Item 1A. Risk Factors

This report contains forward-looking statements that involve risks and uncertainties, such as statements of our objectives, expectations and intentions. The cautionary statements made in this report are applicable to all forward-looking statements wherever they appear in this report. Our actual results could differ materially from those discussed herein. In addition to the risks discussed in “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” our business is subject to the risks set forth below.

We operate in a rapidly changing environment that involves certain risks and uncertainties, some of which are beyond our control. The risks described below are not the only risks we face. Additional risks and uncertainties not currently known to us or that we currently deem to be immaterial may also materially adversely affect our business, financial condition and/or operating results.

Risk Factors Related to our Business

We have incurred significant net losses since inception and expect to continue to incur operating losses for the foreseeable future. We may never achieve or sustain profitability, which would depress the market price of our common stock and could cause you to lose all or a part of your investment.

We incurred net loss of approximately $(2.0) million for the year ended September 30, 2024. Since our inception in 2000 and through fiscal 2019, in fiscal 2021, fiscal 2023 and fiscal 2024, we have incurred net losses, and may do so again. As of September 30, 2024, we had an accumulated deficit of approximately $92 million. Our prior losses have had an adverse effect on our stockholders’ equity and working capital. Because of the numerous risks and uncertainties associated with our business, we are unable to predict the extent of any future losses or when we may become profitable. If we do become profitable, we may not be able to sustain or increase our profitability on a quarterly or annual basis.

We may require additional financing to execute our business plan and further expand our operations.

We may require additional funding to further expand our operations. We depend on financing sources, either debt or equity, or a combination thereof, which may not be available to us in a timely basis if at all, or on terms acceptable to us. Further, our ability to obtain financing may be limited by rules of the Nasdaq Capital Market.

If we fail to obtain acceptable funding when needed, we may not have sufficient resources to fund our operations, and this would have a material adverse effect on our business.

A reduction in our license renewal rate could reduce our revenue.

Our customers have no obligation to renew their subscription licenses, and some customers have elected or may elect not to do so. Our license renewal rates may decline or fluctuate as a result of a number of factors, including customer dissatisfaction with our products and services, our failure to update our products to maintain their attractiveness in the market, or constraints or changes in budget priorities faced by our customers. A decline in license renewal rates could cause our revenue to decline, which would have a material adverse effect on our operations.

We may become dependent upon a concentration of major customers, and a failure to renew our licenses with such customers could reduce our revenue.

We have previously and may from time to time derive a significant portion of our revenues from a relatively concentrated number of customers. Considering a reduction in our license renewal rate could reduce our revenue, these consequences could be exacerbated if we are dependent upon several major customers and any one of them were to elect not to renew.

The length of our sales cycle can alternate markedly, which could result in significant fluctuations in the recognition of license revenues from quarter to quarter.

The decision by a customer to purchase our products often involves the development of a complex implementation plan across a customer’s business. This process often requires a significant commitment of resources both by prospective customers and us. Given the significant investment and commitment of resources required in order to implement our software, it may take several months, or even several quarters, for marketing opportunities to materialize. If a customer’s decision to purchase our products is delayed, or if the installation of our products takes longer than originally anticipated, the date on which we may recognize revenue from these sales would be delayed. Such delays and fluctuations could cause our revenue to be lower than expected in a particular period, and we may not be able to adjust our costs quickly enough to offset such lower revenue, potentially negatively impacting our results of operations.

We depend on a third-party cloud platform provider to host our Bridgeline SaaS environment and managed services business and if we were to experience a disruption or interference in service, our business and reputation could suffer.

We host our SaaS and managed hosting customers via a third-party, Amazon Web Services. If upon renewal date our third-party provider does not provide commercially reasonable terms, we may be required to transfer our services to a new provider, such as a data center facility, and we may incur significant equipment costs and possible service interruption in connection with doing so. Service interruptions might reduce our revenue, cause us to issue credits or refunds to customers, subject us to potential liability, or harm our renewal rates. Interference from unauthorized access to or tampering with these systems, including those resulting from cyber-attacks, could result in a variety of consequences, including devaluation of our intellectual property, goodwill, increased expenditures on data security and litigation, and can have a material adverse effect on our business, revenues, reputation, operating results and financial condition.

Artificial Intelligence is an emerging area of technology that has and may further impact various aspects of our business operations and customer interactions, we may not be successful in our artificial intelligence initiatives, which could adversely affect our business, financial condition and/or operating results.

We have made, and expect to continue making investments in the integration of AI into our platforms, products, and services. However, AI presents various risks, challenges, and potential unintended consequences that could disrupt our ability to effectively integrate and leverage these technologies. The process of refining and expanding our AI-driven offerings may involve significant costs, and there can be no assurance that our efforts will ultimately succeed.

The complexity of AI systems, coupled with rapidly evolving competition in the AI space, introduces significant uncertainty about our ability to successfully integrate and commercialize these technologies. Competitors may develop more effective or efficient AI solutions, potentially undermining our competitive position. Additionally, the regulatory environment surrounding AI is still in development, and new laws or regulations could emerge that require substantial adjustments to our business practices. These changes could impose unexpected costs or operational disruptions, and the full scope and impact of such regulatory developments remain uncertain.

Furthermore, we rely on third-party vendors that incorporate AI in the products and services they provide to us. As a result, we may not have full visibility or control over the quality, security, performance, or compliance of AI-powered solutions sourced externally. There is also a risk that the underlying algorithms used by us or our vendors may be flawed, or trained on incomplete or biased datasets, leading to inaccuracies, inefficiencies, or other negative consequences. AI technologies also carry the risk of generating content that is factually incorrect, offensive, or infringing on third-party intellectual property rights. Any of these factors, whether related to internal AI development, third-party dependencies, or regulatory changes, could have a material adverse effect on our business, financial performance, and operations.

If our security measures or those of our third-party cloud computing platform provider are breached and unauthorized access is obtained to a customer’s data, our services may be perceived as not being secure, and we may incur significant legal and financial exposure and liabilities.

Security breaches could expose us to a risk of loss of our customers’ information, litigation and possible liability. While we have security measures in place, they may be breached as a result of third-party action, including intentional misconduct by computer hackers and cybercriminals, employee error, malfeasance or otherwise and result in someone obtaining unauthorized access to our IT systems, our customers’ data or our data, including our intellectual property and other confidential business information. Because the techniques used to obtain unauthorized access, or to sabotage systems, change frequently and generally are not recognized until launched against a target, we may be unable to implement adequate preventative measures. In addition, our customers may authorize third-party technology providers to access their customer data, and some of our customers may not have adequate security measures in place to protect their data that is stored on our services. Because we do not control our customers or third-party technology providers, or the processing of such data by third-party technology providers, we cannot ensure the integrity or security of such transmissions or processing. Malicious third parties may also conduct cyber-attacks designed to temporarily deny customers access to our services. Any security breach could result in a loss of confidence in the security of our services, damage our reputation, negatively impact our future sales, disrupt our business and lead to legal liability.

We rely on encryption and authentication technology from third parties to provide the security and authentication to effectively secure transmission of confidential information, including consumer payment card numbers. Such technology may not be sufficient to protect the transmission of such confidential information or these technologies may have material defects that may compromise the confidentiality or integrity of the transmitted data. Any imposition of liability, particularly liability that is not covered by insurance, or is in excess of insurance coverage, could harm our reputation, business and operating results. We might be required to expend significant capital and other resources to protect further against security breaches or to rectify problems caused by any security breach, which, in turn, could divert funds available for corporate growth and expansion or future acquisitions.

Our operating lease commitments may adversely affect our financial condition and cash flows from operations.

We have contractual commitments in operating lease arrangements. Our ability to meet our expenses and contractual commitments will depend on our future performance, which will be affected by financial, business, economic, regulatory and other factors. We will not be able to control many of these factors, such as economic conditions and governmental regulations. Further, our operations may not generate sufficient cash to enable us to service our working capital needs or contractual obligations resulting from our leases. If we are at any time unable to generate sufficient cash flows from operations, we may be required to obtain additional sources of financing. There can be no assurance that we would be able to successfully renegotiate such terms, or that additional financing could be obtained on terms that are favorable or acceptable to us. Refer to the Risk Factor - We may require additional financing to execute our business plan and further expand our operations, for a description of capital raising activities.

We face intense and growing competition, which could result in price reductions, reduced operating margins and loss of market share.

We operate in a highly competitive marketplace and generally encounter intense competition to create and maintain demand for our services and to obtain service contracts. If we are unable to successfully compete for new business and license renewals, our revenue growth and operating margins may decline. The market for our platforms and web development services are competitive and rapidly changing. Barriers to entry in such markets are relatively low. Competitors and partners are investing in artificial intelligence. With the introduction of new technologies and market entrants, we expect competition to intensify in the future. Some of our principal competitors offer their products at a lower price, which may result in pricing pressures. Such pricing pressures and increased competition generally could result in reduced sales, reduced margins or the failure of our product and service offerings to achieve or maintain more widespread market acceptance.

The marketplace is highly fragmented with a large number of competitors and potential competitors. Our competitors include companies such as Algolia, Bloomreach, Coveo, Searchspring, SEMrush, Sitecore and Yext. We face competition from customers and potential customers who develop their own applications internally. We also face competition from potential competitors that are substantially larger than we are and who have significantly greater financial, technical and marketing resources, and established direct and indirect channels of distribution. As a result, they are able to devote greater resources to the development, promotion and sale of their products than we can.

If our products fail to perform properly due to undetected errors or similar problems, our business could suffer, and we could face product liability exposure.

We develop and sell complex web engagement software which may contain undetected errors or bugs. Such errors can be detected at any point in a product’s life cycle but are frequently found after introduction of new software or enhancements to existing software. We continually introduce new products and new versions of our products. Despite internal testing and testing by current and potential customers, our current and future products may contain serious defects. If we detect any errors before we ship a product, we might have to delay product shipment for an extended period of time while we address the problem. We might not discover software errors that affect our new or current products or enhancements until after they are deployed, and we may need to provide enhancements to correct such errors. Therefore, it is possible that, despite our testing, errors may occur in our software. These errors could result in the following:

Furthermore, our customers may use our software together with products from other companies. As a result, when problems occur, it might be difficult to identify the source of the problem. Even when our software does not cause these problems, the existence of these errors might cause us to incur significant costs, divert the attention of our technical personnel from our product development efforts, impact our reputation, or cause significant customer relations problems.

Technology and customer requirements evolve rapidly in our industry, and if we do not continue to develop new products and enhance our existing products in response to these changes, our business could suffer.

We will need to continue to enhance our products in order to maintain our competitive position. We may not be successful in developing and marketing enhancements to our products on a timely basis, and any enhancements we develop may not adequately address the changing needs of the marketplace. Overlaying the risks associated with our existing products and enhancements are ongoing technological developments and rapid changes in customer requirements. Our future success will depend upon our ability to develop and introduce, in a timely manner, new products that take advantage of technological advances and respond to new customer requirements. The development of new products is increasingly complex and uncertain, which increases the risk of delays. We may not be successful in developing new products and incorporating new technology on a timely basis, and any new products may not adequately address the changing needs of the marketplace. Failure to develop new products and product enhancements that meet market needs in a timely manner could have a material adverse effect on our business, financial condition and operating results.

If we are unable to protect our proprietary technology and other intellectual property rights, our ability to compete in the marketplace may be substantially reduced.

If we are unable to protect our intellectual property, our competitors could use our intellectual property to market products similar to our products, which could decrease demand for such products, thus decreasing our revenue. We rely on a combination of copyright, trademark and trade secret laws, as well as licensing agreements, third-party non-disclosure agreements and other contractual measures to protect our intellectual property rights. These protections may not be adequate to prevent our competitors from copying or reverse engineering our products. Our competitors may independently develop technologies that are substantially similar or superior to our technology. To protect our trade secrets and other proprietary information, we require employees, consultants, advisors and collaborators to enter into confidentiality agreements. These agreements may not provide meaningful protection for our trade secrets, know-how or other proprietary information in the event of any unauthorized use, misappropriation or disclosure of such trade secrets, know-how or other proprietary information. The protective mechanisms we include in our products may not be sufficient to prevent unauthorized copying. Existing copyright laws afford only limited protection for our intellectual property rights and may not protect such rights in the event competitors independently develop similar products. In addition, the laws of some countries in which our products are or may be licensed do not protect our products and intellectual property rights to the same extent as do the laws of the United States.

Policing unauthorized use of our products is difficult and litigation could become necessary in the future to enforce our intellectual property rights. Any litigation could be time consuming and expensive to prosecute or resolve, result in substantial diversion of management attention and resources, and materially harm our business or financial condition.

If a third party asserts that we infringe upon its proprietary rights, we could be required to redesign our products, pay significant royalties or enter into license agreements.

Claims of infringement are becoming increasingly common as the software industry continues to develop and as related legal protections, including but not limited to patents, are applied to software products. Although we do not believe that our products infringe on the rights of third parties, a third party may assert that our technology or technologies of entities we acquire violates its intellectual property rights. As the number of software products in our markets increases, and the functionality of these products further overlap, we believe that infringement claims will become more common. Any claims against us, regardless of their merit, could:

We believe that any successful challenge to our use of a trademark or domain name could substantially diminish our ability to conduct business in a particular market or jurisdiction and thus decrease our revenue and result in possible losses to our business.

Increasing government regulation could affect our business and may adversely affect our financial condition.

We are subject not only to regulations applicable to businesses generally, but also to laws and regulations directly applicable to electronic commerce. In addition, an inability to satisfy the standards of certain voluntary third-party certification bodies that our customers may expect, such as an attestation of compliance with the Payment Card Industry (“PCI”) Data Security Standards, may have an adverse impact on our business and results. Further, there are various statutes, regulations, and rulings relevant to the direct email marketing and text-messaging industries, including the Telephone Consumer Protection Act (“TCPA”), the CAN-SPAM Act and related Federal Communication Commission (“FCC”) orders. The interpretation of many of these statutes, regulations, and rulings is evolving in the courts and administrative agencies and an inability to comply may have an adverse impact on our business and results. If in the future we are unable to achieve or maintain industry-specific certifications or other requirements or standards relevant to our customers, it may harm our business and adversely affect our results.

We may also expand our business in countries that have more stringent data protection laws than those in the United States, and such laws may be inconsistent across jurisdictions and are subject to evolving and differing interpretations. In particular, the European Union has passed the General Data Protection Regulation (“GDPR”), which came into force on May 25, 2018. The GDPR includes more stringent operational requirements for entities that receive or process personal data (as compared to U.S. privacy laws and previous EU laws), along with significant penalties for non-compliance, more robust obligations on data processors and data controllers, greater rights for data subjects, and heavier documentation requirements for data protection compliance programs. Additionally, both laws regulating privacy and third-party products purporting to address privacy concerns could negatively affect the functionality of, and demand for, our products and services, thereby reducing our revenue.

General Risk Factors

Our revenue and quarterly results may fluctuate, which could adversely affect our stock price.

We have experienced, and may in the future experience, significant fluctuations in our quarterly operating results that may be caused by many factors. These factors include, among others:

If we are unable to manage our future growth efficiently, our business, liquidity, revenues and profitability may suffer.

We anticipate that continued expansion of our core business will require us to address potential market opportunities. For example, we may need to expand the size of our research and development, sales, corporate finance or operations staff. There can be no assurance that our infrastructure will be sufficiently flexible and adaptable to manage our projected growth or that we will have sufficient resources, human or otherwise, to sustain such growth. If we are unable to adequately address these additional demands on our resources, our profitability and growth might suffer. Also, if we continue to expand our operations, management might not be effective in expanding our physical facilities and our systems, and our procedures or controls might not be adequate to support such expansion. Our inability to manage our growth could harm our business and decrease our revenues.

There may be a limited market for our common stock, which may make it more difficult for you to sell your stock and which may reduce the market price of our common stock.

The average shares traded per day in fiscal 2024 was approximately 41,000 shares per day compared to approximately 56,000 for fiscal 2023, and 286,000 for fiscal 2022. Our average trading volume of our common stock can be very sporadic and may impair the ability of holders of our common stock to sell their shares at the time they wish to sell them or at a price that they consider reasonable. A low trading volume may also reduce the fair market value of the shares of our common stock. Accordingly, there can be no assurance that the price of our common stock will reflect our actual value. There can be no assurance that the daily trading volume of our common stock will increase or improve.

The market price of our common stock is volatile, which could adversely affect your investment in our common stock.

The market price of our common stock is volatile and could fluctuate significantly for many reasons, including, without limitation: as a result of the risk factors listed in this Annual Report on Form 10-K; actual or anticipated fluctuations in our operating results; and general economic and industry conditions. During fiscal 2024, the closing price of our common stock as reported by the Nasdaq Capital Market fluctuated between $0.70 and $1.42. We are required to meet certain financial criteria in order to maintain our listing on the Nasdaq Capital Market. One such requirement is that we maintain a minimum closing bid price of at least $1.00 per share for our common stock. If we fail this requirement then Nasdaq will issue a notice that we are not in compliance and we will need to take corrective actions in order to not be delisted. Such corrective actions could include a reverse stock split, which may adversely affect the liquidity of our common stock. Additionally, there is no way to guarantee that such a measure, if implemented, would help us regain compliance with Nasdaq’s minimum bid price requirement or maintain compliance with its other listing rules.

We are dependent upon our management team and the loss of any of these individuals could harm our business.

We are dependent on the efforts of our key management personnel. The loss of any of our key management personnel, or our inability to recruit and train additional key management and other personnel in a timely manner, could materially and adversely affect our business, operations and future prospects. We maintain a key man insurance policy covering our Chief Executive Officer.

Our business can be impacted by geopolitical events, trade and other international disputes, war, terrorism, natural disasters, public health issues, and other business interruptions.

Geopolitical events, trade and other international disputes, war, terrorism, natural disasters, public health issues, and other business interruptions can adversely impact international commerce and the global economy, and could have a material adverse effect on our business, customers, employees, and partners.

Because competition for highly qualified personnel is intense, we might not be able to attract and retain the employees we need to support our planned growth.

We will need to increase the size and maintain the quality of our sales force, software development staff and professional services organization to execute our growth plans. To meet our objectives, we must attract and retain highly qualified personnel with specialized skill sets. Competition for qualified personnel can be intense, and we might not be successful in attracting and retaining them. Our ability to maintain and expand our sales, product development and professional services teams will depend on our ability to recruit, train and retain top quality people with advanced skills who understand sales to, and the specific needs of, our target customers. For these reasons, we have experienced, and we expect to again experience in the future, challenges in hiring and retaining highly skilled employees with appropriate qualifications for our business. In addition to hiring services personnel to meet our needs, we may also engage additional third-party consultants as contractors, which could have a negative impact on our financial results. If we are unable to hire or retain qualified personnel, or if newly hired personnel fail to develop the necessary skills or reach productivity slower than anticipated, it would be more difficult for us to sell our products and services, and we could experience a shortfall in revenue and fail to achieve our planned growth.

Acquisitions may be difficult to integrate into our existing operations, may disrupt our business, dilute stockholder value, divert management’s attention, or negatively affect our operating results.

We have acquired multiple businesses since our inception in 2000, including two in fiscal 2021. Acquisitions could involve substantial investment of funds or financings by issuance of debt or equity securities and could result in one-time charges and expenses and have the potential to either dilute the interests of existing stockholders or result in the issuance or assumption of debt. Any such acquisition may not be successful in generating revenues, income or other returns to us, and the resources committed to such activities will not be available to us for other purposes. Moreover, if we are unable to access capital markets on acceptable terms or at all, we may not be able to consummate acquisitions, or may have to do so based upon less than optimal capital structure. Our inability to take advantage of growth opportunities for our business or to address risks associated with acquisitions or investments in businesses may negatively affect our operating results. Additionally, any impairment of goodwill or other intangible assets acquired in an acquisition or in an investment, or charges to earnings associated with any acquisition or investment activity, may materially reduce our earnings which, in turn, may have a material adverse effect on the price of our common stock.

We have issued preferred stock with rights senior to our common stock, and may issue additional preferred stock in the future, in order to consummate a merger or other transaction necessary to continue as a going concern.

Our Certificate of Incorporation authorizes the issuance of up to 1,000,000 shares of preferred stock, par value $0.001 per share, without stockholder approval and on terms established by our board of directors, of which 264,000 shares have been designated as Series A Preferred, 5,000 shares have been designated as Series B Preferred, 11,000 shares have been designated as Series C Preferred and 4,200 shares have been designated as Series D Preferred. We may issue additional shares of preferred stock in order to consummate a financing or other transaction, in lieu of the issuance of common stock. The rights and preferences of any such class or series of preferred stock would be established by our board of directors in its sole discretion and may have dividend, voting, liquidation and other rights and preferences that are senior to the rights of our common stock.

We have never paid dividends on our common stock and we do not anticipate paying dividends in the future.

We have never paid cash dividends and do not believe that we will pay any cash dividends on our common stock in the future. Since we have no plan to pay cash dividends, an investor would only realize income from their investment in our shares if there is an increase in the market price of our common stock, which is uncertain and unpredictable.

We are also subject to anti-takeover provisions under Delaware law, which could delay or prevent a change of control. Together these provisions may make the removal of management more difficult and may discourage transactions that otherwise could involve payment of a premium over prevailing market prices for our securities. Provisions in our amended and restated bylaws and Delaware law may have the effect of discouraging lawsuits against our directors and officers.

Our amended and restated bylaws require that derivative actions brought in our name, actions against our directors, officers, other employees or stockholders for breach of fiduciary duty and other similar actions may be brought only in the Court of Chancery in the State of Delaware. Any person or entity purchasing or otherwise acquiring any interest in shares of our capital stock shall be deemed to have notice of and consented to the forum provisions in our amended and restated bylaws.

This choice of forum provision may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or any of our directors, officers, other employees or stockholders, which may discourage lawsuits with respect to such claims. Alternatively, if a court were to find the choice of forum provision contained in our amended and restated bylaws to be inapplicable or unenforceable in an action, we may incur additional costs associated with resolving such action in other jurisdictions, which could harm our business, operating results and financial condition.

Item 1B. Unresolved Staff Comments.

None.

Item 1C. Cybersecurity.

Risk Management and Strategy

Our cybersecurity and risk management program is intended to protect the confidentiality, integrity, and availability of our critical information systems and the data resident on them. We have designed our IT systems and processes with the intention that our solutions should defend against the ever-evolving threat landscape while remaining agile to keep up with such threats. We have established processes for assessing, identifying and managing cybersecurity risks, which are built into our information technology function and are designed to safeguard our information assets and operations from internal and external cyber threats, including protecting employee information from unauthorized access to or attacks on our networks and systems. These processes include physical, procedural and technical safeguards, response plans, regular tests on our systems, incident simulations and routine reviews of our policies and procedures to identify risks and enhance our practices. We also employ processes to identify material risks from cybersecurity threats associated with our use of third-party service providers.

In an effort to deter and detect cyber threats, we periodically provide training programs to our employees on issues related to privacy and data protection, cybersecurity risks, and the importance of reporting all incidents immediately. Topics include identifying phishing, password protection, securing confidential data, and mobile security. In addition, we use technology-based tools to mitigate cybersecurity risks and to bolster our employee-based cybersecurity programs. We also perform annual vulnerability assessments, conducted by independent, third-party cybersecurity firms. Additionally, as part of our overall risk mitigation strategy, the Company obtains certain insurance policies. However, such insurance may not be sufficient in type or amount to cover us fully against claims related to security breaches, cyber-attacks and other related breaches.

An incident response plan has been established which provides detailed information on actions to take in the event of an incident. The incident response plan includes the scope of the plan, establishes the incident response team, details the incident response lifecycle, and provides templates to make the process easier to document and follow. Timelines, communication methods, and notification information are included in the plan to ensure the process can be followed in high pressure situations which can occur during incidents.

Governance

The Audit Committee of our Board of Directors provides direct cybersecurity risk oversight. Our management provides timely disclosure and related updates to the Audit Committee regarding potential cybersecurity threats, incidents and general risks.

Our management periodically evaluates information on evolving cybersecurity risks and, based on its assessment of the processes the Company has put in place, does not believe there are currently any known risks from cybersecurity threats that are reasonably likely to materially affect us or our business strategy, results of operations, or financial condition. Further, we have not had any cybersecurity incidents in 2024, and through the date of filing of this Form 10-K.

While prior incidents have not had a material impact on us, future incidents could have a material adverse effect on our business, results of operations and cash flows. For additional information about our cybersecurity risks, see Item 1A — Risk Factors on this Annual Report on Form 10-K.