Item 1A. Risk Factors.

Risks Relating to Our Business

Markets, Competition, and Operations

Our business is impacted by changes in macroeconomic and global conditions.

Because we conduct our business internationally, changes in global, national, or regional economies, governmental policies (including in areas such as trade, travel, immigration, healthcare, and related issues), political unrest, armed conflicts, natural disasters, or disease outbreaks may impact our business. Any general weakening of, and related declining corporate confidence in, the global economy or the curtailment in corporate spending could cause current or potential customers to reduce or eliminate their information technology budgets and spending, which could cause customers to delay, decrease or cancel purchases of our products and services; cause customers not to pay us; or to delay payment for previously purchased products and services. Any general weakening 13 of, and related declining corporate confidence in, the global economy or the curtailment in corporate spending could cause current or potential customers to reduce or eliminate their information technology budgets and spending, which could cause customers to delay, decrease or cancel purchases of our products and services; cause customers not to pay us; or to delay payment for previously purchased products and services.

Our business is negatively impacted by decreases in travel and leisure activities resulting from weak economic conditions, increases in energy prices and changes in currency values, political instability, heightened travel security measures, travel advisories, disruptions in air travel, and concerns over disease, violence, war, or terrorism. Our business, markets, growth prospects and business model could be materially impacted or altered as a result of adverse changes in travel and leisure activities due to a pandemic or other wide-ranging and sustained events.

---

Similarly, increases in energy prices can result in higher ingredient and food costs for our customers with restaurant operations, which may adversely affect demand for our customers’ restaurant businesses, and in turn, our business, financial results and liquidity.

Our future success will depend on our ability to develop new solutions, product upgrades and services that achieve market acceptance.

Our business is characterized by rapid and continual changes in technology and evolving industry standards. We believe that in order to remain competitive in the future we need to continue to develop new products, product upgrades and services, requiring the investment of significant financial resources. If we fail to accurately anticipate our customer’s needs and technological trends, or are otherwise unable to complete the development of a product or product upgrade on a timely basis, we will be unable to introduce new products or product upgrades into the market that are demanded by our customers and prospective customers on a timely basis, if at all, and our business and operating results would be materially and adversely affected.

The development process for most new products and product upgrades is complicated, involves a significant commitment of time and resources and is subject to a number of risks and challenges including:

Our product development activities are costly and recovering our investment in product development may take a significant amount of time, if it occurs at all. We anticipate continuing to make significant investments in software research and development and related product opportunities because we believe it is necessary to compete successfully.

Our product development activities also could be impacted by competition from products with new features or leveraging new technologies, such as artificial intelligence (AI), that render our existing products less competitive or obsolete. We may not respond effectively to the technological requirements of the changing market. If we need new technologies or if we are not able to develop new products or product upgrades acceptable to customers to remain competitive, the development, acquisition, and implementation of those new products, product upgrades or technologies may require us to make significant capital investments.

If we are not successful in managing these risks and challenges, or if our new products, product upgrades, and services are not technologically competitive or do not achieve market acceptance, our business and operating results could be adversely affected.

We face extensive competition in the markets in which we operate, and our failure to compete effectively could result in price reductions and/or decreased demand for our products and services.

Several companies offer products and services similar to ours. The rapid rate of technological change in the hospitality market makes it likely we will face competition from new products designed by companies not currently competing with us. We believe our competitive ability depends on our product offerings, our experience in the hospitality industry, our product development and systems integration capability, and our customer service organization. We believe our 14 competitive ability depends on our product offerings, our experience in the hospitality industry, our product development and systems integration capability, and our customer service organization. There is no assurance, however, that we will be able to compete effectively in the hospitality technology market in the future.

We compete for customers based on several factors, including price. The competitive markets in which we operate may oblige us to reduce our prices in order to contend with the pricing models of our competitors. If our competitors discount certain products or services, we may have to lower prices on certain products or services in order to attract or retain customers. Any such price modifications would likely reduce margins and could have adverse effects. In addition, if we fail to reduce our prices in order to contend with the pricing models of our competitors, we may not be able to retain customers or grow our business, which could adversely affect our revenues and liquidity.

Our future success depends on our ability to execute on strategic initiatives, to properly manage investments in our business, and to enhance our existing operations and infrastructure.

Our long-term strategy is focused on continually investing in and growing our business and operations, both organically and through acquisitions.

Investments in new markets, solutions, and technologies, research and development, infrastructure and systems, geographic expansion, and talent are critical components for realizing our strategy. In particular, we believe we must continue to dedicate a significant

---

amount of resources to our research and development efforts to maintain our competitive position. Our investments in research and development may result in products or services that generate less revenue than we anticipate.

Such investments present challenges and risks and may not be successful financially or otherwise, especially in new areas in which we have little or no experience, and even if successful, may negatively impact our short-term profitability. To succeed in such efforts, we must be able to properly deploy financial and other resources, prioritize among opportunities, balance the extent and timing of investments with the associated impact on profitability, balance our focus between new areas and the servicing of our existing customers, capture efficiencies and economies of scale, and compete in the new areas, or with the new solutions, in which we have invested. To be successful in such efforts, we must be able to properly allocate limited investment funds and other resources, prioritize among opportunities, balance the extent and timing of investments with the associated impact on profitability, balance our focus between new areas and the servicing of our existing customers, capture efficiencies and economies of scale, and compete in the new areas, or with the new solutions, in which we have invested.

Our success also depends on our ability to effectively and efficiently enhance our existing operations. Our existing infrastructure, systems, security, processes, and personnel may not be adequate for our current or future needs. System upgrades or new implementations can be complex, time-consuming, and expensive and we cannot assure you that we will not experience problems during or following such implementations, including among others, potential disruptions in our operations or financial reporting.

If we are unable to properly execute on growth initiatives, manage our investments, and enhance our existing operations and infrastructure, our results of operations and market share may be materially adversely affected.

Our dependence on certain suppliers makes us vulnerable to the extent we rely on them.

We rely on a concentrated number of suppliers for the majority of our hardware and for certain software and related services needs. We do not have long term agreements with many of these suppliers. If we can no longer obtain these hardware, software or services needs from our major suppliers due to mergers, acquisitions or consolidation within the marketplace, material changes in their partner programs, their refusal to continue to supply to us on reasonable terms or at all, and we cannot find suitable replacement suppliers, it may have a material adverse impact on our future operating results and gross margins.

If we cannot retain and recruit qualified personnel due to rising labor costs or other reasons, our ability to operate and grow our business may be impaired and our financial performance may suffer.

We depend on the services of our management and employees to continuously run and grow our business. To grow successfully, we must retain existing employees and attract new qualified employees, particularly in growth areas we have identified. To grow successfully, we must retain existing employees and attract new qualified employees, including in growth areas we may enter. Employee retention is an industry challenge especially given the competitive labor market for software developers. As we grow, we must also enhance and expand our workforce to execute on new and larger opportunities. The market for qualified personnel is competitive in the geographies in which we operate and may be limited in the software development disciplines we seek to expand. The market for qualified personnel is competitive in the geographies in which we operate and may be limited especially in technology areas. We may be at a disadvantage to larger companies with greater brand recognition or financial resources or to start-ups or other emerging companies in trending market sectors. If we are unable to attract and retain qualified personnel when and where they are needed, our ability to operate and grow our business could be impaired. Moreover, if we are not able to properly balance our investments in personnel with revenue growth, our profitability may be adversely affected.

Our international operations have many associated risks.

We continue to strategically manage our presence in international markets, and these efforts require significant management attention and financial resources. We may not be able to successfully penetrate international markets, or, if we do, there can be no assurance that we will grow our business in these markets at the same rate as in North America. Because of these inherent complexities and challenges, lack of success in international markets could adversely affect our business, results of operations, cash flow, and financial condition.

We have international offices in Canada, the United Kingdom, Dubai, China, Hong Kong, Malaysia, the Philippines, Singapore, and India. We have committed resources to maintaining and further expanding, where appropriate, our sales offices and sales and support channels in key international markets. However, our efforts may not be successful. International sales are subject to many risks and difficulties, including those arising from the following: building and maintaining a competitive presence in new markets; staffing and managing foreign operations; complying with a variety of foreign laws, rules and regulations; producing localized versions of our products; developing integrations between our products and other locally-used products; import and export restrictions and tariffs, enforcing contracts and collecting accounts receivable; unexpected changes in regulatory requirements; reduced protection for intellectual property rights in some countries; potential adverse tax treatment; language and cultural barriers; foreign currency fluctuations; inflation and any regulatory actions to counter inflation; and political and economic instability abroad. International sales are subject to many risks and difficulties, including those arising from the following: building and maintaining a competitive presence in new markets; staffing and managing foreign operations; complying with a variety of foreign laws; producing localized versions of our products; developing integrations between our products and other locally-used products; import and export restrictions and tariffs, enforcing contracts and collecting accounts receivable; unexpected changes in regulatory requirements; reduced protection for intellectual property rights in some countries; potential adverse tax treatment; language and cultural barriers; foreign currency fluctuations; inflation and any regulatory actions to counter inflation; and political and economic instability abroad.

Natural disasters or other catastrophic events affecting our principal facilities could cripple our business.

---

Natural disasters or other catastrophic events, particularly those affecting employees in our Alpharetta headquarters or India research and development center, may cause damage or disruption to our operations, and thus could have a negative effect on us. Most of our administrative functions are concentrated in our Alpharetta headquarters and most of our software development activity is concentrated in our India research and development center. While we maintain crisis management and disaster response plans, a natural disaster, fire, power shortage, pandemic, act of terrorism or other catastrophic event occurring in either geographic location that prevents or substantially impairs our employees’ ability to work, either in the office or from home, could make it difficult or impossible for us to deliver our products and services to customers.

Regulatory Matters, Information Security, Data Privacy, and Product Stability

Our products and services may not function properly if we experience significant coding or configuration errors.

Despite testing prior to the release and throughout the lifecycle of a product or service, our on-premise and cloud-based solutions sometimes contain coding or configuration errors that can impact their function, performance and security, and result in other negative consequences. The detection and correction of any errors in released on-premise or cloud-based solutions can be time consuming and costly. Errors in our on-premise and cloud-based solutions could affect their ability to properly function, integrate or operate with other software or hardware offerings, could result in service interruptions, delays or outages, could create security vulnerabilities in our products or services, could delay the development or release of new products or services or new versions of products or services, and could adversely affect market acceptance of our products or services. This includes third-party software products or services incorporated into our own. If we experience any of these errors, or if there are delays in releasing our on-premise or cloud-based solutions or new versions of these offerings, our sales could be affected and revenues could decline. Customers rely on our on-premise and cloud-based solutions and related services to run their businesses, and errors in our solutions and related services could expose us to product liability, performance and warranty claims as well as significant harm to our brand and reputation, which could impact our future sales.

Implementation of software solutions often involves a significant commitment of resources, and any failure to deliver as promised on a significant implementation could adversely affect our business.

The implementation of software solutions often involves a significant commitment of resources and is subject to a number of significant risks over which we may or may not have control. These risks include:

As a result of these and other risks, some of our customers may incur large, unplanned costs in connection with the purchase and installation of our solutions. Also, implementation projects could take longer than planned or fail. We may not be able to reduce or eliminate protracted installation or significant additional costs. Significant delays or unsuccessful customer implementation projects could result in cancellation or renegotiation of existing agreements, claims from customers, harm our reputation and negatively impact our operating results.

We use open-source software in our solutions that may subject our solutions to general release or require us to re-engineer our solutions.

We use open-source software in our solutions and may use more open-source software in the future. From time to time, there have been claims by companies claiming ownership of software that was previously thought to be open-source and that was incorporated by other companies into their products. As a result, we could be subject to suits by parties claiming ownership of what we believe to be open-source software.

Some open-source licenses contain requirements that we make available source code for modifications or derivative works we create based upon the open-source software and that we license these modifications or derivative works under the terms of a particular open-source license or other license granting third parties certain rights of further use. If we combine or, in some cases, link our proprietary software solutions with or to open-source software in a certain manner, we could, under certain of the open-source licenses, be required to release the source code of our proprietary software solutions or license such proprietary solutions under the terms of a particular open-source license or other license granting third parties certain rights of further use.

---

In addition to risks related to license requirements, usage of open-source software can lead to greater risks than use of third-party commercial software, as open-source licensors generally do not provide warranties or controls on origin of the software. In addition, open-source license terms may be ambiguous and many of the risks associated with usage of open-source cannot be eliminated, and could, if not properly addressed, negatively affect our business. If we were found to have inappropriately used open-source software, we may be required to seek licenses from third parties in order to continue offering our software, to re-engineer our solutions, to discontinue the sale of our solutions in the event re-engineering cannot be accomplished on a timely basis or take other remedial action that may divert resources away from our development efforts, any of which could adversely affect our business, operating results and financial condition.

We are subject to complex, evolving regulatory requirements that may be difficult and expensive to comply with and that could negatively impact us or our business.

Our business and operations are subject to a variety of regulatory requirements in the countries in which we operate or in which we offer our solutions, including, among other things, with respect to data privacy, artificial intelligence (“AI”), information security, trade compliance, tax, and labor matters.

In addition, as we are increasingly building and licensing from third party providers new and evolving technologies, such as AI, machine learning, analytics, and biometrics, as part of our offerings, our business and operations may become subject to additional complex and evolving regulatory requirements pertaining to the sale or use of these technologies. The evolving regulatory environment surrounding these new technologies may also increase our research and development costs, compliance costs, and confidentiality and security risks, and result in inconsistencies in evolving legal frameworks across jurisdictions. The sale of these technologies, or their use by us or by our customers or partners, may also subject us to additional risks, including reputational harm, competitive harm or legal liabilities, due to their perceived or actual impact on human rights, privacy, employment, or in other social or discriminatory contexts. Third-parties may criticize us or seek to hold us responsible not only for our own activities in this regard but also for the activities of our customers or partners.

We anticipate that we will become subject to an increasing amount of regulation and disclosure requirements related to environmental, social and governance (“ESG”) matters. In addition, stakeholders, including investors, customers, suppliers and employees, may pressure us to make commitments on these matters that may be difficult to manage or achieve. If we fail to make or meet such commitments, we may be subject to criticism, reputational harm or legal liability.

The application of these laws and regulations to our business is often unclear and may at times conflict. Compliance with applicable regulatory requirements may be onerous, time-consuming, and expensive, especially where these requirements are inconsistent from jurisdiction to jurisdiction or where the jurisdictional reach of certain requirements is not clearly defined or seeks to reach across national borders. Regulatory requirements in one jurisdiction may make it difficult or impossible to do business in or comply with the rules of another jurisdiction.

While we endeavor to implement policies, procedures, and systems designed to achieve compliance with these regulatory requirements, we cannot assure you that these policies, procedures, or systems will be adequate or that we or our personnel will not violate these policies and procedures or applicable laws and regulations. Violations of these laws or regulations may harm our reputation and deter government agencies and other existing or potential customers or partners from purchasing our solutions. Furthermore, non-compliance with applicable laws or regulations could result in fines, damages, criminal sanctions against us, our officers, or our employees, restrictions on the conduct of our business, and damage to our reputation.

Cyber-attacks involving our systems and data could expose us to liability or harm our reputation and have a material adverse effect on our business.

We rely on information technology networks and systems, some of which are owned and operated by third parties, to collect, process, transmit, and store electronic information on behalf of our customers. We also depend on our information technology infrastructure for a variety of functions, including worldwide financial reporting, procurement, invoicing, and email communications. These systems are susceptible to outages due to fire, floods, power loss, telecommunications failures, hacking, terrorist attacks, and similar events.

We have implemented security measures and controls intended to protect our IT infrastructure, data centers and other systems and data against cyber-attacks. Despite our implementation of security measures and controls, our systems and those of third parties upon whom we rely are vulnerable to attack from numerous threat actors, including sophisticated nation-state and nation-state-supported actors. Threat actors have and may in the future be able to compromise our security measures or otherwise exploit vulnerabilities in our systems, including vulnerabilities that may have been introduced through the actions of our employees or contractors or defects in the design or manufacture of our products and systems or the products and systems that we procure from third parties. Our systems, and those of our third-party providers, have and could in the future become subject to cyber-attacks, including using computer viruses,

---

credential harvesting, dedicated denial of services attacks, malware, social engineering, and other means for obtaining unauthorized access to, or disrupting the operation of, our systems and those of our third-party providers.

In addition, threat actors are also increasingly using tools and techniques that circumvent controls, evade detection, and remove forensic evidence, which means that we and others may be unable to anticipate, detect, deflect, contain or recover from cyberattacks in a timely or effective manner. As AI capabilities improve and are increasingly adopted, we may see cyberattacks created through AI. These attacks could be crafted with an AI tool to directly attack IT systems with increased speed and/or efficiency than a human threat actor or create more effective phishing emails. Our network and storage applications, as well as those of our customers, business partners, and third-party providers, may be subject to unauthorized access by hackers or breached due to operator error, malfeasance or other system disruptions.

The number and scale of cyberattacks have continued to increase and the methods and techniques used by threat actors, including sophisticated “supply-chain” attacks, continue to evolve at a rapid pace. As a result, we may be unable to identify current attacks, anticipate future attacks or implement adequate security measures. We may also experience security breaches that may remain undetected for an extended period and, therefore, have a greater impact on our systems, our products, the proprietary data contained therein, our customers and ultimately, our business.

For example, we use Progress Software’s MOVEit Transfer application to enable file transfers with some of our customers. On May 31, 2023, Progress Software disclosed that it had identified a previously unknown vulnerability in its MOVEit Transfer application. We immediately followed the recommendations from Progress Software to address the vulnerabilities in the MOVEit Transfer application. However, we identified unauthorized file downloads from our MOVEit Transfer application impacting about 130 customers who used our InfoGenesis POS, Eatec and Agilysys Analyze products. All impacted customers were notified in June 2023, and the incident has not had a material adverse effect on our business, financial condition, or results of operation.

Cyberattacks on our systems and “supply-chain” attacks on systems of third parties upon whom we rely, and any related operational disruptions, unauthorized access, or misappropriation of information (including personally identifiable information or personal data), could create costly litigation, significant financial liability, and a loss of confidence in our ability to serve customers and cause current or potential customers to choose another provider, all of which could have a material adverse effect on our business, financial condition, reputation, and results of operations.

Privacy, information security, and data protection laws, rules, and regulations could affect or limit how we collect and use personal information, increase our costs, and adversely affect our business opportunities. A failure to comply with applicable privacy or data protection laws could harm our reputation and have a material adverse effect on our business.

We collect, process, transmit, and/or store (on our systems and those of third-party providers) customer transactional data, as well as their and our customers’ and employees’ personally identifiable information and/or other data and information. Personally identifiable information is increasingly subject to legislation and regulations in numerous jurisdictions with regard to privacy and data security such as the California Consumer Privacy Act and the European Union’s General Data Protection Regulation. Moreover, what constitutes personally identifiable information and what other data and/or information is subject to the privacy laws varies by jurisdiction and continues to evolve, and the laws that do reference data privacy continue to be interpreted by the courts and their applicability and reach are therefore uncertain. Our failure and/or the failure of our customers, vendors, and service providers to comply with applicable privacy and data protection laws and regulations could damage our reputation, discourage current and/or potential customers from using our products and services, and result in fines, governmental investigations and/or enforcement actions, complaints by private individuals, and/or the payment of penalties to consumers.

In addition, many U.S. and foreign laws and regulations, including those promulgated by the SEC, require companies to provide notice of cybersecurity incidents involving certain types of personal data or unauthorized access to, or interference with, our information systems to the public, certain individuals, the media, government authorities, or other third parties. Certain of these laws and regulations include notice or disclosure obligations contingent upon the result of complex analyses, including in some cases a determination of materiality. The nature of cybersecurity incidents can make it difficult to quickly and comprehensively assess an incident's overall impact to our business, and we may make errors in our assessments. If we are unable to appropriately assess a cybersecurity incident in the context of required analyses then we could face compliance issues under these laws and regulations, and we could be subject to lawsuits, regulatory fines or investigations, or other liabilities, any or all of which could adversely affect our business and operating results. Furthermore, cybersecurity incidents experienced by us, or by our customers or vendors, that lead to public disclosures may also lead to widespread negative publicity and increased government or regulatory scrutiny. Any security compromise in our industry, whether actual or perceived, could harm our reputation; erode customer confidence in our security measures; negatively affect our ability to attract new customers; or subject us to third-party lawsuits, regulatory fines or investigations, or other liability, any or all of which could adversely affect our business and operating results. Even the perception of inadequate security may damage our reputation and negatively impact our ability to win new customers and retain existing customers.

---

Additionally, we could be required to expend significant capital and other resources to investigate and address any actual or suspected cybersecurity incident or to prevent further or additional incidents. To maintain business relationships, we may find it necessary or desirable to incur costs to provide remediation and incentives to customers or other business partners following an actual or suspected security incident. We also cannot be sure that our existing cybersecurity insurance will continue to be available on acceptable terms, in sufficient amounts to cover any claims we submit, or at all. Further, we cannot be sure that insurers will not deny coverage as to any claim, and some security incidents may be outside the scope of our coverage, including in instances where they are considered force majeure events. Security incidents may result in increased costs for cybersecurity insurance. One or more large, successful claims against us in excess of our available insurance coverage, or changes in our insurance policies, including premium increases or large deductible or co-insurance requirements, could have an adverse effect on our business, operating results, and financial condition. A successful assertion of one or more large claims against us that exceeds our available insurance coverage or changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could adversely affect our profitability.

Actual or perceived security vulnerabilities in our software solutions may result in reduced sales or liabilities.

We have implemented policies and procedures, and use information technology systems, to help ensure the proper handling of our customers and their customers data from both a data privacy and an information security perspective. We also evaluate the information security of potential partners and vendors as part of our selection process and attempt to negotiate adequate protections from such third parties when we enter into contracts with them. Our customer contracts also obligate our customers to undertake steps necessary for satisfying individual rights under laws and regulations. While these policies, procedures, systems, contractual provisions, and measures are designed to mitigate the risks associated with handling or processing personal data, including categories of personal data which may be classed as sensitive data, they cannot always safeguard against all risks, nor can we control the actions of third parties, including vendors, customers and partners. In addition, it may be possible for customer and guest data to be compromised from customers’ information technology systems if our customer does not maintain appropriate data privacy and information security procedures.

The improper handling of personal data including sensitive data, or even the perception of such mishandling (whether or not valid), or other security lapses or breaches affecting us, our partners, our customers, or our products or services, could reduce demand for our products or services or otherwise expose us to financial or reputational harm or legal liability.

For certain products and services, including our cloud hosting operations, we rely on third-party providers, which may create significant risk exposure for us.

We maintain relationships with third parties to provide certain services to us or to our customers, including cloud hosting and other cloud-based services. We make contractual obligations to customers based on these relationships and, in some cases, also entrust these providers with both our own sensitive data as well as the sensitive data of our customers (that may include sensitive guest data). If these third-party providers do not perform as expected or encounter service disruptions, cyber-attacks, data breaches, or other difficulties, we or our customers may be materially and adversely affected, including, among other things, by facing increased costs, potential liability to customers, guests, or other third parties, regulatory issues, and reputational harm. If it is necessary to migrate these services to other providers because of poor performance, security considerations, or other financial or operational factors, it could result in service disruptions to our customers and significant time, expense, or exposure to us, any of which could materially adversely impact our business.

We also purchase hardware and technology, in some cases, by or from companies that may compete with us or work with our competitors. While we endeavor to use larger, more established providers wherever possible, in some cases, these providers may be smaller, less established companies, particularly in the case of new or unique technologies that we have not developed internally, or in an effort to benefit our margins.

If any of these providers experience financial, operational, or quality assurance difficulties, or if any cease production, or there is any other disruption in the services we or our customers receive, including as a result of the acquisition of a supplier or partner by a competitor, macroeconomic issues, or otherwise, we will be required to locate and migrate to alternative sources or providers, to internally develop the applicable technologies, to redesign our products, or to remove certain features from our products or to reduce our service levels, any of which would likely increase our expenses, create delays, or negatively impact our revenues. Although we strive to establish contractual protections with key providers, such as source code escrows, warranties, and indemnities, we may not be successful in obtaining adequate protections, these agreements may be short-term in duration, and the counterparties may be unwilling or unable to stand behind such protections. Moreover, these types of contractual protections offer limited practical benefits to us in the event our relationship with a key provider is interrupted.

We may not be able to enforce or protect our intellectual property rights.

---

We rely on a combination of copyright, patent, trademark and trade secret laws and restrictions on disclosure to protect our intellectual property rights. We cannot be certain that the steps we have taken will prevent unauthorized use of our technology. Any failure to protect our intellectual property rights would diminish or eliminate the competitive advantages that we derive from our proprietary technology.

We may be subject to claims of infringement of third-party intellectual property rights.

Third parties may assert claims that our software or technology infringe, misappropriate, or otherwise violate their intellectual property or other proprietary rights. Such claims may be made by our competitors seeking to obtain a competitive advantage or by other parties. The risk of claims may increase as the number of software products that we offer and competitors in our market increase and overlaps occur. Any such claims, regardless of merit, that result in litigation could result in substantial expenses, divert the attention of management, cause significant delays in introducing new or enhanced services or technology, materially disrupt the conduct of our business, and have a material adverse effect on our business, financial condition, and results of operations.

While we do not believe that our products and services infringe any patents or other intellectual property rights, from time to time, we receive claims that we have infringed the intellectual property rights of others. For example, on April 6, 2012, Ameranth, Inc. filed a complaint against us in the U.S. District Court for the Southern District of California, alleging that certain of our products infringe patents owned by Ameranth directed to configuring and transmitting hospitality menus (e.g., restaurant menus) for display on electronic devices, and synchronizing the menu content between the devices. Although judgement was entered for us and against Ameranth on all claims in that suit in 2022, the litigation resulted in substantial expenses, even though it did not have a material adverse effect on our business, financial condition, and results of operations.

If we fail to meet our customers’ performance expectations, our reputation may be harmed, and we may be exposed to legal liability.

Our ability to attract and retain customers depends to a large extent on our relationships with our customers and our reputation for high quality services and solutions. As a result, if a customer is not satisfied with our products and services, our reputation may be damaged. Moreover, if we fail to meet our customers’ performance expectations or if customers experience service disruptions, breaches or other quality issues, we may lose customers and be subject to legal liability, particularly if such failure, service disruptions or breaches adversely impact our customers’ businesses.

In addition, many of our projects are critical to the operations of our customers’ businesses. While our contracts typically include provisions designed to limit our exposure to legal claims relating to our products and services, these provisions may not adequately protect us or may not be enforceable in all cases. The general liability insurance coverage that we maintain, including coverage for errors and omissions, is subject to important exclusions and limitations. We cannot be certain that this coverage will continue to be available on reasonable terms or will be available in sufficient amounts to cover one or more large claims, or that the insurer will not disclaim coverage as to any future claim. A successful assertion of one or more large claims against us that exceeds our available insurance coverage or changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could adversely affect our profitability.

Risks Relating to the Industries We Serve

Our business depends to a significant degree on the hospitality industry and instability and downturns in the hospitality industry could adversely affect our business and results of operations.

Because our customer base is concentrated in the hospitality industry, our business and sales are largely dependent on the health of that industry, which in turn is dependent on the domestic and international economy. Instabilities or downturns in the hospitality industry, such as those resulting from the impacts of pandemics, could disproportionately impact our revenue, as customers may exit the industry or delay, cancel or reduce planned expenditures for our products. Instabilities or downturns in the hospitality industry, such as those resulting from the impact of COVID-19, could disproportionately impact our revenue, as customers may exit the industry or delay, cancel or reduce planned expenditures for our products.

Consolidation in the gaming and other hospitality industries could adversely affect our business.

Customers that we serve may seek to achieve economies of scale and other synergies by combining with or acquiring other companies. The hospitality industry has experienced recent consolidations, including the hotel and gaming sectors of the industry. Although recent consolidations in the hospitality industry have not materially adversely affected our business, there is no assurance that future consolidations will not have such affect. For example, if one of our current customers merges or consolidates with a company that relies on another provider’s products or services, it could decide to reduce or cease its purchases of products or services from us, which could have an adverse effect on our business.

---

Insolvencies in the hospitality industry could adversely affect our business.

Customers that we serve may be or become insolvent. Loss of revenue and other operating challenges may cause some of our customers to declare bankruptcy or cause their lenders to declare a default, accelerate the related debt, or foreclose on their property. Customers in bankruptcy may not have sufficient assets to pay us unpaid fees or reimbursements we are owed under their agreements with us. If a significant number of customers file for bankruptcy or otherwise fail to pay amounts owed to us, our revenues and liquidity could be adversely affected.

Risks Relating to Our Finances and Capital Structure

Our stock has been volatile and we expect that it will continue to be volatile.

During the year ended March 31, 2024, the trading price of our common stock ranged from a low close of $63.77 to a high close of $91.40. The market price for our common stock could be subject to wide fluctuations in response to many risk factors listed in this section, and others beyond our control. Factors affecting the trading price of our common stock may include:

Additionally, our ownership base has been and may continue to be concentrated in a few shareholders, which could increase the volatility of our common share price over time.

If we acquire new businesses, we may not be able to successfully integrate them or attain the anticipated benefits.

As part of our operating history and growth strategy, we have acquired other businesses. In the future, we may continue to seek acquisitions. We can provide no assurance that we will be able to identify and acquire targeted businesses or obtain financing for such acquisitions on satisfactory terms. The process of integrating acquired businesses into our operations may result in unforeseen difficulties and may require a disproportionate amount of resources and management attention. If integration of our acquired businesses is not successful, we may not realize the potential benefits of an acquisition or suffer other adverse effects.

Our financial results may be significantly impacted by changes in our tax position.

We are subject to taxes in the United States and numerous foreign jurisdictions. Our future effective tax rates could be impacted by changes in the mix of earnings in countries with differing statutory tax rates, changes in the valuation allowance on deferred tax assets (including our net operating loss carryforwards), changes in unrecognized tax benefits, or changes in tax laws or their interpretation. Any of these changes could have a material adverse effect on our profitability. In addition, the tax authorities in the jurisdictions in which we operate, including the United States, may from time to time review the pricing arrangements between us and our foreign subsidiaries or among our foreign subsidiaries. An adverse determination by one or more tax authorities in this regard may have a material adverse effect on our financial results.

We have significant deferred tax assets which can provide us with significant future cash tax savings if we are able to use them, including significant net operating losses. However, the extent to which we will be able to use these net operating losses may be impacted, restricted, or eliminated by a number of factors, including changes in tax rates, laws or regulations, and whether we generate sufficient future taxable income. To the extent that we are unable to utilize our net operating losses or other losses, our results of operations, liquidity, and financial condition could be materially adversely impacted. When we cease to have net operating losses available to us in a particular tax jurisdiction, either through their expiration, disallowance, or utilization, our cash tax liability will increase in that jurisdiction.

We are exposed to foreign currency exchange rate fluctuations that could negatively impact our financial results.

---

We earn revenue, pay expenses, own assets, and incur liabilities in countries using currencies other than the U.S. dollar, including the British pound sterling, euro, Indian rupee, Australian dollar, Singapore dollar, and Canadian dollar, among others. Because our consolidated financial statements are presented in U.S. dollars, we must translate revenue, expenses, assets, and liabilities of entities using non-U.S. dollar functional currencies into U.S. dollars using currency exchange rates in effect during or at the end of each reporting period, meaning that we are exposed to the impact of changes in currency exchange rates. In addition, the revaluation and settlement of monetary assets and liabilities denominated in currencies other than the U.S. dollar impact our net income with associated gains or losses recorded within other income (expense), net.

We may have exposure to greater than anticipated tax liabilities.

Some of our products and services may be subject to sales taxes in jurisdictions where we have not collected and remitted such taxes from our customers. We believe we have appropriately accrued for these contingencies. In the event actual results differ, we may need to make adjustments, which could materially impact our financial condition and results of operations. In the event that actual results differ from these reserves, we may need to make adjustments, which could materially impact our financial condition and results of operations.

We may incur goodwill and intangible asset impairment charges that adversely affect our operating results.

As of March 31, 2024, we had $32.8 million of goodwill and $17.0 million of intangible assets, net, on our Consolidated Balance Sheet. We review our indefinite-lived intangible assets including goodwill for impairment on at least an annual basis or more frequently if an event or events indicate the potential for impairment. We assess as needed whether there have been impairments in our other intangible assets. We make assumptions and estimates in our assessments that can be complex and subjective. In our assumptions and estimates we consider whether negative factors exist such as deteriorating economic conditions, disruptions to our business, inability to effectively integrate acquired businesses, intensified competition, market capitalization declines, or significant changes in use of the intangible assets. To the extent that such factors or other negative factors emerge, we may record non-cash impairment charges in the future that could negatively impact our financial condition and results of operations.

We may encounter risks associated with maintaining large cash balances.

While we have attempted to invest our cash balances in investments we considered to be relatively safe, we nevertheless confront credit and liquidity risks. Bank failures could result in reduced liquidity or the actual loss of money held in deposit accounts in excess of federally insured amounts, if any.

Other Risk Factors

Provisions of our corporate governance documents and Delaware Law could make an acquisition of the company more difficult and may prevent attempts by our stockholders to replace or remove our current management, even if beneficial to our stockholders.

Our certificate of incorporation and bylaws and the Delaware General Corporation Law (the “DGCL”), contain provisions that could make it more difficult for a third party to acquire us, even if doing so might be beneficial to our stockholders. These provisions include:

In addition, Section 203 of the DGCL may affect the ability of an “interested stockholder” to engage in certain business combinations, for a period of three years following the time that the stockholder becomes an “interested stockholder.”

Because our board of directors is responsible for appointing the members of our management team, these provisions could in turn affect any attempt to replace current members of our management team. As a result, you may lose your ability to sell your stock for a price in excess of the prevailing market price due to these protective measures, and efforts by stockholders to change the direction or management of the company may be unsuccessful.

---

Accounting principle updates could have a negative impact on our financial condition or operating results.

We prepare our Consolidated Financial Statements in conformity with U.S. generally accepted accounting principles (“GAAP”). Our application of new accounting principles can have a significant impact on our operating results including previously reported results subject to any retroactive treatment. In addition, new accounting principles may require significant changes to certain aspects of our business including how we operate and contract with our customers and suppliers. In order to manage such changes, we may incur significant costs to implement and maintain potentially extensive updates to our accounting systems and internal control over financial reporting that could negatively impact our financial condition and the results of our operations. Furthermore, difficulties or delays in applying new accounting principles could result in a failure to meet our financial reporting obligations.

If we fail to maintain an effective system of internal controls, we may be unable to prevent or detect fraud or internal control deficiencies including material weaknesses, which could have a material adverse impact on our business.

We design and operate our internal control over financial reporting to provide reasonable assurance about the reliability of financial reporting including the preparation of our Consolidated Financial Statements in accordance with GAAP. Because of its inherent limitations, our system of internal control over financial reporting may not prevent or detect every misstatement. Accordingly, although the Company’s management has concluded that our internal controls are effective as of March 31, 2024, we cannot provide absolute assurance that the objectives of our controls system are met. No evaluation of internal controls can provide absolute assurance that control matters and instances of fraud, if any, within our Company have been detected.

Item 1B. Unresolved Staff Comments.

None.

Item 1C. Cybersecurity.

We have an enterprise-wide information security program designed to identify, protect, detect and respond to and manage reasonably foreseeable cybersecurity risks and threats. To protect our information systems from cybersecurity threats, we use various security tools and third-party managed security services that help prevent, identify, escalate, investigate, resolve and recover from identified vulnerabilities and security incidents in a timely manner. These include, but are not limited to, internal reporting, monitoring and detection tools. We also evaluate the information security of potential partners and vendors as part of our selection process and attempt to negotiate adequate protections from such third parties when we enter into contracts with them. Although our security program is designed to identify, prioritize, assess, mitigate and remediate third party risks,, we rely on our partners and vendors to implement security programs commensurate with their risk, and we cannot ensure in all circumstances that their efforts will be successful.

We regularly assess risks from cybersecurity and technology threats and monitor our information systems for potential vulnerabilities. We use a widely-adopted risk quantification model to identify, measure and prioritize cybersecurity and technology risks and develop related security controls and safeguards. We conduct regular reviews and tests of our information security program and also leverage tabletop exercises, penetration and vulnerability testing, and third-party red team exercises to evaluate the effectiveness of our information security program and improve our security measures and planning. We also engage an external auditor to conduct annual Security and Organizational Controls 2 (SOC 2) examination of the security controls for systems storing customer data. The external auditor also conducts an annual payment card industry (PCI) data security standard review of our security controls protecting payment information, as well as third-party penetration testing of our cardholder environment and related systems.

Our systems periodically experience directed attacks intended to lead to interruptions and delays in our service and operations as well as loss, misuse or theft of personal information (of third parties, employees, and our customers) and other data, confidential information or intellectual property, and we have experienced an unauthorized release of certain data. However, to date no cybersecurity incidents have had a material impact on our business, financial condition or results of operations, and we are not presently aware of any cybersecurity threats that are reasonably likely to materially affect us. Any significant disruption to our service or access to our systems could result in a loss of customer data and adversely affect our business and results of operation. Further, a penetration of our systems or a third-party’s systems or other misappropriation or misuse of personal information could subject us to business, regulatory, litigation and reputation risk, which could have a material adverse effect on our business, financial condition and results of operations. See "Risk Factors — Cyber-attacks involving our systems and data could expose us to liability or harm our reputation and have a material adverse effect on our business.”

The Vice President and Chief Information Security Officer (CISO) leads the global information security organization responsible for overseeing our information security program. Our CISO has over 25 years of industry experience, including serving in similar roles

---

leading and overseeing cybersecurity programs at other public companies, and is a Certified Information Security Professional and Information Systems Security Architecture Professional. Team members who support our information security program have relevant educational and industry experience, including holding similar positions at large technology companies. Given the nature of our business, management is highly focused on identifying and managing cybersecurity risks, and our CISO and information security teams provide regular reports to senior management and other relevant teams on various cybersecurity threats, assessments and findings.

The Board has primary responsibility for oversight of the Company’s cybersecurity risks. The Audit Committee is also responsible for reviewing the Company’s information and cybersecurity risks and the steps that management has taken to protect against threats to the Company’s information systems and security, including results of periodic security assessments performed in conjunction with ongoing monitoring. The Audit Committee has formed a Cybersecurity Risk Subcommittee consisting of two independent directors to assist the Audit Committee in its oversight of cybersecurity risks. By its charter, all members of the Cybersecurity Risk Subcommittee must have a background or experience in information technology or cybersecurity and an understanding of cyber threats, risk mitigation and policy.

The results of our SOC2 and PCI assessments are reported to the Cybersecurity Risk Subcommittee. Both the Subcommittee and the Board receive regular reports from our CISO on various cybersecurity matters, including risk assessments, mitigation strategies, areas of emerging risks, incidents and industry trends, and other areas of importance. The Board also oversees our annual enterprise risk assessment, where we assess key risks within the company, including security and technology risks and cybersecurity threats.