CONFIDENTIAL TREATMENT REQUESTED
BY CLOUDFLARE, INC.: NET-001
CERTAIN PORTIONS OF THIS LETTER AS FILED VIA EDGAR HAVE BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED PURSUANT TO 17 CFR 200.83 WITH RESPECT TO THE OMITTED PORTIONS. OMITTED INFORMATION HAS BEEN REPLACED IN THIS LETTER AS FILED VIA EDGAR WITH A PLACEHOLDER IDENTIFIED BY THE MARK “[****].” THE OMITTED PORTIONS ARE BRACKETED IN THE UNREDACTED PAPER SUBMISSION FOR EASE OF IDENTIFICATION.
June 28, 2019
Via EDGAR and Overnight Delivery
U.S. Securities and Exchange Commission
Division of Corporation Finance
Office of Information Technologies and Services
100 F Street, N.E.
Washington, D.C. 20549
Attention: Barbara Jacobs
Stephen Krikorian |
Melissa Walsh |
Jeffrey Kauten |
| Re: | Cloudflare, Inc. |
Draft Registration Statement on Form S-1 |
Submitted May 24, 2019 |
CIK No. 0001477333 |
Ladies and Gentlemen:
On behalf of our client, Cloudflare, Inc. (“Cloudflare” or the “Company”), we submit this letter in response to comments from the staff (the “Staff”) of the Securities and Exchange Commission (the “Commission”) contained in its letter dated June 20, 2019, relating to the above referenced Draft Registration Statement on Form S-1 (the “Registration Statement”). We are concurrently submitting via EDGAR this letter and a revised draft of the Registration Statement (“Amendment No. 1”). For the Staff’s reference, we are providing to the Staff by overnight delivery copies of this letter as well as both a clean copy of Amendment No. 1 and a copy marked to show all changes from the version confidentially submitted on May 24, 2019.
In this letter, we have recited the comments from the Staff in italicized, bold type and have followed each comment with the Company’s response. Except for page references appearing in the headings and Staff comments below (which are references to the Registration Statement), all page references herein correspond to the page of Amendment No. 1.
Securities and Exchange Commission June 28, 2019 Page 2 | CONFIDENTIAL TREATMENT REQUESTED BY CLOUDFLARE, INC.: NET-001 |
Prospectus Summary
Overview, page 1
| 1. | For context, please disclose the percentage of the top million, 100,000 and 10,000 websites that use at least one paid product on your platform or advise. |
The Company respectfully advises the Staff that, as disclosed on pages 2 and 110 of Amendment No. 1, the percentages are derived from Datanyze, Market Share, 2019, based on the average percentage market share for website optimization, domain name system, security, and content delivery network solutions for websites in the Alexa top million, top 100,000, and top 10,000. The Company further advises the Staff that Datanyze does not distinguish between the Company’s market share of websites that use the Company’s platform on a free or paid basis, and that the Company is unable to separately derive this information from available sources. As a result, the Company advises the Staff that it is unable to provide this information.
Risk Factors
Risks Related to Ownership of Our Class A Common Stock
Delaware law and provisions in our amended and restated certificate of incorporation…, page 60
| 2. | Please briefly describe the types of amendments that will require the approval of two-thirds of the combined vote of your outstanding Class A and Class B common stock. |
In response to the Staff’s comment, the Company has revised the disclosure on page 61 of Amendment No. 1 to specify that the anti-takeover defenses listed on page 61 are the provisions referenced for which any amendment will require the approval of two-thirds of the combined vote of outstanding Class A and Class B common stock.
Management’s Discussion and Analysis of Financial Condition and Results of Operations
Our Business Model, page 75
| 3. | Please define enterprise customers. |
In response to the Staff’s comment, the Company has revised the disclosure on pages 5, 16, 78, and 120 of Amendment No. 1 to clarify that its enterprise customers are customers that have purchased the Company’s enterprise plan.
Securities and Exchange Commission June 28, 2019 Page 3 | CONFIDENTIAL TREATMENT REQUESTED BY CLOUDFLARE, INC.: NET-001 |
| 4. | In your discussion on page 79 of “new customer acquisition” as part of your “efficient go-to-market model,” you disclose the number of customers with Annualized Billings of greater than $100,000 as of the end of each period. Please explain how this metric helps to illustrate your new customer acquisitions. In this regard, clarify if the growth in the number of these customers is due to the acquisition of new customers or from existing customers that have expanded their annualized billings. |
In response to the Staff’s comment, the Company has revised the disclosure on page 80 of Amendment No. 1 to clarify the drivers of the Company’s growth. The Company respectfully advises the Staff that, as disclosed on page 84, the Company views the number of customers with Annualized Billings greater than $100,000 as indicative of the Company’s penetration within enterprise accounts. Increasing the number of enterprise accounts is a key aspect of the Company’s growth strategy as it looks to supplant an increasing share of its customers’ legacy hardware solutions. While the growth in the Company’s customers with Annualized Billings of greater than $100,000 is driven in part by new customer acquisitions, expansion of Annualized Billings with existing customers has also contributed to the increase.
Key Business Metrics
Dollar-Based Net Retention Rate, page 82
| 5. | You state that you have maintained a dollar-based net retention rate above 100% in each of the trailing seven quarters for the period ended December 31, 2018. Please provide the actual rates for each period presented. To the extent there are variances between the rates, revise to address any known underlying material trends. |
The Company respectfully advises the Staff that the Company’s dollar-based net retention rate over the trailing eight quarters for the period ended March 31, 2019 was [****]%, [****]%, [****]%, [****]%, [****]%, [****]%, [****]% and [****]%, respectively. The Company further advises the Staff that while there is some variation between the individual rates, the Company does not believe that there are any underlying material trends in such rates other than what has already been disclosed in Amendment No. 1.
| 6. | Your Dollar-Based Net Expansion Rate (DBNER) measures the expansion of usage among continuing customers but does not account for the decrease in the revenue attributable to former customers. To help us better understand your metric, please tell us how you measure retention of your customers. To the extent that it is material to an understanding of your customer count and the DBNER, please disclose and provide a discussion of your retention or attrition rate of customers. |
The Company respectfully advises the Staff that the Company’s dollar-based net retention rate metric measures the Company’s ability to retain and expand recurring revenue from existing customers. As disclosed on page 84 in Amendment No. 1, the Company calculates dollar-based net retention for a period by comparing the Annualized Billings from paid customers twelve months prior to the Annualized Billings from the same set of customers in the last month of the current period. Accordingly, the dollar-based net retention rate metric accounts for any decrease in billings attributable to former customers in the prior year period. As a result, the dollar-based net retention rate reflects both the expansion of the Company’s customer base as well as the retention and churn of its customers. The Company believes that the dollar-based net retention rate is more useful to investors than a retention or attrition rate as it takes into account a broader range of factors, including a customer’s Annualized Billings, which helps investors understand the Company’s ability to increase its revenue across its customer base.
Securities and Exchange Commission June 28, 2019 Page 4 | CONFIDENTIAL TREATMENT REQUESTED BY CLOUDFLARE, INC.: NET-001 |
Business
Why We Win, page 112
| 7. | We note that you achieved an average Net Promoter Score of 68 across your paying customers in the fourth quarter of 2018. Please briefly describe the method by which this score is calculated and how it correlates to your revenue growth or why it is otherwise significant to your business. |
The Company respectfully advises the Staff that the Company calculated its Net Promoter Score by conducting a survey of its paid customers, which customers could respond with a rating of 0 to 10. As is the industry standard for these measurements, Net Promoter Score can range from a low of -100 to a high of +100 and is calculated by subtracting the percentage of detractors (customers responding with a rating from 0 to 6) from the percentage of promoters (customers responding with a rating of 9 or 10). The Net Promoter Score measures the willingness of customers to recommend a company’s products or services to other potential customers. Companies view a Net Promoter Score as a proxy for measuring customers’ brand loyalty and satisfaction with a company’s product or service. As a result, this measure is an important indicator of the Company’s ability to retain and expand revenue from the Company’s existing customers, as well acquire new customers. In response to the Staff’s comment, the Company has revised the disclosure on page 120 to provide a brief explanation of this measure and why it is significant to the Company’s business.
Consolidated Statements of Cash Flows
Supplemental Disclosure of Non-cash Investing and Financing Activities, page F-7
| 8. | Your schedule of non-cash investing and financing activities includes the net change in accounts payable and accrued expenses related to property and equipment additions. Please confirm that this is the amount of the liability incurred for assets acquired during the reporting periods that remains unpaid as of the end of each of the reporting periods. Refer to ASC 230-10-50-3. |
The Company respectfully advises the Staff that its schedule of non-cash investing and financing activities includes the amount of the liability incurred for assets acquired during the reporting periods that remains unpaid as of the end of each of the reporting periods.
The Company applied the guidance provided by ASC 230-10-50-3, Noncash Investing and Financing Activities, when preparing the financial statements and applicable disclosures related to non-cash investing and financing activities presented in Amendment No. 1. During this preparation process, non-cash investing and financing activities were evaluated for proper cash flow statement presentation and inclusion in the required supplemental disclosures.
Securities and Exchange Commission June 28, 2019 Page 5 | CONFIDENTIAL TREATMENT REQUESTED BY CLOUDFLARE, INC.: NET-001 |
Notes to Consolidated Financial Statements
Note 2. Basis of Presentation and Summary of Significant Accounting Policies
Revenue Recognition, page F-10
| 9. | In your discussion of the step to determine the transaction price, you indicate that usage-based variable consideration is recognized in the period it is incurred. Please ensure you address usage-based fees throughout your revenue recognition policy. For example, explain the basis for your accounting for usage-based variable consideration in your discussion of subscription and support revenue and variable consideration on page F-11. |
The Company acknowledges the Staff’s comment and, in response, has revised the disclosure on pages 106 and F-12 of Amendment No. 1 to address the basis for its accounting for usage-based variable consideration in the explanation of subscription and support revenue.
Subscription and Support Revenue, page F-11
| 10. | You state that arrangements with customers generally do not provide the customer with the right to take possession of your software at any time. Please describe your accounting policy for those other arrangements with customers that do provide the customer with the right to take possession of your software. |
The Company respectfully advises the Staff that the Company has a hybrid cloud arrangement with one customer pursuant to which the customer received an on-premise term license installed at its co-locations operated by this customer as well as the right to use this software in order to make available the Company’s platform to a specific customer base. Additionally, this customer receives customization services, co-location provisioning services, ongoing support and maintenance, upgrade and updates, and access to the Company’s core integration point (the “Company Integration Point”). This customer has entered into the arrangement with the Company to set up and operate this network of its co-location facilities to provide the Company’s platform to this specific customer base.
The on-premise license requires the continuous communication from the Company Integration Point in order for this customer’s network co-location facilities to operate as intended for its specific customer base. Without the customer’s continuous access to the Company Integration Point, the customer cannot add or modify any new users to this network or receive any configuration changes to the Company’s existing platform deployed on this network, including functionality to continue to prevent DDoS attacks. To clarify, any changes made to the Company’s core platform (e.g., DDoS or WAF) requires the Company Integration Point to communicate the new configurations to this customer’s network. Without these communications, the Company’s platform would not operate as intended and, as a result, this customer’s ability to provide the Company’s platform to its specific customer base would be compromised. Thus, the software installed at this customer’s co-location facilities depends on the Company Integration Point to continue to be functional as intended and to comply with the obligations of the Company’s contract with this customer.
Consistent with ASC 606-10-25-21 and BC 29 of ASC 606, the Company concluded that the on-premise license, customization services, provisioning for the co-location facilities, the ongoing support and maintenance, updates and upgrades, and the operations of the Company Integration Point are not distinct within the context of the contract with this customer as they are highly integrated, interdependent, and interrelated as described under ASC 606-10-25-21(a) and (c). Together they result in a combined deliverable that is greater than the sum of the individual promised goods or services; that is, together they form the combined output of a functional network for this customer to provide the Company’s platform to its specific customer base. Therefore, after considering the nature of the deliverables, as well as this customer’s expectations, the Company determined the deliverables are not distinct in the context of the contract (ASC 606-10-25-19(b)) and should be accounted for as a single performance obligation.
Securities and Exchange Commission June 28, 2019 Page 6 | CONFIDENTIAL TREATMENT REQUESTED BY CLOUDFLARE, INC.: NET-001 |
Furthermore, the Company concluded that the guidance in ASC 606-10-25-27(a) is met since this customer is simultaneously receiving and consuming the benefits provided by the Company’s platform enabling it to continue to operate this functional network to its specific customer base. The objective of the arrangement is for this customer to continuously access the Company’s platform in order to operate the network for the benefit of the specific customer base. Accordingly, the Company recognizes its revenue under this arrangement over time.
Nonmonetary Transactions, page F-13
| 11. | We note that your nonmonetary transactions are recorded at the estimated fair value of the services received from or provided to the counterparty, whichever is more clearly evident. Tell us how this accounting policy complies with the guidance ASC 606-10-32-21 and 32-22. |
The Company respectfully advises the Staff that at contract inception, the Company measured the fair value of the non-cash consideration received in order to determine the transaction price of its non-monetary arrangements, in accordance with ASC 606-10-32-21. In response to the Staff’s comment, the Company has revised the disclosure on pages F-14 and F-15 of Amendment No. 1 to enhance the disclosure regarding this accounting policy.
General
| 12. | You state on page 28 of the registration statement that you self-disclosed to OFAC noncompliance with economic and trade sanctions programs related to entities identified in OFAC’s counter-terrorism sanctions or affiliated with governments subject to comprehensive U.S. sanctions. Iran, Sudan and Syria are designated by the Department of State as state sponsors of terrorism, and are subject to U.S. economic sanctions and/or export controls. |
Please describe to us the nature and extent of any past, current, and anticipated contacts with Iran, Sudan and Syria, including contacts with their governments, whether through subsidiaries, affiliates, partners, resellers, customers, joint ventures or other direct or indirect arrangements. To the extent Cloudflare has self-reported to OFAC possible violations of Iran, Sudan or Syria economic sanctions, please describe the transactions to us and tell us the maximum dollar amount of the potential related penalties.
The Company respectfully advises the Staff that the Company’s global cloud platform delivers a broad range of network services to over 18 million Internet properties around the world to help improve their performance, reliability and security. The vast majority of the Company’s customers use the Company’s services for free (“Free services”). The Company’s Free services are intended for personal users, such as individuals with a personal website as well as trial users. The Company offers Free services to customers in countries around the world, including in Iran, Sudan and Syria.
Securities and Exchange Commission June 28, 2019 Page 7 | CONFIDENTIAL TREATMENT REQUESTED BY CLOUDFLARE, INC.: NET-001 |
The Company believes the services that it provides in Iran and Syria are authorized under general licenses for Internet-based communications, personal communications, and telecommunications issued by OFAC under its Iran and Syria sanctions regulations. These general licenses and the Company’s services are supportive of U.S. government policies in favor of an open and free Internet. As of 2017, Sudan is no longer subject to comprehensive U.S. economic sanctions. Before then, similar general licenses had been in place under OFAC’s Sudan sanctions regulations.
Although the OFAC personal communications general license for Iran authorizes certain paid services for customers in Iran, in early 2018 the Company decided as a matter of policy to limit its offerings for new customers in Iran to Free services.
The Company has no past, current, or anticipated employees or other personnel, offices, data centers, or other business relationships in Iran, Syria, or any other country subject to comprehensive sanctions. In order to deliver web content from the Company’s network, the Company exchanges Internet traffic with Internet service providers (ISPs) from sanctioned countries at facilities located outside those countries. The Company does not make any payments to, or receive any payments from, ISPs or other business partners from Iran, Syria, or any other country subject to comprehensive sanctions.
On May 24, 2019, the Company submitted an initial notification of a voluntary self-disclosure to OFAC identifying apparent violations of the economic sanctions administered by OFAC. Although the Company is continuing to review this matter, the Company has identified a small number of user accounts involving the provision of services to parties from Iran or Syria that may not have been covered by the general licenses referenced above. The Company believes that a subset of these users may have made de minimis payments to the Company. The Company terminated services to current users upon discovering these potential sanctions violations. Once the Company completes its review, it will update the disclosure in the Registration Statement as appropriate.
OFAC’s published economic sanctions enforcement guidelines provide for a range of responses to apparent violations of sanctions, from a decision by OFAC to take no action to significant monetary penalties where violations are deemed to be “egregious” by OFAC and are not voluntarily disclosed. The Company believes that the small number of transactions that are potential violations, the fact that the Company has voluntarily disclosed these transactions to OFAC and taken remedial actions, and other factors, mitigate the likelihood of significant monetary penalties related to these matters.
| 13. | Please supplementally provide us with copies of all written communications, as defined in Rule 405 under the Securities Act, that you, or anyone authorized to do so on your behalf, present to potential investors in reliance on Section 5(d) of the Securities Act, whether or not they retain copies of the communications. |
The Company respectfully advises the Staff that there are no written communications that have been presented to potential investors by the Company or anyone authorized to do so on the Company’s behalf in reliance on Section 5(d) of the Securities Act of 1933, as amended. To the extent that such materials are presented to potential investors by the Company or anyone authorized to do so on the Company’s behalf, the Company will supplementally provide copies to the Staff.
Securities and Exchange Commission June 28, 2019 Page 8 | CONFIDENTIAL TREATMENT REQUESTED BY CLOUDFLARE, INC.: NET-001 |
| 14. | Please supplementally provide us with copies of any graphical materials or artwork you intend to use in your prospectus. Upon review of such materials, we may have further comments. For guidance, refer to Question 101.02 of our Securities Act Forms Compliance and Disclosure Interpretations. |
The Company respectfully advises the Staff that, once available, it will supplementally provide the Staff with copies of the Company’s proposed graphics and artwork that it intends to use.
| 15. | Please disclose the source of the following assertions in your prospectus: |
| • | you are leading the transition at the network layer to the cloud (pages 1, 3, 102 and 106); and |
| • | you have a leading cryptography research team (page 124). |
The Company respectfully advises the Staff that, as disclosed on pages 2, 6, 110, 115, 122, and 130 of Amendment No. 1, approximately 10% of the Fortune 1,000 are paying Cloudflare customers. Additionally, across the broader Internet, approximately 10% of the top million, 17% of the top 100,000, and 19% of the top 10,000 websites use at least one product on the Company’s platform on a paid or free basis. In addition to these market penetration statistics, the Company respectfully advises the Staff that its continually expanding product offerings and its recent revenue growth support its assertion that it is leading the transition at the network layer to the cloud.
Further, the Company notes that W3Techs, a division of Q-Success Web-based Services, an independent collector of information about the usage of various types of technologies used for building and running websites, has reported that the Company has over 75% market share for reverse proxy services (see https://w3techs.com/technologies/history_overview/proxy). A reverse proxy is a server that sits in front of one or more web servers, intercepting requests from clients. With a reverse proxy, when clients send requests to the origin server of a website, those requests are intercepted at the network edge by the reverse proxy server. The reverse proxy server then sends requests to and receives responses from the origin server. Reverse proxy services represent an increasingly common layer of the network, and the Company respectfully submits that its market share for reverse proxy services provides additional support for its assertion that it is leading the transition at the network layer to the cloud.
The Company further advises the Staff that members of its cryptography team have co-authored multiple papers in peer-reviewed journals, collaborated with universities, and served as key contributors to published Internet standards documents with the Internet Engineering Task Force. As a result, the Company respectfully submits to the Staff that its cryptography team’s frequent and important contributions to the Internet security industry support the Company’s assertion that it has a leading cryptography research team.
*****
Securities and Exchange Commission June 28, 2019 Page 9 | CONFIDENTIAL TREATMENT REQUESTED BY CLOUDFLARE, INC.: NET-001 |
Please direct any questions regarding the Company’s responses or Amendment No. 1 to me at (650) 565-3765 or aspinner@wsgr.com.
| Sincerely, |
WILSON SONSINI GOODRICH & ROSATI Professional Corporation |
/s/ Allison B. Spinner |
| Allison B. Spinner |
| cc: | Matthew Prince, Cloudflare, Inc. |
Douglas J. Kramer, Cloudflare, Inc. |
Chad A. Skinner, Cloudflare, Inc. |
Steven E. Bochner, Wilson Sonsini Goodrich & Rosati, P.C. |
Bryan D. King, Wilson Sonsini Goodrich & Rosati, P.C. |
James D. Evans, Fenwick & West LLP |
Ran D. Ben-Tzur, Fenwick & West LLP |