AvePoint, Inc. (AVPT) Business
This page reproduces the company's own Item 1 Business text from the linked SEC filing. It is filer text, not grepcent analysis, scoring, or investment advice.
Informational only - not investment advice. See Disclaimer.
ITEM 1. BUSINESS
Company Overview
AvePoint is a global provider of modern data protection, enabling organizations to secure, govern, and operationalize data at scale across major cloud ecosystems. Customers rely on the AvePoint Confidence Platform to reduce risk, improve operational efficiency, and accelerate digital transformation as they adopt cloud collaboration and artificial intelligence ("AI")-driven advanced tools and workflows.
As organizations embed AI into core business processes, data becomes both a strategic asset and a growing source of risk. AI can amplify the impact of poor data hygiene, including sensitive data exposure, compliance failures, and operational disruption. Enterprises increasingly require a modern data foundation where data is discoverable, classified, governed, protected, and recoverable by design.
4
Table of Contents
PART I
Item 1
The Enterprise Challenges We Address
Our solutions are designed to address four pervasive and interconnected enterprise data challenges:
| ■ | Legacy and fragmented data that limits visibility, governance, and AI readiness; | |
|---|---|---|
| ■ | Overexposed data that increases security, privacy, and regulatory risk; | |
| ■ | Digital sprawl that drives operational complexity and rising total cost of ownership; and | |
| ■ | Data loss and interruption, which threaten business continuity and organizational resilience. |
By addressing these challenges through an integrated platform, we enable organizations to reduce risk, lower complexity, and accelerate time-to-value from their data.
Platform Model and Recurring Revenue Dynamics
Our platform model is designed to deliver compounding customer value over time, which supports durable recurring revenue. As customers increase adoption across workloads, users, geographies, and use cases, they gain improved visibility, cleaner data, stronger governance, and enhanced resilience outcomes and capabilities that become more valuable as data volumes and AI usage grow.
This dynamic supports a reinforcing model: broader platform adoption improves data trust and control, which increases platform utility and drives additional use cases and module adoption over time. And in turn, this improved platform penetration increases switching costs and supports ongoing improvements in gross and net retention metrics, as AvePoint becomes more strategic and embedded within our customers.
5
Table of Contents
PART I
Item 1
Our Platform
AvePoint Confidence Platform
The AvePoint Confidence Platform is a comprehensive and integrated set of solutions that empowers technology teams including: IT operations, development operations, and cybersecurity to govern and secure the digital workplace.
Built on a Platform-as-a-Service (PaaS) architecture, the platform combines modularity with tailored functionality to address operational challenges and manage data effectively across a broad set of cloud and content ecosystems. These include major hyperscalers and enterprise applications such as Microsoft, Salesforce, Google, AWS, Box, and Dropbox, as well as other collaboration, identity and developer platforms such as Docusign, Confluence, GitHub, Jira, Okta, Bitbucket, Smartsheet and Monday.com. Through connections and extensions to existing cloud services, the platform is designed to provide flexibility, consolidate point solutions, and accelerate customer return on investment.
Suites
The AvePoint Confidence Platform consists of three interconnected suites:
| ■ | Control Suite: Automates data governance, enforces policies, and optimizes SaaS investments, enables expense management and reduction, and provides insight into access, risk, and entitlements across collaborative platforms. | |
|---|---|---|
| ■ | Resilience Suite: Supports business continuity and compliance through Backup-as-a-Service, ransomware recovery, lifecycle management, and classification-driven protection. | |
| ■ | Modernization Suite: Modernizes legacy systems and processes into AI-ready, SaaS-based experiences to accelerate employee engagement, digital transformation, and productivity. |
Packaging
We deliver our capabilities through modular suites designed to meet customers at their maturity level and expand over time. We have begun packaging the suite capabilities of the AvePoint Confidence Platform into tiered bundles to simplify selling and adoption using a "good-better-best" model aligned to customer profiles and a clear growth path.
While we expect these bundles will continue to evolve as they become more popular in the market, today they are focused primarily on the capabilities of the Control and Resilience suites, and are offered as follows:
| ■ | "Essentials" bundle (Tier 1): ■ Control: Establishes the baseline for data security, compliance, productivity, and AI readiness with tools to streamline data governance, simplify data management, and enhance security. ■ Resilience: Protects cloud data from external attacks and insider threats with better visibility into data being backed up to recover faster. | |
|---|---|---|
| ■ | "Plus" bundle (Tier 2): ■ Control: Supports proactive and persistent data security measures by automating governance, delegating administration and reducing costs. ■ Resilience: Provides comprehensive, automated backup with granular recovery capabilities for the most crucial customer workloads. | |
| ■ | "Complete" bundle (Tier 3): ■ Control: Offers the most strategic approach to data security aimed at mitigating risks and driving AI transformation. ■ Resilience: Provides complete protection of the entire cloud estate with data optimization capabilities to more effectively manage data risk. |
6
Table of Contents
PART I
Item 1
Strategic Use Cases
Customers typically begin with one strategic use case and expand across additional capabilities as requirements mature. Key use cases include:
| ■ | AI Confidence and Readiness: Improve data quality, security, governance, and adoption to accelerate AI-driven innovation while reducing exposure, regulatory, and integrity risks. | |
|---|---|---|
| ■ | Ransomware Protection and Disaster Recovery: Protect and rapidly recover critical workloads across major ecosystems to reduce downtime and limit the operational and financial impact of cyber incidents. | |
| ■ | Cloud ROI and Optimization: Reduce waste by rightsizing licenses, reclaiming redundant storage, consolidating solutions/vendors, and automating workflows. | |
| ■ | Operational Governance: Operationalize governance through automated provisioning, lifecycle management, and policy enforcement across clouds. | |
| ■ | Security Posture Management: Discover, monitor, and control AI agents to strengthen compliance, security, and trust as organizations scale AI. | |
| ■ | Agentic AI Governance: Discover, monitor, and control AI agents to strengthen compliance, security, and trust as organizations scale AI. | |
| ■ | Regulatory Compliance and Information Lifecycle: Automate information lifecycle management - from classification to retention and disposition - while maintaining auditable controls and reducing data bloat. | |
| ■ | Cloud Transformation and Modernization: Execute secure, high-fidelity migrations with permission mapping and in-flight clean-up. Surface user analytics to drive adoption post-cutover, rationalize legacy data, and unlock the full value of cloud investments. | |
| ■ | Multi-Tenant Management: Manage multiple tenants at scale with consistent baselines, cross-tenant policy automation, and unified reporting. Reduce tickets, prove value with measurable outcomes, and deliver repeatable, profitable managed services. |
Our Technology and Architecture
We believe platform architecture matters because it determines how effectively organizations can discover, govern, protect, and recover data across distributed, multi-cloud environments.
We believe the following attributes and characteristics of our platform architecture allow us to offer a differentiated approach to modern data security and business intelligence.
Rich Inventory of Data Characteristics
Rather than merely storing logs, our platform creates a dynamic inventory of data characteristics synthesized from unstructured data streams. In the modern enterprise, data is rarely static, it flows from business applications and generative AI tools in high-volume, unstructured formats such as collaborative communications, automated agent outputs, and complex document metadata.
| ■ | Defining Unstructured Data: This includes the high-volume, diverse outputs of modern work: emails, chat logs, call transcriptions, sensor data, digital workspace, access controls, productivity cloud services documents (i.e. M365 files, Google Workspace files, Adobe files, Docusign, GitHub, Atlassian, etc.), and AI-generated outputs. | |
|---|---|---|
| ■ | The Evolution of Attributes: As this data is processed, its attributes (such as sensitivity, intent, and lineage) change in real-time. | |
| ■ | The Governance Imperative: Because unstructured data is often the first place sensitive information or threats appear, it must be governed and managed in near real-time. By capturing how the business environment operates on corporate data as it happens, our platform provides superior insights into business outcomes that traditional, static databases often miss. |
Modern Data Protection Architecture & Interoperability
The AvePoint Confidence Platform serves as a foundational layer within any data protection framework. We do not just reside within the network; we act as the authoritative control plane for policy management and real-time remediation.
By maintaining interoperability across hybrid-cloud environments, we enforce strict identity verification and "least privilege" access at the data layer. If a data characteristic shifts - signaling a potential breach or policy violation - the platform is designed to trigger immediate remediation, ensuring that trust is never assumed and always verified.
7
Table of Contents
PART I
Item 1
Elastic Data Engine & AI Threat Layer
We have engineered a layered architecture designed for massive scale and proactive defense. This engine is specifically tuned to identify and neutralize threats inherent to the AI era:
| ■ | Business Logic Layer: Defines the specific security and operational rules required by the organization. | |
|---|---|---|
| ■ | Elastic Scaling Data Abstraction Layer: Decouples logic from physical storage, allowing the system to expand instantly to meet massive data surges without performance degradation. | |
| ■ | AI-Specific Remediation: Our proprietary algorithms are designed to catch emergent threats including: |
| ○ | The "Zero-Trust" AI Foundation: Neutralizing the existential risk of AI-driven data leaks by enforcing automated, real-time "Least-Privilege" security. | |
|---|---|---|
| ○ | Autonomous Agent Governance: Preventing "Shadow AI" through a centralized command-and-control layer for autonomous agents and Copilots. | |
| ○ | AI Data Integrity & Hallucination Defense: Maximizing AI ROI by purging the "Data Debt" that causes model inaccuracy and corporate liability. | |
| ○ | Unified Multi-SaaS AI Guardrails: Harmonizing security and compliance across the fragmented, multi-vendor AI landscape. | |
| ○ | Mission-Critical AI Resilience: Guaranteeing the uptime integrity of AI-integrated business processes through ultra-high-speed recovery. |
Application Programming Interface ("API")-Driven Automation and Orchestration
The AvePoint Confidence Platform provides a robust API framework that functions as the connective tissue for security operations.
| ■ | Integration: Seamlessly connects with existing IT stacks, SIEMs, and SOAR platforms. | |
|---|---|---|
| ■ | Orchestration: Automatically triggers the response mechanism for incident and problem resolution systems. By orchestrating the end-to-end lifecycle of a security event, we reduce "Mean Time to Repair" (MTTR) and ensure consistent policy enforcement at a scale human operators cannot achieve manually. | |
| ■ | Integration layer: Primary connectors (e.g., M365, Salesforce, Google, AWS, Box/Dropbox) and what "deep integration" means in practice. | |
| ■ | Discovery/classification layer: Metadata, labeling/sensitivity, ownership/lineage, scanning approach. | |
| ■ | Policy and automation engine: Access governance, lifecycle actions, retention/disposition, workflow automation. | |
| ■ | Protection and recovery services: Backup architecture, recovery workflows, ransomware recovery/testing (where applicable). | |
| ■ | Analytics/insights: Risk posture, usage optimization, compliance reporting. |
Security, Compliance, and Trust
We support customer requirements for security and compliance through our operational controls, certifications, and global service delivery footprint.
| ■ | Encryption and Key Management: All customer data is encrypted both in transit (using TLS 1.2 or greater) and at rest (using AES-256). We support advanced key management strategies, including Bring Your Own Key (BYOK) for enterprise customers requiring granular control over data access. | |
|---|---|---|
| ■ | Global Sovereignty: To comply with increasingly fragmented data privacy laws (such as the General Data Protection Regulation (“GDPR”)), we offer multi-geo tenancy, allowing customers to specify exactly which regional data centers house their data and metadata. | |
| ■ | Certifications and Authorization: We maintain a comprehensive compliance portfolio, including SOC 2 Type II attestation, ISO 27001/27017/27018 certifications, and compliance with HITRUST CSF v11.0.1., CSA STAR, and IRAP. Furthermore, our authorization under FedRAMP (moderate) validates our ability to serve U.S. federal agencies, serving as a strong proxy for security maturity to the broader market. Lastly, in 2025 we achieved Information System Security Management and Assessment Program (ISMAP) certification in Japan, one of the most comprehensive government security standards in the world. | |
| ■ | Operational Controls: We employ strict Role-Based Access Control (RBAC), continuous vulnerability scanning, and a secure software development lifecycle (SDLC) to minimize risk and ensure auditability across all platform operations. |
8
Table of Contents
PART I
ITEM 1
Customer Support and Success
Our customer success approach is proactive and relationship-focused, designed to help customers rapidly deploy and realize value from the AvePoint Confidence Platform and ensure strong customer retention and expansion. This includes:
| ■ | onboarding and enablement model, adoption reviews, technical success coverage | |
|---|---|---|
| ■ | support tiers and escalation/incident response posture | |
| ■ | premium unified support services, which provide technical on-site support to optimize and allow for tight integration of our solutions to our customers' expansive multi-cloud infrastructure |
We maintain a Net Promoter Score above 50, an elite benchmark in B2B SaaS and at a level typically associated with best-in-class customer satisfaction and loyalty, per CustomerGauge benchmarking data.
Market Opportunity
Global data volumes continue to grow rapidly, with unstructured data representing approximately 80% of all data, as well as a significant portion of the increase. Enterprises face rising regulatory pressure, expanding cybersecurity threats, and, more recently, ongoing operational complexity from multi-cloud environments and SaaS business application and AI agent sprawl. These trends create a large and rapidly growing market for secure, automated, and AI-ready data governance and resilience solutions.
Historically, the most significant shifts in software came from how business applications were built and delivered. This trend continues today with advanced AI, where instead of manually building every workflow and interface, organizations increasingly use agentic tools to translate business requirements and policies into working software components and automated processes. This shift makes the data and policy layers, on which those AI tools rely to reason and act safely, even more critical. And in turn, modern data platforms like the AvePoint Confidence Platform become structurally even more important, because they provide the governance framework classification, access controls, retention, auditability, and resilience that transforms enterprise data into a secure, high-quality signal for AI. Furthermore, as organizations seek to leverage AI to reduce expenses and optimize performance, agentic architectures only deliver real efficiency when they operate on trusted data and enforce consistent rules. The result is a durable foundation for modern data protection – the more software becomes AI-assisted and automated, the more valuable a holistic governance and resilience platform becomes, because it serves as the central command for enterprise data performance.
While today our focus is primarily on the data governance and security categories, we expect to capture spend from other areas of the broader data management opportunity, including data integration and intelligence, identity and access management, security analytics, cloud application protection and advanced AI tooling. We are also seeing growing instances of these spend categories beginning to converge, which we believe positions us well as a platform offering for managing critical data.
Our Growth Strategy
Our aggressive pursuit of the enormous long-term market opportunity we see includes the following growth strategies:
| ■ | Accelerate Customer Adoption and Retention. We constantly seek to increase customer satisfaction, decrease time to value, reduce customer churn and set up successful land and expand opportunities. To do so, we have made significant investments in our customer success program and in technology which provides additional telemetry to enhance our understanding of how customers use our solutions. We are also adding AI-enhanced customer interactions and tailored usage across all personas of the organization. We believe these investments will deepen our relationships with existing customers. | |
|---|---|---|
| ■ | Expand the AvePoint Confidence Platform Offerings. We have built a differentiated platform that addresses a number of strategic use cases, and we plan to introduce new and adjacent products to extend our data management value proposition and to improve the functionality of existing products and features, with a particular focus on AI ready solutions that transform and enrich data and span multiple cloud vendors. | |
| ■ | Broaden our Market Presence. We sell to organizations of all sizes, in all regions of the world, and across a broad array of industries. We have seen strong new customer growth, especially in the small business segment, by leveraging our global partner ecosystem, and through the expansion of our direct sales force both in regions where we have an established presence and in new markets where cloud adoption is growing. | |
| ■ | Continue Scaling our Partner and Channel Ecosystem. The ongoing cultivation of our strategic relationships with partners will support the continued penetration of markets in which we previously lacked presence, and those in which we have a presence that can be expanded. The continued scaling of this ecosystem, especially our focus on Managed Service Providers (“MSPs”), offers particular value in our pursuit of small and mid-sized customers and will be a critical component of our ability to continue driving profitable growth going forward. | |
| ■ | Opportunistically Pursue Strategic Acquisitions and Investments. While the large majority of our current offerings were built organically, we have completed six acquisitions since 2022, and we expect that strategic acquisitions and investments will be an important growth driver for our business. This may include acquiring or investing in businesses or products with complementary technologies and/or functionality to our existing product offerings, or that reduce the time or costs required to develop new technologies, augment our engineering workforce, improve our internal business and operating systems, and enhance our technological capabilities. |
Go-to-Market Strategy
We sell to organizations of all sizes and across geographies and industries. Our go-to-market strategy combines a direct sales force with indirect routes to market, including a broad partner ecosystem. We sell subscriptions to customers through our channel partners primarily using a two-tier, indirect fulfillment model. We also offer our SaaS products via the marketplaces of our technology alliance partners, including Google Cloud Platform ("GCP"), Microsoft Azure, ("Azure") and Amazon Web Services ("AWS").
As of December 31, 2025, we served more than 28,000 end customers across more than 100 countries, with no customer representing more than 10% of billings or accounts receivable for the years ended December 31, 2025 and 2024.
We classify our customer base by size and geography:
| ■ | Small Business (“SMB”) segment. Companies with fewer than 500 user seats that we serve primarily through channel partners, especially MSPs, as discussed below. As of December 31, 2025, the SMB segment accounted for 20% of our total annual recurring revenue. | |
|---|---|---|
| ■ | Mid-Market segment. Companies with greater than 500 but fewer than 5,000 user seats that we increasingly serve through channel partners. As of December 31, 2025, the Mid-market segment accounted for 28% of our total annual recurring revenue. | |
| ■ | Enterprise segment. Companies with greater than 5,000 user seats that we primarily serve through our direct sales teams. As of December 31, 2025, the Enterprise segment accounted for 52% of our total annual recurring revenue. |
Indirect Routes to Market and Partner Ecosystem
We leverage a global channel partner program that includes approximately 6,000 managed service providers, value added resellers, and system integrators. Our solutions are available in more than 100 software marketplaces globally and our technology alliance partners, including GCP Marketplace, Azure Marketplace, and AWS Marketplace, support procurement and provisioning efficiencies and enabling scalable distribution, particularly through MSPs. We provide MSPs with a special edition of the Confidence Platform called the Elements edition, tailored for their unique needs. The Elements edition of the Confidence Platform enables MSPs to seamlessly manage multiple clients, clouds and tenants to drive more efficient revenue growth, and reflects our ongoing focus on this important route to market.
Our channel partners collectively help maximize our technological expertise and, importantly, our geographic coverage, by building awareness of our products and brand, generating customer leads, implementing our solutions, and providing critical value-added services. They are especially critical in our focus on the small business and mid-market customers who collectively represent an enormous market opportunity for us.
Strategic Partnerships
Hyperscalers and ecosystem providers are important partners and provide an opportunity to scale across global data centers. We maintain strategic partnerships with Microsoft, Google, and AWS that incorporate technology, sales, and marketing initiatives.
9
Table of Contents
PART I
Item 1
Research And Development
We continuously seek to develop new offerings and enhance existing offerings and support customer deployments. We use agile development methodologies and focus on delivering high-quality products and adapting to evolving market requirements. We believe expanding functionality and introducing adjacent products is critical to customer success and reinforces the breadth of our solutions.
Intellectual Property
We rely on a combination of trade secrets, copyrights, and trademarks to establish and protect our intellectual property rights. We also rely on contractual protections, such as license, assignment, and confidentiality agreements, and technical measures. We pursue the registration of domain names, trademarks, and service marks in the United States and in various jurisdictions outside the United States. We control access to and use of our proprietary technology and other confidential information through the use of internal and external controls, including contractual protections with employees, contractors, customers, and partners, and our software is protected by U.S. and international intellectual property laws. We require our employees, consultants, and other third parties to enter into confidentiality and proprietary rights agreements and control access to software, documentation, and other proprietary information. Our policy is to require employees and independent contractors to sign agreements assigning to us any inventions, trade secrets, works of authorship, developments, and other processes generated by them on our behalf and agreeing to protect our confidential information. In addition, we generally enter into confidentiality agreements with our vendors and customers.
Competition
We primarily face competition according to the use cases we target. Our main competitors fall into the following categories:
| ■ | Data protection and legacy backup vendors; | |
|---|---|---|
| ■ | Vendors primarily focused on cybersecurity, data security posture management, threat detection, data classification, and other data security subcategories; and | |
| ■ | Smaller cloud and data management vendors that offer products that compete with some of our capabilities. |
However, we believe that our platform architecture and approach to modern data protection make us unique among companies offering overlapping point solutions. These advantages include the breadth of functionality offered in a single integrated platform, ease of use, scalability, security protocols, integration breadth, time-to-value, and total cost of ownership.
Seasonality
Our quarterly revenue can fluctuate and does not necessarily grow sequentially when measuring any one fiscal quarter’s revenue against another. Historically, our first quarter has been our lowest revenue quarter and our fourth quarter has been our highest revenue quarter, however those results are not necessarily indicative of future quarterly revenue or full year results. Additionally, the timing of new product and service introductions can significantly impact revenue. Lastly, the mix of revenues in any given quarter can cause fluctuations in our reported results, due to differing revenue recognition principles, as discussed further below.
10
Table of Contents
PART I
Item 1
Human Capital
The success of our people is the success of our Company, making our talent strategy a core focus of our operations. We received accolades designating us as a “best place to work” in 2024, including recognition from Inc. Magazine and Forbes. Our key human capital objectives include attracting and developing top talent, engaging our team in an environment where they thrive, and integrating our core values into our operating practices.
Our values are long-held beliefs that guide the behaviors of our global teams and are foundational to our present and future success. These are not ‘statements on a wall’ but a true representation of how we act as a team:
| ■ | Agility: We value quick, informed decision-making to meet and exceed customer expectations. We subscribe to a growth mindset, which contributes to our entrepreneurial and learning spirit. | |
|---|---|---|
| ■ | Passion: Drive and energy are contagious here; we are not just going through the motions. We do things that are impactful and, as a result, amplify our customers’ success. | |
| ■ | Teamwork: We are invested in the success of our colleagues, partners, customers, and communities. We do this by promoting global collaboration and taking pride in helping, sharing, mentoring, and coaching each other. |
Team
As of December 31, 2025, we had 3,443 employees globally. A large percentage of our employees have technical and professional backgrounds and undergraduate and/or advanced degrees. Our professional staff includes programmers, data and computer scientists, electrical and mechanical engineers, software and hardware specialists, project managers, sales and marketing professionals, and a multi-disciplinary support infrastructure. None of our employees are represented by a labor union with respect to their employment. We are not aware of any employment circumstances that are likely to disrupt our work efforts. See the section titled “Risk Factors” (Part I, Item 1A of this Annual Report) for a discussion of the risks related to the loss of key personnel or our inability to attract and retain qualified personnel.
Recruitment and Internal Mobility
We want to attract a pool of diverse and exceptional candidates and support their career growth once they join our team. We seek to hire based on proven experience and potential, providing opportunities to develop in critical operational areas. In our evaluation and career development efforts, we emphasize internal mobility opportunities as a core strategy to drive professional development. Our goal is a long-term, upward-bound career for every colleague, which also drives our retention efforts. Our talent acquisition team directly recruits highly skilled and talented people, and we encourage and incentivize employee referrals for open positions.
Rewards
We strive to provide globally a competitive suite of pay, comprehensive benefits, and services. We incentivize performance through a combination of competitive base pay, performance-based cash incentives and long-term incentives in the form of equity and cash. We believe this combination fosters a strong sense of ownership, aligns the interests of employees with our stockholders, and increases stockholder value and our overall success.
11
Table of Contents
PART I
Item 1
Environmental, Social and Governance Matters
We recognize the importance of environmental, social and governance (“ESG”) matters and how they impact our customers, employees, community partners, and stockholders. We believe appropriately prioritizing ESG issues is an important component of corporate social responsibility and comprehensive fiscal management. In addition, we believe that strong ESG programs and practices are critical to attracting the best talent, executing on our corporate strategies, maintaining a robust supplier and channel partner base, and innovating to meet our consumers’ evolving expectations.
The disclosure below describes the goals of our ESG program to allow our stakeholders to be informed about our progress and future direction.
1. Environmental
Across our 32 offices, we strive to reduce our environmental footprint, operate more efficiently, and engage our personnel in social initiatives that directly impact their lives. To fulfill our aim of integrating environmental sustainability into everything we do, we have implemented numerous projects across our operations to limit our environmental impact, such as implementing paperless campaigns, the encouragement of recycling and elimination of paper products, the sourcing of office resources from sustainable sources, and the recycling of physical IT assets. In addition, we also strive to make operational decisions with attention to environmental impact and have LEED certified offices in the United States and maintain other energy certifications and maximization projects in our offices abroad.
As a software company, we were an early mover to transition from traditional on-premises software solutions to software-as-a-service and hybrid deployments. Not only does cloud computing help meet the needs of our customers, but it also has tremendous benefits to the environment, including greater energy efficiency, lower carbon emissions, and reduced carbon footprints. In furtherance of our goals to reduce unnecessary use, we review the data on the environmental impact of physical server providers and only use server providers who publish such data.
12
Table of Contents
PART I
Item 1
2. Social
As a global company, we have a tremendous opportunity – and responsibility – to do good. We strive to exemplify our core values of agility, passion and teamwork every day to ensure the success of our colleagues, customers, partners, and stakeholders as well as make a positive impact in the communities where we live and work. To do this, we are committed to creating and empowering access to a variety of opportunities as described below:
Our organization employs talent from many different backgrounds, experiences, and identities. Diversity and inclusion drive our success and is at the core of how we hire, communicate and collaborate to deliver value and excellence. We are committed to fostering an environment where people can bring their whole selves to work and feel a sense of belonging. Through our employee resource groups, internal mobility opportunities across the countries in which we operate, and external partnerships with underrepresented minority networks, we continue to work toward creating a workforce that represents the diversity of our customers and communities.
Supporting Agents of Change: Our Talent
We are committed to investing in our people and nurturing a growth mindset across our organization. Our talent development philosophy builds upon the idea that business growth and success come from a culture of collaboration and creativity, and that our people should feel empowered to craft their careers, make an impact, and own their futures. Our portfolio of learning and development programs equips our leaders and managers with the skills and confidence to lead high-performing teams, and supports our individual contributors with the tools and resources to contribute impactfully in their roles from the moment they join AvePoint.
Responsible Use of Artificial Intelligence
At AvePoint, we recognize that AI continues to rapidly transform the business landscape. As such, we are committed to the safe, ethical, and responsible use of AI both within our company and for the broader technology industry. We have implemented robust training, policies, and procedures to ensure our employees are educated on the responsible use of AI. Further demonstrating our commitment, AvePoint is a founding member of the AI Trust Foundation, a non-profit membership organization designed to be the leading voice for promoting beneficial AI through education and outreach at all levels of society. Through internal governance and external collaboration, we aim to set the standard for acceptable and responsible use of AI.
In 2024, AvePoint implemented a board-approved Responsible AI Charter, to establish a set of guidelines and principles for the responsible and ethical use, development, and deployment of AI within our organization, and to ensure consistency with similar company AI policies and practices, particularly data privacy and confidentiality protections. This Responsible AI Charter is a key component of AvePoint’s commitment to ensuring that AI is developed and deployed in a way that respects human values, rights, and dignity. AvePoint, as a leader in cloud data management and governance, recognizes its responsibility to use AI in an ethical and responsible manner.
13
Table of Contents
PART I
Item 1
3. Corporate Governance
Social Responsibility Support from the Top
At AvePoint, our corporate governance practices support our core values of agility, passion, and teamwork. These practices provide a framework for the proper operation of our company, consistent with our stockholders’ best interests and the requirements of law.
We are committed to managing our affairs consistent with the highest principles of business ethics and with the corporate governance requirements of both Nasdaq and applicable law. In keeping with these principles:
| ■ | A majority of our Board members are independent of AvePoint and its management; | |
|---|---|---|
| ■ | All members of our three Board committees—the Audit Committee, the Compensation Committee, and the Nominating and Governance Committee—are independent of AvePoint and its management; | |
| ■ | We have a transparent and publicly available Code of Ethics and Business Conduct that outlines our corporate policies to which all employees, officers and directors must adhere; | |
| ■ | We have a corporate compliance training program which requires and monitors trainings given on an annual basis; and | |
| ■ | The charters of our Board committees clearly establish their respective roles and responsibilities. |
Management of Corporate Governance Resources
In 2025, we continued taking significant steps to reinforce our commitment to corporate governance and ethical practices, aligning with our strategic priorities. We completed our yearly review of all corporate governance policies, seeking to ensure they are in line with current industry standards, regulatory requirements and our values, and address emerging issues. Our extensive list of corporate policies is publicly available on our website at the following web address, https://www.avepoint.com/ir/governance/governance-documents. We strive to continue to demonstrate transparency and accountability, fostering trust and confidence among investors, customers, and the broader community.
Our ongoing initiatives in 2025 underscored our commitment to robust corporate governance, ethical business practices, and employee empowerment. As a result of our continued process improvements, we again received an ESG Prime Label from Institutional Shareholder Services (ISS), meaning our common stock will qualify for responsible investment based on our improved score on their ESG Corporate Rating Report. By proactively reviewing, updating, and communicating our policies, we demonstrated our dedication to transparency, accountability, and responsible stewardship in pursuit of its strategic objectives.
14
Table of Contents
PART I
Item 1
Earning the World’s Trust
As a global company which is responsible to employees, stockholders, and customers, our vision for AvePoint is to build an environment in which we earn trust and confidence every day through enabling collaboration and innovation through our commitment to privacy, security, and transparency.
Commitment to powering proactive data security programs
We understand the importance of security and operational risk management and are committed to providing organizations with relevant metrics which help them make decisions that are proactive rather than reactive. When done in conjunction with policies, education and measurement, organizations can balance collaboration and transparency with data protection and privacy. We seek to earn trust not just with robust security and privacy practices, but with the way we operate and organize our business.
Aligning to clear privacy principles
We have a policy of transparency regarding our data collection, use, retention and sharing practices. It is our commitment to implement appropriate technical security measures to protect all AvePoint stakeholders and manage third party risk. We use this foundation and discipline to develop market-leading privacy and security products and deliver world class customer service. Our software, processes and services have obtained industry-leading security and privacy certifications.
We have obtained three ISO certifications that attest to our compliance with the highest standards of information security and privacy. These certifications are based on the ISO 27001, ISO 27017, and ISO 27701 standards, which cover the requirements for an information security management system (ISMS), cloud security, and privacy information management system (PIMS), respectively. Further attestations include SOC 2 Type II, compliance with HITRUST CSF v11.0.1., Information Security Registered Assessors (IRAP) Program, FedRAMP, and more.
Our achievement of these certifications and attestations showcases our dedication to protecting personal data and complying with privacy regulations. This certification solidifies our position as a trusted partner for organizations seeking robust privacy information management systems. By adopting ISO standards, we empower businesses to navigate privacy requirements across jurisdictions effectively, ensuring the security of sensitive information and fostering trust in the digital realm.
We also seek to align our supply chain to similar standards of privacy and security. To that end, we have implemented a rigorous program to assess the privacy and security policies and procedures of our own vendors and suppliers so that our stakeholders receive a consistent approach to privacy and security matters.
Advancing cybersecurity
Cybersecurity is a central challenge for companies around the world as they continue on the digital transformation. Ransomware attacks have become one of the top security threats for organizations, especially as increased collaboration can lead to more vulnerabilities. The cost to recover stolen data can be millions of dollars, in addition to substantial reputational damage. AvePoint Ransomware Detection, and its Ransomware Warranty for MSPs, which primarily serves small business clients, gives assurance that companies will be protected.
Strengthening our offerings by first strengthening ourselves
We have built a resilient, scalable and secure IT environment by investing in complementary industry leading technology and security solutions, in addition to utilizing our own software platform. In addition, we have built a corporate culture in which privacy and security are enablers of productivity, collaboration and trust; we balance the free flow of information with the risk of inappropriate access and/or disclosure; and we implement a risk-based approach to privacy and security that will allow us to maintain not only legal and regulatory compliance in the jurisdictions in which we operate, but also to facilitate business and innovation at AvePoint.
Commitment to accessibility for all
We understand that technology is an enabler so long as it is accessible and available to persons with varying abilities or personal preferences. AvePoint is committed to developing accessible technology as we value diverse experiences, backgrounds and perspectives among our employees, and across our customers and partners, and see them as a competitive advantage.
15
Table of Contents
PART I
Item 1
Compliance with Material Government Regulations
We are subject to many U.S. federal and state and foreign laws and regulations that involve matters central to our business, including laws and regulations that involve data privacy and data protection, intellectual property, advertising, marketing, health and safety, competition, consumer protection, taxation, anti-bribery, anti-money laundering and corruption, economic or other trade prohibitions or sanctions, environmental protection regulations, and securities law compliance. Our business may also be affected by the adoption of any new or existing laws or regulations or changes in laws or regulations that adversely affect our business. Many relevant laws and regulations are still evolving and may be interpreted, applied, created or amended in a manner that could harm our business, and new laws and regulations may be enacted, including in connection with the restriction or prohibition of certain content or business activities.
We are subject to certain U.S. federal, state, local and foreign laws and regulations regarding data privacy and the collection, storage, sharing, use, processing, disclosure and protection of personal information and other data from users, employees or business partners, including the GDPR, the California Consumer Privacy Act, and the Virginia Consumer Data Protection Act. These laws expand the rights of individuals to control how their personal data is processed, collected, used and shared, create new regulatory and operational requirements for processing personal data, increase requirements for security and confidentiality and provide for significant penalties for non-compliance. There are also a number of legislative proposals recently enacted or pending before the U.S. Congress, various state legislatures and foreign governments concerning content regulation and data protection that could affect us. These and other laws and regulations that may be enacted, or new interpretation of existing laws and regulations, may require us to modify our data processing practices and policies and to incur substantial costs in order to comply.
In addition, we are subject to the U.S. Foreign Corrupt Practices Act of 1977, as amended (the “FCPA”). The FCPA prohibits corporations and individuals from engaging in improper activities to obtain or retain business or to influence a person working in an official capacity. It prohibits, among other things, providing, directly or indirectly, anything of value to any foreign government official, or any political party or official thereof, or candidate for political influence to improperly influence such person. Similar laws exist in other countries, such as the UK, that restrict improper payments to persons in the public or private sector. Many countries have laws prohibiting these types of payments within the respective country. Historically, technology companies have been the target of FCPA and other anti-corruption investigations and penalties. We are further subject to U.S. and foreign laws and regulations that restrict our activities in certain countries and with certain persons. These include the economic sanctions regulations administered by the U.S. Treasury Department’s Office of Foreign Assets Control and the export control laws administered by the U.S. Commerce Department’s Bureau of Industry.
The foregoing description does not include an exhaustive list of the laws and regulations governing or impacting our business. See the discussion contained in the “Risk Factors” section (Part I, Item 1A of this Annual Report) for information regarding how actions by regulatory authorities or changes in legislation and regulation in the jurisdictions in which we operate may have a material adverse effect on our business.
16
Table of Contents
PART I
Item 1
Information About Our Executive Officers
| Name | Age | Position | |||
|---|---|---|---|---|---|
| Xunkai Gong | 63 | Executive Chairman and Director | |||
| Tianyi Jiang | 51 | Chief Executive Officer and Director | |||
| Brian Michael Brown | 53 | Chief Legal and Compliance Officer, Secretary, and Director | |||
| James Caci | 61 | Chief Financial Officer |
Xunkai Gong was appointed as our Executive Chairman and a director in July of 2021, and previously served as our predecessor company’s Chairman and Co-Chief Executive Officer alongside Dr. Jiang from 2008 to 2021, Chief Executive Officer from 2001 to 2008 and director from 2001 to 2021. Mr. Gong holds a master’s degree in computer engineering from the University of the Chinese Academy of Sciences, a master’s degree in computer science from Southern University and Agricultural and Mechanical College at Baton Rouge, and a bachelor’s degree in electrical and electronics engineering from Dalian University of Technology.
Tianyi Jiang was appointed as our Chief Executive Officer and a director in July of 2021, and previously served as our predecessor company’s Co-Chief Executive Officer alongside Mr. Gong from 2008 to 2021 and director from 2005 to 2021. Dr. Jiang holds a doctorate and a master’s degree in data mining from New York University, in addition to a bachelor’s degree and a master’s degree in electrical and computer engineering from Cornell University.
Brian Michael Brown was appointed as our Chief Legal and Compliance Officer, Secretary of the Board and a director in July of 2021, and previously served as our predecessor company’s General Counsel and Chief Operating Officer from 2004 to 2021 and director from 2008 to 2021. Mr. Brown holds a bachelor’s degree from the University of Michigan and a Juris Doctor from Michigan State University.
James Caci was appointed as our Chief Financial Officer in August of 2021 and previously served as our predecessor company’s Chief Financial Officer from 2010 to 2013. From April 2020 to August of 2021, Mr. Caci held the position of Chief Financial Officer at Brand Value Accelerator, LLC, an industry leading digital commerce services firm. From March 2016 to April 2020, Mr. Caci served as the Chief Financial Officer of Nicopure Labs. Mr. Caci brings more than 25 years of experience leading the strategic finance operations at both public and privately held SaaS and IT service companies. Mr. Caci holds a bachelor’s degree from Montclair State University and is a certified public accountant.
Additional information regarding our executive officers is set forth in the Proxy Statement to be filed in connection with our 2026 Annual Meeting of Stockholders within 120 days of the end of the fiscal year ended December 31, 2025.
17
Table of Contents
PART I
Item 1
Corporate Information
Our principal executive offices are located at 525 Washington Blvd, Suite 1400, Jersey City, NJ 07310, and our telephone number is (201) 793-1111. Our principal operating offices are located at Riverfront Plaza, West Tower, 901 E Byrd St, Suite 900, Richmond, VA 23219, and our telephone number for that office is (804) 372-8080. All correspondence should be directed to our principal operating offices in Richmond, Virginia.
Available Information
Our Internet address is https://www.avepoint.com/. At our Investor Relations website, https://www.avepoint.com/ir, we provide, and make available free of charge, a variety of information for investors, including, but not limited to:
| ■ | Our annual reports on Form 10-K, quarterly reports on Form 10-Q, current reports on Form 8-K, and any amendments to those reports, as soon as reasonably practicable after we electronically file that material with or furnish it to the SEC at www.sec.gov. | |
|---|---|---|
| ■ | Announcements of investor conferences, speeches, presentations, and events at which our executives discuss our products, services, competitive strategies, and other aspects of our business. | |
| ■ | Press releases on quarterly results, product and service announcements, legal developments, and national and international news. | |
| ■ | Corporate governance information including our articles of incorporation, bylaws, governance guidelines, committee charters, code of ethics and business conduct, whistleblower “open door” policy for reporting accounting and legal allegations, global corporate social responsibility initiatives, and other governance-related policies. | |
| ■ | Other news and announcements that we may post from time to time that investors might find useful or interesting, including news with respect to our business strategies, financial results, and metrics for investors. |
In addition to these channels, we use social media to communicate to the public. It is possible that the information we post on social media could be deemed to be material to investors. We encourage investors, the media, and others interested in AvePoint to review the information we post on the social media channels listed on our Investor Relations website.
The information found on our main website or our Investor Relations website is not part of this or any other report we file with, or furnish to, the SEC, for the purposes of Section 18 of the Exchange Act or otherwise subject to the liabilities of that section, nor shall it be deemed incorporated by reference in any filing under the Securities Act except as shall be expressly set forth by specific reference in such filing, and you should not consider any information contained on, or that can be accessed through, our website as part of this Annual Report or in deciding whether to purchase our common stock.