Option Grant and Exercise Terms

Table of Contents Risks Related to Privacy Privacy concerns could limit our ability to collect and leverage member personal information and other data and disclosure of member personal information and other data could adversely impact our business and reputation. In the ordinary course of business and in particular in connection with content acquisition and merchandising our service to our members, we collect and utilize information supplied by our members, which may include personal information and other data. We are subject to laws, rules and regulations in the U.S. and in other countries relating to privacy and the collection, use and security of personal information, including but not limited to Regulation (EU) 2016/679 (also known as the General Data Protection Regulation or "GDPR") and the California Privacy Rights Act ("CPRA"). Any actual or perceived failure to comply with the GDPR, the CCPA/CPRA, other data privacy laws or regulations, or related contractual or other obligations, or any perceived privacy rights violation, could lead to investigations, claims, and proceedings by governmental entities and private parties, damages for contract breach, and other significant costs, penalties, and other liabilities, as well as harm to our reputation and market position. Other businesses have been criticized by privacy groups and governmental bodies for attempts to link personal identities and other information to data collected on the internet regarding users' browsing and other habits. Increased regulation of data utilization practices, including self-regulation or findings under existing laws that limit our ability to collect, transfer and use information and other data, could have an adverse effect on our business. In addition, if we were to disclose information and other data about our members in a manner that was objectionable to them, our business reputation could be adversely affected, and we could face potential legal claims that could impact our operating results. Internationally, we may become subject to additional and/or more stringent legal obligations concerning our treatment of member and other personal information, such as laws regarding data localization and/or restrictions on data export. Failure to comply with these obligations could subject us to liability, and to the extent that we need to alter our business model or practices to adapt to these obligations, we could incur additional expenses. Our reputation and relationships with members would be harmed if member personal information and other data, particularly billing data, were to be accessed by unauthorized persons. We maintain personal information and other data regarding our members, including names and billing information. This information and data is maintained on our own systems as well as that of third parties we use in our operations. With respect to billing information, such as credit card numbers, we rely on encryption and authentication technology to secure such information. We take measures to protect against unauthorized intrusion into our members' information and other data. Despite these measures and technologies we, our payment processing services or other third-party services we use such as AWS, could experience an unauthorized intrusion into our members' information and other data. In the event of such a breach, current and potential members may become unwilling to provide the information to us necessary for them to remain or become members. We also may be required to notify regulators about any actual or perceived data breach (including various state Attorneys General, one or more EU data protection authorities, or other data protection authorities) as well as the individuals who are affected by the incident within strict time periods. Additionally, we could face legal claims or regulatory fines or penalties for such a breach. The costs relating to any data breach could be material, and we currently do not carry insurance against the risk of a data breach. We also maintain personal information and other data concerning our employees, as well as personal information of others working on our productions. Should an unauthorized intrusion into our members' or employees' personal information and other data and/or production personal information occur, our business could be adversely affected and our larger reputation with respect to data protection could be negatively impacted. Risks Related to Liquidity The long-term and largely fixed cost nature of our content commitments may limit our operating flexibility and could adversely affect our liquidity and results of operations. In connection with licensing streaming content, we typically enter into multi-year commitments with studios and other content providers. We also enter into multi-year commitments for content that we produce, either directly or through third parties, including elements associated with these productions such as non-cancelable commitments under talent agreements. The payment terms of these agreements are not tied to member usage or the size of our membership base ("fixed cost") but may be determined by costs of production or tied to such factors as titles licensed and/or theatrical exhibition receipts. Such commitments, to the extent estimable under accounting standards, are included in the Contractual Obligations section of Part II, Item 7, "Management's Discussion and Analysis of Financial Condition and Results of Operations" and Note 7, Commitments and Contingencies in the accompanying notes to our consolidated financial statements included in Part II, Item 8, "Financial Statements and Supplementary Data" of this Annual Report on Form 10-K. Given the multiple-year duration and largely fixed cost nature of content commitments, if membership acquisition and retention do not meet our expectations, our margins may be 11

View entire presentation