Risk Management and Strategy

We have established comprehensive cybersecurity risk assessment procedures as an integral part of our overall enterprise risk management system. These procedures are designed to identify, assess, and manage both potential and existing cybersecurity threats. We have a dedicated in-house IT department, led by our cybersecurity officer, that identifies, assesses and manages cybersecurity risks on a daily basis. We provide regular training programs to ensure that our employees possess the basic knowledge and principles of information security, maintain a sound responding and disposal mechanism for system security, external attacks and violations, and safeguarded the confidentiality of information and data of the company, employees and users, making sure information and data can only be obtained and used when necessary.

In addition, we maintain a robust data security program to protect the confidentiality and integrity of our data across all aspects of data collection and processing. We utilize a variety of technologies to protect our servers from fire, physical shock, theft and other forms of physical harm. On the back end, our servers, databases and information technology networks utilize firewalls, anti-DDoS, intrusion prevention systems, real-time server monitoring and other network cybersecurity technologies. We also utilize a wide range of protective technologies at the application level, including security access code systems, web application firewalls and simulated hacking tests. We back up user and historical data on a regular basis using “hot” backup systems to minimize the risk of data loss or leakage. We also conduct frequent reviews of our backup and data recovery systems, including through regular disaster recovery testing, to ensure that our systems are operating properly.

As of the date of this annual report, we have not experienced any material cybersecurity incidents or identified any material cybersecurity threats that have affected or are reasonably likely to materially affect us, our business strategy, results of operations or financial condition.

Governance

Our board of directors is responsible for overseeing our cybersecurity risk management. Our board of directors (i) maintain oversight of the disclosure related to cybersecurity matters in periodic reports of our company, (ii) review updates to the status of any material cybersecurity incidents or material risks from cybersecurity threats to our company, and the relevant disclosure issues, if any, presented by our chief executive officer, chief financial officer and cybersecurity officer on a quarterly basis, and (iii) review disclosure concerning cybersecurity matters in our annual report on Form 20-F presented by our chief executive officer, chief financial officer and cybersecurity officer.

At the management level, our chief executive officer, chief financial officer and cybersecurity officer are responsible for assessing, identifying and managing material risks from cybersecurity threats to our company and monitoring the prevention, detection, mitigation and remediation of material cybersecurity incident. They report to our board of directors (i) on a quarterly basis on updates to the status of any material cybersecurity incidents or material risks from cybersecurity threats to our company, and the relevant disclosure issues, if any, and (ii) on disclosure concerning cybersecurity matters in our annual report on Form 20-F.