What Weave Communications, Inc. told the SEC could break it.

Weave relies on a single supplier — primarily Stripe — to enable its Weave Payments solution, and depends on sole-source hardware suppliers for its VoIP phone hardware without long-term supply agreements and with only a small amount on hand, making it vulnerable to price increases, capacity/supply-chain constraints and loss of these third parties; an interruption to Stripe or its hardware suppliers could impair its payments and phone offerings. (Stripe captured as a named supplier edge.)

“We do not have long-term supply agreements with all of our sole source hardware suppliers and we maintain only a small amount on-hand, making us vulnerable to price increases and supplier capacity and supply chain constraints.”

Weave depends on its IT systems for virtually all business operations — running its platform, internal operations, R&D, sales and customer communications — and relies on third parties for critical functions like ERP, customer support and CRM; because its platform handles sensitive healthcare patient-interaction and payment data, a security incident, data breach or third-party service failure could cause significant data loss, reputational harm, liability and remediation costs.

“We depend upon our information technology (“IT”) systems to conduct virtually all of our business operations, ranging from the operation of our platform, our internal operations and research and development activities to our marketing and sales efforts and communications with our customers”

Weave serves 30,000+ predominantly SMB healthcare practices concentrated in dental, optometry, veterinary and other medical specialties (no single customer is >5% of revenue), and ~91% of revenue is recurring subscription; this end-market concentration in small healthcare practices makes Weave sensitive to SMB economic stress, practice-consolidation and subscription churn, and its growth depends on adding new customer locations and retaining/expanding existing ones.

“No one single customer represents more than 5% of our revenue.”

Weave's VoIP phone services are subject to the STIR/SHAKEN robocall-mitigation framework (it relies on service providers to sign its Canadian voice traffic, and signing standards differ across countries), and its growing international operations (India, Philippines, Mexico, Brazil) subject it to BIS export controls, OFAC sanctions and FCPA anti-corruption laws; tariffs on imported hardware could also raise costs or disrupt supply of its phone devices.

“We have implemented STIR/SHAKEN for voice traffic originating in the U.S. and rely on our service providers to sign our voice traffic originating in Canada. However, standards to obtain STIR/SHAKEN signing authority in other countries often differ from U.S. requirements, and these differing standards may not be fully interoperable.”