January 31, 2023, the board of directors of JiHu approved an employee stock option plan (“JiHu ESOP”) for its employees. During the year ended January 31, 2023, the Company recognized $7.8 million of stock-based compensation expense related to JiHu ESOP, respectively. As of January 31, 2023, approximately $14.5 million of total unrecognized compensation cost was related to the JiHu ESOP that is expected to be recognized over 3.2 years. The Company considers the RSAs and stock option awards granted pursuant to the JiHu ESOP as potentially dilutive equity instruments that will result in dilution of the Company’s stake in JiHu upon vesting of such award (or, in the case of option awards granted pursuant to the JiHu ESOP, upon vesting and subsequent exercise into shares of JiHu common stock). Any such dilution will be accounted for as an equity transaction. Until such awards granted pursuant to the JiHu ESOP are vested (or, in the case of option awards, vested and ultimately exercised into shares of JiHu common stock), the Company will continue to record the recognized stock-compensation expense of JiHu as part of the noncontrolling interest.
Operating Leases
The Company recognized $0.6 million, $0.2 million and zero of operating lease expense during the year ended January 31, 2023, 2022 and 2021, respectively. The Company has non-cancelable operating leases maturing over the next two years with total lease payments of $1.2 million and total present value of lease liabilities of $1.1 million.
The table below presents supplemental information related to operating leases for the year ended January 31, 2023 (in thousands, except weighted-average information):
| Weighted-average remaining lease term (in years) | |||||
| Weighted-average discount rate | % | ||||
| Right-of-use assets obtained in exchange for new operating lease liabilities | $ | ||||
Cash paid for amounts included in the measurement of lease liabilities | $ | ||||
120
Selected financial information
Selected financial information of JiHu, post intercompany eliminations, is as follows (in thousands):
| Fiscal Year Ended January 31, | |||||||||||
| 2023 | 2022 | ||||||||||
| Revenue | $ | $ | |||||||||
| Cost of revenue | |||||||||||
| Gross profit (loss) | |||||||||||
| Operating expenses: | |||||||||||
| Sales and marketing | |||||||||||
| Research and development | |||||||||||
| General and administrative | |||||||||||
| Total operating expenses | |||||||||||
| Loss from operations | ( | ( | |||||||||
| Interest income | |||||||||||
| Other income, net | |||||||||||
| Net loss before income taxes | ( | ( | |||||||||
| Net loss | $ | ( | $ | ( | |||||||
| Net loss attributable to noncontrolling interest | $ | ( | $ | ( | |||||||
| January 31, 2023 | January 31, 2022 | ||||||||||
| Cash and cash equivalents | $ | $ | |||||||||
| Property and equipment, net | |||||||||||
| Operating lease right-of-use assets | — | ||||||||||
| Other assets | |||||||||||
| Total assets | $ | $ | |||||||||
| Total liabilities | $ | $ | |||||||||
Equity Method Investment
In April 2021, the Company reorganized Meltano Inc. (“Meltano”), which started as an internal project within the Company in July 2018, into a separate legal entity. The entity was funded by the Company’s contribution of intellectual property with the fair value of approximately $0.4 million and a preferred stock financing from third parties of $4.2 million, representing 12 % ownership on a fully diluted basis.
On April 4, 2022, Meltano closed its Series Seed-2 round of preferred stock financing and raised $7.2 million. Pursuant to this transaction, the board composition of Meltano changed and the Company no longer has the power to appoint the majority of the board of directors of Meltano. Consequently, despite having majority voting rights at the stockholder level, the Company no longer has control over Meltano.
The loss of control of a majority owned subsidiary resulted in the deconsolidation of net assets of $9.4 million and non-controlling interest of Meltano of $11.3 million, recognition of retained interest at fair value of $15.9 million, and a gain of $17.8 million recorded in other income (expense), net during the year
121
ended January 31, 2023. The fair value of retained interest was determined using Option Pricing Model (“OPM”) Backsolve approach based on the most recent funding round of preferred stock. As of the date of the loss of control, the basis difference between the fair value of investment in Meltano and the Company’s share in the net assets of Meltano was attributed to equity method goodwill.
Effective April 4, 2022, the Company accounts for this investment under the equity method and has recorded $12.7 million in “equity method investment” on its consolidated balance sheet as of January 31, 2023. During the year ended January 31, 2023, the Company recognized a loss from equity method investment of $2.5 million, net of tax on the consolidated statements of operations.
12. Income Taxes
The components of total income (loss) from continuing operations before income taxes are as follows (in thousands):
| Fiscal Year Ended January 31, | |||||||||||||||||
| 2023 | 2022 | 2021 | |||||||||||||||
| US | $ | ( | $ | $ | ( | ||||||||||||
| Foreign | ( | ( | ( | ||||||||||||||
| Loss before income taxes | $ | ( | $ | ( | $ | ( | |||||||||||
The provision for (benefit from) income taxes consisted of the following (in thousands):
| Fiscal Year Ended January 31, | |||||||||||||||||
| 2023 | 2022 | 2021 | |||||||||||||||
| Current: | |||||||||||||||||
| Federal and State | $ | $ | ( | $ | |||||||||||||
| Foreign | |||||||||||||||||
| Total current | $ | $ | ( | $ | |||||||||||||
| Deferred: | |||||||||||||||||
| Federal and State | $ | $ | ( | $ | |||||||||||||
| Foreign | |||||||||||||||||
| Total deferred | $ | $ | ( | $ | |||||||||||||
| Provision for (benefit from) income taxes | $ | $ | ( | $ | |||||||||||||
122
A reconciliation of the statutory U.S. federal income tax rate to the Company's effective tax rate is as follows:
| Fiscal Year Ended January 31, | |||||||||||||||||
| 2023 | 2022 | 2021 | |||||||||||||||
| Tax at federal statutory rate | % | % | % | ||||||||||||||
| State, net of federal benefit | ( | ( | |||||||||||||||
| Stock-based compensation | ( | ( | |||||||||||||||
| Non-deductible Executive Compensation | ( | ( | |||||||||||||||
| Research tax credit | |||||||||||||||||
| Foreign rate differential | |||||||||||||||||
| Change in valuation allowance | ( | ( | ( | ||||||||||||||
| Foreign derived intangible income deduction | |||||||||||||||||
| Unrecognized tax benefits | ( | ( | |||||||||||||||
| Other | ( | ||||||||||||||||
| Total | ( | % | % | ( | % | ||||||||||||
Deferred income taxes reflect the net tax effects of temporary differences between the carrying amount of assets and liabilities for financial reporting purposes and the amounts for income tax purposes.
Significant components of the Company's deferred tax assets and liabilities are as follows (in thousands):
| January 31, | |||||||||||
| 2023 | 2022 | ||||||||||
| Deferred tax assets: | |||||||||||
| Net operating loss carryforwards | $ | $ | |||||||||
| Research tax credits | |||||||||||
| Deferred revenue | |||||||||||
| Accruals and other assets | |||||||||||
| Intangibles | |||||||||||
| Stock-based compensation | |||||||||||
| Gross deferred tax assets | |||||||||||
| Valuation allowance | ( | ( | |||||||||
| Net deferred tax assets | |||||||||||
| Deferred tax liabilities: | |||||||||||
| Deferred contract acquisition costs | ( | ( | |||||||||
| Acquired intangibles | ( | ( | |||||||||
| Equity Method Investment | ( | ||||||||||
| Fixed Assets | ( | ||||||||||
| Other | ( | ||||||||||
| Net deferred tax liabilities | $ | ( | $ | ( | |||||||
Under the provisions of ASC 740, Income Taxes, the determination of the Company’s ability to recognize its deferred tax asset requires an assessment of both negative and positive evidence when determining the Company’s ability to recognize its deferred tax assets. The Company determined that it was not more likely than not that the Company could recognize certain deferred tax assets. The evidence evaluated by the Company included operating results during the most recent three-year period and future
123
projections, with more weight given to historical results than expectations of future profitability, which are inherently uncertain. Certain entities’ net losses in recent periods represented sufficient negative evidence to require a valuation allowance against its net deferred tax assets. This valuation allowance will be evaluated periodically and could be reversed partially or totally if business results have sufficiently improved to support realization of deferred tax assets.
The increase of $43.6 million in the valuation allowance for the year ended January 31, 2023 is primarily due to net operating losses generated during the year. As of January 31, 2023, the Company recorded $0.8 million of deferred tax liabilities, net.
The Company has not recorded a provision for deferred U.S. tax expense that could result from the remittance of foreign undistributed earnings since the Company intends to reinvest the earnings of the foreign subsidiaries indefinitely. The Company’s share of the undistributed earnings of foreign corporations not included in its consolidated federal income tax returns that could be subject to additional U.S. income tax if remitted is immaterial. As of January 31, 2023, the amount of unrecognized U.S federal deferred income tax liability for undistributed earnings is immaterial.
As of January 31, 2023, the Company had federal net operating loss carryforwards of approximately $2.3 million, state net operating loss carryforwards of approximately $87.7 million and foreign net operating loss carryforwards of approximately $539.9 million. All of the federal net operating loss carryforwards are carried over from an entity acquired in the previous fiscal year. The federal net operating loss carryforwards do not expire as they were generated post Tax Cuts and Jobs Act, where net operating losses generated after December 31, 2017 do not expire. The U.S. state net operating loss carryforwards, if not utilized, will begin to expire on various dates beginning in 2032. The foreign net operating loss carryforwards, if not utilized, will begin to expire on various dates beginning in 2027. In addition, the Company has research tax credit carryforwards of approximately $4.2 million for federal purposes. The U.S. Federal Research & Experimentation (R&E) credit, if not utilized, will begin to expire in 2042. The Company also has research tax credit carryforwards of approximately $1.4 million for U.S. state purposes, which if not utilized, will begin to expire in 2030. Pursuant to the U.S. Internal Revenue Code, the Net Operating Loss and R&E credit could be subject to limitation should the Company experience an owner shift of greater than 50 percent over a 3 year period; however at this time, the effect of this limitation is immaterial.
Uncertain Tax Positions
At January 31, 2023, the Company’s U.S. federal 2018 through 2021 tax years were open and subject to potential examination in one or more jurisdictions. In addition, in the United States, any net operating losses or credits that were generated in prior years but not yet fully utilized in a year that is closed under the statute of limitations may also be subject to examination. The Company is currently under examination in the Netherlands for tax years 2015 and 2016. The Company is currently unable to estimate the financial outcome of this examination due to its preliminary status. The Company regularly assesses the likelihood of adverse outcomes resulting from these examinations to determine the adequacy of its provision for income taxes. The Company continues to monitor the progress of ongoing discussions with tax authorities and the effect, if any, of the expected expiration of the statute of limitations in various taxing jurisdictions.
As of January 31, 2023, unrecognized tax benefits approximated $7.5 million, of which $0.5 million would affect the effective tax rate if recognized. As of January 31, 2022, unrecognized tax benefits approximated $5.6 million, of which $0.8 million would affect the effective tax rate if recognized. The Company anticipates an immaterial amount of unrecognized tax benefits to reverse in the next 12 months.
124
| January 31, | |||||||||||
| 2023 | 2022 | ||||||||||
| Beginning balance | $ | $ | |||||||||
| Gross increases and decreases due to tax positions taken in prior periods | |||||||||||
| Gross increases and decreases due to tax position taken in current period | |||||||||||
| Gross increases and decreases due to settlements with taxing authorities | |||||||||||
| Gross increases and decreases due to lapses in applicable statutes of limitations | ( | ||||||||||
| Ending balance | $ | $ | |||||||||
It is the Company’s policy to classify accrued interest and penalties related to unrecognized tax benefits in the provision for income taxes. For the years ended January 31, 2023, 2022 and 2021, the Company recognized interest and penalties of $0.2 million, $0.1 million and zero , respectively.
13. Net Loss per Share
The following table sets forth basic and diluted loss per share for each of the periods presented (in thousands, except per share data):
| Fiscal Year Ended January 31, | |||||||||||||||||
| 2023 | 2022 | 2021 | |||||||||||||||
| Numerator: | |||||||||||||||||
| Net loss attributable to GitLab | $ | ( | $ | ( | $ | ( | |||||||||||
| Denominator: | |||||||||||||||||
| Weighted-average shares used to compute net loss per share attributable to GitLab Class A and Class B common stockholders, basic and diluted | |||||||||||||||||
| Net loss per share attributable to GitLab Class A and Class B common stockholders, basic and diluted | $ | ( | $ | ( | $ | ( | |||||||||||
Since the Company was in a loss position for all periods presented, basic net loss per share is the same as diluted net loss per share for all periods as the inclusion of all potential common shares
125
outstanding would have been anti-dilutive. Potentially dilutive securities that were not included in the diluted per share calculations because they would be anti-dilutive were as follows (in thousands):
| As of | |||||||||||||||||
| January 31, 2023 | January 31, 2022 | January 31, 2021 | |||||||||||||||
| Shares subject to outstanding common stock options | |||||||||||||||||
| Unvested restricted stock in connection with business combination | |||||||||||||||||
| Unvested early exercised stock options | |||||||||||||||||
| Unvested RSUs and PSUs | |||||||||||||||||
| Shares subject to the 2021 ESPP | |||||||||||||||||
| Convertible preferred stock (on an if-converted basis) | |||||||||||||||||
| Warrants | |||||||||||||||||
Total | |||||||||||||||||
14. Commitments and Contingencies
Contractual Obligations and Commitments
The Company’s contractual commitments relate mainly to third-party non-cancelable hosting infrastructure agreements and subscription arrangements used in the ordinary course of business.
Future minimum payments under the Company’s non-cancelable purchase commitments as of January 31, 2023 were as follows (in thousands):
| Total | Less than 1 Year | 1-3 Years | |||||||||||||||
Purchase commitments (1) | $ | $ | $ | ||||||||||||||
(1) The table above includes $126 million of remaining non-cancelable contractual commitments as of January 31, 2023 related to one of the Company’s hosting infrastructure vendors, under which the Company committed to spend an aggregate of at least $171 million between October 2020 and September 2025.
Loss Contingencies
In accordance with ASC 450, Loss Contingencies, the Company accrues for contingencies when losses become probable and reasonably estimable. Accordingly, the Company has recorded an estimated liability related to certain labor matters regarding its use of contractors in certain foreign countries. As of January 31, 2023 and January 31, 2022, the estimated liability relating to these matters was $2.5 million and $2.6 million, respectively.
Warranties and Indemnifications
The Company enters into service level agreements with customers which warrant defined levels of uptime and support response times and permit those customers to receive credits for prepaid amounts in the event that those performance and response levels are not met. To date, the Company has not experienced any significant failures to meet defined levels of performance and response. In connection with the service level agreements, the Company has not incurred any significant costs and has not accrued any liabilities in the consolidated financial statements.
In the ordinary course of business, the Company enters into contractual arrangements under which the Company agrees to provide indemnification of varying scope and terms to business partners and
126
other parties with respect to certain matters, including, but not limited to, losses arising out of the breach of such agreements, intellectual property infringement claims made by third parties, and other liabilities relating to or arising from the Company’s platform or the Company’s acts or omissions. In these circumstances, payment may be conditional on the other party making a claim pursuant to the procedures specified in the particular contract. Further, the Company’s obligations under these agreements may be limited in terms of time and/or amount, and in some instances, the Company may have recourse against third parties for certain payments.
In addition, the Company has agreed to indemnify its directors and executive officers for costs associated with any fees, expenses, judgments, fines, and settlement amounts incurred by any of these persons in any action or proceeding to which any of those persons is, or is threatened to be, made a party by reason of the person’s service as a director or officer, including any action by the Company, arising out of that person’s services as the Company’s director or officer or that person’s services provided to any other company or enterprise at the Company’s request. The Company maintains director and officer insurance coverage that may enable the Company to recover a portion of any future amounts paid.
Legal Proceedings
The Company is, and from time to time, may become involved in legal proceedings or be subject to claims arising in the ordinary course of its business. The Company is not presently a party to any legal proceedings that in the opinion of management, if determined adversely to the Company, would individually or taken together have a material adverse effect on its business, financial condition or operating results.
15. Subsequent Events
Reduction in Force (“RIF”)
In the first quarter of fiscal year 2024, the Company announced a plan to reduce its global headcount by approximately 7 % of the total headcount, following a review of the Company’s business structure and after taking other cost-cutting measures to reduce expenses.
As a result of the above plan, the Company recognized total restructuring charges of approximately $9.0 million in the first quarter of fiscal year 2024, which consisted primarily of one-time severance and other termination benefit costs of $7.5 million, as well as accelerated stock-based compensation directly related to this reduction in force of $1.5 million.
127
ITEM 9. CHANGES IN AND DISAGREEMENTS WITH ACCOUNTANTS ON ACCOUNTING AND FINANCIAL DISCLOSURES
None.
ITEM 9A. CONTROLS AND PROCEDURES
Evaluation of Disclosure Controls and Procedures
Our Chief Executive Officer (“CEO”) and Chief Financial Officer (”CFO”) (“certifying officers”) have conducted an evaluation of the effectiveness of the design and operation of our disclosure controls and procedures (as defined in Rules 13a-15(e) and 15d-15(e) under the Securities Exchange Act of 1934, as amended (the Exchange Act)) as of January 31, 2023. Our certifying officers concluded that, as a result of the material weaknesses in internal control over financial reporting as described below, our disclosure controls and procedures were not effective as of January 31, 2023.
Management’s Report on Internal Control Over Financial Reporting
Management is responsible for establishing and maintaining adequate internal control over financial reporting (as defined in Rules 13a-15(f) and 15d-15(f) of the Exchange Act). The Company’s management, with participation of the CEO and CFO, under the oversight of our Board of Directors, evaluated the effectiveness of the Company’s internal control over financial reporting as of January 31, 2023 using the framework in Internal Control - Integrated Framework (2013), issued by the Committee of Sponsoring Organizations of the Treadway Commission. Based on that evaluation, management concluded that the Company’s internal control over financial reporting was not effective as of January 31, 2023 due to the material weaknesses in internal control over financial reporting, described below.
A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting such that there is a reasonable possibility that a material misstatement of our annual or interim financial statements will not be prevented or detected on a timely basis. As of January 31, 2023, management determined that material weaknesses exist due to a lack of policies and procedures related to the operation of control activities and inadequate communication of information to control owners and operators related to the objectives and responsibilities for internal control in a manner which supports the internal control environment at the Company. As a result, the following material weaknesses exist:
•We did not design and maintain effective controls over certain information technology (“IT”) general controls for information systems that are relevant to the preparation of our consolidated financial statements. In particular, we did not design and maintain effective (i) program change management controls to ensure that IT programs, data changes and migrations affecting financial IT applications and underlying records are identified, tested, authorized and implemented appropriately and (ii) user access controls to ensure appropriate segregation of duties, restricted user and privileged access to our financial applications, data and programs to the appropriate personnel. The ineffective design and operation of IT general controls resulted in the ineffective operation of automated controls and manual controls using reports and information from the impacted information systems used in financial reporting processes,
•We did not retain sufficient contemporaneous documentation to demonstrate the operation of controls over manual journal entries,
•We did not retain sufficient contemporaneous documentation to demonstrate the operation of review controls over stock-based compensation at a sufficient level of precision and such controls relied on reports and information adversely impacted by the IT general control deficiencies, and
•As previously reported, we did not design and maintain effective and timely review procedures over the accounting for and disclosure of non-routine transactions. This material weakness has not been remediated, as the new controls designed rely on reports and information adversely impacted by the IT general control deficiencies.
128
The aforementioned material weaknesses did not result in a material misstatement to our annual or interim financial statements, however, the deficiencies, when aggregated, could result in misstatements potentially impacting all financial statement accounts and disclosures that would not be prevented or detected. Therefore, we concluded that the deficiencies represent material weaknesses in the Company’s internal control over financial reporting and our internal control over financial reporting was not effective as of January 31, 2023.
Our independent registered public accounting firm, KPMG LLP, who audited the consolidated financial statements included in this Annual Report on Form 10-K, issued an adverse opinion on the effectiveness of the Company’s internal control over financial reporting. KPMG LLP’s report appears in Item 8 of this Annual Report on Form 10-K.
Remediation Plan for Material Weaknesses
During the year ended January 31, 2023, we commenced implementing of the following steps intended to remediate our material weaknesses:
•Strengthening IT governance and designing IT general controls including program change management, restricting user access to our internal systems used for financial reporting and enhancing the retention of contemporaneous documentation of reviews over IT general controls,
•Enhancing the review of manual journal entries, including outlining policies and procedures to strengthen retention of contemporaneous documentation and supervisory reviews by management,
•Enhancing the precision of controls around the review of equity transactions, including the review of underlying source data and outlining policies and procedures to strengthen the retention of contemporaneous documentation of control reviews,
•Enhancing the review process around non-standard contracts and expanding our internal disclosure review processes to provide greater representation across various functions to ensure timely identification and review of non-routine transactions, and
•Developing and deploying training programs regarding the operation and importance of internal controls.
We believe the actions described above, once fully implemented and tested, will be sufficient to remediate the identified material weaknesses and strengthen our internal controls. However, our efforts to remediate these material weaknesses may not be effective or prevent any future material weakness or significant deficiency in our internal control over financial reporting. These material weaknesses will not be considered remediated until the applicable remedial controls operate for a sufficient period of time and management has concluded, through testing, that these controls are operating effectively.
Changes in Internal Control over Financial Reporting
There were no changes to our internal control over financial reporting identified in connection with the evaluation required by rule 13a-15(d) and 15d-15(d) of the Exchange Act that occurred during the quarter ended January 31, 2023 that have materially affected, or are reasonably likely to materially affect, our internal control over financial reporting.
Limitations on Effectiveness of Controls and Procedures
Our disclosure controls and procedures and internal controls over financial reporting are designed to provide reasonable assurance of achieving their desired objectives. Management does not expect, however, that our disclosure controls and procedures or our internal controls over financial reporting will prevent or detect all errors and fraud. Any control system, no matter how well designed and operated, is based upon certain assumptions and can provide only reasonable, not absolute, assurance that its objectives will be met. Further, no evaluation of controls can provide absolute assurance that
129
misstatements due to error or fraud will not occur or that all control issues and instances of fraud, if any, within the company have been detected.
ITEM 9B. OTHER INFORMATION
None.
ITEM 9C. DISCLOSURES REGARDING FOREIGN JURISDICTIONS THAT PREVENT INSPECTIONS
Not applicable.
130
PART III
ITEM 10. DIRECTORS, EXECUTIVE OFFICERS AND CORPORATE GOVERNANCE
The information required by this item will be set forth in our definitive proxy statement to be filed with the Securities and Exchange Commission not later than 120 days after the end of our fiscal year ended January 31, 2023 in connection with our 2023 annual meeting of shareholders, or the Proxy Statement, and is incorporated herein by reference.
ITEM 11. EXECUTIVE COMPENSATION
The information required by this item will be set forth in the Proxy Statement and is incorporated herein by reference.
ITEM 12. SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNER AND MANAGEMENT AND RELATED STOCKHOLDER MATTERS
The information required by this item will be set forth in the Proxy Statement and is incorporated herein by reference.
ITEM 13. CERTAIN RELATIONSHIPS AND RELATED TRANSACTIONS, AND DIRECTOR INDEPENDENCE
The information required by this item will be set forth in the Proxy Statement and is incorporated herein by reference.
ITEM 14. PRINCIPAL ACCOUNTING FEES AND SERVICES
The information required by this item will be set forth in the Proxy Statement and is incorporated herein by reference.
131
PART IV
ITEM 15. EXHIBITS AND FINANCIAL STATEMENTS SCHEDULES
(1) All Financial Statements
See Index to Consolidated Financial Statements in Item 8 herein.
(2) Financial Statements Schedules
The following additional financial statement schedules should be considered in conjunction with our consolidated financial statements. All other financial statement schedules have been omitted because the required information is not present in amounts sufficient to require submission of the schedule, not applicable, or because the required information is included in the consolidated financial statements or notes thereto.
Schedule II: Valuation and Qualifying Accounts
The table below details the activity of the deferred tax valuation allowance for the fiscal years ended January 31, 2023, 2022, and 2021:
| Balance at Beginning of Year | Additions | Write-offs or Deductions | Balance at End of Year | ||||||||||||||||||||
| (in thousands) | |||||||||||||||||||||||
| Year ended January 31, 2023 | |||||||||||||||||||||||
| Deferred tax valuation allowance | $ | $ | $ | $ | |||||||||||||||||||
| Year ended January 31, 2022 | |||||||||||||||||||||||
| Deferred tax valuation allowance | $ | $ | $ | $ | |||||||||||||||||||
| Year ended January 31, 2021 | |||||||||||||||||||||||
| Deferred tax valuation allowance | $ | $ | $ | $ | |||||||||||||||||||
(3) Exhibits
| Incorporated by Reference | Filed or Furnished Herewith | |||||||||||||||||||||||||||||||||||||
| Exhibit Number | Description | Form | File Number | Exhibit | Filing Date | |||||||||||||||||||||||||||||||||
| 3.1 | 10-Q | 001-40895 | 3.2 | 12/7/2021 | ||||||||||||||||||||||||||||||||||
| 3.2 | 8-K | 001-40895 | 3.1 | 12/15/2022 | ||||||||||||||||||||||||||||||||||
| 4.1 | S-1/A | 333-259602 | 4.1 | 10/12/2021 | ||||||||||||||||||||||||||||||||||
| 4.2 | S-1/A | 333-259602 | 4.3 | 10/4/2021 | ||||||||||||||||||||||||||||||||||
| 4.3 | 10-K | 001-40895 | 4.4 | 4/8/2022 | ||||||||||||||||||||||||||||||||||
| 10.1† | S-1 | 333-259602 | 10.1 | 9/17/2021 | ||||||||||||||||||||||||||||||||||
| 10.2† | S-1 | 333-259602 | 10.2 | 9/17/2021 | ||||||||||||||||||||||||||||||||||
| 10.3† | S-1/A | 333.259602 | 10.3 | 10/4/2021 | ||||||||||||||||||||||||||||||||||
132
| 10.4† | 10-Q | 001-40895 | 10.4 | 6/7/2022 | ||||||||||||||||||||||||||||||||||
| 10.5† | S-1/A | 333-259602 | 10.5 | 10/4/2021 | ||||||||||||||||||||||||||||||||||
| 10.6†‡ | 10-Q | 001-40895 | 10.6 | 9/7/2022 | ||||||||||||||||||||||||||||||||||
| 10.7† | 10-Q | 001-40895 | 10.7 | 12/6/2022 | ||||||||||||||||||||||||||||||||||
| 21.1 | X | |||||||||||||||||||||||||||||||||||||
| 23.1 | X | |||||||||||||||||||||||||||||||||||||
| 31.1 | X | |||||||||||||||||||||||||||||||||||||
| 31.2 | X | |||||||||||||||||||||||||||||||||||||
| 32.1* | X | |||||||||||||||||||||||||||||||||||||
| 32.2* | X | |||||||||||||||||||||||||||||||||||||
| 101.INS | XBRL Instance Document - the instance document does not appear in the Interactive Data File because its XBRL tags are embedded within the Inline XBRL document. | X | ||||||||||||||||||||||||||||||||||||
| 101.SCH | Inline XBRL Taxonomy Extension Schema Document. | X | ||||||||||||||||||||||||||||||||||||
| 101.CAL | Inline XBRL Taxonomy Extension Calculation Linkbase Document. | X | ||||||||||||||||||||||||||||||||||||
| 101.DEF | Inline XBRL Taxonomy Extension Definition Linkbase Document. | X | ||||||||||||||||||||||||||||||||||||
| 101.LAB | Inline XBRL Taxonomy Extension Label Linkbase Document. | X | ||||||||||||||||||||||||||||||||||||
| 101.PRE | Inline XBRL Taxonomy Extension Presentation Linkbase Document. | X | ||||||||||||||||||||||||||||||||||||
| 104 | Cover Page Interactive Data File (formatted as inline XBRL with applicable taxonomy extension information contained in Exhibits 101). | X | ||||||||||||||||||||||||||||||||||||
† Indicates management contract or compensatory plan.
‡ Registrant has omitted schedules and exhibits pursuant to Item 601(a)(5) of Regulation S-K. The Registrant agrees to furnish supplementally a copy of the omitted schedules and exhibits to the SEC upon request.
* The certifications furnished in Exhibits 32.1 and 32.2 hereto are deemed to accompany this Annual Report on Form 10-K and are not deemed “filed” for purposes of Section 18 of the Exchange Act, or otherwise subject to the liability of that section, nor shall they be deemed incorporated by reference into any filing under the Securities Act or the Exchange Act, irrespective of any general incorporation language contained in such filing.
133
ITEM 16. FORM 10-K SUMMARY
None.
134
SIGNATURES
Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned thereunto duly authorized.
| GITLAB INC. | ||||||||
Date: March 30, 2023 | ||||||||
| By: | /s/ Sytse Sijbrandij | |||||||
| Name: Sytse Sijbrandij | ||||||||
| Title: Chief Executive Officer | ||||||||
Date: March 30, 2023 | ||||||||
| By: | /s/ Brian Robins | |||||||
| Name: Brian Robins | ||||||||
| Title: Chief Financial Officer | ||||||||
Date: March 30, 2023 | ||||||||
| By: | /s/ Dale Brown | |||||||
| Name: Dale Brown | ||||||||
| Title: Principal Accounting Officer | ||||||||
POWER OF ATTORNEY
KNOW ALL PERSONS BY THESE PRESENTS, that each person whose signature appears below constitutes and appoints Brian Robins and Robin Schulman, and each or any one of them, his or her true and lawful attorney-in-fact and agent, with full power of substitution and resubstitution, for him or her and in his or her name, place and stead, in any and all capacities, to sign any and all amendments to this report, and to file the same, with all exhibits thereto, and other documents in connection therewith, with the Securities and Exchange Commission, granting unto said attorneys-in-facts and agents, and each of them, full power and authority to do and perform each and every act and thing requisite and necessary to be done in connection therewith, as fully to all intents and purposes as he or she might or could do in person, hereby ratifying and confirming all that said attorneys-in-fact and agents, or any of them, or their or his or her substitute or substitutes, may lawfully do or cause to be done by virtue hereof.
Pursuant to the requirements of the Securities Exchange Act of 1934, as amended, this Report has been signed below by the following persons on behalf of the Registrant in the capacities and on the dates indicated.
| Name | Title | Date | ||||||
| /s/ Sytse Sijbrandij | Director and Chief Executive Officer | March 30, 2023 | ||||||
| Sytse Sijbrandij | (principal executive officer) | |||||||
| /s/ Brian Robins | Chief Financial Officer | March 30, 2023 | ||||||
| Brian Robins | (principal financial officer) | |||||||
| /s/ Dale Brown | Principal Accounting Officer | March 30, 2023 | ||||||
| Dale Brown | (principal accounting officer) | |||||||
| /s/ Sundeep Bedi | Director | March 30, 2023 | ||||||
| Sundeep Bedi | ||||||||
| /s/ Karen Blasing | Director | March 30, 2023 | ||||||
| Karen Blasing | ||||||||
| /s/ Sue Bostrom | Director | March 30, 2023 | ||||||
| Sue Bostrom | ||||||||
| /s/ Matthew Jacobson | Director | March 30, 2023 | ||||||
| Matthew Jacobson | ||||||||
135
| /s/ Mark Porter | Director | March 30, 2023 | ||||||
| Mark Porter | ||||||||
| /s/ Merline Saintil | Director | March 30, 2023 | ||||||
| Merline Saintil | ||||||||
| /s/ Godfrey Sullivan | Director | March 30, 2023 | ||||||
| Godfrey Sullivan | ||||||||
136
Exhibit 21.1
List of Subsidiaries of GitLab Inc.
(including place of incorporation)
GitLab Federal, LLC – (United States)
GitLab GK – (Japan)
GitLab Korea Limited – (South Korea)
GitLab B.V. – (Netherlands)
GitLab IT B.V. – (Netherlands)
GitLab UK Limited – (United Kingdom)
GitLab GmbH – (Germany)
GitLab PTY Ltd – (Australia)
GitLab Canada Corp. – (Canada)
GitLab France SAS – (France)
GitLab Ireland Limited – (Ireland)
GitLab Services Inc. – (United States)
GitLab Singapore Holding PTE Ltd – (Singapore)
GitLab Singapore PTE Ltd – (Singapore)
GitLab Information Technology (Hubei) Co., Ltd. – (China)
JiHu Innovation (Beijing) Information Technology Co., Ltd - (China)
JiHu GitLab Technology Limited - (Hong Kong)
JiHu Information Technology (Chongqing) Co., Ltd - (China)
JiHu Yuansheng (Beijing) Internet Technology Co., Ltd _ (China)
Opstrace LLC (USA)
Opstrace GmbH (Germany)
Exhibit 23.1
Consent of Independent Registered Public Accounting Firm
We consent to the incorporation by reference in the registration statements (File Nos. 333-260245, 333-261537 and 333-264224) on Form S-8 of our reports dated March 30, 2023, with respect to the consolidated financial statements of GitLab Inc. and subsidiaries and the effectiveness of internal control over financial reporting.
/s/ KPMG LLP
Pittsburgh, Pennsylvania
March 30, 2023
Exhibit 31.1
CERTIFICATION OF PRINCIPAL EXECUTIVE OFFICER PURSUANT TO
RULE 13a-14(a) OR 15d-14(a) OF THE SECURITIES EXCHANGE ACT OF 1934,
AS ADOPTED PURSUANT TO SECTION 302 OF THE SARBANES-OXLEY ACT OF 2002
I, Sytse Sijbrandij, certify that:
1.I have reviewed this Annual Report on Form 10-K of GitLab Inc.;
2.Based on my knowledge, this report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this report;
3.Based on my knowledge, the financial statements, and other financial information included in this report, fairly present in all material respects the financial condition, results of operations and cash flows of the registrant as of, and for, the periods presented in this report;
4.The registrant’s other certifying officer and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in Exchange Act Rules 13a-15(e) and 15d-15(e)) and internal control over financial reporting (as defined in Exchange Act Rules 13a-15(f) and 15d-15(f)) for the registrant and have:
a.designed such disclosure controls and procedures, or caused such disclosure controls and procedures to be designed under our supervision, to ensure that material information relating to the registrant, including its consolidated subsidiaries, is made known to us by others within those entities, particularly during the period in which this report is being prepared;
b.designed such internal control over financial reporting, or caused such internal control over financial reporting to be designed under our supervision, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles;
c.evaluated the effectiveness of the registrant’s disclosure controls and procedures and presented in this report our conclusions about the effectiveness of the disclosure controls and procedures, as of the end of the period covered by this report based on such evaluation; and
d.disclosed in this report any change in the registrant’s internal control over financial reporting that occurred during the registrant’s most recent fiscal quarter (the registrant’s fourth fiscal quarter in the case of an annual report) that has materially affected, or is reasonably likely to materially affect, the registrant’s internal control over financial reporting.
5.The registrant’s other certifying officer and I have disclosed, based on our most recent evaluation of internal control over financial reporting, to the registrant’s auditors and the audit committee of the registrant’s board of directors (or persons performing the equivalent functions):
a.all significant deficiencies and material weaknesses in the design or operation of internal control over financial reporting, which are reasonably likely to adversely affect the registrant’s ability to record, process, summarize and report financial information; and
b.any fraud, whether or not material, that involves management or other employees who have a significant role in the registrant’s internal control over financial reporting.
Date: March 30, 2023
| By: | /s/ Sytse Sijbrandij | |||||||
| Sytse Sijbrandij | ||||||||
| Chief Executive Officer | ||||||||
| (Principal Executive Officer) | ||||||||
Exhibit 31.2
CERTIFICATION OF PRINCIPAL FINANCIAL OFFICER PURSUANT TO
RULE 13a-14(a) OR 15d-14(a) OF THE SECURITIES EXCHANGE ACT OF 1934,
AS ADOPTED PURSUANT TO SECTION 302 OF THE SARBANES-OXLEY ACT OF 2002
I, Brian Robins, certify that:
1.I have reviewed this Annual Report on Form 10-K of GitLab Inc.;
2.Based on my knowledge, this report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this report;
3.Based on my knowledge, the financial statements, and other financial information included in this report, fairly present in all material respects the financial condition, results of operations and cash flows of the registrant as of, and for, the periods presented in this report;
4.The registrant’s other certifying officer and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in Exchange Act Rules 13a-15(e) and 15d-15(e)) and internal control over financial reporting (as defined in Exchange Act Rules 13a-15(f) and 15d-15(f)) for the registrant and have:
1.designed such disclosure controls and procedures, or caused such disclosure controls and procedures to be designed under our supervision, to ensure that material information relating to the registrant, including its consolidated subsidiaries, is made known to us by others within those entities, particularly during the period in which this report is being prepared;
2.designed such internal control over financial reporting, or caused such internal control over financial reporting to be designed under our supervision, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles;
3.evaluated the effectiveness of the registrant’s disclosure controls and procedures and presented in this report our conclusions about the effectiveness of the disclosure controls and procedures, as of the end of the period covered by this report based on such evaluation; and
4.disclosed in this report any change in the registrant’s internal control over financial reporting that occurred during the registrant’s most recent fiscal quarter (the registrant’s fourth fiscal quarter in the case of an annual report) that has materially affected, or is reasonably likely to materially affect, the registrant’s internal control over financial reporting.
5.The registrant’s other certifying officer and I have disclosed, based on our most recent evaluation of internal control over financial reporting, to the registrant’s auditors and the audit committee of the registrant’s board of directors (or persons performing the equivalent functions):
a.all significant deficiencies and material weaknesses in the design or operation of internal control over financial reporting, which are reasonably likely to adversely affect the registrant’s ability to record, process, summarize and report financial information; and
b.any fraud, whether or not material, that involves management or other employees who have a significant role in the registrant’s internal control over financial reporting.
Date: March 30, 2023
| By: | /s/ Brian Robins | |||||||
| Brian Robins | ||||||||
| Chief Financial Officer | ||||||||
| (Principal Financial Officer) | ||||||||
Exhibit 32.1
CERTIFICATION OF PRINCIPAL EXECUTIVE OFFICER PURSUANT TO
18 U.S.C. SECTION 1350, AS ADOPTED PURSUANT TO
SECTION 906 OF THE SARBANES-OXLEY ACT OF 2002
I, Sytse Sijbrandij, Chief Executive Officer of GitLab Inc. (the “Company”), do hereby certify, pursuant to 18 U.S.C. Section 1350, as adopted pursuant to Section 906 of the Sarbanes-Oxley Act of 2002, that to the best of my knowledge:
1.the Annual Report on Form 10-K of the Company for the year ended January 31, 2023 (the “Report”) fully complies with the requirements of Section 13(a) or 15(d) of the Securities Exchange Act of 1934, as amended; and
2.the information contained in the Report fairly presents, in all material respects, the financial condition, and results of operations of the Company.
Date: March 30, 2023
| By: | /s/ Sytse Sijbrandij | |||||||
| Sytse Sijbrandij | ||||||||
| Chief Executive Officer | ||||||||
| (Principal Executive Officer) | ||||||||
Exhibit 32.2
CERTIFICATION OF PRINCIPAL FINANCIAL OFFICER PURSUANT TO
18 U.S.C. SECTION 1350, AS ADOPTED PURSUANT TO
SECTION 906 OF THE SARBANES-OXLEY ACT OF 2002
I, Brian Robins, Chief Financial Officer of GitLab Inc. (the “Company”), do hereby certify, pursuant to 18 U.S.C. Section 1350, as adopted pursuant to Section 906 of the Sarbanes-Oxley Act of 2002, that to the best of my knowledge:
1.the Annual Report on Form 10-K of the Company for the year ended January 31, 2023 (the “Report”) fully complies with the requirements of Section 13(a) or 15(d) of the Securities Exchange Act of 1934, as amended; and
2.the information contained in the Report fairly presents, in all material respects, the financial condition, and results of operations of the Company.
Date: March 30, 2023
| By: | /s/ Brian Robins | |||||||
| Brian Robins | ||||||||
| Chief Financial Officer | ||||||||
| (Principal Financial Officer) | ||||||||