Skip to content

Compliance & Privacy

Security at Agora

Trust Agora for Compliance, Safety, and Security

Agora is a global company that works diligently to incorporate security into our products and services, meeting international standards.

As a Platform as a Service (PaaS), we only collect Internet Protocol (IP) addresses and operational information necessary for providing our services. All other end-user data is managed by our customers in their own applications.

If you think you may have found a security vulnerability within any of our services, please contact our security team directly at security@agora.io.

Security Features

Identity and Access Management

Secure your live interactive streaming with tokens that uniquely identifies authorized users to prevent unwanted guests from intruding into private engagement sessions.

Data Protection and Encryption

Agora Software Development Kits (SDKs) provides built-in AES128/256 support or customer provided third party encryption to protect all data transmitted between the end user and Agora services so you can choose how to secure your content.

Network Geo-Fencing

With Agora, you choose the global region(s) that your engagement experience operates within. Agora Geo-Fencing gives you the ability to designate live interactive streaming traffic within selected regions to help customers meet regional and local regulation needs.

White Papers

Agora adopts Secure by Design and Defense in Depth principles when designing our security programs. Learn more about our product security and privacy protection.

Download Security White Paper
Download Privacy Protection White Paper

Compliance Certification

Compliance Certifications and Attestations

Agora takes security seriously. Our organization, operating systems, and environment have received international recognition with these certifications:

  • ISO/IEC 27001
    • Information Security Management System (ISMS)
  • ISO/IEC 27017
    • Information Security Controls for Cloud Services
  • ISO/IEC 27018
    • Protection of Personally Identifiable Information (PII)
  • SOC 2 Report
    • Trust Services Principles

Compliance with Regional Privacy Laws and Industry Regulations

GDPR logo

General Data Protection Regulation (GDPR)

Agora is aligned with GDPR and is committed to providing GDPR-compliant products and services to our customers in the EU region or with our customers who conduct business within the EU.

California Consumer Privacy Act (CCPA) logo

California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act is the first comprehensive privacy law in the United States that aims to provide a variety of privacy rights to California consumers. Agora is aligned with CCPA through the implementation of Information Security and Privacy programs.

HIPAA logo

Health Insurance Portability and Accountability Act (HIPAA)

Agora performs the role of a Business Associate under the definitions of HIPAA and maintains an ongoing HIPAA compliance program.

FTC Logo

Children’s Online Privacy Protection Act (COPPA)

COPPA requires that online services for children 13 years old and younger give parents direct notice of their information practices before collecting information from their children.​


Meet our Partners

DNV GL logo

DNV GL

DNV GL is an international accredited registrar who provided ISO/IEC 27001, 27017 and 27018 certification services for Agora.

Ernst & Young logo

Ernst & Young

Ernst & Young is a multinational professional service provider advising Agora on information security.

Deloitte logo

Deloitte

Deloitte is a multinational professional services company that performs Agora’s SOC 2 audits.

Trustwave logo

Trustwave

Trustwave is an information security company that performs Agora’s annual compliance and security assessment.