2/24/2018 S-1 Table of Contents these laws increases as we continue to expand our international presence and any failure to comply with such laws could harm our reputation and our business. We are subject to export and import control laws and regulations that could impair our ability to compete in international markets or subject us to liability if we violate such laws and regulations. We are subject to U.S. export controls and sanctions regulations that prohibit the shipment or provision of certain products and services to certain countries, governments, and persons targeted by U.S. sanctions. While we take precautions to prevent our products and services from being exported in violation of these laws, including implementing IP address blocking, we cannot guarantee that the precautions we take will prevent violations of export control and sanctions laws. For example, in 2011, we provided certain downloadable portions of our software to international users that, prior to export, required either a one­time product review or application for an encryption registration number in lieu of such product review. These exports were likely made in violation of U.S. export control and sanction laws. In March 2011, we filed a Final Voluntary Self Disclosure with the U.S. Department of Commerce’s Bureau of Industry and Security, or BIS, concerning these potential violations. In June 2012, BIS notified us that it had completed its review of these matters and closed its review with the issuance of a Warning Letter. No monetary penalties were assessed against us by BIS with respect to the 2011 filing. In addition, in 2017, we discovered that our platform has been accessed by certain users in apparent violation of United States sanctions regulations. We filed an Initial Voluntary Self Disclosure in October 2017 with the Office of Foreign Assets Control, or OFAC, and a Final Voluntary Self Disclosure with OFAC in February 2018. If we are found to be in violation of U.S. sanctions or export control laws, it could result in substantial fines and penalties for us and for the individuals working for us. In addition, various countries regulate the import and export of certain encryption and other technology, including import and export permitting and licensing requirements, and have enacted laws that could limit our ability to distribute our products or could limit our users’ ability to access our platform in those countries. Changes in our platform or client­side software, or future changes in export and import regulations may prevent our users with international operations from deploying our platform globally or, in some cases, prevent the export or import of our platform to certain countries, governments, or persons altogether. Any change in export or import regulations, economic sanctions or related legislation, or change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our platform by, or in our decreased ability to export or sell subscriptions to our platform to, existing or potential users with international operations. Any decreased use of our platform or limitation on our ability to export or sell our products would likely adversely affect our business, results of operations, and financial results. Our actual or perceived failure to comply with privacy, data protection, and information security laws, regulations, and obligations could harm our business. We receive, store, process, and use personal information and other user content. There are numerous federal, state, local, and international laws and regulations regarding privacy, data protection, information security, and the storing, sharing, use, processing, transfer, disclosure, and protection of personal information and other content, the scope of which are changing, subject to differing interpretations, and may be inconsistent among countries, or conflict with other rules. We are also subject to the terms of our privacy policies and obligations to third parties related to privacy, data protection, and information security. We strive to comply with applicable laws, regulations, policies, and other legal obligations relating to privacy, data protection, and information security to the extent possible. However, the regulatory framework for privacy and data protection worldwide is, and is likely to remain, uncertain for the foreseeable future, and it is possible that these or other actual or alleged obligations may be interpreted and applied in a manner that is inconsistent from one jurisdiction to another and may conflict with other rules or our practices. We also expect that there will continue to be new laws, regulations, and industry standards concerning privacy, data protection, and information security proposed and enacted in various jurisdictions. For example, 27 https://www.sec.gov/Archives/edgar/data/1467623/000119312518055809/d451946ds1.htm 34/235