San Francisco-based Cloudflare is among the next crop of billion-dollar startups going public this year.
The internet security and content delivery network (CDN) company serves as the Web infrastructure backbone for 18 percent of the top 10,000 websites in the world. Among its customers: Ivy League universities like Yale; business software provider SAP; retail juggernauts Walmart and Starbucks; fitness company Peloton; Amazon-owned smart doorbell company Ring; oh, and about 10 percent of the Fortune 1,000. So, when Cloudflare's service goes down, as happened twice this summer, it affects a huge number of websites and millions of people who use them.
On August 15, Cloudflare unveiled its S-1 filing, a first look at the state of the business as it prepares for its public debut on the New York Stock Exchange under the ticker symbol "NET." The company, which is still unprofitable, booked $192.7 million in revenue in 2018 with a reported net loss of $87.2 million. It's growing rapidly, however, with Cloudflare pulling in more than $129 million in revenue in the first six months of 2019, almost a 50 percent increase from the same period a year ago. Losses for the period rose slightly to $36.8 million, up from $32.5 million a year ago. Cloudflare also managed to boost the number of paying customers from 67,899 at the end of 2018 to 74,873 in the first six months of 2019.
Arguably, the more interesting details were buried elsewhere in Cloudflare's S-1.
It's willing to give more unsavory customers the boot.
In the risk factors section, which usually contains many of the juiciest details about a company, the company states that relationships with customers others deem "hostile" are a threat to its success. It specifically calls out 8chan, the notorious message board on which the suspected gunman of the El Paso shooting is said to have posted a white nationalist manifesto. In August, Cloudflare decided to terminate 8chan's account, which co-founder and CEO Matthew Prince deemed had crossed a line by repeatedly inspiring tragic events, including the mass shootings in El Paso and in Christchurch, New Zealand. Last year, it similarly decided to cut its services with the neo-Nazi website the Daily Stormer. The company notes these decisions have deterred potential customers from subscribing to its products as a result, but it does not rule out taking similar actions in the future.
Its IPO is code-named "Project Holloway."
Cloudflare has three co-founders but only two, Prince and COO Michelle Zatlyn, remain in the company. The third, Lee Holloway, who built Cloudflare's platform architecture and led the company's early engineering team, had to step down from the company in 2016 following the debilitating effects of a rare neurological disease. Honoring their co-founder's legacy, Prince and Zatlyn decided to give their confidential IPO process the code-name "Project Holloway." Trusts associated with Holloway also own a 3.2 percent stake in the company.
An escalating U.S.-China trade war would be a problem.
Fifty-two percent of Cloudflare's revenue in 2017 and 2018 came from international customers. While China represented only 5 percent of 2018 revenue, it is the only other country aside from the U.S. that the company tracks individually. Cloudflare maintains a presence in that nation thanks to a relationship agreement with Chinese tech company Baidu. As such, Cloudflare lists the U.S.-China trade war as a potential risk for its business, warning that regulatory action from either country could jeopardize their business relationship. From the S-1: "A lack of network presence in China would represent a significant loss of utility to many of our customers and could materially harm our business."
Cloudflare sees part of its mission as protecting certain groups--and it does it for free.
Cloudflare's mission is to use its technology to "help build a better internet," according to its S-1 filing. In addition to providing some of its security protections to users for free, it also maintains two different programs to support at-risk groups or organizations at no cost. Launched over five years ago, "Project Galileo" helps protect the online activity of nearly 600 at-risk customers, including independent journalists reporting on repressive regimes, civil society organizations, and minority rights and arts groups. In 2018, it created "Athenian Project" to defend state and local government's elections from malicious interference, and offered its services to local and state election officials in almost half of U.S. states, according to its S-1 filing.
It's not above challenging requests from law enforcement.
Cloudflare claims generally it does not provide customers' personal information to law enforcement agencies. "We strive to protect our customers' privacy consistent with applicable law," reads the S-1. In some instances, Cloudflare may choose to "legally challenge law enforcement requests" for encryption keys or content transitioning its network. The company also notes that it publishes a transparency report about this topic on a semi-annual basis.
Correction: This story has been updated to clarify the year Lee Holloway stepped down from Cloudflare, which the company misstated in its original S-1 filing.