In case you missed it:

• Trade Desk Earnings Review

• Shopify & Mercado Libre Earnings Reviews

• Uber Earnings Review

• AMD & Datadog Earnings Reviews

• Lemonade Earnings Review

• Palantir & Hims Earnings Reviews

• SoFi Earnings Review

• PayPal Earnings Review

• Meta, Robinhood & Starbucks Earnings Reviews

• Amazon & Microsoft Earnings Reviews

• Alphabet Earnings Review

• Tesla Earnings Review

• Chipotle Earnings Review

• ServiceNow Earnings Review

• Netflix & Taiwan Semi Earnings Reviews

• My current portfolio & performance vs. the S&P 500

Table of Contents

• 1. Cloudflare (NET) – Earnings Review

  • a. Cloudflare 101

  • b. Key Points

  • c. Demand

  • d. Profits & Margins

  • e. Balance Sheet

  • f. Guidance & Valuation

  • g. Call & Release

  • h. Take

• 2. On Running (ONON) – Earnings Review

  • a. Key Points

  • b. Demand

  • c. Profits & Margins

  • d. Balance Sheet

  • e. Guidance & Valuation

  • f. Call & Release

  • g. Take

• 3. Nu Holdings (NU) – Earnings Review

  • a. Key Points

  • b. Demand

  • c. Profits & Margins

  • d. Balance Sheet

  • e. Valuation

  • f. Call & Release

  • g. Take

1. Cloudflare (NET) – Earnings Review

a. Cloudflare 101

Basic Niche:

Cloudflare makes the internet fast and secure. They have a massive global Content Delivery Network (CDN) to move traffic closer to the end user, which cuts web latency. They actively assist clients in optimizing traffic, speed and consistency as well. NET doesn’t sell physical firewall hardware, but instead a virtual, cloud-native “Magic Firewall” to supplant these hardware needs. It offers web application firewalls for app-level security and Magic Firewall is for network-level security. Magic WAN is Magic Firewall’s partner in crime; it connects networks while Magic Firewall protects them.

Workers Platform & AI Tools:

Workers Platform is its server-less (so fully managed by Cloudflare) product suite for millions of developers to build, maintain, secure and deploy applications. This enables caching of content and apps across Cloudflare’s global network for faster delivery. Its newer Workers AI product allows developers to access models and GenAI tools (like sentiment analysis) to build and customize apps hosted by Cloudflare’s network. Workers AI pairs seamlessly with its “Vectorize.” Vectorize offers a style of data querying that allows for visualization of patterns.

Another key example of Cloudflare’s GenAI tools is its R2 product. This allows cloud workloads and data to freely move among public clouds with no tax. This is key in a multi-cloud world and is popular for model building and implementation. Models are voracious users of data and data is routinely hosted in many clouds. That's where R2 comes in handy.

• Cloudflare AI is its overarching suite of AI tools, which include the developer AI tools in Workers AI, among others.

• Hyperdrive is a notable product within Workers AI. This allows any legacy database to plug into NET’s global CDN. It makes NET an easier migration partner as it helps customers embrace next-gen databases, on-premise-to-cloud migrations and GenAI.

Zero Trust & More on Network Security:

Cloudflare also offers its Zero Trust Network Access (ZTNA) program. This directly competes with Zscaler and many others. Zero trust means that a user or device must be constantly verified (or never trusted). Cloudflare does this in a seamless manner, minimizing user friction. It considers device type, location, usage patterns (or signatures) and other contextual clues to better authorize permission requests. This way, it knows when to block those requests or when to require more information. It then deploys a minimal privilege approach to ensure only the necessary permissions are granted to workers. Nothing more, nothing less. Zero Trust ensures an adversary can’t breach the most vulnerable part of a tech stack and move freely throughout it thereafter.

Secure Access Service Edge (SASE) is a term for how Cloudflare conjoins web performance like SWG, Magic WAN with security use cases like data loss prevention (DLP) and Magic Firewall. This drives vendor consolidation, controls costs and augments performance. Cloudflare One is its overarching product bundle subscription combining this suite.

Cloud Access Security Broker (CASB) is a security tool to provide firms with a birds-eye view of application usage. This has both security and performance optimization implications. It hosts and secures client data and uncovers suspicious activity or deviations in typical usage patterns to flag threats. It plugs into NET’s Secure Web Gateway (SWG), which is essentially a digital security guard ensuring protection of a firm’s secure network and assets from the open internet. It ties closely to NET’s DLP and URL filtering tools.

• It offers Distributed Denial of Service (DDoS) attack protection to augment its security and network capabilities. This form of hacking aims to inundate and overwhelm networks with traffic.

More on GenAI:

Browser Isolation is Net’s managed service for providing users with a purely secluded environment to search and scrape the web. This will be an increasingly important tool for its GenAI inference products that are now building steam. Inference is where Cloudflare expects to realize the bulk of GenAI’s financial value. Models are trained once and periodically updated with new data. After that, the value of those models lies in their ability to connect dots and drive insights (or inference). That’s where Cloudflare thrives. It offers a managed cloud platform to do all of that app and model work in a secure and compliant fashion.

b. Key Points

• Average headline numbers.

• Go-to-market fixes keep working.

• Strong enterprise-level momentum.

• Rapid uptake of AI products.

c. Demand

• Beat revenue estimate by 1.9% & beat guidance by 2.3%.

  • Its 28.5% 2-yr revenue compounded annual growth rate (CAGR) compares to 29.4% last quarter & 30.2% 2 quarters ago.

• Missed $100K annual recurring revenue (ARR) client estimate by 3.3%.

• Beat remaining performance obligation (RPO) estimate by 5%.

• 111% net revenue retention (NRR) vs. 111% Q/Q & 115% Y/Y.

Growth was strongest in APAC at 54% Y/Y, which marks a convincing sequential acceleration compared to 39% growth last quarter. EMEA Y/Y growth was stable sequentially at 27%. USA revenue growth was 20% Y/Y compared to 23% last quarter.

Cloudflare sees NRR stabilizing around 111% despite a shift towards pool of funds contracts. Good to hear. As a reminder, pool of funds contracts allow customers to set spending levels at the beginning of terms and draw down on their commitments more flexibly at their convenience. There are no fixed minimums for usage over a period of time.

d. Profits & Margins

• Missed EBIT estimate by 1% & beat guidance by 2.7%.

• Missed 78% gross profit margin (GPM) estimate by 90 basis points (bps; 1 basis point = 0.01%).

• Met EPS estimate. EPS would have been $0.01 higher excluding FX headwinds.

Gross margin was impacted by a mix shift towards paid customer traffic instead of free. This led to cost recognition shifting from cost of goods sold (COGS) to sales & marketing, which negatively and materially impacted the Y/Y GPM comp. No other margin line was impacted, as all others deduct both COGS and sales & marketing.

e. Balance Sheet

• $1.9B cash & equivalents.

• $1.3B convertible notes. No traditional debt.

• 2.1% Y/Y dilution.

f. Guidance & Valuation

• Reiterated revenue, EBIT and EPS guidance, which all slightly missed estimates across the board.

• Q2 guidance also slightly missed estimates across the board.

• They are “comfortable with consensus free cash flow estimates for the full year.”

• Leadership reiterated network CapEx at 12.5% of total revenue for the year.

The guidance balances two things. First, trends remain strong and its business is executing at a very high level. Q1 results “underscore that their formula is working despite the highly volatile environment.” Secondly, despite what they’re actually observing, they approached 2025 guidance very cautiously (out of respect for the chaos). They’re taking an incrementally more prudent approach to modeling rest-of-year expectations.

Net trades for 167x forward EPS and 187x forward FCF. EPS is expected to grow by 7% this year and by 30% next year. FCF is expected to grow by 42% this year and by 40% next year. Very expensive name — and has been since the IPO several years ago.

g. Call & Release

Go-to-Market (GTM):

We’re now one year after Cloudflare founder/CEO Matt Prince ripped into his sales team and vowed to overhaul it for the better. And? Things have greatly improved. As Prince constantly says, Cloudflare has never been bottlenecked by its pace of innovation or product quality. Its limiting factor has been quality and size of go-to-market motions. That is changing. Sales productivity again rose 10% Y/Y for another consecutive quarter (I believe 3 in a row), while pipeline build was ahead of expectations, churn rate improved and Cloudflare secured its highest Y/Y net new average contract value (ACV) in 3 years. This isn’t because macro is improving or amazing. As we’ll get into later, it isn’t. This is because Cloudflare’s mission-critical platform is now being supported by its sales team… rather than held back by it. And? It’s because of a fantastic ability to consolidate hyper-efficient network solutions, security products and an end-to-end developer platform all in one. It’s consistently winning because it can do all of this while maximizing GPU utilization rates for customers and allowing their Agentic AI and GenAI spend to be much more productive. So… great products… more interoperable products… many complementary products… and cheaper products. Good recipe for a true platform play.

One of the biggest priorities for the go-to-market (GTM) overhaul was catering more effectively to large enterprise deals. There are many powerful examples of this working in the Q1 results. Cloudflare won a record-setting number of $1 million and $5 million contracts, as well as its first-ever $100 million contract with a large tech company. Competitive pricing pressure is waning while Cloudflare keeps winning banner deals (examples later). They think all of this is a direct byproduct of GTM improvements; NET will continue aggressively building out the sales staff in the coming quarters.

It signed its longest-duration contact for its Zero Trust service, with a large, 7-year agreement and shrunk the sales cycle despite average deal size significantly growing. That’s not normal in the best of ways. It does think sales cycles will naturally lengthen as this trend continues, but that’s not currently happening.

One more thing here. It’s strange to see 7-figure contract momentum so strong with the $100,000 ARR customer result missing estimates. This is solely a matter of timing, as the quarter had two fewer days in it; several clients were close to reaching that threshold and would have with a normal number of business sessions.

Platform-Level Wins:

Nothing lends credence to the ideas above quite as well as a series of large contractual wins. During the quarter, NET won the aforementioned 9-figure deal. It was a 5-year pool of funds contract to deploy its Workers Platform, as NET’s global network led to lower latency and higher performance for their software development needs. Prince sees this performance as a key differentiator vs. hyperscalers, with Cloudflare increasingly in the fold for securing cloud workload contracts like this one. This goes back to NET’s ability to vastly raise GPU utilization rates and lower the heavy waste associated with accelerated compute. It plans to drive the “kind of efficiency gains in inference that DeepSeek did in training” and it’s off to a great start. That GPU optimization capability is a wonderful complement to the compute, storage and database talents the Workers Platform possesses. This, along with integrated network security solutions, helped it win another 3-year, $3M+ annual contract.

There are several other potential 9-figure deals in the pipeline. A “large technology company” signed a 2-year contract worth nearly $5M annually. Cloudflare’s zero trust suite simply worked better than competitors and the client used its services to displace three disparate point solutions.

A large “international infrastructure provider signed that aforementioned 7-year contract. That’s trust. The contract is worth nearly $2M annually and includes deployment of its entire SASE platform including, DLP, Magic WAN, Magic Firewall, SWG, Workers Platform and more. All of these products and acronyms were defined in the first section of the piece.

A global 2000 company signed a 5+ year contract worth more than $1M annually for its end-to-end Zero Trust product kit. Three point solutions were eliminated, with better latency, broader security coverage and, simply put, more efficient operations.

As part of NET’s revamped GTM, it will try to work better with channel partners and is already finding traction. This quarter, a “large U.S. government entity” finalized a 2-year, $3M+ contract for ZTNA. NET made it very easy to comply with a mess of federal regulations.

Another Customer Win and DDOS Strength:

Another government agency in Asia-Pacific signed a 3-year $5M deal for its app services and also Magic Transit. The security product provides coverage from DDOS attacks – with higher success rates, scalability and cost efficiency. Speaking of which, NET saw a large acceleration in network DDOS attack volume during the quarter, with 300% Y/Y growth. Not the kind of growth that its customers want to see… but the kind of growth that makes NET’s products even more needed.

It sees itself as basically the only network that can handle this kind of spike with ease and without costing its customers more money. As Prince explained, most alternatives run totally separate networks for DDOS-specific functions. This diminishes inter-company communication, interoperability and success with protecting stakeholders from this inundation-based threat. This architecture creates scaling bottlenecks that force other competitors to charge clients for extra usage of its service. NET doesn’t have that same requirement because it’s that much more efficient at gracefully fielding this form of attack.

Macro:

Considering NET is directly involved with ⅕ of the World’s internet traffic, its view of digital trends as a hint for the overall macro backdrop is a great one. As the team rightfully said, this has “given them an ability to make macro calls that turned out to be prescient.” But? These are especially weird times. With the strangeness of today’s macro volatility, it thinks it has “less of a unique view.” It also thinks the world is undoubtedly getting a bit more volatile and fragile, which does impact overall software budgets. At the same time, that impact is felt far less for platform-wide vendors that allow companies to save costs by consolidating point solutions. It’s an idea we talk about constantly (because it’s such an important one).

Through the first part of May, Cloudflare has seen zero changes to traffic volume or any patterns. Considering the incremental prudence baked into their guidance, this could yield upside if the backdrop cooperates a bit.

Interestingly, tariffs may have actually been good for its business. This supply chain shock pushed modernization holdouts to more pressingly question whether they wanted hardware-based solutions. It forced them to pontificate on whether or not an out-of-the-box piece of hardware (that needed to be physically shipped) was ideal. It made it even more clear that a scalable, software-native platform was ideal. They think this trade war drama has accelerated the drive to modernize infrastructure for many customer holdouts.

Media Companies and GenAI:

With Google and every other search-based chatbot now giving answers directly on the pages, rather than routing consumers to a relevant site, media companies are flocking to Cloudflare. They’re interested in using it not only to perfect the user experience via things like lower latency, but also to make sure their sensitive data is shielded from model-builders. This is turning media into a much bigger business for Cloudflare than it has been in the past.

Product Innovation & Momentum:

Cloudflare talked about two products as traction standouts this quarter. First, its Workers Platform continues to kill it. AI inference requests (a great measure for demand) are up 4,000% Y/Y. That’s still comping over a small base, but that will not be true for long if this keeps exponentially scaling. They’ve been telling us that the Workers Platform will not materially move the financial needle for a while. But? It’s now comfortably ahead of schedule in getting there.

Secondly, its AI gateway enjoyed 12x Y/Y query growth. The AI gateway builds upon SWG as a bridge between AI-native applications and the models they pull from. To nurture this momentum, it’s working hard to build its model context protocol (MCP). This is the product that actually frees AI models to communicate and share information with 3rd-party applications/agents. In the world of agentic AI, where agents conduct multi-step tasks and need information from a wide array of sources, MCPs help a lot. They’re how the agents can jump from needed source to source and glean the context needed to actually complete a task. They bolster the ability for these agents to race across the web and secure what they need. Anthropic was the driving force behind popularizing MCPs, while NET has been instrumental in bringing them to the cloud. NET’s global network paired with its security suite (to ensure models and agents don’t access impermissible data) makes it the perfect candidate to bring these cloud-native tools to the masses.

SASE Update:

While NET didn’t start as a SASE company and entered the market long after many others did, it now feels like it has a world-class solution and all of the table-stakes products needed to compete.

h. Take

Subscribe to our premium content to read the rest.