We have access to certain data and information of enterprises which use our solutions. We may also have access to certain personal data and information of our customers’ end-users. Specifically, for our solutions deployed on public cloud, data and information are safely encrypted and stored in cloud servers, where customers can access on demand only with appropriate authorization. We do not have access to data and information of customers which use our solutions deployed on private cloud.

We are committed to protecting our customers’ data and privacy and have designed strict protocols on data collection, transmission, storage and usage to ensure compliance with applicable laws and regulations. In addition, our agreements with customers generally include a confidentiality clause under which we are obligated not to disclose or otherwise misappropriate the data and information of our customers or their end-users.

We take safety precautions to maintain our technological infrastructure and protect our data and information. We have implemented detailed policies regarding system operation and maintenance, information security and management, and data backup and disaster recovery. Our technological infrastructure applies safeguards such as web application firewalls to ensure data security. As a general principle, data and information in relation to our business operations can only be accessed by our employees with designated authorization level. We enter into confidentiality agreements with our employees who have access to our data and information. The confidentiality agreements provide that, among others, these employees are legally obligated not to disclose or otherwise misappropriate confidential data and information in possession as a result of their employment. Such employees are also legally obligated to surrender all confidential data and information in possession upon resigning and to maintain their confidentiality obligations afterwards. They bear compensation liability if they breach their confidentiality obligations or otherwise commit misconduct resulting in leakage of our confidential data and information. Furthermore, our agreements with business partners generally include a confidentiality clause under which they are legally obligated not to disclose or misappropriate confidential data and information in possession as a result of their relationship with us.

As of the date of this annual report, we have not received any claim from any third party against us on the ground of infringement of such party’s right to data protection as provided by applicable laws and regulations in China and other jurisdictions. As of the same date, we have not experienced any cybersecurity incidents that resulted in an interruption to our operations, known losses of any critical data or otherwise had a material impact on our business strategy, results of operations or financial condition. However, the scope and impact of any future incidents cannot be predicted. See “Item 3. Key Information — D. Risk Factors” for more information on how material cybersecurity incidents may impact our business.

Our board of directors acknowledges the significance of robust cybersecurity management programs and actively participates in overseeing and reviewing our cybersecurity risk profile and exposures.

Our chief technology officer leads the overall assessment, identification and management of risks related to cybersecurity threats. He works collaboratively within our Group and receives regular briefings on cybersecurity matters, such as report on cybersecurity incidents and responses and remedial measures. Our chief technology officer has over 20 years of relevant experience in risk management, cybersecurity and information technology. Our chief technology officer and dedicated staff are responsible for the daily management of our cybersecurity efforts. This includes updates and refinement of cybersecurity policies, execution and management of cybersecurity measures, and the preparation of regular reports on cybersecurity execution. Their primary focus is to consistently update our cybersecurity programs and mitigation strategies, ensuring they align with industry best practices and procedures.