Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Dec. 31, 2025 | |||||||||||||
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |||||||||||||
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | Risk Management and Strategy We have implemented comprehensive cybersecurity risk assessment procedures that are integrated into our overall risk management system. These procedures aim to identify, assess and manage potential and existing cybersecurity threats. We have a strong in-house information security department, led by our cybersecurity officer, that identifies, assesses and manages cybersecurity risks on a daily basis. Since 2022, we have implemented the following actions:
We have also established the Information Security Incident Response Plan and implemented an information security and data privacy incident response mechanism for external security attacks and violations and safeguarded the confidentiality of information and data of the company, employees and users. In the event of a personal information security breach, we would immediately initiate the information security emergency plan. Through the five stages of event confirmation and recording, preliminary evaluation and emergency measures, notification and reporting, post-event accountability and improvement and strengthening, we implement remedial measures to address the incident and prevent similar incidents from happening again. Moreover, we conduct network information security emergency drills every year to enhance the information security management. Besides, we engaged an evaluation agency which satisfies the conditions under the PRC laws and regulations to conduct evaluations on the security grade status of our information system in accordance with the technical standards such as the Evaluation Requirements on the Hierarchical Security Protection of Information System every year and we have engaged Tian Yuan Law Firm to provide us with legal services in cybersecurity and data compliance since 2024. We strive to ensure the highest standards and procedures to protect data and information security for our users and focus on maintaining and enhancing the reliability, stability and scalability of our network infrastructure. Our information security department regularly monitors the performance of our apps and infrastructure to enable us to respond quickly to potential problems, including potential cybersecurity threats. To ensure the smooth and secure operations during peak traffic that typically occurs during afternoons, evenings and weekends, we intend to continue to conduct regular maintenance of our security system, closely monitor the development of information technology and security technologies used in the industry and make necessary upgrades to enhance our information technology systems. We may grant access of personal information to third parties in very limited occasions and only to the extent necessary. When it is necessary to provide user’s personal information to a third party, we implement measures to manage the entire process of information sharing and usage, evaluate the impact on personal information protection and document the evaluation results. As of the date of this annual report, we have not experienced any material cybersecurity incidents or identified any material cybersecurity threats that have affected or are reasonably likely to materially affect us, our business strategy, results of operations or financial condition. |
||||||||||||
| Cybersecurity Risk Management Processes Integrated [Flag] | true | ||||||||||||
| Cybersecurity Risk Management Processes Integrated [Text Block] | We have implemented comprehensive cybersecurity risk assessment procedures that are integrated into our overall risk management system. These procedures aim to identify, assess and manage potential and existing cybersecurity threats. We have a strong in-house information security department, led by our cybersecurity officer, that identifies, assesses and manages cybersecurity risks on a daily basis. Since 2022, we have implemented the following actions:
|
||||||||||||
| Cybersecurity Risk Management Third Party Engaged [Flag] | true | ||||||||||||
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true | ||||||||||||
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false | ||||||||||||
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Our board of directors has established a cybersecurity committee, comprised of the chief executive officer, chief financial officer and other board members, to oversee our cybersecurity risk management. The committee is responsible, on behalf of the board, for setting up cybersecurity measures, overseeing the implementation of the measures and dealing with major cybersecurity issues if such issues arise. Our cybersecurity officer is primarily responsible for assessing and managing cybersecurity risks and monitoring the prevention, detection, mitigation and remediation of cybersecurity incidents. |
||||||||||||
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | cybersecurity committee | ||||||||||||
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The committee is responsible, on behalf of the board, for setting up cybersecurity measures, overseeing the implementation of the measures and dealing with major cybersecurity issues if such issues arise. | ||||||||||||
| Cybersecurity Risk Role of Management [Text Block] | Our cybersecurity officer is primarily responsible for assessing and managing cybersecurity risks and monitoring the prevention, detection, mitigation and remediation of cybersecurity incidents. Additionally, there is a security working group led by the cybersecurity committee, consisting of the cybersecurity officer, head of human resources, head of legal affairs, head of internal control and other relevant department heads. This working group handles our daily information security and data privacy protection affairs. Each department of our company, guided by the security working group, manages information security and data privacy protection within their respective areas of responsibility. Periodic reviews are held to discuss the landscape of cybersecurity, potential threats, and our preparedness for potential cybersecurity threats and risks to our company. In the case where a material cybersecurity incident occurs, the cybersecurity committee is responsible for reviewing the information and issues involved, disclosures to be made and the procedures followed | ||||||||||||
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true | ||||||||||||
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | cybersecurity officer | ||||||||||||
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Additionally, there is a security working group led by the cybersecurity committee, consisting of the cybersecurity officer, head of human resources, head of legal affairs, head of internal control and other relevant department heads. This working group handles our daily information security and data privacy protection affairs. Each department of our company, guided by the security working group, manages information security and data privacy protection within their respective areas of responsibility. Periodic reviews are held to discuss the landscape of cybersecurity, potential threats, and our preparedness for potential cybersecurity threats and risks to our company. In the case where a material cybersecurity incident occurs, the cybersecurity committee is responsible for reviewing the information and issues involved, disclosures to be made and the procedures followed |