Risk Management and Strategy

We have implemented comprehensive cybersecurity risk assessment procedures to ensure effectiveness in cybersecurity management, strategy and governance and reporting cybersecurity risks. We have also integrated cybersecurity risk management into our overall enterprise risk management system.

We have developed a comprehensive cybersecurity threat defense system to address both internal and external threats. This system encompasses various levels, including network, host and application security and incorporates systematic security capabilities for threat defense, monitoring, analysis, response, deception and countermeasures. We strive to manage cybersecurity risks and protect sensitive information through various means, such as technical safeguards, procedural requirements, an intensive program of monitoring on our corporate network, continuous testing of aspects of our security posture internally and with outside vendors, a robust incident response program and regular cybersecurity awareness training for employees. Our IT department regularly monitors the performance of our mobile applications, platforms and infrastructure to enable us to respond quickly to potential problems, including potential cybersecurity threats.

As of the date of this annual report, we have not experienced any material cybersecurity incidents or identified any material cybersecurity threats that have affected or are reasonably likely to materially affect us, our business strategy, results of operations or financial condition.

Governance

The nominating and corporate governance committee of our board of directors is responsible for overseeing the Company’s cybersecurity risk management and be informed on risks from cybersecurity threats. The nominating and corporate governance committee shall review, approve and maintain oversight of the disclosure (i) on Form 6-K for material cybersecurity incidents (if any) and (ii) related to cybersecurity matters in the periodic reports (including annual report on Form 20-F) of the Company. In addition, at the management level, we have formed a data management team, consisting of our head of IT and our general counsel, to oversee and manage cybersecurity related matters and formulate policies as necessary. Our data management team reports to our nominating and corporate governance committee on a quarterly basis regarding its assessment, identification and management on material risks from cybersecurity threats happened in the ordinary course of our business operations. If a cybersecurity incident occurs, our data management committee will promptly organize relevant personnel for internal assessment and, depending on the situation, seek the opinions of external experts and legal advisors. If it is determined that the incident could potentially be a material cybersecurity event, our data management committee will promptly report the investigation and assessment results to our nominating and corporate governance committee and our nominating and corporate governance committee will decide on the relevant response measures and whether any disclosure is necessary. If such disclosure is determined to be necessary, our data management committee shall promptly prepare disclosure material for review and approval by our nominating and corporate governance committee before it is disseminated to the public.

Governance

The nominating and corporate governance committee of our board of directors is responsible for overseeing the Company’s cybersecurity risk management and be informed on risks from cybersecurity threats. The nominating and corporate governance committee shall review, approve and maintain oversight of the disclosure (i) on Form 6-K for material cybersecurity incidents (if any) and (ii) related to cybersecurity matters in the periodic reports (including annual report on Form 20-F) of the Company. In addition, at the management level, we have formed a data management team, consisting of our head of IT and our general counsel, to oversee and manage cybersecurity related matters and formulate policies as necessary. Our data management team reports to our nominating and corporate governance committee on a quarterly basis regarding its assessment, identification and management on material risks from cybersecurity threats happened in the ordinary course of our business operations. If a cybersecurity incident occurs, our data management committee will promptly organize relevant personnel for internal assessment and, depending on the situation, seek the opinions of external experts and legal advisors. If it is determined that the incident could potentially be a material cybersecurity event, our data management committee will promptly report the investigation and assessment results to our nominating and corporate governance committee and our nominating and corporate governance committee will decide on the relevant response measures and whether any disclosure is necessary. If such disclosure is determined to be necessary, our data management committee shall promptly prepare disclosure material for review and approval by our nominating and corporate governance committee before it is disseminated to the public.

We have implemented comprehensive cybersecurity risk assessment procedures to ensure effectiveness in cybersecurity management, strategy and governance and reporting cybersecurity risks. We have also integrated cybersecurity risk management into our overall enterprise risk management system.

As of the date of this annual report, we have not experienced any material cybersecurity incidents or identified any material cybersecurity threats that have affected or are reasonably likely to materially affect us, our business strategy, results of operations or financial condition.