zs-20240731
00017136832024FYfalsehttp://fasb.org/us-gaap/2024#AccountingStandardsUpdate202006MemberP1YP3YP4YP3YP1YP4YP1Mhttp://www.zscaler.com/20240731#RestructuringAndOtherCosts0.0066453iso4217:USDxbrli:sharesiso4217:USDxbrli:shareszs:segmentxbrli:purezs:trading_dayzs:periodzs:vote00017136832023-08-012024-07-3100017136832024-01-3100017136832024-08-3000017136832024-07-3100017136832023-07-3100017136832022-08-012023-07-3100017136832021-08-012022-07-310001713683us-gaap:CommonStockMember2021-07-310001713683us-gaap:AdditionalPaidInCapitalMember2021-07-310001713683us-gaap:AccumulatedOtherComprehensiveIncomeMember2021-07-310001713683us-gaap:RetainedEarningsMember2021-07-3100017136832021-07-310001713683us-gaap:CommonStockMember2021-08-012022-07-310001713683us-gaap:AdditionalPaidInCapitalMember2021-08-012022-07-310001713683us-gaap:AccumulatedOtherComprehensiveIncomeMember2021-08-012022-07-310001713683us-gaap:RetainedEarningsMember2021-08-012022-07-310001713683us-gaap:CommonStockMember2022-07-310001713683us-gaap:AdditionalPaidInCapitalMember2022-07-310001713683us-gaap:AccumulatedOtherComprehensiveIncomeMember2022-07-310001713683us-gaap:RetainedEarningsMember2022-07-3100017136832022-07-310001713683srt:CumulativeEffectPeriodOfAdoptionAdjustmentMemberus-gaap:AdditionalPaidInCapitalMember2022-07-310001713683srt:CumulativeEffectPeriodOfAdoptionAdjustmentMemberus-gaap:RetainedEarningsMember2022-07-310001713683srt:CumulativeEffectPeriodOfAdoptionAdjustmentMember2022-07-310001713683us-gaap:CommonStockMember2022-08-012023-07-310001713683us-gaap:AdditionalPaidInCapitalMember2022-08-012023-07-310001713683us-gaap:AccumulatedOtherComprehensiveIncomeMember2022-08-012023-07-310001713683us-gaap:RetainedEarningsMember2022-08-012023-07-310001713683us-gaap:CommonStockMember2023-07-310001713683us-gaap:AdditionalPaidInCapitalMember2023-07-310001713683us-gaap:AccumulatedOtherComprehensiveIncomeMember2023-07-310001713683us-gaap:RetainedEarningsMember2023-07-310001713683us-gaap:CommonStockMember2023-08-012024-07-310001713683us-gaap:AdditionalPaidInCapitalMember2023-08-012024-07-310001713683us-gaap:AccumulatedOtherComprehensiveIncomeMember2023-08-012024-07-310001713683us-gaap:RetainedEarningsMember2023-08-012024-07-310001713683us-gaap:CommonStockMember2024-07-310001713683us-gaap:AdditionalPaidInCapitalMember2024-07-310001713683us-gaap:AccumulatedOtherComprehensiveIncomeMember2024-07-310001713683us-gaap:RetainedEarningsMember2024-07-310001713683srt:MinimumMember2023-08-012024-07-310001713683srt:MaximumMember2023-08-012024-07-310001713683srt:MinimumMember2024-07-310001713683srt:MaximumMember2024-07-310001713683zs:ServersAndNetworkingEquipmentMember2023-07-310001713683zs:ServersAndNetworkingEquipmentMember2023-10-310001713683zs:LongLivedTangibleAssetsAmortizationPeriodMemberzs:ServersAndNetworkingEquipmentMember2023-08-012024-07-310001713683srt:MinimumMemberus-gaap:SoftwareDevelopmentMember2024-07-310001713683srt:MaximumMemberus-gaap:SoftwareDevelopmentMember2024-07-310001713683srt:CumulativeEffectPeriodOfAdoptionAdjustmentMember2022-08-010001713683srt:CumulativeEffectPeriodOfAdoptionAdjustmentMemberus-gaap:AdditionalPaidInCapitalMember2022-08-010001713683srt:CumulativeEffectPeriodOfAdoptionAdjustmentMemberus-gaap:RetainedEarningsMember2022-08-0100017136832022-08-012022-08-010001713683us-gaap:ProductConcentrationRiskMemberus-gaap:TransferredOverTimeMemberzs:SubscriptionAndSupportMemberus-gaap:SalesRevenueNetMember2021-08-012022-07-310001713683us-gaap:ProductConcentrationRiskMemberus-gaap:TransferredOverTimeMemberzs:SubscriptionAndSupportMemberus-gaap:SalesRevenueNetMember2022-08-012023-07-310001713683us-gaap:ProductConcentrationRiskMemberus-gaap:TransferredOverTimeMemberzs:SubscriptionAndSupportMemberus-gaap:SalesRevenueNetMember2023-08-012024-07-310001713683country:USus-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMember2023-08-012024-07-310001713683country:USus-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMember2022-08-012023-07-310001713683country:USus-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMember2021-08-012022-07-310001713683us-gaap:EMEAMemberus-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMember2023-08-012024-07-310001713683us-gaap:EMEAMemberus-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMember2022-08-012023-07-310001713683us-gaap:EMEAMemberus-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMember2021-08-012022-07-310001713683srt:AsiaPacificMemberus-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMember2023-08-012024-07-310001713683srt:AsiaPacificMemberus-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMember2022-08-012023-07-310001713683srt:AsiaPacificMemberus-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMember2021-08-012022-07-310001713683zs:OtherMemberus-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMember2023-08-012024-07-310001713683zs:OtherMemberus-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMember2022-08-012023-07-310001713683zs:OtherMemberus-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMember2021-08-012022-07-310001713683us-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMember2023-08-012024-07-310001713683us-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMember2022-08-012023-07-310001713683us-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMember2021-08-012022-07-310001713683zs:ChannelPartnersMemberus-gaap:CustomerConcentrationRiskMemberus-gaap:SalesRevenueNetMember2023-08-012024-07-310001713683zs:ChannelPartnersMemberus-gaap:CustomerConcentrationRiskMemberus-gaap:SalesRevenueNetMember2022-08-012023-07-310001713683zs:ChannelPartnersMemberus-gaap:CustomerConcentrationRiskMemberus-gaap:SalesRevenueNetMember2021-08-012022-07-310001713683zs:DirectCustomersMemberus-gaap:CustomerConcentrationRiskMemberus-gaap:SalesRevenueNetMember2023-08-012024-07-310001713683zs:DirectCustomersMemberus-gaap:CustomerConcentrationRiskMemberus-gaap:SalesRevenueNetMember2022-08-012023-07-310001713683zs:DirectCustomersMemberus-gaap:CustomerConcentrationRiskMemberus-gaap:SalesRevenueNetMember2021-08-012022-07-310001713683us-gaap:CustomerConcentrationRiskMemberus-gaap:SalesRevenueNetMember2023-08-012024-07-310001713683us-gaap:CustomerConcentrationRiskMemberus-gaap:SalesRevenueNetMember2022-08-012023-07-310001713683us-gaap:CustomerConcentrationRiskMemberus-gaap:SalesRevenueNetMember2021-08-012022-07-3100017136832024-08-012024-07-3100017136832025-08-012024-07-310001713683us-gaap:MoneyMarketFundsMember2024-07-310001713683us-gaap:USTreasurySecuritiesMember2024-07-310001713683us-gaap:USGovernmentAgenciesDebtSecuritiesMember2024-07-310001713683us-gaap:CertificatesOfDepositMember2024-07-310001713683us-gaap:USTreasurySecuritiesMember2024-07-310001713683us-gaap:USGovernmentAgenciesDebtSecuritiesMember2024-07-310001713683us-gaap:CorporateDebtSecuritiesMember2024-07-310001713683us-gaap:MoneyMarketFundsMember2023-07-310001713683us-gaap:USTreasurySecuritiesMember2023-07-310001713683us-gaap:USGovernmentAgenciesDebtSecuritiesMember2023-07-310001713683us-gaap:CorporateDebtSecuritiesMember2023-07-310001713683us-gaap:USTreasurySecuritiesMember2023-07-310001713683us-gaap:USGovernmentAgenciesDebtSecuritiesMember2023-07-310001713683us-gaap:CorporateDebtSecuritiesMember2023-07-310001713683us-gaap:MoneyMarketFundsMemberus-gaap:FairValueMeasurementsRecurringMember2024-07-310001713683us-gaap:MoneyMarketFundsMemberus-gaap:FairValueInputsLevel1Memberus-gaap:FairValueMeasurementsRecurringMember2024-07-310001713683us-gaap:MoneyMarketFundsMemberus-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMember2024-07-310001713683us-gaap:MoneyMarketFundsMemberus-gaap:FairValueInputsLevel3Memberus-gaap:FairValueMeasurementsRecurringMember2024-07-310001713683us-gaap:USTreasurySecuritiesMemberus-gaap:FairValueMeasurementsRecurringMember2024-07-310001713683us-gaap:USTreasurySecuritiesMemberus-gaap:FairValueInputsLevel1Memberus-gaap:FairValueMeasurementsRecurringMember2024-07-310001713683us-gaap:USTreasurySecuritiesMemberus-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMember2024-07-310001713683us-gaap:USTreasurySecuritiesMemberus-gaap:FairValueInputsLevel3Memberus-gaap:FairValueMeasurementsRecurringMember2024-07-310001713683us-gaap:USGovernmentAgenciesDebtSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMember2024-07-310001713683us-gaap:USGovernmentAgenciesDebtSecuritiesMemberus-gaap:FairValueInputsLevel1Memberus-gaap:FairValueMeasurementsRecurringMember2024-07-310001713683us-gaap:USGovernmentAgenciesDebtSecuritiesMemberus-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMember2024-07-310001713683us-gaap:USGovernmentAgenciesDebtSecuritiesMemberus-gaap:FairValueInputsLevel3Memberus-gaap:FairValueMeasurementsRecurringMember2024-07-310001713683us-gaap:CertificatesOfDepositMemberus-gaap:FairValueMeasurementsRecurringMember2024-07-310001713683us-gaap:CertificatesOfDepositMemberus-gaap:FairValueInputsLevel1Memberus-gaap:FairValueMeasurementsRecurringMember2024-07-310001713683us-gaap:CertificatesOfDepositMemberus-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMember2024-07-310001713683us-gaap:CertificatesOfDepositMemberus-gaap:FairValueInputsLevel3Memberus-gaap:FairValueMeasurementsRecurringMember2024-07-310001713683us-gaap:FairValueMeasurementsRecurringMember2024-07-310001713683us-gaap:FairValueInputsLevel1Memberus-gaap:FairValueMeasurementsRecurringMember2024-07-310001713683us-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMember2024-07-310001713683us-gaap:FairValueInputsLevel3Memberus-gaap:FairValueMeasurementsRecurringMember2024-07-310001713683us-gaap:FairValueMeasurementsRecurringMemberus-gaap:USTreasurySecuritiesMember2024-07-310001713683us-gaap:FairValueInputsLevel1Memberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:USTreasurySecuritiesMember2024-07-310001713683us-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:USTreasurySecuritiesMember2024-07-310001713683us-gaap:FairValueInputsLevel3Memberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:USTreasurySecuritiesMember2024-07-310001713683us-gaap:FairValueMeasurementsRecurringMemberus-gaap:USGovernmentAgenciesDebtSecuritiesMember2024-07-310001713683us-gaap:FairValueInputsLevel1Memberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:USGovernmentAgenciesDebtSecuritiesMember2024-07-310001713683us-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:USGovernmentAgenciesDebtSecuritiesMember2024-07-310001713683us-gaap:FairValueInputsLevel3Memberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:USGovernmentAgenciesDebtSecuritiesMember2024-07-310001713683us-gaap:FairValueMeasurementsRecurringMemberus-gaap:CorporateDebtSecuritiesMember2024-07-310001713683us-gaap:FairValueInputsLevel1Memberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:CorporateDebtSecuritiesMember2024-07-310001713683us-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:CorporateDebtSecuritiesMember2024-07-310001713683us-gaap:FairValueInputsLevel3Memberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:CorporateDebtSecuritiesMember2024-07-310001713683us-gaap:ForeignExchangeForwardMemberus-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:FairValueMeasurementsRecurringMember2024-07-310001713683us-gaap:FairValueInputsLevel1Memberus-gaap:ForeignExchangeForwardMemberus-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:FairValueMeasurementsRecurringMember2024-07-310001713683us-gaap:FairValueInputsLevel2Memberus-gaap:ForeignExchangeForwardMemberus-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:FairValueMeasurementsRecurringMember2024-07-310001713683us-gaap:FairValueInputsLevel3Memberus-gaap:ForeignExchangeForwardMemberus-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:FairValueMeasurementsRecurringMember2024-07-310001713683us-gaap:InterestRateContractMemberus-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:FairValueMeasurementsRecurringMember2024-07-310001713683us-gaap:FairValueInputsLevel1Memberus-gaap:InterestRateContractMemberus-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:FairValueMeasurementsRecurringMember2024-07-310001713683us-gaap:FairValueInputsLevel2Memberus-gaap:InterestRateContractMemberus-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:FairValueMeasurementsRecurringMember2024-07-310001713683us-gaap:FairValueInputsLevel3Memberus-gaap:InterestRateContractMemberus-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:FairValueMeasurementsRecurringMember2024-07-310001713683us-gaap:ForeignExchangeForwardMemberus-gaap:NondesignatedMemberus-gaap:FairValueMeasurementsRecurringMember2024-07-310001713683us-gaap:FairValueInputsLevel1Memberus-gaap:ForeignExchangeForwardMemberus-gaap:NondesignatedMemberus-gaap:FairValueMeasurementsRecurringMember2024-07-310001713683us-gaap:FairValueInputsLevel2Memberus-gaap:ForeignExchangeForwardMemberus-gaap:NondesignatedMemberus-gaap:FairValueMeasurementsRecurringMember2024-07-310001713683us-gaap:FairValueInputsLevel3Memberus-gaap:ForeignExchangeForwardMemberus-gaap:NondesignatedMemberus-gaap:FairValueMeasurementsRecurringMember2024-07-310001713683us-gaap:MoneyMarketFundsMemberus-gaap:FairValueMeasurementsRecurringMember2023-07-310001713683us-gaap:MoneyMarketFundsMemberus-gaap:FairValueInputsLevel1Memberus-gaap:FairValueMeasurementsRecurringMember2023-07-310001713683us-gaap:MoneyMarketFundsMemberus-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMember2023-07-310001713683us-gaap:MoneyMarketFundsMemberus-gaap:FairValueInputsLevel3Memberus-gaap:FairValueMeasurementsRecurringMember2023-07-310001713683us-gaap:USTreasurySecuritiesMemberus-gaap:FairValueMeasurementsRecurringMember2023-07-310001713683us-gaap:USTreasurySecuritiesMemberus-gaap:FairValueInputsLevel1Memberus-gaap:FairValueMeasurementsRecurringMember2023-07-310001713683us-gaap:USTreasurySecuritiesMemberus-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMember2023-07-310001713683us-gaap:USTreasurySecuritiesMemberus-gaap:FairValueInputsLevel3Memberus-gaap:FairValueMeasurementsRecurringMember2023-07-310001713683us-gaap:USGovernmentAgenciesDebtSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMember2023-07-310001713683us-gaap:USGovernmentAgenciesDebtSecuritiesMemberus-gaap:FairValueInputsLevel1Memberus-gaap:FairValueMeasurementsRecurringMember2023-07-310001713683us-gaap:USGovernmentAgenciesDebtSecuritiesMemberus-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMember2023-07-310001713683us-gaap:USGovernmentAgenciesDebtSecuritiesMemberus-gaap:FairValueInputsLevel3Memberus-gaap:FairValueMeasurementsRecurringMember2023-07-310001713683us-gaap:CorporateDebtSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMember2023-07-310001713683us-gaap:CorporateDebtSecuritiesMemberus-gaap:FairValueInputsLevel1Memberus-gaap:FairValueMeasurementsRecurringMember2023-07-310001713683us-gaap:CorporateDebtSecuritiesMemberus-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMember2023-07-310001713683us-gaap:CorporateDebtSecuritiesMemberus-gaap:FairValueInputsLevel3Memberus-gaap:FairValueMeasurementsRecurringMember2023-07-310001713683us-gaap:FairValueMeasurementsRecurringMember2023-07-310001713683us-gaap:FairValueInputsLevel1Memberus-gaap:FairValueMeasurementsRecurringMember2023-07-310001713683us-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMember2023-07-310001713683us-gaap:FairValueInputsLevel3Memberus-gaap:FairValueMeasurementsRecurringMember2023-07-310001713683us-gaap:FairValueMeasurementsRecurringMemberus-gaap:USTreasurySecuritiesMember2023-07-310001713683us-gaap:FairValueInputsLevel1Memberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:USTreasurySecuritiesMember2023-07-310001713683us-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:USTreasurySecuritiesMember2023-07-310001713683us-gaap:FairValueInputsLevel3Memberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:USTreasurySecuritiesMember2023-07-310001713683us-gaap:FairValueMeasurementsRecurringMemberus-gaap:USGovernmentAgenciesDebtSecuritiesMember2023-07-310001713683us-gaap:FairValueInputsLevel1Memberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:USGovernmentAgenciesDebtSecuritiesMember2023-07-310001713683us-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:USGovernmentAgenciesDebtSecuritiesMember2023-07-310001713683us-gaap:FairValueInputsLevel3Memberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:USGovernmentAgenciesDebtSecuritiesMember2023-07-310001713683us-gaap:FairValueMeasurementsRecurringMemberus-gaap:CorporateDebtSecuritiesMember2023-07-310001713683us-gaap:FairValueInputsLevel1Memberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:CorporateDebtSecuritiesMember2023-07-310001713683us-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:CorporateDebtSecuritiesMember2023-07-310001713683us-gaap:FairValueInputsLevel3Memberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:CorporateDebtSecuritiesMember2023-07-310001713683us-gaap:ForeignExchangeForwardMemberus-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:FairValueMeasurementsRecurringMember2023-07-310001713683us-gaap:FairValueInputsLevel1Memberus-gaap:ForeignExchangeForwardMemberus-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:FairValueMeasurementsRecurringMember2023-07-310001713683us-gaap:FairValueInputsLevel2Memberus-gaap:ForeignExchangeForwardMemberus-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:FairValueMeasurementsRecurringMember2023-07-310001713683us-gaap:FairValueInputsLevel3Memberus-gaap:ForeignExchangeForwardMemberus-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:FairValueMeasurementsRecurringMember2023-07-310001713683us-gaap:InterestRateContractMemberus-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:FairValueMeasurementsRecurringMember2023-07-310001713683us-gaap:FairValueInputsLevel1Memberus-gaap:InterestRateContractMemberus-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:FairValueMeasurementsRecurringMember2023-07-310001713683us-gaap:FairValueInputsLevel2Memberus-gaap:InterestRateContractMemberus-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:FairValueMeasurementsRecurringMember2023-07-310001713683us-gaap:FairValueInputsLevel3Memberus-gaap:InterestRateContractMemberus-gaap:DesignatedAsHedgingInstrumentMemberus-gaap:FairValueMeasurementsRecurringMember2023-07-310001713683us-gaap:ForeignExchangeForwardMemberus-gaap:NondesignatedMemberus-gaap:FairValueMeasurementsRecurringMember2023-07-310001713683us-gaap:FairValueInputsLevel1Memberus-gaap:ForeignExchangeForwardMemberus-gaap:NondesignatedMemberus-gaap:FairValueMeasurementsRecurringMember2023-07-310001713683us-gaap:FairValueInputsLevel2Memberus-gaap:ForeignExchangeForwardMemberus-gaap:NondesignatedMemberus-gaap:FairValueMeasurementsRecurringMember2023-07-310001713683us-gaap:FairValueInputsLevel3Memberus-gaap:ForeignExchangeForwardMemberus-gaap:NondesignatedMemberus-gaap:FairValueMeasurementsRecurringMember2023-07-310001713683srt:MinimumMemberzs:HostingEquipmentMember2024-07-310001713683srt:MaximumMemberzs:HostingEquipmentMember2024-07-310001713683zs:HostingEquipmentMember2024-07-310001713683zs:HostingEquipmentMember2023-07-310001713683us-gaap:SoftwareDevelopmentMember2024-07-310001713683us-gaap:SoftwareDevelopmentMember2023-07-310001713683srt:MinimumMemberzs:ComputerandOfficeEquipmentMember2024-07-310001713683srt:MaximumMemberzs:ComputerandOfficeEquipmentMember2024-07-310001713683zs:ComputerandOfficeEquipmentMember2024-07-310001713683zs:ComputerandOfficeEquipmentMember2023-07-310001713683us-gaap:SoftwareAndSoftwareDevelopmentCostsMember2024-07-310001713683us-gaap:SoftwareAndSoftwareDevelopmentCostsMember2023-07-310001713683us-gaap:FurnitureAndFixturesMember2024-07-310001713683us-gaap:FurnitureAndFixturesMember2023-07-310001713683us-gaap:LeaseholdImprovementsMember2024-07-310001713683us-gaap:LeaseholdImprovementsMember2023-07-310001713683zs:HostingEquipmentMember2023-10-310001713683zs:InternetProtocolAddressesMember2024-07-310001713683zs:InternetProtocolAddressesMember2023-07-310001713683us-gaap:SoftwareDevelopmentMember2023-08-012024-07-310001713683us-gaap:SoftwareDevelopmentMember2022-08-012023-07-310001713683us-gaap:SoftwareDevelopmentMember2021-08-012022-07-310001713683zs:AirgapNetworksInc.Member2024-04-122024-04-120001713683zs:AirgapNetworksInc.Member2024-04-120001713683zs:AirgapNetworksInc.Memberus-gaap:DevelopedTechnologyRightsMember2024-04-120001713683zs:AirgapNetworksInc.Memberus-gaap:CustomerRelationshipsMember2024-04-120001713683zs:AirgapNetworksInc.Memberus-gaap:DevelopedTechnologyRightsMember2024-04-122024-04-120001713683zs:AirgapNetworksInc.Memberus-gaap:CustomerRelationshipsMember2024-04-122024-04-120001713683zs:AvalorTechnologiesLtd.Member2024-03-082024-03-080001713683zs:AvalorTechnologiesLtd.Member2024-03-080001713683zs:AvalorTechnologiesLtd.Memberus-gaap:DevelopedTechnologyRightsMember2024-03-080001713683zs:AvalorTechnologiesLtd.Memberus-gaap:CustomerRelationshipsMember2024-03-080001713683zs:AvalorTechnologiesLtd.Memberus-gaap:DevelopedTechnologyRightsMember2024-03-082024-03-080001713683zs:AvalorTechnologiesLtd.Memberus-gaap:CustomerRelationshipsMember2024-03-082024-03-080001713683zs:SecurelyshareSoftwarePrivateLtdMember2023-08-312023-08-310001713683zs:SecurelyshareSoftwarePrivateLtdMemberus-gaap:DevelopedTechnologyRightsMember2023-08-310001713683zs:SecurelyshareSoftwarePrivateLtdMember2023-08-310001713683zs:SecurelyshareSoftwarePrivateLtdMemberus-gaap:DevelopedTechnologyRightsMember2023-08-312023-08-310001713683zs:CanonicSecurityTechnologiesLtdMember2023-02-202023-02-200001713683zs:CanonicSecurityTechnologiesLtdMember2023-02-200001713683zs:CanonicSecurityTechnologiesLtdMemberus-gaap:DevelopedTechnologyRightsMember2023-02-200001713683zs:CanonicSecurityTechnologiesLtdMemberus-gaap:DevelopedTechnologyRightsMember2023-02-202023-02-200001713683zs:ShiftRightIncMember2022-06-172022-06-170001713683zs:ShiftRightIncMember2022-06-170001713683zs:ShiftRightIncMemberus-gaap:DevelopedTechnologyRightsMember2022-06-170001713683zs:ShiftRightIncMemberus-gaap:DevelopedTechnologyRightsMember2022-06-172022-06-170001713683zs:BusinessAcquisition2022Member2021-11-012021-11-300001713683zs:BusinessAcquisition2022Member2021-11-300001713683zs:BusinessAcquisition2022Memberus-gaap:DevelopedTechnologyRightsMember2021-11-300001713683zs:BusinessAcquisition2022Memberus-gaap:DevelopedTechnologyRightsMember2021-11-012021-11-300001713683zs:AirgapAvalorAndSecurelyshareMemberus-gaap:DevelopedTechnologyRightsMember2024-07-310001713683zs:AirgapAvalorAndSecurelyshareMemberus-gaap:CustomerRelationshipsMember2024-07-310001713683zs:AirgapAvalorAndSecurelyshareMemberus-gaap:DevelopedTechnologyRightsMember2023-08-012024-07-310001713683zs:AirgapAvalorAndSecurelyshareMemberus-gaap:CustomerRelationshipsMember2023-08-012024-07-310001713683us-gaap:DevelopedTechnologyRightsMember2023-07-310001713683us-gaap:DevelopedTechnologyRightsMember2023-08-012024-07-310001713683us-gaap:DevelopedTechnologyRightsMember2024-07-310001713683us-gaap:CustomerRelationshipsMember2023-07-310001713683us-gaap:CustomerRelationshipsMember2023-08-012024-07-310001713683us-gaap:CustomerRelationshipsMember2024-07-310001713683us-gaap:DevelopedTechnologyRightsMember2022-08-012023-07-310001713683us-gaap:CustomerRelationshipsMember2022-08-012023-07-310001713683us-gaap:ForeignExchangeForwardMemberus-gaap:NondesignatedMembersrt:MinimumMember2023-08-012024-07-310001713683us-gaap:ForeignExchangeForwardMemberus-gaap:NondesignatedMembersrt:MaximumMember2023-08-012024-07-310001713683us-gaap:ForeignExchangeForwardMemberus-gaap:DesignatedAsHedgingInstrumentMember2024-07-310001713683us-gaap:ForeignExchangeForwardMemberus-gaap:DesignatedAsHedgingInstrumentMember2023-07-310001713683us-gaap:ForeignExchangeForwardMemberus-gaap:NondesignatedMember2024-07-310001713683us-gaap:ForeignExchangeForwardMemberus-gaap:NondesignatedMember2023-07-310001713683us-gaap:AccumulatedGainLossNetCashFlowHedgeParentMember2023-07-310001713683us-gaap:AccumulatedGainLossNetCashFlowHedgeParentMember2022-07-310001713683us-gaap:AccumulatedGainLossNetCashFlowHedgeParentMember2021-07-310001713683us-gaap:AccumulatedGainLossNetCashFlowHedgeParentMember2024-07-310001713683us-gaap:CostOfSalesMember2023-08-012024-07-310001713683us-gaap:CostOfSalesMember2022-08-012023-07-310001713683us-gaap:CostOfSalesMember2021-08-012022-07-310001713683us-gaap:SellingAndMarketingExpenseMember2023-08-012024-07-310001713683us-gaap:SellingAndMarketingExpenseMember2022-08-012023-07-310001713683us-gaap:SellingAndMarketingExpenseMember2021-08-012022-07-310001713683us-gaap:ResearchAndDevelopmentExpenseMember2023-08-012024-07-310001713683us-gaap:ResearchAndDevelopmentExpenseMember2022-08-012023-07-310001713683us-gaap:ResearchAndDevelopmentExpenseMember2021-08-012022-07-310001713683us-gaap:GeneralAndAdministrativeExpenseMember2023-08-012024-07-310001713683us-gaap:GeneralAndAdministrativeExpenseMember2022-08-012023-07-310001713683us-gaap:GeneralAndAdministrativeExpenseMember2021-08-012022-07-310001713683us-gaap:LongTermDebtMember2024-07-310001713683us-gaap:LongTermDebtMember2023-07-310001713683us-gaap:InterestRateSwapMember2023-07-310001713683us-gaap:InterestRateSwapMember2024-07-310001713683us-gaap:InterestRateContractMember2023-08-012024-07-310001713683us-gaap:InterestRateContractMember2022-08-012023-07-3100017136832023-03-010001713683zs:RestructuringPlan2023Member2022-08-012023-07-310001713683zs:ConvertibleSeniorNotesDue2025Member2020-06-250001713683zs:ConvertibleSeniorNotesOneHundredFiftyMillionMember2020-06-2500017136832020-06-252020-06-2500017136832020-06-2500017136832023-07-052023-07-0500017136832023-07-050001713683us-gaap:LongTermDebtMember2020-06-250001713683us-gaap:BuildingMember2023-08-012024-07-310001713683zs:CoLocationArrangementsMember2023-08-012024-07-310001713683us-gaap:BuildingMember2022-08-012023-07-310001713683zs:CoLocationArrangementsMember2022-08-012023-07-310001713683us-gaap:BuildingMember2021-08-012022-07-310001713683zs:CoLocationArrangementsMember2021-08-012022-07-310001713683us-gaap:BuildingMember2024-07-310001713683zs:CoLocationArrangementsMember2024-07-310001713683us-gaap:BuildingMember2023-07-310001713683zs:CoLocationArrangementsMember2023-07-310001713683us-gaap:BuildingMember2022-07-310001713683zs:CoLocationArrangementsMember2022-07-310001713683us-gaap:LetterOfCreditMember2024-07-310001713683us-gaap:LetterOfCreditMember2023-07-310001713683us-gaap:CommonStockMemberzs:FiscalYear2018EquityIncentivePlanMember2024-07-310001713683us-gaap:EmployeeStockOptionMember2023-08-012024-07-310001713683us-gaap:EmployeeStockOptionMember2022-08-012023-07-310001713683us-gaap:RestrictedStockUnitsRSUMember2023-08-012024-07-310001713683zs:RestrictedStockUnitsAndPerformanceStockAwardsMember2023-07-310001713683zs:RestrictedStockUnitsAndPerformanceStockAwardsMember2023-08-012024-07-310001713683zs:RestrictedStockUnitsAndPerformanceStockAwardsMember2024-07-310001713683zs:RestrictedStockUnitsAndPerformanceStockAwardsMember2022-08-012023-07-310001713683zs:RestrictedStockUnitsAndPerformanceStockAwardsMember2021-08-012022-07-310001713683us-gaap:EmployeeStockMemberzs:EmployeeStockPurchasePlanMember2024-07-310001713683us-gaap:EmployeeStockMemberzs:EmployeeStockPurchasePlanMember2023-08-012024-07-310001713683us-gaap:EmployeeStockMemberzs:EmployeeStockPurchasePlanMember2022-08-012023-07-310001713683us-gaap:EmployeeStockMemberzs:EmployeeStockPurchasePlanMember2021-08-012022-07-310001713683us-gaap:EmployeeStockMemberzs:EmployeeStockPurchasePlanMember2023-07-310001713683us-gaap:EmployeeStockMemberzs:EmployeeStockPurchasePlanMember2022-07-310001713683us-gaap:EmployeeStockMemberzs:EmployeeStockPurchasePlanMember2024-06-012024-06-300001713683zs:EmployeeStockPurchasePlanMemberus-gaap:EmployeeStockMembersrt:MaximumMember2024-06-012024-06-300001713683us-gaap:EmployeeStockMemberzs:EmployeeStockPurchasePlanMember2022-12-012022-12-310001713683zs:EmployeeStockPurchasePlanMemberus-gaap:EmployeeStockMembersrt:MinimumMember2022-12-012022-12-310001713683zs:EmployeeStockPurchasePlanMemberus-gaap:EmployeeStockMembersrt:MaximumMember2022-12-012022-12-310001713683us-gaap:EmployeeStockMembersrt:MinimumMember2023-08-012024-07-310001713683us-gaap:EmployeeStockMembersrt:MaximumMember2023-08-012024-07-310001713683us-gaap:EmployeeStockMembersrt:MinimumMember2022-08-012023-07-310001713683us-gaap:EmployeeStockMembersrt:MaximumMember2022-08-012023-07-310001713683us-gaap:EmployeeStockMembersrt:MinimumMember2021-08-012022-07-310001713683us-gaap:EmployeeStockMembersrt:MaximumMember2021-08-012022-07-310001713683us-gaap:EmployeeStockMember2023-08-012024-07-310001713683us-gaap:EmployeeStockMember2022-08-012023-07-310001713683us-gaap:EmployeeStockMember2021-08-012022-07-310001713683srt:ChiefOperatingOfficerMember2024-02-012024-02-290001713683srt:PresidentMember2022-10-012022-10-310001713683zs:RestructuringAndOtherChargesMember2023-08-012024-07-310001713683zs:RestructuringAndOtherChargesMember2022-08-012023-07-310001713683zs:RestructuringAndOtherChargesMember2021-08-012022-07-310001713683us-gaap:EmployeeStockOptionMember2024-07-310001713683us-gaap:RestrictedStockUnitsRSUMember2024-07-310001713683zs:CommittedPerformanceStockAwardsBasedOnTargetNumberOfSharesMember2024-07-310001713683us-gaap:PerformanceSharesMember2024-07-310001713683us-gaap:EmployeeStockMember2024-07-310001713683us-gaap:StockCompensationPlanMember2024-07-310001713683us-gaap:ConvertibleDebtSecuritiesMember2024-07-310001713683zs:BusinessCombinationDeferredTaxesMember2023-08-012024-07-310001713683zs:BusinessCombinationDeferredTaxesMember2021-08-012022-07-310001713683zs:BusinessCombinationDeferredTaxesMember2022-08-012023-07-310001713683us-gaap:DomesticCountryMember2024-07-310001713683us-gaap:StateAndLocalJurisdictionMember2024-07-310001713683us-gaap:ForeignCountryMember2024-07-310001713683us-gaap:ResearchMemberus-gaap:DomesticCountryMember2024-07-310001713683us-gaap:ResearchMemberus-gaap:StateAndLocalJurisdictionMember2024-07-310001713683us-gaap:ResearchMemberus-gaap:ForeignCountryMember2024-07-310001713683us-gaap:RestrictedStockUnitsRSUMember2023-08-012024-07-310001713683us-gaap:RestrictedStockUnitsRSUMember2022-08-012023-07-310001713683us-gaap:RestrictedStockUnitsRSUMember2021-08-012022-07-310001713683us-gaap:EmployeeStockOptionMember2023-08-012024-07-310001713683us-gaap:EmployeeStockOptionMember2022-08-012023-07-310001713683us-gaap:EmployeeStockOptionMember2021-08-012022-07-310001713683us-gaap:PerformanceSharesMember2023-08-012024-07-310001713683us-gaap:PerformanceSharesMember2022-08-012023-07-310001713683us-gaap:PerformanceSharesMember2021-08-012022-07-310001713683us-gaap:StockCompensationPlanMember2023-08-012024-07-310001713683us-gaap:StockCompensationPlanMember2022-08-012023-07-310001713683us-gaap:StockCompensationPlanMember2021-08-012022-07-310001713683us-gaap:ConvertibleDebtSecuritiesMember2023-08-012024-07-310001713683us-gaap:ConvertibleDebtSecuritiesMember2022-08-012023-07-310001713683us-gaap:ConvertibleDebtSecuritiesMember2021-08-012022-07-310001713683us-gaap:PerformanceSharesMember2024-07-310001713683country:US2024-07-310001713683country:US2023-07-310001713683us-gaap:NonUsMember2024-07-310001713683us-gaap:NonUsMember2023-07-310001713683zs:RobertSchlossmanMember2023-08-012024-07-310001713683zs:RobertSchlossmanMember2024-05-012024-07-310001713683zs:RobertSchlossmanMember2024-07-3100017136832024-05-012024-07-31

UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
WASHINGTON, D.C. 20549
_____________________________________
FORM 10-K
_____________________________________
(Mark One)
ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
For the fiscal year ended July 31, 2024
OR
TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
For the transition period from _ to _
Commission File Number: 001-38413
_____________________________________
ZSCALER, INC.
(Exact Name of Registrant as Specified in Its Charter)
_____________________________________
Delaware
(State or other jurisdiction of
incorporation or organization)
26-1173892
(I.R.S. Employer
Identification Number)
120 Holger Way
San Jose, California 95134
(Address of principal executive offices)
Registrant’s telephone number, including area code: (408) 533-0288
Securities registered pursuant to Section 12(b) of the Act:
Title of each classTrading Symbol(s)Name of each exchange on which registered
Common Stock, $0.001 Par ValueZSThe Nasdaq Stock Market LLC
Securities registered pursuant to Section 12(g) of the Act:
None
___________________________________________________
Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act of 1933, as amended.    Yes  ☒  No  ☐
Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act. Yes ☐ No
Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes ☒ No ☐
Indicate by check mark whether the registrant has submitted electronically, every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files) Yes ☒ No  ☐
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See the definitions of "large accelerated filer," "accelerated filer," "smaller reporting company" and "emerging growth company" in Rule 12b-2 of the Exchange Act.
Large accelerated filerAccelerated filer
Non-accelerated filerSmaller reporting company
Emerging growth company
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐
Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report.
If securities are registered pursuant to Section 12(b) of the Act, indicate by check mark whether the financial statements of the registrant included in the filing reflect the correction of an error to previously issued financial statements.
Indicate by check mark whether any of those error corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the registrant's executive officers during the relevant recovery period pursuant to §240.10D-1(b). ☐
Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act). Yes   No  ☒
The aggregate market value of the common stock held by non-affiliates of the registrant, based on the closing price of a share of the registrant's common stock on January 31, 2024 (the last business day of the registrant’s most recently completed second fiscal quarter) as reported by the Nasdaq Global Select Market on such date was approximately $19.8 billion.
As of August 30, 2024, the number of shares of registrant’s common stock outstanding was 152,490,005.
DOCUMENTS INCORPORATED BY REFERENCE
Portions of the registrant’s definitive Proxy Statement relating to its fiscal year 2024 Annual Meeting of Stockholders are incorporated by reference into Part III of this Form 10-K where indicated. Such Proxy Statement will be filed with the United States Securities and Exchange Commission within 120 days after the end of the fiscal year to which this Annual Report on Form 10-K relates.



ZSCALER, INC.
TABLE OF CONTENTS
Page
PART I
Item 1.
Item 1A.
Item 1B.
Item 1C.
Item 2.
Item 3.
Item 4.
PART II
Item 5.
Item 6.
Item 7.
Item 7A.
Item 8.
Item 9.
Item 9A.
Item 9B.
Item 9C.
PART III
Item 10.
Item 11.
Item 12.
Item 13.
Item 14.
PART IV
Item 15.
Item 16.



Table of Contents
SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS
This Annual Report on Form 10-K contains forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995, including but not limited to, statements regarding our financial outlook and market positioning. These forward-looking statements are made as of the date they were first issued and were based on current expectations, estimates, forecasts and projections as well as the beliefs and assumptions of management. The words "believe," "may," "will," "potentially," "estimate," "continue," "anticipate," "intend," "could," "would," "project," "plan," "expect" and similar expressions that convey uncertainty of future events or outcomes are intended to identify forward-looking statements.
These forward-looking statements include, but are not limited to, statements concerning the following:
beliefs about the impact of macroeconomic influences and instability, including the ongoing effects of inflation, and geopolitical events on our business;
our future financial performance, including our expectations regarding our revenue, cost of revenue, gross profit or gross margin, operating expenses (including changes in sales and marketing, research and development and general and administrative expenses) and our ability to achieve, and maintain, future profitability;
market acceptance of our cloud platform;
the effects of increased competition in our markets and our ability to compete effectively;
our ability to maintain the security and availability of our cloud platform;
our ability to maintain and expand our customer base, including by attracting new customers;
our ability to develop new solutions or enhancements to our existing solutions, including artificial intelligence and machine learning capabilities, and bring them to market in a timely manner;
market acceptance of any new solutions or enhancements to our existing solutions;
anticipated trends, growth rates and challenges in our business and in the markets in which we operate;
our business plan and our ability to effectively manage our growth and associated investments;
beliefs about and objectives for future operations;
beliefs about and objectives for future acquisitions, strategic investments, partnerships and alliances and our ability to successfully integrate completed acquisitions;
our relationships with third parties, including channel partners;
our ability to maintain, protect and enhance our intellectual property rights;
our ability to successfully defend litigation brought against us;
our ability to successfully expand in our existing markets and into new markets;
sufficiency of cash to meet cash needs for at least the next 12 months and service our outstanding debt;
our need and ability to raise additional capital in future debt or equity financings;
our expectations regarding settlement of the Notes (as defined in Note 10, Convertible Senior Notes to the consolidated financial statements included elsewhere in this Annual Report on Form 10-K);
1

Table of Contents
our ability to comply with laws and regulations that currently apply or become applicable to our business both in the United States and internationally;
beliefs about the impacts of legal and geopolitical developments upon our business;
the attraction and retention of qualified employees and key personnel; and
the future trading prices of our common stock.
These forward-looking statements are subject to a number of risks, uncertainties and assumptions, including those described in "Risk Factors" elsewhere in this Annual Report on Form 10-K. Moreover, we operate in a very competitive and rapidly changing environment, and new risks emerge from time to time. It is not possible for our management to predict all risks, nor can we assess the impact of all factors on our business or the extent to which any factor, or combination of factors, may cause actual results to differ materially from those contained in any forward-looking statements we may make. In light of these risks, uncertainties and assumptions, the forward-looking events and circumstances discussed in this Annual Report on Form 10-K may not occur and actual results could differ materially and adversely from those anticipated or implied in the forward-looking statements and you should not place undue reliance on our forward-looking statements.
The forward-looking statements made in this Annual Report on Form 10-K relate only to events as of the date on which the statements are made. We undertake no obligation to update any forward-looking statements made in this Annual Report on Form 10-K to reflect events or circumstances after the date of this Annual Report on Form 10-K or to reflect new information or the occurrence of unanticipated events, except as required by law.
2

Table of Contents

PART I
Item 1. Business
Overview
We anticipate, secure and simplify the experience of doing business, transforming today and tomorrow. We were incorporated in 2007, during the early stages of cloud adoption and mobility, based on a vision that the internet would become the new corporate network, as the cloud became the new data center. We predicted that with rapid cloud adoption and increasing workforce mobility, traditional perimeter security approaches would prove to be inadequate in protecting users and data and result in poor user experience. We pioneered a cloud platform, the Zscaler Zero Trust ExchangeTM platform, which represents a fundamental shift in the architectural design and approach to networking and security.
Enterprise applications are rapidly moving to the cloud to achieve greater IT agility, a faster pace of innovation and lower costs. Organizations are increasingly relying on internet destinations for a range of business activities, adopting new external software as a service, or SaaS, applications for critical business functions and moving their internally managed applications to the public cloud, infrastructure as a service, or IaaS, or platform as a service, or PaaS. Users now expect to be able to seamlessly access applications and data, wherever they are hosted, from any device, anywhere in the world. We believe these trends are indicative of the broader digital transformation agenda, as businesses increasingly succeed or fail based on their IT outcomes.
We believe that securing the corporate network is becoming increasingly irrelevant in a cloud and mobile-first world where organizations depend on the internet, a network they do not control and cannot secure, to access critical applications that power their businesses. We pioneered a unique approach that securely connects users, devices and applications using business policies, regardless of the network. Our Zero Trust Exchange platform eliminates the need for traditional on-premises security appliances that are difficult to maintain and require compromises between security, cost and user experience. Our purpose-built, multi-tenant, distributed cloud platform incorporates the security functionality needed to enable users, applications and devices to safely and efficiently utilize authorized applications and services based on an organization’s business policies.
Our cloud-native platform, the Zscaler Zero Trust Exchange, enables customers to secure and connect users, workloads and IoT/OT devices across three core products:
Zscaler for Users — leverages our comprehensive cloud platform to provide users secure, fast and reliable access to the internet, including SaaS applications, via Zscaler Internet AccessTM, or ZIATM, and provides Zero Trust Network Access to internally hosted or managed applications via Zscaler Private AccessTM, or ZPATM, in each case, regardless of device, location or network and also regardless of whether the users are internal or external. Our unique ZPA technology not only provides secure access to applications, but also secures the applications themselves. We do this all while optimizing end-to-end user experience with Zscaler Digital ExperienceTM, or ZDXTM, which allows an organization to identify and isolate issues negatively impacting its users. In addition to enabling secure access to the internet and internal applications, our Zscaler Data Protection™ solution secures customers’ proprietary data that is traversing the public internet (data-in-motion) and data that is stored in the public cloud applications (data-at-rest).
Zscaler for Workloads – leverages Zscaler’s Zero Trust Exchange to secure workloads, whether in a public cloud or in private data centers, using our cloud-native zero trust access service to provide fast and secure app-to-internet (via ZIA) and app-to-app (via ZPA) connectivity across multi- and hybrid cloud environments. Our Posture Control
3

Table of Contents
solutions automatically identify and remediate cloud service, application and identity misconfigurations for assets deployed in public cloud infrastructure. The core elements of Zscaler for Workloads address the key security and operations challenges that must be overcome to secure deployment of public cloud platforms such as Microsoft Azure, or Azure, Amazon Web Services, or AWS, and Google Cloud Platform, or GCP.
Zscaler for IoT/OT – leverages the complete suite of Zscaler solutions to reduce the risk of cyberattacks and data loss as well as to improve user and facility safety by providing zero trust security for connected IoT and OT devices in branch offices. We provide secure internet communications for IoT and OT devices, privileged access to IoT and OT devices (e.g. for maintenance), secure access to production applications (e.g. on a factory floor) and deception technology to provide active defense.
Before our Zero Trust Exchange, the corporate data center served as the central hub of IT security, with a physical network perimeter used to separate corporate users, devices and applications from the internet. This traditional network perimeter approach relies on appliances that have become fundamentally less effective as applications, data, users and devices rapidly move off the corporate network, making the notion of a corporate perimeter obsolete. In a world where companies are shifting their most critical IT assets to the cloud, a zero trust architecture is required. Our architecture is vastly different from the legacy “hub-and-spoke” corporate network, where traffic from branch offices is routed to centralized data centers for security scanning and policy enforcement before reaching its destination. In contrast, our Zero Trust Exchange acts as an intelligent switchboard that uses business policies to securely connect users, devices and applications over any network and protect against cyberthreats and data loss. We provide our solutions at scale, processing over 500 billion internet transactions per day. Our Zero Trust Exchange eliminates the requirement for organizations to buy and manage a variety of high-cost appliances that need to be maintained by a large number of highly skilled security personnel, who are expensive and in increasingly short supply. We are integrating our proprietary large language models, or LLMs, with our Zero Trust Exchange to leverage our data lake built on our more than 500 billion daily transactions. Analyzing this volume of high-quality data can continuously improve our LLMs, artificial intelligence, or AI, and machine learning, or ML, models to deliver ever-more powerful security outcomes for our customers.
Our cloud native, multitenant architecture is distributed across more than 160 data centers globally which brings security and business policy close to users and devices in over 185 countries and provides fast, secure and reliable access. Each day, we block over 150 million threats and perform over 250,000 unique security updates. Our customers benefit from the cloud security effect of our ever-expanding ecosystem, enhanced by our advanced AI and ML capabilities, because once a new threat is detected, it can be blocked across our customer base within minutes.
Many of the largest enterprises and government agencies in the world rely on our solutions to help them accelerate their move to the cloud. We have over 8,650 customers across all major geographies, with an emphasis on larger organizations, and we currently count approximately 35% of the Forbes Global 2000 as customers. Our customers span every major industry, including financial services, healthcare, insurance, manufacturing, automotive, airlines and transportation, conglomerates, consumer goods and retail, media and communications, public sector and education, energy, technology and telecommunications services.
We have experienced significant growth, with revenue increasing from $1,090.9 million in fiscal 2022 to $1,617.0 million in fiscal 2023 to $2,167.8 million in fiscal 2024, representing year-over-year revenue growth of 48% and 34%, respectively. We experienced net losses of $57.7 million, $202.3 million and $390.3 million in fiscal 2024, fiscal 2023 and fiscal 2022, respectively. We expect we will continue to incur net losses for the foreseeable future.


4

Table of Contents
Our Zero Trust Exchange Platform
Our Zero Trust Exchange cloud security platform delivers our core products; Zscaler for Users, Zscaler for Workloads and Zscaler for IoT/OT, through the deployment of our comprehensive and integrated solutions, each built natively in the cloud to power digital transformation.
Secure Internet and SaaS Access - Zscaler Internet Access
ZIA, provides users, workloads, IoT and OT devices secure access to externally managed applications, including SaaS applications and internet destinations regardless of device, location or network. ZIA provides inline content inspection and firewall access controls across all ports and protocols to protect organizations and users from external threats, secure data while at rest and prevent data from leaking out to unauthorized sites. Policies follow the user to provide identical protection on any device, regardless of location; any policy changes are enforced for users worldwide. Our cloud security platform provides full inline content inspection to assess and correlate the risk of the content to protect against sophisticated attacks, including ransomware and phishing. The cloud platform applies AI and ML across our over 500 billion daily transactions to quickly identify and block unknown threats and to identify and categorize unknown destinations.
ZIA enables the following capabilities:
Cyberthreat Protection – Our threat prevention functionality enables protection against threats using a range of approaches and techniques. Our threat prevention capabilities provide multiple layers of protection to prevent sophisticated ransomware, phishing and zero-day cyberattacks. We provide functionality that traditionally has been offered by disparate, stand-alone products. Our core cloud platform threat prevention services include:
Advanced Threat Protection: Our advanced threat protection functionality uses techniques including AI/ML, signatures and reputation to deliver real-time protection from malicious internet content like browser exploits, scripts, zero-pixel iFrames, malware and botnet callbacks. Over 250,000 unique security updates are performed every day to the Zscaler cloud to keep users protected. Once we detect a new threat to a user, we block it for all users. We call this the “cloud security effect.”
Sandbox: Our cloud sandbox enables enterprises to block zero-day exploits and advanced persistent threats by analyzing unknown files for malicious behavior, and it can scale to every user regardless of location. Our cloud sandbox was designed and built to be multi-tenant and allows customers, using AI among other analytics, to determine which traffic should be sent for detonation. As an integrated cloud security platform, customers can set policies by users and destinations to prevent patient-zero scenarios and to analyze, hold and detonate suspicious files in the cloud sandbox before they are sent to a user.
Browser Isolation: Our cloud browser isolation functionality creates an isolated browsing session that enables users to access any webpage on the internet without downloading any of the web content served by the webpage onto a local device or the corporate network. With cloud browser isolation, users are not directly accessing active web content; instead, only a safe rendering of pixels is delivered to the user. Malicious code that may be hidden in the web content is kept at bay. Customers can select and isolate traffic based on specific policies and/or automatically based on our AI enabled risk determination. The combination of cloud browser isolation and cloud sandbox enables administrators to perform content disarm and reconstruction to flatten, sanitize and securely deliver files free of active content.
Data Protection – Our data protection functionality enables enterprises to prevent unauthorized sharing or exfiltration of confidential information across users, devices, servers and workloads, thereby reducing business and compliance risks for our customers. We provide inline monitoring of data flows between users and applications, workload to workload, API to
5

Table of Contents
API and applications to LLMs, reducing the risk of inadvertently transmitting sensitive data and intellectual property. Core cloud platform data protection services include:

File Type Controls: Our AI-enabled data classification solution enables enterprise chief information officers to gain visibility of file types across all their IT environments. Our file type control functionality allows our customers to define policies to control which file types are allowed to be downloaded and uploaded based on application, user, location and destination.
Advanced Data Classification: Our data classification engines leverage a variety of technologies and techniques to identify customer sensitive data. Predefined, custom dictionaries and automated AI discovery tools identify sensitive customer data by leveraging efficient pattern-matching algorithms, regular expressions, AI-based training models and keywords. Additional advanced classification techniques including exact data match, index document match and ML-based Optical Character Recognition functionalities, further identity sensitive data and enable our customers to populate their own custom databases scaling to billions of unique fields, including structured and unstructured documents.
Data Loss Prevention: Our data loss prevention, or DLP, technology enables enterprises to alert and/or block transmission or sharing of sensitive data across exfiltration channels. This includes inline data in motion to external internet destinations and unmanaged endpoints, data at rest in SaaS environments through out-of-band API integrations, securing public cloud infrastructure data in Azure, AWS and GCP and protecting endpoints by preventing printing or copying to local storage, including USB devices. Additionally, our Email DLP solutions secure corporate email traffic, including Microsoft Exchange and Gmail.
Unified SaaS Security: Our cloud access security broker, or CASB, SaaS security posture management and our SaaS supply chain security combine to discover and control known and unknown applications, identify SaaS misconfigurations, find and mitigate potentially risky third-party connections into those SaaS applications and scan data residing in those applications for threats and data protection violations. By doing transport layer security inspection at scale, we provide malware protection, data loss prevention and CASB functions that can be performed both inline and out-of-band, for specific sanctioned and unsanctioned applications. Business policies can be defined with granular access control for specified cloud applications, such as the ability to upload or download files or post comments on videos based on different user or group identity.
Browser Isolation: With cloud browser isolation, users do not directly access active web content; instead, only a safe rendering of pixels is delivered to the user. This approach prevents sensitive data from being downloaded to unauthorized devices in bring-your-own-device environments, as well as offers an alternative to virtual desktop infrastructure, or VDI, for employees, contractors and B2B partners, by effectively keeping sensitive data entirely within a managed environment.
Secure Local Internet Breakouts – Our local internet breakout capability means traffic destined for the cloud no longer needs to be routed over a private multiprotocol label switching, or MPLS, network to the data center. Traffic is now routed locally over the internet and directly to the cloud, providing for a faster experience and a significant reduction in MPLS network costs. Our core cloud platform services for local internet breakouts include:
Firewall: Our cloud firewall was designed to protect users by inspecting internet traffic on all ports and protocols, and it offers user level policies, application identification with deep packet inspection and intrusion prevention.
Bandwidth Control: Our bandwidth control and traffic shaping capabilities ensure that business critical applications are prioritized over non-business critical applications, improving productivity and user experience. By enforcing quality of service in the cloud, our platform enables the optimization of “last-mile” utilization of a customer’s network.
6

Table of Contents
DNS: Our domain name system, or DNS, filtering solution provides a local DNS resolver and enforces acceptable use policies.
Secure Private Application Access - Zscaler Private Access
ZPA provides Zero Trust Network Access to secure access to internally managed applications, either hosted internally in data centers or hosted in private or public clouds. ZPA is designed around four key tenets that fundamentally change the way users access internal applications:
connect users to applications without bringing users on the network;
never expose applications to the internet;
segment access to applications without relying on the traditional approach of network segmentation; and
provide remote access over the internet without virtual private networks, or VPNs.
ZPA enforces a global policy engine that manages access to internally managed applications regardless of location. If access is granted to a user, our ZPA solution connects the user’s device only to the authorized application without exposing the identity or location of the application. As a result, applications are not exposed to the internet, further limiting the external attack surface. This results in reduced cost and complexity, while offering better security and an improved user experience.
Our ZPA solution includes broad functionality, which we categorize by the following areas:
Cyberthreat Protection and Data Protection: Our ZPA solution delivers the same cyberthreat protection and data protection functionality that is applied to internet traffic via our ZIA solution.
Secure Application Access: Since our ZPA solution delivers seamless connectivity to internally managed applications and assets whether they are in the cloud, enterprise data center or both, administrators can set global policies from a single console, enabling policy-driven access that is agnostic to the network the users are on. By creating seamless access to applications regardless of a user’s network, our ZPA solution eliminates the need for traditional remote access VPNs, reverse proxies and other similar products.
Application Discovery: Similar to CASB application discovery reports for internet hosted SaaS applications, our ZPA solution provides granular discovery of internally managed applications to aid in the creation and oversight of segmentation policies. Because our ZPA solution sits on the application layer and is name-based or domain-based, organizations can quickly and seamlessly identify their internally-managed applications and then easily provision appropriate policies.
Application Segmentation: Our architecture provides capabilities that enable user and application level segmentation, a vast improvement over traditional network segmentation. As each user-to-application connection is segmented with microtunnels, each of which is a temporary session between a specific user and a specific application, lateral movement across the network is prevented, significantly reducing security risk. Since users are granted access only to applications for which they have permission and are not granted full access to the network, microtunnels eliminate the need for an internal firewall.
Application Protection: Our ZPA solution initiates outbound-only connections between authenticated users and internally managed applications using microtunnels. Access is provided to users without bringing them onto the corporate network and without exposing applications to the internet. Internally managed applications are not discoverable or identifiable. With no inbound connections and no public IP addresses, there is no inbound attack surface and therefore no threat of distributed denial-of-service, or DDoS, attacks. For allowed connections, our ZPA
7

Table of Contents
solution also provides Web Application Firewall functionality, including OWASP Top 10 protections for threats, such as Structured Query Language injection and cross-site scripting, to block common attack vectors.
Reduce Attack Surface: Our architecture utilizes inside out connections that are outbound from users to the Zero Trust Exchange platform, which allows customers to deny all inbound connections. This reduces their attack surface by not exposing IP addresses of all devices, applications, appliances or workloads to the internet. Reduced attack surface results in lower exposure to zero-day application vulnerabilities and eliminates the need for DDoS mitigation.
Browser Isolation: Our cloud browser isolation is used with our ZPA solution to provide isolated sessions to internal web applications without allowing data to transfer down to unmanaged devices or active content to be uploaded into sensitive internal applications. Combining cloud browser isolation with browser-based access provides a simplified, more cost-effective alternative to VDI for employees, contractors and B2B partners, by effectively keeping sensitive data off unmanaged devices.
The primary use cases for our ZPA solution include:
remote workforce access to private applications without legacy VPN, providing zero trust from office to data center;
deliver user-to-application segmentation, thus eliminating the risk of lateral threat propagation enabled by legacy Firewall and VPN based security architecture;
providing non-employees with secure access to internal applications;
securely connecting business-to-business, or B2B, customers, service providers and supplier access to applications typically deployed as business to business portals in an extranet;
direct-to-cloud access to internally managed applications hosted in public cloud environments, such as Azure, AWS and GCP; and
access to applications following a merger or acquisition by providing named users with access to named applications, without the need to merge networks.
Experience Management - Zscaler Digital Experience
ZDX is designed to measure end-to-end user experience across key business applications, providing an easy to understand digital experience score for each user, application and location within an enterprise. As users have become mobile and applications have moved to the cloud, traditional network performance monitoring tools have become increasingly irrelevant. Enterprises can no longer collect performance metrics or indicators along the traditional network path as they could when they owned the network and applications ran in their own data centers. When a user's experience is suffering or an event is negatively impacting user experience, ZDX utilizes AI-enabled root cause analysis to allow an organization to isolate where in the network path an issue is occurring and whether it is caused by a user’s device, the WiFi connection, the local internet connection, a service provider in the path or the destination application itself. With ZDX, enterprises can quickly determine if an issue is associated with a single user, application or location or indicates a broader issue potentially impacting other users, applications or locations all via a simple visual workflow without a need for additional hardware or software.
Zscaler Posture ControlTM – Cloud Applications and Workload Data Security

Zscaler data security posture management, or DPSM, extends our cloud security capabilities to protect data in public cloud environments. DSPM provides granular visibility into cloud data, classifies and identifies data and access and offers
8

Table of Contents
context around data exposure and security posture. This empowers organizations and security teams to prevent and remediate cloud data breaches at scale. The functionality leverages a unified DLP engine to ensure consistent data protection across all channels. Data classification is integrated with cloud security posture management, or CSPM, to understand data exposure and address cloud misconfigurations. The vulnerability management module enhances cloud risk assessment by identifying vulnerabilities in cloud workloads. Additionally, cloud infrastructure entitlement management, or CIEM, provides deep granularity into identity and privilege access management, ensuring that the right users and entities have access to the appropriate data. Zscaler DSPM ensures highly correlated alerts by combining these multiple modules to generate high-fidelity and actionable insights.

Zero Trust Networking
We believe that zero trust technology should not just be between remote users and the applications they use, but should be applied to all connectivity into and within an enterprise's environment. This connectivity includes workload-to-workload communication and IoT/OT-to-application, as most IoT and OT devices cannot load agents.

Our Zero Trust Networking solution includes broad functionality, which we categorize by the following ideas:

Workload Segmentation. Our Workload Segmentation solution secures application-to-application communications inside public clouds and data centers to stop lateral threat movement, preventing application compromise and reducing the risk of data breaches. Our Workload Segmentation solution utilizes an innovative, AI-enabled approach that is simpler to deploy and operate than traditional segmentation solutions and improves the security of east-west communication by verifying the identity of the communicating application software, services and processes to achieve a zero trust environment. This reduces the attack surface, resulting in lower risk of application compromise and data breaches.
Zero Trust SD-WAN. Our Zero Trust SD-WAN solution provides branches and data centers with fast, reliable access to the internet and private applications with our Direct-to-CloudTM architecture that provides strong security and operational simplicity, with the ability to deploy locally by virtual machine or by purchasing a plug-and-play appliance. Our Zero Trust SD-WAN solution eliminates lateral threat movement by connecting users and IoT/OT devices to applications through the Zscaler Zero Trust Exchange platform. Branch traffic can be securely forwarded directly to the Zero Trust Exchange, where ZIA or ZPA policies can be applied for full security inspection and access identity-based control of branch and data center communications.
Zero Trust Device Segmentation. Our Zero Trust Device Segmentation solution provides agentless segmentation for enterprise IT and OT environments, creating a "network of one" where even devices on the same network can only communicate with each other if authorized. The combination of Zero Trust SD-WAN with Zero Trust Device Segmentation extends the Zero Trust Exchange to protect east-west traffic in branch offices, campuses, factories and plants with critical OT infrastructure, eliminating the need for east-west firewalls, network access controls and traditional microsegmentation solutions, while simultaneously delivering operational simplicity.
Risk Management
Due to increased prioritization of cybersecurity and cyber risk at the executive and board of directors level, it is increasingly a top priority for organizations to drive a cyber risk quantification and holistic risk management strategy. By monitoring risk more systematically in their environment, organizations can drive broader cybersecurity strategies and remediation projects, including key cybersecurity architectural capabilities such as data protection, as well as risk-based asset and vulnerability management.
9

Table of Contents
Our Risk Management solutions include broad and differentiated functionality, which we categorize by the following areas:
Risk 360. Zscaler Risk360 is a risk quantification and visualization framework for identifying cybersecurity risk across the stages of a potential cyber attack. It ingests data from external sources, Zscaler product sources and proprietary security research from our ThreatLabz team to generate a detailed profile of an enterprise’s risk posture. Zscaler Risk360 leverages over 100 factors within an enterprise’s cybersecurity environment to help customers estimate potential financial losses (derived from industry data), highlight top cyber risk drivers, recommend investigative workflows, show trends and peer comparisons and provide actionable information to be shared across the enterprise, including at the executive and board level.

Deception. Our deception solution augments our customers' ability to detect the presence of an adversary in their network by deploying decoys and lures. These decoys can be leveraged to disrupt the adversary by detecting their presence in the network and initiating mitigation using automatic orchestration via the Zscaler platform and other third party solutions. Customers can quickly deploy these capabilities by leveraging a diverse library of built-in decoys including various types of applications, network components and IoT services. The high-fidelity low-volume alerts allow customers to implement meaningful automation workflows to prevent lateral spread.

Unified Vulnerability Management. Our unified vulnerability management solution provides dynamic and customizable prioritization, streamlined reporting, zero-copy analytics and contextualized, risk-based assessment of a customer’s threat landscape. This solution is powered by our data fabric for security, added through our 2024 acquisition of Avalor Technologies, which utilizes more than 150 data connectors, built for all major security platforms, to ingest, normalize and unify data across enterprise security and business systems to deliver actionable insights, analytics and operational efficiencies. This enables our customers to significantly enhance and fully automate analytics and decision-making in real-time without the complexity of data aggregation and collection.

Identity Protection. Attackers commonly target users and identities as the point of entry and use that access to escalate privileges and move laterally. Our Identity Protection capability provides continuous visibility into identity misconfigurations and at risk permissions by scanning common identity providers. Identity Protection augments this visibility with guidance in the form of scripts, commands and tutorials to remediate these issues and reduce customers’ internal attack surface. In addition to preventive capabilities, Identity Protection also provides high-fidelity detection for identity-based attacks like stolen credentials, multi-factor authentication bypasses and privilege escalation techniques that typically pass through existing defenses in cases of identity compromise.

Our Technology and Architecture
We are driven by technology and innovation. We developed a highly scalable, multi-tenant, globally distributed cloud capable of providing inline inspection of internet and SasS traffic, securing access to private applications, protecting cloud applications, managing digital experience and scanning for exposures and misconfigurations. We designed a purpose-built three-tier architecture starting with our core operating system and adding layers of security and networking innovations over time. Our cloud platform is protected by more than 580 issued and pending patents in the United States and other countries. Our cloud is distributed across more than 160 data centers on five continents and processes over 500 billion requests per day from users across over 185 countries.
Our platform is designed to be resilient, redundant and high-performing. It is built as software modules that run on standard x86 platforms without dependency on custom hardware. The platform modules are split into the control plane (Zscaler Central Authority), the enforcement plane (Zscaler Enforcement Nodes) and the logging and statistics plane (Zscaler Log Servers) as described below:
10

Table of Contents
Zscaler Central Authority: The Zscaler Central Authority monitors our entire security cloud and provides a central location for software and database updates, policy and configuration settings and threat intelligence. The collection of Zscaler Central Authority instances together act like the brain of the cloud, and they are geographically distributed for redundancy and performance.
Zscaler Enforcement Nodes: Customer traffic is directed to the nearest Zscaler Enforcement Node, where security, management and compliance policies served by the Zscaler Central Authority are enforced. The Zscaler Enforcement Node also incorporates our differentiated authentication and policy distribution mechanism that enables any user to connect to any Zscaler Enforcement Node at any time to ensure full policy enforcement. The Zscaler Enforcement Node utilizes a full proxy architecture and is built to ensure data is not written to disk to maintain the highest level of data security. Data is scanned in RAM only and then erased. Logs are continuously created in memory and forwarded to our logging module.
Zscaler Log Servers: Our technology is built into the Zscaler Enforcement Node to perform lossless compression of logs, enabling our platform to collect over 130 terabytes of unique raw log data every day. We do not collect customer data other than logs, and those logs are encrypted and transmitted to our log server at a destination of choice selected by the customer without ever writing to disk at the enforcement nodes. Logs are transmitted to our logging servers over secure connections and multicast to multiple servers for redundancy. Our dashboards provide our customers visibility into their traffic to enable troubleshooting, policy changes and other administrative actions. Our analytics capabilities allow customers to interactively mine billions of transaction logs to generate reports that provide insight on network utilization and traffic. We do not rely on batch reporting; we continuously update our dashboards and reporting and can stream logs to a third-party security information and event management, or SIEM, service as they arrive. Regardless of where users are located, customers can choose to have logs stored in the United States or the European Union/Switzerland. Customer data is isolated as part of our multi-tenant architecture.
Our platform is a critical integration point positioned in the data path providing secure access to the internet, cloud and internal applications. We complement and interoperate with key technology and cloud vendors across major market segments, including identity and access management device and endpoint management, as well as SIEM for reporting and analytics. Many of these vendors, like us, were developed in the cloud and together provide a foundation for a modern access and security architecture.
Growth Strategies
The growing use of the internet and the increasing adoption of the cloud and mobility are driving network and application transformation. As a provider of a fully integrated, multi-tenant cloud security solution, we enable our customers to accelerate this secure transformation to the cloud and believe we are uniquely positioned to maximize value as they undertake these transitions. Key elements of our growth strategy include:
Continue to win new customers. We believe that we have a significant opportunity to expand our customer base, both in the United States and internationally. We have invested significantly in our sales and marketing organization to execute against this opportunity.
Expand in existing customers. We leverage a land-and-expand approach with our existing customers to sell subscriptions for additional users, additional solutions and premium solution bundles that contain more functionality.
Leverage channel partners to participate in cloud transformation initiatives. We have invested in establishing long-standing relationships with global telecommunications service providers and are expanding our network of global system integrators and regional telecommunications service providers and cloud-centric value-added resellers and public cloud marketplaces.
11

Table of Contents
Expansion and innovation of services. We continue to invest in research and development and acquire new technologies and products to add new and differentiated solutions to our existing product portfolio and to improve the overall functionality, reliability, availability and scalability of our cloud security platform.
Expansion into additional market segments. We are targeting the expansion of our immediate addressable market into additional market verticals. For example, we are expanding into U.S. federal government agencies as well as into government agencies outside the U.S. We are also targeting our expansion into new geographies in the Asia Pacific and Latin America regions.
We sell to enterprises of all sizes. As of July 31, 2024, we had over 8,650 customers, including approximately 35% of the Forbes Global 2000. Many of our customers include major global enterprises that send virtually all of their internet traffic through our cloud security platform. Our customers operate in a variety of industries, including automotive, airlines and transportation, conglomerates, consumer goods and retail, energy, financial services, healthcare, insurance, manufacturing, media and communications, public sector and education, technology and telecommunications services. Approximately 50% of our revenue was from customers outside the United States for all periods presented. No end customer contributed more than 10% of our revenue in fiscal 2024, fiscal 2023 and fiscal 2022.
Sales and Marketing
Although we have a channel sales model, we use a joint sales approach in which our sales force develops relationships directly with our customers, and together with our channel account teams, works with our channel partners on account penetration, account coordination, sales and overall market development. Our customer care and success teams maintain high-touch relationships with our customers to deploy and manage our cloud platform, identify, analyze and resolve performance issues and respond to security threats. We believe customer service touchpoints are opportunities to further develop our relationship with our customers and potentially generate incremental revenue through the addition of new users and services.
Our channel partners consist of global telecommunications service providers, system integrators, value-added reseller partners and public cloud marketplaces, and we leverage their relationships to expand our reach, improve procurement and accelerate customer fulfillment.
We enter into agreements with our channel partners in the ordinary course of business. The contracts typically have a one-year term and renew automatically, subject to cancellation by either party upon 90 days’ notice. These agreements contain standard commercial terms and conditions, including payment terms, billing frequency, warranties and indemnification. Our channel partners generally place purchase orders with us after receiving orders from customers. We generally maintain privity of contract with customers through end user subscription agreements.
We expect to continue investing in our channel partners as we provide them with education, training and programs, including supporting their independent sales of our solutions. We believe that such investment, and investments in our sales force, will lead to significant expansion in our customer base, which will materially impact our business and results of operations.
Our marketing strategy is focused on platform and brand awareness, which drives our opportunity pipeline and customer demand. This strategy is account-based, enabling us to pursue targeted marketing activities across both digital and non-digital channels. We anticipate increasing our marketing team headcount and are investing in programs designed to elevate our brand in the market and engage new enterprise accounts. We also participate in a number of cloud and security industry events. In addition, we have a deeply integrated ecosystem of channel partners, with whom we engage in joint marketing activities.
12

Table of Contents
Data Center Operations
We operate our services across more than 160 data centers around the world, which are built to be highly resilient, have multiple levels of redundancy and provide failover to other data centers in our network. Our data centers are co-located within top-tier internet interconnection hubs that have direct connectivity, known as peering, to major telecommunication service providers, SaaS providers, public cloud providers, internet content providers and popular internet destinations. A number of our data centers are also located with our service provider partners.
Compliance
Since successful completion of an initial independent third-party assessment in 2014, our platform has received numerous industry standard and internationally recognized certifications upon successful completion of further independent third-party assessments, including ISO 27001, ISO 27701, ISO 27018, ISO 27017, SOC2, CSA-STAR, HIPAA and NIST 800-63C.
We also built a leading U.S. and international government compliance portfolio. We are authorized at the FedRAMP High level and Impact Level 5 with the DOD for ZPA. In addition, in the U.S. we are authorized at both the FedRAMP Moderate and high levels for ZIA and ZPA. We also hold ITAR, FIPS, CJIS and VPAT 508 in our U.S. Government portfolio. We also became the first cloud-based SaaS security company to achieve StateRamp for state and local governments. Internationally, we are IRAP Protected and APRA in Australia, Cyber Essentials and G-Cloud in the UK, C5 in Germany, “in process” for ITSG-33 Prob B in Canada, ISMAP in Japan, MTCS in Singapore and, most recently, Spain Gov CPSTIC catalog listing and ENS-High.
Research and Development
Our research and development organization is responsible for the design, architecture, operation and quality of our cloud platform. In addition to improving on our features and functionality, this organization works closely with our cloud operations team to ensure that our platform is reliable, available and scalable. ThreatLabZ, our internal team of security experts, researchers and network engineers, analyzes the global threat landscape, works to eliminate threats across our cloud platform and reports on emerging security issues.
Research and development expense was $499.8 million, $349.7 million and $289.1 million for fiscal 2024, fiscal 2023 and fiscal 2022, respectively. Our research and development leadership team is predominantly located in San Jose, California, and we also maintain research and development centers internationally, including in India, Canada, Israel and Spain.
Competition
The market for security solutions is defined by changing technologies, an evolving threat landscape and complex enterprise needs. Our competitors and potential competitors include legacy on-premises appliance vendors and other vendors across a number of categories:
independent IT security vendors, which offer a broad mix of network and endpoint security products;
large networking and other vendors, which offer security appliances and/or incorporate security capabilities in their networking products and other services;

companies with point solutions that compete with some of the features of our cloud platform, such as proxy, firewall, CASB, sandboxing and advanced threat protection, data loss prevention, encryption, load balancing and VPN; and
13

Table of Contents
other providers of IT security services that offer, or may leverage related technologies to introduce, products that compete with or are alternatives to our cloud platform.
The principal competitive factors in the markets in which we operate include:
delivering security from the cloud regardless of location of the user;
platform features, effectiveness and extensibility;
platform reliability, availability and scalability;
rapid development and delivery of new capabilities and services;
ability to integrate with other participants in the security and networking ecosystem;
price, total cost of ownership and network cost savings;
brand awareness, reputation and trust in the provider’s services;
strength of sales, marketing and channel partner relationships; and
quality of customer support.
We believe we are positioned favorably against our competitors based on these factors. Our cloud platform integrates many of the point products offered by our competitors and potential competitors, which is a key differentiator. However, many of our competitors have substantially greater financial, technical and other resources, greater brand recognition, larger sales forces and marketing budgets, broader distribution networks, more diverse product and services offerings and larger and more mature intellectual property portfolios. They may be able to leverage these resources to gain business in a manner that discourages users from purchasing our services, including through selling at zero or negative margins, offering concessions, product bundling or maintaining closed technology platforms. Further, many organizations have invested substantial personnel and financial resources to design and operate their appliance-based network security architecture and may not be willing or ready to abandon those historical investments. As our market grows and rapidly changes, we expect it will continue to attract new companies, including smaller emerging companies, which could introduce new products and services. In addition, we may expand into new markets and encounter additional competitors in such markets.
Intellectual Property
Our success depends in part upon our ability to protect and use our core technology and intellectual property rights. We rely on a combination of patents, copyrights, trademarks, trade secret laws, contractual provisions and confidentiality procedures to protect our intellectual property rights. As of July 31, 2024, we had more than 580 issued patents and pending patent applications, including more than 260 issued patents in the United States and other countries. Our issued patents expire between 2028 and 2043 and cover various aspects of our cloud platform. In addition, we have registered “Zscaler” as a trademark in the United States and other jurisdictions, and we have registered other trademarks and filed other trademark applications in the United States. We are also the registered holder of a variety of domestic and international domain names that include “Zscaler” and similar variations. In addition to the protection provided by our intellectual property rights, we enter into confidentiality and invention assignment or similar agreements with our employees, consultants and contractors. We further control the use of our proprietary technology and intellectual property rights through provisions in our subscription and license agreements. Despite our efforts to protect our trade secrets and proprietary rights through intellectual property rights, licenses and confidentiality agreements, unauthorized parties may still copy or otherwise obtain and use our software and technology. In addition to our internally developed technology, we also license software, including open source software, from third parties that we integrate into or bundle with our cloud platform.
14

Table of Contents
Our industry is characterized by the existence of a large number of patents and frequent claims and related litigation based on allegations of patent infringement or other violations of intellectual property rights. We believe that competitors will try to develop products and services that are similar to ours and that may infringe our intellectual property rights. Our competitors or other third-parties may also claim that our platform infringes their intellectual property rights. In particular, companies in our industry have extensive patent portfolios. From time to time, third parties, including certain of these companies and non-practicing entities, have in the past and may in the future, assert claims of infringement, misappropriation and other violations of intellectual property rights against us or our customers or channel partners, with whom our license or other agreements may obligate us to indemnify against these claims. Successful claims of infringement by a third-party could prevent us from offering certain services or features, require us to develop alternate, non-infringing technology, which could require significant time and during which we could be unable to continue to offer our affected subscriptions or services, require us to obtain a license, which may not be available on reasonable terms or at all, or force us to pay substantial damages, royalties or other fees. As we face increasing competition and gain an increasingly higher profile, the possibility of intellectual property rights claims against us grows. We cannot assure you that we do not currently infringe, or that we will not in the future infringe, upon any third-party patents or other proprietary rights. See “Risk Factors—Risks Related to Our Business—Claims by others that we infringe their proprietary technology or other rights, or other lawsuits asserted against us, could result in significant costs and substantially harm our business, financial condition, results of operations and prospects” for additional information.
Government Regulation
Our business activities are subject to various federal, state, local and foreign laws, rules, and regulations. Compliance with these laws, rules and regulations has not had, and is not expected to have, a material effect on our capital expenditures, results of operations and competitive position as compared to prior periods. Nevertheless, compliance with existing or future governmental regulations, including, but not limited to, those pertaining to global trade, business acquisitions, consumer and data protection, privacy, employment, labor and taxes, could have a material impact on our business in subsequent periods. For more information on the potential impacts of government regulations affecting our business, see “Item 1A - Risk Factors.”
Human Capital
As of July 31, 2024, we had a total of 7,348 employees, including 4,595 employees located outside the United States, with the majority of non-U.S.-based employees located in India. None of our U.S.-based employees are represented by a labor union or covered by a collective bargaining agreement. We have not experienced any work stoppages and we consider our relations with our employees to be positive and collaborative.
Zscaler's vision is to create a world in which the exchange of information is always secure and seamless. Specifically, ensuring that our people and culture are aligned with this vision is critical to our success. In order to continue to innovate and to execute our business strategy, we must attract, develop and retain skilled employees, particularly in the areas of product development, engineering, sales and customer success.
We understand the importance of human capital so investing in our culture, employee development, compensation and benefits, and diversity and inclusion is essential.

Our Culture

Our culture is about creating an environment where our globally diverse workforce can contribute their best work to help our customers and our business succeed. Zscaler's cultural values are:
15

Table of Contents
Teamwork
Ownership
Passion
Innovation
Customer Obsession

We build this culture through the feedback we receive from our employees through surveys as well as informal feedback channels throughout the year. We are proud to again be certified as a 2024 “Great Place to Work” in 11 countries, including the U.S. We ultimately view and measure the success of our culture by our ability to sustain great business results.
Employee Development

We invest in our employees through a suite of programs from their first day of employment to develop their talent and skills as our business grows. Our leadership approach establishes clear expectations, enables measurement and actionable feedback, and ensures that our people managers have access to learning and resources that help them to embody our leadership principles.
In addition, new employees in our customer care and success teams are enrolled in structured sales and product training to build their knowledge. Our technical teams have access to live and online training resources and participate in frequent company tech talks where training on best practices and latest developments are shared. We build the skills and capabilities of our senior leaders through intentional investment in their development and opportunities for them to network, collaborate and problem solve together.

To supplement our internal resources, we partner with external development organizations and tools. We partner with leading executive coaching organizations to offer focused development for key leaders, as well as targeted offerings on important topics. We offer tuition reimbursement for eligible employees to further enhance their career growth through higher education.

Compensation and Benefits

We provide competitive compensation and benefits packages to attract and retain our talent. In addition to base pay, employees may be eligible for annual bonuses that are tied to our financial performance and long-term equity incentives that vest subject to continued service. Certain employees may also need to achieve defined performance metrics for parts of their long-term incentives to vest. Our employee performance management program aligns individual achievement and corporate goal attainment with compensation. Employees are assessed on both what was achieved and how they achieved it to help build a high-performance culture that delivers for our customers and is aligned to our cultural values.

We offer an employee stock purchase plan, which allows employees to contribute a percentage of their wages to purchase our stock at a discount. In addition to cash and equity compensation, we offer our employees a robust portfolio of benefits, such as health, wellbeing, parental leave and retirement programs, to meet their individual and family needs.

Diversity, Equity, Inclusion and Belonging
We are committed to an inclusive culture. We strive to foster a workplace that promotes mutual respect, open and effective communication, and a sense of belonging for all employees. We ensure that our employees’ voices are heard and are always working on ways to improve their experience.
16

Table of Contents
We believe that a diversity of backgrounds, experiences and thinking contributes to creating a culture that enables innovation, execution and performance. At the end of fiscal 2024, women represented 23% of our global workforce in 29 countries and underrepresented racial and ethnic minorities represented 10% of our U.S.-based employees.
We have taken steps to address the diversity challenges that we face in the cybersecurity industry because we believe diverse representation and development of our talent enriches our industry. Our recruiters strive to build a diverse talent pipeline at the top of the hiring funnel, through proactive outreach to candidates from underrepresented groups.

Our People and Culture team partners with senior leadership to develop and advance our global diversity, equity, inclusion and belonging strategy. The company supports six employee resource groups that provide a safe community where employees can celebrate what makes them unique while also connecting with colleagues who share and embrace their identity.

To further support our efforts, we offer training on topics such as managing bias. We have invested in a cohort-based leadership program that builds the capabilities of the next generation of women leaders at Zscaler. Our foundational leadership programs emphasize the role of diversity in building high-performing teams.

Health, Safety and Wellbeing
The health and safety of our employees is our top priority. We recognize the need to create a flexible working environment that balances collaboration, innovation and connectivity with personal preferences for employees to do their best work. Our employee wellness program, Wellbeing at Z, supports employees across four pillars: physical, emotional, social and financial. The program is designed to meet the health needs of our employees through connection and support with flexibility for local and targeted needs. We will continue to review and invest in programs to provide for the health, safety and wellbeing of our employees.

Corporate Information
We were incorporated in the state of Delaware in September 2007 as SafeChannel, Inc., and in August 2008, we changed our name to Zscaler, Inc. Our principal executive offices are located at 120 Holger Way, San Jose, CA 95134, and our telephone number is (408) 533-0288. Our website address is www.zscaler.com. Information contained on, or that can be accessed through, our website does not constitute part of this Annual Report on Form 10-K.
Available Information
Our Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, proxy statement, and all amendments to these filings, are available free of charge from our investor relations website (https://ir.zscaler.com/financial-information/sec-filings) as soon as reasonably practicable following our filing with or furnishing to the SEC of any of these reports. The SEC’s website (https://www.sec.gov) contains reports, proxy and information statements and other information regarding issuers that file electronically with the SEC.
Zscaler investors and others should note that we announce material information to the public about our company, products and services and other issues through a variety of means, including our website (https://www.zscaler.com), our investor relations website (https://ir.zscaler.com), our blogs (https://www.zscaler.com/blogs), press releases, SEC filings, public conference calls and social media, in order to achieve broad, non-exclusionary distribution of information to the public. We encourage our investors and others to review the information we make public in these locations as such information could be deemed to be material information. Please note that this list may be updated from time to time.
17

Table of Contents
The contents of any website referred to in this Form 10-K are not intended to be incorporated into this Annual Report on Form 10-K or in any other report or document we file.
18

Table of Contents
Item 1A. Risk Factors
A description of the risks and uncertainties associated with our business is set forth below. You should carefully consider the risks and uncertainties described below, as well as the other information in this Annual Report on Form 10-K, including the consolidated financial statements and the related notes and "Management’s Discussion and Analysis of Financial Condition and Results of Operations." The occurrence of any of the events or developments described below, or of additional risks and uncertainties not presently known to us or that we currently deem immaterial, could materially and adversely affect our business, results of operations, financial condition and growth prospects. In such an event, the market price of our common stock could decline, and you could lose all or part of your investment.
Summary of Risk Factors
Investing in our common stock involves a high degree of risk because our business is subject to numerous risks and uncertainties, as more fully described in this section below this summary. The principal factors and uncertainties that make investing in our common stock risky include, among others:
we have a history of annual net losses and may not be able to achieve or sustain profitability in the future;
if organizations do not adopt our cloud platform, our ability to grow our business and operating results may be adversely affected;
if we are unable to attract new customers or our customers do not renew their subscriptions for our services and add additional users and services to their subscriptions, our future results of operations could be harmed;
we face intense and increasing competition and could lose market share to our competitors;
we have experienced rapid revenue and other growth in recent periods, which may not be indicative of our future performance;
our operating results may fluctuate significantly, which could make our future results difficult to predict and could cause our operating results to fall below expectations;
if the delivery of our services to our customers is interrupted or delayed for any reason, our business would suffer;
the actual or perceived failure of our cloud platform to block malware or prevent a security breach or incident could harm our reputation and adversely impact our business;
our business and growth depend in part on the success of our relationships with our channel partners;
if our cloud platform or internal networks, systems or data are or are perceived to have been breached, our solution may be perceived as insecure, our reputation may be damaged and our financial results may be negatively impacted;
we rely on our key technical, sales and management personnel to grow our business, and the loss of one or more key employees or the inability to attract and retain qualified personnel could harm our business;
claims by others that we infringe their proprietary technology or other rights, or other lawsuits asserted against us, could result in significant costs and substantially harm our business;
if we are unable to effectively manage certain risks and challenges related to our India operations, our business could be harmed;
servicing our debt may require a significant amount of cash, and we may not have sufficient cash flow from our business or the ability to raise funds to pay our substantial debt; and
19

Table of Contents
the impact of global economic disruptions, including as a result of geopolitical uncertainty and instability, inflation, global health crises such as the COVID-19 pandemic, and governmental responses thereto, remains uncertain and may have a material adverse impact on our business.
Risks Related to Our Business

Risks Related to Our Growth

We have a history of annual net losses and may not be able to achieve or sustain profitability in the future.
We have incurred net losses in all annual periods since our inception, and we expect we will continue to incur annual net losses for the foreseeable future. We experienced net losses of $57.7 million, $202.3 million and $390.3 million for fiscal 2024, fiscal 2023 and fiscal 2022, respectively. As of July 31, 2024, we had an accumulated deficit of $1,148.1 million. Because the market for our cloud platform is rapidly evolving and cloud-based security solutions have not yet reached widespread adoption, it is difficult for us to predict our future results of operations. We expect our operating expenses to increase significantly over the next several years as we continue to hire additional personnel, particularly in research and development and sales and marketing, expand our operations and infrastructure, both domestically and internationally, and continue to develop our platform. If we fail to increase our revenue to offset the increases in our operating expenses, we may not achieve or sustain profitability in the future.
Additionally, our business strategy continues to focus primarily on long-term growth. As we execute on this strategy, we may ultimately be unable to achieve or sustain profitability at the level contemplated by industry or financial analysts and our stockholders, and as a result, our stock price may decline.
If organizations do not adopt our cloud platform, our ability to grow our business and operating results may be adversely affected.
Cloud security technologies are still evolving, and it remains difficult to predict customer demand and adoption rates for our solutions. We believe that our cloud platform offers superior protection to our customers, who are becoming increasingly dependent on the internet as they move their applications and data to the cloud. We also believe that our cloud platform represents a major shift from on-premises appliance-based security solutions. While cloud-based security solutions have seen increased adoption, traditional on-premises security appliances continue to be entrenched in the infrastructure of many of our potential customers, particularly large enterprises, because of their prior investment in and the familiarity of their IT personnel with on-premises appliance-based solutions. As a result, our sales process often involves extensive efforts to educate our customers on the benefits and capabilities of our cloud platform, particularly as we continue to pursue customer relationships with large organizations. Even with these efforts, we cannot predict long-term market acceptance of our cloud platform, or the adoption of competing products, services or technologies. If we fail to achieve broad market acceptance of our cloud platform or are unable to keep pace with industry changes, our ability to grow our business and our operating results will be materially and adversely affected.
If we are unable to attract new customers, our future results of operations could be harmed.
To increase our revenue and achieve and maintain profitability, we must add new customers. To add new customers, we must successfully convince IT decision makers that security delivered through our cloud platform provides significant advantages over legacy on-premises appliance-based security products and competing cloud-based products. Additionally, many of our customers broadly deploy our products, which requires a significant commitment of resources from our customers. These factors significantly impact our ability to add new customers and increase the time, resources and sophistication required to do so.
20

Table of Contents
In addition, numerous other factors, many of which are out of our control, have impacted and may in the future impact our ability to add new customers, including potential customers’ commitments to legacy IT security vendors and products, real or perceived switching costs, competition from hybrid or cloud security products, our failure to expand, retain and motivate our sales and marketing personnel, our failure to develop or expand relationships with our channel partners or to attract new channel partners, failure by us or our partners to help our customers to successfully deploy our cloud platform, negative media or industry or financial analyst commentary regarding us or our solutions, or similar solutions offered by other vendors, litigation and general economic conditions. As a result of challenging macroeconomic conditions, we have experienced and may experience in the future increased scrutiny and a longer approval process for initial purchases by new customers, particularly for larger transactions. We cannot predict how long these challenging macroeconomic conditions will persist, and customer cautiousness could continue or worsen or result in potential customers deciding to forego our services entirely.
If our efforts to attract new customers are not successful, our revenue and rate of revenue growth may decline, we may not achieve profitability and our future results of operations could be materially harmed.
If our customers do not renew their subscriptions for our services and add additional users and services to their subscriptions, our future results of operations could be harmed.
In order for us to maintain or improve our results of operations, it is important that our customers renew their subscriptions for our services when existing contract terms expire, and that we expand our commercial relationships with our existing customers. Our customers have no obligation to renew their subscriptions for our services after the expiration of their contractual subscription period, which is typically one to three years, and in the normal course of business, some customers have elected not to renew. In addition, in certain cases, customers may cancel their subscriptions without cause either at any time or upon advance written notice (commonly ranging from 30 days to 60 days), typically subject to an early termination penalty for unused services. In addition, our customers may renew for fewer users, renew for shorter contract lengths or switch to a lower-cost product suite. If our customers do not renew their subscription services, we could incur impairment losses related to our deferred contract acquisition costs. It is difficult to accurately predict long-term customer retention because of our varied customer base and given the length of our subscription contracts. Our customer retention and expansion may decline or fluctuate as a result of a number of factors, including our customers’ satisfaction with our services, our prices and pricing plans, our customers’ spending levels, decreases in the number of users to which our customers deploy our solutions, mergers and acquisitions involving our customers, competition and deteriorating general economic conditions, which may result in reductions in IT budgets and lower employee headcounts.
Our future success also depends in part on the rate at which our current customers add additional users or services to their subscriptions, which is driven by a number of factors, including customer satisfaction with our services, customer security and networking issues and requirements, general economic conditions and customer reaction to the price per additional user or of additional services. If our efforts to expand our relationship with our existing customers are not successful, our business may materially suffer.
We have experienced rapid revenue and other growth in recent periods, which may not be indicative of our future performance.
We have experienced rapid growth in revenue, operations and employee headcount in recent periods. In addition, the number of customers, users and internet traffic on our cloud platform has increased rapidly in recent years. Our growth may not be sustainable and may not be sufficient to achieve and sustain profitability, as we also expect our costs to increase in future periods as we expand our operations and significantly increase our headcount. In addition, we expect our recent revenue growth rates will decline in the future as the size of our revenue base increases. As a result, we believe that historical comparisons of our revenue may not be meaningful and should not be relied upon as an indication of future performance.
21

Table of Contents
Accordingly, you should not rely on our revenue and other growth for any prior quarter or fiscal year as an indication of our future revenue or revenue growth.
If we fail to effectively manage our growth, we may be unable to execute our business plan, maintain high levels of service, adequately address competitive challenges or maintain our corporate culture, and our business, financial condition and results of operations would be harmed.
Our growth has placed, and future growth will continue to place, a significant strain on our management and our administrative, operational and financial infrastructure. Our success will depend in part on our ability to manage this growth effectively, which will require that we continue to improve our administrative, operational, financial and management systems and controls by, among other things:
effectively attracting, retaining, training and integrating, including collaborating with, a large number of new employees;
further improving our key business applications, processes and IT infrastructure, including our data centers, to support our business needs;
enhancing our information and communication systems to ensure that our employees and offices around the world are well coordinated and can effectively communicate with each other and our growing base of channel partners, customers and users; and
appropriately documenting and testing our IT systems and business processes.
These and other improvements in our systems and controls will require significant capital expenditures and the allocation of valuable management and employee resources. If we fail to implement these improvements effectively, our ability to manage our expected growth, ensure uninterrupted operation of our cloud platform and key business systems and comply with the rules and regulations applicable to public companies could be impaired, the quality of our platform and services could suffer and we may not be able to adequately address competitive challenges.
In addition, we believe that our corporate culture has been a contributor to our success, which we believe fosters innovation, teamwork and an emphasis on customer-focused results. We also believe that our culture creates an environment that drives and perpetuates our strategy and cost-effective distribution approach. In the past we have, and in the future we may, restructure or reduce our workforce to align people, roles and projects to our strategic priorities. Any restructuring, reduction or realignment in the workforce has the potential to negatively impact employee morale or make it more difficult to attract and retain talent. As we continue to grow, we may find it difficult to maintain our corporate culture. Preservation of our corporate culture is also made more difficult following the implementation of our hybrid work environment, and many of our employees continue to work from home on a full time or part time basis. Any failure to preserve our culture could harm our future success, including our ability to retain and recruit personnel, innovate and operate effectively and execute on our business strategy. If we experience any of these effects in connection with future growth, it could materially impair our ability to attract new customers, support and retain existing customers and expand their use of our platform, all of which would materially and adversely affect our business, financial condition and results of operations.
Our operating results may fluctuate significantly, which could make our future results difficult to predict and could cause our operating results to fall below expectations.
Our operating results may fluctuate from quarter to quarter as a result of a number of factors, many of which are outside of our control and may be difficult to predict. Some of the factors that may cause our results of operations to fluctuate from quarter to quarter include:
22

Table of Contents
broad market acceptance and the level of demand for our cloud platform;
our ability to attract new customers, particularly large enterprises;
our ability to retain customers and expand their usage of our platform, particularly our largest customers;
our ability to successfully expand internationally and penetrate key markets;
the effectiveness of our sales and marketing programs;
the length of our sales cycle;
the timing and availability of renewals;
technological changes and the timing and success of new service introductions by us or our competitors or any other change in the competitive landscape of our market;
increases in and timing of operating expenses that we may incur to grow and expand our operations and to remain competitive;
pricing pressure as a result of competition or otherwise;
seasonal buying patterns for IT spending, including the possible slowdown in IT spending due to the recent global economic downturn;
the quality and level of our execution of our business strategy and operating plan;
reputational harm as a result of actual, perceived or purported technological failure or disruption;
adverse litigation judgments, settlements or other litigation-related costs;
changes in the legislative or regulatory environment;
the impact and costs related to the acquisition of businesses, talent, technologies or intellectual property rights;
fluctuations in currency exchange rates and changes in the proportion of our revenue and expenses denominated in foreign currencies;
changes in U.S. generally accepted accounting principles; and
general economic conditions in either domestic or international markets, including as a result of geopolitical uncertainty and instability (such as the current conflicts between Russia and Ukraine and in the Middle East), global health crises and pandemics such as the COVID-19 pandemic, and governmental responses thereto.
Any one or more of the factors above may result in significant fluctuations in our results of operations. We also intend to continue to invest significantly to grow our business in the near future rather than optimizing for profitability or cash flows. In addition, we generally experience seasonality in terms of when we enter into agreements with customers. We typically enter into a higher percentage of agreements with new customers, as well as renewal agreements with existing customers, in the second half of our fiscal year. This seasonality is reflected to a much lesser extent, and sometimes is not immediately apparent, in revenue, due to the fact that we recognize subscription revenue ratably over the term of the subscription, which is generally one to three years. We expect that seasonality will continue to affect our operating results in the future and may reduce our ability to predict cash flow and optimize the timing of our operating expenses.
The variability and unpredictability of our quarterly results of operations or other operating metrics could result in our failure to meet our expectations or those of industry or financial analysts. If we fail to meet or exceed such expectations for
23

Table of Contents
these or any other reasons, the market price of our common stock could fall substantially, and we could face costly lawsuits, including securities class action suits.
Our business and growth depend in part on the success of our relationships with our channel partners.
We currently derive most of our revenue from sales through our channel partner network, and we expect for the foreseeable future most of our future revenue growth will also be driven through this network. Not only does our joint sales approach require additional investment to grow and train our sales force, but we believe that continued growth in our business is dependent upon identifying, developing and maintaining strategic relationships with our existing and potential channel partners, including global systems integrators and regional telecommunications service providers that will in turn drive substantial revenue and provide additional value-added services to our customers. Our agreements with our channel partners are generally non-exclusive, meaning our channel partners may offer customers the products of several different companies, including products that compete with our cloud platform. Our channel partners may also cease marketing or reselling our platform with limited or no notice and without penalty. If our channel partners do not effectively market and sell subscriptions to our cloud platform, choose to promote our competitors’ products or fail to meet the needs of our customers, our ability to grow our business and sell subscriptions to our cloud platform may be adversely affected. For example, sales through our top five channel partners and their affiliates, in aggregate, represented 25% of our revenue for fiscal 2024, 26% of our revenue for fiscal 2023 and 28% of our revenue for fiscal 2022. In addition, our channel partner structure could subject us to lawsuits or reputational harm if, for example, a channel partner misrepresents the functionality of our cloud platform to customers or violates applicable laws or our corporate policies. Moreover, our channel partners' operations may be negatively impacted by events including pandemics, international conflicts, inflation and other events affecting the global economy in general. For example, these events could increase credit risk of end customers and create uncertainty in credit markets. Our ability to achieve revenue growth in the future will depend in large part on our success in maintaining successful relationships with our channel partners, identifying additional channel partners and training our channel partners to independently sell and deploy our platform. If we are unable to maintain our relationships with our existing channel partners or develop successful relationships with new channel partners or if our channel partners fail to perform, our business, financial position and results of operations could be materially and adversely affected.
Risks Related to Our Products and Services
We face intense and increasing competition and could lose market share to our competitors, which could adversely affect our business, financial condition and results of operations.
The market for network security solutions is intensely competitive and characterized by rapid changes in technology, customer requirements, industry standards and frequent introductions of new products and services and improvements of existing products and services. Our business model of delivering security through the cloud rather than legacy on-premises appliances, while gaining increasing support, has not yet achieved widespread market adoption. Moreover, we compete with many established network and security vendors who are aggressively competing against us with their legacy appliance-based solutions and have also introduced cloud-based services that purport to have functionality similar to our cloud platform. We are experiencing increased competition as other established and emerging companies enter the cloud-based security solutions market and introduce new products, services and technologies to address evolving customer requirements. If we are unable to anticipate or effectively react to these competitive challenges, our competitive position could weaken, and we could experience a decline in revenue or our growth rate that could materially and adversely affect our business and results of operations.
Our competitors and potential competitors include:
independent IT security vendors, which offer a broad mix of network and endpoint security products;
24

Table of Contents
large networking and other vendors, which offer security appliances and/or incorporate security capabilities in their networking products and other services;
companies with point solutions that compete with some of the features of our cloud platform, such as proxy, firewall, CASB, sandboxing and advanced threat protection, data loss prevention, encryption, load balancing and VPN; and
other providers of IT security services that offer, or may leverage related technologies to introduce, products that compete with or are alternatives to our cloud platform.
Many of our existing competitors have, and some of our potential competitors could have, substantial competitive advantages such as:
greater name recognition, longer operating histories and larger customer bases;
larger sales and marketing budgets and resources;
broader distribution and established relationships with channel partners and customers;
greater customer support resources;
greater resources to make acquisitions and enter into strategic partnerships;
lower labor and research and development costs;
larger and more mature intellectual property rights portfolios; and
substantially greater financial, technical and other resources.
Our competitors may be successful in convincing IT decision makers that legacy appliance-based security products or hybrid security cloud solutions based on legacy technology are sufficient to meet their security needs and provide security performance that competes with our cloud platform. In addition, our competitors have and may develop cloud-based solutions with architectures similar to our products. Further, many organizations have invested substantial personnel and financial resources to design and operate their appliance-based networks and have established deep relationships with appliance vendors. As a result, these organizations may prefer to purchase from their existing suppliers rather than add or switch to a new supplier.
Our larger competitors have substantially broader and more diverse product and services offerings, which may allow them to leverage their relationships based on other products or incorporate functionality into existing products to gain business in a manner that discourages users from purchasing our services, including through selling at zero or negative margins, offering free services and other concessions, bundling products or maintaining closed technology platforms. Many competitors that specialize in providing protection from a single type of security threat may be able to deliver these targeted security products to the market more quickly than we can or to convince organizations that these limited products meet their needs.
Conditions in our market change rapidly and significantly as a result of technological advancements, partnering or acquisitions by our competitors or continuing market consolidation. Start-up companies that innovate and large competitors that are making significant investments in research and development may introduce similar or superior products, services and technologies that compete with our cloud platform. In addition, large companies with substantial communications infrastructure, such as global telecommunications services provider partners or public cloud providers, have entered or could choose to enter the security solutions market. Some of our current or potential competitors have made or could make acquisitions of businesses or establish cooperative relationships that may allow them to offer more directly competitive and comprehensive solutions than were previously offered and adapt more quickly to new technologies and customer needs.
25

Table of Contents
These competitive pressures in our market or our failure to compete effectively may result in price reductions, fewer orders, reduced revenue and gross margins, increased net losses and loss of market share. Any failure to meet and address these factors could materially harm our business and operating results.
If the delivery of our services to our customers is interrupted or delayed for any reason, our business would suffer.
Any interruption or delay in the delivery of our services will negatively impact our customers. Our solutions enable secure connections to cloud-based applications and other destinations via the internet, by directing our customers’ internet traffic through our cloud platform. Our customers depend on the continuous availability of our cloud platform to access the internet, and our services are designed to operate without interruption in accordance with our service level commitments. However, our platform is complex and may contain defects or errors that are not detected until after deployment. If we fail to timely detect defects or errors before deployment, or if our entire platform were to fail, customers and users could lose access to critical services and applications until such disruption is resolved or customers deploy our disaster recovery solution that allows them to bypass our cloud platform to access the internet. The adverse effects of any service interruptions on our reputation and financial condition may be disproportionately heightened due to the nature of our business and the fact that our customers expect continuous and uninterrupted internet access and have a low tolerance for interruptions of any duration. While we do not consider them to have been material, we have experienced, and may in the future experience, service disruptions and other performance problems due to a variety of factors.
The following factors, many of which are beyond our control, can affect the delivery and availability of our services and the performance of our cloud:
the development and maintenance of the infrastructure of the internet;
the performance and availability of third-party telecommunications services with the necessary speed, data capacity and security for providing reliable internet access and services;
decisions by the owners and operators of the data centers where our cloud infrastructure is deployed or by global telecommunications service provider partners who provide us with network bandwidth to terminate our contracts, discontinue services to us, shut down operations or facilities, increase prices, change service levels, limit bandwidth, declare bankruptcy or prioritize the traffic of other parties;
the occurrence of earthquakes, floods, fires, pandemics, power loss, system failures, physical or electronic break-ins, acts of war, international conflicts (such as the current conflicts between Russia and Ukraine and in the Middle East) or terrorism, human error or interference (including by disgruntled employees, former employees or contractors) and other catastrophic events;
cyberattacks, including denial of service attacks, targeted at us, our data centers, our global telecommunications service provider partners or the infrastructure of the internet;
government action to limit access to the internet;
failure by us to maintain and update our cloud infrastructure to meet our traffic capacity requirements;
errors, defects or performance problems in our software, including those potentially introduced by our software updates and third-party software incorporated in our software, which we use to operate our cloud platform;
improper classification of websites by our vendors who provide us with lists of malicious websites;
improper deployment or configuration of our services by our customers;
26

Table of Contents
the failure of our redundancy systems, in the event of a service disruption at one of our data centers, to provide failover to other data centers in our data center network; and
the failure of our disaster recovery and business continuity arrangements.
The occurrence of any of these factors, or if we are unable to efficiently and cost-effectively fix such errors or other problems that may be identified, could damage our reputation, negatively impact our relationship with our customers or otherwise materially harm our business, results of operations and financial condition.
In addition, we provide our services through a cloud-based inline proxy, and some governments, third-party products, websites or services may block proxy-based traffic under certain circumstances. For example, vendors may attempt to block traffic from our cloud platform or blacklist our IP addresses because they cannot identify the source of the proxy-based traffic. Our competitors may use this as an excuse to block traffic from their solutions or blacklist our IP addresses, which may result in our customers’ traffic being blocked from our platform. If our customers experience significant instances of traffic blockages, they will experience reduced functionality or other inefficiencies, which would reduce customer satisfaction with our services and likelihood of renewal.
If we fail to develop or introduce new enhancements to our cloud platform on a timely basis, our ability to attract and retain customers, remain competitive and grow our business could be impaired.
The industry in which we compete is characterized by rapid technological change, frequent introductions of new products and services, evolving industry standards and changing regulations, as well as changing customer needs, requirements and preferences. Our ability to attract new customers and increase revenue from existing customers will depend in significant part on our ability to anticipate and respond effectively to these changes on a timely basis and continue to introduce enhancements to our cloud platform. For example, advancements in technology, such as AI and ML, are changing the way our industry identifies and responds to cyber threats, and businesses that are slow to adopt or fail to adopt these new technologies may face a competitive disadvantage. The success of our cloud platform depends on our continued investment in our research and development organization to increase the reliability, availability and scalability of our existing solutions. The success of any enhancement depends on several factors, including the timely completion and market acceptance of the enhancement. Any new service that we develop or acquire might not be introduced in a timely or cost-effective manner and might not achieve the broad market acceptance necessary to generate significant revenue. If new technologies emerge that deliver competitive products and services at lower prices, more efficiently, more conveniently or more securely, these technologies could adversely impact our ability to compete effectively. Any delay or failure in the introduction of enhancements could materially harm our business, results of operations and financial condition.
If our global network of data centers, which deliver our services, was damaged or otherwise failed to meet the requirements of our business, our ability to provide services to our customers and maintain the performance of our cloud platform could be negatively impacted, which could cause our business to suffer.
We currently host our cloud platform and serve our customers from a global network of over 160 data centers. While we have electronic access to the components and infrastructure of our cloud platform that are hosted by third parties, we do not control the operation of these facilities. Consequently, we may be subject to service disruptions as well as a lack of adequate support for our data center operations due to reasons that are outside of our direct control. Our data centers are vulnerable to damage and connections to our data centers may be interrupted by a variety of sources, including earthquakes, floods, fires, power loss, system or infrastructure failures, computer viruses, physical or electronic break-ins, human error or interference (including by disgruntled employees, former employees or contractors) and other catastrophic events, including those exacerbated by the effects of climate change. Our data centers may also be subject to national or local administrative actions, changes in government regulations, including, for example, the impact of global economic and other sanctions like those levied in response to the current conflict between Russia and Ukraine, changes to legal or permitting requirements and
27

Table of Contents
litigation to stop, limit or delay operations. Despite precautions taken at these facilities, such as disaster recovery and business continuity arrangements, the occurrence of a natural disaster or an act of terrorism, a decision to close the facilities without adequate notice or other unanticipated problems at these facilities could result in interruptions or delays in our services, impede our ability to scale our operations or have other adverse impacts upon our business. In addition, if we do not accurately plan for our infrastructure capacity requirements or experience significant strains on our data center capacity, we may experience delays and additional expenses in arranging new data centers, and our customers could experience performance degradation or service outages that may subject us to financial liabilities, result in customer losses and materially harm our business. For example, to manage a dramatic increase in ZPA traffic resulting from our customers' employees working from home at the outset of the COVID-19 pandemic, we temporarily increased our use of public cloud infrastructure, which is substantially more expensive than our own data centers. If we must again materially increase our use of public cloud infrastructure in the future, our results of operations could be negatively impacted.
If our cloud platform or internal networks, systems or data are or are perceived to have been breached, our solution may be perceived as insecure, our reputation may be damaged and our financial results may be negatively impacted.
It is virtually impossible for us to entirely mitigate the risk of breaches of our cloud platform or other security incidents affecting our cloud platform or our internal systems, networks or data. In addition, the functionality of our platform may be disrupted, either intentionally or due to negligence, by third parties, including disgruntled employees or contractors and other current or former employees or contractors. The security measures we use internally and have integrated into our cloud platform, which are designed to detect unauthorized activity and prevent or minimize security breaches, may not function as expected or may not be sufficient to identify or protect against certain attacks. Enterprises are subject to a wide variety of attacks on their networks and systems, and techniques used to sabotage or to obtain unauthorized access to networks in which data is stored or through which data is transmitted change frequently and generally are not recognized until launched against a target. The growth in state sponsored cyber activity, including those actions taken in connection with the current conflict between Russia and Ukraine, showcase the increasing sophistication of cyber threats. As a result, we may be unable to anticipate these techniques or implement adequate measures to prevent an electronic intrusion into our customers through our cloud platform or to prevent breaches and other security incidents affecting our cloud platform, internal networks, systems or data. Further, once identified, we may be unable to remediate or otherwise respond to a breach or other incident in a timely manner. Actual, perceived or purported security breaches of our cloud platform could result in actual, perceived or purported breaches of our customers’ networks and systems.
Our internal systems are exposed to the same cybersecurity risks and consequences of a breach as our customers and other enterprises. However, since our business is focused on providing reliable security services to our customers, we believe that an actual, perceived or purported breach of, or security incident affecting, our internal networks, systems or data, could be especially detrimental to our reputation, customer confidence in our solution and our business. Additionally, many of our personnel work remotely on a hybrid or permanent basis, which may pose additional data security risks.
Further, our vendors and service providers may also be the targets of cyberattacks, and their systems and networks may be, or may have been, breached or contain exploitable defects or bugs that could result in a breach of or disruption to their or our systems and networks. Our ability to monitor our vendors’ and service providers’ data security is limited, and, in any event, third parties may be able to circumvent their security measures, resulting in the unauthorized access to, misuse, disclosure, loss, alteration, or destruction of our data, including confidential, sensitive, and other information about individuals. Geo-political factors including international conflicts, such as between Russia and Ukraine and in the Middle East, may increase the risk of such cyberattacks.
Any actual, perceived or purported security breaches or other security incidents that we suffer with regard to our platform, systems, networks or data, including any such actual, perceived or purported security breaches or security incidents
28

Table of Contents
that result, or are believed to result, in actual, perceived or purported breaches of our customers’ networks or systems, could result in:
the expenditure of significant financial resources in efforts to analyze, correct, eliminate, remediate or work around errors or defects, to address and eliminate vulnerabilities and to address any applicable legal or contractual obligations relating to any actual, perceived or purported security breach or other security incident;
negative publicity and damage to our reputation, brand, and market position;
harm to our relationships with, and a loss of, existing or potential customers or channel partners;
delayed or lost sales and harm to our financial condition and results of operations;
a delay in attaining, or the failure to attain, market acceptance; and
legal claims and demands (including for stolen assets or information, repair of system damages and compensation to customers, customers of customers and business partners), litigation (including stockholder claims), regulatory inquiries or investigations and other liability.
Any of the above could materially and adversely affect our business, financial condition and results of operations.
While we maintain insurance, our insurance may be insufficient to cover all liabilities incurred in relation to actual, perceived or purported security breaches or other security incidents. We also cannot be certain that our insurance coverage will be adequate for liabilities actually incurred, that insurance will continue to be available to us on economically reasonable terms, or at all, or that any insurer will not deny coverage as to any future claim. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could have a material adverse effect on our business, including our financial condition, operating results and reputation.
If our cloud platform does not interoperate with our customers’ network and security infrastructure or with third-party products, websites or services, our cloud platform may become less competitive and our results of operations may be harmed.
Our cloud platform must interoperate with our customers’ existing network and security infrastructure. These complex systems are developed, delivered and maintained by the customer and a myriad of vendors and service providers. As a result, the components of our customers’ infrastructure have different specifications, rapidly evolve, utilize multiple protocol standards, include multiple versions and generations of products and may be highly customized. We must be able to interoperate and provide our security services to customers with highly complex and customized networks, which requires careful planning and execution between our customers, our customer support teams and our channel partners. Further, when new or updated elements of our customers’ infrastructure or new industry standards or protocols are introduced, we may have to update or enhance our cloud platform to allow us to continue to provide services to customers. Our competitors or other vendors may refuse to work with us to allow their products to interoperate with our solutions, which could make it difficult for our cloud platform to function properly in customer networks that include these third-party products.
We may not deliver or maintain interoperability quickly or cost-effectively, or at all. These efforts require capital investment and engineering resources. If we fail to maintain compatibility of our cloud platform with our customers’ network and security infrastructures, our customers may not be able to fully utilize our solutions, and we may, among other consequences, lose or fail to increase our market share and experience reduced demand for our services, which would materially harm our business, operating results and financial condition.

29

Table of Contents
Risks Related to Our Sales and Operations
If we are not able to maintain and enhance our brand, our business and results of operations may be adversely affected.
We believe that maintaining and enhancing our reputation as a provider of high-quality security solutions is critical to our relationship with our existing customers and channel partners and our ability to attract new customers and channel partners. The successful promotion of our brand will depend on a number of factors, including our marketing efforts, our ability to continue to develop high-quality features and solutions for our cloud platform, uninterrupted delivery of our cloud services and our ability to successfully differentiate our platform from competitive products and services. Our brand promotion activities may not be successful or yield increased revenue. In addition, independent industry or financial analysts often provide reviews of our platform, as well as products and services of our competitors, and perception of our platform in the marketplace may be significantly influenced by these reviews. If these reviews are negative, or less positive as compared to those of our competitors’ products and services, our brand may be adversely affected. Additionally, the performance of our channel partners may affect our brand and reputation if customers do not have a positive experience with our channel partners’ services. The promotion of our brand requires us to make substantial expenditures, and we anticipate that the expenditures will increase as our market becomes more competitive, we expand into new markets and more sales are generated through our channel partners. To the extent that these activities yield increased revenue, this revenue may not offset the increased expenses we incur. If we do not successfully maintain and enhance our brand, our business may not grow, we may have reduced pricing power relative to competitors and we could lose customers or fail to attract potential customers, all of which would materially and adversely affect our business, results of operations and financial condition.
If we do not effectively develop and expand our sales and marketing capabilities, we may be unable to add new customers or increase sales to our existing customers, and our business will be adversely affected.
To increase the number of customers and increase the market acceptance of our platform, we will need to expand our sales and marketing operations, including our domestic and international sales force. Although we have a channel sales model, our sales representatives typically engage in direct interaction with our prospective customers. Therefore, we continue to be substantially dependent on our sales force to obtain new customers. Increasing our customer base and achieving broader market acceptance of our cloud platform will depend, to a significant extent, on our ability to expand and further invest in our sales and marketing operations and activities. There is significant competition for sales personnel with the advanced sales skills and technical knowledge we need. We believe that selling a cloud-based security solution requires particularly talented sales personnel with the ability to communicate the transformative potential of our cloud platform. Our ability to achieve significant growth in revenue in the future will depend, in large part, on our success in recruiting, training and retaining enough talented sales personnel in both the U.S. and international markets.
New hires require significant training and may take significant time before they achieve full productivity. As a result, our new hires and planned hires may not become as productive as we would like, and we may be unable to hire or retain enough qualified individuals in the future. As a result of our rapid growth, a large percentage of our sales and marketing team is new to our company and selling our solutions, and therefore this team may be less effective than our more seasoned employees. Furthermore, hiring sales personnel in new countries, or expanding our existing presence, requires upfront and ongoing expenditures that we may not recover if the sales personnel fail to achieve full productivity. We cannot predict whether, or to what extent, our sales will increase as we expand our sales force or how long it will take for sales personnel to become productive. The effectiveness of our sales and marketing has also varied over time and, together with the effectiveness of any partners or resellers we may engage, may vary in the future. Our business and operating results may be harmed if our efforts do not generate a correspondingly significant increase in revenue. We may not achieve anticipated revenue growth from expanding our sales force if we are unable to hire, develop and retain talented sales personnel, if our new sales personnel are
30

Table of Contents
unable to achieve desired productivity levels in a reasonable period of time, or if our sales and marketing programs are not effective.
Our sales cycles can be long and unpredictable, and our sales efforts require considerable time and expense.
The timing of our sales and related revenue recognition is difficult to predict because of the length and unpredictability of the sales cycle for our cloud platform, particularly with respect to large organizations. Our sales efforts typically involve educating our prospective customers about the uses, benefits and the value proposition of our cloud platform. Customers often view the subscription to our cloud platform as a significant decision as part of a strategic transformation initiative and, as a result, frequently require considerable time to evaluate, test and qualify our platform prior to entering into or expanding a relationship with us. Large enterprises and government entities in particular often undertake a significant evaluation process that further lengthens the sales cycle. In addition, the impact of macroeconomic conditions could materially and adversely affect our business, operating results and financial condition by reducing sales, lengthening sales cycles and lowering prices for our services. We have experienced and may experience in the future increased scrutiny and a longer approval process for initial purchases by new customers, as a result of challenging macroeconomic conditions, and we cannot predict how long these economic conditions may persist.
Our sales force develops relationships directly with our customers, and together with our channel account teams, works with our channel partners on account penetration, account coordination, sales and overall market development. We spend substantial time and resources on our sales efforts without any assurance that our efforts will produce a sale. Platform purchases are frequently subject to budget constraints, multiple approvals and unanticipated administrative, processing and other delays. As a result, it is difficult to predict whether and when a sale will be completed and when revenue from a sale will be recognized.
Sales to larger customers involve risks that may not be present, or that are present to a lesser extent, with sales to smaller customers, which can act as a disincentive to our sales team to pursue these larger customers. These risks include:
competition from companies that traditionally target larger enterprises and that may have pre-existing relationships or purchase commitments from such customers;
increased purchasing power and leverage held by larger customers in negotiating contractual arrangements with us;
more stringent requirements in our support obligations; and
longer sales cycles and the associated risk that substantial time and resources may be spent on a potential customer that elects not to purchase our solutions.
The failure of our efforts to secure sales after investing resources in a lengthy sales process could materially and adversely affect our business and operating results.
Because we recognize revenue from subscriptions for our services over the term of the subscription, downturns or upturns in new business may not be immediately reflected in our operating results and may be difficult to discern.
We generally recognize revenue from customers ratably over the terms of their subscriptions, which are typically one to three years. As a result, a substantial portion of the revenue we report in each period is attributable to the recognition of deferred revenue relating to agreements that we entered into during previous periods. Consequently, any increase or decline in new sales or renewals in any one period may not be immediately reflected in our revenue for that period. Any such change, however, may affect our revenue in future periods. Additionally, subscriptions that are invoiced annually in advance or multi-year in advance contribute significantly to our short-term and long-term deferred revenue. Accordingly, the effect of downturns or upturns in new sales and potential changes in our rate of renewals may not be fully reflected in our results of
31

Table of Contents
operations until future periods. We may also be unable to reduce our cost structure in line with a significant deterioration in sales or renewals. Our subscription model also makes it difficult for us to rapidly increase our revenue through additional sales in any period, as revenue from new customers must be recognized over the applicable subscription term.
We provide service level commitments under our customer contracts. If we fail to meet these contractual commitments, we could be obligated to provide credits for future service and our business could suffer.
Our customer agreements contain service level commitments, which contain specifications regarding the availability and performance of our cloud platform. Any failure of or disruption to our infrastructure could impact the performance of our platform and the availability of services to customers. If we are unable to meet our stated service level commitments or if we suffer extended periods of poor performance or unavailability of our platform, we may be contractually obligated to provide affected customers with service credits for future subscriptions, and, in certain cases, refunds. In addition, the limitation of liability provisions in our customer agreements may not fully or effectively protect us from claims as a result of federal, state or local laws or ordinances or unfavorable judicial decisions in the United States or other countries. To date, there has not been a material failure to meet our service level commitments, and we do not currently have any material liabilities accrued on our balance sheet for such commitments. Our revenue, other results of operations and financial condition could be harmed if we suffer performance issues or downtime that exceeds the service level commitments under our agreements with our customers.
Our ability to maintain customer satisfaction depends in part on the quality of our customer support, including the quality of the support provided on our behalf by certain channel partners. Failure to maintain high-quality customer support could have an adverse effect on our business, financial condition and results of operations.
If we do not provide superior support to our customers, our ability to renew subscriptions, increase the number of users and sell additional services to customers may be adversely affected. We believe that successfully delivering our cloud solution requires a highly skilled level of customer support and engagement. We or our channel partners must assist our customers to deploy our cloud platform, resolve performance issues, address interoperability challenges with a customer’s existing network and security infrastructure and respond to security threats and cyberattacks. Many enterprises, particularly large organizations, have very complex networks and require high levels of focused support, including premium support offerings, to fully realize the benefits of our cloud platform. Any failure by us to maintain the expected level of support could reduce customer satisfaction and hurt our customer retention, particularly with respect to our large enterprise customers. Additionally, if our channel partners do not provide support to the satisfaction of our customers, we may be required to provide this level of support to those customers, which would require us to hire additional personnel and to invest in additional resources. We may not be able to hire such resources fast enough to keep up with demand, particularly if the sales of our platform exceed our internal forecasts. We may also not be successful in our efforts to fully onboard new hires and provide adequate training to our employees, many of whom continue to work remotely. To the extent that we or our channel partners are unsuccessful in hiring, training and retaining adequate support resources, our ability and the ability of our channel partners to provide adequate and timely support to our customers will be negatively impacted, and our customers’ satisfaction with our cloud platform could be adversely affected. We currently rely in part on contractors provided by third-party service providers internationally to provide support services to our customers, and we expect to expand our international customer service support team to other countries. Any failure to properly train or oversee such contractors could result in a poor customer experience and an adverse impact on our reputation and ability to renew subscriptions or engage new customers. Furthermore, as we sell our solutions internationally, our support organization faces additional challenges, including those associated with delivering support, training and documentation in languages other than English. Any failure to maintain high-quality customer support, or a market perception that we do not maintain high-quality support, could materially harm our reputation, adversely affect our ability to sell our solutions to existing and prospective customers and could harm our business, financial condition and results of operations.
32

Table of Contents
We rely on our key technical, sales and management personnel to grow our business, and the loss of one or more key employees or the inability to attract and retain qualified personnel could harm our business.
Our future success is substantially dependent on our ability to attract, retain and motivate the members of our management team and other key employees throughout our organization. In particular, we are highly dependent on the services of Jay Chaudhry, our chief executive officer and chairman of our board of directors, who is critical to our future vision and strategic direction. We rely on our leadership team in the areas of operations, security, marketing, sales, support and general and administrative functions, and on individual contributors on our research and development team. Although we have entered into employment agreements with our key personnel, these agreements have no specific duration and constitute at-will employment. We do not maintain key person life insurance policies on any of our employees. The loss of one or more of our executive officers or key employees could seriously harm our business. In the last year, we have added several new senior management employees. Any significant leadership change or senior management transition involves risk, especially nearly simultaneous changes involving so many leaders and employees, and any failure to transition effectively or to retain these new leaders could hinder our strategic planning, business execution and future performance.

To execute our growth plan, we must attract and retain highly qualified personnel. Competition for these personnel in the San Francisco Bay Area, where our headquarters are located, and in other locations where we operate, is intense, especially for experienced sales professionals and for engineers experienced in designing and developing cloud applications, security software and AI and ML solutions. In addition, the United States and other regions in which we operate have in the past and may again in the future experience acute workforce shortages for highly skilled workers, which in turn, can create hyper-competitive wage environments that may impact our ability to attract and retain employees. We have from time to time experienced, and we may continue to experience, difficulty in hiring and retaining employees with appropriate qualifications. For example, in recent years, recruiting, hiring and retaining employees with expertise in the cybersecurity industry has become increasingly difficult as the demand for cybersecurity professionals has increased as a result of the ongoing cybersecurity attacks on global corporations and governments. Many of the companies with which we compete for experienced personnel have greater resources than we have. In addition, job candidates and existing employees often consider the value of the equity awards they receive in connection with their employment. Volatility or lack of performance in our stock price may also affect our ability to attract and retain our key employees.
If we fail to successfully attract, integrate or retain qualified personnel to fulfill our current or future needs, or if we need to materially increase the value of the compensation packages necessary to attract and retain these employees, our business, operating results and financial condition could be materially and adversely affected.
Our business depends, in part, on sales to the public sector and significant changes in the contracting or fiscal policies of such public sector organizations could have an adverse effect on our business and operating results.
We derive a significant portion of our revenue from contracts with government organizations, and we believe the success and growth of our business will in part depend on our successful procurement of additional public sector customers. However, demand from government organizations is often unpredictable, and we cannot assure you that we will be able to maintain or grow our revenue from the public sector. Sales to government entities are subject to substantial risks, including the following:
selling to government agencies can be highly competitive, expensive and time-consuming, often involving significantly longer procurement cycles than commercial sales, and significant upfront time and expense without any assurance that such efforts will generate a sale;
U.S. or other government requirements relating to the formation, administration and performance of contracts with the public sector affect how we and our channel partners do business with governmental agencies;
33

Table of Contents
U.S. or other government certification requirements applicable to our cloud platform, including the Federal Risk and Authorization Management Program (FedRAMP), are often difficult and costly to obtain and maintain and failure to do so will restrict our ability to sell to government customers;
government demand and payment for our services may be impacted by public sector budgetary cycles and annual funding authorizations, including the impacts of possible government shutdowns, and government sales are inherently at risk of securing funding;
sales to the U.S. and other governments are subject to procurement regulations, which impose heightened compliance obligations on us and our channel partners;
governments routinely investigate and audit government contractors’ administrative processes and compliance with procurement regulations and any unfavorable investigation or audit could result in fines, civil or criminal liability, further investigations, damage to our reputation and debarment from further government business; and
government customers procuring commercial items get the benefit of more favorable terms and conditions by operation of law, regardless of agreed upon contractual terms.
The occurrence of any of the foregoing could cause governments and governmental agencies to delay or refrain from purchasing our solutions in the future and could result in temporary suspension or permanent debarment from sales to government organizations. Any such penalties, disruptions or limitations in our or our channel partners' ability to do business with the public sector could have a material adverse effect on our business, operating results, financial condition and prospects.
Our international operations expose us to significant risks, and failure to manage those risks could materially and adversely impact our business.
Historically, we have derived a significant portion of our revenue from outside the United States. We derived approximately 50%, 50% and 51% of our revenue from our international customers in fiscal 2024, fiscal 2023 and fiscal 2022, respectively. As of July 31, 2024, approximately 63% of our full-time employees were located outside of the United States. We are continuing to adapt to and develop strategies to address international markets and our growth strategy includes continued expansion into target geographies, but there is no guarantee that such efforts will be successful. We expect that our international activities will continue to grow in the future, as we continue to pursue opportunities in international markets. These international operations will require significant management attention and financial resources and are subject to substantial risks, including:
political, economic and social uncertainty or international conflict, such as the current conflicts between Russia and Ukraine and in the Middle East;
unexpected costs for the localization of our services, including translation into foreign languages and adaptation for local practices and regulatory requirements;
greater difficulty in enforcing contracts and accounts receivable collection, and longer collection periods;
reduced or uncertain protection for intellectual property rights in some countries;
greater risk of unexpected changes in regulatory practices, tariffs and tax laws and treaties;
greater risk of a failure of foreign employees, partners, distributors and resellers to comply with both U.S. and foreign laws, including antitrust regulations, anti-bribery laws, export and import control laws, trade and economic sanctions and any applicable trade regulations ensuring fair trade practices;
34

Table of Contents
requirements to comply with foreign privacy, data protection, cybersecurity and information security laws and regulations and the risks and costs of noncompliance;
increased expenses incurred in establishing and maintaining office space and equipment for our international operations;
difficulties in complying with regulations relating to AI and ML;
greater difficulty in identifying, attracting and retaining local qualified personnel, and the costs and expenses associated with such activities;
differing employment practices and labor relations issues;
difficulties in managing and staffing international offices and increased travel, infrastructure and legal compliance costs associated with multiple international locations;
fluctuations in exchange rates between the U.S. dollar and foreign currencies in markets where we do business, including the British Pound, Indian Rupee and Euro, and related impact on sales cycles; and
the impact of natural disasters and public health pandemics and epidemics on customers, partners, suppliers, employees, travel and the global economy.
As we continue to develop and grow our business globally, our success will depend, in large part, on our ability to anticipate and effectively manage these risks. The expansion of our existing international operations and entry into additional international markets will require significant management attention and financial resources. Our failure to successfully manage our international operations and the associated risks could limit the future growth of our business.
Future acquisitions, strategic investments, partnerships or alliances could be difficult to identify and integrate, divert the attention of key management personnel, disrupt our business, dilute stockholder value and adversely affect our operating results, financial condition and prospects.
Our business strategy includes acquiring other complementary solutions, technologies or businesses. We have in the past acquired, and expect in the future to acquire, businesses that we believe will complement or augment our existing business. In order to expand our security offerings and features, we also may enter into relationships with other businesses, which could involve preferred or exclusive licenses, additional channels of distribution or investments in other companies. Negotiating these transactions can be time-consuming, difficult and costly, and our ability to close these transactions may be subject to third-party approvals, such as government regulatory approvals, which are beyond our control. Consequently, we cannot assure you that these transactions, once undertaken and announced, will close.
These kinds of acquisitions or investments may result in unforeseen operating difficulties and expenditures. In particular, we may encounter difficulties assimilating or integrating the businesses, technologies, products and services, personnel or operations of companies that we may acquire, particularly if the key personnel of an acquired business choose not to work for us. We may have difficulty retaining the customers of any acquired business or using or continuing the development of the acquired technologies. Acquisitions may also disrupt our ongoing business, divert our resources and require significant management attention that would otherwise be available for development of our business. We may not successfully evaluate or utilize the acquired technology or personnel, or accurately forecast the financial impact of an acquisition transaction, including accounting charges. Any acquisition or investment could expose us to unknown liabilities. Moreover, we cannot assure you that the anticipated benefits of any acquisition or investment would be realized or that we would not be exposed to unknown liabilities. In connection with these types of transactions, we may:
issue additional equity securities that would dilute our stockholders;
35

Table of Contents
use cash that we may need in the future to operate our business;
incur debt on terms unfavorable to us or that we are unable to repay;
incur large charges or substantial liabilities;
encounter difficulties integrating diverse business cultures;
experience delays in extending our internal control over financial reporting to new acquisitions or investments;
experience delays in our quarterly close process and related filings with the SEC; and
become subject to adverse tax consequences, substantial depreciation or deferred compensation charges.
These challenges related to acquisitions or investments could adversely affect our business, operating results, financial condition and prospects.
If we are unable to effectively manage certain risks and challenges related to our India operations, our business could be harmed.
We believe that our significant presence in India provides important advantages for our business, such as direct access to a large pool of skilled professionals. However, it also creates certain risks that we must effectively manage. As of July 31, 2024, 37% of our global work force is based in India and is comprised mostly of R&D, finance and operations professionals. Wage costs in India for skilled professionals are currently lower than in the United States for comparably skilled professionals. However, wages and benefit costs in India are increasing at a faster rate than in the United States, which could result in us incurring increased costs for technical professionals. There is intense competition in India for skilled technical professionals, and we expect such competition to increase. As a result, we may be unable to retain our current employee base in India or hire additional new talent or do so cost-effectively. In addition, India has recently experienced significant inflation and low growth. India also has experienced natural disasters, civil unrest and terrorism and, in the past, has been involved in conflicts with neighboring countries. If we are unable to effectively manage any of the foregoing risks related to our India operations, our development efforts and operations could be impaired, which could materially and negatively impact our growth and operating results.
Our failure to raise additional capital necessary to expand our operations and invest in new solutions could reduce our ability to compete and could harm our business.
We expect that our existing cash, cash equivalents and short-term investments will be sufficient to meet our anticipated cash needs for working capital, capital expenditures and Notes repayment requirements for at least the next 12 months. We may, however, need to raise additional funds to fund our operating expenses, make capital purchases, acquire or invest in business or technology, and we may not be able to obtain those funds on favorable terms, or at all. If we raise additional equity financing, our stockholders may experience significant dilution of their ownership interests and the per share value of our common stock could decline. Furthermore, if we engage in additional debt financing, the holders of our debt would have priority over the holders of our common stock, and we may be required to accept terms that restrict our ability to incur additional indebtedness or our ability to pay any dividends on our common stock, though we do not intend to pay dividends in the foreseeable future. We may also be required to take other actions, any of which could harm our business and operating results. If we need to access the capital markets, there can be no assurance that financing may be available on attractive terms, if at all. If we are unable to obtain adequate financing, or financing on terms satisfactory to us, when we require it, our ability to continue to support our business growth and to respond to business challenges could be significantly limited, and our business, operating results, financial condition and prospects could be materially and adversely affected.

36

Table of Contents
Risks Related to Information Technology, Intellectual Property, Data Security and Privacy
The actual or perceived failure of our cloud platform to block malware or prevent a security breach or incident could harm our reputation and adversely impact our business, financial condition and results of operations.
Our cloud platform may fail to detect or prevent security breaches or incidents for any number of reasons. Our cloud platform is complex and may contain performance issues that are not detected until after its deployment. We also provide frequent solution updates and fundamental enhancements, which increase the possibility of errors, and our reporting, tracking, monitoring and quality assurance procedures may not be sufficient to ensure we detect any such defects in a timely manner. The performance of our cloud platform can be negatively impacted by our failure to enhance, expand or update our cloud platform, bugs, errors or defects in our software, improper classification of websites by our vendors who provide us with lists of malicious websites, improper deployment or configuration of our services and many other factors.
In addition, the techniques used by cyber threat actors, including state sponsored actors, to access or sabotage networks and other systems change frequently and generally are not recognized until launched against a target. As a result, there is a risk that a cyber threat could emerge that our services are unable to detect or prevent until after some of our customers are impacted. The growth in state sponsored cyber activity showcases the increasing sophistication of cyber threats and dramatically expands the global threat landscape. Moreover, as our services are adopted by an increasing number of enterprises, it is possible that the individuals and organizations behind cyber threats will focus on finding ways to defeat our services. If this happens, our cloud platform could be targeted by attacks specifically designed to disrupt our business and create the perception that our cloud platform is not capable of providing superior security, which, in turn, could have a serious impact on our reputation as a provider of security solutions. Further, high profile security breaches or incidents, in particular those of cloud-based service providers, may cause our customers and potential customers to lose trust in cloud solutions generally, and with respect to security in particular, which could materially and adversely impact our ability to retain existing customers or attract new customers.
Increasingly, enterprises are subject to a wide variety of attacks on their networks and systems, including traditional threat actors, malicious code (such as viruses and worms), social engineering attacks (such as deep fakes), targeted phishing attacks made more sophisticated with the development of AI and ML, distributed denial-of-service attacks, advanced attacks conducted or sponsored by nation-states, advanced persistent threat intrusions, ransomware and other malware and theft or misuse of intellectual property or business or personal data, including by disgruntled employees, former employees or contractors. No security solution, including our cloud platform, can address all possible security threats or block all methods of penetrating a network or otherwise perpetrating a security breach or incident. Our customers typically rely on complex network and security infrastructures, which include products and services from multiple vendors, to secure their networks. If any of our customers becomes infected with malware or experiences a security breach or incident, they could be disappointed with our services, regardless of whether our services are intended to block the attack or would have blocked the attack if the customer had properly configured our cloud platform. Additionally, if any enterprises that are publicly known to use our services are the subject of a cyberattack that becomes publicized, our current or potential customers may look to our competitors for alternatives to our services.
From time to time, industry or financial analysts and research firms test our solutions against other security products. Our services may fail to detect or prevent threats in any particular test for a number of reasons, including misconfiguration. To the extent potential customers, industry or financial analysts or testing firms believe that the occurrence of a failure to detect or prevent any particular threat is a flaw or indicates that our services do not provide significant value, our reputation and business could be materially harmed.
Any real or perceived flaws in our cloud platform or any real, perceived or purported security breaches or other security incidents of our customers could result in:
37

Table of Contents
a loss of existing or potential customers or channel partners;
delayed or lost sales and harm to our financial condition and results of operations;
a delay in attaining, or the failure to attain, market acceptance;
the expenditure of significant financial resources in efforts to analyze, correct, eliminate, remediate or work around errors or defects, to address and eliminate vulnerabilities and to address any applicable legal or contractual obligations relating to any actual, perceived or purported security breach or incident;
negative publicity and damage to our reputation and brand; and
legal claims and demands (including for stolen assets or information, repair of system damages, and compensation to customers and business partners), litigation, regulatory inquiries or investigations and other liability.
Any of the above results could materially and adversely affect our business, financial condition and results of operations.
Additionally, with data security being a critical competitive factor in our industry, we make public statements in our policies, on our website, and elsewhere describing the security of our platform and the performance of our solutions. As a result, we may face claims, including claims of unfair or deceptive trade practices alleging these statements are not accurate, brought by the U.S. Federal Trade Commission, state, local or foreign regulators and private litigants.
Issues in the development, use and execution of AI and ML, combined with an uncertain regulatory environment, may harm our business.
We are increasingly utilizing and have recently begun building and executing AI and ML capabilities, including, for example, those relating to generative AI and large language models, into our product offerings. The rapid evolution of AI and ML requires the application of resources to develop, test and maintain our products and services to help ensure that AI and ML are implemented responsibly in order to benefit our business, while also minimizing any unintended or harmful impact. As with many developing technologies, AI and ML present risks and challenges, many of which may be unknown, that could affect their further development, adoption, and use. These risks and challenges could undermine public confidence in AI and ML, which could slow or even halt its adoption and negatively affect our business. Further, a quickly evolving legal and regulatory environment may cause us to incur increased research and development costs, or divert resources from other development efforts, to address social and ethical issues related to AI and ML. The use of AI technologies also presents emerging ethical issues that could become controversial. As a result of these and other challenges associated with our use and implementation of AI and ML, we may in the future be subject to legal liability, competitive harm, regulatory action, including new proposed rules and legislation regulating AI in jurisdictions such as the European Union, new applications of existing data protection, privacy, cybersecurity, information security, intellectual property, and other laws, and brand or reputational harm.
We incorporate technology from third parties into our cloud platform, and our inability to obtain or maintain rights to the technology could harm our business.
We license software and other technology from third parties that we incorporate into or integrate with, our cloud platform. We cannot be certain that our licensors are not infringing the intellectual property rights of third parties or that our licensors have sufficient rights to the licensed intellectual property in all jurisdictions in which we may sell our services. In addition, many licenses are non-exclusive, and therefore our competitors may have access to the same technology licensed to us. Some of our agreements with our licensors may be terminated for convenience by them, or otherwise provide for a limited term. If we are unable to continue to license any of this technology for any reason, our ability to develop and sell our services containing such technology could be harmed. Similarly, if we are unable to license necessary technology from third parties
38

Table of Contents
now or in the future, we may be forced to acquire or develop alternative technology, which we may be unable to do in a commercially feasible manner or at all, and we may be required to use alternative technology of lower quality or performance standards. This could limit and delay our ability to offer new or competitive products and services and increase our costs of production. As a result, our business and results of operations could be significantly harmed. Additionally, as part of our longer-term strategy to grow our business, we may consider opening our cloud platform to third-party developers and applications to further extend its functionality, but we cannot be certain that such efforts to grow our business will be successful.
Some of our technology incorporates "open source" software, and we license some of our software through open source projects, which could negatively affect our ability to sell our platform and subject us to possible litigation.
Our solutions incorporate software licensed by third parties under open source licenses, including open source software included in software we receive from third-party commercial software vendors. Use of open source software may entail greater risks than use of third-party commercial software, as open source licensors generally do not provide support, updates or warranties or other contractual protections regarding infringement claims or the quality of the code. In addition, the wide availability of open source software used in our solutions could expose us to security vulnerabilities. Furthermore, the terms of many open source licenses have not been interpreted by U.S. and other courts, and there is a risk that such licenses could be construed in a manner that imposes unanticipated conditions or restrictions on our ability to market or commercialize our solutions. As a result, we could be subject to lawsuits by parties claiming ownership of what we believe to be open source software. Litigation could be costly for us to defend, have a negative effect on our results of operations and financial condition or require us to devote additional research and development resources to change our solutions. In addition, by the terms of some open source licenses, under certain conditions we could be required to release the source code of our proprietary software, and to make our proprietary software available under open source licenses, including authorizing further modification and redistribution. In the event that portions of our proprietary software are determined to be subject to such requirements by an open source license, we could be required to publicly release the affected portions of our source code, re-engineer all or a portion of our platform or otherwise be limited in the licensing of our services, each of which provide an advantage to our competitors or other entrants to the market, create security vulnerabilities in our solutions and could reduce or eliminate the value of our services. Further, if we are held to have breached or otherwise failed to comply with the terms of an open source software license, we could be required to release certain of our proprietary source code under open source licenses, pay monetary damages, seek licenses from third parties to continue offering our services on terms that are not economically feasible or be subject to injunctions that could require us to discontinue the sale of our services if re-engineering could not be accomplished on a timely basis. Many of the risks associated with use of open source software cannot be eliminated and could negatively affect our business. Moreover, we cannot assure you that our processes for controlling our use of open source software in our platform will be effective. Responding to any infringement or noncompliance claim by an open source vendor, regardless of its validity, or discovering open source software code in our platform could harm our business, operating results and financial condition by, among other things:
resulting in time-consuming and costly litigation;
diverting management’s time and attention from developing our business;
requiring us to pay monetary damages or enter into royalty and licensing agreements that we would not normally find acceptable;
causing delays in the deployment of our platform or service offerings to our customers;
requiring us to stop offering certain services on or features of our platform;
requiring us to redesign certain components of our platform using alternative non-infringing or non-open source technology, which could require significant effort and expense;
39

Table of Contents
requiring us to disclose our software source code and the detailed program commands for our software; and
requiring us to satisfy indemnification obligations to our customers.
We rely on a limited number of suppliers for certain components of the equipment we use to operate our cloud platform, and any disruption in the availability of these components could delay our ability to expand or increase the capacity of our global data center network or replace defective equipment in our existing data centers.
We rely on a limited number of suppliers for several components of the equipment we use to operate our cloud platform and provide services to our customers. Our reliance on these suppliers exposes us to risks, including reduced control over production costs and constraints based on the then-current availability, terms and pricing of these components. For example, we generally purchase these components on a purchase order basis, and do not have long-term contracts guaranteeing supply. In addition, the technology industry has experienced component shortages, delivery delays and price increases in the past, and we may experience shortages, delays or materially increased costs, including as a result of natural disasters, acts of war or international conflicts, epidemics or global pandemics, increased demand in the industry or if our suppliers do not have sufficient rights to supply the components in all jurisdictions in which we may host our services. While global economic conditions have not yet had a material impact on our supply chain, these conditions have increased our costs in the past and could result in disruptions and delays for components in the future. For instance, there is a risk that current geopolitical, diplomatic and other developments affecting the relationship between China and Taiwan may materially and negatively impact the availability of certain critical components that we use in our data centers, which we source from overseas. If our supply of certain components is disrupted or delayed, there can be no assurance that additional supplies or components can serve as adequate replacements for the existing components or that supplies will be available on terms that are favorable to us, if at all. Any disruption or delay in the supply of our components may delay opening new data centers, delay increasing capacity or replacing defective equipment at existing data centers or cause other constraints on our operations that could damage our channel partner or customer relationships.
Claims by others that we infringe their proprietary technology or other rights, or other lawsuits asserted against us, could result in significant costs and substantially harm our business, financial condition, results of operations and prospects.
A number of companies in our industry hold a large number of patents and also protect their copyright, trade secret and other intellectual property rights, and companies in the networking and security industry frequently enter into litigation based on allegations of patent infringement or other violations of intellectual property rights. In addition, patent holding companies seek to monetize patents they previously developed, have purchased or otherwise obtained. Many companies, including our competitors, may now, and in the future, have significantly larger and more mature patent, copyright, trademark and trade secret portfolios than we have, which they may use to assert claims of infringement, misappropriation and other violations of intellectual property rights against us. In addition, intellectual property litigation may involve non-practicing entities or other patent owners who have no relevant product offerings or revenue and against whom our own patents may therefore provide little or no deterrence or protection. As we face increasing competition and gain an increasingly higher profile the possibility of intellectual property rights claims against us grows. Third parties have asserted in the past and may in the future assert claims of infringement of intellectual property rights against us and these claims, even without merit, could harm our business, including by increasing our costs, reducing our revenue, creating customer concerns that result in delayed or reduced sales, distracting our management from the running of our business and requiring us to cease use of important intellectual property. In addition, because patent applications can take years to issue and are often afforded confidentiality for some period of time, there may currently be pending applications, unknown to us, that later result in issued patents that could cover one or more of our services. Moreover, in a patent infringement claim against us, we may assert, as a defense, that we do not infringe the relevant patent claims, that the patent is invalid or both. The strength of our defenses will depend on the patents asserted, the interpretation of these patents, and our ability to invalidate the asserted patents. However, we could be unsuccessful in advancing non-infringement and/or invalidity arguments in our defense. In the United States, issued patents
40

Table of Contents
enjoy a presumption of validity, and the party challenging the validity of a patent claim must present clear and convincing evidence of invalidity, which is a high burden of proof. Conversely, the patent owner need only prove infringement by a preponderance of the evidence, which is a lower burden of proof. Furthermore, because of the substantial amount of discovery required in connection with patent and other intellectual property rights litigation, there is a risk that some of our confidential information could be compromised by the discovery process.
As the number of products and competitors in our market increases and overlaps occur, claims of infringement, misappropriation and other violations of intellectual property rights may increase. Our insurance may not cover intellectual property rights infringement claims. Third parties have in the past and may in the future also assert infringement claims against our customers or channel partners, with whom our agreements may obligate us to indemnify against these claims. In addition, to the extent we hire personnel from competitors, we may be subject to allegations that such employees have divulged proprietary or other confidential information to us.
From time to time, the U.S. Supreme Court, other U.S. federal courts and the U.S. Patent and Trademark Appeals Board, and their foreign counterparts, have made and may continue to make changes to the interpretation of patent laws in their respective jurisdictions. We cannot predict future changes to the interpretation of existing patent laws or whether U.S. or foreign legislative bodies will amend such laws in the future. Any changes may lead to uncertainties or increased costs and risks surrounding the outcome of third-party infringement claims brought against us and the actual or enhanced damages, including treble damages, that may be awarded in connection with any such current or future claims and could have a material adverse effect on our business and financial condition.
We are unable to predict the likelihood of success in defending against future infringement claims. In the event that we fail to successfully defend ourselves against an infringement claim, a successful claimant could secure a judgment or otherwise require payment of legal fees, settlement payments, ongoing royalties or other costs or damages; or we may agree to a settlement that prevents us from offering certain services or features; or we may be required to obtain a license, which may not be available on reasonable terms, or at all, to use the relevant technology. If we are prevented from using certain technology or intellectual property, we may be required to develop alternative, non-infringing technology, which could require significant time, during which we could be unable to continue to offer our affected services or features, effort and expense and may ultimately not be successful. Any of these outcomes could result in a material adverse effect on our business. Even if we were to prevail, third-party infringement lawsuits could be costly and time-consuming, divert the attention of our management and key personnel from our business operations, deter channel partners from selling or licensing our services and dissuade potential customers from purchasing our services, which would also materially harm our business. In addition, any public announcements of the results of any proceedings in third-party infringement lawsuits could be negatively perceived by industry or financial analysts and investors and could cause our stock price to experience volatility or decline. Further, the expense of litigation and the timing of this expense from period to period are difficult to estimate, subject to change and could adversely affect our results of operations.
Any of these events could materially and adversely harm our business, financial condition and results of operations.
The success of our business depends in part on our ability to protect and enforce our intellectual property rights.
We believe our intellectual property is an essential asset of our business, and our success and ability to compete depend in part upon protection of our intellectual property rights. We rely on a combination of patent, copyright, trademark and trade secret laws, as well as confidentiality procedures and contractual provisions, to establish and protect our intellectual property rights, all of which provide only limited protection. The efforts we have taken to protect our intellectual property rights may not be sufficient or effective, and our patents, trademarks and copyrights may be held invalid or unenforceable. Moreover, we cannot assure you that any patents will be issued with respect to our currently pending patent applications in a manner that gives us adequate defensive protection or competitive advantages, or that any patents issued to us will not be challenged, invalidated or circumvented. We have filed for patents in the United States and in certain non-U.S. jurisdictions, but such
41

Table of Contents
protections may not be available in all countries in which we operate or in which we seek to enforce our intellectual property rights, or may be difficult to enforce in practice. For example, many foreign countries have compulsory licensing laws under which a patent owner must grant licenses to third parties. In addition, many countries limit the enforceability of patents against certain third parties, including government agencies or government contractors. In these countries, patents may provide limited or no benefit. Moreover, we may need to expend additional resources to defend our intellectual property rights in these countries, and our inability to do so could impair our business or adversely affect our international expansion. Our currently issued patents and any patents that may be issued in the future with respect to pending or future patent applications may not provide sufficiently broad protection or they may not prove to be enforceable in actions against alleged infringers. Additionally, the U.S. Patent and Trademark Office and various foreign governmental patent agencies require compliance with a number of procedural, documentary, fee payment and other similar provisions during the patent application process and to maintain issued patents. There are situations in which noncompliance can result in abandonment or lapse of the patent or patent application, resulting in partial or complete loss of patent rights in the relevant jurisdiction. If this occurs, it could materially harm our business, operating results, financial condition and prospects.
We may not be effective in policing unauthorized use of our intellectual property rights, and even if we do detect violations, litigation may be necessary to enforce our intellectual property rights. In addition, our intellectual property may be stolen, including by cybercrimes, and we may not be able to identify the perpetrators or prevent the exploitation of our intellectual property by our competitors or others. Protecting against the unauthorized use of our intellectual property rights, technology and other proprietary rights is expensive and difficult, particularly outside of the United States. Any enforcement efforts we undertake, including litigation, could be time-consuming and expensive and could divert management’s attention, either of which could harm our business, operating results and financial condition. Further, attempts to enforce our rights against third parties could also provoke these third parties to assert their own intellectual property or other rights against us, or result in a holding that invalidates or narrows the scope of our rights, in whole or in part. The inability to adequately protect and enforce our intellectual property and other proprietary rights could seriously harm our business, operating results, financial condition and prospects. Even if we are able to secure our intellectual property rights, we cannot assure you that such rights will provide us with competitive advantages or distinguish our services from those of our competitors or that our competitors will not independently develop similar technology, duplicate any of our technology, or design around our patents.
Adverse economic conditions or reduced IT security spending may adversely impact our revenue and profitability.
Our operations and performance depend in part on worldwide economic conditions and the impact these conditions have on levels of spending on IT networking and security solutions. Our business depends on the overall demand for these solutions and on the economic health and general willingness of our current and prospective customers to purchase our security services. A broad reduction in IT security spending would have a material impact to our business.
The United States and the global economy have recently experienced historically high levels of inflation. While inflation rates moderated in 2023 and continue to moderate into 2024, the existence of inflation in the U.S. and global economy and the pricing pressure created by rising inflation in prior periods has and may continue to result in high interest rates and capital costs, shipping costs, supply shortages, increased costs of labor, weakening exchange rates and other similar effects. Elevated inflation rates can affect our expenses, especially employee compensation. In addition, rising interest rates could adversely affect the value of our investments and cash on hand and increase our borrowing costs. Inflation and related increases in interest rates could also increase our customers' operating costs, which could result in reduced IT budgets, less demand for our solutions, or delays in new orders, renewals or payments due to us.
Governments have and are implementing fiscal policy interventions in response to high levels of inflation, including raising interest rates or keeping them at elevated levels. Even if these interventions lower inflation to desirable levels, they may also reduce economic growth rates, create recessions and increase unemployment rates. This could have an adverse
42

Table of Contents
effect on our consolidated financial condition and results of operations. For example, if our customers were to reduce their IT budgets or workforces in response to deteriorating economic conditions, they may not purchase or renew subscriptions for our services or may renew for fewer users or less expensive services. These policy changes have provided a benefit to us as a result of the increased interest income we earn on our cash and investments, but a reduction of interest rates in the future would reduce this income.
The impact of economic conditions, including the ongoing effects of inflation, high interest rates and regional or global recessions could materially and adversely affect our business, operating results and financial condition in a number of ways, including by reducing sales, lengthening sales cycles and requiring us to lower prices for our services.
Risks Relating to Legal, Regulatory, Accounting and Tax Matters
Failure to comply with laws and regulations applicable to our business could subject us to fines and penalties.
Our business is subject to regulation by various federal, state, local and foreign governmental agencies, including agencies responsible for monitoring and enforcing laws and regulations relating to privacy, data protection, information security and cybersecurity, employment and labor laws, workplace safety, product safety, environmental laws, consumer protection laws, anti-bribery laws, import and export controls, federal securities laws and tax laws and regulations. In addition, emerging tools and technologies we utilize in providing our products, like AI and ML, are subject to regulation under new laws as well as new applications of existing laws. In certain jurisdictions, these regulatory requirements may be more stringent than in the United States. These laws and regulations impose added costs on our business. Noncompliance with applicable regulations or requirements could subject us to:
investigations, enforcement actions and sanctions;
mandatory changes to our cloud platform;
disgorgement of profits, fines and damages;
civil and criminal penalties or injunctions;
claims for damages by our customers or channel partners;
termination of contracts; and
loss of intellectual property rights.
If any government sanctions are imposed, or if we do not prevail in any possible civil or criminal litigation, our business, operating results and financial condition could be adversely affected. In addition, responding to any action will likely result in a significant diversion of management’s attention and resources and an increase in professional fees. Enforcement actions and sanctions could materially harm our business, operating results and financial condition.
As a global employer, we are subject to various labor laws, including worker classification laws, that impact compliance obligations regarding working time, proper payment for time worked, time off regulations, as well as anti-retaliation, discrimination and harassment policies and compliance with employee representative rights. We take reasonable efforts to comply with applicable labor laws and regulations impacting our workforce, but failure to comply with such laws could result in government enforcement actions and penalties, may negatively impact business operations and may be harmful to our reputation and our ability to attract and retain employees.
43

Table of Contents
These laws and regulations impose added costs on our business, and failure to comply with these or other applicable regulations and requirements could lead to claims for damages from our channel partners or customers, penalties, termination of contracts and loss of exclusive rights in our intellectual property.
If we were not able to satisfy data protection, security, privacy and other government- and industry-specific requirements or regulations, our business, results of operations and financial condition could be harmed.
The regulatory framework for privacy, data protection and security matters are rapidly evolving and are likely to remain volatile for the foreseeable future. Our handling of personal data is subject to various data protection, cybersecurity, information security and other telecommunications regulations or requirements where we offer our solutions around the world. We also may find it necessary or desirable to join industry or other self-regulatory bodies or other cybersecurity or information security or data protection-related organizations that require us to comply with rules pertaining to privacy, data protection, cybersecurity and information security. Further, we may be bound by additional, more stringent contractual obligations and other actual and asserted obligations, such as industry standards, relating to our collection, use and disclosure of personal, financial and other data. Changes in laws or regulations that adversely affect the use of the internet, including laws impacting net neutrality, could also impact our business.
The U.S. federal government, and various state and foreign governments, have adopted or proposed laws and regulations on the collection, distribution, use, storage and other processing of information relating to individuals. Such laws and regulations may, among other things, require companies to implement privacy and security policies, permit customers to access, correct and delete information stored or maintained by such companies, inform individuals of security breaches that affect their information and, in some cases, obtain individuals’ consent to use information for certain purposes. For example, the California Consumer Privacy Act, or CCPA, took effect in January 2020 and was subsequently modified by the California Privacy Rights Act, or CPRA, which took effect in January 2023. Numerous other states have enacted, and others are expected to enact, privacy laws that have gone into effect, or will go into effect through 2026, and a federal privacy law is being considered. In addition, in certain jurisdictions, regulatory requirements may be more stringent than those in the U.S. For example, the European Union has implemented the General Data Protection Regulation, which provides for substantial obligations relating to the handling, storage and other processing of information relating to individuals and fines of up to €20 million or 4% of the annual global revenue of the noncompliant company, whichever is greater. The number of emerging and existing data protection, privacy and security laws and regulations creates the risk that obligations may be interpreted inconsistently between jurisdictions which may generate tension with our efforts to align our practices to comply with our privacy, data protection, and security obligations globally. Many of these laws and regulations impose substantial penalties for noncompliance.
We expect that there will continue to be new proposed laws, regulations and industry standards concerning privacy, data protection, cybersecurity, information security and telecommunications services jurisdictions in which we operate or may operate, and we cannot yet determine the impact such future laws, regulations and standards may have on our business. Needing to address new and evolving laws, regulations, standards and other obligations, and changes in the interpretation of existing laws, regulations, standards and other obligations, relating to privacy, data protection or security could require us to modify our solutions, restrict our business operations, increase our costs and impair our ability to maintain and grow our customer base and increase our revenue. New and evolving requirements may increase compliance costs, lead to increased regulatory scrutiny or liability, may require additional contractual negotiations, and may adversely impact our business, financial condition and operating results. In view of the foregoing, we cannot assure our compliance with all such laws, regulations, standards and obligations. Any failure or perceived failure by us to comply with applicable laws, regulations, standards or actual or asserted obligations, or any actual, perceived or purported security breach or other security incident, whether or not resulting in unauthorized access to, or acquisition, release or transfer of information relating to individuals or other data, may result in governmental investigations, enforcement actions and other proceedings, private claims and
44

Table of Contents
litigation, fines and penalties or adverse publicity, and could cause our customers and prospective customers to lose trust in us, which could have an adverse effect on our reputation and business.
We are subject to governmental export and import controls and trade and economic sanctions that could impair our ability to compete in international markets and subject us to liability if we are not in full compliance with applicable laws.
Our business activities are subject to various restrictions under U.S. export and similar laws and regulations, including the U.S. Department of Commerce's Export Administration Regulations and various economic and trade sanctions regulations administered by the U.S. Department of the Treasury's Office of Foreign Assets Control. The U.S. export controls and trade and economic sanctions include restrictions or prohibitions on the sale or supply of certain products and services to U.S. embargoed or sanctioned countries and governments of these countries, as well as other persons and entities. For example, the U.S. and other countries have implemented economic and other sanctions, as well as increased export controls in response to the current conflict between Russia and Ukraine. These measures have continued to increase. These export controls and sanctions and any additional restrictions may impact our ability to continue to operate in Russia and other affected regions. In addition, various countries regulate the import of certain technology and have enacted or could enact laws that could limit our ability to provide our services and software and operate our cloud platform or could limit our customers’ ability to access or use our services or software in those countries.
Although we take precautions to prevent our services and software from being provided in violation of such laws, our services and software may have been in the past, and could in the future be, provided inadvertently in violation of such laws, despite the precautions we take. If we fail to comply with these laws and regulations, we and certain of our employees could be subject to civil or criminal penalties, including the possible loss of export privileges and fines. We may also be materially and adversely affected through penalties, reputational harm, loss of access to certain markets, or otherwise. Obtaining the necessary authorizations, including any required licenses, for a particular transaction may be time-consuming, is not guaranteed and may result in the delay or loss of sales opportunities. In addition, changes in our platform, or changes in export, sanctions and import laws and regulations, could delay the introduction and sale of subscriptions to our platform in international markets, prevent users in certain countries from accessing our services or, in some cases, prevent the provision of our services to certain countries, governments, persons or entities altogether. Any change in export or import regulations, economic sanctions or related laws, shift in the enforcement or scope of existing regulations or change in the countries, governments, persons or technologies targeted by such regulations could decrease our ability to sell subscriptions to our platform or provide software to existing customers or potential new customers with international operations. Any decrease in our ability to sell subscriptions to our platform or provide software could materially and adversely affect our business, results of operations and financial condition.
We are exposed to fluctuations in currency exchange rates, which could negatively affect our operating results.
The vast majority of our sales contracts are denominated in U.S. dollars, and therefore, substantially all of our revenue is not subject to foreign currency risk. However, a strengthening of the U.S. dollar could increase the real cost of our solutions to our customers outside of the United States, which could adversely affect our financial condition and operating results. In addition, a portion of our operating expenses is incurred outside the United States, and is denominated in foreign currencies, such as the British Pound, Indian Rupee, Euro, Canadian Dollar, Australian Dollar and Japanese Yen, and is subject to fluctuations due to changes in foreign currency exchange rates. We are also exposed to the impact of currency fluctuations on certain assets and liabilities denominated in nonfunctional currencies.
We have a foreign currency risk management program, in which we enter into foreign currency forward contracts which we designate as cash flow hedges. We also use foreign currency forward contracts to mitigate variability in gains and losses generated from the remeasurement of certain monetary assets and liabilities denominated in foreign currencies. The use of
45

Table of Contents
these hedging activities may not be successful in effectively mitigating the potentially adverse impact on our financial statements due to unfavorable movements in foreign currency exchange rates.
If we become more exposed to currency fluctuations and are not able to successfully hedge against the risks associated with currency fluctuations, our operating results could be materially and adversely affected. Further, unanticipated changes in currency exchange rates may result in poorer overall financial performance than if we had not engaged in any such hedging transactions.
We are subject to counterparty default risks.
We have numerous arrangements with financial institutions that include cash and investment deposits, and non-collateralized interest rate swap contracts and foreign currency forward contracts. As a result, we are subject to the risk that the counterparty to one or more of these arrangements may default, on its performance under the terms of the arrangement. In times of market distress, a counterparty may default rapidly and without notice, and we may be unable to take action to cover our exposure, either because of lack of contractual ability to do so or because market conditions make it difficult to take effective action. If one of our counterparties becomes insolvent or files for bankruptcy, our ability eventually to recover any losses suffered as a result of that counterparty’s default may be limited by the impaired liquidity of the counterparty or the applicable legal regime governing the bankruptcy proceedings. In the event of such a default, we could incur significant losses, which could harm our business and adversely affect our results of operations and financial condition.
Our corporate structure and intercompany arrangements are subject to the tax laws of various jurisdictions, and we could be obligated to pay additional taxes, which would harm our results of operations.
We are expanding our international operations and staff to support our business in international markets. Our corporate structure and associated transfer pricing policies contemplate the business flows and future growth into the international markets, and consider the functions, risks and assets of the various entities involved in the intercompany transactions. The amount of taxes we pay in different jurisdictions may depend on the application of the tax laws of the various jurisdictions, including the United States, to our international business activities, changes in tax rates, new or revised tax laws or interpretations of existing tax laws and policies, and our ability to operate our business in a manner consistent with our corporate structure and intercompany arrangements. For example, certain jurisdictions have recently introduced a digital services tax, which is generally a tax on gross revenue generated from users or customers located in those jurisdictions, and other jurisdictions are considering enacting similar laws. The taxing authorities of the jurisdictions in which we operate may challenge our methodologies for pricing intercompany transactions pursuant to the intercompany arrangements or disagree with our determinations as to the income and expenses attributable to specific jurisdictions. If such a challenge or disagreement were to occur, and our position was not sustained, or if there are changes in tax laws or the way existing tax laws are interpreted or applied, we could be required to pay additional taxes, interest and penalties, which could result in one-time tax charges, higher effective tax rates, reduced cash flows and lower overall profitability of our operations. Our financial statements could fail to reflect adequate reserves to cover such a contingency.
In 2021, the Organization for Economic Cooperation and Development announced an Inclusive Framework on Base Erosion and Profit Shifting including Pillar Two Model Rules defining the global minimum tax, which calls for the taxation of large multinational corporations at a minimum rate of 15%. Subsequently multiple sets of administrative guidance have been issued. Many countries have implemented or are in the process of implementing the Pillar Two legislation, which will apply to us beginning in fiscal 2025. Management is currently assessing the jurisdictions that could give rise to additional taxation as well as any potential impacts as a result of the implementation of the rules.
Our ability to use our net operating loss carryforwards and certain other tax attributes may be limited.
46

Table of Contents
As of July 31, 2024, we had net operating loss carryforwards for U.S. federal income tax purposes and state income tax purposes of approximately $1,497.6 million and $630.8 million, respectively, available to offset future taxable income. Beginning in 2024, $554.9 million of state net operating losses will begin to expire at different periods. The remaining $75.9 million of state net operating losses will carry forward indefinitely. As of July 31, 2024, we had foreign net operating loss carryforward of $75.6 million, all of which will be carried forward indefinitely.
As of July 31, 2024, we also had U.S. federal, California, and foreign research and development and other tax credit carryforwards of $133.4 million, $73.9 million, and $1.9 million, respectively. If not utilized, the federal research and development tax credit carryforwards will begin expiring at different periods beginning in 2033. Our California research and development tax credits may be carried forward indefinitely. Foreign tax credits will begin to expire in the fiscal year ending 2029. Realization of these net operating loss and research and development tax credit carryforwards depends on future income, and there is a risk that a portion of our existing carryforwards could expire unused and be unavailable to offset future income tax liabilities, which could materially and adversely affect our results of operations.
In addition, under Section 382 of the Internal Revenue Code of 1986, as amended, if a corporation undergoes an "ownership change," generally defined as a greater than 50% change (by value) in its equity ownership by "5% shareholders" over a three-year period, the corporation’s ability to use its pre-change net operating loss carryforwards and other pre-change tax attributes, such as research and development tax credits, to offset its post-change income may be limited. As a result, in the event that it is determined that we have in the past experienced an ownership change, or if we experience one or more ownership changes in the future as a result of subsequent shifts in our stock ownership, our ability to use our pre-change net operating loss carry-forwards and other pre-change tax attributes to offset U.S. federal taxable liability may be subject to limitations, which could potentially result in increased future tax liability to us. Furthermore, our state carryforwards may be subject to similar and additional limitations.
Taxing authorities may successfully assert that we should have collected or in the future should collect sales and use, value added or similar taxes, and we could be subject to liability with respect to past or future sales, which could adversely affect our operating results.
We do not collect sales and use, value added or similar taxes in all jurisdictions in which we have sales because we have been advised that such taxes are not applicable to our services in certain jurisdictions. Sales and use, value added and similar tax laws and rates vary greatly by jurisdiction. Certain jurisdictions in which we do not collect such taxes may assert that such taxes are applicable, which could result in tax assessments, penalties and interest, to us or our customers for the past amounts, and we may be required to collect such taxes in the future. If we are unsuccessful in collecting such taxes from our customers, we could be held liable for such costs, which may materially and adversely affect our operating results.
Risks Related to the Ownership of Our Common Stock
The concentration of our stock ownership with insiders will likely limit your ability to influence corporate matters, including the ability to influence the outcome of director elections and other matters requiring stockholder approval.
As of July 31, 2024, our executive officers, directors, current 5% or greater stockholders and affiliated entities together beneficially owned approximately 43.2% of our common stock outstanding with Jay Chaudhry, our chief executive officer and chairman of our board of directors, and his affiliates beneficially owning approximately 17.6% of our common stock. As a result, these stockholders, acting together, will have significant control over most matters that require approval by our stockholders, including the election of directors and approval of significant corporate transactions. Corporate action might be
47

Table of Contents
taken even if other stockholders oppose them. This concentration of ownership might also have the effect of delaying or preventing a change of control of us that other stockholders may view as beneficial.
Certain provisions in our charter documents and under Delaware law could make an acquisition of our company more difficult, limit attempts by our stockholders to replace or remove members of our board of directors or current management and may adversely affect the market price of our common stock.
Our amended and restated certificate of incorporation and amended and restated bylaws contain provisions that could delay or prevent a change in control of our company. These provisions could also make it difficult for stockholders to elect directors that are not nominated by the current members of our board of directors or take other corporate actions, including effecting changes in our management. These provisions include:
a classified board of directors with three-year staggered terms, which could delay the ability of stockholders to change the membership of a majority of our board of directors;
the ability of our board of directors to issue shares of preferred stock and to determine the price and other terms of those shares, including preferences and voting rights, without stockholder approval, which could be used to significantly dilute the ownership of a hostile acquirer;
the exclusive right of our board of directors to elect a director to fill a vacancy created by the expansion of our board of directors or the resignation, death or removal of a director, which prevents stockholders from being able to fill vacancies on our board of directors;
a prohibition on stockholder action by written consent, which forces stockholder action to be taken at an annual or special meeting of our stockholders;
the requirement that a special meeting of stockholders may be called only by the chairperson of our board of directors, chief executive officer or president (in the absence of a chief executive officer) or a majority vote of our board of directors, which could delay the ability of our stockholders to force consideration of a proposal or to take action, including the removal of directors;
the requirement for the affirmative vote of holders of at least 66 2⁄3% of the voting power of all of the then outstanding shares of the voting stock, voting together as a single class, to amend the provisions of our amended and restated certificate of incorporation relating to the issuance of preferred stock and management of our business or our amended and restated bylaws, which may inhibit the ability of an acquirer to affect such amendments to facilitate an unsolicited takeover attempt;
the ability of our board of directors, by majority vote, to amend our amended and restated bylaws, which may allow our board of directors to take additional actions to prevent an unsolicited takeover and inhibit the ability of an acquirer to amend our amended and restated bylaws to facilitate an unsolicited takeover attempt; and
advance notice procedures with which stockholders must comply to nominate candidates to our board of directors or to propose matters to be acted upon at a stockholders’ meeting, which may discourage or deter a potential acquirer from conducting a solicitation of proxies to elect the acquirer’s own slate of directors or otherwise attempting to obtain control of us.
These provisions may prohibit large stockholders, in particular those owning 15% or more of our outstanding voting stock, from merging or combining with us for a certain period of time.

48

Table of Contents
The market price of our common stock may be volatile, and you could lose all or part of your investment.
The market price of our common stock has fluctuated substantially and may fluctuate significantly in the future in response to a number of factors, including those described in this "Risk Factors" section, many of which are beyond our control and may not be related to our operating performance. These fluctuations could cause you to lose all or part of your investment in our common stock. Factors that could cause fluctuations in the market price of our common stock include the following:
actual or anticipated changes or fluctuations in our operating results;
the financial projections we may provide to the public, any changes in these projections or our failure to meet these projections;
announcements by us or our competitors of new products or new or terminated significant contracts, commercial relationships or capital commitments;
industry or financial analyst or investor reaction to our press releases, other public announcements and filings with the SEC;
rumors and market speculation involving us or other companies in our industry;
price and volume fluctuations in the overall stock market from time to time;
volume fluctuations in the trading of our common stock from time to time;
changes in operating performance and stock market valuations of other technology companies generally, or those in our industry in particular;
the sales of shares of our common stock by us or our stockholders;
issuances of shares of our common stock, whether in connection with an acquisition or upon conversion of some or all of our outstanding Notes;
failure of industry or financial analysts to maintain coverage of us, changes in financial estimates by any analysts who follow our company, or our failure to meet these estimates or the expectations of investors;
actual or anticipated developments in our business or our competitors’ businesses or the competitive landscape generally;
litigation involving us, our industry or both, or investigations by regulators into our operations or those of our competitors;
developments or disputes concerning our intellectual property rights or our solutions, or third-party proprietary rights;
announced or completed acquisitions of businesses or technologies by us or our competitors;
actual or perceived privacy, data protection, or security incidents or breaches;
new laws or regulations or new interpretations of existing laws or regulations applicable to our business and our responses thereto;
any major changes in our management or our board of directors, particularly with respect to Mr. Chaudhry;
49

Table of Contents
general economic conditions and slow or negative growth of our markets; and
other events or factors, including those resulting from war, incidents of terrorism, global pandemics or responses to these events.
In addition, the stock market in general, and the market for technology companies in particular, has experienced extreme price and volume fluctuations that have often been unrelated or disproportionate to the operating performance of those companies. Broad market and industry factors may seriously affect the market price of our common stock, regardless of our actual operating performance. In addition, in the past, following periods of volatility in the overall market and the market prices of a particular company’s securities, securities class action litigation has often been instituted against that company. Securities litigation, if instituted against us, could result in substantial costs and divert our management’s attention and resources from our business. This could have an adverse effect on our business, operating results and financial condition.
Sales of substantial amounts of our common stock in the public markets, or the perception that they might occur, could reduce the price that our common stock might otherwise attain and may dilute your voting power and your ownership interest in us.
Sales of a substantial number of shares of our common stock in the public market, particularly sales by our directors, executive officers and significant stockholders, or the perception that these sales could occur, could adversely affect the market price of our common stock and may make it more difficult for you to sell your common stock at a time and price that you deem appropriate.
We may also issue our shares of common stock or securities convertible into shares of our common stock from time to time in connection with a financing, acquisition, investments or otherwise. Any such issuance could result in substantial dilution to our existing stockholders and cause the market price of our common stock to decline.
We do not intend to pay dividends in the foreseeable future. As a result, your ability to achieve a return on your investment will depend on appreciation in the price of our common stock.
We have never declared or paid any cash dividends on our common stock. We currently intend to retain all available funds and any future earnings for use in the operation of our business and do not anticipate paying any dividends on our common stock in the foreseeable future. Any determination to pay dividends in the future will be at the discretion of our board of directors. Accordingly, investors must rely on sales of their common stock after price appreciation, which may never occur, as the only way to realize any future gains on their investments.
If industry or financial analysts issue inaccurate or unfavorable research regarding our common stock, our stock price and trading volume could decline.
The trading market for our common stock is influenced by the research and reports that industry or financial analysts publish about us or our business. We do not control these analysts or the content and opinions included in their reports. If any of the analysts who cover us issues an inaccurate or unfavorable opinion regarding our stock price, our stock price would likely decline. In addition, the stock prices of many companies in the technology industry have declined significantly after those companies have failed to meet, or significantly exceed, the financial guidance publicly announced by the companies or the expectations of analysts. If our financial results fail to meet, or significantly exceed, our announced guidance or the expectations of analysts or public investors, analysts could downgrade our common stock or publish unfavorable research about us. If one or more of these analysts cease coverage of our company or fail to publish reports on us regularly, our visibility in the financial markets could decrease, which in turn could cause our stock price or trading volume to decline.

50

Table of Contents
Our amended and restated certificate of incorporation provides that the Court of Chancery of the State of Delaware and the federal district courts of the United States are the exclusive forums for substantially all disputes between us and our stockholders, which could limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us or our directors, officers or employees.
Our amended and restated certificate of incorporation provides that the Court of Chancery of the State of Delaware is the exclusive forum for:
any derivative action or proceeding brought on our behalf;
any action asserting a breach of fiduciary duty;
any action asserting a claim against us arising under the Delaware General Corporation Law, our amended and restated certificate of incorporation or our amended and restated bylaws;
any action to interpret, apply, enforce or determine the validity of our amended and restated certificate of incorporation or our amended and restated bylaws; and
any action asserting a claim against us that is governed by the internal-affairs doctrine.
Our amended and restated certificate of incorporation further provides that the federal district courts of the United States are the exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act of 1933, as amended.
Each of these exclusive-forum provisions may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or our directors, officers or other employees, which may discourage lawsuits against us and our directors, officers and other employees.
Risks Related to the Notes
Servicing our debt may require a significant amount of cash, and we may not have sufficient cash flow from our business or the ability to raise funds to pay our substantial debt.
On June 25, 2020, we issued $1,150 million in aggregate principal amount of our 0.125% Convertible Senior Notes due 2025, or the Notes, which mature on July 1, 2025. We may be required to use a substantial portion of our cash flows from operations to pay interest, principal or other required payments on our indebtedness. For instance, holders of the Notes have the right to require us to repurchase their Notes upon the occurrence of a fundamental change (which is defined in the indenture governing the Notes) at a repurchase price equal to 100% of the principal amount of such Notes to be repurchased, plus accrued and unpaid interest, if any, to, but excluding, the fundamental change repurchase date for such Notes. Additionally, upon conversion of the Notes, unless we elect to deliver solely shares of our common stock to settle such conversion (other than paying cash in lieu of delivering any fractional share), we will be required to make cash payments in respect of the 2025 Notes being converted. Our ability to make such payments or to refinance our indebtedness, including the Notes, depends on our future performance, which is subject to economic, financial, competitive and other factors beyond our control. Such payments will reduce the funds available to us for working capital, capital expenditures and other corporate purposes and may limit our ability to obtain additional financing for working capital, capital expenditures, expansion plans and other investments. Our business may not continue to generate cash flow from operations in the future sufficient to service our debt and make necessary capital expenditures. If we are unable to generate such cash flow, we may be required to adopt one or more alternatives, such as selling assets, restructuring debt or obtaining additional equity capital on terms that may be onerous or highly dilutive. If we are unable to engage in any of these activities or engage in these activities on desirable terms, it could result in a default on our debt obligations, which would adversely affect our financial condition.
51

Table of Contents
The conditional conversion feature of the Notes, when triggered, may adversely affect our financial condition and operating results.
During any period, the conditional conversion feature of the Notes is triggered, holders will be entitled to convert the Notes at any time during specified periods at their option. During the three months ended July 31, 2024, the conditions allowing holders of the Notes to convert were not met. If one or more holders elect to convert their Notes, unless we elect to satisfy our conversion obligation by delivering solely shares of our common stock (other than paying cash in lieu of delivering any fractional share), we would be required to settle a portion or all of our conversion obligation through the payment of cash, which could adversely affect our liquidity. As a result of the upcoming maturity date of the Notes (July 1, 2025), we have classified the Notes as current liabilities on the consolidated balance sheet as of July 31, 2024, which may be seen as a material adverse reduction of our net working capital.

The capped call transactions may affect the value of our common stock.
In connection with the pricing of the Notes, we entered into privately negotiated capped call transactions with certain of the initial purchasers and/or their respective affiliates and other financial institutions, or the Option Counterparties. The capped call transactions are expected generally to reduce the potential dilution upon conversion of the Notes and/or offset any cash payments we are required to make in excess of the principal amount of converted Notes, as the case may be, with such reduction and/or offset subject to a cap.
We have been advised that, in connection with establishing their initial hedges of the capped call transactions, the Option Counterparties purchased shares of our common stock and/or entered into various derivative transactions with respect to our common stock concurrently with or shortly after the pricing of the Notes.
In addition, the Option Counterparties or their respective affiliates may modify their hedge positions by entering into or unwinding various derivatives with respect to our common stock and/or purchasing or selling our common stock or other securities of ours in secondary market transactions prior to the maturity of the Notes (and are likely to do so following any conversion, repurchase or redemption of the Notes, to the extent we exercise the relevant election under the capped call transactions). This activity could also cause or avoid an increase or a decrease in the market price of our common stock.
We are subject to counterparty risk with respect to the capped call transactions.
The Option Counterparties are financial institutions, and we will be subject to the risk that any or all of them might default under the capped call transactions. Our exposure to the credit risk of the Option Counterparties will not be secured by any collateral. Past global economic conditions have resulted in the actual or perceived failure or financial difficulties of many financial institutions. If an Option Counterparty becomes subject to insolvency proceedings, we will become an unsecured creditor in those proceedings with a claim equal to our exposure at that time under the capped call transactions with such Option Counterparty. Our exposure will depend on many factors but, generally, an increase in our exposure will be correlated to an increase in the market price and in the volatility of our common stock. In addition, upon a default by an Option Counterparty, we may suffer more dilution than we currently anticipate with respect to our common stock. We can provide no assurance as to the financial stability or viability of the Option Counterparties.







52

Table of Contents
General Risks

Our business is subject to the risks of earthquakes, fire, floods and other natural catastrophic events, and to interruption by man-made problems such as power disruptions, computer viruses, acts of war, international conflicts, terrorism, and security breaches or incidents.
Our corporate headquarters are located in the San Francisco Bay Area, a region known for seismic activity. A significant natural disaster, such as an earthquake, fire, flood or public health emergency, occurring at our headquarters, in India, where we have a significant facility, or where a key channel partner or data center is located could adversely affect our business, results of operations and financial condition. Further, if a natural disaster or man-made problem were to affect our component suppliers or other third-party providers, including our network bandwidth providers, this could materially and adversely affect our ability to provide services in a timely or cost-effective manner.
In addition, natural disasters, acts of war, international conflicts, such as the current conflicts between Russia and Ukraine and in the Middle East, terrorism and other geopolitical unrest or health issues, such as an outbreak of a pandemic or epidemic disease, or fear of such events, could cause disruptions in our or our customers’ businesses, national economies or the world economy as a whole. In addition, computer malware, viruses and computer hacking, fraudulent use attempts and phishing attacks have become more prevalent in our industry, and may become more frequent and effective through the use of AI, and our internal systems may be victimized by such attacks. Although we maintain incident management and disaster response plans, in the event of a major disruption caused by a natural disaster or man-made problem, we may be unable to continue our operations and may endure system interruptions, reputational harm, delays in our development activities, lengthy interruptions in service, security breaches and incidents and loss of critical data. Though it is difficult to determine what, if any, harm may directly result from any specific interruption or attack, any failure to maintain performance, reliability, security and availability of our platform to the satisfaction of our users may materially harm our reputation and our ability to retain existing customers and attract new customers.
We are subject to anti-corruption, anti-bribery and similar laws, and noncompliance with such laws can subject us to criminal penalties or significant fines and harm our business and reputation.
We are subject to the U.S. Foreign Corrupt Practices Act of 1977, the U.K. Bribery Act 2010 and other anti-corruption, anti-bribery, anti-money laundering and similar laws in the United States and other countries in which we conduct activities. Anti-corruption and anti-bribery laws, which have been enforced aggressively and are interpreted broadly, prohibit companies and their employees and agents from promising, authorizing, making or offering improper payments or other benefits to government officials and others in the private sector. We leverage third parties, including channel partners, to sell subscriptions to our platform and conduct our business abroad. We and these third-party intermediaries may have direct or indirect interactions with officials and employees of government agencies or state-owned or affiliated entities and we may be held liable for the corrupt or other illegal activities of these third-party business partners and intermediaries, our employees, representatives, contractors, channel partners and agents, even if we do not explicitly authorize such activities. While we have policies and procedures to address compliance with such laws, we cannot assure you that all of our employees and agents will not take actions in violation of our policies and applicable law, for which we may be ultimately held responsible. As we increase our international sales and business, our risks under these laws may increase. Noncompliance with these laws could subject us to investigations, severe criminal or civil sanctions, settlements, prosecution, loss of export privileges, suspension or debarment from U.S. government contracts, other enforcement actions, disgorgement of profits, significant fines, damages, other civil and criminal penalties or injunctions, whistleblower complaints, adverse media coverage and other consequences. Any investigations, actions or sanctions could materially harm our reputation, business, results of operations and financial condition.
53

Table of Contents
If we fail to maintain an effective system of internal controls, our ability to produce timely and accurate financial statements or comply with applicable regulations could be impaired.
As a public company, we are subject to the reporting requirements of the Securities Exchange Act of 1934, as amended, or the Exchange Act, the Sarbanes-Oxley Act of 2002, or the Sarbanes-Oxley Act, and the rules and regulations of The Nasdaq Global Select Market, or Nasdaq. The requirements of these rules and regulations will increase our legal, accounting and financial compliance costs; make some activities more difficult, time-consuming and costly; and place significant strain on our personnel, systems and resources.
The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting. We have developed our disclosure controls, internal control over financial reporting and other procedures to ensure information required to be disclosed by us in the reports that we will file with the SEC is recorded, processed, summarized and reported within the time periods specified in SEC rules and forms, and information required to be disclosed in reports under the Exchange Act is accumulated and communicated to our principal executive and financial officers.
Our current controls and any new controls we develop may become inadequate because of changes in conditions in our business. Further, weaknesses in our internal controls may be discovered in the future. Any failure to develop or maintain effective controls, or any difficulties encountered in their implementation or improvement, could harm our operating results or cause us to fail to meet our reporting obligations and may result in a restatement of our financial statements for prior periods. Any failure to implement and maintain effective internal controls also could adversely affect the results of periodic management evaluations and annual independent registered public accounting firm attestation reports regarding the effectiveness of our internal control over financial reporting that we are required to include in our periodic reports we will file with the SEC under Section 404 of the Sarbanes-Oxley Act. Ineffective disclosure controls and procedures and internal control over financial reporting could also cause investors to lose confidence in our reported financial and other information, which would likely have a negative effect on the market price of our common stock.
In order to maintain and improve the effectiveness of our disclosure controls and procedures and internal control over financial reporting, we have expended and anticipate we will continue to expend significant resources, including accounting-related costs, and provide significant management oversight. Any failure to maintain the adequacy of our internal controls, or consequent inability to produce accurate financial statements on a timely basis, could increase our operating costs and could materially impair our ability to operate our business. If our internal controls are perceived as inadequate or we are unable to produce timely or accurate financial statements, investors may lose confidence in our operating results and our stock price could decline. In addition, if we are unable to continue to meet these requirements, we may not be able to remain listed on Nasdaq.
Pursuant to Section 404 of the Sarbanes-Oxley Act, we are required to have our independent registered public accounting firm attest to the effectiveness of our internal control over financial reporting. This assessment includes disclosure of any material weaknesses identified by our management in our internal control over financial reporting. We are also required to have our independent registered public accounting firm issue an opinion on the effectiveness of our internal control over financial reporting. During the evaluation and testing process, if we identify one or more material weaknesses in our internal control over financial reporting, we will be unable to assert that our internal controls are effective.
If we are unable to assert that our internal control over financial reporting is effective, or if, when required, our independent registered public accounting firm is unable to express an opinion on the effectiveness of our internal control over financial reporting, we could lose investor confidence in the accuracy and completeness of our financial reports, which would cause the price of our common stock to decline, and we may be subject to investigation or sanctions by the SEC.
54

Table of Contents
If our estimates or judgments relating to our critical accounting policies prove to be incorrect or financial reporting standards or interpretations change, our results of operations could be adversely affected.
The preparation of financial statements in conformity with generally accepted accounting principles in the United States, or GAAP, requires management to make estimates and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, as provided in the section titled "Management’s Discussion and Analysis of Financial Condition and Results of Operations." The results of these estimates form the basis for making judgments about the carrying values of assets, liabilities and equity, and the amount of revenue and expenses that are not readily apparent from other sources. Significant assumptions and estimates used in preparing the consolidated financial statements include those related to determination of revenue recognition, deferred revenue, deferred contract acquisition costs, capitalized internal-use software, valuation of acquired intangible assets, period of benefit generated from our deferred contract acquisition costs, allowance for doubtful accounts, valuation of common stock options and stock-based awards, useful lives of property and equipment, useful lives of acquired intangible assets, recoverability of goodwill, valuation of deferred tax assets and liabilities, loss contingencies related to litigation, fair value of the Notes and the discount rate used for operating leases. Our results of operations may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our results of operations to fall below the expectations of industry or financial analysts and investors, resulting in a decline in the trading price of our common stock.
Additionally, we regularly monitor our compliance with applicable financial reporting standards and review new pronouncements and drafts thereof that are relevant to us. As a result of new standards, changes to existing standards and changes in their interpretation, we might be required to change our accounting policies, alter our operational policies and implement new or enhance existing systems so that they reflect new or amended financial reporting standards, or we may be required to restate our published financial statements. Such changes to existing standards or changes in their interpretation may have an adverse effect on our reputation, business, financial position and profit, or cause an adverse deviation from our revenue and operating profit target, which may negatively impact our financial results.
55

Table of Contents
We rely on third parties for certain essential financial and operational services, and a failure or disruption in these services could materially and adversely affect our ability to manage our business effectively.
We rely on third parties to provide many essential financial and operational services to support our business. Many of these vendors are less established and have shorter operating histories than traditional software vendors. Moreover, these vendors provide their services to us via a cloud-based model instead of software that is installed on our premises. As a result, we depend upon these vendors to provide us with services that are always available and are free of errors or defects that could cause disruptions in our business processes. Any failure by these vendors to do so, or any disruption in our ability to access the internet, would materially and adversely affect our ability to manage our operations.

We may become involved in litigation that may materially and adversely affect us.
From time to time, we may become, involved in various legal proceedings relating to matters incidental to the ordinary course of our business, including patent, commercial, product liability, employment, class action, whistleblower and other litigation and claims, and governmental and other regulatory investigations and proceedings. Such matters can be time-consuming, divert management’s attention and resources, cause us to incur significant expenses or liability and/or require us to change our business practices. In addition, the expense of litigation and the timing of this expense from period to period are difficult to estimate, subject to change and could adversely affect our results of operations. Because of the potential risks, expenses and uncertainties of litigation, we may, from time to time, settle disputes, even where we have meritorious claims or defenses, by agreeing to settlement agreements. Because litigation is inherently unpredictable, we cannot assure you that the results of any of these actions will not have a material adverse effect on our business, financial condition, results of operations and prospects.

56

Table of Contents
Item 1B. Unresolved Staff Comments
None.
Item 1C. Cybersecurity
As a leading cybersecurity provider, we understand the importance of robust cybersecurity practices, and safeguarding and certifying our solutions to internationally recognized commercial and government standards. Trust is the foundation of everything we do, and we earn that trust through a comprehensive approach to identifying, managing and mitigating cybersecurity risk to our business and operations.
Risk Management and Strategy
Our platform was built leveraging guidance from leading industry frameworks to effectively manage and mitigate cybersecurity risks. Our rigorous risk management processes, which include data privacy, product security and information security, are overseen by the audit committee of our board of directors and our internal security committee, and are designed to ensure confidentiality, integrity and availability of our platform. These processes have been integrated into our overall enterprise risk management framework, which is overseen by our board of directors.
Our internal security committee identifies and prioritizes protective measures across our enterprise and products, continuously driving improvements to our security approach as threats evolve. The committee members are key functional leaders from across the Company who share critical information and use data-driven strategies to manage cyber risks. The committee is led by our chief security officer and includes representatives from our security team, information technology, information security, incident response, engineering, enterprise risk, product management, cloud operations, legal and compliance teams. Our internal security committee has the primary responsibility for assessing, monitoring and managing our cybersecurity risks, including the prevention, detection, mitigation and remediation of cybersecurity incidents. The personnel comprising our internal security committee are certified and experienced cybersecurity professionals and information security managers with many years of experience across a variety of technology sub-specialties.
As a provider of cybersecurity products and services, it is critical for us to identify and implement protective measures across our enterprise and products, continuously driving improvements to our security approach. Our in-house global threat research team, Zscaler ThreatLabZ, a team of more than 150 security experts, collectively works to identify and prevent emerging threats, using malware reverse engineering, behavior analytics, data science and AI. We use the threat intelligence generated by ThreatLabz and other sources to implement security checks and reviews throughout our product development lifecycle. Our internal security teams and external cybersecurity auditors continuously evaluate our products, including by performing regular penetration tests and risk assessments to identify potential vulnerabilities.
We regularly review our cybersecurity policies, standards and procedures to account for changes in the threat landscape, as well as in response to legal and regulatory developments. Our cybersecurity efforts also include mandatory training for all employees and contractors on our security and privacy policies.
Our cybersecurity risk management approach provides a framework for identifying, monitoring, evaluating and responding to risks from cybersecurity threats and incidents. This framework includes steps for identifying the sources of potential cybersecurity threats or incidents, including potential threats and incidents associated with a third-party vendor or service provider, assessing the severity and risk of potential threats and incidents and implementing cybersecurity countermeasures and mitigation strategies. We recognize that our relationships with third parties may pose significant risks, and therefore we have implemented practices for building vendor diligence, onboarding and monitoring capabilities to assess those risks. These efforts can include internal briefings from our security and technical personnel, as well as external reports and threat intelligence from governmental, public and private sources, including external consultants and reports produced by security tools deployed in our technical environment.
57

Table of Contents
Our incident response plan includes processes and procedures for assessing potential internal and external threats, activation and notification, crisis management and post-incident analysis designed to safeguard the confidentiality, availability and integrity of our platform and assets. A cross-functional incident response team, comprised of representatives from our internal security committee including information technology, information security, engineering, cloud operations, compliance, privacy, legal and members of our executive leadership team, is responsible for the monitoring and disposition of potential incidents, such as data breaches, intrusions and other security events, and implementing our detailed incident response plan. Our approach includes procedures to appropriately inform management, the audit committee of the board of directors and the full board of directors, as applicable, about cybersecurity threats and incidents. In fiscal 2024, we did not identify any cybersecurity incidents that materially affected, or are reasonably likely to materially affect, our business, results of operations or financial condition.
For more information about these risks, please see “Risk Factors – Risks Related to Our Business” in this Annual Report on Form 10-K.
Governance
Our board of directors has oversight responsibility for our overall enterprise risk management. The audit committee of the board of directors oversees cybersecurity risk, with input from our internal security committee, based on its oversight of our risk management processes. In accordance with our incident response plan, the internal security committee meets at least monthly, provides cybersecurity updates to the audit committee quarterly and apprises the full board of directors as needed.
Item 2. Properties
Our corporate headquarters are located in San Jose, California, where we currently lease approximately 172,000 square feet of space under a sublease agreement that expires in 2026. We also maintain offices elsewhere in the United States, as well as multiple locations internationally, including in Asia, Europe and the Middle East. We lease all of our facilities and do not own any real property. If necessary, we expect to add facilities as we grow our employee base and expand geographically.
We believe that our facilities are adequate to meet our needs for the immediate future and that, should it be needed, suitable additional space will be available to accommodate our operations.
Item 3. Legal Proceedings
The information called for by this Item is incorporated herein by reference to Item 8. "Financial Statements and Supplementary Data," Note 12, Commitments and Contingencies, of the consolidated financial statements included elsewhere in this Annual Report on Form 10-K.
Item 4. Mine Safety Disclosures
Not applicable.
58

Table of Contents
PART II
Item 5. Market for Registrant's Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities
Market Information for Common Stock
Our common stock has been listed on The Nasdaq Global Select Market under the ticker symbol "ZS" since March 16, 2018. Prior to that time, there was no public market for our common stock.
Holders of Record
As of July 31, 2024, we had 51 holders of record of our common stock. The actual number of stockholders is greater than this number of record holders and includes stockholders who are beneficial owners but whose shares are held in street name by brokers and other nominees.
Dividend Policy
We have never declared or paid cash dividends on our common stock. We currently intend to retain all available funds and any future earnings for use in the operation of our business and do not anticipate paying any dividends in the foreseeable future. Any future determination to declare dividends will be made at the discretion of our board of directors, subject to applicable laws, and will depend on our financial condition, operating results, capital requirements, general business conditions and other factors that our board of directors may deem relevant.
Securities Authorized for Issuance under Equity Compensation Plans
The information required by this item with respect to our equity compensation plans is incorporated by reference to our Proxy Statement for the 2024 Annual Meeting of Stockholders to be filed with the Securities and Exchange Commission within 120 days of the fiscal year ended July 31, 2024.
Recent Sales of Unregistered Equity Securities and Use of Proceeds
(a) Sale of Unregistered Equity Securities
None.
(b) Use of Proceeds
None.
(c) Issuer Purchases of Equity Securities
None.
Stock Performance Graph
This performance graph shall not be deemed "soliciting material" or to be "filed" with the SEC for purposes of the Exchange Act, or otherwise subject to the liabilities under that Section, and shall not be deemed to be incorporated by reference into any filing of Zscaler, Inc. under the Securities Act or the Exchange Act.
This performance graph compares the cumulative total return to our stockholders to the Standard & Poor's 500 Index and Standard & Poor Information Technology Index for the five years ended July 31, 2024. All values assume a $100 initial
59

Table of Contents
investment and data for the Standard & Poor's 500 Index and Standard & Poor Information Technology Index assume reinvestment of dividends. The comparisons are based on historical data and are not indicative of, nor intended to forecast, the future performance of our common stock.

https://cdn.kscope.io/f8167fb100e5631fc3b38dba54a1b90a-10-K24 Stock Performance Graph.jpg

Company/IndexJuly 31,
2019 (*)
July 31,
2020
July 31,
2021
July 31,
2022
July 31,
2023
July 31,
2024
Zscaler, Inc.$100.00 $154.09 $279.95 $184.00 $190.32 $212.83 
S&P 500 Index$100.00 $111.96 $152.76 $145.67 $164.63 $201.10 
S&P 500 Information Technology Index$100.00 $138.91 $194.51 $183.79 $233.14 $315.19 
_____
(*) Base period.

60

Table of Contents
Item 6. Reserved
61

Table of Contents
Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations
The following discussion and analysis of our financial condition and results of operations should be read in conjunction with the consolidated financial statements and related notes included elsewhere in this Annual Report on Form 10-K. As discussed in the section titled "Special Note Regarding Forward-Looking Statements," the following discussion contains forward-looking statements that involve risks and uncertainties. Our actual results could differ materially from those discussed below. Factors that could cause or contribute to such difference include, but are not limited to, those identified below and those discussed in the section titled "Risk Factors" and elsewhere in this Annual Report on Form 10-K. Our fiscal year end is July 31, and our fiscal quarters end on October 31, January 31, April 30 and July 31. Our fiscal year ended July 31, 2024, July 31, 2023 and July 31, 2022 are referred to as fiscal 2024, fiscal 2023 and fiscal 2022, respectively.
Overview
Zscaler was incorporated in 2007, during the early stages of cloud adoption and mobility, based on a vision that the internet would become the new corporate network as the cloud becomes the new data center. We predicted that with rapid cloud adoption and increasing workforce mobility, traditional perimeter security approaches would provide inadequate protection for users and data and an increasingly poor user experience. We pioneered a cloud platform, the Zscaler Zero Trust Exchange, that represents a fundamental shift in the architectural design and approach to networking and security.
We generate revenue primarily from sales of subscriptions to access our cloud platform, together with related support services. We also generate an immaterial amount of revenue from professional and other services, which consist primarily of fees associated with mapping, implementation, network design and training. Our subscription pricing is primarily calculated on a per-user basis. We recognize subscription and support revenue ratably over the life of the contract, which is generally one to three years. As of July 31, 2024, we had expanded our operations to over 8,650 customers across major industries, with users in over 185 countries. Government agencies and some of the largest enterprises in the world rely on us to support their digital transformation, including approximately 35% of the Forbes Global 2000 as of July 31, 2024.
We operate our business as one reportable segment. Our revenue has experienced significant growth in recent periods. For fiscal 2024, fiscal 2023 and fiscal 2022, our revenue was $2,167.8 million, $1,617.0 million and $1,090.9 million, respectively. We have incurred net losses in all annual periods since our inception. For fiscal 2024, fiscal 2023 and fiscal 2022, our net loss was $57.7 million, $202.3 million and $390.3 million, respectively. We expect we will continue to incur net losses for the foreseeable future, as we continue to invest in our sales and marketing organization to maximize our market opportunity, to invest in research and development efforts to enhance the functionality of our cloud platform, and to address any legal matters and related accruals, as further described in Note 12, Commitments and Contingencies, of the consolidated financial statements included elsewhere in this Annual Report on Form 10-K.
Impact of Macroeconomic Conditions
Recent changes in macroeconomic conditions such as high inflation, high interest rates and potential recessionary environments, geopolitical factors, such as the current conflicts between Russia and Ukraine and in the Middle East, and global health crises, such as the recent resurgence of the COVID-19 pandemic, can cause uncertainty in our business. We continue to see customer scrutiny of and elongated approval processes for transactions, particularly larger deals, as customers continue to scrutinize purchasing decisions and are requiring multiple approvals for large expenditures in response to the uncertain economic environment. These macroeconomic conditions may impact the future demand for subscriptions of our cloud platform.
62

Table of Contents
Certain Factors Affecting Our Performance
Increased Internet Traffic and Adoption of Cloud-Based Software and Security
The adoption of cloud applications and infrastructure, explosion of internet traffic volumes and shift to mobile-first computing generally, and the pace at which enterprises adopt the internet as their corporate network in particular, impact our ability to drive market adoption of our cloud platform. We believe that most enterprises are in the early stages of a broad transformation to the cloud. Organizations are increasingly relying on the internet to operate their businesses, deploying new SaaS applications and migrating internally managed line-of-business applications to the cloud. However, the growing dependence on the internet has increased exposure to malicious or compromised websites, and sophisticated hackers are exploiting the gaps left by legacy network security appliances. To securely access the internet and transform their networks, organizations must also make fundamental changes in their network and security architectures. We believe that most organizations have yet to fully make these investments. As our cloud platform enables organizations to securely embrace digital transformation, we believe that the imperative for organizations to securely move to the cloud will increase demand for our cloud platform and broaden our customer base.
New Customer Acquisition
We believe that our ability to increase the number of customers, and more significantly customers in the Forbes Global 2000, on our cloud platform is an indicator of our market penetration and our future business opportunities. As of July 31, 2024, 2023 and 2022, we had over 8,650, 7,700 and 6,700 customers, respectively, across all major geographies. As of July 31, 2024, we had approximately 35% of the Forbes Global 2000 as customers. Our ability to continue to grow these numbers will increase our future opportunities for renewals and follow-on sales. We believe that we have significant room to capture additional market share and intend to continue to invest significantly in sales and marketing to engage our prospective customers, increase brand awareness, further leverage our channel partnerships and drive adoption of our solution. However, as a result of the challenging and uncertain economic environment, potential new customers are carefully considering purchasing decisions, particularly for large expenditures. We expect customer cautiousness to continue in the near term, elongating our sales cycles and the timing of large deals.
Follow-On Sales
We typically expand our relationship with our customers over time. While most of our new customers route all of their internet-bound web traffic through our cloud platform, some of our customers initially use our services for specific users or specific security functionality. We leverage our land-and-expand model with the goal of generating incremental revenue, often within the term of the initial subscription, by increasing sales to our existing customers in one of three ways:
expanding deployment of our cloud platform to cover additional users;
upgrading to more advanced capabilities for their current purchases; and
selling a subscription to a new solution or product, for example selling a ZPA subscription to a ZIA customer or a ZIA subscription to a ZPA customer.
These purchases increase the annual recurring revenue, or ARR, attributable to our customers over time. To establish ARR for a customer, we use the total amount of each order booked to compute the annual recurring value of revenue that we would recognize if the customer continues to renew all contractual subscriptions. For example, a contract for $3.0 million with a contractual term of three years would have an ARR of $1.0 million as long as our customer uses our cloud platform.
63

Table of Contents
Investing in Business Growth
Since our founding, we have invested significantly in growing our business. We intend to continue (i) investing in our research and development organization and our development efforts to offer new solutions on our cloud platform and (ii) dedicating resources to update and upgrade our existing solutions. In addition, we expect our general and administrative expenses to increase in absolute dollars in the foreseeable future, as we continue to operate as a public company, and address any legal matters and related accruals, as further described in Note 12, Commitments and Contingencies, of the consolidated financial statements included elsewhere in this Annual Report on Form 10-K.
We also intend to continue to invest significantly in sales and marketing to grow and train our sales force, broaden our brand awareness and expand and deepen our channel partner relationships. While these planned investments will increase our operating expenses in the short term, we believe that over the long term these investments will help us to expand our customer base and grow our business. We also are investing in programs to increase recognition of our brand and solutions, including joint marketing activities with our channel partners and strategic partners.
While we expect our operating expenses to increase in absolute dollars in the foreseeable future, as a result of these activities, we intend to balance these investments in future growth with a continued focus on managing our results of operations and investing judiciously. In the long term we anticipate that these investments will positively impact our business and results of operations.
Key Business Metrics and Other Financial Measures
We review a number of operating and financial metrics, including the following key metrics, to measure our performance, identify trends, formulate business plans and make strategic decisions.
Dollar-Based Net Retention Rate
We believe that dollar-based net retention rate is an indicator to measure the long-term value of our customer relationships because it is driven by our ability to retain and expand the recurring revenue generated from our existing customers. Our dollar-based net retention rate compares the recurring revenue from a set of customers against the same metric for the prior 12-month period on a trailing basis. Because our customers have repeat buying patterns and the average term of our contracts is more than 12 months, we measure this metric over a set of customers who were with us as of the last day of the same reporting period in the prior fiscal year. For the trailing 12 months ended July 31, 2024 and 2023, the dollar-based net retention rate was 115% and 121%, respectively.
We calculate our dollar-based net retention rate as follows:
Denominator: To calculate our dollar-based net retention rate as of the end of a reporting period, we first establish the ARR from all active subscriptions as of the last day of the same reporting period in the prior fiscal year. This effectively represents recurring dollars that we expect in the next 12-month period from the cohort of customers that existed on the last day of the same reporting period in the prior fiscal year.
Numerator: We measure the ARR for that same cohort of customers representing all subscriptions based on confirmed customer orders booked by us as of the end of the reporting period.
Dollar-based net retention rate is obtained by dividing the numerator by the denominator. Our dollar-based net retention rate may fluctuate due to a number of factors, including the performance of our cloud platform, our success in selling bigger deals, including deals for all employees with our higher-end bundles, selling multiple-pillars from the start of our contract with new customers, faster upsells within a year, the timing and the rate of ARR expansion of our existing
64

Table of Contents
customers, potential changes in our rate of renewals and other risk factors described elsewhere in this Annual Report on Form 10-K.
Non-GAAP Financial Measures
In addition to our results determined in accordance with GAAP, we believe the following non-GAAP measures are useful in evaluating our operating performance. We use the following non-GAAP financial information to evaluate our ongoing operations and for internal planning and forecasting purposes. We believe that non-GAAP financial information, when taken collectively, may be helpful to investors because it provides consistency and comparability with past financial performance. However, non-GAAP financial information is presented for supplemental informational purposes only, has limitations as an analytical tool and should not be considered in isolation or as a substitute for financial information presented in accordance with GAAP. In particular, free cash flow is not a substitute for cash provided by operating activities. Additionally, the utility of free cash flow as a measure of our liquidity is further limited as it does not represent the total increase or decrease in our cash balance for a given period. In addition, other companies, including companies in our industry, may calculate similarly-titled non-GAAP measures differently or may use other measures to evaluate their performance, all of which could reduce the usefulness of our non-GAAP financial measures as tools for comparison. A reconciliation is provided below for each non-GAAP financial measure to the most directly comparable financial measure stated in accordance with GAAP. Investors are encouraged to review the related GAAP financial measures and the reconciliation of these non-GAAP financial measures to their most directly comparable GAAP financial measures, and not to rely on any single financial measure to evaluate our business.
Non-GAAP Gross Profit and Non-GAAP Gross Margin
We define non-GAAP gross profit as GAAP gross profit excluding stock-based compensation expense and related payroll taxes and amortization expense of acquired intangible assets. We define non-GAAP gross margin as non-GAAP gross profit as a percentage of revenue.
Year Ended July 31,
202420232022
(in thousands)
GAAP gross profit$1,690,642 $1,254,120 $848,664 
Add:
Stock-based compensation expense and related payroll taxes52,766 40,297 25,292 
Amortization expense of acquired intangible assets12,879 9,574 7,975 
Non-GAAP gross profit$1,756,287 $1,303,991 $881,931 
GAAP gross margin78 %78 %78 %
Non-GAAP gross margin
81 %81 %81 %
Non-GAAP Income from Operations and Non-GAAP Operating Margin
We define non-GAAP income from operations as GAAP loss from operations excluding stock-based compensation expense and related payroll taxes, amortization expense of acquired intangible assets, and restructuring and other charges. We define non-GAAP operating margin as non-GAAP income from operations as a percentage of revenue.
65

Table of Contents
Year Ended July 31,
202420232022
(in thousands)
GAAP loss from operations$(121,477)$(234,623)$(327,429)
Add:
Stock-based compensation expense and related payroll taxes549,100 457,815 430,020 
Amortization expense of acquired intangible assets14,624 11,060 9,010 
Restructuring and other charges (1)
— 6,564 — 
Non-GAAP income from operations$442,247 $240,816 $111,601 
GAAP operating margin(6)%(15)%(30)%
Non-GAAP operating margin
20 %15 %10 %
(1) In connection with a restructuring plan announced in March 2023, we incurred stock-based compensation expense of approximately $1.0 million, which is included in stock-based compensation expense and related payroll taxes.
Free Cash Flow and Free Cash Flow Margin
Free cash flow is a non-GAAP financial measure that we calculate as net cash provided by operating activities less purchases of property, equipment and other assets and capitalized internal-use software. Free cash flow margin is calculated as free cash flow divided by revenue. We believe that free cash flow and free cash flow margin are useful indicators of liquidity that provide information to management and investors about the amount of cash generated from our operations that, after the investments in property, equipment and other assets and capitalized internal-use software, can be used for strategic initiatives, including investing in our business, and strengthening our financial position.
Free cash flow includes the cyclical impact of inflows and outflows resulting from contributions to our employee stock purchase plan for which the purchase period of approximately six months ends in each of our second and fourth fiscal quarters. Payroll contributions accrued as of July 31, 2024 will be used to purchase shares at the end of the current ESPP purchase period ending on December 16, 2024. Payroll contributions ultimately used to purchase shares are reclassified to stockholders' equity on the purchase date.
66

Table of Contents
Year Ended July 31,
202420232022
(in thousands)
Net cash provided by operating activities$779,846 $462,343 $321,912 
Less:
Purchases of property, equipment and other assets(144,588)(97,197)(69,296)
Capitalized internal-use software(50,308)(31,527)(21,284)
Free cash flow$584,950 $333,619 $231,332 
As a percentage of revenue:
Net cash provided by operating activities36 %29 %30 %
Less:
Purchases of property, equipment and other assets
(7)(6)(7)
 Capitalized internal-use software(2)(2)(2)
Free cash flow margin27 %21 %21 %
Calculated Billings
Calculated billings is a non-GAAP financial measure that we believe is a key metric to measure our periodic performance. Calculated billings represents our total revenue plus the change in deferred revenue in a period. Calculated billings in any particular period aims to reflect amounts invoiced for subscriptions to access our cloud platform, together with related support services for our new and existing customers. We typically invoice our customers annually in advance, and to a lesser extent quarterly in advance, monthly in advance or multi-year in advance. Calculated billings increased $587.6 million, or 29%, in fiscal 2024 over fiscal 2023, and $554.0 million, or 37%, in fiscal 2023 over fiscal 2022. As calculated billings continues to grow in absolute terms, we expect our calculated billings growth rate to trend down over time. We also expect that calculated billings will be affected by seasonality in terms of when we enter into agreements with customers; and the mix of billings in each reporting period.
Year Ended July 31,
202420232022
(in thousands)
Revenue$2,167,771 $1,616,952 $1,090,946 
Add: Total deferred revenue, end of period
1,894,974 1,439,676 1,021,123 
Less: Total deferred revenue, beginning of period
(1,439,676)(1,021,123)(630,601)
Calculated billings
$2,623,069 $2,035,505 $1,481,468 

Components of Results of Operations
Revenue
We generate revenue primarily from sales of subscriptions to access our cloud platform, together with related support services. Subscription and related support services accounted for approximately 97% of our revenue for all periods presented. Our contracts with our customers do not at any time provide the customer with the right to take possession of the software that runs our cloud platform. Our customers may also purchase professional services, such as mapping, implementation, network design and training. Professional services account for an immaterial portion of our revenue.
We generate revenue from contracts with typical durations ranging from one to three years. We typically invoice our customers annually in advance, and to a lesser extent quarterly in advance, monthly in advance or multi-year in advance. We
67

Table of Contents
recognize revenue ratably over the life of the contract. Amounts that have been invoiced are recorded in deferred revenue, or they are recorded in revenue if the revenue recognition criteria have been met. Subscriptions that are invoiced annually in advance or multi-year in advance represent a significant portion of our short-term and long-term deferred revenue in comparison to invoices issued quarterly in advance or monthly in advance. Accordingly, we cannot predict the mix of invoicing schedules in any given period.
We generally experience seasonality in terms of when we enter into agreements with our customers. We typically enter into a higher percentage of agreements with new customers, as well as renewal agreements with existing customers, in the second half of our fiscal year. However, because we recognize revenue ratably over the terms of our subscription contracts, a substantial portion of the revenue that we report in each period is attributable to the recognition of deferred revenue relating to agreements that we entered into during previous periods. Consequently, increases or decreases in new sales or renewals in any one period may not be immediately reflected as revenue for that period. Accordingly, the effect of downturns in sales and market acceptance of our platform, and potential changes in our rate of renewals, may not be fully reflected in our results of operations until future periods.
Cost of Revenue
Cost of revenue includes expenses related to operating our cloud platform in data centers, depreciation of our data center equipment, amortization of our capitalized internal-use software, amortization of intangible assets acquired through our business acquisitions and allocated overhead expenses (i.e., facilities, IT, depreciation expense and amortization expense). Cost of revenue also includes employee-related expenses, including salaries, bonuses, stock-based compensation expense and employee benefit expenses associated with our customer support and cloud operations organizations.
As our customers expand and increase the use of our cloud platform, driven by additional applications and connected devices, our cost of revenue will increase due to higher bandwidth and data center expenses. However, we expect to continue to benefit from economies of scale as our customers increase the use of our cloud platform. We intend to continue to invest additional resources in our cloud platform and our customer support organizations as we grow our business. The level and timing of investment in these areas could affect our cost of revenue in the future.
Gross Profit and Gross Margin
Gross profit, or revenue less cost of revenue, and gross margin, or gross profit as a percentage of revenue, have been and will continue to be affected by various factors, including the timing of our acquisition of new customers and our renewals of and follow-on sales to existing customers, the average sales price of our services, mix of services offered in our solutions, including new product introductions, the data center and bandwidth costs associated with operating our cloud platform, the extent to which we expand our customer support and cloud operations organizations and the extent to which we can increase the efficiency of our technology, infrastructure and data centers through technological improvements. We expect our gross profit to increase in absolute dollars and our gross margin to increase slightly over the long term, although our gross profit and gross margin could fluctuate from period to period depending on the interplay of all of the above factors.
Operating Expenses
Our operating expenses consist of sales and marketing expenses, research and development expenses, general and administrative expenses and restructuring and other charges. Personnel expenses are the most significant component of operating expenses and consist of salaries, benefits, bonuses, stock-based compensation expense and, with respect to sales and marketing expenses, sales commissions that are recognized as expenses over the period of benefit. Operating expenses also include overhead expenses for facilities, IT, depreciation expense and amortization expense.
68

Table of Contents
Sales and Marketing
Sales and marketing expenses consist primarily of employee compensation and related expenses, including salaries, bonuses and benefits for our sales and marketing employees, sales commissions that are recognized as expenses over the period of benefit, stock-based compensation expense, marketing programs, travel and entertainment expenses, expenses for conferences and events, amortization of intangible assets acquired through our business acquisitions and allocated overhead expenses. We capitalize our sales commissions and associated payroll taxes that are incremental to the acquisition of channel partner and direct customer contracts and recognize them as expenses over the estimated period of benefit. The amount recognized in our sales and marketing expenses reflects the amortization of expenses previously deferred as attributable to each period presented in this Annual Report on Form 10-K, as described below under "Critical Accounting Policies and Estimates."
We intend to continue to make significant investments in our sales and marketing organization to drive additional revenue, further penetrate the market and expand our global customer base. As a result, we expect our sales and marketing expenses to continue to increase in absolute dollars and to be our largest operating expense category for the foreseeable future. In particular, we will continue to invest in growing and training our sales force, broadening our brand awareness and expanding and deepening our channel partner relationships. However, we expect our sales and marketing expenses to decrease as a percentage of our revenue over the long term, although our sales and marketing expenses may fluctuate as a percentage of our revenue from period to period due to the timing and extent of these expenses.
Research and Development
Our research and development expenses support our efforts to add new products, new features to our existing offerings and to ensure the reliability, availability and scalability of our solutions. Our cloud platform is software-driven, and our research and development teams employ software engineers in the design, and the related development, testing, certification and support, of these solutions. Accordingly, a majority of our research and development expenses result from employee-related expenses, including salaries, bonuses and benefits, stock-based compensation expense and expenses associated with technology tools used by our engineers. We expect our research and development expenses to continue to increase in absolute dollars for the foreseeable future, as we continue to invest in research and development efforts to enhance the functionality of our cloud platform, improve the reliability, availability and scalability of our platform and access new customer markets. However, we expect our research and development expenses to decrease as a percentage of our revenue over the long term, although our research and development expenses may fluctuate as a percentage of our revenue from period to period due to the timing and extent of these expenses.
General and Administrative
General and administrative expenses consist primarily of employee-related expenses, including salaries and bonuses, stock-based compensation expense and employee benefit expenses for our finance, legal, human resources and administrative personnel, as well as professional fees for external legal services (including certain litigation-related expenses), accounting and other related consulting services. The litigation-related expenses include professional fees and related expenses incurred by us in defending or settling significant claims that we deem not to be in the ordinary course of our business and, if applicable, accruals related to estimated losses in connection with these claims. We expect our general and administrative expenses to increase in absolute dollars for the foreseeable future as we increase the size of our general and administrative organizations, incur additional costs to support our business growth and due to any legal matters and related accruals, as further described in Note 12, Commitments and Contingencies, to the consolidated financial statements included elsewhere in this Annual Report on Form 10-K. However, we expect our general and administrative expenses to decrease as a percentage of our revenue over the long term, although our general and administrative expenses may fluctuate as a percentage of our revenue from period to period due to the timing and extent of these expenses. In particular, litigation-related expenses related
69

Table of Contents
to significant litigation claims may result in significant fluctuations from period to period, as they are inherently subject to change and difficult to estimate.
Restructuring and Other Charges
Restructuring and other charges occur when we commit to a restructuring plan, the restructuring plan identifies all significant actions, the period of time to complete the restructuring plan indicates that significant changes to the restructuring plan are not likely and employees who are impacted have been notified of the pending involuntary termination. A restructuring plan generally includes significant actions involving employee-related severance charges, employee-related benefits, stock-based compensation expense related to the modification of equity incentive awards and other charges associated with the restructuring (the "restructuring charges"). Restructuring charges are accrued in the period in which it is probable that the employees are entitled to the restructuring benefits and the amounts can be reasonably estimated.
Interest Expense
Interest expense consists primarily of amortization of debt issuance costs, recognition of contractual interest expense related to the Notes, and gains and losses related to changes in the fair value of interest rate swaps. For further information refer to Note 8, Derivative Instruments and Note 10, Convertible Senior Notes, of our consolidated financial statements included elsewhere in this Annual Report on Form 10-K. Effective August 1, 2022, we adopted ASU 2020-06. The adoption of this standard resulted in the elimination of the amortization of the debt discount as interest expense and the portion of the issuance costs initially allocated to equity is now classified as debt and amortized as interest expense. For further information, refer to Note 1, Business and Summary of Significant Accounting Policies, of our consolidated financial statements included elsewhere in this Annual Report on Form 10-K.
Interest Income
Interest income consists primarily of income earned on our cash equivalents and short-term investments.
Other Expense, Net
Other expense, net consists primarily of foreign currency transaction gains and losses and changes in fair value of our non-designated derivative instruments.
Provision for Income Taxes
Our provision for income taxes consists primarily of income and withholding taxes in the foreign jurisdictions, and U.S. income taxes from a tax law change related to mandatory capitalization of research and development expenses for tax years starting January 1, 2022. In the United States, we have recorded deferred tax assets for which we provide a full valuation allowance, which includes net operating loss carryforwards and research and development tax credits. We expect to maintain this full valuation allowance for the foreseeable future as it is more likely than not that some or all of those deferred tax assets may not be realized based on our history of losses. Additionally, in the U.K., we have recorded deferred tax assets for which we provide a full valuation allowance, which includes net operating loss carryforwards. We expect to maintain this full valuation allowance for the foreseeable future as it is more likely than not that some or all of those deferred tax assets may not be realized based on our history of losses.
70

Table of Contents
Results of Operations
The following tables set forth our results of operations for the periods presented in dollars and as a percentage of our revenue:
Year Ended July 31,
202420232022
(in thousands)
Revenue$2,167,771 $1,616,952 $1,090,946 
Cost of revenue (1)(2)
477,129 362,832 242,282 
Gross profit1,690,642 1,254,120 848,664 
Operating expenses:
Sales and marketing (1)(2)
1,100,239 953,864 735,219 
Research and development (1)(2)
499,828 349,735 289,139 
General and administrative (1)
212,052 177,544 151,735 
Restructuring and other charges (1)
— 7,600 — 
Total operating expenses1,812,119 1,488,743 1,176,093 
Loss from operations(121,477)(234,623)(327,429)
Interest income109,130 60,462 4,586 
Interest expense (3)(5)
(13,132)(6,541)(56,579)
Other expense, net(3,750)(1,862)(4,208)
Loss before income taxes(29,229)(182,564)(383,630)
Provision for income taxes (4)
28,477 19,771 6,648 
Net loss$(57,706)$(202,335)$(390,278)
(1) Includes stock-based compensation expense and related payroll taxes as follows:
Cost of revenue$52,766 $40,297 $25,292 
Sales and marketing230,597 222,280 202,211 
Research and development186,107 121,151 123,422 
General and administrative79,630 73,051 79,095 
Restructuring and other charges— 1,036 — 
Total$549,100 $457,815 $430,020 

(2) Includes amortization expense of acquired intangible assets as follows:
Cost of revenue$12,879 $9,574 $7,975 
Sales and marketing1,232 773 704 
Research and development513 713 331 
Total$14,624 $11,060 $9,010 
(3) Includes amortization of debt discount and issuance costs
$3,914 $3,894 $55,141 
(4) Includes tax benefit associated with the business acquisitions
$(1,864)$— $— 
(5) Effective August 1, 2022, we adopted ASU 2020-06 using the modified retrospective method under which prior period amounts have not been adjusted. This standard resulted in our convertible senior notes being accounted for as a single unit of debt and we will no longer be required to record the conversion feature in equity. This further eliminated the need for amortization of the debt discount as interest expense and the portion of the issuance costs initially allocated to equity is now
71

Table of Contents
classified as debt and amortized as interest expense. For further information refer to Note 1, Business and Summary of Significant Accounting Policies of our consolidated financial statements included elsewhere in this Annual Report on Form 10-K.
The following table sets forth our results of operations for the periods presented as a percentage of our revenue:

Year Ended July 31,
202420232022
Revenue100%100%100%
Cost of revenue222222
Gross margin787878
Operating expenses
Sales and marketing515967
Research and development232227
General and administrative101114
Restructuring and other charges1
Total operating expenses8493108
Operating margin(6)(15)(30)
Interest income64
Interest expense(1)(5)
Other expense, net
Loss before income taxes(1)(11)(35)
Provision for income taxes211
Net loss(3)%(12)%(36)%

72

Table of Contents
Comparison of Fiscal 2024 and Fiscal 2023
Revenue
Year Ended July 31,Change
20242023$%
(in thousands)
Revenue$2,167,771 $1,616,952 $550,819 34 %
Revenue increased by $550.8 million, or 34%, in fiscal 2024, compared to fiscal 2023. The change in revenue was driven primarily by an increase in users and sales of additional subscriptions to existing customers, which contributed $471.8 million in additional revenue. The remainder of the increase was primarily attributable to the addition of new customers, as we increased our customer base by 12% from fiscal 2023 to fiscal 2024.
Cost of Revenue and Gross Margin
Year Ended July 31,Change
20242023$%
(in thousands)
Cost of revenue$477,129 $362,832 $114,297 32 %
Gross margin78 %78 %
Cost of revenue increased by $114.3 million, or 32%, in fiscal 2024, compared to fiscal 2023. The change was driven primarily by the expanded use of our cloud platform by existing and new customers, which led to an increase of $70.2 million for data center and equipment-related costs for hosting and operating our cloud platform. Additionally, our employee-related expenses increased by $44.4 million, inclusive of an increase of $11.7 million in stock-based compensation expense, driven primarily by an increase in headcount in our customer support and cloud operations organizations. The remainder of the increase was primarily attributable to increased expenses of $2.0 million in facility and IT services.
Gross margin remained flat at 78% for fiscal 2024 compared to fiscal 2023.
Operating Expenses
Sales and Marketing Expenses
Year Ended July 31,Change
20242023$%
(in thousands)
Sales and marketing expenses$1,100,239 $953,864 $146,375 15 %
Sales and marketing expenses increased by $146.4 million, or 15%, for fiscal 2024, compared to fiscal 2023. The change was driven primarily by an increase of $98.3 million in employee-related expenses, inclusive of an increase of $31.1 million in sales commissions expense and an increase of $3.5 million in stock-based compensation expense. The increase in stock-based compensation expense was driven primarily by an increase in headcount, offset by a reversal in February 2024 of $11.7 million of stock-based compensation expense associated with the cancellation of unvested equity awards resulting from the departure of our Chief Operating Officer, who led sales activities. The remainder of the increase was primarily attributable to increased expenses of $30.2 million in marketing and advertising expenses, $16.4 million in travel expenses, $6.1 million in facility-related expenses and $3.0 million in professional services.

73

Table of Contents
Research and Development Expenses
Year Ended July 31,Change
20242023$%
(in thousands)
Research and development expenses$499,828 $349,735 $150,093 43 %
Research and development expenses increased by $150.1 million, or 43%, for fiscal 2024, compared to fiscal 2023, as we continued to develop and enhance the functionality of our cloud platform and integrate technologies acquired through our business combinations. The change was driven primarily by an increase of $145.9 million in employee-related expenses, inclusive of an increase of $62.6 million in stock-based compensation expense, primarily due to an increase in headcount. The increase in stock-based compensation expense for fiscal 2024 was partially driven by a reversal of $9.9 million of stock-based compensation expense recognized in fiscal 2023, which reduced the stock-based compensation expense in that period. The reversal of stock-based compensation expense resulted from the cancellation of unvested equity awards in connection with the departure of our President, who led research and development activities, in October 2022. The remainder of the increase was primarily attributable to increased expenses of $22.5 million in facility, cloud hosting, software and equipment-related expenses to support our growth. The net increase was offset by higher capitalized internal-use software development costs of $19.1 million to support the enhancement and growth of our cloud platform.
General and Administrative Expenses
Year Ended July 31,Change
20242023$%
(in thousands)
General and administrative expenses$212,052 $177,544 $34,508 19 %
General and administrative expenses increased by $34.5 million, or 19%, for fiscal 2024, compared to fiscal 2023. The change was driven primarily by an increase of $21.7 million in employee-related expenses, inclusive of an increase of $6.2 million in stock-based compensation expense, primarily due to an increase in headcount. The remainder of the increase is primarily due to an increase of $4.1 million in facility-related expenses and an increase in miscellaneous expenses to support the growth of our business.
Restructuring and Other Charges
Year Ended July 31,Change
20242023$%
(in thousands)
Restructuring and other charges$— $7,600 $(7,600)— %
Restructuring and other charges for the year ended July 31, 2023 are associated with a restructuring plan announced in March 2023, under which we incurred $7.6 million of restructuring charges, consisting of $6.6 million of employee severance and benefit charges, and $1.0 million of stock-based compensation expense related to modified equity incentive awards. The restructuring plan was completed during the fiscal quarter ended October 31, 2023.

74

Table of Contents
Interest Income
Year Ended July 31,Change
20242023$%
(in thousands)
Interest income$109,130 $60,462 $48,668 80 %
Interest income increased by $48.7 million for fiscal 2024, compared to fiscal 2023. The change was driven primarily by higher interest rates and our increased balance of cash equivalents and short-term investments.
Interest Expense
Year Ended July 31,Change
20242023$%
(in thousands)
Interest expense$(13,132)$(6,541)$(6,591)101 %
Interest expense increased by $6.6 million for fiscal 2024, compared to fiscal 2023. The change was driven primarily by fair value hedge adjustments related to our Notes.
Other Expense, Net
Year Ended July 31,Change
20242023$%
(in thousands)
Other expense, net$(3,750)$(1,862)$(1,888)101 %
Other expense, net increased by $1.9 million for fiscal 2024, compared to fiscal 2023. The change was driven primarily by fluctuations in foreign currency transactions gains and losses.
Provision for Income Taxes
Year Ended July 31,Change
20242023$%
(in thousands)
Provision for income taxes$28,477 $19,771 $8,706 44 %
Our provision for income taxes increased by $8.7 million, or 44%, for fiscal 2024, compared to fiscal 2023. The change was primarily driven by the increase in our pre-tax income in both foreign and U.S. jurisdictions in which we conduct business, offset by the reduction of the valuation allowance due to the establishment of deferred tax liabilities from the business acquisition. For further information, refer to Note 15, Income Taxes, of the consolidated financial statements included elsewhere in this Annual Report on form 10-K. Our effective tax rate of (97.4)% and (10.9)% in fiscal 2024 and fiscal 2023, respectively, differs from the applicable U.S. statutory federal income tax rate due to our valuation allowance against our U.S. federal, state, and U.K. deferred tax assets as well as our foreign income being taxed at different rates than the U.S. statutory rate.



75

Table of Contents
Comparison of Fiscal 2023 and Fiscal 2022
For a discussion of our results of operations for the year ended July 31, 2023 as compared to the year ended July 31, 2022, refer to Part II, Item 7, Management’s Discussion and Analysis of Financial Condition and Results of Operations, of our Annual Report on Form 10-K filed with the SEC on September 14, 2023.
76

Table of Contents
Liquidity and Capital Resources
As of July 31, 2024, our principal sources of liquidity were cash, cash equivalents and short-term investments totaling $2,409.7 million, which were held for working capital and general corporate purposes. Our cash equivalents and investments consist of highly liquid investments in money market funds, U.S. treasury securities, U.S. government agency securities, certificates of deposit and corporate debt securities.
In June 2020, we completed the private offering of the Notes with an aggregate principal amount of $1,150.0 million. The total net proceeds from the offering, after deducting initial purchase discount and issuance costs, was $1,130.5 million. In connection with the Notes, we entered into the Capped Call transactions which are expected to reduce the potential dilution of our common stock upon any conversion of the Notes and/or offset any cash payments we could be required to make in excess of the principal amount of converted Notes. We used an aggregate amount of $145.2 million of the net proceeds of the Notes to purchase the Capped Calls.
We have generated significant losses from operations, as reflected in our accumulated deficit of $1,148.1 million as of July 31, 2024. We expect to continue to incur operating losses and have in the past and may in the future generate negative cash flows due to expected investments to grow our business, including potential business acquisitions and other strategic transactions.
We believe that our existing cash, cash equivalents and short-term investments will be sufficient to fund our working capital, capital expenditure, and convertible senior notes repayment requirements for at least the next 12 months from the issuance of our financial statements. Our foreseeable cash needs, in addition to our recurring operating costs, include our expected capital expenditures to support expansion of our infrastructure and workforce, lease obligations, purchase commitments, potential business acquisitions, convertible senior notes repayment requirements and other strategic transactions. Our assessment of the period of time through which our financial resources will be adequate to support our operations is a forward-looking statement and involves risks and uncertainties. Our actual results could vary as a result of, and our future capital requirements, both near-term and long-term, will depend on, many factors, including our growth rate, the timing and extent of spending to support our research and development efforts, the expansion of sales and marketing and international operating activities, the timing of new introductions of solutions or features, and the continuing market acceptance of our services, the impact of macroeconomic conditions, such as high inflation and recessionary environments, and the impact of global crises to our and our customers', vendors' and partners' businesses. We have and may in the future enter into arrangements to acquire or invest in complementary businesses, services and technologies, including intellectual property rights. We have based this estimate on assumptions that may prove to be wrong, and we could use our available capital resources sooner than we currently expect. Additionally, some of the factors that may influence our operations are not within our control, such as general economic conditions, geopolitical developments and the impact of global crises. We may be required to seek additional equity or debt financing. In the event that additional financing is required from outside sources, we may not be able to raise it on terms acceptable to us or at all. If we are unable to raise additional capital when desired, or if we cannot expand our operations or otherwise capitalize on our business opportunities because we lack sufficient capital, our business, operating results and financial condition would be adversely affected.
We typically invoice our customers annually in advance, and to a lesser extent quarterly in advance, monthly in advance or multi-year in advance. Therefore, a substantial source of our cash is from such prepayments, which are included on our consolidated balance sheets as a contract liability. Deferred revenue consists of the unearned portion of billed fees for our subscriptions, which is subsequently recognized as revenue in accordance with our revenue recognition policy. As of July 31, 2024, we had deferred revenue of $1,895.0 million, of which $1,643.9 million was recorded as a current liability and is expected to be recorded as revenue in the next 12 months, provided all other revenue recognition criteria have been met. Subscriptions that are invoiced annually in advance or multi-year in advance contribute significantly to our short-term and long-term deferred revenue in comparison to our invoices issued quarterly in advance or monthly in advance. Accordingly, we cannot predict the mix of invoicing schedules in any given period.
77

Table of Contents
As of July 31, 2024, we did not have any relationships with unconsolidated organizations or financial partnerships, such as structured finance or special purpose entities, which would have been established for the purpose of facilitating off-balance sheet arrangements or other contractually narrow or limited purposes.
The following table summarizes our cash flows for the periods presented:
Year Ended July 31,
202420232022
(in thousands)
Net cash provided by operating activities$779,846 $462,343 $321,912 
Net cash provided by (used in) investing activities$(683,180)$(259,337)$374,063 
Net cash provided by financing activities$64,208 $45,990 $41,337 
Operating Activities
Net cash provided by operating activities during fiscal 2024 was $779.8 million, which resulted from a net loss of $57.7 million, adjusted for non-cash charges of $771.5 million and net cash inflows of $66.1 million from changes in operating assets and liabilities. Non-cash charges primarily consisted of $527.7 million for stock-based compensation expense, $130.1 million for amortization of deferred contract acquisition costs, $66.3 million for depreciation and amortization expense, $49.4 million for non-cash operating lease costs, $14.6 million for amortization expense of acquired intangible assets and $3.9 million for amortization of debt discount and issuance costs, partially offset by amortization (accretion) of investments purchased at a premium (discount) of $19.1 million and $5.6 million for deferred income taxes.
Net cash inflows from changes in operating assets and liabilities were primarily the result of an increase of $450.3 million in deferred revenue from advance invoicing in accordance with our subscription contracts, an increase of $43.6 million in accrued expenses, other current and noncurrent liabilities, an increase of $10.5 million in accrued compensation and an increase of $4.2 million in accounts payable. Net cash inflows were partially offset by cash outflows resulting from an increase of $200.3 million in deferred contract acquisition costs, as our sales commission payments increased due to the addition of new customers and expansion of our existing customer subscriptions, an increase of $153.0 million in accounts receivable primarily due to timing of billings and collections, a decrease of $49.2 million in operating lease liabilities primarily due to lease payments and an increase of $40.0 million in prepaid expenses, other current and noncurrent assets.
Net cash provided by operating activities during fiscal 2023 was $462.3 million, which resulted from a net loss of $202.3 million, adjusted for non-cash charges of $636.1 million and net cash inflows of $28.6 million from changes in operating assets and liabilities. Non-cash charges primarily consisted of $444.8 million for stock-based compensation expense, $98.7 million for amortization of deferred contract acquisition costs, $55.8 million for depreciation and amortization expense, $32.2 million for non-cash operating lease costs, $11.1 million for amortization expense of acquired intangible assets and $3.9 million for amortization of debt discount and issuance costs, partially offset by amortization (accretion) of investments purchased at a premium (discount) of $6.6 million and $3.3 million for net unrealized gains on hedging transactions.
Net cash inflows from changes in operating assets and liabilities were primarily the result of an increase of $418.6 million in deferred revenue from advance invoicing in accordance with our subscription contracts, an increase of $26.8 million in accrued expenses, other current and noncurrent liabilities and an increase of $24.5 million in accrued compensation. Net cash inflows were partially offset by cash outflows resulting from an increase of $183.9 million in accounts receivable primarily due to timing of billings and collections, an increase of $177.0 million in deferred contract acquisition costs, as our sales commission payments increased due to the addition of new customers and expansion of our existing customer subscriptions, an increase of $39.9 million in prepaid expenses, other current and noncurrent assets, a
78

Table of Contents
decrease of $32.2 million in operating lease liabilities primarily due to lease payments and a decrease of $8.4 million in accounts payable.
Net cash provided by operating activities during fiscal 2022 was $321.9 million, which resulted from a net loss of $390.3 million, adjusted for non-cash charges of $614.7 million and net cash inflows of $97.5 million from changes in operating assets and liabilities. Non-cash charges primarily consisted of $409.6 million for stock-based compensation expense, $68.5 million for amortization of deferred contract acquisition costs, $55.1 million for amortization of debt discount and issuance costs, $40.5 million for depreciation and amortization expense, $25.6 million for non-cash operating lease costs, $9.0 million for amortization expense of acquired intangible assets and $6.6 million for amortization of investment premiums, net of accretion of purchase discounts.
Net cash inflows from changes in operating assets and liabilities were primarily the result of an increase of $391.2 million in deferred revenue from advance invoicing in accordance with our subscription contracts, an increase of $18.3 million in accrued compensation, an increase of $14.4 million in accounts payable and an increase of $13.4 million in accrued expenses, other current and noncurrent liabilities. Net cash inflows were partially offset by cash outflows resulting from an increase of $158.5 million in deferred contract acquisition costs, as our sales commission payments increased due to the addition of new customers and expansion of our existing customer subscriptions, an increase of $143.3 million in accounts receivable primarily due to timing of billings and collections, a decrease of $27.7 million in operating lease liabilities primarily due to lease payments and an increase of $10.3 million in prepaid expenses, other current and noncurrent assets.
Investing Activities
Net cash used in investing activities during fiscal 2024 of $683.2 million was primarily attributable to the purchases of short-term investments of $1,291.0 million, $374.7 million, net of cash acquired for business acquisitions, capital expenditures of $194.9 million to support the growth and expansion of our cloud platform, and $2.0 million for purchases of strategic investments. These activities were partially offset by proceeds from the maturities and sales of short-term investments of $1,179.4 million.
Net cash used in investing activities during fiscal 2023 of $259.3 million was primarily attributable to the purchases of short-term investments of $1,064.1 million, capital expenditures of $128.7 million to support the growth and expansion of our cloud platform, $15.6 million, net of cash acquired for business acquisitions, and $3.2 million for purchases of strategic investments. These activities were partially offset by proceeds from the maturities and sales of short-term investments of $952.4 million.
Net cash provided by investing activities during fiscal 2022 of $374.1 million was primarily attributable to the proceeds from the maturities of short-term investments of $1,334.9 million These activities were partially offset by purchases of short-term investments of $844.9 million, capital expenditures of $90.6 million to support the growth and expansion of our cloud platform and $25.3 million, net of cash acquired for business acquisitions.
Financing Activities
Net cash provided by financing activities of $64.2 million during fiscal 2024 was primarily attributable to $52.0 million in proceeds from the issuance of common stock under the ESPP and $12.2 million in proceeds from the exercise of stock options.
Net cash provided by financing activities of $46.0 million during fiscal 2023 was primarily attributable to $42.3 million in proceeds from issuance of common stock under the ESPP and $3.9 million in proceeds from the exercise of stock options.
Net cash provided by financing activities of $41.3 million during fiscal 2022 was primarily attributable to $34.6 million in proceeds from issuance of common stock under the ESPP and $6.9 million in proceeds from the exercise of stock options.
79


Contractual Obligations and Commitments
Our principal commitments consist of obligations under our convertible senior notes, real estate arrangements, co-location and bandwidth arrangements and non-cancelable purchase obligations. For additional information, refer to Note 10, Convertible Senior Notes, Note 11, Operating Leases and Note 12, Commitments and Contingencies, of the consolidated financial statements included elsewhere in this Annual Report on Form 10-K.
Critical Accounting Policies and Estimates
Our financial statements are prepared in accordance with GAAP. The preparation of these financial statements requires us to make estimates and assumptions that affect the reported amounts of assets, liabilities, revenue and expenses, as well as related disclosures. We evaluate our estimates and assumptions on an ongoing basis. Our estimates are based on historical experience and various other assumptions that we believe to be reasonable under the circumstances. Our actual results could differ from these estimates. We refer to accounting estimates of this type as critical accounting policies and estimates, which we discuss below.
We have identified certain accounting policies that are significant to the preparation of our financial statements. These accounting policies are important for an understanding of our financial condition and results of operations. Critical accounting policies are those that are most important to the presentation of our financial condition and results of operations and require management’s subjective or complex judgment, often as a result of the need to make estimates about the effect of matters that are inherently uncertain and may change in subsequent periods. While our significant accounting policies are more fully described in the notes to the consolidated financial statements appearing elsewhere in this Annual Report on Form 10-K, we believe the following accounting policies have the most significant impact on the consolidated financial statements.
Revenue Recognition
In accordance with Accounting Standards Codification, or ASC, Topic 606, Revenue From Contracts With Customers, or ASC 606, revenue is recognized when a customer obtains control of promised services. The amount of revenue recognized reflects the consideration that we expect to be entitled to receive in exchange for these services. To achieve the core principle of this standard, we apply the following five steps:
1) Identify the contract with a customer
We consider the terms and conditions of the contracts and our customary business practices in identifying our contracts under ASC 606. We determine we have a contract with a customer when the contract is approved, we can identify each party’s rights regarding the services to be transferred, we can identify the payment terms for the services, we have determined the customer to have the ability and intent to pay, and the contract has commercial substance. We apply judgment in determining the customer’s ability and intent to pay, which is based on a variety of factors, including the customer’s historical payment experience or, in the case of a new customer, credit and financial information pertaining to the customer.
2) Identify the performance obligations in the contract
Performance obligations promised in a contract are identified based on the services that will be transferred to the customer that are both capable of being distinct, whereby the customer can benefit from the service either on its own or together with other resources that are readily available from third parties or from us, and are distinct in the context of the contract, whereby the transfer of the services is separately identifiable from other promises in the contract. Our performance obligations consist of (i) our subscription and support services and (ii) professional and other services.
80

Table of Contents
3) Determine the transaction price
The transaction price is determined based on the consideration to which we expect to be entitled in exchange for transferring services to the customer. Variable consideration is included in the transaction price if, in our judgment, it is probable that a significant future reversal of cumulative revenue under the contract will not occur. None of our contracts contain a significant financing component.
4) Allocate the transaction price to performance obligations in the contract
If the contract contains a single performance obligation, the entire transaction price is allocated to the single performance obligation. Contracts that contain multiple performance obligations require an allocation of the transaction price to each performance obligation based on a relative standalone selling price, or SSP.
5) Recognize revenue when or as we satisfy a performance obligation
Revenue is recognized at the time the related performance obligation is satisfied by transferring the promised service to a customer. Revenue is recognized when control of the services is transferred to our customers, in an amount that reflects the consideration that we expect to receive in exchange for those services. We generate all our revenue from contracts with customers and apply judgment in identifying and evaluating any terms and conditions in contracts which may impact revenue recognition.
Subscription and Support Revenue
We generate revenue primarily from sales of subscriptions to access our cloud platform, together with related support services to our customers. Arrangements with customers do not provide the customer with the right to take possession of our software operating our cloud platform at any time. Instead, customers are granted continuous access to our cloud platform over the contractual period. A time-elapsed output method is used to measure progress because we transfer control evenly over the contractual period. Accordingly, the fixed consideration related to subscription and support revenue is generally recognized on a straight-line basis over the contract term beginning on the date that our service is made available to the customer.
The typical subscription and support term is one to three years. Most of our contracts are non-cancelable over the contractual term. Customers typically have the right to terminate their contracts for cause if we fail to perform in accordance with the contractual terms. Some of our customers have the option to purchase additional subscription and support services at a stated price. These options generally do not provide a material right as they are priced at our SSP.
Professional and Other Services Revenue
Professional and other services revenue consists of fees associated with providing deployment advisory services that educate and assist our customers on the best use of our solutions, as well as advise customers on best practices as they deploy our solution. These services are distinct from subscription and support services. Professional services do not result in significant customization of the subscription service. Revenue from professional services provided on a time and materials basis is recognized as the services are performed. Total professional and other services revenue has historically been insignificant.
Contracts with Multiple Performance Obligations
Most of our contracts with customers contain multiple promised services consisting of (i) our subscription and support services and (ii) professional and other services that are distinct and accounted for separately. The transaction price is allocated to the separate performance obligations on a relative SSP basis. We determine SSP based on our overall pricing objectives, taking into consideration the type of subscription and support services and professional and other services, the geographical region of the customer and the number of users.
81

Table of Contents
Variable Consideration
Revenue from sales is recorded at the net sales price, which is the transaction price, and includes estimates of variable consideration. The amount of variable consideration that is included in the transaction price is constrained, and is included in the net sales price only to the extent that it is probable that a significant reversal in the amount of the cumulative revenue will not occur when the uncertainty is resolved.
If our services do not meet certain service level commitments, our customers are entitled to receive service credits, and in certain cases, refunds, each representing a form of variable consideration. We have not historically experienced any significant incidents affecting the defined levels of reliability and performance as required by our subscription contracts. Accordingly, any estimated refunds related to these agreements in the consolidated financial statements were not material during the periods presented.
We provide rebates and other credits within our contracts with certain customers which are estimated based on the most likely amounts expected to be earned or claimed on the related sales transaction. Overall, the transaction price is reduced to reflect our estimate of the amount of consideration to which we are entitled based on the terms of the contract. Estimated rebates and other credits were not material during the periods presented.
Contract Balances
Contract liabilities consist of deferred revenue and include payments received in advance of performance under the contract. Such amounts are recognized as revenue over the contractual period.
We receive payments from customers based upon contractual billing schedules; accounts receivable are recorded when the right to consideration becomes unconditional. Payment terms on invoiced amounts are typically 30 days. Contract assets include amounts related to our contractual right to consideration for both completed and partially completed performance obligations that may not have been invoiced and such amounts have been insignificant to date.
Costs to Obtain and Fulfill a Contract
We capitalize sales commissions and associated payroll taxes paid to sales personnel that are incremental to the acquisition of channel partner and direct customer contracts. These costs are recorded as deferred contract acquisition costs on the consolidated balance sheets. We determine whether costs should be deferred based on our sales compensation plans, if the commissions are in fact incremental and would not have occurred absent the customer contract.
Sales commissions for renewal of a contract are not considered commensurate with the commissions paid for the acquisition of the initial contract given the substantive difference in commission rates in proportion to their respective contract values. Commissions paid upon the initial acquisition of a contract are amortized over an estimated period of benefit of five years while commissions paid for renewal contracts are amortized over the contractual term of the renewals. Amortization is recognized on a straight-line basis commensurate with the pattern of revenue recognition. We determine the period of benefit for commissions paid for the acquisition of the initial contract by taking into consideration the expected subscription term and expected renewals of our customer contracts, the duration of our relationships with customers, customer retention data, our technology development life cycle and other factors. Management exercises judgment to determine the period of benefit to amortize contract acquisition costs by considering factors such as expected renewals of customer contracts, duration of customer relationships and our technology development life cycle. Although we believe that the historical assumptions and estimates we have made are reasonable and appropriate, different assumptions and estimates could materially impact our reported financial results. Amortization of deferred contract acquisition costs is included in sales and marketing expense in the consolidated statements of operations. We periodically review these deferred costs to determine whether events or changes in circumstances have occurred that could impact the period of benefit of these deferred contract acquisition costs.
82


Recently Issued Accounting Pronouncements
Refer to Note 1, Business and Summary of Significant Accounting Policies, to the consolidated financial statements included elsewhere in this Annual Report on Form 10-K for more information regarding recently issued accounting pronouncements.
Item 7A. Quantitative and Qualitative Disclosures about Market Risk
We have operations in the United States and internationally, and we are exposed to market risk in the ordinary course of our business.
Interest Rate Risk
As of July 31, 2024, we had cash, cash equivalents and short-term investments totaling $2,409.7 million, which were held for working capital purposes. Our cash equivalents and investments consist of highly liquid investments in money market funds, U.S. treasury securities, U.S. government agency securities, certificates of deposit and corporate debt securities. The primary objectives of our investment activities are the preservation of capital, the fulfillment of liquidity needs and the fiduciary control of cash and investments. We do not enter into investments for trading or speculative purposes. The carrying amount of our cash equivalents reasonably approximates fair value, due to the short maturities of these instruments. Our investments are exposed to market risk due to a fluctuation in interest rates, which may affect our interest income and the fair market value of our investments. As of July 31, 2024, the effect of a hypothetical 100 basis point change in interest rates would have changed the fair value of our investments in available-for-sale securities by $10.0 million. Fluctuations in the fair value of our investments in available-for-sale securities caused by a change in interest rates (gains or losses on the carrying amount) are recorded in other comprehensive income (loss), and are realized only if we sell the underlying securities prior to maturity.
We also use interest rate swaps to economically convert certain of our fixed interest rate Notes to floating interest rates, in order to match the floating rate nature of a portion of our cash, cash equivalents, and short-term investments. These interest rate swaps are designated as fair value hedges, and changes in fair value of the interest rate swaps offset the changes in fair market value of the Notes due to benchmark interest rate movements. Gains or losses related to our fair value hedges are included within interest expense in the consolidated statement of operations in the period of change together with the offsetting loss or gain on the hedged item attributed to risk being hedged.
Convertible Senior Notes
In June 2020, we issued our Notes with an aggregate principal amount of $1,150.0 million. In connection with the issuance of the Notes, we entered into privately negotiated capped call transactions with certain counterparties (the "Capped Calls"). The Capped Calls are expected generally to offset the potential dilution to our common stock as a result of any conversion of the Notes.
The Notes have a fixed annual interest rate of 0.125%, accordingly, we do not have economic interest rate exposure on the Notes. However, the fair value of the Notes is exposed to interest rate risk. Generally, the fair value of the Notes will increase as interest rates fall and decrease as interest rates rise. Through July 31, 2022, we carried the Notes at face value less unamortized debt discount and debt issuance costs on our consolidated balance sheet. Effective August 1, 2022, upon adoption of ASU 2020-06, we carry the Notes at face value less debt issuance costs on our consolidated balance sheet. For further information refer to Note 1, Business and Summary of Significant Accounting Policies of our consolidated financial statements included elsewhere in this Annual Report on Form 10-K. We present the fair value for required disclosure purposes only. In addition, the fair value of the Notes also fluctuates when the market price of our common stock fluctuates. The fair value was determined based on the quoted bid price of the Notes in an over-the-counter market on the last trading
83

Table of Contents
day of the reporting period. For further information refer to Note 10, Convertible Senior Notes, to the consolidated financial statements included elsewhere in this Annual Report on Form 10-K.
Foreign Currency Risk
The vast majority of our sales contracts are denominated in U.S. dollars, with a small number of contracts denominated in foreign currencies. A portion of our operating expenses are incurred outside the United States, denominated in foreign currencies and subject to fluctuations due to changes in foreign currency exchange rates, particularly changes in the British Pound, Indian Rupee, Euro, Japanese Yen, Canadian Dollar and Australian Dollar. Additionally, fluctuations in foreign currency exchange rates may cause us to recognize transaction gains and losses in our consolidated statements of operations. The effect of a hypothetical 10% change in foreign currency exchange rates applicable to our business would not have a material impact on the consolidated financial statements for all periods presented.
We have a foreign currency risk management program, and we enter into foreign currency forward contracts to hedge a portion of our forecasted foreign currency-denominated expenses. These foreign currency derivative contracts have a maturity up to 24 months or less and are designated as cash flow hedges to protect our earnings subjected to foreign currency risk. We also use foreign currency forward contracts to mitigate variability in gains and losses generated from the remeasurement of certain monetary assets and liabilities denominated in foreign currencies.
84

Table of Contents
Item 8. Financial Statements and Supplementary Data
Index to Consolidated Financial Statements
Page
Consolidated Financial Statements:
Consolidated Balance Sheets as of July 31, 2024 and 2023
Consolidated Statements of Comprehensive Loss for the years ended July 31, 2024, 2023 and 2022


85

Table of Contents
Report of Independent Registered Public Accounting Firm
To the Board of Directors and Stockholders of Zscaler, Inc.
Opinions on the Financial Statements and Internal Control over Financial Reporting
We have audited the accompanying consolidated balance sheets of Zscaler, Inc. and its subsidiaries (the "Company") as of July 31, 2024 and 2023, and the related consolidated statements of operations, of comprehensive loss, of stockholders' equity and of cash flows for each of the three years in the period ended July 31, 2024, including the related notes (collectively referred to as the "consolidated financial statements"). We also have audited the Company's internal control over financial reporting as of July 31, 2024, based on criteria established in Internal Control - Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).
In our opinion, the consolidated financial statements referred to above present fairly, in all material respects, the financial position of the Company as of July 31, 2024 and 2023, and the results of its operations and its cash flows for each of the three years in the period ended July 31, 2024 in conformity with accounting principles generally accepted in the United States of America. Also in our opinion, the Company maintained, in all material respects, effective internal control over financial reporting as of July 31, 2024, based on criteria established in Internal Control - Integrated Framework (2013) issued by the COSO.
Change in Accounting Principle
As discussed in Note 1 to the consolidated financial statements, the Company changed the manner in which it accounts for convertible senior notes as of August 1, 2022.
Basis for Opinions
The Company's management is responsible for these consolidated financial statements, for maintaining effective internal control over financial reporting, and for its assessment of the effectiveness of internal control over financial reporting, included in Management’s Report on Internal Control over Financial Reporting appearing under Item 9A. Our responsibility is to express opinions on the Company’s consolidated financial statements and on the Company's internal control over financial reporting based on our audits. We are a public accounting firm registered with the Public Company Accounting Oversight Board (United States) (PCAOB) and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.
We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audits to obtain reasonable assurance about whether the consolidated financial statements are free of material misstatement, whether due to error or fraud, and whether effective internal control over financial reporting was maintained in all material respects.
Our audits of the consolidated financial statements included performing procedures to assess the risks of material misstatement of the consolidated financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the consolidated financial statements. Our audits also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the consolidated financial statements. Our audit of internal control over financial reporting included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, and testing and evaluating the design and operating effectiveness of internal control based on the assessed risk. Our audits also included performing such other procedures as we considered necessary in the circumstances. We believe that our audits provide a reasonable basis for our opinions.
86

Table of Contents
As described in Management’s Report on Internal Control over Financial Reporting, management has excluded Airgap Networks Inc. and Avalor Technologies Ltd. from its assessment of internal control over financial reporting as of July 31, 2024, because they were acquired by the Company in purchase business combinations during 2024. We have also excluded Airgap Networks Inc. and Avalor Technologies Ltd. from our audit of internal control over financial reporting. Airgap Networks Inc. and Avalor Technologies Ltd. are wholly-owned subsidiaries whose total assets and total revenues excluded from management’s assessment and our audit of internal control over financial reporting collectively represent approximately 0.4% and 0.1%, respectively, of the related consolidated financial statement amounts as of and for the year ended July 31, 2024.
Definition and Limitations of Internal Control over Financial Reporting
A company’s internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company’s internal control over financial reporting includes those policies and procedures that (i) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (ii) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (iii) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements.
Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.
Critical Audit Matters
The critical audit matter communicated below is a matter arising from the current period audit of the consolidated financial statements that was communicated or required to be communicated to the audit committee and that (i) relates to accounts or disclosures that are material to the consolidated financial statements and (ii) involved our especially challenging, subjective, or complex judgments. The communication of critical audit matters does not alter in any way our opinion on the consolidated financial statements, taken as a whole, and we are not, by communicating the critical audit matter below, providing a separate opinion on the critical audit matter or on the accounts or disclosures to which it relates.
Revenue Recognition – Subscription and Support Revenue
As described in Notes 1 and 2 to the consolidated financial statements, revenue is recognized when control of the services is transferred to the customers, in an amount that reflects the consideration that the Company expects to receive in exchange for those services. The Company generates all revenue from contracts with customers and management applies judgment in identifying and evaluating any terms and conditions in contracts which may impact revenue recognition. For the year ended July 31, 2024, the Company’s revenue was $2,168 million of which approximately 97% relates to subscription and support revenue.
The principal consideration for our determination that performing procedures relating to revenue recognition for subscription and support revenue is a critical audit matter is a high degree of auditor effort in performing procedures related to the Company’s revenue recognition.
Addressing the matter involved performing procedures and evaluating audit evidence in connection with forming our overall opinion on the consolidated financial statements. These procedures included testing the effectiveness of controls relating to
87

Table of Contents
the revenue recognition process for subscription and support revenue. These procedures also included, among others (i) testing revenue recognized for a sample of subscription and support revenue transactions by obtaining and inspecting source documents, such as sales quotes, purchase orders, sales orders, invoices, and payment receipts and (ii) confirming a sample of outstanding customer invoice balances as of July 31, 2024 and, for confirmations not returned, obtaining and inspecting source documents, such as sales quotes, purchase orders, sales orders, invoices, and subsequent payment receipts.
/s/ PricewaterhouseCoopers LLP
San Jose, California
September 12, 2024
We have served as the Company's auditor since 2015.

88

Table of Contents
ZSCALER, INC.
Consolidated Balance Sheets
(in thousands, except per share amounts)
July 31,
20242023
Assets
Current assets:
Cash and cash equivalents$1,423,080 $1,262,206 
Short-term investments986,574 838,026 
Accounts receivable, net736,529 582,636 
Deferred contract acquisition costs148,873 115,827 
Prepaid expenses and other current assets101,561 91,619 
Total current assets3,396,617 2,890,314 
Property and equipment, net383,121 242,355 
Operating lease right-of-use assets89,758 70,671 
Deferred contract acquisition costs, noncurrent296,525 259,407 
Acquired intangible assets, net63,835 25,859 
Goodwill417,029 89,192 
Other noncurrent assets58,083 30,519 
Total assets$4,704,968 $3,608,317 
Liabilities and Stockholders’ Equity
Current liabilities:
Accounts payable$23,309 $18,481 
Accrued expenses and other current liabilities91,708 64,975 
Accrued compensation160,810 136,800 
Deferred revenue1,643,919 1,281,143 
Convertible senior notes1,142,275  
Operating lease liabilities50,866 34,469 
Total current liabilities3,112,887 1,535,868 
Convertible senior notes, noncurrent 1,134,159 
Deferred revenue, noncurrent251,055 158,533 
Operating lease liabilities, noncurrent44,824 41,917 
Other noncurrent liabilities22,100 12,728 
Total liabilities3,430,866 2,883,205 
Commitments and contingencies (Note 12)
Stockholders’ Equity
Preferred stock; $0.001 par value; 200,000 shares authorized as of July 31, 2024 and 2023, respectively; no shares issued and outstanding as of July 31, 2024 and 2023
  
Common stock; $0.001 par value; 1,000,000 shares authorized as of July 31, 2024 and 2023, respectively; 152,490 and 147,169 shares issued and outstanding as of July 31, 2024 and 2023, respectively
152 147 
Additional paid-in capital2,426,819 1,816,915 
Accumulated other comprehensive loss(4,789)(1,576)
Accumulated deficit(1,148,080)(1,090,374)
Total stockholders’ equity1,274,102 725,112 
Total liabilities and stockholders’ equity$4,704,968 $3,608,317 

The accompanying notes are an integral part of these consolidated financial statements.
89

Table of Contents
ZSCALER, INC.
Consolidated Statements of Operations
(in thousands, except per share amounts)
Year Ended July 31,
202420232022
Revenue$2,167,771 $1,616,952 $1,090,946 
Cost of revenue477,129 362,832 242,282 
Gross profit1,690,642 1,254,120 848,664 
Operating expenses:
Sales and marketing1,100,239 953,864 735,219 
Research and development499,828 349,735 289,139 
General and administrative212,052 177,544 151,735 
Restructuring and other charges 7,600  
Total operating expenses1,812,119 1,488,743 1,176,093 
Loss from operations(121,477)(234,623)(327,429)
Interest income109,130 60,462 4,586 
Interest expense(13,132)(6,541)(56,579)
Other expense, net(3,750)(1,862)(4,208)
Loss before income taxes(29,229)(182,564)(383,630)
Provision for income taxes28,477 19,771 6,648 
Net loss$(57,706)$(202,335)$(390,278)
Net loss per share, basic and diluted$(0.39)$(1.40)$(2.77)
Weighted-average shares used in computing net loss per share, basic and diluted149,586 144,942 140,895 

The accompanying notes are an integral part of these consolidated financial statements.
90

Table of Contents
ZSCALER, INC.
Consolidated Statements of Comprehensive Loss
(in thousands)
Year Ended July 31,
202420232022
Net loss$(57,706)$(202,335)$(390,278)
Available-for-sale securities:
Change in net unrealized gains (losses) on available-for-sale securities9,948 1,592 (12,083)
Cash flow hedging instruments:
Change in net unrealized gains (losses)(10,761)11,103 (20,130)
Net realized (gains) losses reclassified into net loss(2,400)11,579 7,013 
Net change on cash flow hedges(13,161)22,682 (13,117)
Other comprehensive income (loss)(3,213)24,274 (25,200)
Comprehensive loss$(60,919)$(178,061)$(415,478)

The accompanying notes are an integral part of these consolidated financial statements.

91

Table of Contents

ZSCALER, INC.
Consolidated Statements of Stockholders’ Equity
(in thousands)
Common Stock Additional
Paid-In
Capital
Accumulated Other Comprehensive LossAccumulated
Deficit
Total
Stockholders’ Equity
Shares Amount  
Balance as of July 31, 2021138,662 $139 $1,131,006 $(650)$(601,600)$528,895 
Issuance of common stock upon exercise of stock options905 — 6,943 — — 6,943 
Issuance of common stock under the employee stock purchase plan319 — 34,649 — — 34,649 
Vesting of restricted stock units, performance stock awards and other stock issuances3,152 4 1,699 — — 1,703 
Stock-based compensation— — 416,588 — — 416,588 
Other comprehensive loss— — — (25,200)— (25,200)
Net loss — — — — (390,278)(390,278)
Balance as of July 31, 2022143,038 143 1,590,885 (25,850)(991,878)573,300 
Cumulative effect adjustment from adoption of ASU 2020-06 (Note 1)— — (273,738)— 103,839 (169,899)
Issuance of common stock upon exercise of stock options451 — 3,944 — — 3,944 
Issuance of common stock under the employee stock purchase plan425 — 42,263 — — 42,263 
Vesting of restricted stock units, performance stock awards and other stock issuances3,255 4 (4)— —  
Stock-based compensation— — 453,565 — — 453,565 
Other comprehensive income— — — 24,274 — 24,274 
Net loss— — — — (202,335)(202,335)
Balance as of July 31, 2023147,169 147 1,816,915 (1,576)(1,090,374)725,112 
Issuance of common stock upon exercise of stock options864 — 12,249 — — 12,249 
Issuance of common stock under the employee equity stock purchase plan489 — 51,998 — — 51,998 
Vesting of restricted stock units and performance stock awards3,624 5 (5)— —  
Issuance of restricted shares of common stock in connection with business acquisitions subject to future vesting344 — — — — — 
Issuance of replacement awards attributable to pre-combination vesting in connection with business acquisitions
— — 3,805 — — 3,805 
Stock-based compensation— — 541,857 — — 541,857 
Other comprehensive loss— — — (3,213)— (3,213)
Net loss— — — — (57,706)(57,706)
Balance as of July 31, 2024152,490 $152 $2,426,819 $(4,789)$(1,148,080)$1,274,102 

The accompanying notes are an integral part of these consolidated financial statements.
92

Table of Contents
ZSCALER, INC.
Consolidated Statements of Cash Flows
(in thousands)
 Year Ended July 31,

202420232022
Cash Flows From Operating Activities
Net loss$(57,706)$(202,335)$(390,278)
Adjustments to reconcile net loss to cash provided by operating activities:
Depreciation and amortization expense66,308 55,756 40,456 
Amortization expense of acquired intangible assets14,624 11,060 9,010 
Amortization of deferred contract acquisition costs130,139 98,718 68,531 
Amortization of debt issuance costs3,914 3,894 55,141 
Non-cash operating lease costs49,445 32,212 25,626 
Stock-based compensation expense527,676 444,834 409,562 
Amortization (accretion) of investments purchased at a premium (discount)(19,062)(6,582)6,580 
Unrealized (gains) losses on hedging transactions753 (3,319)1,499 
Deferred income taxes(5,633)352 (562)
Other3,320 (820)(1,104)
Changes in operating assets and liabilities, net of effects of business combinations:
Accounts receivable(152,960)(183,858)(143,336)
Deferred contract acquisition costs(200,303)(176,950)(158,503)
Prepaid expenses, other current and noncurrent assets(39,971)(39,922)(10,287)
Accounts payable4,164 (8,416)14,358 
Accrued expenses, other current and noncurrent liabilities43,556 26,814 13,377 
Accrued compensation10,507 24,538 18,326 
Deferred revenue450,314 418,564 391,179 
Operating lease liabilities(49,239)(32,197)(27,663)
Net cash provided by operating activities779,846 462,343 321,912 
Cash Flows From Investing Activities
Purchases of property, equipment and other assets(144,588)(97,197)(69,296)
Capitalized internal-use software(50,308)(31,527)(21,284)
Payments for business acquisitions, net of cash acquired(374,702)(15,643)(25,287)
Purchase of strategic investments(2,000)(3,206) 
Purchases of short-term investments(1,291,015)(1,064,143)(844,944)
Proceeds from maturities of short-term investments1,132,268 901,849 1,334,874 
Proceeds from sale of short-term investments47,165 50,530  
Net cash provided (used) by investing activities(683,180)(259,337)374,063 
Cash Flows From Financing Activities
Proceeds from issuance of common stock upon exercise of stock options12,249 3,944 6,943 
Proceeds from issuance of common stock under the employee stock purchase plan51,998 42,263 34,649 
Payment of deferred consideration related to business acquisitions (215)(250)
Other(39)(2)(5)
Net cash provided by financing activities64,208 45,990 41,337 
Net increase in cash and cash equivalents 160,874 248,996 737,312 
Cash and cash equivalents at beginning of period
1,262,206 1,013,210 275,898 
Cash and cash equivalents at end of period
$1,423,080 $1,262,206 $1,013,210 

The accompanying notes are an integral part of these consolidated financial statements.

ZSCALER, INC.
Consolidated Statements of Cash Flows (continued)
(in thousands)
Year Ended July 31,
202420232022
Supplemental Disclosure of Cash Flow Information
Cash paid for income taxes, net of tax refunds$23,123 $14,940 $5,606 
Cash paid for interest expense$1,436 $1,438 $1,438 
Non-Cash Activities
Operating lease right-of-use assets obtained in exchange for operating lease obligations, net of terminations$64,700 $29,129 $51,962 
Equity consideration for business acquisitions$3,805 $ $ 
Net change in purchased equipment included in accounts payable and accrued expenses$1,111 $1,588 $(997)

The accompanying notes are an integral part of these consolidated financial statements.
93


ZSCALER, INC.
Notes to Consolidated Financial Statements
Note 1. Business and Summary of Significant Accounting Policies
Description of the Business
Zscaler, Inc. ("Zscaler," the "Company," "we," "us," or "our") is a cloud security company that developed a platform incorporating core security functionalities needed to enable fast and secure access to cloud resources based on identity, context and organization’s policies. Our solution is a purpose-built, multi-tenant, distributed cloud platform that incorporates the security functionality needed to enable users, applications, and devices to safely and efficiently utilize authorized applications and services based on an organization’s business policies. We deliver our solutions using a software-as-a-service ("SaaS") business model and sell subscriptions to customers to access our cloud platform, together with related support services. We were incorporated in Delaware in September 2007 and conduct business worldwide, with presence in North America, Europe and Asia. Our headquarters are in San Jose, California.
Fiscal Year
Our fiscal year ends on July 31. References to fiscal 2024, for example, refer to our fiscal year ending July 31, 2024.
Principles of Consolidation
The accompanying consolidated financial statements include the accounts of the Company and its wholly owned subsidiaries and have been prepared in conformity with generally accepted accounting principles in the United States ("GAAP"). All intercompany balances and transactions have been eliminated in consolidation.
Use of Estimates
The preparation of consolidated financial statements in conformity with U.S. GAAP requires management to make estimates, judgments and assumptions that affect the amounts reported and disclosed in the financial statements and accompanying notes. Such estimates include, but are not limited to, the determination of revenue recognition, deferred revenue, deferred contract acquisition costs, capitalized internal-use software, valuation of acquired intangible assets, period of benefit generated from our deferred contract acquisition costs, allowance for doubtful accounts, valuation of common stock options and stock-based awards, useful lives of property and equipment, useful lives of acquired intangible assets, recoverability of goodwill, valuation of deferred tax assets and liabilities, loss contingencies related to litigation, fair value of convertible senior notes and the discount rate used for operating leases. Management determines these estimates and assumptions based on historical experience and on various other assumptions that are believed to be reasonable. Actual results could differ significantly from these estimates, and such differences may be material to the consolidated financial statements.
Due to uncertainty in the macroeconomic environment, including the effects of inflation and geopolitical events, there is ongoing disruption in the global economy and financial markets. We are not aware of any specific event or circumstances that would require an update to our estimates, judgments or assumptions or a revision to the carrying value of our assets or liabilities as of the date of issuance of these consolidated financial statements. These estimates, judgments and assumptions may change in the future, as new events occur or additional information is obtained.
Foreign Currency
The functional currency of our foreign subsidiaries is the U.S. dollar. Accordingly, monetary assets and liabilities of our foreign subsidiaries are re-measured into U.S. dollars at the exchange rates in effect at the reporting date, non-monetary
94

Table of Contents
assets and liabilities are re-measured at historical rates, revenue and expenses are re-measured at average exchange rates in effect during each reporting period. Foreign currency transaction gains and losses are recorded in other expense, net in the consolidated statements of operations. Foreign currency remeasurement gains and losses and foreign currency transaction gains and losses are not significant to the consolidated financial statements for all periods presented.
Concentration of Risks
We generate revenue primarily from sale of subscriptions to access our cloud platform, together with related support services. Our sales team, along with our channel partner network of global telecommunications service providers, system integrators and value-added resellers (collectively "channel partners"), sells our services worldwide to organizations of all sizes. Due to the nature of our services and the terms and conditions of our contracts with our channel partners, our business could be affected unfavorably if we are not able to continue our relationships with them.
Our financial instruments that are exposed to concentrations of credit risk consist primarily of cash, cash equivalents, derivative contracts, short-term investments and accounts receivable. Although we deposit our cash with multiple financial institutions, the deposits, at times, may exceed federally insured limits. Cash equivalents and short-term investments consist of highly liquid investments in money market funds, U.S. treasury, U.S. agency securities, certificates of deposit and corporate debt securities, which are invested through financial institutions.
We grant credit to our customers in the normal course of business. We monitor the financial condition of our customers to reduce credit risk. Refer to Note 2, Revenue Recognition, for information regarding customers with concentration of 10% or more of the total balance of accounts receivable, net.
Segment Information
We operate as one reportable and operating segment. Our chief operating decision maker is our chief executive officer, who reviews financial information presented on a consolidated basis for purposes of making operating decisions, assessing financial performance and allocating resources.
Revenue Recognition
In accordance with Accounting Standards Codification ("ASC") Topic 606, Revenue From Contracts With Customers ("ASC 606"), revenue is recognized when a customer obtains control of promised services. The amount of revenue recognized reflects the consideration that we expect to be entitled to receive in exchange for these services. To achieve the core principle of this standard, we apply the following five steps:
1) Identify the contract with a customer
We consider the terms and conditions of the contracts and our customary business practices in identifying our contracts under ASC 606. We determine we have a contract with a customer when the contract is approved, we can identify each party’s rights regarding the services to be transferred, we can identify the payment terms for the services, we have determined the customer has the ability and intent to pay and the contract has commercial substance. We apply judgment in determining the customer’s ability and intent to pay, which is based on a variety of factors, including the customer’s historical payment experience or, in the case of a new customer, credit and financial information pertaining to the customer.
2) Identify the performance obligations in the contract
Performance obligations promised in a contract are identified based on the services that will be transferred to the customer that are both capable of being distinct, whereby the customer can benefit from the service either on its own or together with other resources that are readily available from third parties or from us, and are distinct in the context of the
95

Table of Contents
contract, whereby the transfer of the services is separately identifiable from other promises in the contract. Our performance obligations consist of (i) our subscription and support services and (ii) professional and other services.
3) Determine the transaction price
The transaction price is determined based on the consideration to which we expect to be entitled in exchange for transferring services to the customer. Variable consideration is included in the transaction price if, in our judgment, it is probable that a significant future reversal of cumulative revenue under the contract will not occur. None of our contracts contain a significant financing component.
4) Allocate the transaction price to performance obligations in the contract
If the contract contains a single performance obligation, the entire transaction price is allocated to the single performance obligation. Contracts that contain multiple performance obligations require an allocation of the transaction price to each performance obligation based on a relative standalone selling price ("SSP").
5) Recognize revenue when or as we satisfy a performance obligation
Revenue is recognized at the time the related performance obligation is satisfied by transferring the promised service to a customer. Revenue is recognized when control of the services is transferred to our customers, in an amount that reflects the consideration that we expect to receive in exchange for those services. We generate all our revenue from contracts with customers and apply judgment in identifying and evaluating any terms and conditions in contracts which may impact revenue recognition.
Subscription and Support Revenue
We generate revenue primarily from sales of subscriptions to access our cloud platform, together with related support services to our customers. Arrangements with customers do not provide the customer with the right to take possession of our software operating our cloud platform at any time. Instead, customers are granted continuous access to our cloud platform over the contractual period. A time-elapsed output method is used to measure progress because we transfer control evenly over the contractual period. Accordingly, the fixed consideration related to subscription and support revenue is generally recognized on a straight-line basis over the contract term beginning on the date that our service is made available to the customer.
The typical subscription and support term is one to three years. Most of our contracts are non-cancelable over the contractual term. Customers typically have the right to terminate their contracts for cause if we fail to perform in accordance with the contractual terms. Some of our customers have the option to purchase additional subscription and support services at a stated price. These options generally do not provide a material right as they are priced at our SSP.
Professional and Other Services Revenue
Professional and other services revenue consists of fees associated with providing deployment advisory services that educate and assist our customers on the best use of our solutions, as well as advise customers on best practices as they deploy our solution. These services are distinct from subscription and support services. Professional services do not result in significant customization of the subscription service. Revenue from professional services provided on a time and materials basis is recognized as the services are performed. Total professional and other services revenue has historically not been material.
96

Table of Contents
Contracts with Multiple Performance Obligations
Most of our contracts with customers contain multiple promised services consisting of: (i) our subscription and support services and (ii) professional and other services that are distinct and accounted for separately. The transaction price is allocated to the separate performance obligations on a relative SSP basis. We determine SSP based on our overall pricing objectives, taking into consideration the type of subscription and support services and professional and other services, the geographical region of the customer and the number of users.
Variable Consideration
Revenue from sales is recorded at the net sales price, which is the transaction price, and includes estimates of variable consideration. The amount of variable consideration that is included in the transaction price is constrained and included in the net sales price only to the extent that it is probable that a significant reversal in the amount of the cumulative revenue will not occur when the uncertainty is resolved.
If our services do not meet certain service level commitments, our customers are entitled to receive service credits, and in certain cases, refunds, each representing a form of variable consideration. We have historically not experienced any significant incidents affecting the defined levels of reliability and performance as required by our subscription contracts. Accordingly, estimated refunds related to these agreements were not material to the periods presented.
We provide rebates and other credits within our contracts with certain customers, which are estimated based on the value expected to be earned or claimed on the related sales transaction. Overall, the transaction price is reduced to reflect our estimate of the amount of consideration to which we are entitled based on the terms of the contract. Estimated rebates and other credits were not material during the periods presented.
Accounts Receivable and Allowance
Accounts receivable are recorded at the invoiced amount and are non-interest bearing. Accounts receivable are stated at their net realizable value, net of an allowance for doubtful accounts. We have a well-established collections history from our customers. Credit is extended to customers based on an evaluation of their financial condition and other factors. In determining the necessary allowance for doubtful accounts, we estimate the lifetime expected credit losses against the existing accounts receivable balance. Our estimate is based on certain factors including historical loss rates, current economic conditions, reasonable and supportable forecasts and customer-specific circumstances. The allowance for doubtful accounts has historically not been material. There were no material write-offs recognized in the periods presented. Accordingly, the movements in the allowance for doubtful accounts were not material for any of the periods presented. We do not have any off-balance-sheet credit exposure related to our customers.
Cash Equivalents and Short-Term Investments
We classify all highly liquid investments purchased with an original maturity of 90 days or less from the date of purchase as cash equivalents and all highly liquid investments with original maturities beyond 90 days at the time of purchase as short-term investments. Our cash equivalents and short-term investments consist of highly liquid investments in money market funds, U.S. treasury securities, U.S. government agency securities, certificates of deposit and corporate debt securities.
We classify our investments as available-for-sale investments and present them within current assets since these investments represent funds available for current operations and we have the ability and intent, if necessary, to liquidate any of these investments in order to meet our liquidity needs or to grow our business, including for potential business acquisitions or other strategic transactions. Our investments are carried at fair value, with unrealized gains and losses unrelated to credit loss factors reported in accumulated other comprehensive income (loss) ("AOCI").
97

Table of Contents
Our investments are reviewed periodically when there is a decline in a security’s fair value below the amortized cost basis. We consider our intent to sell and whether it is more likely than not that we will be required to sell the securities before the recovery of its cost basis. If either of these criteria are triggered, the amortized cost basis of the debt security is written down to fair value through other expense, net. If neither criteria is met, we evaluate whether the decline in fair value below the amortized cost basis is related to credit-related factors or other factors such as interest rate fluctuations. The factors considered in this analysis include the extent the fair value is less than the amortized cost basis, whether there were changes to the rating of the security by a ratings agency, whether the issuer has failed to make scheduled interest payments and other adverse conditions as applicable. Credit-related impairment losses, limited by the amount that the fair value is less than the amortized cost basis, are recorded through an allowance for credit losses in other expense, net. For purposes of identifying and measuring credit-related impairments, our policy is to exclude the applicable accrued interest from both the fair value and amortized cost basis of the related debt security. Accrued interest receivable, net of the allowance for credit losses, if any, is recorded to prepaid expenses and other current assets. There were no credit-related impairments recognized on our investments during the periods presented.
Interest income, amortization (accretion) of investments purchased at a premium (discount) and realized gains and losses are included in interest income in the consolidated statements of operations. We use the specific identification method to determine the cost in calculating realized gains and losses upon the sale of these investments.
Strategic Investments
Our strategic investments consist of non-marketable equity investments of privately held companies. Investments in non-marketable equity investments of privately held companies without readily determinable fair values are measured using the measurement alternative, as we have less than 20% ownership and do not have the ability to exercise significant influence over their operations. The carrying amount of non-marketable equity investments is adjusted based on observable price changes from orderly transactions for identical or similar investments of the same issuer and by impairments when events or circumstances indicate a decline in value has occurred. Non-marketable equity investments that have been remeasured during the period due to an observable event or impairment are classified within Level 3 in the fair value hierarchy because we estimate the value based on valuation methods which may include a combination of the observable transaction price at the transaction date and other unobservable inputs including volatility, rights, and obligations of the investments we hold. Our strategic investments are included within other noncurrent assets in the consolidated balance sheets and adjustments to their carrying amounts are recorded in other expense, net in the consolidated statements of operations. There were no material events or circumstances impacting the carrying amount of our strategic investments during the periods presented.
Fair Value of Financial Instruments
Our financial instruments consist of cash equivalents, short-term investments, accounts receivable, accounts payable, accrued liabilities, derivative instruments and convertible senior notes. Cash equivalents and short-term investments are recorded at fair value. Accounts receivable, accounts payable and accrued liabilities are stated at their carrying value, which approximates fair value due to the short-time to the expected receipt or payment date. Assets recorded at fair value on a recurring basis in the consolidated balance sheets, consisting of cash equivalents and short-term investments, are categorized in accordance with the fair value hierarchy based upon the level of judgment associated with the inputs used to measure their fair values. We carry the convertible senior notes at face value less debt issuance costs and hedge accounting fair value adjustments on our consolidated balance sheet. The fair value of the convertible senior notes is presented at each reporting period for disclosure purposes only.
Property and Equipment
Property and equipment, net are stated at historical cost net of accumulated depreciation. Property and equipment, excluding leasehold improvements, are depreciated using the straight-line method over the estimated useful lives of the
98

Table of Contents
respective assets, generally ranging from three to five years. Leasehold improvements are amortized using the straight-line method over the shorter of the estimated useful lives of the respective assets or the lease term. Expenditures for maintenance and repairs are expensed as incurred and significant improvements and betterments that substantially enhance the life of an asset are capitalized.
In August 2023, we completed an assessment of the useful lives of our servers and networking equipment, which resulted in an extension of their useful lives from four to five years. This change in accounting estimate was effective beginning fiscal 2024. Based on the carrying amount of these assets as of July 31, 2023, this change decreased depreciation expense by $13.4 million for fiscal 2024.
Capitalized Internal-Use Software
We capitalize certain costs incurred during the application development stage in connection with software development for our cloud security platform. Costs related to preliminary project activities and post-implementation activities are expensed as incurred. Capitalized costs are recorded as part of property and equipment in the consolidated balance sheets. Maintenance and training costs are expensed as incurred. Capitalized internal-use software is amortized on a straight-line basis over its estimated useful life, which is generally three to five years, and is recorded as cost of revenue in the consolidated statements of operations. Capitalization of development costs, inclusive of stock-based compensation, of software for internal-use in fiscal 2024, fiscal 2023 and fiscal 2022 was $76.9 million, $48.6 million and $32.7 million, respectively. Amortization expense of capitalized software for internal-use in fiscal 2024, fiscal 2023 and fiscal 2022 was $36.3 million, $24.2 million and $13.0 million, respectively.
Business Combinations
We account for our business combinations using the acquisition method of accounting, which requires, among other things, allocation of the fair value of purchase consideration to the tangible and intangible assets acquired and liabilities assumed at their estimated fair values on the acquisition date. The excess of the fair value of purchase consideration over the values of these identifiable assets and liabilities is recorded as goodwill. When determining the fair value of assets acquired and liabilities assumed, we make estimates and assumptions, especially with respect to intangible assets. Our estimates of fair value are based upon assumptions believed to be reasonable, but which are inherently uncertain and unpredictable and, as a result, actual results may differ from estimates. During the measurement period, not to exceed one year from the date of acquisition, we may record adjustments to the assets acquired and liabilities assumed, with a corresponding offset to goodwill if new information is obtained related to facts and circumstances that existed as of the acquisition date. After the measurement period, any subsequent adjustments are reflected in the consolidated statements of operations. Acquisition costs, such as legal and consulting fees, are expensed as incurred.
Goodwill and Other Long-Lived Assets, including Acquired Intangible Assets
Goodwill represents the excess of the fair value of purchase consideration in a business combination over the fair value of net tangible and intangible assets acquired. Goodwill amounts are not amortized, but rather tested for impairment at least annually or more often if circumstances indicate that the carrying value may not be recoverable. There was no impairment of goodwill during any of the periods presented.
Acquired intangible assets consist of identifiable intangible assets, including developed technology and customer relationships, resulting from business combinations. Acquired finite-lived intangible assets are initially recorded at fair value and are amortized on a straight-line basis over their estimated useful lives. Amortization expense of developed technology and customer relationships is recorded primarily within cost of revenues and sales and marketing expenses, respectively, in the consolidated statements of operations.
99

Table of Contents
Long-lived assets, such as property and equipment and acquired intangible assets, are reviewed for impairment whenever events or changes in circumstances indicate that their carrying amounts may not be recoverable. We measure the recoverability of these assets by comparing the carrying amounts to the future undiscounted cash flows that these assets are expected to generate. If the total of the future undiscounted cash flows are less than the carrying amount of an asset, we record an impairment charge for the amount by which the carrying amount of the asset exceeds the fair value. There were no asset impairments for all periods presented.
Restructuring and Other Charges    
Restructuring and other charges occur when we commit to a restructuring plan, the restructuring plan identifies all significant actions, the period of time to complete the restructuring plan indicates that significant changes to the restructuring plan are not likely and employees who are impacted have been notified of the pending involuntary termination. A restructuring plan generally includes significant actions involving employee-related severance charges, employee-related benefits, stock-based compensation expense related to the modification of equity incentive awards and other charges associated with the restructuring (the "restructuring charges"). Restructuring charges are accrued in the period in which it is probable that the employees are entitled to the restructuring benefits and the amounts can be reasonably estimated. Restructuring charges are recorded within restructuring and other charges in the consolidated statement of operations. The restructuring liability accrued but not paid at the end of the reporting period is included within accrued compensation in the consolidated balance sheets.
Derivative Instruments
We enter into foreign currency forward contracts, a portion of which we designate as cash flow hedges, in order to manage the volatility of cash flows that relate to our cost of revenues and operating expenses denominated in foreign currencies.
We also use interest rate swaps to economically convert a certain tranche of our fixed interest rate convertible senior notes to floating interest rates, in order to match the floating rate nature of a portion of our cash, cash equivalents, and short-term investments. These interest rate swaps are designated as fair value hedges, and changes in fair value of the interest rate swaps offset the changes in fair market value of the convertible senior notes due to benchmark interest rate movements. Gains or losses related to our fair value hedges are included within interest expense in the consolidated statement of operations in the period of change together with the offsetting loss or gain on the hedged item attributed to the risk being hedged. We measure hedge effectiveness of the interest rate swaps using regression analysis at inception and periodically thereafter.
Gains or losses related to our cash flow hedges are recorded as a component of AOCI in the consolidated statements of stockholders' equity until the forecasted transaction occurs in earnings. When the forecasted transaction occurs, the related gains and losses are reclassified into earnings within the financial statement line item associated with the underlying hedged transaction. If the underlying hedged transaction does not occur, or it becomes probable that the hedged transaction will not occur, the cumulative unrealized gain or loss is reclassified immediately from AOCI into earnings within the financial statement line item associated with the underlying hedged transaction. We measure hedge effectiveness using regression analysis at hedge inception and periodically thereafter. We include time value in our effectiveness assessment.
We recognize changes in the fair value of non-designated derivative instruments within other expense, net in the consolidated statements of operations in the same period that the fair value measurement occurs.
All of our derivative instruments are measured at fair value. We have elected to present the derivative assets and derivative liabilities on a gross basis on the consolidated balance sheets. Derivative instruments are classified in the
100

Table of Contents
consolidated statements of cash flows as cash from operating activities, which reflect the classification of the underlying hedged transactions.
Operating Leases
We enter into operating lease arrangements for real estate assets related to office space and co-location assets related to space and racks at data center facilities. We determine if an arrangement contains a lease at its inception by assessing whether there is an identified asset and whether the arrangement conveys the right to control the use of the identified asset in exchange for consideration. Operating leases related balances are included in "operating lease right-of-use assets," "operating lease liabilities," and "operating lease liabilities, noncurrent" in the consolidated balance sheets. Right-of-use assets represent our right to use an underlying asset for the lease term and lease liabilities represent our obligation to make payments arising from the lease. Operating lease right-of-use assets and lease liabilities are recognized at the lease commencement date based on the present value of lease payments over the lease term. Lease payments consist of the fixed payments under the arrangement. The operating lease liabilities are adjusted for any unpaid lease incentives, such as tenant improvement allowances. Variable costs, such as maintenance and utilities based on actual usage, are not included in the measurement of right-to-use assets and lease liabilities but are expensed when the event determining the amount of variable consideration to be paid occurs. As the implicit rate of our leases is not determinable, we use an incremental borrowing rate ("IBR") based on the information available at the lease commencement date in determining the present value of lease payments. The lease expense is recognized on a straight-line basis over the lease term.
We generally use the base, non-cancelable lease term when recognizing the right-of-use assets and lease liabilities, unless it is reasonably certain that a renewal or termination option will be exercised. We account for lease components and non-lease components as a single lease component.
Leases with a term of twelve months or less are not recognized on the consolidated balance sheets.
Stock-Based Compensation
Compensation expense related to stock-based awards granted to employees and non-employees is calculated based on the fair value of stock-based awards on the date of grant. We recognize stock-based compensation expense in the consolidated statement of operations over an award’s requisite service period based on the award’s fair value.
Stock-based compensation for common stock options is measured based on the fair value of the awards granted, determined using the Black-Scholes option pricing model. Stock-based compensation expense is recognized on a straight-line basis over the requisite service period, generally four years.
Stock-based compensation for purchase rights granted under the employee stock purchase plan ("ESPP") is measured based on the fair value of the number of awards estimated at the beginning of the offering period, as determined using the Black-Scholes option pricing model. Stock-based compensation expense is recognized on a straight-line basis over the two-year offering period.
Stock-based compensation for restricted stock units ("RSUs") with only service conditions is measured based on the market closing price of our common stock on the grant date. Stock-based compensation expense is recognized on a straight-line basis over the requisite service period, generally four years.
Stock-based compensation for performance stock awards (“PSAs”), which have the same grant date and service inception date, and subject to both service and performance conditions, is measured based on the probable number of shares to be attained and the market closing price of our common stock at the grant date. The expense is recognized using the accelerated attribution method over the requisite service period. For PSAs where the service inception date of the awards precedes the grant date, stock-based compensation expense is recognized based on the number of PSAs for which it is probable that the performance condition will be met, using the accelerated attribution method and the market closing price of
101

Table of Contents
our common stock at each reporting date up to the grant date. The number of these PSAs for which it is probable that the performance condition will be met is determined using management’s best estimate at the end of each reporting period. At the completion of the performance period for these PSAs, any earned PSAs are granted upon approval of the compensation committee of our board of directors.
We account for forfeitures as they occur for all stock-based awards.
Convertible Senior Notes
We adopted Financial Accounting Standard Board ("FASB") issued Accounting Standard Update ("ASU") No. 2020-06, Debt with Conversion and Other Options (Subtopic 470-20) and Derivatives and Hedging - Contracts in Entity’s Own Equity (Subtopic 815-40) ("ASU 2020-06") as of August 1, 2022, the beginning of fiscal 2023, using the modified retrospective method.
Prior to the adoption of ASU 2020-06, in accounting for the issuance of the convertible senior notes, the convertible senior notes were separated into liability and equity components. The carrying amounts of the liability component was calculated by measuring the fair value of similar liabilities that do not have associated convertible features. The carrying amount of the equity component representing the conversion option was determined by deducting the fair value of the liability component from the par value of the convertible senior notes as a whole. This difference represents the debt discount that was amortized to interest expense over the respective terms of the convertible senior notes using the effective interest rate method. The equity component was recorded in additional paid-in capital and was not remeasured as long as it continued to meet the conditions for equity classification.
In accounting for the related debt issuance costs, we allocated the total amount incurred to the liability and equity components of the convertible senior notes based on their relative values. Issuance costs attributable to the liability component were being amortized to interest expense over the contractual term of the convertible senior notes. The issuance costs attributable to the equity component were netted against the equity component representing the conversion option in additional paid-in capital.
To the extent that we receive the convertible senior notes conversion requests prior to their maturity, a portion of the equity component is classified as temporary equity, which is measured as the difference between the principal and net carrying amount of the convertible senior notes requested for conversion. Upon settlement of the conversion requests, the difference between the fair value and the amortized book value of the liability component of the convertible senior notes requested for conversion is recorded as a gain or loss on early note conversion. The fair value of the convertible senior notes is measured based on a similar liability that does not have an associated convertible feature based on the remaining term of the convertible senior notes.
Upon adoption of ASU 2020-06 and using the modified retrospective method, prior period amounts have not been adjusted. This standard resulted in our convertible senior notes being accounted for as a single unit of debt and we will no longer be required to record the conversion feature in equity. This further eliminated the need for amortization of the debt discount as interest expense and the portion of the issuance costs initially allocated to equity is now classified as debt and amortized as interest expense. As of August 1, 2022, the adoption of this new standard resulted in an increase of $169.9 million to the carrying amount of the convertible senior notes, a decrease of $273.7 million to additional paid-in capital and a cumulative-effect adjustment of $103.8 million to accumulated deficit.
Prior to the adoption of this standard, we used the treasury stock method to calculate the potentially diluted effect of the convertible senior notes; however, upon adoption of this standard we are required to use the if-converted method. Accordingly, to account for the potentially diluted shares related to the convertible senior notes under a net income position, we are required to add back the related interest expense to the net income and include approximately 7.63 million shares related to the convertible senior notes. Since we have reported net losses for all periods presented, the convertible senior
102

Table of Contents
notes were determined to be anti-dilutive and therefore had no impact to the diluted net loss per share for all periods presented.
Research and Development
Our research and development expenses support our efforts to add new products, new features to our existing offerings and to ensure the reliability, availability and scalability of our solutions. Our cloud platform is software-driven, and our research and development teams employ software engineers in the design and the related development, testing, certification and support of our solutions. Accordingly, the majority of our research and development expenses result from employee-related costs, including salaries, bonuses, benefits, stock-based compensation and costs associated with technology tools used by our engineers.
Advertising Expenses
Advertising expenses are charged to sales and marketing expenses in the consolidated statements of operations as incurred. We recognized advertising expense of $25.0 million, $24.0 million and $22.1 million in fiscal 2024, fiscal 2023 and fiscal 2022, respectively.
Warranties and Indemnification
Our cloud platform is generally warranted to be free of defects under normal use and to perform substantially in accordance with the subscription agreement. Additionally, our contracts generally include provisions for indemnifying customers and channel partners against liabilities if our services infringe or misappropriate a third party’s intellectual property rights. Costs and liabilities incurred as a result of warranties and indemnification obligations were not material during the periods presented.
Legal Contingencies
We may be subject to legal proceedings and litigation arising from time to time. We record a liability when we believe that it is both probable that a loss has been incurred and the amount can be reasonably estimated. We periodically evaluate developments in our legal matters that could affect the amount of liability that we accrue, if any, and adjust, as appropriate. Until the final resolution of any such matter for which we may be required to record a liability, there may be a loss exposure in excess of the liability recorded and such amount could be significant. We expense legal fees as incurred.
Income Taxes
We account for income taxes using the asset and liability method. Deferred income taxes are recognized by applying the enacted statutory tax rates applicable to future years to differences between the carrying amounts of existing assets and liabilities and their respective tax bases and net operating loss and tax credit carryforwards. The effect on deferred tax assets and liabilities of a change in tax rates is recognized in the period that includes the enactment date. The measurement of deferred tax assets is reduced, if necessary, by a valuation allowance to amounts that are more likely than not to be realized.
We recognize tax benefits from uncertain tax positions only if we believe that it is more likely than not that the tax position will be sustained on examination by the taxing authorities based on the technical merits of the position. The tax benefits recognized in the financial statements from such positions are then measured based on the largest benefit that has a greater than 50% likelihood of being realized upon settlement.
103

Table of Contents
Comprehensive Loss
Comprehensive loss is comprised of the net loss and other comprehensive income (loss). Our other comprehensive income (loss) includes unrealized gains and losses on available-for-sale securities and unrealized gains and losses and realized gains and losses reclassified into net loss on cash flow hedges, as reflected in the consolidated statements of comprehensive loss.
Net Loss Per Share
Basic net loss per share is computed by dividing the net loss by the weighted-average number of shares of common stock outstanding during the period, less shares subject to repurchase.
Diluted earnings per share adjusts basic earnings per share for all potentially dilutive common stock equivalents outstanding during the period. Potentially dilutive securities consist primarily of stock options, share purchase rights under the ESPP, unvested RSUs, unvested PSAs, unvested common stock and shares related to convertible senior notes. Since we have reported net losses for all periods presented, we have excluded all potentially dilutive securities from the calculation of the diluted net loss per share, as their effect is antidilutive. Accordingly, basic and diluted net loss per share is the same for all periods presented.
Recently Adopted Accounting Pronouncements
In October 2021, the FASB issued ASU No. 2021-08, Business Combinations (Topic 805) on Accounting for Contract Assets and Contract Liabilities from Contracts with Customers. This standard requires contract assets and contract liabilities from contracts with customers that are acquired in a business combination to be recognized and measured as if the acquirer had originated the original contract. Previously, acquired contract assets and liabilities were measured at fair value. We early adopted this standard in the first quarter of fiscal 2022 and it did not have a material impact to the consolidated financial statements.
In June 2020, the FASB issued ASU No. 2020-06. This standard removes the separation model for convertible debt with a cash conversion feature and convertible instruments with a beneficial conversion feature. Such convertible debt will be accounted for as a single liability measured at its amortized cost, as long as no other features require bifurcation and recognition as derivatives. The update also requires the if-converted method to be used for convertible instruments and the effect of potential share settlement be included in the diluted earnings per share calculation when an instrument may be settled in cash or shares. We adopted this standard effective on August 1, 2022, the beginning of fiscal 2023, using the modified retrospective method. In accordance with the adoption of ASU 2020-06 and using the modified retrospective method, prior period amounts have not been adjusted. For further information, refer to Convertible Senior Notes section in this Note 1, Business and Summary of Significant Accounting Policies.
Recently Issued Accounting Pronouncements Not Yet Adopted
In November 2023, the Financial Accounting Standards Board ("FASB") issued ASU No. 2023-07, Segment Reporting (Topic 280): Improvements to Reportable Segment Disclosures, which requires disclosure of incremental segment information on an annual and interim basis. This standard is effective for us in the annual periods beginning in fiscal 2025 and interim periods beginning in the first quarter of fiscal 2026. We are currently evaluating the potential impact of this standard on financial statement disclosures.
In December 2023, the FASB issued 2023-09, Income Taxes (Topic 740): Improvements to Income Tax Disclosures. The amended guidance enhances income tax disclosures primarily related to the effective tax rate reconciliation and income taxes paid information. This guidance requires disclosures of specific categories in the effective tax rate reconciliation and further information on reconciling items meeting a quantitative threshold. In addition, the amended guidance requires
104

Table of Contents
disaggregating income taxes paid (net of refunds received) by federal, state and foreign taxes. It also requires disaggregating individual jurisdictions in which income taxes paid (net of refunds received) is equal to or greater than 5% of total income taxes paid (net of refunds received). This standard is effective for us in the annual periods beginning in fiscal 2026 and interim periods beginning in the first quarter of fiscal 2027. We are currently evaluating the potential impact of this standard on financial statement disclosures.
Note 2. Revenue Recognition
Disaggregation of Revenue
Subscription and support revenue is recognized over time and accounted for approximately 97% of our revenue for each of fiscal 2024, fiscal 2023 and fiscal 2022, respectively.
The following table summarizes the revenue by region based on the shipping address of customers who have contracted to use our cloud platform:
Year Ended July 31,
202420232022
Amount % RevenueAmount  % RevenueAmount  % Revenue
(in thousands, except for percentage data)
 United States
$1,092,304 50 %$808,527 50 %$536,924 49 %
 Europe, Middle East and Africa672,421 31 515,136 32 370,035 34 
 Asia Pacific
327,816 15 241,250 15 155,460 14 
Other
75,230 4 52,039 3 28,527 3 
Total
$2,167,771 100 %$1,616,952 100 %$1,090,946 100 %
____
The following table summarizes the revenue from contracts by type of customer:
Year Ended July 31,
202420232022
Amount % RevenueAmount % RevenueAmount % Revenue
(in thousands, except for percentage data)
 Channel partners
$1,967,908 91 %$1,488,379 92 %$1,016,747 93 %
Direct customers
199,863 9 128,573 8 74,199 7 
Total
$2,167,771 100 %$1,616,952 100 %$1,090,946 100 %
Significant Customers
No single customer accounted for 10% or more of the total revenue or the total balance of accounts receivable, net in the periods presented.
Contract Balances
Contract liabilities consist of deferred revenue and include payments received in advance of performance under the contract. Such amounts are recognized as revenue over the contractual period. Deferred revenue, including current and noncurrent balances as of July 31, 2024 and July 31, 2023 was $1,895.0 million and $1,439.7 million, respectively. In fiscal 2024, fiscal 2023 and fiscal 2022 we recognized revenue of $1,277.8 million, $919.9 million and $570.3 million, respectively, that was included in the corresponding contract liability balance at the beginning of the related fiscal year.
105

Table of Contents
We receive payments from customers based upon contractual billing schedules and accounts receivable are recorded when the right to consideration becomes unconditional. Payment terms on invoiced amounts are typically 30 days but may be up to 90 days for some of our channel partners. Contract assets include amounts related to our contractual right to consideration for both completed and partially completed performance obligations that may not have been invoiced and such amounts have historically not been material.
Remaining Performance Obligations
The typical subscription and support term is one to three years. Most of our subscription and support contracts are non-cancelable over the contractual term. However, customers typically have the right to terminate their contracts for cause, if we fail to perform. As of July 31, 2024, the aggregate amount of the transaction price allocated to remaining performance obligations was $4,417.6 million. We expect to recognize 48% of the transaction price over the next 12 months and 94% of the transaction price over the next three years, with the remainder recognized thereafter.
Costs to Obtain and Fulfill a Contract
We capitalize sales commission and associated payroll taxes paid to sales personnel that are incremental to the acquisition of channel partner and direct customer contracts. These costs are recorded as deferred contract acquisition costs in the consolidated balance sheets. We determine whether costs should be deferred based on our sales compensation plans, if the commissions are in fact incremental and would not have occurred absent the customer contract.
Sales commissions for renewal of a contract are not considered commensurate with the commissions paid for the acquisition of the initial contract given the substantive difference in commission rates in proportion to their respective contract values. Commissions paid upon the initial acquisition of a contract are amortized over an estimated period of benefit of five years while commissions paid for renewal contracts are amortized over the contractual term of the renewals. Amortization of deferred contract acquisition costs is recognized on a straight-line basis commensurate with the pattern of revenue recognition and included in sales and marketing expense in the consolidated statements of operations.
We determine the period of benefit for commissions paid for the acquisition of the initial contract by taking into consideration the expected subscription term and expected renewals of our customer contracts, the duration of our relationships with our customers, customer retention data, our technology development lifecycle and other factors. We periodically review the carrying amount of deferred contract acquisition costs to determine whether events or changes in circumstances have occurred that could impact the period of benefit of these deferred costs. We did not recognize any impairment losses of deferred contract acquisition costs during the periods presented.
The activity of the deferred contract acquisition costs consisted of the following:
Year Ended July 31,
202420232022
(in thousands)
 Beginning balance
$375,234 $297,002 $207,030 
 Capitalization of contract acquisition costs
200,303 176,950 158,503 
 Amortization of deferred contract acquisition costs
(130,139)(98,718)(68,531)
Ending balance
$445,398 $375,234 $297,002 



106

Table of Contents
The outstanding balance of the deferred contract acquisition costs consisted of the following:
July 31,
20242023
(in thousands)
Deferred contract acquisition costs, current
$148,873 $115,827 
Deferred contract acquisition costs, noncurrent
296,525 259,407 
Total deferred contract acquisition costs
$445,398 $375,234 
107

Table of Contents
Note 3. Cash Equivalents and Short-Term Investments
Cash equivalents and short-term investments consisted of the following as of July 31, 2024:
Amortized
Cost
Unrealized
Gains
Unrealized
Losses

Fair Value
(in thousands)
Cash equivalents:
Money market funds$956,932 $ $ $956,932 
U.S. treasury securities178,188  (15)178,173 
U.S. government agency securities57,555  (6)57,549 
Certificates of deposit80,940   80,940 
Total cash equivalents$1,273,615 $ $(21)$1,273,594 
Short-term investments:
U.S. treasury securities$257,841 $8 $(828)$257,021 
U.S. government agency securities160,574 43 (542)160,075 
Corporate debt securities568,589 1,514 (625)569,478 
Total short-term investments$987,004 $1,565 $(1,995)$986,574 
Total cash equivalents and short-term investments$2,260,619 $1,565 $(2,016)$2,260,168 
Cash equivalents and short-term investments consisted of the following as of July 31, 2023:
Amortized
Cost
Unrealized
Gains
Unrealized
Losses

Fair Value
(in thousands)
Cash equivalents:
Money market funds$768,003 $ $ $768,003 
U.S. treasury securities157,250  (30)157,220 
U.S. government agency securities166,671  (35)166,636 
Corporate debt securities38,800   38,800 
Total cash equivalents$1,130,724 $ $(65)$1,130,659 
Short-term investments:
U.S. treasury securities$175,451 $ $(1,875)$173,576 
U.S. government agency securities266,392 2 (4,299)262,095 
Corporate debt securities406,517 49 (4,211)402,355 
Total short-term investments$848,360 $51 $(10,385)$838,026 
Total cash equivalents and short-term investments$1,979,084 $51 $(10,450)$1,968,685 
108

Table of Contents
The amortized cost and fair value of our short-term investments based on their stated maturities consisted of the following as of July 31, 2024:
Amortized
Cost
Fair Value
(in thousands)
Due within one year$476,116 $475,325 
Due between one to three years510,888 511,249 
Total$987,004 $986,574 
Short-term investments that were in continuous unrealized loss position as of July 31, 2024 consisted of the following:
Less than 12 MonthsGreater than 12 MonthsTotal
Fair
Value
Unrealized
Losses
Fair
Value
Unrealized
Losses
Fair
Value
Unrealized
Losses
(in thousands)
U.S. treasury securities$152,574 $(115)$87,808 $(713)$240,382 $(828)
U.S. government agency securities65,563 (28)65,334 (514)130,897 (542)
Corporate debt securities
81,020 (102)94,666 (523)175,686 (625)
Total$299,157 $(245)$247,808 $(1,750)$546,965 $(1,995)
Short-term investments that were in continuous unrealized loss position as of July 31, 2023 consisted of the following:
Less than 12 MonthsGreater than 12 MonthsTotal
Fair
Value
Unrealized
Losses
Fair
Value
Unrealized
Losses
Fair
Value
Unrealized
Losses
(in thousands)
U.S. treasury securities$173,576 $(1,875)$ $ $173,576 $(1,875)
U.S. government agency securities119,558 (292)131,530 (4,007)251,088 (4,299)
Corporate debt securities232,504 (2,034)82,599 (2,177)315,103 (4,211)
Total$525,638 $(4,201)$214,129 $(6,184)$739,767 $(10,385)
We review the individual securities that have unrealized losses in our short-term investment portfolio on a regular basis. We evaluate, among others, whether we have the intention to sell any of these investments and whether it is not more likely than not that we will be required to sell any of them before recovery of the amortized cost basis. Neither of these criteria were met in any period presented. We additionally evaluate whether the decline in fair value of the corporate debt securities below their amortized cost basis is related to credit losses or other factors. Based on this evaluation, we determined that unrealized losses of the above securities were primarily attributable to changes in interest rates and non credit-related factors. Accordingly, we determined that an allowance for credit losses was unnecessary for our short-term investments as of July 31, 2024 and 2023.
As of July 31, 2024 and 2023, we recorded $10.7 million and $7.2 million, respectively, of accrued interest receivable within prepaid expenses and other current assets in the consolidated balance sheets.
Strategic Investments
Our strategic investments consist primarily of non-marketable equity securities of privately held companies which do not have a readily determinable fair value. These investments are primarily accounted for under the cost method as we have less than 20% ownership and do not have the ability to exercise significant influence over their operations. As of July 31,
109

Table of Contents
2024 and 2023, the carrying amount of our strategic investments was $9.8 million and $7.8 million, respectively, and is included within other noncurrent assets in the consolidated balance sheets. There were no material events or circumstances impacting their carrying amount during the periods presented.
Note 4. Fair Value Measurements
Fair value is defined as the exchange price that would be received from the sale of an asset or paid to transfer a liability in the principal or most advantageous market for the asset or liability in an orderly transaction between market participants on the measurement date. We measure our financial assets and liabilities at fair value at each reporting period using a fair value hierarchy which requires us to maximize the use of observable inputs and minimize the use of unobservable inputs when measuring fair value. A financial instrument’s classification within the fair value hierarchy is based upon the lowest level of input that is significant to the fair value measurement. Three levels of inputs may be used to measure fair value:
Level I - Observable inputs are unadjusted quoted prices in active markets for identical assets or liabilities;
Level II - Observable inputs are quoted prices for similar assets and liabilities in active markets or inputs other than quoted prices that are observable for the assets or liabilities, either directly or indirectly through market corroboration, for substantially the full term of the financial instruments; and
Level III - Unobservable inputs that are supported by little or no market activity and that are significant to the fair value of the assets or liabilities. These inputs are based on our own assumptions used to measure assets and liabilities at fair value and require significant management judgment or estimation.
Our money market funds are classified within Level I due to the highly liquid nature of these assets and have quoted prices in active markets. Certain of our investments in available-for-sale securities (i.e., U.S. treasury securities, U.S. government agency securities, certificates of deposit and corporate debt securities), as well as our assets and liabilities arising from our foreign currency forward contracts and our interest rate swap contracts, are classified within Level II. The fair value of our Level II financial assets and liabilities is determined by using inputs based on non-binding market consensus prices that are primarily corroborated by observable market data or quoted market prices for similar instruments, for substantially the full term of the financial assets and liabilities.
110

Table of Contents
Assets and liabilities that are measured at fair value on a recurring basis consisted of the following as of July 31, 2024:
Level ILevel IILevel III
Fair ValueQuoted Prices
in Active
Markets for
Identical Assets
Significant
Other
Observable
Inputs
Significant
Unobservable
Inputs
(in thousands)
Cash equivalents:
Money market funds$956,932 $956,932 $ $ 
U.S. treasury securities178,173  178,173  
U.S. government agency securities57,549  57,549  
Certificates of deposit80,940  80,940  
Total cash equivalents$1,273,594 $956,932 $316,662 $ 
Short-term investments:
U.S. treasury securities$257,021 $ $257,021 $ 
U.S. government agency securities160,075  160,075  
Corporate debt securities569,478  569,478  
Total short-term investments$986,574 $ $986,574 $ 
Total cash equivalents and short-term investments$2,260,168 $956,932 $1,303,236 $ 
Designated derivative instruments:
Foreign currency contracts assets-current (1)
$2,541 $ $2,541 $ 
Foreign currency contracts assets-noncurrent (2)
$800 $ $800 $ 
Foreign currency contracts liabilities-current (3)
$3,731 $ $3,731 $ 
Foreign currency contracts liabilities-noncurrent (4)
$844 $ $844 $ 
Interest rate contracts liabilities-current (3)
$3,829 $ $3,829 $ 
Non-designated derivative instruments:
Foreign currency contracts assets-current (1)
$2,132 $ $2,132 $ 
Foreign currency contracts liabilities-current (3)
$1,748 $ $1,748 $ 
(1) Included within prepaid expenses and other current assets in the consolidated balance sheets.
(2) Included within other noncurrent assets in the consolidated balance sheets.
(3) Included within accrued expenses and other current liabilities in the consolidated balance sheets.
(4) Included within other noncurrent liabilities in the consolidated balance sheets.




111

Table of Contents
Assets that are measured at fair value on a recurring basis consisted of the following as of July 31, 2023:
Level ILevel IILevel III
Fair ValueQuoted Prices
in Active
Markets for
Identical Assets
Significant
Other
Observable
Inputs
Significant
Unobservable
Inputs
(in thousands)
Cash equivalents:
Money market funds$768,003 $768,003 $ $ 
U.S. treasury securities157,220  157,220  
U.S. government agency securities166,636  166,636  
Corporate debt securities38,800  38,800  
Total cash equivalents$1,130,659 $768,003 $362,656 $ 
Short-term investments:
U.S. treasury securities$173,576 $ $173,576 $ 
U.S. government agency securities262,095  262,095  
Corporate debt securities402,355  402,355  
Total short-term investments$838,026 $ $838,026 $ 
Total cash equivalents and short-term investments$1,968,685 $768,003 $1,200,682 $ 
Designated derivative instruments:
Foreign currency contracts assets-current (1)
$12,581 $ $12,581 $ 
Foreign currency contracts assets-noncurrent (2)
$2,264 $ $2,264 $ 
Foreign currency contracts liabilities-current (3)
$1,452 $ $1,452 $ 
Foreign currency contracts liabilities-noncurrent (4)
$669 $ $669 $ 
Interest rate contracts liabilities-current (3)
$6,439 $ $6,439 $ 
Interest rate contracts liabilities-noncurrent (4)
$1,588 $ $1,588 $ 
Non-designated derivative instruments:
Foreign currency contracts assets-current (1)
$2,061 $ $2,061 $ 
Foreign currency contracts liabilities-current (3)
$465 $ $465 $ 
(1) Included within prepaid expenses and other current assets in the consolidated balance sheets.
(2) Included within other noncurrent assets in the consolidated balance sheets.
(3) Included within accrued expenses and other current liabilities in the consolidated balance sheets.
(4) Included within other noncurrent liabilities in the consolidated balance sheets.
We did not have transfers between levels of the fair value hierarchy of assets measured at fair value during the periods presented.
Refer to Note 10, Convertible Senior Notes, for the carrying amount and estimated fair value of our convertible senior notes as of July 31, 2024 and 2023.
112

Table of Contents
Note 5. Balance Sheet Components
Property and Equipment and Purchased Intangible Assets
Property and equipment consisted of the following:
July 31,
Estimated Useful Life
20242023
(in thousands)
Hosting equipment (1)
4 - 5 years
$418,775 $280,851 
Capitalized internal-use software
3 - 5 years
197,769 120,877 
Computers and equipment
3 - 5 years
6,741 7,107 
Purchased software
3 years
1,102 1,311 
Furniture and fixtures
5 years
1,071 1,025 
Leasehold improvements
Shorter of useful life or lease term7,974 7,608 
Total property and equipment, gross 633,432 418,779 
Less: Accumulated depreciation and amortization
(250,311)(176,424)
Total property and equipment, net
$383,121 $242,355 
(1) In August 2023, we extended the useful lives of hosting equipment from four to five years. Refer to Note 1, Business and Summary of Significant Accounting Policies, for further information.
Purchased intangible assets consist of internet protocol (IP) addresses and source codes, which are amortized on a straight-line basis over an estimated useful life of 10 years. As of July 31, 2024, their historical cost and accumulated amortization were $12.4 million and $2.8 million, respectively. As of July 31, 2023, their historical cost and accumulated amortization were $8.6 million and $1.6 million, respectively. Purchased intangible assets are included within other noncurrent assets in the consolidated balance sheets.
We recognized depreciation and amortization expense on property and equipment and purchased intangible assets of $66.3 million, $55.8 million and $40.5 million in fiscal 2024, fiscal 2023 and fiscal 2022, respectively. Additionally, we recognized stock-based compensation expense on the amortization of capitalized stock-based compensation associated with capitalized internal-use software of $13.0 million, $8.4 million and $4.5 million in fiscal 2024, fiscal 2023 and fiscal 2022, respectively.
Accrued compensation
Accrued compensation consisted of the following:
July 31,
20242023
(in thousands)
Accrued commissions
$51,371 $47,997 
Accrued bonuses
53,452 37,417 
Accrued payroll and related expenses
47,184 44,024 
Employee stock purchase plan
8,803 7,362 
Total accrued compensation
$160,810 $136,800 

113

Table of Contents
Note 6. Business Combinations
Airgap Networks Inc.
On April 12, 2024, we completed the acquisition of Airgap Networks Inc. ("Airgap"), an early-stage technology company incorporated in the United States, for total purchase price consideration of $124.4 million. We plan to integrate Airgap's technology into our cloud platform.
In addition to the consideration noted above, pursuant to the terms of the purchase agreement, certain Airgap employees who became our employees are entitled to receive deferred merger consideration with a fair value as of the grant date of $20.3 million payable in the form of restricted shares of our common stock. These awards are subject to time-based vesting and will be recognized as stock-based compensation expense during the post-combination period. Additionally, in connection with this acquisition, we committed to issue replacement awards with a fair value as of the closing date of the acquisition of $6.2 million, of which $1.4 million attributable to pre-combination vesting was allocated to the purchase price consideration. The remaining balance is attributable to post-combination vesting and will be recognized as compensation expense during the post-combination period.
In connection with this acquisition, we completed a valuation of the acquired identifiable intangible assets as of April 12, 2024. The purchase price consideration was allocated on a preliminary basis, subject to working capital adjustment, to identified intangible assets, which include $28.7 million of developed technology, $3.1 million of customer relationships, and $95.5 million of goodwill. The developed technology was valued using a replacement cost approach, which is based on the cost of a market participant to reconstruct a substitute asset of comparable utility. The customer relationships were also valued using the replacement cost approach, which is based on the cost a market participant would incur to generate the acquired portfolio of customers. Goodwill represents the excess of the purchase price paid over the fair value of the net assets acquired and is primarily attributable to the acquired workforce and expected operating synergies. The acquisition-related transaction expenses were not material and recorded as incurred within general and administrative expenses in the consolidated statement of operations for fiscal 2024.
The acquisition qualified as a stock transaction for tax purposes. The goodwill is not expected to be deductible for income tax purposes.
During the measurement period, which may be up to one year from the acquisition date, we may record adjustments to the fair value of the acquired intangible assets, deferred tax and goodwill.










114

Table of Contents

The preliminary allocation of the purchase price consideration consisted of the following:
Amount
Estimated Useful Life
(in thousands)
Assets acquired:
Cash, cash equivalents and other assets$5,764 
Acquired intangible assets:
 Developed technology
28,700 5 years
Customer relationships3,100 5 years
Goodwill
95,463 
Total
$133,027 
Liabilities assumed:
Accounts payable, accrued expenses and other liabilities$3,467 
Deferred tax liability5,123 
Total$8,590 
Total purchase price consideration
$124,437 
Avalor Technologies Ltd.
On March 8, 2024 we completed the acquisition of Avalor Technologies Ltd. ("Avalor"), an early-stage technology company incorporated in Israel, for total purchase price consideration of $256.7 million. We plan to integrate this company's technology into our cloud platform.
In addition to the consideration noted above, pursuant to the terms of the stock purchase agreement, certain Avalor employees who became our employees are entitled to receive deferred merger consideration with a fair value as of the grant date of $46.5 million payable in the form of restricted shares of our common stock. These awards are subject to time-based vesting and will be recognized as stock-based compensation expense during the post-combination period. Additionally, in connection with this acquisition, we committed to issue replacement awards with a fair value as of the closing date of the acquisition of $14.4 million, of which $2.4 million attributable to pre-combination vesting was allocated to the purchase price consideration. The remaining balance is attributable to post-combination vesting and will be recognized as compensation expense during the post-combination period.
In connection with this acquisition, we completed a valuation of the acquired identifiable intangible assets as of March 8, 2024. The purchase price consideration was allocated on a preliminary basis, subject to working capital adjustment to identified intangible assets, which include $14.7 million of developed technology, $3.3 million of customer relationships, and $229.2 million of goodwill. The developed technology was valued using a replacement cost approach, which is based on the cost of a market participant to reconstruct a substitute asset of comparable utility. The customer relationships were also valued using the replacement cost approach, which is based on the cost a market participant would incur to generate the acquired portfolio of customers. Goodwill represents the excess of the purchase price paid over the fair value of the net assets acquired and is primarily attributable to the acquired workforce and expected operating synergies. The acquisition-related transaction expenses were not material and recorded as incurred within general and administrative expenses in the consolidated statement of operations for fiscal 2024.
115

Table of Contents
The acquisition qualified as a stock transaction for tax purposes. The goodwill is not expected to be deductible for income tax purposes.
During the measurement period, which may be up to one year from the acquisition date, we may record adjustments to the fair value of the acquired intangible assets, deferred tax and goodwill.
The preliminary allocation of the purchase price consideration consisted of the following:
Amount
Estimated Useful Life
(in thousands)
Assets acquired:
Cash, cash equivalents and other assets$13,405 
Acquired intangible assets:
 Developed technology
14,700 5 years
Customer relationships3,300 5 years
Deferred tax asset841 
Goodwill
229,151 
Total$261,397 
Liabilities assumed:
Accounts payable, accrued expenses and other liabilities$4,017 
Deferred tax liability693 
Total$4,710 
Total purchase price consideration
$256,687 
Securelyshare Software Private Ltd.
On August 31, 2023, we completed the acquisition of Securelyshare Software Private Ltd. ("Securelyshare"), an early-stage technology company incorporated in India, for total purchase price consideration of $5.3 million. We have integrated this company's technology into our cloud platform. The transaction was accounted for as a business combination. We recognized intangible assets of $2.8 million for developed technology and goodwill of $3.2 million. The developed technology is amortized over its economic useful life of five years. Goodwill represents the excess of the purchase price paid over the fair value of the net assets acquired and is primarily attributable to the acquired workforce and expected operating synergies. The acquisition qualified as a stock transaction for tax purposes. The goodwill is not expected to be deductible for income tax purposes. The acquisition-related transaction expenses were not material and recorded as incurred within general and administrative expenses in the consolidated statement of operations for fiscal 2024.
Canonic Security Technologies Ltd.
On February 20, 2023, we completed the acquisition of Canonic Security Technologies Ltd. ("Canonic"), an early-stage technology company incorporated in Israel, for total purchase price consideration of $16.5 million. We have integrated this company's technology into our cloud platform.
In addition to the cash consideration noted above, pursuant to the terms of the purchase agreement, certain of Canonic's employees who became our employees are entitled to receive deferred merger consideration with a fair value as of the grant date of $4.1 million payable in the form of restricted shares of our common stock. These awards are subject to time-based vesting and will be recognized as stock-based compensation expense during the post-combination period.
116

Table of Contents
In connection with this acquisition, we completed a valuation of the acquired identifiable assets as of February 20, 2023. The allocation of the purchase price consideration resulted in the recognition of $10.6 million of goodwill and $5.1 million of developed technology. The developed technology was valued using a replacement cost approach, which is based on the cost of a market participant to reconstruct a substitute asset of comparable utility. Goodwill represents the excess of the purchase price paid over the fair value of the net assets acquired and is primarily attributable to the acquired workforce and expected operating synergies. The acquisition-related transaction expenses were not material and recorded as incurred within general and administrative expenses in the consolidated statement of operations for fiscal 2023.
The acquisition qualified as a stock transaction for tax purposes. The goodwill is not expected to be deductible for income tax purposes.
The allocation of the purchase price consideration consisted of the following:

Amount
Estimated Useful Life
(in thousands)
Assets acquired:
Cash, cash equivalents and other assets$673 
Acquired intangible assets:
 Developed technology
5,100 5 years
Deferred tax asset781 
Goodwill
10,645 
Total
$17,199 
Liabilities assumed:
Accounts payable, accrued expenses and other liabilities$692 
Total
$692 
Total purchase price consideration
$16,507 
ShiftRight, Inc.
On June 17, 2022, we completed the acquisition of ShiftRight, Inc. (“ShiftRight”), an early-stage technology company incorporated in the United States for a total purchase price consideration of $25.6 million. We have integrated this company’s technology into our cloud platform.
In addition to the cash consideration noted above, pursuant to the terms of the purchase agreement, certain of ShiftRight's employees who became our employees are entitled to receive deferred merger consideration with a fair value as of the grant date of $15.2 million payable in the form of restricted shares of our common stock. These awards are subject to time-based vesting and will be recognized as stock-based compensation expense during the post-combination period.
117

Table of Contents
In connection with this acquisition, we completed a valuation of the acquired intangible assets as of June 17, 2022. The allocation of the purchase price consideration resulted in the recognition of $18.7 million of goodwill and $7.1 million of developed technology. The developed technology was valued using a replacement cost approach, which is based on the cost of a market participant to reconstruct a substitute asset of comparable utility. Goodwill represents the excess of the purchase price paid over the fair value of the net assets acquired and is primarily attributable to the acquired workforce and expected operating synergies. The acquisition-related transaction expenses were not material and recorded as incurred within general and administrative expenses in the consolidated statement of operations for fiscal 2022.
The acquisition qualified as a stock transaction for tax purposes. The goodwill is not expected to be deductible for income tax purposes.
The allocation of the purchase price consideration consisted of the following:
Amount
Estimated Useful Life
(in thousands)
Assets acquired:
Cash and other assets$535 
Acquired intangible assets:
Developed technology
7,100 5 years
Goodwill
18,724 
Total
$26,359 
Liabilities assumed:
Deferred tax liability$682 
Other liabilities99 
Total
$781 
Total purchase price consideration
$25,578 
Other Business Combinations
In November 2021, we completed a business acquisition for a total purchase price consideration of $2.1 million, consisting of $0.4 million paid in cash at closing and the issuance of shares of our common stock with an aggregate fair value of $1.7 million at closing.
In addition to the cash consideration noted above, pursuant to the terms of the purchase agreement, certain employees of the acquired company who became our employees are entitled to receive deferred merger consideration payable in the form of restricted shares of our common stock. These awards are subject to time-based vesting and will be recognized as stock-based compensation expense during the post-combination period.
118

Table of Contents
Based on the valuation of the acquired intangible assets, the allocation of the purchase price consideration resulted in the recognition of $1.6 million of developed technology and $0.8 million of goodwill. The developed technology is amortized over its economic useful life of 5.0 years. The acquisition-related transaction expenses were not material and recorded as incurred within general and administrative expenses in the consolidated statement of operations for fiscal 2022.
The acquisition qualified as a stock transaction for tax purposes. Goodwill is not expected to be deductible for income tax purposes.
Pro Forma Financial Information
The pro forma financial information from the above business acquisitions, assuming the acquisition had occurred as of the beginning of the fiscal year prior to the fiscal year of the acquisition, as well as revenue and earnings generated during the current fiscal year, were not material for disclosure purposes.
Note 7. Goodwill and Acquired Intangible Assets
Goodwill
Changes in the carrying amount of goodwill consisted of the following:
Amount
(in thousands)
Balance as of July 31, 2023 $89,192 
Goodwill acquired327,837 
Balance as of July 31, 2024 $417,029 
Acquired Intangible Assets
Acquired intangible assets consist of developed technology and customer relationships acquired through our business acquisitions and asset acquisitions. Acquired intangible assets are amortized using the straight-line method over their estimated useful lives.
During fiscal 2024, in connection with the acquisition of Airgap, Avalor and Securelyshare, we acquired developed technology and customer relationships with a fair value of $46.2 million and $6.4 million, respectively, and each of them with an estimated useful life of five years. For further information refer to Note 6, Business Combinations.
Changes in acquired intangible assets for July 31, 2024 and 2023, consisted of the following:
Gross Carrying AmountAccumulated AmortizationNet Carrying AmountWeighted Average Remaining Useful life
July 31, 2023AdditionsJuly 31, 2024July 31, 2023Amortization ExpenseJuly 31, 2024July 31, 2023July 31, 2024July 31, 2024
(in thousands)(years)
Developed technology$53,456 $46,200 $99,656 $(29,259)$(13,392)$(42,651)$24,197 $57,005 4.2
Customer relationships3,560 6,400 9,960 (1,898)(1,232)(3,130)1,662 6,830 4.4
Total$57,016 $52,600 $109,616 $(31,157)$(14,624)$(45,781)$25,859 $63,835 4.2
As of July 31, 2023, the weighted-average remaining useful life for developed technology and customer relationships was 3.0 years and 2.3 years, respectively.
119

Table of Contents
Amortization expense of acquired intangible assets was $14.6 million, $11.1 million and $9.0 million in fiscal 2024, fiscal 2023 and fiscal 2022, respectively. Amortization expense of developed technology and customer relationships is included primarily within cost of revenue and sales and marketing expenses, respectively, in the consolidated statements of operations.
Future amortization expense of acquired intangible assets as of July 31, 2024 consists of the following:
Amount
(in thousands)
Fiscal Year ending July 31,
2025$16,785 
202615,772 
202712,948 
202811,115 
20297,215 
Total
$63,835 
Note 8. Derivative Instruments
Foreign Currency Forward Contracts
As a global business, we are exposed to foreign currency exchange rate risk. Substantially all of our revenue is transacted in U.S. dollars; however, a portion of our cost of revenue and operating expenditures are incurred outside of the United States and are denominated in foreign currencies, making them subject to fluctuations in foreign currency exchange rates. In order to mitigate the impact of foreign currency fluctuations on our future cash flows and earnings, we enter into foreign currency forward contracts, which we designate as cash flow hedges. The maximum length of time over which forecasted foreign currency denominated operating expenses are hedged is 21 months. All cash flow hedges were considered effective for all periods presented.
We also use foreign currency forward contracts to mitigate variability in gains and losses generated from the remeasurement of certain monetary assets and liabilities denominated in foreign currencies. The outstanding non-designated derivative instruments are carried at fair value with the change in fair value recorded in other expense, net in the consolidated statement of operations in the same period as the changes in fair value from the remeasurement of the underlying assets and liabilities. Cash flows from such derivatives are classified as operating activities. These foreign exchange contracts typically have maturities of approximately one to four months. Changes in the fair value of these derivatives were not material for all periods presented.
As of July 31, 2024 and July 31, 2023, the total notional amount of our outstanding designated foreign currency forward contracts was $544.5 million and $457.6 million, respectively, and for our outstanding non-designated foreign currency forward contracts was $352.8 million and $182.9 million, respectively. As of July 31, 2024, an estimated $2.2 million of the unrealized gain related to our cash flow hedges are expected to be released into earnings over the next 12 months. Refer to Note 4, Fair Value Measurements, for the fair value of our derivative instruments as reported on the consolidated balance sheet as of July 31, 2024 and July 31, 2023.
Changes in the fair value of our non-designated derivative instruments recognized within other expense, net in the consolidated statement of operations were not material for all periods presented.


120

Table of Contents
The changes in accumulated other comprehensive income (loss) related to our cash flow hedges consisted of the following:
Year Ended July 31,
202420232022
(in thousands)
Balance of AOCI as of the beginning of the period$8,937 $(13,745)$(628)
Net unrealized gains (losses) recognized in accumulated other comprehensive income(10,761)11,103 (20,130)
Gains (losses) reclassified from AOCI into the consolidated statement of operations (1)
(2,400)11,579 7,013 
Balance of AOCI as of the end of the period $(4,224)$8,937 $(13,745)
(1) (Gains) losses related to our cash flow hedges reclassified from AOCI into the consolidated statement of operations consisted of the following:
Year Ended July 31,
202420232022
(in thousands)
Cost of revenue$(785)$1,835 $617 
Sales and marketing
(789)7,670 520 
Research and development
(433)1,506 284 
General and administrative
(393)568 5,592 
Total
$(2,400)$11,579 $7,013 
Our derivative contracts expose us to credit risk to the extent that the counterparties may be unable to meet the terms of the underlying contracts. We mitigate this credit risk by transacting with major financial institutions with high credit ratings and standards. We periodically assess the creditworthiness of our counterparties to ensure they continue to meet our credit quality requirements. We also enter into master netting arrangements, which permit net settlement of transactions with the same counterparty. The potential impact of these rights of set-off associated with our derivative instruments was not material as of July 31, 2024 and July 31, 2023. We are not required to pledge, and are not entitled to receive, cash collateral related to these derivative instruments. We do not enter into derivative contracts for trading or speculative purposes.
Interest Rate Swap Contracts
During fiscal 2023, we entered into interest rate swaps contracts, maturing on July 1, 2025, designated as fair value hedges intended to hedge a portion of our fair value risk exposure due to changing interest rates by economically converting the fixed interest rate of a certain tranche of our convertible senior notes to a floating interest rate. As of July 31, 2024 and July 31, 2023, the carrying amount of the hedged convertible senior notes was $498.2 million and $496.4 million, respectively. The total notional amount of our outstanding interest rate swaps was $500.0 million as of July 31, 2024 and July 31, 2023. The gains and losses related to changes in the fair value of the interest rate swaps are included within interest expense in the consolidated statement of operations and substantially offset changes in the fair value of the hedged portion of the underlying convertible senior notes that are attributable to the changes in underlying benchmark interest rates. As of July 31, 2024 and July 31, 2023, the cumulative amount of fair value hedge accounting adjustments included in the carrying amount of the convertible senior notes was $4.1 million and $8.3 million, respectively.

121

Table of Contents
The effect of derivative instruments designated as fair value hedges included within interest expense in the statement of operations consisted of the following:
Gains (Losses)
Year Ended July 31,
20242023
(in thousands)
Interest rate swaps:
Hedge accounting fair value adjustments$(4,241)$8,306 
Derivatives designated as hedging instruments
4,198 (8,028)
Total
$(43)$278 
Note 9. Restructuring and Other Charges
On March 1, 2023, we announced a restructuring plan as a part of our planned efforts to streamline operations and to align people, roles, and projects to our strategic priorities. These actions included the reduction of our worldwide headcount by approximately 3%.
During fiscal 2023, we incurred $7.6 million of restructuring charges, consisting of $6.6 million of employee severance and benefit charges and $1.0 million of stock-based compensation expense related to modified equity incentive awards. These charges were recorded within restructuring and other charges in the consolidated statements of operations. The restructuring plan was completed during the fiscal quarter ended October 31, 2023.
Note 10. Convertible Senior Notes
On June 25, 2020, we issued $1,150.0 million in aggregate principal amount of 0.125% convertible senior notes due 2025 (the "Notes"), including the exercise in full by the initial purchasers of the Notes of their option to purchase an additional $150.0 million principal amount of the Notes. The Notes are unsecured obligations and bear interest at a rate of 0.125% per year and interest is payable semiannually in arrears on January 1 and July 1 of each year, beginning on January 1, 2021. The Notes mature on July 1, 2025, unless earlier converted, redeemed or repurchased. The total net proceeds from the offering, after deducting initial purchase discounts and other debt issuance costs, was $1,130.5 million.
The Notes do not contain any financial covenants or restrictions on the payments of dividends, the incurrence of indebtedness or the issuance or repurchase of securities by us or any of our subsidiaries.
The following table presents details of the Notes:
Initial Conversion Rate per $1,000 PrincipalInitial Conversion PriceInitial Number of Shares
(in thousands)
Notes6.6315 shares$150.807,626
The Notes are convertible at the option of the holders at any time prior to the close of business on the business day immediately preceding April 1, 2025, only under the following circumstances:
During any fiscal quarter commencing after the fiscal quarter ending on October 31, 2020 (and only during such fiscal quarter), if the last reported sale price of our common stock for at least 20 trading days (whether or not consecutive) during a period of 30 consecutive trading days ending on and including, the last trading day of the immediately preceding fiscal quarter is greater than or equal to 130% of the conversion price of the Notes on each applicable trading day;
122

Table of Contents
During the five-business day period after any five consecutive trading day period (the “measurement period”) in which the trading price per $1,000 principal amount of the Notes for each trading day of the measurement period was less than 98% of the product of the last reported sale price of our common stock and the conversion rate of the Notes on each such trading day;
If we call any or all of the Notes for redemption, the Notes called for redemption (or, at our election all Notes) may be submitted for conversion at any time prior to the close of business on the second scheduled trading day immediately preceding the redemption date; or
upon the occurrence of specified corporate events as set forth within the indenture governing the Notes.
On or after April 1, 2025, until the close of business on the second scheduled trading day immediately preceding the maturity date, holders may convert, all or any portion of their Notes at any time, in multiples of $1,000 principal amount, at their option regardless of the foregoing circumstances. Upon conversion, we will satisfy the conversion obligation by paying or delivering, as the case may be, cash, shares of our common stock or a combination of cash and shares of our common stock, at our election. It is our current intent to settle the principal amount of the Notes in cash.
During the three months ended July 31, 2024, the conditions allowing holders of the Notes to convert were not met. As of July 31, 2024, we classified the Notes within current liabilities as they mature on July 1, 2025. As of July 31, 2023, we classified the Notes within noncurrent liabilities as we had the election of repaying the Notes in cash, shares of our common stock, or a combination of both. Conversion notices received were not material for any period presented.
Prior to July 5, 2023, we were not permitted to redeem the Notes. On and subsequent to July 5, 2023, and prior to the 21st scheduled trading day immediately preceding the maturity date, we may redeem for cash all or any portion of the Notes, at our option, if the last reported sale price of our common stock has been at least 130% of the conversion price then in effect for at least 20 trading days (whether or not consecutive) during any 30 consecutive trading day-period (including the last trading day of such period) ending on, and including, the trading day immediately preceding the date on which we provide notice of redemption at a redemption price equal to 100% of the principal amount of the Notes to be redeemed, plus accrued and unpaid interest to, but excluding, the redemption date. No sinking fund is provided for the Notes. If we redeem less than all the outstanding Notes, and only Notes called for redemption may be converted in connection with such partial redemption, at least $100.0 million aggregate principal amount of Notes must be outstanding and not subject to such partial redemption as of the relevant redemption notice date.
In the event of a corporate event that constitutes a “fundamental change" (as defined in the indenture governing the Notes), holders of the Notes will have the right, at their option to require us to repurchase for cash all or any portion of the Notes upon the occurrence of a fundamental change, at a purchase price equal to 100% of the principal amount of the Notes plus any accrued and unpaid interest, up to but excluding, the date of such repurchase. In addition, following certain corporate events that occur prior to the maturity date, or if we issue a notice of redemption, we will, in certain circumstances, increase the conversion rate for a holder who elects to convert its Notes in connection with such corporate event or notice of redemption, as the case may be.
In accounting for the issuance of the Notes and the related transaction costs, we separated the Notes into liability and equity components. The carrying amount of the liability component was initially calculated by measuring the fair value of similar liabilities that do not have associated convertible features utilizing the interest rate of 5.75%. The carrying amount of the equity component representing the conversion option was $278.5 million and was determined by deducting the fair value of the liability component from the par value of the Notes. This difference represents the debt discount that is amortized to interest expense over the term of the Notes using the effective interest rate method. The equity component was recorded in additional paid-in capital and is not remeasured as long as it continues to meet the conditions for equity classification.
123

Table of Contents
Total issuance costs of $19.5 million related to the Notes were allocated between liability, totaling $14.8 million, and equity, totaling $4.7 million, in the same proportion as the allocation of the total proceeds to the liability and equity components. Issuance costs attributable to the liability component are being amortized to interest expense over the term of the Notes. The excess of the principal amount of the liability component over its carrying amount is amortized to interest expense over the contractual term of the Notes at an effective interest rate of 6.03%. The issuance costs attributable to the equity component were netted against additional paid-in capital. The amount recorded for the equity component of the Notes was $273.4 million, net of allocated issuance costs of $4.7 million and deferred tax impact of $0.4 million.
Upon adoption of ASU 2020-06 as of August 1, 2022, we accounted for our Notes as a single unit of debt and no longer record the conversion feature in equity. This further eliminated the need for amortization of the debt discount as interest expense and the portion of the issuance costs initially allocated to equity is now classified as debt and amortized as interest expense. As of August 1, 2022, the adoption of this new standard resulted in an increase of $169.9 million to the carrying amount of the convertible senior notes, a decrease of $273.7 million to additional paid-in capital and a cumulative-effect adjustment of $103.8 million to accumulated deficit. For further information, refer to Note 1, Business and Summary of Significant Accounting Policies.
During fiscal 2023, we entered into interest rate swap contracts designated as fair value hedges of certain of our Notes. For further information refer to Note 8, Derivative Instruments.
The net carrying amount of the Notes consisted of the following:
July 31,
20242023
(in thousands)
Principal amount$1,149,954 $1,149,993 
Less:
Unamortized debt issuance costs
3,614 7,528 
Hedge accounting fair value adjustments4,065 8,306 
Total$1,142,275 $1,134,159 
The interest expense related to the Notes consisted of the following:
Year Ended July 31,
202420232022
(in thousands)
Contractual interest expense$1,436 $1,439 $1,438 
Amortization of debt discount (1)
  52,358 
Amortization of debt issuance costs (1)
3,914 3,894 2,783 
Total$5,350 $5,333 $56,579 
(1) The decrease in total interest expense beginning in fiscal 2023, was due to the derecognition of unamortized debt discount partially offset by the increase in the amortization of issuance costs previously recognized in equity. These changes were the result of adoption of ASU 2020-06, as described in Note 1, Business and Summary of Significant Accounting Policies.
The total fair value of the Notes was $1,465.5 million and $1,411.4 million as of July 31, 2024 and 2023, respectively. The fair value was determined based on the closing trading price per $1,000 of the Notes as of the last day of trading for the period. We consider the fair value of the Notes as of July 31, 2024 and 2023 to be a Level II measurement as they are not
124

Table of Contents
actively traded. The fair value of the Notes is primarily affected by the trading price of our common stock and market interest rates.
In connection with the pricing of the Notes, we entered into capped call transactions with the option counterparties (the "Capped Calls"). The Capped Calls each have an initial strike price of $150.80 per share, subject to certain adjustments, which corresponds to the initial conversion price of the Notes. The Capped Calls have an initial cap price of $246.76 per share, subject to certain adjustments. The Capped Calls are generally expected to reduce potential dilution to our common stock upon any conversion of the Notes and/or offset any cash payments we are required to make in excess of the principal amount of the converted Notes, as the case may be, with such reduction and/or offset subject to a cap. The Capped Calls are subject to adjustment upon the occurrence of specified extraordinary events affecting us, including merger events, tender offers and the announcement of such events. In addition, the Capped Calls are subject to certain specified additional disruption events that may give rise to a termination of the Capped Calls, including nationalization, insolvency or delisting, changes in law, failures to deliver, insolvency filings and hedging disruptions. For accounting purposes, the Capped Calls are separate transactions, and not part of the terms of the Notes. As the Capped Calls qualify for a scope exception from derivative accounting for instruments that are both indexed to the issuer's own stock and classified in stockholder's equity in the consolidated balance sheet, the premium of $145.2 million paid for the purchase of the Capped Calls was recorded as a reduction to additional paid-in capital and will not be remeasured. We have not exercised any Capped Call options during any of the periods presented.
125

Table of Contents
Note 11. Operating Leases
The following is a summary of our operating lease costs:
Year Ended July 31,
202420232022
Real Estate ArrangementsCo-Location ArrangementsTotalReal Estate ArrangementsCo-Location ArrangementsTotalReal Estate ArrangementsCo-Location ArrangementsTotal
(in thousands)
Operating lease, including imputed interest$9,902 $39,577 $49,479 $7,858 $24,677 $32,535 $6,347 $19,356 $25,703 
Short-term lease cost5,138 8,090 13,228 4,314 5,688 10,002 2,826 1,889 4,715 
Variable lease cost9,907 6,047 15,954 6,992 4,956 11,948 3,163 4,480 7,643 
Total operating lease costs$24,947 $53,714 $78,661 $19,164 $35,321 $54,485 $12,336 $25,725 $38,061 
Weighted-average remaining lease term (in years)2.11.93.02.03.72.7
Weighted-average discount rate5.3 %4.7 %4.5 %3.2 %4.1 %2.2 %
The following table presents information about our leases in the consolidated balance sheets:
July 31,
20242023
Real Estate ArrangementsCo-Location ArrangementsTotalReal Estate ArrangementsCo-Location ArrangementsTotal
(in thousands)
Operating lease right-of-use assets$22,612 $67,146 $89,758 $18,493 $52,178 $70,671 
Operating lease liabilities, current$11,381 $39,485 $50,866 $6,777 $27,692 $34,469 
Operating lease liabilities, noncurrent$12,974 $31,850 $44,824 $14,875 $27,042 $41,917 
Cash paid, net of tenant incentives for amounts included in the measurement of operating lease liabilities was $49.2 million, $32.2 million and $27.7 million for fiscal 2024, fiscal 2023 and fiscal 2022, respectively.
126

Table of Contents
Maturities of operating lease liabilities consisted of the following as of July 31, 2024:
Real Estate ArrangementsCo-Location ArrangementsTotal
Year ending July 31,(in thousands)
2025$12,381 $41,920 $54,301 
202610,537 24,396 34,933 
20272,481 8,598 11,079 
2028481  481 
Total future minimum lease payments25,880 74,914 100,794 
Less: Imputed interest1,525 3,579 5,104 
Total$24,355 $71,335 $95,690 
As of July 31, 2024, we have entered into non-cancelable operating leases with a term greater than 12 months that have not yet commenced with undiscounted future minimum payments of $9.6 million, which are excluded from the above table. These operating leases will commence between August 2024 and November 2024 with lease terms of approximately 3.0 years.
Note 12. Commitments and Contingencies
Non-cancelable Purchase Obligations
In the normal course of business, we enter into non-cancelable purchase commitments with various third parties to purchase products and services such as cloud infrastructure capacity, subscription-based cloud service arrangements, technology equipment, corporate and marketing events and consulting services.
The maturities of non-cancelable purchase obligations with a remaining term in excess of one year as of July 31, 2024 consisted of the following:
Amount
Year ending July 31,(in thousands)
2025$57,961 
202677,644 
202751,088 
202838,967 
202918,750 
Total$244,410 
Other Commitments
As of July 31, 2024 and 2023, we had outstanding irrevocable standby unsecured letters of credits and a guarantee for an aggregate value of $2.5 million and $2.1 million, respectively which serve as security under certain real estate leases included in Note 11, Operating Leases.
Legal Matters
Litigation and Claims
We are a party to various litigation matters from time to time and subject to claims that arise in the ordinary course of business, including patent, commercial, product liability, employment, class action, whistleblower and other litigation and
127

Table of Contents
claims, as well as governmental and other regulatory investigations and proceedings. In addition, third parties may from time to time assert claims against us in the form of letters and other communications. There is no pending or threatened legal proceeding to which we are a party that, in our opinion, is likely to have a material adverse effect on our future financial results or operations; however, the results of litigation and claims are inherently unpredictable. Regardless of the outcome, litigation can have an adverse impact on us because of defense and settlement costs, diversion of management resources and other factors. The expense of litigation and the timing of this expense from period to period are difficult to estimate, subject to change and could adversely affect our results of operations.
128

Table of Contents
Note 13. Stock-Based Compensation
Equity Incentive Plan
Equity incentive awards which may be granted to eligible participants under our Fiscal Year 2018 Equity Incentive Plan (the "2018 Plan") include restricted stock units, restricted stock, stock options, nonstatutory stock options, stock appreciation rights, performance units and performance shares.
As of July 31, 2024, a total of 53.1 million shares of common stock have been reserved for the issuance of equity awards under the 2018 Plan, of which 30.9 million shares were available for grant. The number of shares of common stock available for issuance under the 2018 Plan also includes an annual increase on the first day of each fiscal year pursuant to its automatic annual increase provision.
Stock Options
The activity of stock options for fiscal 2024 consisted of the following:
Outstanding
Stock
Options
Weighted-Average
Exercise
Price 
Weighted-Average
Remaining
Contractual Term
(in years)
Aggregate
Intrinsic
Value
(in thousands, except per share amounts)
Balance as of July 31, 20231,267 $18.542.1$179,678 
Granted50 $198.03
Exercised (864)$14.17$157,832 
Canceled, forfeited or expired  
Balance as of July 31, 2024453 $46.722.5$60,923 
Exercisable and expected to vest as of July 31, 20231,210 $12.821.8$178,616 
Exercisable and expected to vest as of July 31, 2024367 $15.841.0$59,989 
The weighted-average grant-date fair value per share of stock options granted was $117.41 and $88.97 during fiscal 2024 and fiscal 2023 respectively. There were no stock options granted during fiscal 2022.
The total grant-date fair value of stock options vested was $1.4 million, $1.5 million and $3.9 million during fiscal 2024, fiscal 2023 and fiscal 2022, respectively. The total intrinsic value of options exercised was $157.8 million, $56.5 million and $230.1 million, during fiscal 2024, fiscal 2023 and fiscal 2022, respectively.
We estimate the fair value of stock options using the Black-Scholes option pricing model with the following assumptions:
Year Ended July 31
20242023
Expected term (in years)6.06.1
Expected stock price volatility59.5%58.2%
Risk-free interest rate4.2%3.9%
Dividend yield0.0%0.0%
129

Table of Contents
The expected term was estimated using the simplified method. The expected volatility was determined using a weighted-average of the historical volatility of our common stock and peer volatility. Peer volatility was calculated as the average of historical volatilities of selected industry peers corresponding to the expected term of the awards. The risk-free interest rate is based on the U.S. Treasury yield curve in effect at the time of grant for the expected term of the stock-based award. Our expected dividend yield is zero, as we have not and do not currently intend to declare dividends in the foreseeable future.
Restricted Stock Units and Performance Stock Awards
The 2018 Plan allows for the grant of RSUs and PSAs. Generally, RSUs are subject to a four-year vesting period.
The right to earn PSAs is subject to the achievement of the defined and approved performance metrics and continuous employment service. The performance metrics are defined and approved by the compensation committee of our board of directors or by our senior management for certain types of awards. Generally, earned PSAs are subject to additional time-based vesting.
As of July 31, 2024, outstanding PSAs for which their performance metrics have not been defined and/or approved were not material. As of July 31, 2024, these awards are not considered granted for accounting purposes and accordingly, have been excluded from the table below.
The activity of RSUs and PSAs consisted of the following for fiscal 2024:
Underlying SharesWeighted-Average Grant Date Fair ValueAggregate
Intrinsic Value
(in thousands, except per share data)
Balance as of July 31, 20239,351 $139.95$1,499,714 
Granted6,018 $181.24
Vested(3,624)$136.82$684,393 
Canceled or forfeited(1,931)$160.35
Balance as of July 31, 20249,814 $162.41$1,760,079 
The aggregate fair value, as of the respective vesting dates, of RSUs and PSAs vested was $684.4 million, $462.3 million and $694.9 million, during fiscal 2024, fiscal 2023 and fiscal 2022, respectively.
Employee Stock Purchase Plan
In fiscal 2018, we adopted the Fiscal Year 2018 Employee Stock Purchase Plan (the "ESPP"). Through July 31, 2024, a total of 10.3 million shares of common stock have been reserved for issuance under the ESPP, out of which 6.3 million shares were available for future grant as of July 31, 2024. The number of shares reserved includes an annual increase on the first day of each fiscal year pursuant to the ESPP's automatic annual increase provision. The ESPP provides for consecutive offering periods that will typically have a duration of approximately 24 months in length and are comprised of four purchase periods of approximately six months in length. The offering periods are scheduled to start on the first trading day on or after June 15 and December 15 of each year. The ESPP contains a reset provision under which the offering period resets if the fair market value of our common stock on the purchase date is less than the fair market value on the first day of the offering period. During fiscal 2024, fiscal 2023 and fiscal 2022, employees purchased under the ESPP approximately 0.5 million, 0.4 million and 0.3 million shares of common stock, respectively, at an average purchase price of $106.46, $99.59 and $108.61, respectively, with cash proceeds of $52.0 million, $42.3 million and $34.6 million, respectively.
ESPP employee payroll contributions accrued as of July 31, 2024 and 2023, were $8.8 million and $7.4 million, respectively, and are included within accrued compensation in the consolidated balance sheets. Payroll contributions accrued
130

Table of Contents
as of July 31, 2024 will be used to purchase shares at the end of the current ESPP purchase period ending on December 16, 2024. Payroll contributions ultimately used to purchase shares are reclassified to stockholders' equity on the purchase date.
In June 2024, one outstanding ESPP offering period was reset and automatically rolled over into a new ESPP offering period that started on June 17, 2024. The reset was accounted for as a modification, which resulted in an incremental stock-based compensation of $2.7 million, which will be recognized over the remaining term of the modified ESPP offering period of 18 months. In December 2022, certain outstanding ESPP offering periods were reset and automatically rolled over into a new ESPP offering period that started on December 15, 2022. The reset was accounted for as a modification, which resulted in an incremental stock-based compensation of $8.3 million, which has been recognized over the remaining term of the modified ESPP offering periods, ranging from approximately 6 months to 18 months.
The fair value of the purchase rights offered under the ESPP was estimated on the grant date using the Black-Scholes option-pricing model with the following assumptions:
Year Ended July 31,
202420232022
Expected term (in years)
0.5 - 2.0
0.5 - 2.0
0.5 - 2.0
Expected stock price volatility
 42.5% - 64.8%
58.1% - 75.9%
44.1% - 79.4%
Risk-free interest rate
 4.4% - 5.4%
4.2% - 5.3%
0.1% - 3.2%
Dividend yield
0.0%
0.0%
0.0%
The expected term represents the term from the first day of the offering period to the purchase dates within each offering period. The expected volatility was based on the historical volatility of our common stock. The risk-free interest rate is based on the U.S. Treasury yield curve in effect at the time of grant for the expected term of the stock-based award. Our expected dividend yield is zero, as we have not and do not currently intend to declare dividends in the foreseeable future.
Departure of the Chief Operating Officer of the Company
In February 2024, our Chief Operating Officer, who led sales activities, resigned from his position at the Company. In connection with his resignation, we recognized a reversal of stock-based compensation expense of $11.7 million associated with the cancellation of unvested incentive equity awards, which was recognized in sales and marketing expenses in the consolidated statement of operations in fiscal 2024.
Departure of the President of the Company
In October 2022, our President, who led research and development activities, resigned from his position as President of the Company, but continued to serve as a member of our Board of Directors through January 2024. In connection with his resignation as President of the Company, we recognized a reversal of stock-based compensation expense of $9.9 million associated with the cancellation of unvested incentive equity awards, which was recognized in research and development expenses in the consolidated statement of operations in fiscal 2023.
Modification of Equity Incentive Awards
During fiscal 2023, we modified the equity incentive awards of certain employees. In accordance with the accounting for the modification, we recognized stock-based compensation expense of $6.0 million in research and development expenses and $1.3 million in sales and marketing expenses, respectively, in the consolidated statement of operations in fiscal 2023. The stock-based compensation expense from modified equity incentive awards in fiscal 2024 and fiscal 2022 was not material.
131

Table of Contents
Stock-based Compensation Expense
The components of stock-based compensation expense recognized in the consolidated statements of operations consisted of the following:
Year Ended July 31,
202420232022
(in thousands)
Cost of revenue
$50,820 $39,168 $23,847 
Sales and marketing
219,096 215,597 191,091 
Research and development
180,554 117,915 118,299 
General and administrative
77,206 71,118 76,325 
Restructuring and other charges
 1,036  
Total
$527,676 $444,834 $409,562 
As of July 31, 2024, the unrecognized stock-based compensation cost related to outstanding equity-based awards, including awards for which the service inception date has been met but the grant date has not been met, was $1,519.8 million, which we expect to be amortized over a weighted-average period of 2.8 years.
During fiscal 2024, fiscal 2023 and fiscal 2022, we capitalized stock-based compensation primarily associated with the development of software for internal-use of $27.2 million, $17.2 million and $11.5 million, respectively.
Note 14. Common Stock
Holders of our common stock are entitled to one vote for each share of common stock held and are not entitled to receive dividends unless declared by our board of directors.
Common Stock Reserved for Future Issuance
The following table summarizes our shares of common stock reserved for future issuance:
July 31, 2024
(in thousands)
Equity awards outstanding:
Stock options453 
Unvested RSUs8,805 
Committed unvested PSAs, based on the target number of shares 607 
Unvested PSAs1,009 
Share purchase rights committed under the ESPP514 
Equity awards available for future grants:
2018 Plan30,892 
ESPP6,255 
Stock reserved for settlement of the Notes7,626 
Total56,161 
132

Table of Contents
Note 15. Income Taxes
The following table sets forth the geographical breakdown of the income (loss) before the provision for income taxes:
Year ended July 31,
202420232022
(in thousands)
Domestic$(112,758)$(228,715)$(413,148)
International83,529 46,151 29,518 
Loss before provision for income taxes$(29,229)$(182,564)$(383,630)
The following table sets forth the components of the provision for income taxes:
Year ended July 31,
202420232022
Current:(in thousands)
Federal$203 $1,091 $ 
State1,337 3,890 399 
Foreign32,620 14,438 6,996 
Total current tax expense34,160 19,419 7,395 
Deferred:
Federal(4,526) (858)
State(693) (185)
Foreign(464)352 296 
Total deferred tax benefit (expense)(5,683)352 (747)
Total provision for income taxes$28,477 $19,771 $6,648 
During fiscal 2024, fiscal 2023 and fiscal 2022, we recognized tax benefits on total stock-based compensation expense of $23.0 million, $13.4 million and $1.4 million, respectively, which are reflected within the provision for income taxes in the consolidated statements of operations.
133

Table of Contents
The following table presents the reconciliation of the statutory federal income tax rate to our effective rate:
Year ended July 31,
202420232022
Tax at federal statutory rate21.0 %21.0 %21.0 %
State taxes(0.4)(2.1)(0.1)
Impact of foreign rate differential36.2 10.1 (0.4)
Stock-based compensation162.6 (0.8)17.6 
U.S. tax credits101.8 8.6 3.9 
Change in valuation allowance(471.3)(34.1)(43.6)
Withholding tax(12.5)(1.3)(0.2)
Waived deductions under Section 59A74.3 (11.8) 
Transaction costs(1.3)  
Meals and entertainment(7.0)(0.8)(0.2)
Other(0.8)0.3 0.3 
Effective tax rate(97.4)%(10.9)%(1.7)%
Our effective tax rate for fiscal 2024 differs from the U.S. statutory rate primarily due to a portion of our earnings that are taxed at different rates from the U.S. statutory rate, the benefit of stock compensation deductions, withholding taxes related to customer payments in certain foreign jurisdictions in which we conduct business, and the impact of the valuation allowance we maintain against our U.S. federal and state deferred tax assets. During fiscal 2024, we also effectuated certain tax planning actions which reduced the amount of waived deductions under Section 59A related to our fiscal 2023.
Our effective tax rate for fiscal 2023 differs from the U.S. statutory rate primarily due to a portion of our earnings that are taxed at different rates from the U.S. statutory rate, the effect of waived deductions under Section 59A, the benefit of stock compensation deductions, withholding taxes related to customer payments in certain foreign jurisdictions in which we conduct business, and the impact of the valuation allowance we maintain against our U.S. federal and state deferred tax assets.
Our effective tax rate for fiscal 2022 differs from the U.S. statutory rate primarily due to our foreign earnings that are taxed at different rates than the U.S. statutory rate, the benefit of stock compensation deductions, withholding taxes related to customer payments in certain foreign jurisdictions in which we conduct business, and the impact of the valuation allowance we maintain against our U.S. federal and state deferred tax assets.
During fiscal 2024 and 2022, we recognized an income tax benefit of $5.2 million and $1.0 million, respectively, as a result of a release in our valuation allowance on deferred tax assets due to deferred taxes recorded as part of the acquisition accounting of business combinations. During fiscal 2023, we did not recognize income tax benefits from business combinations. Refer to Note 6, Business Combinations, for further information.





134

Table of Contents
The following table presents the tax effects of temporary differences that give rise to significant portions of our deferred tax assets and liabilities:
July 31,
20242023
(in thousands)
Deferred tax assets:
Net operating losses carryovers$373,611 $401,261 
Deferred revenue181,654 122,326 
Research and development capitalization168,918 92,901 
Tax credits carryovers157,861 98,564 
Other100,930 75,641 
Gross deferred tax assets982,974 790,693 
Less: Valuation allowance(833,908)(671,381)
Total deferred tax assets$149,066 $119,312 
Deferred tax liabilities:
Intangible assets$(10,273)$(4,765)
Deferred contract acquisition costs (99,123)(86,805)
Property and equipment(9,929)(4,690)
Operating lease right-of-use assets(29,137)(22,403)
Total deferred tax liabilities$(148,462)$(118,663)
Net deferred tax assets$604 $649 
A deferred tax liability has not been recognized on the excess of the amount for financial reporting over the tax basis of investments in foreign subsidiaries that are indefinitely reinvested outside the U.S. Income taxes are generally incurred upon a repatriation of assets, a sale, or a liquidation of the subsidiary. The excess of the amount for financial reporting over the tax basis in the investments in foreign subsidiaries, as well as the unrecognized deferred tax liability, are not material for the periods presented.
The following table presents the change in the valuation allowance:
Year ended July 31,
202420232022
(in thousands)
Balance as of the beginning of the period$671,381 $553,916 $345,756 
Change during the period162,527 117,465 208,160 
Balance as of the end of the period$833,908 $671,381 $553,916 
The realization of deferred tax assets is dependent upon the generation of sufficient taxable income of the appropriate character in future periods. We regularly assess our ability to realize the deferred tax assets on a quarterly basis and we establish a valuation allowance if it is more-likely-than-not that some portion of the deferred tax assets will not be realized. We weigh all available positive and negative evidence, including our earnings history and results of recent operations, scheduled reversals of deferred tax liabilities, projected future taxable income, and tax planning strategies. Due to the weight of objectively verifiable negative evidence, including our history of losses, we believe that it is more likely than not that our U.S. federal and state deferred tax assets will not be realized as of July 31, 2024 and 2023. Accordingly, we have maintained
135

Table of Contents
a full valuation allowance against such deferred tax assets. Due to the weight of objectively verifiable negative evidence, our U.K. deferred tax assets are not more likely than not to be realized in the future and a full valuation allowance has been maintained as of July 31, 2024 and 2023.
The amount of the deferred tax asset considered realizable, however, could be adjusted if estimates of future taxable income during the carryforward period are reduced or increased or if objective negative evidence in the form of cumulative losses is no longer present and additional weight may be given to subjective evidence such as our projections for growth. In the event we determine that we will be able to realize all or part of our net deferred tax assets in the future, the valuation allowance against our deferred tax assets will be reversed in the period in which we make such determination. The release of a valuation allowance may cause greater volatility in the effective tax rate in the periods in which the valuation allowance is released. The valuation allowance against our U.S. federal, state and U.K. deferred tax assets increased by $162.5 million, $117.5 million and $208.2 million in fiscal 2024, fiscal 2023 and fiscal 2022, respectively. The increase in the valuation allowance in fiscal 2024, fiscal 2023 and fiscal 2022 was related to tax losses for which insufficient positive evidence exists to support their realizability.
As of July 31, 2024, we have net operating loss carryforwards for U.S. federal income tax purposes of $1,497.6 million, which are available to offset future federal taxable income. These net operating losses will carry forward indefinitely. As of July 31, 2024, we have net operating loss carryforwards for state income tax purposes of $630.8 million. Beginning in 2024, $554.9 million of state net operating losses will begin to expire at different periods. The remaining $75.9 million of state net operating losses will carry forward indefinitely. As of July 31, 2024, we had foreign net operating loss carryforward of $75.6 million, all of which will be carried forward indefinitely.
As of July 31, 2024, we also had U.S. federal, California and foreign research and development and other tax credit carryforwards of $133.4 million, $73.9 million and $1.9 million respectively. If not utilized, the federal research and development tax credit carryforwards will begin expiring at different periods beginning in 2033. Our California research and development tax credits may be carried forward indefinitely. Foreign tax credits will begin to expire in the fiscal year ending 2029.
Federal and state tax laws impose restrictions on the utilization of net operating loss carryforwards in the event of a change in our ownership as defined by the Internal Revenue Code, Sections 382. Under Section 382 of the Code, substantial changes in our ownership and the ownership of acquired companies may limit the amount of net operating loss carryforwards that are available to offset taxable income. The annual limitation would not automatically result in the loss of net operating loss carryforwards but may limit the amount available in any given future period.
We are subject to income taxes in the U.S. and various foreign jurisdictions. As of July 31, 2024, all years are open for examination and may become subject to examination in the future. Significant judgment is required in evaluating our tax positions and determining our income tax expense for the fiscal year. During the ordinary course of business, there are transactions and calculations for which the ultimate tax determination is uncertain. Our estimate of the potential outcome of any tax position is subject to management’s assessment of relevant risks, facts and circumstances existing at that time. These unrecognized tax benefits are established when we believe that certain positions might be challenged despite the belief that our tax return positions are fully supportable. We recognize interest and penalties associated with our unrecognized tax benefits as a component of our income tax expense. For the periods presented, we did not have material interest or penalties associated with the unrecognized tax benefits in the consolidated financial statements.
We had $63.9 million of gross unrecognized tax benefits as of July 31, 2024, of which $2.9 million would affect our effective tax rate if recognized. The remaining gross unrecognized tax benefits relate to income tax positions which, if recognized, would be in the form of additional deferred tax assets that would be offset by a valuation allowance. As of July 31, 2024, we do not believe that our estimates, as otherwise provided for, on such tax positions will significantly increase or
136

Table of Contents
decrease within the next twelve months. We recognize interest and penalties related to our unrecognized tax benefits within our provision for income taxes. The amount of interest and penalties accrued as of July 31, 2024 were insignificant.
The changes in our gross unrecognized tax benefits consisted of the following:
Amount
(in thousands)
Balance as of July 31, 2022$29,699 
Gross increase for tax positions of prior years1,653 
Gross (decrease) for tax positions of prior years 
Gross increase for tax positions of current year9,337 
Balance as of July 31, 202340,689 
Gross increase for tax positions of prior years6,960 
Gross (decrease) for tax positions of prior years(2,102)
Gross increase for tax positions of current year18,378 
Balance as of July 31, 2024$63,925 

Note 16. Net Loss Per Share
Basic net loss per share is computed by dividing the net loss by the weighted-average number of shares of common stock outstanding during the period, less shares subject to repurchase. The diluted net loss per share is computed by giving effect to all potential dilutive common stock equivalents outstanding for the period. For purposes of this calculation, our stock options, share purchase rights under the employee stock purchase plan, unvested RSUs, unvested PSAs, unvested common stock and shares related to the Notes are considered to be potential common stock equivalents.
The computation of basic and diluted net loss per share consisted of the following:
Year Ended July 31,
202420232022
(in thousands, except per share data)
Net loss$(57,706)$(202,335)$(390,278)
Weighted-average shares used in computing net loss per share, basic and diluted149,586 144,942 140,895 
Net loss per share, basic and diluted$(0.39)$(1.40)$(2.77)
Since we have reported net losses for all periods presented, we have excluded all potentially dilutive securities from the calculation of the diluted net loss per share as their effect is antidilutive and accordingly, the basic and diluted net loss per share is the same for all periods presented.
Prior to the adoption of ASU 2020-06, we calculated the potential dilutive effect of the Notes under the treasury stock method. As a result, only the amount by which the conversion value exceeded the aggregate principal amount of the Notes (the “conversion spread”) was considered in the diluted earnings per share computation. The conversion spread only had a dilutive impact on diluted net income per share when the average market price of our common stock for a given reporting period exceeded the initial conversion price of $150.80 per share for the Notes.
Upon the adoption of ASU 2020-06 on August 1, 2022, we calculated the potential dilutive effect of the Notes under the if-converted method. Under this method, diluted earnings per share are determined by assuming that all of the Notes were converted into shares of our common stock at the beginning of the reporting period.
137

Table of Contents
In connection with the issuance of the Notes, we entered into Capped Calls, which were not included for purposes of calculating the number of diluted shares outstanding, as their effect would have been anti-dilutive. The Capped Calls are expected to partially offset the potential dilution to our common stock upon any conversion of the Notes. We have not exercised any of the Capped Calls as of July 31, 2024.
The following table summarizes the outstanding potentially dilutive securities that were excluded from the computation of diluted net loss per share as their effect would be antidilutive:
July 31,
202420232022
(in thousands)
Unvested RSUs and shares of common stock9,198 8,442 6,769 
Stock options453 1,267 1,673 
Unvested PSAs (1)
1,009 1,012 832 
Share purchase rights under the ESPP514 1,119 850 
Notes (2)
7,626 7,626 7,626 
Total18,800 19,466 17,750 
(1) The number of unvested PSAs is estimated at 100% of the target number of shares granted and excludes unvested PSAs for which performance conditions have not been established as of July 31, 2024, as they are not considered outstanding for accounting purposes. For further information refer to Note 13, Stock-Based Compensation.
(2) The shares underlying the conversion option in the Notes were not considered in the calculation of diluted net loss per share for all the periods presented, as their effect would have been antidilutive. Based on the initial conversion price, the entire outstanding principal amount of the Notes as of July 31, 2024 would have been convertible into approximately 7.6 million shares of our common stock, which is reflected in the above table. As we expect to settle the principal amount of the Notes in cash, only the amount by which the conversion value exceeds the aggregate principal amount of the Notes (the "conversion spread") is considered in the diluted earnings per share computation under the treasury stock method. The conversion spread has a dilutive impact on diluted net income per share when the average market price of our common stock for a given reporting period exceeds the initial conversion price of $150.80 per share for the Notes. Conversion notices received through July 31, 2024, have not been material.
Note 17. Segment and Geographic Information
Our chief operating decision maker ("CODM") is our chief executive officer. We derive our revenue primarily from sales of subscription services to our cloud platform and related support services. Our CODM reviews financial information presented on a consolidated basis for the purposes of allocating resources and evaluating financial performance. Accordingly, we determined that we operate as one operating segment.
Our long-lived assets consist of property and equipment and operating lease right-of-use assets, which are summarized by geographic area as follows:
July 31,
20242023
(in thousands)
United States
$325,146 $213,611 
Rest of the world
147,735 99,415 
Total
$472,881 $313,026 
Refer to Note 2, Revenue Recognition for information on revenue by geography.
138

Table of Contents
Note 18. 401(k) Plan
We have a defined-contribution plan intended to qualify under Section 401 of the Internal Revenue Code (the "401(k) Plan"). We contract with a third-party provider to act as a custodian and trustee, and to process and maintain the records of participant data. We make matching contributions to the plan for our employees. Our matching contributions to the plan were not material for all the periods presented.
139

Table of Contents
Item 9. Changes in and Disagreements with Accountants on Accounting and Financial Disclosure
None.
Item 9A. Controls and Procedures
Evaluation of Disclosure Controls and Procedures
We maintain “disclosure controls and procedures,” as defined in Rule 13a–15(e) and Rule 15d–15(e) under the Exchange Act that are designed to provide reasonable assurance that information required to be disclosed by a company in the reports that it files or submits under the Exchange Act is recorded, processed, summarized and reported, within the time periods specified in the SEC’s rules and forms. Disclosure controls and procedures include, without limitation, controls and procedures designed to provide reasonable assurance that information required to be disclosed by a company in the reports that it files or submits under the Exchange Act is accumulated and communicated to our management, including our principal executive and principal financial officers, as appropriate to allow timely decisions regarding required disclosure.
Our management, with the participation of our Chief Executive Officer and our Chief Financial Officer, has evaluated the effectiveness of our disclosure controls and procedures as of July 31, 2024. Based on such evaluation, our Chief Executive Officer and Chief Financial Officer have concluded that, as of such date, our disclosure controls and procedures were effective at the reasonable assurance level.
Management's Report on Internal Control Over Financial Reporting
Our management is responsible for establishing and maintaining adequate “internal control over financial reporting,” as defined in Rule 13a-15(f) and Rule 15d-15(f) under the Exchange Act. Our management conducted an evaluation of the effectiveness of our internal control over financial reporting as of July 31, 2024 based on the criteria established in Internal Control - Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission.
Based on the results of its evaluation, management concluded that our internal control over financial reporting was effective as of July 31, 2024. The effectiveness of our internal control over financial reporting as of July 31, 2024 has been audited by PricewaterhouseCoopers LLP, an independent registered public accounting firm, as stated in its report which is included in Item 8 of this Form 10-K.
Management excluded Airgap, acquired on April 12, 2024, and Avalor, acquired on March 8, 2024, from its evaluation of internal control over financial reporting as of July 31, 2024. Airgap and Avalor are wholly-owned subsidiaries whose total assets and total revenues excluded from management’s assessment of internal controls over financial reporting collectively represent approximately 0.4% and 0.1%, respectively, of the related consolidated financial statement amounts as of and for the year ended July 31, 2024.
Changes in Internal Control Over Financial Reporting
There was no change in our internal control over financial reporting identified in connection with the evaluation required by Rule 13a-15(d) and 15d-15(d) of the Exchange Act that occurred during the fiscal quarter ended July 31, 2024 that has materially affected, or is reasonably likely to materially affect, our internal control over financial reporting.
Inherent Limitations on Effectiveness of Controls
Our management, including our Chief Executive Officer and Chief Financial Officer, believes that our disclosure controls and procedures and internal control over financial reporting are designed to provide reasonable assurance of achieving their objectives and are effective at the reasonable assurance level. However, our management does not expect that our disclosure controls and procedures or our internal control over financial reporting will prevent or detect all errors and all fraud. A control system, no matter how well conceived and operated, can provide only reasonable, not absolute, assurance
140


that the objectives of the control system are met. Further, the design of a control system must reflect the fact that there are resource constraints, and the benefits of controls must be considered relative to their costs. Because of the inherent limitations in all control systems, no evaluation of controls can provide absolute assurance that all control issues and instances of fraud, if any, have been detected. These inherent limitations include the realities that judgments in decision making can be faulty, and that breakdowns can occur because of a simple error or mistake. Additionally, controls can be circumvented by the individual acts of some persons, by collusion of two or more people or by management override of the controls. The design of any system of controls also is based in part upon certain assumptions about the likelihood of future events, and there can be no assurance that any design will succeed in achieving its stated goals under all potential future conditions; over time, controls may become inadequate because of changes in conditions, or the degree of compliance with policies or procedures may deteriorate. Because of the inherent limitations in a cost–effective control system, misstatements due to error or fraud may occur and not be detected.
Item 9B. Other Information
Securities Trading Plans of Directors and Executive Officers

During our last fiscal quarter, the following officers and directors, as defined in Rule 16a-1(f), adopted a “Rule 10b5-1 trading arrangement” as defined in Regulation S-K Item 408, as follows:

On June 29, 2024, Robert Schlossman, the Company’s chief legal officer and secretary, adopted a Rule 10b5-1 trading arrangement providing for the sale from time to time of an aggregate of (i) up to 24,793 shares of our common stock and (ii) up to 100% of the shares of our common stock issued upon the settlement of 30,987 outstanding RSUs and PSUs, less the number of shares sold to cover tax withholding obligations in connection with the vesting and settlement of such RSUs and PSUs. The trading arrangement is intended to satisfy the affirmative defense in Rule 10b5-1(c). The duration of the trading arrangement is until September 25, 2025, or earlier if all transactions under the trading arrangement are completed.

No other officers or directors, as defined in Rule 16a-1(f) adopted or terminated a “Rule 10b5-1 trading arrangement” as defined in Regulation S-K Item 408, during the last fiscal quarter.
Item 9C. Disclosure Regarding Foreign Jurisdictions that Prevent Inspections
Not Applicable.
141


PART III
Item 10. Directors, Executive Officers and Corporate Governance
The information required by this Item (other than the information set forth in the next paragraph) will be included in our definitive proxy statement for our 2024 annual meeting of stockholders, or the 2024 Proxy Statement, which will be filed with the SEC within 120 days after the end of our fiscal year ended July 31, 2024, and is incorporated herein by reference.
We have adopted a code of business conduct and ethics, or Code of Conduct, that applies to all of our employees, executive officers and directors. The full text of the Code of Conduct is available on our website at ir.zscaler.com. The nominating and corporate governance committee of our board of directors is responsible for overseeing the Code of Conduct and must approve any waivers of the Code of Conduct for employees, executive officers and directors. We expect that any amendments to the Code of Conduct, or any waivers of its requirements, will be disclosed on our website, as required by applicable law or the listing standards of The Nasdaq Global Market.
Item 11. Executive Compensation
The information required by this item is incorporated herein by reference to our 2024 Proxy Statement.
Item 12. Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters
The information required by this item is incorporated herein by reference to our 2024 Proxy Statement.
Item 13. Certain Relationships and Related Transactions, and Director Independence
The information required by this item is incorporated herein by reference to our 2024 Proxy Statement.
Item 14. Principal Accountant Fees and Services
The information required by this item is incorporated herein by reference to our 2024 Proxy Statement.
142


PART IV
Item 15. Exhibits, Financial Statement Schedule
(a)(1) Financial Statements
See Index to Financial Statements in Item 8 of this Annual Report on Form 10-K.
(a)(2) Financial Statement Schedule
All financial statement schedules have been omitted as the information is not required under the related instructions or is not applicable or because the information required is already included in the financial statements or the notes to those financial statements.
(a)(3) Exhibits
Incorporated by Reference
 
Exhibit
Number
 
 
Exhibit Description
FormFile No.ExhibitFiling DateFiled Herewith
3.110-Q001-384133.1June 7, 2018
3.28-K001-384133.1March 2, 2023
4.1S-1333-2230724.2February 16, 2018
4.210-K001-384134.3September 18, 2019
4.38-K001-384134.1June 25, 2020
4.48-K001-384134.1June 25, 2020
10.1S-1333-22307210.1February 16, 2018
10.2+10-K001-3841310.2September 18, 2019
10.3+S-1/A333-22307210.3March 13, 2018
10.4+S-1/A333-22307210.4March 5, 2018
10.5+S-1333-22307210.5February 16, 2018
10.6+S-1333-22307210.7February 16, 2018
10.7+S-1333-22307210.8February 16, 2018
10.8+S-1333-22307210.10February 16, 2018
10.9+S-1333-22307210.11February 16, 2018
10.10+S-1333-22307210.14February 16, 2018
10.11+S-1333-22307210.15February 16, 2018
10.12+S-1333-22307210.16February 16, 2018
10.13+S-1333-22307210.17February 16, 2018
10.14†10-Q001-3841310.1June 5, 2019
10.158-K001-3841310.1June 25, 2020
10.16+10-Q001-3841310.1December 12, 2023
143

Table of Contents
10.17+X
19.1X
21.1X
23.1X
24.1X
31.1X
31.2X
32.1*X
97.1+X
101.INSXBRL Instance DocumentX
101.SCHXBRL Taxonomy Extension Schema DocumentX
101.CALXBRL Taxonomy Extension Calculation Linkbase DocumentX
101.DEFXBRL Taxonomy Extension Definition Linkbase DocumentX
101.LABXBRL Taxonomy Extension Label Linkbase DocumentX
101.PREXBRL Taxonomy Extension Presentation Linkbase DocumentX
_______________________________________
+ Indicates management contract or compensatory plan or arrangement.
† Certain portions of this exhibit (indicated by "[***]") have been omitted as Registrant determined the omitted information (i) is not material and (ii) would be competitively harmful to Registrant if publicly disclosed.
* The certifications furnished in Exhibit 32.1 hereto are deemed to accompany this Annual Report on Form 10-K and will not be deemed “filed” for purposes of Section 18 of the Securities Exchange Act of 1934, as amended, except to the extent that the registrant specifically incorporates it by reference.
Item 16. Form 10-K Summary
None.
144


SIGNATURES
Pursuant to the requirements of Section 13 or 15(d) of the Securities Exchange Act of 1934, the Registrant has duly caused this report to be signed on its behalf by the undersigned, thereunto duly authorized.
Zscaler, Inc.
September 12, 2024/s/ Remo Canessa
Remo Canessa
Chief Financial Officer

145


POWER OF ATTORNEY
KNOW ALL PERSONS BY THESE PRESENTS, that each person whose signature appears below hereby constitutes and appoints Jagtar Chaudhry and Remo Canessa, and each of them, as his or her true and lawful attorney-in-fact and agent with full power of substitution, for him or her in any and all capacities, to sign any and all amendments to this report, and to file the same, with exhibits thereto and other documents in connection therewith, with the Securities and Exchange Commission, granting unto said attorney-in-fact, proxy, and agent full power and authority to do and perform each and every act and thing requisite and necessary to be done in connection therewith, as fully for all intents and purposes as he or she might or could do in person, hereby ratifying and confirming all that said attorney-in-fact, proxy and agent, or his substitute, may lawfully do or cause to be done by virtue hereof.
Pursuant to the requirements of the Securities Exchange Act of 1934, this report has been signed by the following persons on behalf of the registrant and in the capacities and on the dates indicated.
SignatureTitleDate
/s/ Jagtar ChaudhryChief Executive Officer and Chairman of the Board of Directors
(Principal Executive Officer)
September 12, 2024
Jagtar Chaudhry
/s/ Remo CanessaChief Financial Officer
(Principal Accounting and Financial Officer)
September 12, 2024
Remo Canessa
/s/ James BeerDirectorSeptember 12, 2024
James Beer
/s/ Karen BlasingDirectorSeptember 12, 2024
Karen Blasing
/s/ Andrew BrownDirectorSeptember 12, 2024
Andrew Brown
/s/ Scott DarlingDirectorSeptember 12, 2024
Scott Darling
/s/ Charles Giancarlo
DirectorSeptember 12, 2024
Charles Giancarlo
/s/ Eileen NaughtonDirectorSeptember 12, 2024
Eileen Naughton
/s/ David SchneiderDirectorSeptember 12, 2024
David Schneider

146
Document

Exhibit 10.17
9/10/2024    
Mike Rich
richcda@gmail.com
Dear Mike:
 
On behalf of Zscaler, Inc. (the “Company”), I am pleased to offer you employment with the Company in the position of CRO & President of Global Sales. You will work as an employee based in our San Jose HQ, and you will report to Jay Chaudhry. This Employment Agreement (the “Agreement”) sets forth the terms and conditions of your employment with the Company. Your employment with the Company is on a full-time basis, and as a result, you agree to devote all your business time and energies to your duties for the Company. 
Base Salary. As a full-time exempt employee, your starting annual base salary will be $450,000 USD, subject to applicable withholding and paid in accordance with the Company’s regular semi-monthly payroll process. You will not be eligible to receive any overtime pay. Any adjustments to your base salary rate will be determined by the Company in its sole discretion based upon your performance, the Company’s performance, and other relevant criteria. 
Annual Bonus. You will be eligible to participate in the Company’s annual discretionary bonus program, pursuant to which your annualized target bonus is 100% of base salary ($450,000) based upon the Company’s performance and your individual performance. The decision to award you an annual bonus, as well as the actual amount of any such bonus, will be determined by the Company in its sole discretion. Your participation will be prorated and effective on the first day of the following month after the date of hire. In order to earn an annual bonus, you must be employed by the Company in good standing and not under notice of termination for any reason on the bonus payment date (subject to local laws). Any bonuses earned by you will be subject to applicable tax withholding. 
Sign-On Bonus. The Company will provide you with a one-time start on bonus of $550,000 USD (subject to applicable tax withholdings) within 30 days of your employment. You agree to reimburse the Company the entire amount if you resign before completion of your first year.
Employee Benefits. You will be eligible to participate in the Company’s paid time off, group health insurance, and other benefit plans subject to the terms of those plans. A copy of the Company’s current Benefits Summary is available for your review. 
Equity Grant. In addition, upon commencement of your employment and approval from the Zscaler Board of Directors, or an authorized committee thereof, you will receive a grant of restricted stock units (RSUs), performance stock units (PSUs) and Stock Options (SOs). The terms of your equity grants are included in your equity letter. 
Termination of Employment and Compensation/Benefits Changes. Your employment with the Company is “at will,” and thus you or the Company may terminate our employment relationship at any time, with or without cause or notice. The Company reserves the right, in its sole discretion, to change your position, duties, compensation, and/or employee benefits at any time on a prospective basis. 



Termination in Connection with a Change of Control. Upon approval from the Zscaler Board of Directors, you will be permitted to participate in the Company’s Change of Control and Severance Policy (“COC Policy”) under which you will be eligible to receive certain severance payments and benefits in the event of your Qualifying Termination (as defined in the COC Policy). The benefits of the COC Policy will be substantially similar to those currently in effect for the Company’s other executive officers, but will also include an extension of the period of time in which you have to exercise your vested options to purchase Company common stock subject to the Option until the date that is twelve (12) months following your termination date, subject to earlier termination on a change in control (or similar transaction) pursuant to the terms of the equity plan under which the options are granted. Upon being designated participant in the COC Policy, you will be asked to sign a participation agreement that sets forth your rights under the COC Policy. 
Termination Unrelated to a Change in Control. In the event the Company terminates your employment hereunder without Cause (as defined in the COC Policy) or you resign for Good Reason (as defined in the COC Policy) prior to any Change in Control (as defined in the COC Policy) , then you shall be entitled to a severance payment equivalent to six (6) months of your base salary at the time of the cessation of your employment (“Severance Payment''), less withholdings and contingent upon your execution of a signing and not revoking a release of claims in a form substantially similar to release attached hereto as Exhibit B to the COC Policy, subject to such changes as required by law. Such release of claims must become effective and irrevocable no later than the sixtieth (60th) day following your actual termination date. The Severance Payment shall be payable in equal installments in accordance with Company’s normal payroll practices, commencing on the first regular pay date of the Company that occurs after the executed Severance and Release Agreement becomes legally effective; provided, however, the first payment shall include the cumulative amount of payments that would have been paid to you during the period of time between the cessation of your employment and the date such payments commence had such payments commenced immediately following the cessation of your employment. This Severance Payment is in addition to any obligations Company may have as to provision of COBRA coverage, payment of all benefits and compensation earned prior to the termination of your employment, and equity grants pursuant to your equity letter and Company’s Equity Incentive Plan. In the event of a Qualifying Termination (as defined in the COC Policy), no severance payments will be made under the terms of this paragraph.
Conditions of Employment. As a condition of your employment, you agree to execute the Company’s standard form of Confidentiality Agreement at the start of your employment. You further agree that at all times during your employment (and afterwards as applicable), you will be bound by, and will fully comply with, the Confidentiality Agreement. 
This offer of employment is contingent upon the successful completion (as determined by the Company) of any background or reference checks desired by the Company. Such background/reference checks may not be completed until after your employment start date. For purposes of federal immigration law, you will be required to provide to the Company documentary evidence of your identity and eligibility for employment in the United States. Such documentation must be provided to us within three business days following the start of your employment, or our employment relationship with you may be terminated. 
Complete Agreement/Modification. This Employment Agreement, along with any other agreements described herein, sets forth the terms and conditions of your employment with the Company, and supersedes any prior representations or agreements concerning your employment with the Company, whether written or oral. You acknowledge and agree that you are not relying on any statements or representations concerning the Company or your employment with the Company except those made in



this Agreement. This Agreement may not be modified or amended except by a written agreement signed by you and an authorized officer of the Company. 
Mike, we are excited about the prospect of having you join the Company and look forward to welcoming you as a colleague soon!
Sincerely, 
Zscaler, Inc. 

/s/ Jay Chaudhry
Jay Chaudhry
Chairman and CEO




I hereby agree to and accept employment with Zscaler, Inc. on the terms and conditions set forth in this Employment Agreement. 

/s/ Mike RichNovember 2, 2023
Mike RichDated

Anticipated Start Date: 11/1/2023
20 HOLGEAY, SAN JOSE, CA 95134 USA | WWW.ZSCALER.COM 
of their respective owners. 





9/10/2024
Mike Rich
richcda@gmail.com
Dear Mike: 
On behalf of Zscaler, Inc. (the “Company”), we are pleased to inform you of the following: 
Subject to the approval of the Zscaler Board of Directors (or an authorized committee thereof) and following your commencement of employment, you will be granted restricted stock units (RSUs), performance stock units (PSUs), and options to purchase Zscaler common stock under our 2018 equity Incentive Plan (the “Plan”)
RSU and PSU Grant 
RSU/PSU Equity Grants: $29,000,000 USD (the “Value”) 
New Hire RSU Grant 
$18,200,000 of the Value (the “New Hire RSU”) will be scheduled to vest over approximately a four‐year period: Six and one quarter percent (6.25%) of the New Hire RSU will vest on each Quarterly Vesting Date (as defined in the Plan or your equity award agreement) following your Hire Date, and six and one‐quarter percent (6.25%) of the New Hire RSU will vest on each Quarterly Vesting Date thereafter. 
 
Special RSU Grant
$3,000,000 of the Value (the “Special RSU”) will be scheduled to vest over approximately a two‐year period: Eighteen and three-quarter percent (18.75%) of the Special RSU will vest on each Quarterly Vesting Date (as defined in the Plan or your equity award agreement) following your Hire Date for the first year and six- and one-quarter percent (6.25%) of the Special RSU will vest on each Quarterly Vesting Date thereafter. 
 
New Hire PSU Grants 
$7,800,000 of the Value will be in the form of PSUs which will be subject to performance criteria with twenty five percent (25.00%) of the Value of PSU Grant achievable for each individual criteria. To the extent each individual performance criteria is achieved, earned PSUs will vest on the first Quarterly Vesting Date following the quarter in which the respective performance criteria is achieved, subject to you continuing to be employed by the Company through such Quarterly Vesting Date.
The number of RSUs and target PSUs will be determined by dividing the applicable portion of the Value by the average of the closing price of the Zscaler’s common stock on the Nasdaq Global Select Market for each of the trading days in the month in which your employment commences (the date your employment commences is referred to as your “Hire Date”), rounded up to the nearest whole share. 
Option Grant 
The Company will grant you a stock option to purchase 50,000 shares of the Company’s Common Stock (the “Option”). The Option will be subject to the terms and conditions of the Plan and your Stock Option Agreement entered into under the Plan, including vesting requirements. Subject to your continued employment with the Company, 25% of the shares subject to the Option shall vest on the one‐year



anniversary of your Hire Date, and 1/48th of the shares subject to the Option shall vest on the corresponding day of each month thereafter (or if there is no corresponding day in any such month, on the last day of such month), until all shares have vested. 
On any particular vesting date, RSUs, PSUs, or Options will vest only if you have remained in continuous service with the Company through that date. The grants will be subject to the terms of the Plan and your equity award agreements, which you will receive and be required to execute following the approval of your grants. Following one year of employment, you will be eligible to be considered for additional annual equity refresh grants.


I hereby agree to and accept employment with Zscaler, Inc. on the terms and conditions set forth in this Employment Agreement. 

/s/ Mike Rich November 2, 2023
Mike RichDated



Document


Exhibit 19.1





ZSCALER, INC.
INSIDER TRADING POLICY




INTRODUCTION
As a public company, one of our important ethical duties is to protect and properly use nonpublic information acquired during our service with Zscaler, Inc. (together with its subsidiaries, “Zscaler” or the “Company”). This Insider Trading Policy (the “Policy”) provides detailed information on these obligations. The rules relating to insider trading are complex, and a violation of insider trading laws can carry severe consequences, including but not limited to termination of your employment and criminal prosecution resulting in imprisonment. In furtherance of the Policy’s goals, the Company will not transact in its own securities except in compliance with securities laws.
This introduction provides high level guidance on certain required and prohibited activities. However, carefully review this entire Policy before completing any transaction involving Zscaler’s securities or the securities of any other company.
The following activities, among others, are prohibited under this Policy and may also be illegal:
Trading “on the basis” of material nonpublic information (which is information about Zscaler or any other company that could reasonably be expected to affect the market price of a security and has not been broadly disseminated to the public)
“Tipping” or providing material nonpublic information to another person who then trades based on such information. This includes providing trading advice or opinions on transactions
Making “short sales” of Zscaler securities (betting that the price of securities will decline)
Engaging in transactions involving publicly-traded options, such as puts and calls, and other derivative securities with respect to Zscaler’s securities
Placing “open orders” (such as limit orders or stop orders) with brokers which may remain outstanding for an extended period of time and, as a result, could be executed at a time when you are aware of material nonpublic information or otherwise not permitted to trade
Trading during Trading Blackout Periods, or during any special blackout periods applicable to you
Using Zscaler securities as collateral for loans if you are subject to any Trading Blackout Periods, subject to Section 16 of the Securities Exchange Act of 1934, as amended (“Section 16”) or on Zscaler’s schedule of Individuals Subject to Pre-Clearance Requirements (the “Pre-Clearance List”)
Holding Zscaler securities in margin accounts if you are subject to any Trading Blackout Periods, subject to Section 16 or on the Pre-Clearance List
Otherwise trading without pre-clearance if you are on the Pre-Clearance List
Any of the above actions will be deemed violations of this Policy and may result in severe consequences, including but not limited to termination of your employment and criminal prosecution resulting in imprisonment. Prosecutors pursue insider trading violations vigorously, even if the size of the transaction is small.



Even if a transaction is not listed above, you are ultimately responsible for ensuring that it otherwise complies with this Policy and applicable laws and regulations. You should use your best judgment at all times and consult with your personal legal and financial advisors, as needed. Share this policy with your broker or other financial advisor before engaging in any transactions involving Zscaler’s securities or the securities of any other company. Please seek assistance from the Zscaler Legal Department if you have any questions at all.

PART I
PREVENTING INSIDER TRADING AND YOUR OBLIGATIONS
1.Covered Persons
This Policy applies to all directors, officers, employees, consultants, contractors and other agents of the Company. References in this Policy to such persons, or to “you,” also include your immediate family members, members of your household and your economic dependents, along with any other individuals or entities whose transactions in securities you influence, direct or control (which may be, for example, a venture or other investment fund). You are responsible for making sure that these other individuals and entities comply with this Policy.
You are expected to comply with this Policy until such time as you are no longer affiliated with the Company and you no longer possess any material nonpublic information subject to this Policy, as described in Part II (Material Nonpublic Information). In addition, if you are subject to a trading blackout under this Policy at the time you cease to be affiliated with the Company, you are expected to abide by the applicable trading restrictions until at least the end of the relevant Trading Blackout Period.
2.Covered Activities
Except as discussed in Part III (Limited Exceptions), this Policy applies to all transactions involving the Company’s securities or other companies’ securities for which you possess material nonpublic information obtained in connection with your service with the Company. This Policy therefore applies to:
Transactions involving the securities of the Company, whether direct or indirect (including transactions made on your behalf by money managers), including purchases, sales and other transfers of common stock, options, warrants, preferred stock and debt securities (such as debentures, bonds and notes);
Transactions involving the securities of other companies about which you possess material nonpublic information obtained in the course of your service with the Company;
Arrangements that affect economic exposure to changes in the prices of these securities, such as transactions in derivative securities (e.g., exchange-traded put or call options), hedging transactions, short sales and certain decisions with respect to participation in benefit plans;
any disposition in the form of a gift of any securities of the Company;
any distribution to holders of interests in an entity if the entity is subject to this Policy
Any offers with respect to the transactions discussed above; and



Other unauthorized use or disclosure of nonpublic information.
There may be instances where you suffer financial harm or other hardship or are otherwise required to forego a planned transaction because of the restrictions imposed by this Policy. Personal financial emergency or other personal circumstances will not excuse a failure to comply with this Policy.
3.Insider Trading and Tipping
Insider Trading and Tipping. Directors, officers, employees and other individuals who possess material nonpublic information are prohibited from the following illegal activities, which are commonly referred to as “insider trading”:
Trading “on the basis” of material nonpublic information (i.e., as long as they are aware of such information). It is not a defense that the person did not “use” the material nonpublic information for purposes of the transaction.
Disclosing material nonpublic information directly or indirectly to others who then trade based on that information, or making recommendations or expressing opinions on transactions in securities while aware of material nonpublic information (sometimes referred to as “tipping”). Both the person who provides the information, recommendation or opinion and the person who trades based on it may be liable.
The U.S. Securities and Exchange Commission (the “SEC”) and the U.S. Department of Justice pursue insider trading violations vigorously. Cases involving trading through foreign accounts, trading by family members and friends and trading only a small number of shares have been successfully prosecuted. There are no exceptions from insider trading laws or this Policy based on the size of the transaction.
Controlling Person Liability. In addition, a company, as well as individual directors, officers and other supervisory personnel, may be subject to liability as “controlling persons” for failure to take appropriate steps to prevent insider trading by those under their supervision, influence or control.
4.Other Prohibited and Problematic Transactions
The types of transactions listed below may expose you and the Company to significant risks. Even if a transaction is not listed below, you are responsible for ensuring that it otherwise complies with the applicable provisions of this Policy, including insider trading and tipping prohibitions, the pre-clearance requirements and procedures applicable to you if you are on the Pre-Clearance List (“Pre-Clearance Requirements”), and Trading Blackout Periods.
Short Sales. You are prohibited from making short sales (i.e., the sale of a security that must be borrowed to make delivery) and “selling short against the box” (i.e., a sale with a delayed delivery) with respect to Company securities.
Transactions in Derivative Securities. You are prohibited from engaging in transactions in publicly-traded options, such as puts and calls, and other derivative securities with respect to the Company’s securities. This prohibition extends to any hedging or similar transaction designed to decrease the risks associated with holding Company securities. Stock options, stock appreciation rights and other securities issued pursuant to Company benefit plans or other compensatory arrangements with the Company are not subject to this prohibition. Among other reasons for this prohibition, the application of securities laws to derivatives transactions can be complex, and persons engaging in derivatives



transactions may subject themselves to an increased risk of violating SEC regulations and other applicable securities laws.
Using Company Securities as Collateral for Loans. If you are subject to (a) Pre-Clearance Requirements; (b) the reporting requirements and liability provisions of Section 16; or (c) Trading Blackout Periods under this Policy, you are prohibited from pledging Company securities as collateral for loans except to the extent you have made such arrangements prior to the Company’s adoption of this Policy. If you default on the loan, the lender may sell the pledged securities as collateral in a foreclosure sale. This sale, even though not initiated at your request, would be considered a sale for your benefit and, if made at a time when you are aware of material nonpublic information or otherwise are not permitted to trade Company securities, may result in violations of this Policy or securities laws. For these reasons, even if you are not prohibited from pledging Company securities as collateral for loans, you should exercise caution when doing so.
Holding Company Securities in Margin Accounts. If you are subject to (a) Pre-Clearance Requirements; (b) Section 16; or (c) Trading Blackout Periods under this Policy, you are prohibited from holding Company securities in margin accounts. Under typical margin arrangements, if you fail to meet a margin call, the broker may be entitled to sell securities held in the margin account without your consent. This sale, even though not initiated at your request, would be considered a sale for your benefit and, if made at a time when you are aware of material nonpublic information or otherwise are not permitted to trade Company securities, may result in violations of this Policy or securities laws. For these reasons, even if you are not prohibited from holding Company securities in margin accounts, you should exercise caution when doing so.
Placing Open Orders with Brokers. Except in accordance with an approved trading plan, as discussed in Part III (Limited Exceptions), you should exercise caution when placing open orders, such as limit orders or stop orders, with brokers, particularly where the order is likely to remain outstanding for an extended period of time. Open orders may result in the execution of a trade at a time when you are aware of material nonpublic information or otherwise are not permitted to trade in Company securities, which may result in violations of this Policy or securities laws. Additionally, if you are subject to Pre-Clearance Requirements or Trading Blackout Periods under this Policy, you should so inform any broker with whom you place any open order at the time it is placed.
5.Trading Blackout Periods
To limit the likelihood of trading at times when there is a significant risk of insider trading exposure, the Company has instituted Quarterly Blackout Periods and Pre-Clearance Trading Blackout Periods, together (the “Trading Blackout Periods”). The Company may also institute special trading blackout periods from time to time, or blackout periods that prevent directors and officers from trading in Company securities at a time when employees are prevented from trading Company securities in the Company’s 401(k) plan. Whether or not you are subject to blackout periods, you remain subject to the prohibitions on trading on the basis of material nonpublic information and any other applicable restrictions in this Policy. There are no unconditional “safe harbors” for trades made at particular times, and you should exercise good judgment at all times. Even when a trading window is open you may be restricted from trading if you possess material nonpublic information or are otherwise restricted by this Policy.
Quarterly Blackout Periods. Except as discussed in Part III (Limited Exceptions) and below with respect to Pre-Clearance Insiders (as defined in Section 6), all employees, consultants, contractors and other agents of the Company, are subject to and must refrain from conducting transactions involving the Company’s



securities during the Quarterly Blackout Periods. Quarterly Blackout Periods start at the beginning of the first day of each fiscal quarter and end at the start of the first trading day following the date the financial results for the previous fiscal quarter are publicly disclosed.
Pre-Clearance Blackout Periods. Except as discussed in Part III (Limited Exceptions), all Pre-Clearance Insiders including directors, executive officers, and any other individuals listed on the Pre-Clearance List are subject to and must refrain from conducting transactions involving the Company’s securities during Pre-Clearance Blackout Periods. Pre-Clearance Blackout Periods start at the beginning of the fifth trading day of the third month of each fiscal quarter (i.e. there will be four full trading days in the third month of each fiscal quarter) and end at the start of the third full trading day following the date the financial results for that fiscal quarter are publicly disclosed.
Special Blackout Periods. From time to time, the Company may also prohibit you from engaging in transactions involving the Company’s securities when, in the judgment of the Compliance Officer (as defined below), a trading blackout is warranted. The Company will generally impose special blackout periods when there are material developments known to the Company that have not yet been disclosed to the public. However, special blackout periods may be declared for any reason. The Company will notify those persons subject to a special blackout period. Each person who has been notified that they are subject to a special blackout period may not engage in any transaction involving the Company’s securities until instructed otherwise by the Compliance Officer, and should not disclose to others the fact of such suspension of trading.
Regulation BTR Blackouts. Directors and officers may also be subject to trading blackouts pursuant to Regulation Blackout Trading Restriction (“Regulation BTR”), under U.S. federal securities laws. In general, Regulation BTR prohibits any director or officer from engaging in certain transactions involving Company securities during periods when 401(k) plan participants are prevented from purchasing, selling or otherwise acquiring or transferring an interest in certain securities held in individual account plans. Any profits realized from a transaction that violates Regulation BTR are recoverable by the Company, regardless of the intentions of the director or officer effecting the transaction. In addition, individuals who engage in such transactions are subject to sanction by the SEC as well as potential criminal liability. The Company will notify directors and officers if they are subject to a blackout trading restriction under Regulation BTR. Failure to comply with an applicable trading blackout in accordance with Regulation BTR is a violation of law and this Policy.
6.Pre-Clearance of Trades by Executive Officers and Directors
Except as discussed in Part III (Limited Exceptions), directors and executive officers must refrain from engaging in any transaction involving the Company’s securities without first obtaining pre-clearance of the transaction from the Compliance Officer. The directors and executive officers together with certain other employees and agents of the Company that may have regular or special access to material nonpublic information, as determined by the Company, (the “Pre-Clearance Insiders”) must refrain from engaging in any transaction involving the Company’s securities without first obtaining pre-clearance of the transaction from the Compliance Officer. The Compliance Officer may not engage in a transaction involving the Company’s securities unless the Chief Executive Officer has pre-cleared the transaction. Individuals subject to pre-clearance requirements are listed on the Pre-Clearance List, which is maintained by the Company’s Legal Department. From time to time, the Company may identify other persons who should be subject to the pre-clearance requirements set forth above, and the Legal Department may update and revise the Pre-Clearance List as appropriate.
Pre-clearance of a trade, however, is not a defense to a claim of insider trading and does not excuse you from otherwise complying with insider trading laws or this Policy. Further, pre-clearance of a transaction does



not constitute an affirmation by the Company or the Compliance Officer that you are not in possession of material nonpublic information. The Compliance Officer is under no obligation to approve a transaction submitted for pre-clearance, and may determine not to permit the transaction.
7.Consequences for Violations
Civil and Criminal Penalties. Potential penalties for insider trading violations, tipping or controlling person liability include criminal and civil fines and penalties, imprisonment and other consequences.
Company Disciplinary Actions. If the Company has a reasonable basis to conclude that you have failed to comply with this Policy, you may be subject to disciplinary action, up to and including dismissal for cause, regardless of whether or not your actions result in a violation of law. It is not necessary for the Company to wait for the filing or conclusion of any civil or criminal action against you before taking disciplinary action. In addition, the Company may give stop transfer and other instructions to its transfer agent with respect to transactions that the Company considers to be in contravention of this Policy.
8.Personal Responsibility
The ultimate responsibility for complying with this Policy and applicable laws and regulations rests with you. You should use your best judgment at all times and consult with your personal legal and financial advisors, as needed. We advise you to seek assistance if you have any questions at all. The rules relating to insider trading can be complex, and a violation of insider trading laws can carry severe consequences.
You should be alert to possible violations and promptly report violations or suspected violations of this Policy to the Compliance Officer. If your situation requires that your identity be kept secret, your anonymity will be preserved to the greatest extent reasonably possible. If you wish to remain anonymous, send a letter addressed to the Chief Legal Officer at 120 Holger Way, San Jose, California 95134. If you make an anonymous report, please provide as much detail as possible, including any evidence that you believe may be relevant to the issue.
9.Compliance Officer
Please direct any questions, requests or reports as to any of the matters discussed in this Policy to the Chief Legal Officer or the Chief Financial Officer of the Company (each, a “Compliance Officer”). The Compliance Officer is generally responsible for the administration of this Policy. The Compliance Officer may select others to assist with the execution of his or her duties.
10.Additional Information
Delivery of Policy. This Policy will be delivered to all directors, officers, employees and agents of the Company when they commence service with the Company. In addition, this Policy (or a summary of this Policy) will be circulated periodically. Each director, officer, employee and agent of the Company is required to acknowledge that he or she understands, and agrees to comply with, this Policy.
Amendments. We are committed to continuously reviewing and updating our policies and procedures. The Company therefore reserves the right to amend, alter or terminate this Policy at any time and for any reason, subject to applicable law. A current copy of the Company’s policies regarding insider trading may be obtained by contacting the Compliance Officer.
* * *



Nothing in this Insider Trading Policy creates or implies an employment contract or term of employment. Employment at the Company is employment at-will. Employment at-will may be terminated with or without cause and with or without notice at any time by the employee or the Company. Nothing in this Insider Trading Policy shall limit the right to terminate employment at-will. No employee of the Company has any authority to enter into any agreement for employment for a specified period of time or to make any agreement or representation contrary to the Company’s policy of employment at-will. Only the Chief Executive Officer of the Company has the authority to make any such agreement, which must be in writing.
The policies in this Insider Trading Policy do not constitute a complete list of Company policies or a complete list of the types of conduct that can result in discipline, up to and including discharge.




PART II
MATERIAL NONPUBLIC INFORMATION: WHAT IT IS AND YOUR OBLIGATIONS
1.Definitions
“Material” Information. Information should be regarded as material if there is a substantial likelihood a reasonable investor would consider it important in deciding whether to buy, hold or sell securities or would view the information as significantly altering the total mix of information in the marketplace about the issuer of the security. Any information that could reasonably be expected to affect the market price of a security is likely to be material, regardless of whether it is positive or negative.
It is not possible to define all categories of “material” information. However, some examples of information that would often be regarded as material include information with respect to:
Financial results, key metrics, financial condition, earnings pre-announcements, guidance, projections or forecasts, particularly if inconsistent with the Company’s guidance or the expectations of the investment community;
Restatements of financial results, or material impairments, write-offs or restructurings;
Changes in independent auditors, or notification that the Company may no longer rely on an audit report;
Business plans or budgets;
Creation of significant financial obligations, or any significant default under or acceleration of any financial obligation;
Impending bankruptcy or financial liquidity problems;
Significant developments involving business relationships, including execution, modification or termination of significant agreements or orders with customers, suppliers, distributors, manufacturers or other business partners;
Significant information relating to the operation of a product or service, such as new products or services, major modifications or performance issues, defects or recalls, significant pricing changes or other announcements of a significant nature;
Significant developments in research and development or relating to intellectual property;
Significant legal or regulatory developments, whether positive or negative, actual or threatened, including litigation or resolving litigation;
Major events involving the Company’s securities, including calls of securities for redemption, adoption of stock repurchase programs, option repricings, stock splits, changes in dividend policies, public or private securities offerings, modification to the rights of security holders or notice of delisting;



Significant corporate events, such as a pending or proposed merger, joint venture or tender offer, a significant investment, the acquisition or disposition of a significant business or asset or a change in control of the company;
Major personnel changes, such as changes in senior management or lay-offs;
Data breaches or other cybersecurity events;
Updates regarding any prior material disclosure that has materially changed;
The existence of a special blackout period; and
Significant disruptions in the Company’s operations or loss, potential loss, breach or unauthorized access of the Company’s property or assets, including the Company’s facilities and information technology infrastructure.
If you have any questions as to whether information should be considered “material,” you should consult with the Compliance Officer. In general, it is advisable to resolve any close questions as to the materiality of any information by assuming that the information is material.
“Nonpublic” Information. Generally, information is considered nonpublic if the information has not been broadly disseminated to the public for a sufficient period to be reflected in the price of the security. As a general rule, information should be considered nonpublic until at least two full trading days have elapsed after the information is broadly distributed to the public in a press release, a public filing with the SEC, a pre-announced public webcast or another broad, non-exclusionary form of public communication. However, depending upon the form of the announcement and the nature of the information, it is possible that information may not be fully absorbed by the marketplace until a later time. Any questions as to whether information is nonpublic should be directed to the Compliance Officer.
The term “trading day” means a day on which national stock exchanges and the National Association of Securities Dealers, Inc. Automated Quotation System are open for trading. A “full” trading day has elapsed when, after the public disclosure, trading in the relevant security has opened and then closed.
2.Confidentiality of Nonpublic Information
This Policy prohibits the unauthorized use or disclosure of nonpublic information relating to the Company or other companies, including the Company’s distributors, vendors, customers, collaborators, suppliers and competitors. All nonpublic information you acquire in the course of your service with the Company may only be used for legitimate Company business purposes. In addition, nonpublic information of others should be handled in accordance with the terms of any relevant nondisclosure agreements, and the use of any such nonpublic information should be limited to the purpose for which it was disclosed.
You must use all reasonable efforts to safeguard nonpublic information in the Company’s possession. You may not disclose nonpublic information about the Company or any other company, unless required by law, or unless (i) disclosure is required for legitimate Company business purposes, (ii) you are authorized to disclose the information and (iii) appropriate steps have been taken to prevent misuse of that information (including entering an appropriate nondisclosure agreement that restricts the disclosure and use of the information, if applicable). This restriction also applies to internal communications within the Company and to communications with agents of the Company. In cases where disclosing nonpublic information to third parties is required, you should coordinate with the Legal Department.



3.No Trading on Material Nonpublic Information
Except as discussed in in Part III (Limited Exceptions), you may not, directly or indirectly through others, engage in any transaction involving the Company’s securities while aware of material nonpublic information relating to the Company. It is not an excuse that you did not “use” the information in your transaction.
Similarly, you may not engage in transactions involving the securities of any other company if you are aware of material nonpublic information affecting that company, except to the extent the transactions are analogous to those described in Part III (Limited Exceptions). For example, you may be involved in a proposed transaction involving a prospective business relationship or transaction with another company. If information about that transaction constitutes material nonpublic information for that other company, you would be prohibited from engaging in transactions involving the securities of that other company (as well as transactions involving Company securities, if that information is material to the Company). Additionally, information need not directly involve a company to be considered material to it. For example, news of a merger between two companies may be material to an, otherwise uninvolved, third company in the same sector or industry. It is important to note that “materiality” is different for different companies. Information that is not material to the Company may be material to another company.
4.No Disclosing Material Nonpublic Information for the Benefit of Others
You may not disclose material nonpublic information concerning the Company or any other company to friends, family members or any other person or entity not authorized to receive such information where such person or entity may benefit by trading on the basis of such information. In addition, you may not make recommendations or express opinions on the basis of material nonpublic information as to trading in the securities of companies to which such information relates. You are prohibited from engaging in these actions whether or not you derive any profit or personal benefit from doing so. The prohibition against disclosure of material nonpublic information includes disclosure (even anonymous disclosure) via the internet, blogs, investor forums or chat rooms where companies and their prospects are discussed.
5.Obligation to Disclose Material Nonpublic Information to the Company
You may not enter into any transaction, whether or not it is described in Part III (Limited Exceptions), unless you have disclosed any material nonpublic information that you become aware of in the course of your service with the Company, and that senior management is not aware of, to the Compliance Officer. If you are a member of senior management, the information must be disclosed to the Chief Executive Officer, and if you are the Chief Executive Officer or a director, you must disclose the information to the Company’s board of directors (“Board of Directors”), before any transaction is permissible.
6.Responding to Outside Inquiries for Information
If you receive an inquiry from someone outside of the Company, such as a stock analyst, for information, you should refer the inquiry to the Chief Legal Officer, the Chief Financial Officer or the head of Investor Relations. The Company is required under Regulation FD (Fair Disclosure) of the U.S. federal securities laws to avoid the selective disclosure of material nonpublic information. In general, the regulation provides that when a public company discloses material nonpublic information, it must provide broad, non-exclusionary access to the information. Violations of this regulation can subject the Company to SEC enforcement actions, which may result in injunctions and severe monetary penalties. The Company has established procedures for releasing material information in a manner that is designed to achieve broad public dissemination of the information immediately upon its release in compliance with applicable law. Please consult the Company’s External Communications Policy for more details.



7.Protected Activity Not Prohibited
Nothing in this Policy, or any related guidelines or other documents or information provided in connection with this Policy, shall in any way limit or prohibit you from engaging in any of the protected activities set forth in the Company’s Whistleblower Policy, as amended from time to time.
PART III
LIMITED EXCEPTIONS TO THIS POLICY
The following are certain limited exceptions to the restrictions imposed by the Company under this Policy. Please be aware that even if a transaction is subject to an exception to this Policy, you will need to separately assess whether the transaction complies with applicable law (for example, “short-swing” trading restrictions under Section 16, to the extent applicable). You are responsible for complying with applicable law at all times.
1.Transactions Pursuant to a Trading Plan that Complies with SEC Rules
The SEC has enacted rules that provide an affirmative defense against alleged violations of U.S. federal insider trading laws for transactions pursuant to trading plans that meet certain requirements. In general, these rules, as set forth in Rule 10b5-1 under the Securities Exchange Act of 1934, as amended, provide for an affirmative defense if you enter into a contract, provide instructions or adopt a written plan for trading securities when you are not aware of material nonpublic information. The contract, instructions or plan must (i) specify the amount, price and date of the transaction, (ii) specify an objective method for determining the amount, price and date of the transaction and/or (iii) place any subsequent discretion for determining the amount, price and date of the transaction in another person who is not, at the time of the transaction, aware of material nonpublic information.
Transactions made pursuant to a written trading plan that (i) complies with the affirmative defense set forth in Rule 10b5-1 and (ii) is approved by the Compliance Officer are not subject to the restrictions in this Policy against trades made while aware of material nonpublic information or to the pre-clearance procedures or blackout periods established under this Policy. In approving a trading plan, the Compliance Officer may, in furtherance of the objectives expressed in this Policy, impose criteria in addition to those set forth in Rule 10b5-1. You should therefore confer with the Compliance Officer prior to entering into any trading plan.
The SEC rules regarding trading plans are complex and must be complied with completely to be effective. The description provided above is only a summary, and the Company strongly advises that you consult with your legal advisor if you intend to adopt a trading plan. While trading plans are subject to review and approval by the Company, the individual adopting the trading plan is ultimately responsible for compliance with Rule 10b5-1 and ensuring that the trading plan complies with this Policy.
The Company will determine which individuals may use trading plans. Trading plans must (1) be filed with the Compliance Officer, (2) comply with the requirements set forth in the policy entitled “Requirements for Trading Plans,” as established by the Company and as may be updated from time to time, and (3) be accompanied with an executed certificate stating that the trading plan complies with Rule 10b5-1 and any other criteria established by the Company. If a Compliance Officer is the requester, then the Company’s Chief Executive Officer or another Compliance Officer must approve the written 10b5-1 trading plan. The Company may publicly disclose information regarding trading plans.



2.Receipt and Vesting of Stock Options, Restricted Stock, Restricted Stock Units and Stock Appreciation Rights
The trading restrictions under this Policy do not apply to the acceptance or purchase of stock options, restricted stock, restricted stock units or stock appreciation rights issued or offered by the Company. The trading restrictions under this Policy also do not apply to the vesting, cancellation or forfeiture of stock options, restricted stock, restricted stock units or stock appreciation rights in accordance with applicable plans and agreements.
3.Exercise of Stock Options for Cash; Net Share Withholding
The trading restrictions under this Policy do not apply to the exercise of stock options for cash under the Company’s stock option plans. Likewise, the trading restrictions under this Policy do not apply to the exercise of stock options in a stock-for-stock exercise with the Company or an election to have the Company withhold securities to cover tax obligations in connection with an option exercise (x) as required by either the Company’s board of directors (or a committee thereof) or the award agreement governing such equity award or (y) as you elect, if permitted by the Company, so long as that election is irrevocable and made in writing at a time when a trading blackout is not in place and the individual is not in possession of material nonpublic information. However, the trading restrictions under this Policy do apply to (i) the sale of any securities issued upon the exercise of a stock option, (ii) a cashless exercise of a stock option through a broker, since this involves selling a portion of the underlying shares to cover the costs of exercise, and (iii) any other market sale for the purpose of generating the cash needed to pay the exercise price of an option.
4.Purchases from the Employee Stock Purchase Plan
The trading restrictions in this Policy do not apply to elections with respect to participation in the Company’s employee stock purchase plan or to purchases of securities under the plan. However, the trading restrictions do apply to any subsequent sales of any such securities.
5.Certain 401(k) Plan Transactions
The trading restrictions in this Policy do not apply to purchases of Company stock in the 401(k) plan resulting from periodic contributions to the plan based on your payroll contribution election. The trading restrictions do apply, however, to elections you make under the 401(k) plan to (i) increase or decrease the amount of your contributions under the 401(k) plan, if such increase or decrease will increase or decrease the amount of your contributions that will be allocated to a Company stock fund (ii) increase or decrease the percentage of your contributions that will be allocated to a Company stock fund, (iii) move balances into or out of a Company stock fund, (iv) borrow money against your 401(k) plan account if the loan will result in liquidation of some or all of your Company stock fund balance, and (v) pre-pay a plan loan if the pre-payment will result in the allocation of loan proceeds to a Company stock fund.
6.Certain Transfers by Will and for Tax Planning Purposes
The trading restrictions in this Policy do not apply to transfers by will or the laws of descent or distribution and, provided that prior written notice is provided to the Compliance Officer, distributions or transfers (such as certain tax planning or estate planning transfers) that effect only a change in the form of beneficial interest without changing your pecuniary interest in the Company’s securities.




7.Other Exceptions
Stock splits, stock dividends and similar transactions. The trading restrictions under this Policy do not apply to a change in the number of securities held as a result of a stock split or stock dividend applying equally to all securities of a class, or similar transactions.
Change in form of ownership. Transactions that involve merely a change in the form in which you own securities are permissible. For example, you may transfer shares to an inter vivos trust of which you are the sole beneficiary during your lifetime.
Other. Any other exception from this Policy must be approved by the Compliance Officer, in consultation with the Board of Directors or an independent committee of the Board of Directors.




PART IV
COMPLIANCE WITH SECTION 16
OF THE SECURITIES EXCHANGE ACT
1.Obligations Under Section 16
Section 16 and the related rules and regulations set forth (i) reporting obligations, (ii) limitations on “short-swing” transactions and (iii) limitations on short sales and other transactions applicable to directors, officers, large shareholders and certain other persons. The Company has provided, or will provide, memoranda and other materials addressing these matters.
The Company has determined that those persons listed on the schedule of Individuals Subject to Section 16 Reporting and Liability Provisions (“Section 16 Schedule”) are required to comply with Section 16 and the related rules and regulations because of their positions with the Company. The Compliance Officer may amend the Section 16 Schedule from time to time as appropriate to reflect the election of new officers or directors, any change in the responsibilities of officers or other employees and any promotions, demotions, resignations or departures.
The Section 16 Schedule is not necessarily an exhaustive list of persons subject to Section 16 requirements at any given time. Even if you are not listed on the Section 16 Schedule, you may be subject to Section 16 reporting obligations because of, for example, your shareholdings.
2.Notification Requirements to Facilitate Section 16 Reporting
To facilitate timely reporting of transactions pursuant to Section 16 requirements, each person subject to Section 16 reporting requirements must provide, or must ensure that his or her broker provides, the Company with detailed information (e.g., trade date, number of shares, exact price, etc.) regarding his or her transactions involving the Company’s securities, including gifts, transfers, pledges and transactions pursuant to a trading plan, both prior to (to confirm compliance with pre-clearance procedures, if applicable) and promptly following execution.
3.Personal Responsibility Under Section 16
The obligation to file Section 16 reports, and to otherwise comply with Section 16, is personal. The Company is not responsible for the failure to comply with Section 16 requirements.




Document

Exhibit 21.1
SUBSIDIARIES OF ZSCALER, INC.

Name of SubsidiaryJurisdiction of Incorporation
Airgap Networks Inc.United States
Airgap Networks India Private LimitedIndia
Avalor Technologies LTDIsrael
Securelyshare Software Private LimitedIndia
Smokescreen Technologies Private LimitedIndia
Zscaler Softech India Private LimitedIndia
ZSC Holdings LimitedUnited States
ZSC Holdings UK LimitedUnited Kingdom
Zscaler Australia PTY LTDAustralia
Zscaler Canada, Inc.Canada
Zscaler Costa Rica S.A.Costa Rica
Zscaler France SARLFrance
Zscaler Germany GmbHGermany
Zscaler Israel LTDIsrael
Zscaler K.K.Japan
Zscaler Netherlands B.V.Netherlands
Zscaler Spain S.L.Spain
Zscaler Switzerland GmbHSwitzerland
Zscaler UK LTDUnited Kingdom
Zscaler US Government Solutions, LLCUnited States

Document

Exhibit 23.1
CONSENT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM
We hereby consent to the incorporation by reference in the Registration Statements on Form S-8 (Nos. 333-274512, 333-267439, 333-259587, 333-248870, 333-233831, 333-227323, and 333-223740) of Zscaler, Inc. of our report dated September 12, 2024 relating to the financial statements and the effectiveness of internal control over financial reporting, which appears in this Form 10-K.

/s/ PricewaterhouseCoopers LLP

San Jose, California
September 12, 2024

Document

Exhibit 31.1
CERTIFICATION OF PRINCIPAL EXECUTIVE OFFICER
PURSUANT TO
EXCHANGE ACT RULES 13a-14(a) AND 15d-14(a),
AS ADOPTED PURSUANT TO
SECTION 302 OF THE SARBANES-OXLEY ACT OF 2002
I, Jagtar Chaudhry, certify that:
1. I have reviewed this Annual Report on Form 10-K of Zscaler, Inc.;
2. Based on my knowledge, this report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this report;
3. Based on my knowledge, the financial statements, and other financial information included in this report, fairly present in all material respects the financial condition, results of operations and cash flows of the registrant as of, and for, the periods presented in this report;
4. The registrant's other certifying officer(s) and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in Exchange Act Rules 13a-15(e) and 15d-15(e)) and internal control over financial reporting (as defined in Exchange Act Rules 13a-15(f) and 15d-15(f)) for the registrant and have:
(a) Designed such disclosure controls and procedures, or caused such disclosure controls and procedures to be designed under our supervision, to ensure that material information relating to the registrant, including its consolidated subsidiaries, is made known to us by others within those entities, particularly during the period in which this report is being prepared;
(b) Designed such internal control over financial reporting, or caused such internal control over financial reporting to be designed under our supervision, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles;
(c) Evaluated the effectiveness of the registrant's disclosure controls and procedures and presented in this report our conclusions about the effectiveness of the disclosure controls and procedures, as of the end of the period covered by this report based on such evaluation; and
(d) Disclosed in this report any change in the registrant's internal control over financial reporting that occurred during the registrant's most recent fiscal quarter (the registrant's fourth fiscal quarter in the case of an annual report) that has materially affected, or is reasonably likely to materially affect, the registrant's internal control over financial reporting; and
5. The registrant's other certifying officer(s) and I have disclosed, based on our most recent evaluation of internal control over financial reporting, to the registrant's auditors and the audit committee of the registrant's board of directors (or persons performing the equivalent functions):
(a) All significant deficiencies and material weaknesses in the design or operation of internal control over financial reporting which are reasonably likely to adversely affect the registrant's ability to record, process, summarize and report financial information; and
(b) Any fraud, whether or not material, that involves management or other employees who have a significant role in the registrant's internal control over financial reporting.
Date: September 12, 2024
ZSCALER, INC.
By:/s/ Jagtar Chaudhry
Name:Jagtar Chaudhry
Title:
Chief Executive Officer
(Principal Executive Officer)


Document

Exhibit 31.2
CERTIFICATION OF PRINCIPAL FINANCIAL OFFICER
PURSUANT TO
EXCHANGE ACT RULES 13a-14(a) AND 15d-14(a),
AS ADOPTED PURSUANT TO
SECTION 302 OF THE SARBANES-OXLEY ACT OF 2002
I, Remo Canessa, certify that:
1. I have reviewed this Annual Report on Form 10-K of Zscaler, Inc.;
2. Based on my knowledge, this report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this report;
3. Based on my knowledge, the financial statements, and other financial information included in this report, fairly present in all material respects the financial condition, results of operations and cash flows of the registrant as of, and for, the periods presented in this report;
4. The registrant's other certifying officer(s) and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in Exchange Act Rules 13a-15(e) and 15d-15(e)) and internal control over financial reporting (as defined in Exchange Act Rules 13a-15(f) and 15d-15(f)) for the registrant and have:
(a) Designed such disclosure controls and procedures, or caused such disclosure controls and procedures to be designed under our supervision, to ensure that material information relating to the registrant, including its consolidated subsidiaries, is made known to us by others within those entities, particularly during the period in which this report is being prepared;
(b) Designed such internal control over financial reporting, or caused such internal control over financial reporting to be designed under our supervision, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles;
(c) Evaluated the effectiveness of the registrant's disclosure controls and procedures and presented in this report our conclusions about the effectiveness of the disclosure controls and procedures, as of the end of the period covered by this report based on such evaluation; and
(d) Disclosed in this report any change in the registrant's internal control over financial reporting that occurred during the registrant's most recent fiscal quarter (the registrant's fourth fiscal quarter in the case of an annual report) that has materially affected, or is reasonably likely to materially affect, the registrant's internal control over financial reporting; and
5. The registrant's other certifying officer(s) and I have disclosed, based on our most recent evaluation of internal control over financial reporting, to the registrant's auditors and the audit committee of the registrant's board of directors (or persons performing the equivalent functions):
(a) All significant deficiencies and material weaknesses in the design or operation of internal control over financial reporting which are reasonably likely to adversely affect the registrant's ability to record, process, summarize and report financial information; and
(b) Any fraud, whether or not material, that involves management or other employees who have a significant role in the registrant's internal control over financial reporting.
Date: September 12, 2024
ZSCALER, INC.
By:/s/ Remo Canessa
Name:Remo Canessa
Title:
Chief Financial Officer
(Principal Financial Officer)


Document

Exhibit 32.1
CERTIFICATIONS OF PRINCIPAL EXECUTIVE OFFICER AND PRINCIPAL FINANCIAL OFFICER
PURSUANT TO
18 U.S.C. SECTION 1350,
AS ADOPTED PURSUANT TO
SECTION 906 OF THE SARBANES-OXLEY ACT OF 2002

I, Jagtar Chaudhry, certify, pursuant to 18 U.S.C. Section 1350, as adopted pursuant to Section 906 of the Sarbanes-Oxley Act of 2002, that the Annual Report on Form 10-K of Zscaler, Inc. for the fiscal year ended July 31, 2024 fully complies with the requirements of Section 13(a) or Section 15(d) of the Securities Exchange Act of 1934 and that information contained in such Annual Report on Form 10-K fairly presents, in all material respects, the financial condition and results of operations of Zscaler, Inc.
Date:
September 12, 2024
By:
/s/ Jagtar Chaudhry
Name:
Jagtar Chaudhry
Title:
Chief Executive Officer
(Principal Executive Officer)

I, Remo Canessa, certify, pursuant to 18 U.S.C. Section 1350, as adopted pursuant to Section 906 of the Sarbanes-Oxley Act of 2002, that the Annual Report on Form 10-K of Zscaler, Inc. for the fiscal year ended July 31, 2024 fully complies with the requirements of Section 13(a) or Section 15(d) of the Securities Exchange Act of 1934 and that information contained in such Annual Report on Form 10-K fairly presents, in all material respects, the financial condition and results of operations of Zscaler, Inc.

Date:
September 12, 2024
By:
/s/ Remo Canessa
Name:
Remo Canessa
Title:
Chief Financial Officer
(Principal Financial Officer)


Document

Exhibit 97.1
ZSCALER, INC.
COMPENSATION RECOVERY POLICY
Zscaler, Inc. (the “Company”) is committed to strong corporate governance. As part of this commitment, the Compensation Committee (the “Committee”) of the Company’s Board of Directors (the “Board”) has adopted this clawback policy called the Compensation Recovery Policy (the “Policy”). The Policy is intended to further the Company’s pay-for-performance philosophy and to comply with applicable law by providing rules related to the reasonably prompt recovery of certain compensation received by Covered Executives in the event of an Accounting Restatement. The application of the Policy to Covered Executives is not discretionary, except to the limited extent provided below, and applies without regard to whether a Covered Executive was at fault. Capitalized terms used in the Policy are defined herein, and the definitions have substantive impact on its application so reviewing them carefully is important to your understanding.
The Policy is intended to comply with, and will be interpreted in a manner consistent with, Section 10D of the Securities Exchange Act of 1934 (the “Exchange Act”), with Exchange Act Rule 10D-1 and with the listing standards of the national securities exchange (the “Exchange”) on which the securities of the Company are listed.
Persons Covered by the Policy
The Policy is binding and enforceable against all “Covered Executives”, which means each individual who is or was ever designated as an “officer” by the Board in accordance with Exchange Act Rule 16a-1(f) (a “Section 16 Officer”). Each Covered Executive will be required to sign and return to the Company an acknowledgement that such Covered Executive will be bound by the terms and comply with the Policy. The failure to obtain such acknowledgement will have no impact on the applicability or enforceability of the Policy.
Administration of the Policy
The Committee has full delegated authority to administer the Policy. The Committee is authorized to interpret and construe the Policy and to make all determinations necessary, appropriate, or advisable for the administration of the Policy. In addition, if determined in the future in the discretion of the Board, the Policy may be administered by the independent members of the Board or another committee of the Board made up of independent members of the Board, in which case all references to the Committee will be deemed to refer to the independent members of the Board or the other Board committee. All determinations of the Committee will be final and binding and will be given the maximum deference permitted by law.
Accounting Restatements Requiring Application of the Policy
If the Company is required to prepare an accounting restatement due to the material noncompliance of the Company with any financial reporting requirement under the securities laws, including any required accounting restatement to correct an error in previously issued financial statements that is material to the previously issued financial statements, or that would result in a material misstatement if the error were corrected in the current period or left uncorrected in the current period (an “Accounting Restatement”), then the Committee must determine the Excess Compensation, if any, that must be recovered. The Company’s obligation to recover Excess Compensation is not dependent on if or when restated financial statements are filed.



Compensation Covered by the Policy
The Policy applies to certain Incentive-Based Compensation that is Received on or after October 2, 2023 (the “Effective Date”), during the Covered Period while the Company has a class of securities listed on a national securities exchange. Incentive-Based Compensation is considered “Clawback Eligible Incentive-Based Compensation” if the Incentive-Based Compensation is Received by a person after such person became a Section 16 Officer and the person served as a Section 16 Officer at any time during the performance period for the Incentive-Based Compensation. The “Excess Compensation” that must be recovered is the amount of Clawback Eligible Incentive-Based Compensation that exceeds the amount of Clawback Eligible Incentive-Based Compensation that otherwise would have been Received had such Clawback Eligible Incentive-Based Compensation been determined based on the restated amounts. Excess Compensation must be computed without regard to any taxes paid and is referred to in the listings standards as “erroneously awarded incentive-based compensation”.
To determine the amount of Excess Compensation for Incentive-Based Compensation based on stock price or total shareholder return, where it is not subject to mathematical recalculation directly from the information in an Accounting Restatement, the amount must be based on a reasonable estimate of the effect of the Accounting Restatement on the stock price or total shareholder return upon which the Incentive-Based Compensation was Received and the Company must maintain documentation of the determination of that reasonable estimate and provide that documentation to the Exchange.
Incentive-Based Compensation” means any compensation that is granted, earned, or vested based wholly or in part upon the attainment of a Financial Reporting Measure. For the avoidance of doubt, no compensation that is potentially subject to recovery under the Policy will be earned until the Company’s right to recover under the Policy has lapsed. The following items of compensation are not Incentive-Based Compensation under the Policy: salaries, bonuses paid solely at the discretion of the Committee or Board that are not paid from a bonus pool that is determined by satisfying a Financial Reporting Measure, bonuses paid solely upon satisfying one or more subjective standards and/or completion of a specified employment period, non-equity incentive plan awards earned solely upon satisfying one or more strategic measures or operational measures, and equity awards for which the grant is not contingent upon achieving any Financial Reporting Measure performance goal and vesting is contingent solely upon completion of a specified employment period (e.g., time-based vesting equity awards) and/or attaining one or more non-Financial Reporting Measures.
Financial Reporting Measures” are measures that are determined and presented in accordance with the accounting principles used in preparing the Company’s financial statements, and any measures that are derived wholly or in part from such measures. Stock price and total shareholder return are also Financial Reporting Measures. A Financial Reporting Measure need not be presented within the financial statements or included in a filing with the Securities and Exchange Commission.
Incentive-Based Compensation is “Received” under the Policy in the Company’s fiscal period during which the Financial Reporting Measure specified in the Incentive-Based Compensation award is attained, even if the payment, vesting, settlement or grant of the Incentive-Based Compensation occurs after the end of that period. For the avoidance of doubt, the Policy does not apply to Incentive-Based Compensation for which the Financial Reporting Measure is attained prior to the Effective Date.
Covered Period” means the three completed fiscal years immediately preceding the Accounting Restatement Determination Date. In addition, Covered Period can include certain transition periods resulting from a change in the Company’s fiscal year.
Accounting Restatement Determination Date” means the earliest to occur of: (a) the date the Board, a committee of the Board, or one or more of the officers of the Company authorized to take such action if Board action is not required, concludes, or reasonably should have concluded, that the Company is required to prepare
-2-


an Accounting Restatement; and (b) the date a court, regulator, or other legally authorized body directs the Company to prepare an Accounting Restatement.
Repayment of Excess Compensation
The Company must recover Excess Compensation reasonably promptly and Covered Executives are required to repay Excess Compensation to the Company. Subject to applicable law, the Company may recover Excess Compensation by requiring the Covered Executive to repay such amount to the Company by direct payment to the Company or such other means or combination of means as the Committee determines to be appropriate (these determinations do not need to be identical as to each Covered Executive). These means may include:
(a)requiring reimbursement of cash Incentive-Based Compensation previously paid;
(b)seeking recovery of any gain realized on the vesting, exercise, settlement, sale, transfer, or other disposition of any equity-based awards, without regard to whether such awards are Incentive-Based Compensation;
(c)offsetting the amount to be recovered from any unpaid or future compensation to be paid by the Company or any affiliate of the Company to the Covered Executive, including payments of severance that might otherwise be due in connection with an Executive Officer’s termination of employment and without regard to whether such amounts are Incentive-Based Compensation;
(d)cancelling outstanding vested or unvested equity awards, without regard to whether such awards are Incentive-Based Compensation; and/or
(e)taking any other remedial and recovery action permitted by law, as determined by the Committee.
The repayment of Excess Compensation must be made by a Covered Executive notwithstanding any Covered Executive’s belief (whether or not legitimate) that the Excess Compensation had been previously earned under applicable law and therefore is not subject to clawback.
In addition to its rights to recovery under the Policy, the Company or any affiliate of the Company may take any legal actions it determines appropriate to enforce a Covered Executive’s obligations to the Company or to discipline a Covered Executive. Failure of a Covered Executive to comply with their obligations under the Policy could lead to (without limitation) termination of that Executive Officer’s employment for cause for failure to comply with a Company policy, institution of civil proceedings, reporting of misconduct to appropriate governmental authorities, reduction of future compensation opportunities or change in role. The decision to take any actions described in the preceding sentence will not be subject to the approval of the Committee and can be made by the Board, any committee of the Board, or any duly authorized officer of the Company or of any applicable affiliate of the Company. For avoidance of doubt, any of the Company determinations to discipline or terminate the employment of a Covered Executive are independent of determinations under this Policy. For example, if an Covered Officer was involved in activities that led to an Accounting Restatement, the Company’s decision as to whether to not to terminate such Covered Executive’s employment would be made under its employment arrangements with such Covered Executive and the requirement to apply this no-fault and non-discretionary clawback policy should bear no weight on whether any such termination was or was not a termination for cause (other than in a circumstance where the termination of employment was due to the Covered Executive’s failure to comply with their obligations under the Policy).
-3-


Limited Exceptions to the Policy
The Company must recover the Excess Compensation in accordance with the Policy except to the limited extent that the conditions set forth below are met, and the Committee determines that recovery of the Excess Compensation would be impracticable:
(a)The direct expense paid to a third party to assist in enforcing the Policy would exceed the amount to be recovered. Before reaching this conclusion, the Company must make a reasonable attempt to recover such Excess Compensation, document such reasonable attempt(s) to recover, and provide that documentation to the Exchange; or
(b)Recovery would likely cause an otherwise tax-qualified retirement plan, under which benefits are broadly available to employees of the Company, to fail to meet the legal requirements as such.
Other Important Information in the Policy
The Policy is in addition to the requirements of Section 304 of the Sarbanes-Oxley Act of 2002 that are applicable to the Company’s Chief Executive Officer and Chief Financial Officer, as well as any other applicable laws, regulatory requirements, rules, or pursuant to the terms of any existing Company policy or agreement providing for the recovery of compensation.
Notwithstanding the terms of any of the Company’s organizational documents (including, but not limited to, the Company’s bylaws), any corporate policy or any contract (including, but not limited to, any indemnification agreement), neither the Company nor any affiliate of the Company will indemnify or provide advancement for any Covered Executive against any loss of Excess Compensation. Neither the Company nor any affiliate of the Company will pay for or reimburse insurance premiums for an insurance policy that covers potential recovery obligations. In the event that the Company is required to recover Excess Compensation pursuant to the Policy from a Covered Executive who is no longer an employee pursuant to the Policy, the Company will be entitled to seek recovery in order to comply with applicable law, regardless of the terms of any release of claims or separation agreement that individual may have signed.
The Committee or Board may review and modify the Policy from time to time.
If any provision of the Policy or the application of any such provision to any Covered Executive is adjudicated to be invalid, illegal or unenforceable in any respect, such invalidity, illegality or unenforceability will not affect any other provisions of the Policy or the application of such provision to another Covered Executive, and the invalid, illegal or unenforceable provisions will be deemed amended to the minimum extent necessary to render any such provision or application enforceable.
The Policy will terminate and no longer be enforceable when the Company ceases to be listed issuer within the meaning of Section 10D of the Exchange Act.
-4-


ACKNOWLEDGEMENT
I acknowledge that I have received and read the Compensation Recovery Policy (the “Policy”) of Zscaler, Inc. (the “Company”).
I understand and acknowledge that the Policy applies to me, and all of my beneficiaries, heirs, executors, administrators or other legal representatives and that the Company’s right to recovery in order to comply with applicable law will apply, regardless of the terms of any release of claims or separation agreement I have signed or will sign in the future.
I agree to be bound by and to comply with the Policy and understand that determinations of the Committee (as such term is used in the Policy) will be final and binding and will be given the maximum deference permitted by law.
I understand and agree that my current indemnification rights, whether in an individual agreement or the Company’s organizational documents, exclude the right to be indemnified for amounts required to be recovered under the Policy.
I understand that my failure to comply in all respects with the Policy is a basis for termination of my employment with the Company and any affiliate of the Company as well as any other appropriate discipline.
I understand that neither the Policy, nor the application of the Policy to me, gives rise to a resignation for good reason (or similar concept) by me under any applicable employment agreement or arrangement.
I acknowledge that if I have questions concerning the meaning or application of the Policy, it is my responsibility to seek guidance from the Chief People Officer or my own personal advisers.
I acknowledge that neither this Acknowledgement nor the Policy is meant to constitute an employment contract.
Please review, sign and return this form to People and Culture.
Covered Executive
    
(print name)
    
(signature)
    
(date)