Risk Management and Strategy

We have implemented robust processes for assessing, identifying, and managing material risks from cybersecurity threats and monitoring the prevention, detection, mitigation, and remediation of material cybersecurity incident. We also have integrated cybersecurity risk management into our overall enterprise risk management system.

We have established a dynamic and multi-layered cybersecurity defense system to effectively mitigate both internal and external cyber threats. This comprehensive system spans multiple security domains, including network, host, and application layers. It integrates a range of security capabilities such as threat defense, continuous monitoring, in-depth analysis, rapid response, as well as strategic deception and countermeasures. Our approach to managing cybersecurity risks and safeguarding sensitive data is multi-faceted, involving technological safeguards, procedural protocols, a rigorous program of surveillance on our corporate network, ongoing internal and external evaluations of our security measures, a solid incident response framework, and regular cybersecurity training sessions for our employees. Our IT department is actively engaged in continuous monitoring of our application, platforms, and infrastructure to ensure prompt identification and response to potential issues, including emerging cybersecurity threats.

We do not engage any assessors, consultants, or other third parties in connection with the processes for assessing, identifying, and managing material risks from cybersecurity threats. As of the date of this annual report, we have not experienced any material cybersecurity incidents or identified any material cybersecurity threats that have affected or are reasonably likely to materially affect us, our business strategy, financial condition, or results of operations.

We have implemented robust processes for assessing, identifying, and managing material risks from cybersecurity threats and monitoring the prevention, detection, mitigation, and remediation of material cybersecurity incident. We also have integrated cybersecurity risk management into our overall enterprise risk management system.

We have established a dynamic and multi-layered cybersecurity defense system to effectively mitigate both internal and external cyber threats. This comprehensive system spans multiple security domains, including network, host, and application layers. It integrates a range of security capabilities such as threat defense, continuous monitoring, in-depth analysis, rapid response, as well as strategic deception and countermeasures. Our approach to managing cybersecurity risks and safeguarding sensitive data is multi-faceted, involving technological safeguards, procedural protocols, a rigorous program of surveillance on our corporate network, ongoing internal and external evaluations of our security measures, a solid incident response framework, and regular cybersecurity training sessions for our employees. Our IT department is actively engaged in continuous monitoring of our application, platforms, and infrastructure to ensure prompt identification and response to potential issues, including emerging cybersecurity threats.

At management level, our chief executive officer, chief financial officer, and an employee in charge of cybersecurity matters who has abundant experience in leading the security engineering team in large technology companies and extensive knowledge and skills in security risk management, are responsible for assessing, identifying, and managing material risks from cybersecurity threats to our company and monitoring the prevention, detection, mitigation, and remediation of material cybersecurity incident. They report to our board of directors on (i) a quarterly basis on updates to the status of any material cybersecurity incidents or material risks from cybersecurity threats to our company, and the disclosure issues, if any, and (ii) on disclosure concerning cybersecurity matters in our annual report on Form 20-F.