Risk Management and Strategy

The Company relies on information systems and the data stored on them to conduct its operations. Our cybersecurity risk management program is designed to allow us to identify, assess, and manage cybersecurity risks. Our Chief Technology Officer, with the support of our IT Manager, assesses and manages cybersecurity risk, including preventing, mitigating, detecting, and addressing cybersecurity incidents, if any. Our Chief Technology Officer has 30+ years of experience leading and managing consumer facing services at scale. He has a Bachelor of Science in Computer Science and has led and managed both engineering and Enterprise IT teams across large scale organizations focused on delivering secure and performant consumer products. Our Chief Technology Officer also works closely with other management positions to ensure that the Company understands its cybersecurity risk management responsibilities.

To operate our business, we utilize third-party service providers to perform various functions, such as outsourced business-critical functions, professional services, SaaS platforms, cloud-based infrastructure, content delivery to third parties, and other functions. We engage reliable, reputable service providers that maintain cybersecurity programs and we conduct upfront cybersecurity reviews as part of our onboarding process for partners.

Governance

The Company reports on its information security program to the Audit Committee of the Board of Directors (the “Audit Committee”). The Audit Committee is responsible for overseeing the Company’s cybersecurity and information security procedures. The Audit Committee reports matters to the Board of Directors as needed. Our cybersecurity risks are identified and addressed through a comprehensive, cross-functional approach. Key security, risk, and compliance stakeholders meet regularly to develop strategies for preserving the confidentiality, integrity and availability of Company and customer information, identifying, preventing, and mitigating cybersecurity threats, and effectively responding to cybersecurity incidents.

We have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us. However, like other companies in our industry, we and our third-party vendors have from time-to-time experienced threats to and security incidents relating to our information systems. For more information, please see the section entitled “Risk Factors” in this Annual Report on Form 10-K.