Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | Risk Management and Strategy Cybersecurity risk management is an integral part of our overall enterprise risk management system. Our cybersecurity risk management program is designed to align with major industry standards such as ISO/IEC 270001, ISO/IEC 27017, ISO/IEC 27701, ISO/IEC42001, and CSA-STAR, among others, as well as assist us in maintaining procedures for assessing, identifying and managing material risks from cybersecurity threats and incidents. We have established a comprehensive cybersecurity threat defense system designed to mitigate both internal and external cybersecurity threats. This system spans various layers, including network, host, application and hardware security, and integrates a range of security capabilities such as web application firewalls (“WAFs”), message queuing telemetry transport (“MQTT”) application firewalls, intrusion detection, runtime application self-protection (“RASP”), host-based intrusion detection system (“HIDS”), protection measures against distributed denial-of-service (“DDoS”) attacks, threat defense, and real-time monitoring. We have established an AI-native security framework, internally released AI secure coding guidelines, implemented a mandatory access control mechanism for AI tools, and released an AI Guardrail SDK capable of effectively identifying high-risk content. We apply diverse methods to manage cybersecurity risks and protect sensitive data, including technical safeguards, procedural protocols, a monitoring program on our corporate network, regular evaluations of security measures both internally and with external service providers, an incident response program, and regular training sessions for our employees. For example, the implementation and effectiveness of our security measures are evaluated internally on an annual basis, and we require employees to complete certain cybersecurity awareness trainings at least once annually. We also engage third parties to assess and audit our cybersecurity programs and compliance with applicable practices and standards. For example, we have worked with leading privacy compliance and cybersecurity firms, such as E.Y., TrustArc, BSI, DNV and Underdefense, for privacy management and penetration testing. As of the date of this annual report, we are not aware of having experienced any material cybersecurity incidents or identified any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we, or the cloud service providers or other third parties upon which we rely, have not experienced, or will not experience, an undetected cybersecurity incident. For more information about these risks, please see “Risk Factors—Unauthorized or improper disclosures of personal information, cyberattacks or other security incidents or data breaches that affect our networks or systems, or those of our cloud service providers or our customers, whether inadvertent or purposeful, could degrade our ability to conduct our business, compromise the integrity of our products and services, platform and data, result in significant data losses and the theft of our intellectual property, damage our reputation, expose us to liability to third parties and require us to incur significant additional costs to maintain the security of our networks and data which could adversely affect our business, financial condition and results of operations.” |
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | We have established a comprehensive cybersecurity threat defense system designed to mitigate both internal and external cybersecurity threats. This system spans various layers, including network, host, application and hardware security, and integrates a range of security capabilities such as web application firewalls (“WAFs”), message queuing telemetry transport (“MQTT”) application firewalls, intrusion detection, runtime application self-protection (“RASP”), host-based intrusion detection system (“HIDS”), protection measures against distributed denial-of-service (“DDoS”) attacks, threat defense, and real-time monitoring. We have established an AI-native security framework, internally released AI secure coding guidelines, implemented a mandatory access control mechanism for AI tools, and released an AI Guardrail SDK capable of effectively identifying high-risk content. We apply diverse methods to manage cybersecurity risks and protect sensitive data, including technical safeguards, procedural protocols, a monitoring program on our corporate network, regular evaluations of security measures both internally and with external service providers, an incident response program, and regular training sessions for our employees. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Our board of directors has overall oversight responsibility for our risk management, and our senior management team is responsible for the day-to-day cybersecurity risk management oversight. Our board of directors shall maintain oversight of the disclosure (i) on Form 6-K for material cybersecurity incidents (if any) and (ii) related to cybersecurity matters in the periodic reports (including annual report on Form 20-F). |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | board of directors |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our board of directors shall maintain oversight of the disclosure (i) on Form 6-K for material cybersecurity incidents (if any) and (ii) related to cybersecurity matters in the periodic reports (including annual report on Form 20-F). |
| Cybersecurity Risk Role of Management [Text Block] | In addition, at the management level, we have established a Compliance committee, which is chaired by our Chief Executive Officer, to oversee and manage cybersecurity related matters. The Compliance committee consists of four executives, including our Chief Information Security Officer (“CISO”), who is in charge of our cybersecurity team and has over 10 years of experience in managing confidentiality-related cybersecurity issues. Our Compliance committee reports to our senior management team on a semi-annual basis regarding its assessment, identification and management on material cybersecurity incidents or material risks from cybersecurity threats to our company, if any. We have also established an incident response team that consists of our CISO, our Data Protection Officer (“DPO”) and our Chief Privacy Officer (“CPO”). If a cybersecurity incident occurs, our incident response team is responsible for organizing relevant personnel to conduct an internal assessment and report to our Compliance committee. If it is determined that the incident could potentially be material to our business, our Compliance committee will promptly report the assessment results to our senior management team and our general counsel to the extent appropriate and our Compliance committee would then prepare disclosure material on the cybersecurity incident for review and approval by our board of directors, in compliance with applicable cybersecurity and data privacy laws. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Chief Information Security Officer (“CISO”) |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | our Chief Information Security Officer (“CISO”), who is in charge of our cybersecurity team and has over 10 years of experience in managing confidentiality-related cybersecurity issues. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Our Compliance committee reports to our senior management team on a semi-annual basis regarding its assessment, identification and management on material cybersecurity incidents or material risks from cybersecurity threats to our company, if any.If a cybersecurity incident occurs, our incident response team is responsible for organizing relevant personnel to conduct an internal assessment and report to our Compliance committee. If it is determined that the incident could potentially be material to our business, our Compliance committee will promptly report the assessment results to our senior management team and our general counsel to the extent appropriate and our Compliance committee would then prepare disclosure material on the cybersecurity incident for review and approval by our board of directors, in compliance with applicable cybersecurity and data privacy laws. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |