Cybersecurity Risk Management

Cybersecurity risk management is an integral part of our overall risk management program. Our cybersecurity risk management program is designed to align with industry best practices and provide a framework for handling cybersecurity threats and incidents, including threats and incidents associated with the use of services provided by third-party service providers, and facilitate coordination across different departments of our company. This framework includes steps for regularly conducting data protection impact assessments on information systems, monitoring the information about the security vulnerabilities of our systems, identifying the source of a cybersecurity threat including whether the cybersecurity threat is associated with a third-party service provider, implementing data security emergency response plans and adopting remedial measures, and informing management and our board of directors of material cybersecurity threats and incidents. Our cybersecurity team is responsible for assessing our cybersecurity risk management program and we currently do not engage third parties for such assessment. In addition, our cybersecurity team provides training to all key employees for product development regularly.

In 2025, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced an undetected cybersecurity incident. For more information about these risks, please see “Item 3. Key Information—3.D. Risk Factors—Risks Related to Our Business—Computer malware, viruses, ransomware, hacking, phishing attacks and other network disruptions could result in security and privacy breaches, loss of proprietary information and interruption in service, which could adversely affect our business, results of operations, financial condition and prospects.”

Our board of directors has overall oversight responsibility for our risk management, and is charged with oversight of our cybersecurity risk management program. The board is responsible for monitoring the implementation of our risk management policies across our company, ensuring that our company has processes in place designed to identify and evaluate cybersecurity risks to which the company is exposed and implement processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents. The management is responsible for identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures and maintaining cybersecurity programs. Our cybersecurity programs are under the direction of our director of software department, who receives reports from our cybersecurity team and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents. Our director of software department and dedicated personnel are experienced information systems security professionals and information security managers with years of experience. The management regularly updates the board of directors on the company’s cybersecurity programs, material cybersecurity risks and mitigation strategies and provide cybersecurity reports annually that cover, among other topics, third-party assessments of the company’s cybersecurity programs, developments in cybersecurity and updates to the company’s cybersecurity programs and mitigation strategies.