Datto Holding Corp.

ladies and gentlemen thank you for standing by and welcome to the data second quarter 2021 earnings results at this time all participants are in a lesson only mode later we'll welcome back a question and answer session and instructions will follow at that time if anyone should require assistance during the conference please press star zero on your national telephone as a reminder this conference call is being recorded i would like to turn the conference over to your host mr ryan burkhardt director of investor relations please go ahead

Thank you, Operator. Good afternoon, everyone, and thank you for joining us today to review Datto's second quarter 2021 financial results. With me on the call today are Tim Weller, Chief Executive Officer, and John Abbott, Chief Financial Officer. During this call, we may make statements related to our business that would be considered forward-looking statements under federal securities laws, including projections of future operating results for our third quarter ending September 30th 2021 and full year ending December 31st, 2021. As a result of a number of factors, actual results may differ materially from those projected in such statements. These factors are set forth in the earnings release that we issued today under the section captioned forward-looking statements. And these and other important risk factors are described more fully in our reports filed with the Securities and Exchange Commission. We encourage all investors to read our SEC filings. The following statements reflect our views only as of today and should not be relied upon as representing our views as of any subsequent date. In addition, DATO undertakes no obligation to publicly update or revise any forward-looking statements made here. Additionally, non-GAAP financial measures will be discussed on this conference call. A reconciliation of these non-GAAP financial measures to the most directly comparable GAAP financial measures is available in our second quarter 2021 earnings press release which can be found on our investor relations website. A financial supplement and webcast of today's call are also available on our investor relations website. I would also like to inform you that we will be participating in several investor conferences in coming weeks, including the BMO Technology Summit, the Jefferies Software Conference, and the Citi Technology Conference. Please reach out to me if you're interested in joining our schedule. With that, I'll turn the call over to our Chief Executive Officer, Tim Weller. Tim?

Thank you, Ryan. And many thanks to everyone for joining us on this call this afternoon. We're excited to report strong Q2 results and to raise guidance again for 2021. I'll begin with a few highlights from the quarter, followed by an update on security, the central theme for us and for MSPs in 2021. Then I'll update you on progress in the cloud. And finally, I'll turn the call over to John to discuss our financial results and guidance in more detail. The second quarter was one of the strongest quarters in our history, as the momentum we've seen recently accelerated in Q2. Subscription revenue growth was 21% year over year. We continue to benefit from a currency tailwind, but even in constant currency, the year-over-year revenue growth was up 250 basis points from the Q1 equivalent number. So we're pleased with the continued acceleration. This is our highest growth rate since the start of the pandemic, and of course, now off a higher base. Once again, we saw strength across products, led in absolute magnitude by the continued rebound in our flagship BCDR product, which was great to see, and by sustained high growth rates in SAS protection and RMM. We ended the quarter with $598 million of ARR, which represents another strong sequential increase and is a key leading indicator of revenue growth. In Q2, adjusted EBITDA was $45 million, and we generated more than $22 million of free cash flow, representing our fifth consecutive quarter of positive free cash flow. In addition, we added 500 net new MSPs in the quarter, up from 300 new additions in Q1, bringing the total number of MSP partners we served to 17,800. Overall, I'm proud of the way our team executed in delivering a great quarter. now let me shift to a few industry comments it's a good time to be an msp digital transformation and cyber security are the top strategic priorities for many small and medium businesses smbs around the world driving strong demand for managed services and the outlook is bright based on our annual state of the msp survey msps expect these two trends to continue to drive revenue growth for years to come Most MSPs are reporting optimism about 2021 and the future. But the challenges are also growing for MSPs, and chief among them is an increase in cybersecurity attacks, which represent both opportunity and risk for MSPs and their clients. These days, rarely a week goes by without another high-profile security breach in the news. This environment creates opportunities for MSPs in the form of growing their revenue from being a trusted security provider for their SMB clients. And it creates risks for MSPs because they themselves are increasingly under attack, particularly if their own tools, such as RMM or internal scripts, are vulnerable to being weaponized to use against their clients in cyber attacks. And of course, if their SMBs get successfully attacked and cannot recover, then the entire MSP relationship is at risk. At a more practical level, there is a challenge for MSPs that they simply cannot keep up with the fast-moving global security threat actors and evolving attack vectors. Some visible recent events have crystallized this for the MSP industry. In the next 12 to 24 months, we'll see them rethinking their technology stacks and vendor choices. The vast majority of MSPs now provide managed security services in one form or another. That's why security has been at our core for years, and I want to revisit our three concentric wings model for security, securing data, securing our MSP partners, and helping those partners in securing their SMB clients. Ring one in the center and of highest priority is securing data. Here, our investment is high and rising continuously. Our security effort isn't new. The core of our team has been in place for years, and we work every day to infuse the principles into our culture. Strong cybersecurity involves not only people and technology, but also processes, training, and auditing that are dynamic over time. We're deeply committed to making security everyone's priority at Datto, and it's ingrained in our culture. From company-wide training to the software development process itself to pen testing to more training, security is a way of life at Datto. We believe that our well-funded, ongoing, and proactive approach to security is critical to our long-term success. Ring two is securing our MSP partners, where we offer thought leadership for MSPs in the form of content, webinars, live events, and even direct interaction with our security team. A great example of this is the partner security forum that we recently hosted, immediately following a well-publicized global ransomware attack that severely impacted MSPs. While the attack did not impact Datto or our products adversely, we held this forum to personally engage with our partners, reinforce security best practices, and share details about our own policies and practices. Over 2,000 partners attended the forum and had their questions answered by our most senior security and engineering leaders. In addition, for this specific global attack, we released an agent detection monitor designed to identify compromised devices similar to the technology we offered to MSPs in the wake of other recent attacks. This combination of partner engagement and security, both in a time of crisis and day-to-day, along with technology we create in near real-time, helps our partners become more secure and is what Ring 2 is all about. That brings us to ring three, which is about MSPs securing their SMB clients using Datto technology products and making a good margin while doing so. The new products we have on this front are the Datto RMM ransomware detection and isolation product that was launched last December and a soon-to-be-launched product based on the technology we acquired in our purchase of BitDem. And let's not forget our core continuity products, which are the backbone of any comprehensive cyber resilience strategy. I want to touch on each of these briefly. Gatto RMM ransomware detection and isolation is aimed at stopping the spread of infection by identifying and isolating hosts that have been infected. This product has proven to be very effective blocking a high volume of ransomware attacks each week and has seen incredible traction with new and existing partners since its release late last year. We are committed to ensuring our partners are well protected against malicious activity and to deliver on that promise in light of recent new threats, we decided to offer ransomware detection for all Datto RMM partners at no additional cost to the base RMM product for the next six months. We think this is the right thing to do for our partners in these challenging times, and we are confident that it will drive even stronger product adoption over the long term. With this offer, we recently surpassed a significant milestone in our ransomware detection, which is now deployed at over 1 million endpoints, doubling from the 500,000 we reported on our last earnings call. This is a testament to the growing threat of ransomware within the MSP community. I have to give a shout-out to our RMM team for listening to our partners, innovating, and delivering a product that is sorely needed in the market. In addition to ransomware detection, we continue to be on track to launch a new email and collaboration security product soon. The product is based on the BitNAMM technology we acquired earlier this year, and it is tailored for our MSP partners. We are on track with the launch plan, and it couldn't come at a better time for partners. While this product, Datto RMM, ransomware detection and isolation, and other new security products we are developing are all on the front lines of defense, our continuity solutions, including BCDR and SaaS protection, continue to play a critical role as the last lines of defense, enabling true cyber resilience. Experts increasingly recognize that a well-funded and determined attacker could breach any network eventually, and it's important to be able to respond in real time and operate your business while simultaneously remediating the security breach. This is why the explosion of ransomware is a key driver for continuity overall. Datto Continuity allows our partners and their SMB clients to operate on Datto platforms while they eradicate the threat on their primary systems. We also recover and restore applications and data for victims of cybersecurity attacks thousands of times a year. In many cases, even after the attackers have locked or erased primary production servers and the associated backup images. So with data continuity, MSPs can help their clients operate through a ransomware attack and restore their data to any point in time as if the ransomware attack never occurred. That's ring three, and we're just getting started. Look for us to develop new products and features that allow MSPs to grow by selling security with Datto, and we'll integrate these technologies into a strong security stack. Now let's talk about the cloud. Every Datto product was born in the cloud. We are cloud native, as opposed to having started life selling perpetual software licenses for on-premises operation, and then later lifting and shifting to cloud-hosted. Our cloud-native approach, being in the cloud since inception, has strong implications for our partners in terms of high security and reliability. Consider Datto RMM. It was built on best-of-breed AWS platform tools and leverages both our own and Amazon security. It's scaled quickly from nothing to millions of endpoints. It's entirely cloud-managed for an MSP who themselves might have tens of thousands of client endpoints. Datto SaaS protection is the same, operating seamlessly between a client's Microsoft 365 or Google Workspace cloud instance and the Datto cloud. Our new email and collaboration security product is also entirely cloud-based. Our Autotask PSA was born in the cloud and never deployed on-premises. And finally, our flagship continuity product. Here again, it's cloud-managed, but of course, for performance and bandwidth reasons, most partners prefer to deploy our service both locally on our high-end Intel servers and within the Datto Cloud so they can virtualize machines and recover and restore applications in more flexible ways. With the upcoming launch of Datto Continuity for Microsoft Azure, MSPs will get data security and reliability with client applications that are entirely in Azure, all with a simple user interface they know and trust. Data continuity for Microsoft Azure is just wrapping up a successful beta program and is on track to begin commercial deployment with early adopters soon, with general availability later this year. In summary, we are pleased with our first half results and the strong momentum we have across our business today. Looking ahead, we're excited about the new product launches in security and cloud planned for the second half of 2021. We remain well positioned to capitalize on the large and growing opportunity to help our MSP partners manage, protect, and connect their SMB clients, applications, and data in an increasingly digital world. Finally, I want to thank everyone on the DATO team for all of their hard work and our MSP partners for their continued support.

With that, I'll turn the call over to John. Thank you, Tim, and good afternoon, everyone. We're pleased to report strong second quarter results today. As I review our numbers today, Please note that I'll be referring to non-GAAP metrics unless otherwise specified. You can find a reconciliation of non-GAAP measures to GAAP measures in the press release that we issued this afternoon and in the supplemental financials posted on our website. Our second quarter results reflect strong momentum across our suite of products and continued acceleration of our business. Second quarter recurring subscription revenue was $141.7 million, up 21% year-over-year, which includes a benefit from foreign exchange rates of approximately 4%. Subscription revenue comprised 93% of our total revenue, which came in at $151.6 million in the quarter, representing 22% year-over-year growth. exceeding the high end of our previous guidance. ARR at June 30th was $597.9 million, up 18% from $506.8 million a year ago, and increased over $25 million sequentially, maintaining the very strong increase we saw in Q1. We ended the second quarter with more than 17,800 MSP partners, a net increase of 500 in the quarter, up from net adds of 300 in Q1. We're now adding net new partners at a pace similar to pre-pandemic levels. We also grew the number of MSPs contributing over $100,000 in ARR to more than 1,250, up from 1,000 a year ago. Our sell-through model continues to drive strong growth within our installed base of partners as they roll out Datto solutions to more SMBs. Those SMBs consume more data or seats, and they both adopt more Datto products. Our second quarter gross margin of 74% was in line with the robust margin we saw in Q2 2020. Second quarter operating expenses were $75.4 million, a 26% increase from Q2 last year, as we continue to invest with a focus on security and cloud to drive revenue growth. The vast majority of the increase in operating expenses was driven by personnel costs. On a constant currency basis, OPEX increased 23%. Within OpEx, R&D expenses were $20.3 million, an increase of 38% in Q2 2020, which underscores our continued investment in technology development and security. G&A expenses were $22.8 million, an increase of 27% over Q2 last year, primarily driven by increased expenses associated with being a public company. Sales and marketing expenses were $30.3 million, an increase of 23% from Q2 2020. And finally, depreciation expense within operating expenses was $2 million compared to $2.5 million in Q2 last year. operating income for the second quarter was $37 million, or 24% of revenue, compared to $32.4 million, or 26% of revenue, in Q2 2020. Adjusted EBITDA for the quarter, which excludes stock-based compensation, restructuring costs, and transaction-related and other expenses, was $44.9 million compared to $38.9 million in Q2 2020. Our adjusted EBITDA margins were 30%, a slight decline from 31% in Q2 last year. As we discussed on recent earnings calls, we're investing in security in cloud to drive revenue growth. And as commercial activity returns to pre-pandemic levels, we expect adjusted EBITDA margins will decline to levels in the low to mid 20% range. Pre-cash flow in the quarter was $22.2 million compared to $17.2 million in Q2 2020. and we ended the quarter with approximately $180 million in cash. Turning to guidance for the third quarter in full year, the increase in our 2021 revenue guidance reflects our positive outlook for the continued acceleration of the business, and our EBITDA guidance includes the impact of incremental investments in the important areas of security and cloud, on top of significant ongoing investments in our core products. to drive long-term revenue growth. For the third quarter of 2021, revenue is expected to be in the range of $153 to $155 million. Adjusted EBITDA is expected to be in the range of $32 to $33 million. Our Q3 revenue guidance represents year-over-year growth of 18% at the midpoint, including a 2% FX tailwind. For the full year 2021, we're raising our revenue guidance to a range of $608 to $612 million. We're also raising our adjusted EBITDA guidance to a range of $151 to $154 million. Our full year revenue guidance represents year-over-year growth of approximately 17.5% at the midpoint, including a 2.5% FX tailwind. This is up meaningfully from our prior guidance for full year growth of 15%, which included a 2% FX tailwind. We expect subscription revenue to account for over 93% of total revenue in 2021, and for the subscription revenue growth rate to continue to increase through the end of the year on a constant currency basis. We expect capital expenditures to be in the high single-digit percentage range of revenue. As a reminder, for non-GAAP income taxes, we use an effective tax rate of 25%. And for calculating EPS, we estimate approximately 169 million fully diluted shares for Q3 and 167 million fully diluted shares for the full year. In closing, we believe our Q2 results and 2021 guidance reflect the ongoing re-acceleration of the business. We're very excited about our momentum going into the rest of the year and look forward to reporting on our progress in the quarters to come. With that, we'll open up the call for questions. Operator?

Thank you, ladies and gentlemen. If you have a question at this time, please press part in the number one on your touchdown telephone. We also ask that you limit yourself to one question on a follow-up. And if your question has been answered or you wish to remove yourself from the queue, please press the county. Your first question comes from Delilah Saket-Kalyan from Barclays. Your line is open.

Okay, great. Hey, guys, thanks for taking my questions here. Kim, maybe first for you, you know, I was wondering if you could talk a little bit about the competitive environment, especially for other service providers to the MSP industry. And I think you alluded to this, in your prepared remarks, but maybe just to ask the question directly, you know, a couple headlines on attacks, you know, using sort of competitor sort of tools for MSPs.

The question is, how do you feel about the competitive landscape, you know, if it is changing at all in sort of this MSP-focused space?

Does that make sense? Yeah, but hey, Zach, it does. Let me try to address that in general, and then I'll talk about the specific piece of your security question, too. So I would say, in general, the competitive landscape has not changed that much in recent quarters. Industry, obviously, MSP is doing really well, so I'm sure... Other vendors are having some success. In each of our product categories, we have a few day-to-day competitors, and they're often different by category or even geographic region. We win against MSP-focused vendors on strength of technology, selling a broad platform of solutions, and we focus on reliability, performance, security, and, of course, everything we do is born in the cloud. So that's kind of how we play it against the MSP-focused vendors. Obviously, their competitors are not MSP-focused companies, but have an MSP channel effort. And there we, of course, win by tailoring our solutions to MSPs, leveraging those deep and long relationships with our partners. So, you know, we're all in on the channel, and we have been for a decade, you know, within the channel. And in terms of some of the headlines, security attacks you mentioned. You know, I would say short-term, absolutely a positive for us. You know, we have won over some of those, for example, RMM partners who are looking for an alternative. Our focus, as you might imagine, is always on helping MSPs overall. You know, we had a long weekend, one weekend this summer, trying to help people get back on their feet. And, you know, we're never trying to attack a competitor who had a negative event. But obviously we compete in the marketplace, and I'd be wrong if I didn't tell you it was a short-term positive. Longer term, I think the main impact of, you know, not only the recent headline attack, but just previous visible events, These make the MSP community much more deeply aware of the global threat to their clients and their own businesses, which triggers very serious security conversations from RMM to continuity, everything in between. And we feel well-prepared to have those conversations. Talked about that series of webinars and all the one-on-one contact we have today. You know, it also makes MSPs evaluate candidly their entire tech stack, and they are asking vendors now tough questions about internal security practices. We think going forward they will be moving as an industry of security-first mindset. And, again, we welcome those conversations. We've been making the investments here for years, and we'll continue to invest ever more. It's exciting. You know, as a citizen, maybe frustrating as a, as a security company, it's a, it's just table stakes. You know, I think practically for any tech company would tell you the same thing. Yeah, absolutely. That's well said, John, maybe, maybe from my follow up for you, um, great to see the ARR acceleration, uh, and, and you touched on this a little bit in the prepared remarks around FX and the contribution to revenue growth. But I was wondering if you could talk about FX from an ARR perspective. And what, if any, that is contributing to the ARR growth that we're seeing?

Sure. Thanks, Akit. The FX does have some impact on ARR. You may remember that we adjust the FX in ARR once each year at the beginning of the year. And this year it added $3.6 million to the ARR in Q1. So then if you look at it another way, and I think you may be looking at growth rates, year-over-year growth rates, the reported growth rate of 18% on a constant currency basis would be 17%, about a 1 percentage point, under 1% really, impact on the year-over-year growth. Got it. That's really helpful. I'll get back in queue. Thanks, guys. Great. Thanks.

Thank you. Next up, we have Sanjit Singh from Morgan Stanley. Your line is open, sir.

Sanjit Singh Yeah, thank you for taking the question, and congrats to the team. It really looks like we're on the way back to 20% growth, which is great to see, and definitely earlier than we were expecting. So congrats all around. I want to just follow up on Zach's question on the security topic. So of the sort of big four MSPs, we have two of them that have suffered meaningful security incidents that have disrupted their customers. So, Tim, I know you sort of addressed this a little bit on your script in the previous answer, but if you can sort of pinpoint, you know, from the MSP community side, how you're sort of giving them confidence. You mentioned about them sort of reevaluating their technology stack over the next 12 to 18 months. From a security angle, what is sort of the, you know, one, two, three bullet point of why they should be gravitating towards Dotto versus some of the other players in the game?

Yeah, thanks, Anjit. I think, you know, certainly from a comfort perspective, you do everything from, you know, the webinars we walk through for an hour with people, you know, here's how our supply chain, you know, works. Here's what we do in QA. Here's what we do in continuous, you know, release processes. You know, we answer questions. Surveys, I've seen MSV shooting over lists of 15 questions they want every vendor to answer completely. I did one of those myself that weekend late on a Friday night. I didn't know I was going to get grilled by the guy. But to give you a sense, I spent 30 minutes with a partner I've talked to probably twice in my life, and he was really coming at me, you know, we're going to ask every vendor these tough questions. And He seemed satisfied. I got an email from the salesperson afterward and said, the guy wants to look at our entire stack. I wasn't selling him anything. So it's very clear they're rethinking and pressing, you know, our CISOs on calls, all of our senior, you know, reports into him are on call. So I think every vendor, you know, in the world, not just MSPs, is probably feeling that kind of a thing. You know, you had a question about, you know, I think kind of how we have approached it. Look, we haven't said we'll be everything to everybody. We're going to build what we believe will be a fairly full stack, but there will be, you know, a layered approach. Security experts will tell anybody to use a layered approach. We start off by recommending basic antivirus or endpoint protection and you know, there's a bunch of good ones there. Those tend to work to prevent intrusion, infection by malware, you know, with signature-based approaches. So our approach within RMM, for example, is complementary. We're watching the actual machine system activity to find and isolate malware that has slipped past an AV or EDR. And, you know, when we stop it, and we have many of those saves every week now, it means other protection has slipped and, you know, the malware would have gone on to do its work and damage and uh we go beyond individual endpoints we look across multiple endpoints the msp gets an entire universe of endpoint view which helps them manage ransomware attacks which you know increasingly are orchestrated across systems so um you know all controlled and data by the cloud then we're about to take it up a notch with a pending launch of our email and collaboration security within our data SaaS protection, the technology we bought from BitDam earlier in the year. And we're going to bring malware, ransomware now to the Microsoft 365 environment, including email teams and so on. And that has to be the largest security attack factor when you're thinking about SMBs. So that's going to be very shortly now a meaningful leap in our security coverage. And you know, I think broadly covered now across end users and line of business apps. And then finally, you know, continuity is the last line of defense. And whether it's BCDR, SaaS protection, cloud continuity, you know, we view that as kind of core to cyber resilience and, you know, absolutely thousands of times a year, recovering, restoring applications and data. And that mix shift of why you're restoring has surely shifted towards a towards ransomware and then even live attacks. We see live attackers attacking production servers, destroying backup images, and we're able to restore for our partners, you know, back to points in time as if those attacks never occurred. So, you know, we desire and are already playing up and down the full security stack. We're filling in the holes and we, you know, we'll continue to do so. Does that help characterize it?

That was an excellent job, Tim. I really appreciate it. As a follow-up question, sort of dovetail on your answer there. You reiterated the timeline for the security launches and for data continuity on Azure, which is also really encouraging. From the sort of go-to-market MSP enablement side, can you give us a sense of when these services come out of preview and beta mode? Any sense of like in terms of your important MSP partners, How ready are they to go to market with these offerings once you get into GA mode?

Yeah, it's a good question. I think on the kind of Microsoft 365 environment, email teams, et cetera, you have to assume every MSB and virtually every SMB is there in some way, shape, or form. So that's an attach. That's trying to take your SaaS protection clients and say, hey, do you want world-class email protection? Do you want teams protected? Do you want to stop malware or ransomware inside there? So that's going to be more of an attached sale with existing partners. But at the same time, we think it's a headline bundle now to the degree we were losing to other competitors who might have had a bundle there. But that one's a little more straightforward. I think the Azure one... is one where you don't want to go into the marketplace and teach every MSP Azure. So your initial target set there is MSPs that are familiar with Azure and wanting something that we're now about to deliver. We are confident it's going to be very unique, as I described, in terms of technology and product feature set for them. And the beta has really been about getting that uniqueness out And, you know, at the same time, there's a defensive nature to that because if somebody's going to leave on-premises and go to Azure, you know, up until this day, we wouldn't have had an offering. But, you know, we think there's a big universe of MSPs out there that are already using Azure and not happy with their current either primary backup solution or even in the rare case with whatever they're doing on continuity. um that's a more ready-made market it'll be a little you know the first quarter will be a little more hand-to-hand combat and trying to feel our way into the market but the beta response has been fantastic i'll check you here i'll see before thank you very much yep thank you your next question comes from the line of jason aider from william blair your line is open sir yeah thank you um hey guys uh i wanted to follow up on the last question and actually ask him

What steps has Datto taken to ensure that your code is not hijacked by criminals in a way that some of your competitors have seen, where the malicious code is injected and then the RMM goes out and then all of a sudden they can get into your customers' networks?

Yeah, I'll give you sort of CEO-level knowledge of it. We could go to the CTO, the CISO, or right down to the security engineer level in subsequent conversations. It's something we didn't just think of over the July 4th weekend. I'll tell you that up front. We've been thinking about supply chain. software, hardware, or otherwise now for several years. It is a vexing problem for everybody. We start culturally and build it in from the beginning. There's no engineer at Datto that doesn't think about security. They know it's their own responsibilities. It's not the CISO and security team's responsibility on the back end. It's a bit like internal controls in a financial world. You want to build it in to the code, into the steps. We run all the tools you would probably imagine that do code reviews. We have internal cyber attack teams that really take the gloves off and are allowed to sort of poke at everything from how we build code to even social engineering. People give up passwords that are in key spots in the supply chain. And, you know, I think when you think about that cloud from inception comment, that also drives right to the heart of it. You know, you can't take Datto RMM and sit around in your shop and look at it. It's not on your servers, right? It is in the cloud, in this case, Amazon's cloud. So that also sort of gives you another line of defense, right? And you see the world trying to move forward. to kind of cloud-based, you know, really platform-as-a-service types of offerings. So there's a dozen things. We'll walk through some of those on our call with MSPs. But, you know, as I've always said in security, we'll tell you as much as we can, but we're not going to tell you all the details, and we're not going to translate it into Russian, Chinese, and and other language where a lot of these attackers live. So there's some balancing act there. But just know we didn't just start this. This is a multi-year journey we've been on, and you're never done. You're never done.

Okay, great. And then a follow-up for John. John, the Qtree guide implies a pretty big jump in OpEx. We're modeling something around $12 million sequential expansion in OpEx. I know you said you gave some reasons why your OPEX will be higher, but that seems like pretty extreme. Can you walk us through where that might be coming from?

Sure. And we recognize it reflects a pretty big increase. It's consistent with what we've been saying. It's really the ramp in investments predominantly in people, personnel, and predominantly in support of security and cloud initiatives and new product initiatives along those lines. And that, you know, that hiring has been ramping throughout the year. And, you know, the other component is an expectation of increased travel, you know, in-person events, you know, that come with an opening up of the economy and, you know, move away from sort of the pandemic shutdown. We don't have a crystal ball on that. So some of that is sort of our guess as good as anybody's. We are seeing some increase in those areas. You can tell even from our results in Q2, they haven't been increasing quite as quickly as we had thought, but as we thought they might. Those are really the drivers. There's nothing new there, and it's consistent with, you know, the overall time.

So there could be a little bit of upside if we go back into some kind of semi-lockdown.

Yeah, that's right.

All right. Thank you, guys.

Absolutely.

Thanks, Jason.

Thank you. And your next question comes from the line of Matt Hedberg from RBC Capital Markets. Your line is open, sir.

Yeah, thank you. This is Matt Swanson on for Matt. Tim, the MSP ads were really strong in the quarter. Could you talk a little bit more about kind of dynamics that made that up? Are we seeing less churn or more ads as things are starting to normalize? And to the extent that churn is improving, can you just talk a little bit about kind of the health of the MSPs, customer base, those SMBs, how that economy is looking from your conversations?

Yeah, hey, Matt. And John may have a numeric comment or two, but we've said in the last few calls that even all the way through 2020, we had real solid gross ads. So gross ads are still very solid. It is true that the churn side of MSVs probably from the beginning of the year has dropped and you see it kind of continuing now to drop. So we've known the gross was under there. We just have to uncover it, get to the other side of pandemic and reopening. We think there's still some room. We don't think we're 100% out of that. You get this Delta variant, depends on you know, which country you're talking about in terms of are we getting closer or not as close to normal. And I think that applies to the SMB churn side as well, right? There's still active debate about, you know, stimulus money and is it drying up. And we broadly believe MSPs have told us last year was about stabilizing their business, and this year they're back on growth. And, you know, I think overall that the industry environment is meaningfully better than it was even six months ago. But, you know, nobody's going to tell you that their SMB basis is, you know, completely back to normal health again. So we still think there's acceleration and reopening in the future just from underlying economic issues in most places. Yeah. So that's probably as much as I would know. John, I don't know if you have a specific numbers you've given you want to add to that, but it's strong growth stats throughout the last two years and just less churn now.

Yeah, no, I think that kind of makes sense.

Yeah, that's super helpful. And if I could kind of follow up on the security theme of Q&A here, but more on a product side, when you think about your roadmap, I guess two questions. One would be how partner influenced are the areas that you're moving into in terms of the conversations you're having with MSPs and their pain points? And then I guess the other side of that would be that you mentioned bringing out more products. Is there any cadence that you'd be comfortable kind of sharing like what your goals would be? Is it, you know, product a year, two products a year, kind of how you think about building out the stack?

Yeah, let me go backwards on those. Cadence-wise, I would say no. I mean, we've gone from having continuity, and we've always had, as I said, some security built into the rest of the tool set, but RMM has sort of swung to the forefront over the last 18 months or so with endpoints. You know, we got out there starting, you know, Q4 last year with our ransomware detection and isolation. We've got the big damn technology coming now. So there's a big focus, I think, you know, for everybody on endpoints. Obviously, across endpoints is where our mem starts come to play. There's still a few holes. You know, if you got out your... you know, your guide on the enterprise side and looked at your 8 or 10 kind of key things in the stack. We want to fill a couple of those in. I don't know that we would build all of them. For example, I don't know if we ever discussed building antivirus. There's some great antivirus and endpoint solutions out there. We'd probably just let people pick their favorite. But, you know, I don't want to tip our hand. We've got two or three other things in development in terms of product areas and security that we think will be perfect for MSPs and get us much closer to that full coverage. in terms of what they're trying to do. We do engage them for sure. All summer, we've had people testing on our email security, for example, a lot of live data. And we're going to get a lot more live data now, of course, from the ransomware detection, being over a million endpoints. We tend to focus on ease of use, on cost points, you know, where does the MSP need the cost points so they can get margin, and then on helping them market. So you don't have a situation with, you know, almost 18,000 partners. Not so many of them have CISOs. Not so many of them are security experts. And so a lot of what we're doing is bringing expertise to them, help them translate that. You know, how can you get the doctor's office that your client – you know, that's your client, how do you get them thinking about paying you $20 a month for security? It's such a low number, you know, to protect all those endpoints in any business that's got real revenue. And so we've got to move out of that $1, $2 a month antivirus mentality to $10, $20 a month to protect your individual users. And I think that's probably where we spend the most time with MSPs and helping, again, tailor those solutions. And then, of course, integrating to our product sets. We want them to be easy to use.

That's super helpful. Thank you guys so much for the time. You're welcome.

Thank you. And your next question comes from the line of Kirk Meacham from Evercore ISI. Your line is open.

Yeah, thanks very much. Kim, maybe just to follow up on your last comment on the S2 sort of environment out there, are they reinvesting and going after new clients at this point in time, or is a lot of the growth coming to them from just expansion of their existing customers. I assume it's a bit of both, but I was wondering if there's maybe heading on one side or the other.

Yeah, I think the answer is not particularly helpful. I would say it depends, right? I had a couple MSP calls today just by coincidence. And the one guy is about to merge with another person. He's a few million bucks. He's got his sights out on 100 million. He absolutely wants to blitz the country and thinks he's got his stack in order. And he wants to go take out every MSP he can get, which is fantastic for us because it's a good, strong data partnership. And In other cases, you had people that served restaurants and spent last year trying to get back on their feet and are now just starting to think about the penetration. So we do a fair amount on marketing, our business development, all those events, our conferences are all around marketing. both dimensions. I think it's easier for them in general to go find new clients because going back to the existing client and saying, gee, can you pay me 20% more, 40% more? What's that conversation look like? That's a little tougher. I would say MSPs in general start on the tech side of the world, not the sales side of the world. But again, you've got all flavors and all varieties. And You know, we're trying to support them in both. I do think security will be another real stair step up, right? Maybe last year they were putting in Zoom or something. You know, remote work caused the clients to have to pay some more money. But, you know, this year we think security really is the headline for them. And we're encouraging them. You've got to go ask for more money. You've got to get paid for your time if you're going to be the security expert for your client.

That's helpful. And then maybe one other question. Obviously, a nice jump in the number of customers paying you over $100,000. I was just kind of curious on the net new lands, though, is your landing size going up at all these days given the breadth of your product? And you mentioned a couple customers talking about sort of moving over the whole stack. So I was just kind of curious if your landing sort of ARPU is going up as well or ARPC is going up as well.

I wouldn't think so. John, do you have some data on that? I mean, we still tend to land with one product.

Yeah, I mean, a couple of thoughts there. First, it's just a reminder that new partners do tend to come on at a smaller ARR per MSP, start with one product and then grow, maybe even start with one instance of one product when it's in the installation phase. and then grow. That being said, to your point, with more products on the truck today than we had three or four years ago, we are bringing in new MSP partners with different first products than just BCDR. But I would say that the MRR, ARR for those new MSPs that we're adding has held up very nicely. even today and remains strong relative to what it's been historically.

Super. Thanks, guys. Congrats on the quarter. Thanks. Thanks, Kurt.

Thank you. And your next question comes from the line of Fred Havenmeyer from Aquarium. Your line is open, sir.

Hey, thank you, and congratulations on a strong quarter here. You know, a high-level question here around just what you're seeing from both MSPs and some of the small businesses that they're serving. Do you see that out there small businesses are sophisticated enough in their approach to cybersecurity that they recognize business continuity solutions are needed to hedge against widespread outages from ransomware? Or is this something that you're seeing on the security side of the business that's more kind of MSP-led in this case, with MSPs really guiding you know, the small businesses about best practices for cybersecurity.

it's um it's almost surely at this stage mostly msp led you know as one of my partners famously said um you've either had an attack or you've not had an attack if you've had an attack you'll pay tens of thousands of dollars to prevent the next one if you haven't what's the big deal why am i paying for this now you know it's it's uh it's insurance of up by any other by any other nature in any domain right and so msps are the ones that are leading this now. And, you know, it's interesting. We've always had some MSPs, some that have sort of said to clients, I won't take you on if you don't use data continuity, because I know at some point you'll have some problem, whatever it is, hurricane, wildfire, or cyber attack. It I won't be able to restore your environment. And if I don't do that, you're going to fire me as an MSP. So that was required. And they might have some other vendors in other areas that are required. And I think that's where it's going. I think MSPs are going to have to define their stack and just tell the law firm, the car dealership, whoever they're working for, this is our stack. I can't protect you if you don't let me put the security stack in. Here's the price. Otherwise, I can't be your MSP, right? That is fundamentally at the core what an MSP is doing, securing the digital assets, applications, data of their clients. And then we can talk about your website and other fun stuff you want to get into, but I have to start off. just like a CIO in an enterprise, protection first. So we'll see how that evolves. But again, if an SMB or a neighbor has had an attack, of course, they're going to say, I want the best security stack you can get. But really, it's the MSP driving and knowing they're exposed on that entire revenue stream if they have a breach. Those were the tough calls in the recent event. The MSP themselves has a tough call to the vendor, but calling your grocery store client and telling them they've had ransomware and you don't know how to unlock it, you know, that's just imagine making that call. Not good. That makes a lot of sense, too, with many of these cybersecurity policies becoming more selective and also just pricier across the board.

You know, separately, on a similar topic about some of the small business side trends, so we've all been hearing about the impacts of tighter labor markets for skilled IT personnel. Are you hearing anything or seeing anything that may suggest that small businesses are increasingly looking at MSPs as a force multiplier in this competitive labor market?

Um, not anything different than has been going on for a long time. You know, it's hard enough for SMBs to get IT expertise. MSBs struggle to get IT expertise, which is why we tell them to lean on us in so many of these areas and, you know, why the webinars and other kinds of events we do are well attended. So I can't imagine it's anything different than you're seeing in the broad economy. You can read the headlines every day. It's a war for talent and

i gotta believe smbs are are facing that even more acutely on the tech side thank you and again congratulations recorder all right next next up we have another question from koji ikeda from bank of america your line is open hey guys hey tim hey john thanks for taking my questions uh just a couple from me um maybe a question for john on the fx know i was jotting down pretty quickly here i want to make sure i got it down right i guess could you remind us you know where is that fx tailwind coming from and then on the guidance um i wrote down it's a two and a half percent tailwind now and and before was two percent is that right and i guess you know last question that affects is does fx affect either at all or you know your operating expenses and how it goes down either uh yeah let me let me

through those. The APEX exposure for us really comes from four predominant currencies, British pounds, Canadian dollars, Euros, and Australian dollars. Then your last question was, does it affect expenses? It does affect expenses. I'll give you an example. We said APEX was up 26% year over year on a constant currency basis, those OPEX numbers are up 23% year-over-year. So that gives you a sense. And Q2 gives you a sense. Got it. Got it. Got it. Okay, cool.

Thanks, Josh.

Thanks for that. Yeah, the tailwind is Q3 and full-year guidance. Oh, yeah, yeah. Yeah, please. Yeah, the Q3 guidance reflects a 2%. FX tailwind in full year is 2.5%, which obviously points to lower impact in the second half of the year than we had here in the first and second quarters. And just as a reminder, the last guidance we gave for the full year was 2% FX tailwind, so just a little bit higher given what we saw here in the first and second quarters.

Got it. Thanks, John. And maybe a question for Tim, you know, switching gears here to DattoCon. You know, saw that in the press release you guys are planning on holding an in-person or a hybrid DattoCon in October. You know, I guess any sort of commentary there on the scale, you know, how you're planning on the scale, the size of the event versus the last one you held, I think it was in 2019. Maybe any color on, you know, the initial traction at this point, in time versus past datacons at this time and point and and how should we be thinking about you know new msb pipeline builds uh coming out of the datacon thank you

yeah so look i mean i have the same crystal ball you have watching watching you know everything from local government numbers in washington and seattle where it's scheduled to uh you know large gathering delta variants other variants vaccine rates so we're watching all the data like we were last year last year we made decision and it was clearly the right decision hindsight to cancel the event This year, we've said it'll be a hybrid event, and I think, you know, the MSPs will decide, you know, how many people decide they want to come in person, if that's possible. Clearly, health and safety predominate, and if it's not possible, we won't do it. We're not going to put employees, MSPs, other vendor partners. It's a large open ecosystem conference. So I would think a betting person would assume it's meaningfully smaller than a full-size event in terms of in-person. But one thing that's happened and gone very well for us in the pandemic is we've had some phenomenal 1,000, 2,000-plus person events, many of those actually. And so we know how to run large events. you know virtual events at scale as as well so we feel pretty pretty well hedged and you know we've got plan a plan b on on all those things um you know i wouldn't say that it's uh it's a transactional conference so i wouldn't uh you know a datacon happens or not is not going to be a big driver of that month or that quarter's numbers we uh we play the long game we focus on relationships you know education there might be as many non-daddle partners as data partners at a show there might be people that come and have no interest in Datto, and we're okay with all of that, right? We just, we're on the high road in thought leadership, and the conference really drives that, and I always likened it to kind of an RSA security conference. So, you know, I think John gave some commentary on the OPEX with Jason's question, and, you know, it's a meaningful cost. So if it doesn't happen as much in person, you buy fewer sandwiches and beers for people. So it's really a near-term cost, but a long-term driver of adoption and thought leadership.

Got it, got it. Thanks, Tim. Thanks, John, for taking my questions. Appreciate it. You're welcome, Kofi.

Thank you. And your next question comes from the line of Greg Moskowitz from Mizuho. Your line is open.

Okay, thank you, and good afternoon, guys. I'll be quick just in the interest of time. The free ransomware detection promotion for RMM partners, when did it actually begin?

It began right after the most recent event, so I want to say mid-July, just the last few weeks. We were coming up on 600,000 endpoints end of June, so we might have had a little more momentum for the next couple of weeks, and then big jump, obviously, one-time jump with the free, but we think it'll continue to have increased adoption through the end of the year. and then we're happy about that. And obviously on new deals, then it helps yourself, helps velocity. We will start charging for it again in Q1. And, you know, again, we've seen higher velocity and higher ASP when we've bundled it on the large field in any case. So we think it's a win-win, and it was just an opportunistic move.

Yeah, I agree. It seems like a Like a very smart move, and I was wondering, and I realize it's very early, but if there are any data yet that indicate greater take rates or greater adoption of RMM since this promotion began, or if you have that expectation of that occurring over the balance of those six months.

yeah it's it's hard to sift out the variables i mean we had you know a great strength in rmm in july but you know you're coming off of you know one one competitor event you're coming off of a lot of people you know in the msb space going what's my stack what's my rmm you've got our free promotion we didn't we didn't really sort of do it to try to use the rmm numbers so you know we've got in best case we've got a few weeks of data it'd be hard to hard to sift that out but it's definitely a product with a tailwind and you know building on the pandemic

I mean, the other thing I would say is when we first launched it, right back in December, we had a promotional period at that point. And I think we saw during that promotional period that it was helpful to, you know, the sales of RMM, whether it's selling more RMM, you know, holding a stronger average selling price for RMM. You know, so it's been helpful in a number of months. And then once we started charging for it, actually, you know, delivering a little revenue on its own.

All right, perfect. And then, John, I know NRR is a lagging indicator, but do you have a view of when that's likely to pick back up?

Well, we, I think, last reported that It ended 2020, and it was 111%. And at that point, we, I think, highlighted that it was likely bottoming out in Q4, Q1, and it did, in fact, bottom out in Q4 and has been moving back up ever since towards historical levels. All right. Excited to see it moving and expect it will continue.

All right. Terrific. Good to hear. Thank you. Yeah.

Thank you. Our next question comes from the line of Brent Hill from Jefferies. Your line is open, sir.

Hey, guys. Jeff Joe on for Brent. Really appreciate the question. John, how should we think about seasonality of ARR ads going forward? If I'm doing my constant currency math correct, I think there was a slight tick down in ARR at it in 2Q versus 1Q. And I'm aware 1Q is a record quarter. I just want to figure out how to model going forward.

Yeah, no, it's a good question. No real seasonality in ARR. I don't think there's, I mean, it's hard to say during the pandemic, right? Historically, we might have said there was a little bit of, you know, within a quarter each month, it got a little higher and maybe over the course of the year, it got a little higher. But I think with the pandemic, that's kind of gone out the window. So I wouldn't suggest there's any real seasonality. You're right. Q1 was really an exceptionally strong quarter. You know, adding 26 million, you know, FX adjusted and we feel like we essentially matched that, you know, remarkable level here in Q2, you know, more than triple what we did last year. I mentioned that the year-over-year growth rate of 18% or 17% FX adjusted. And looking forward, we've obviously got into a higher revenue range in Q3 and for the full year. ARR is obviously a leading indicator of revenue. And as I said on the call, we feel good about continued acceleration. And as you probably heard me say before, the growth and increase in that ARR Delta quarter over quarter is not going to be linear. There'll be some ups and downs like you're seeing now, but we feel good about the long-term increase in that number.

Okay, that's helpful. And then, Tim, maybe stepping away from the numbers, anything that surprised you in the quarter or anything you want to emphasize that we might not be able to see from our vantage point outside the business?

It's funny. We do our Q&A prep yesterday, and that came up. And it's really, you know, even the board last week commented, just a pretty good quarter, you know, broadly, all regions, all products. So there's always something you want to do a little better. But, you know, we're a little bit of a reflection of the industry, too, given our, you know, meaningfully large, you know, position as a leader. So, I think it speaks as well for the industry, but the team worked hard, and the engine's firing on all cylinders at the moment. So I don't think there's much to pick on in there. Environment's good. Awesome. Sounds good. Thanks, guys.

Thank you. Our next question comes from the line of Edward Maggie from Baringburg. Your line is open, sir.

Hey, guys. Thanks for taking my question, and congrats on an excellent quarter. You noted that you doubled the number of endpoints enabled with RMM ransomware detection to over 1 million, which is a great milestone. Are you able to share a little more info into where this is in terms of the adoption cycle within the RMM customer base?

We haven't talked about the total. It's one of those things that I think has a lot more to do with MSPs being busy, though, than wanting the technology. Maybe by the end of the year, we've got this free bundle going now. I might get more of a level. But I described in one of my answers, I think it was for Sanjay's question, security experts recommend a layered approach. That doesn't mean you run out and put 12 layers on every endpoint. So I think a lot of this is just MSPs getting comfortable and recommending to a friend. And, you know, we've removed price as a barrier, so now it's just what do they have on their mind. Especially in security, you can imagine they're looking at many elements of a stack. But we haven't given an overall RMM endpoint number that I'm aware of to date.

Great, great. Thanks for that. And pivoting away from the security talk and conducting our groundwork, we've heard that the large public cloud companies in offering their competitive point solutions have in some cases been looking to directly cut out the MSP of their channel chain. It just matches what you guys have heard from the channel. How is this challenging you guys? And can we talk about how this plays into your overall strategic focus of maintaining an MSP focused go to market strategy?

Yeah, I'll take a stab at that. The only large public cloud company that's meaningfully relevant in the MSP space today is Microsoft, and I've got 30 years of history with them, and they're absolutely a channel company and have always created incredible room for the channel. Somebody actually flashed me something yesterday on an Instagram post that said they have 400,000 channel partners. I don't know if that's true or not, but it could be. That's how they think about it. Azure is where MSPs are looking in general to take their Windows servers if they're going to move to infrastructure as a service. Many MSPs run their own data centers, so there's certainly some what I might call private cloud, whether it's at Rackspace, Equinix, or even in the basement of the MSP's office. or they're running Windows servers there. But they tend to not, like enterprise, they tend to not be sort of as focused on Google or AWS, just given their scale. Microsoft's made it very easy, very turnkey, and we are very focused there. So, you know, you'll see our relationship with Microsoft is strong, and we view that in the same way they do, helping to build SMB base there. within Azure, and I think you'll see us working quite closely together. So no, the opposite of a challenge for MSPs. I think they're embracing the MSP channel and will continue to do so.

Great. Thanks for that. Nothing further. Thank you.

Thank you. And I'm showing no further questions at this time. I would now like to turn the conference back to our CEO, Mr. Tim Waller, for closing remarks.

Well, thank you. I just thank everybody for joining. Sorry we ran a few minutes over. I've been told the question queue is empty now, and we always try to get them all done. So it was a terrific quarter, and we look forward to seeing you all on the next call. Thanks for the interest in Datto, and have a good rest of summer. Take care.

Thank you, ladies and gentlemen. That concludes today's conference call. Thank you all for joining. Kimono Abusaku.