Cybersecurity Risk Management and Strategy Disclosure
|
12 Months Ended |
Feb. 28, 2026 |
|---|
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] |
|
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
Risk Management and Strategy We have established a comprehensive cybersecurity risk management program, which consists of various policies, procedures and technical measures that are designed to promote effectiveness in cybersecurity management, strategy, governance and reporting. We have also integrated cybersecurity into our overall enterprise risk management system, which sets out roles, responsibilities and processes for identifying, assessing, managing and reporting our Group-wide risk exposures, such as compliance, ethics, security and financial risks. Our cybersecurity risk management program consists of the following key components: | ● | Governance Structure. We have established robust governance structure at both board and management levels to facilitate effective oversight of our company’s overall risk management, including cybersecurity risks. See “—Cybersecurity Governance.” |
| ● | Internal Policies and Procedures. We have adopted and implemented a comprehensive set of internal policies and procedures that set out roles, responsibilities and requirements for cybersecurity risk management. Such policies and procedures cover a wide array of key aspects, including information security, data classification and security management, network security risk assessment, and contingency plan for security incident response. We regularly review and update these policies and procedures based on regulatory requirements, industry standards and best practices. |
| ● | Risk Identification, Assessment and Mitigation. We have implemented various technical measures to identify, assess and mitigate cybersecurity risks, such as firewalls, zero-trust network access, traffic monitoring, host-based intrusion detection system and data loss prevention. We believe such measures help us better safeguard our information systems, identify and mitigate network and data security risks and protect the confidentiality, integrity and availability of the data stored in our system. For more details on our data protection measures, see “Item 4. Information on the Company—B. Business Overview—Data Privacy and Security.” |
| ● | Internal and External Reviews. Our internal audit teams perform independent reviews and testing of our internal controls (including IT general controls), which cover cybersecurity to a certain extent as determined by risk assessment and other relevant considerations. To comply with applicable legal requirements and to better protect our information systems, we have also engaged third-party service providers to make requisite filings, classifications and assessments of our cybersecurity management system on a periodic basis. |
| ● | Third-Party Risk Management. We have implemented processes to identify and mitigate cybersecurity risks arising from our use of third-party service providers. Our contracts with third-party service providers generally require such service providers to, among other things, maintain security controls to protect our confidential information and data, notify us of material data breaches that may impact our data, and take remedial measures in a timely manner. |
| ● | Training. We provide various cybersecurity education and training programs designed to promote awareness of, and reinforce, our cybersecurity policies and procedures. |
As of the date of this annual report, we have not experienced any material cybersecurity incidents or identified any material cybersecurity threats that have affected or are reasonably likely to materially affect us, our business strategy, results of operations or financial condition.
|
| Cybersecurity Risk Management Processes Integrated [Flag] |
true
|
| Cybersecurity Risk Management Processes Integrated [Text Block] |
Our cybersecurity risk management program consists of the following key components: | ● | Governance Structure. We have established robust governance structure at both board and management levels to facilitate effective oversight of our company’s overall risk management, including cybersecurity risks. See “—Cybersecurity Governance.” |
| ● | Internal Policies and Procedures. We have adopted and implemented a comprehensive set of internal policies and procedures that set out roles, responsibilities and requirements for cybersecurity risk management. Such policies and procedures cover a wide array of key aspects, including information security, data classification and security management, network security risk assessment, and contingency plan for security incident response. We regularly review and update these policies and procedures based on regulatory requirements, industry standards and best practices. |
| ● | Risk Identification, Assessment and Mitigation. We have implemented various technical measures to identify, assess and mitigate cybersecurity risks, such as firewalls, zero-trust network access, traffic monitoring, host-based intrusion detection system and data loss prevention. We believe such measures help us better safeguard our information systems, identify and mitigate network and data security risks and protect the confidentiality, integrity and availability of the data stored in our system. For more details on our data protection measures, see “Item 4. Information on the Company—B. Business Overview—Data Privacy and Security.” |
| ● | Internal and External Reviews. Our internal audit teams perform independent reviews and testing of our internal controls (including IT general controls), which cover cybersecurity to a certain extent as determined by risk assessment and other relevant considerations. To comply with applicable legal requirements and to better protect our information systems, we have also engaged third-party service providers to make requisite filings, classifications and assessments of our cybersecurity management system on a periodic basis. |
| ● | Third-Party Risk Management. We have implemented processes to identify and mitigate cybersecurity risks arising from our use of third-party service providers. Our contracts with third-party service providers generally require such service providers to, among other things, maintain security controls to protect our confidential information and data, notify us of material data breaches that may impact our data, and take remedial measures in a timely manner. |
| ● | Training. We provide various cybersecurity education and training programs designed to promote awareness of, and reinforce, our cybersecurity policies and procedures. |
|
| Cybersecurity Risk Management Third Party Engaged [Flag] |
true
|
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] |
true
|
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] |
false
|
| Cybersecurity Risk Board of Directors Oversight [Text Block] |
Our board of directors oversees our company’s overall risk management, including cybersecurity risks, and receives and reviews management reports on material cybersecurity risks and issues on an as-needed basis. In particular, our board of directors reviews and approves the cybersecurity-related disclosure in the periodic reports (including our annual reports on Form 20-F) of our company. If any Form 6-K is required to be filed to report our material cybersecurity incidents, it needs to be reviewed and approved by our board of directors as well.
|
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] |
board of directors
|
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] |
The Network and Data Security Committee reports to our board of directors on the prevention, detection, mitigation and remediation of material risks arising from cybersecurity threats, as well as material cybersecurity incidents, if any, on an as-needed basis. If a cybersecurity incident occurs, the Network and Data Security Committee will promptly coordinate with relevant personnel to perform internal reviews, and as needed, engage external experts to assist with such reviews. If it is further determined that the incident could potentially be a material cybersecurity event, the Network and Data Security Committee will promptly report the incident to, and review results with, our board of directors. If our board of directors determines that such incident should be disclosed, the Network and Data Security Committee will prepare disclosure material on the cybersecurity incident for approval by our board of directors before such material is disseminated to the public.
|
| Cybersecurity Risk Role of Management [Text Block] |
At the management level, we have formed a Network and Data Security Committee, which is chaired by our senior vice president. Our senior vice president brings to this role significant experience in technical and leadership roles at technology companies, as well as academic credentials in computer science. The Network and Data Security Committee is informed about, and monitors the prevention, detection, mitigation and remediation of cybersecurity incidents through receiving reports from our cybersecurity team and other relevant functions, as well as reviewing and approving cybersecurity-related policies and procedures. The Network and Data Security Committee reports to our board of directors on the prevention, detection, mitigation and remediation of material risks arising from cybersecurity threats, as well as material cybersecurity incidents, if any, on an as-needed basis. If a cybersecurity incident occurs, the Network and Data Security Committee will promptly coordinate with relevant personnel to perform internal reviews, and as needed, engage external experts to assist with such reviews. If it is further determined that the incident could potentially be a material cybersecurity event, the Network and Data Security Committee will promptly report the incident to, and review results with, our board of directors. If our board of directors determines that such incident should be disclosed, the Network and Data Security Committee will prepare disclosure material on the cybersecurity incident for approval by our board of directors before such material is disseminated to the public. We have dedicated cybersecurity staff tasked with assessing, identifying and managing risks related to cybersecurity threats, including developing action plans to address system vulnerabilities, investigating cybersecurity incidents, monitoring threats to sensitive data, securing access control measures, and developing cybersecurity training, among other aspects. Our other relevant group-level departments also perform various key functions with respect to cybersecurity risk management.
|
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] |
The Network and Data Security Committee is informed about, and monitors the prevention, detection, mitigation and remediation of cybersecurity incidents through receiving reports from our cybersecurity team and other relevant functions, as well as reviewing and approving cybersecurity-related policies and procedures.
|
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] |
true
|