Agora Processor Privacy Statement
Last updated: June 1, 2021
Agora Lab, Inc. (together with our parent companies, subsidiaries and affiliates, “Agora,” “we,” or “us”) values the privacy of everyone who uses our communication services, networks, mobile applications, downloadable tools, client libraries, software development kits, including, without limitation, our beta products, aPaaS, whiteboard, cloud player, SDKs (e.g. Voice SDK, Video SDK, RTM, Live Interactive Streaming, Recording, Analytics, etc.), and any APIs, API keys that uniquely identify a particular Customer Application (as defined below), and the associated services (collectively, our “Service”) which enable our customers (“Enterprise Customers”) to integrate and deploy live voice, video, messaging engagement capabilities and other interaction features and functionalities into their web and mobile applications (“Customer Applications”) for a variety of use cases.
Please read this Statement carefully. If you do not agree with this Statement or any part thereof, you should not access or use any part of the Service, or otherwise provide us with your Personal Information. If you change your mind in the future, you should stop using the Service and should provide us with no further Personal Information.
Contents of this Statement
This Statement outlines the following topics:
- Personal Information We Collect and How We Use It
- How We Disclose or Share Your Personal Information
- Your Rights and Choices
- Data Security
- Data Transfers
- Data Retention
- Changes and Updates to this Policy
- Contact Us
1. Personal Information We Collect and How We Use It
|Personal Information Collected by Us||How We Use It|
When you use the Service, we may collect information such as:
– Dynamic IP Addresses
– Use Configuration Data
This is information about the deployment of the Agora SDK and related configuration.
– Real-Time Engagement Metadata
This includes metrics about when and how the Service is used.
– Feature Usage
This includes data about Service preferences.
– Performance Data
This includes metrics about the Service performance and quality.
– Service Logs
This is data we generate about system-related events, such as errors and systems/servers’ reports.
– Usage Data
This is data we generate about when, how, and how long our Service is used.
|– On our Enterprise Customers’ instructions (which may include to provide you with our Service, operate, maintain, enhance and provide the features of the Service, monitor, diagnose and analyze the performance and effectiveness of our Service, analyze user patterns and conduct aggregated analytics, provide our service in a secure manner, prepare billings and usage reports, and to provide other services and information that you or our Enterprise Customers request).|
– As required by applicable law.
|Personal Information Collected by Our Customers||How We Use It|
– Voice Data
When you use our real-time voice engagement services.
– Video Data
When you use our real-time video engagement services.
– Messaging and Images Data
When you use our messaging services.
– Other Data
Depending on what service you use, our Enterprise Customers may collect additional information.
Other Information Shared by our Customers
Our enterprise customers may ask us to process additional information in accordance with our data processing terms, applicable statement of works and customer agreements.
|– On our Enterprise Customers’ instructions (which may include to provide you with our Service, operate, maintain, enhance and provide the features of Service, monitor, diagnose and analyze the performance, effectiveness of our Service, analyze user patterns and conduct aggregated analytics, provide our Service in a secure manner, prepare billings and usage reports, and to provide other services and information that you or our Enterprise Customers request).|
– As required by applicable law.
When processing User Content, we will only process Personal Information our Enterprise Customers transmit to us via the Service (including data you upload, post, or interact with via the Customer Applications). In no event will Agora access, share, or disclose any such User Content. Agora will only store User Content as explained in the Data Retention section below.
2. How We Disclose or Share Your Personal Information
We disclose and share your Personal Information pursuant to our data processing terms with our Enterprise Customers. This includes:
Agora Affiliates and Subsidiaries
We will typically disclose Personal Information about you within Agora’s affiliates and subsidiaries.
Agora’s Partners, Vendors and Service Providers
We work with third party service providers to provide website or application development, hosting, maintenance, and other services for us. These third parties may have access to or process your Personal Information as part of providing those services for us. We limit the information provided to these service providers to that which is necessary for them to perform their functions, and we require them to agree to maintain the confidentiality of such information. This typically includes storage vendors, internet carriers and payment processing partners.
Legally Binding and Legal-Related Disclosures
We will disclose your Personal Information if we are required to do so by law within United States’ jurisdiction, or in the good-faith belief that such action is necessary to comply with the United States’ state and federal laws), in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement.
Should this be the case, we will notify our Enterprise Customers in advance (if legally allowed), and we will only disclose such information that is legally requested and that is consented to be released (if applicable).
Other Third Parties
We may disclose and transfer information about our users, including Personal Information, to an acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
3. Your Rights and Choices
Depending on your jurisdiction and applicable data protection legislation, you have the right to exercise a number of privacy rights under certain circumstances.
Our Service is not directed to children under the age of 16, and we do not knowingly collect Personal Information from children under the age of 16 without obtaining parental consent. If you are under 16 years of age, then please do not use or access the Service at any time or in any manner. Our Enterprise Customers may incorporate our Service into their products to provide services to children under the age of 16. In that case, it is our Enterprise Customers’ obligation and responsibility to obtain parental consent. If you are a parent or guardian and discover that your child under 16 years of age deploys the Service within a Customer Application, then you may contact such Customer Application provider to delete your child’s Personal Information.
4. Data Security
We use certain physical, managerial, and technical safeguards that are designed to protect Personal Information against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Information in our possession.
Additionally, Agora Voice, Video and RTM SDKs provide built-in encryption algorithms as well as support for other encryptions that our Enterprise Customers prefer. The communication between you and the Agora network (i.e., SD-RTNTM) is protected by encrypted transmission protocols such as the Agora Private Transmission Protocol, Transport Layer Security (TLS) and WebSocket Secure (WSS). We strongly recommend our Enterprise Customers to follow the guidance in our Security Best Practices and to encrypt the User Content where necessary. As your content is encrypted, Agora is not able to read the encrypted content, nor are we able to relate it to you.
For more information about our encryption options, and other steps Agora takes to secure your Personal Information, please visit our Security Best Practices.
5. Data Transfers
Agora will transfer data across borders as follows:
If You Are Located in Territories Other than the United States
While Agora provides its Service globally, the Service is hosted in the United States. If you choose to use the Service from the European Economic Area, the United Kingdom or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your Personal Information outside of those regions to the United States for storage and processing, where local U.S. state and federal data protection regulations apply.
Streaming Data Routing
We will typically transfer your data from the U.S. or from the region it is collected or generated to other countries or regions in connection with processing of streaming data. This may be to fulfill Enterprise Customers’ requests, or allow us to operate the Service, in accordance with the customer agreement, or the terms of service, user agreement or similar agreements of our Enterprise Customers, as applicable.
Streaming data will typically be routed through several regions across the world, in an encrypted manner, to reach its intended recipient. Agora provides several options and levels of encryption which can be enabled by our Enterprise Customers.
Additionally, Agora provides our Enterprise Customers with Geofencing features that they can enable in order to route the streaming data within the specified regions, excluding others, as set up by our Enterprise Customers. For more information about the Geofencing options, please refer to our Security Best Practices.
Transfers Outside the European Economic Area and the United Kingdom
Agora offers Standard Contractual Clauses to its Enterprise Customers that operate in the European Economic Area and the United Kingdom. You may contact us as specified below to obtain a copy of the safeguards we use to transfer Personal Information outside of the European Economic Area or the United Kingdom.
6. Data Retention
We take measures to delete your Personal Information or keep it in a form that does not permit identifying you in accordance with our data processing terms with our Enterprise Customers and their choices, unless we are required by law to keep this information for a longer period.
By default, and unless otherwise agreed with our Enterprise Customers, we only retain the following data for these specified periods:
|Type of Data||Retention Period|
Real-time Streaming Data/User Content
|RTM Chat History||Deleted after 30 days|
|Cloud Recording||Deleted immediately after each session; if delivery fails, recording is deleted within 7 days|
|Service/Operation-Related Metadata||Deleted every 20 days|
7. Changes and Updates to This Statement
Please revisit this page periodically to stay aware of any changes to this Statement which we may update from time to time. If we modify it, the current Privacy Statement will be available on our website and indicate the date of the latest revision. In the event that the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify our affected Enterprise Customers of the change for them to take appropriate measures to inform you.
8. Contact Us
If you have any questions or comments about this Statement, our use and disclosure practices, please contact us by email at firstname.lastname@example.org or write to us at:
Agora Lab, Inc.
2804 Mission College Blvd, Suite 110
Santa Clara, CA 95054
Please kindly note that Agora respects your privacy rights and takes commercially reasonable efforts to protect your Personal Information. Nonetheless, it’s our Enterprise Customer’s obligation and responsibility to honor each of your privacy rights, and Agora assists our Enterprise Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of our Enterprise Customer’s obligation to respond to requests for exercising your privacy rights. If you’d like to exercise your privacy rights, please kindly contact our Enterprise Customer whose products you’re using.