Compliance & Privacy
Security at Agora
Trust Agora for Compliance, Safety, and Security
Agora is a global company that works diligently to incorporate security into our products and services, meeting international standards.
As a Platform as a Service (PaaS), we only collect Internet Protocol (IP) addresses and operational information necessary for providing our services. All other end-user data is managed by our customers in their own applications.
If you think you may have found a security vulnerability within any of our services, please contact our security team directly at security@agora.io.
Security Features
Identity and Access Management
Secure your live interactive streaming with tokens that uniquely identifies authorized users to prevent unwanted guests from intruding into private engagement sessions.
Data Protection and Encryption
Agora Software Development Kits (SDKs) provides built-in AES128/256 support or customer provided third party encryption to protect all data transmitted between the end user and Agora services so you can choose how to secure your content.
Network Geo-Fencing
With Agora, you choose the global region(s) that your engagement experience operates within. Agora Geo-Fencing gives you the ability to designate live interactive streaming traffic within selected regions to help customers meet regional and local regulation needs.
White Papers
Agora adopts Secure by Design and Defense in Depth principles when designing our security programs. Learn more about our product security and privacy protection.
Compliance Certification
Compliance Certifications and Attestations
Agora takes security seriously. Our organization, operating systems, and environment have received international recognition with these certifications:
- ISO/IEC 27001
- Information Security Management System (ISMS)
- ISO/IEC 27017
- Information Security Controls for Cloud Services
- ISO/IEC 27018
- Protection of Personally Identifiable Information (PII)
- SOC 2 Report
- Trust Services Principles
Compliance with Regional Privacy Laws and Industry Regulations

General Data Protection Regulation (GDPR)
Agora is aligned with GDPR and is committed to providing GDPR-compliant products and services to our customers in the EU region or with our customers who conduct business within the EU.

California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act is the first comprehensive privacy law in the United States that aims to provide a variety of privacy rights to California consumers. Agora is aligned with CCPA through the implementation of Information Security and Privacy programs.

Health Insurance Portability and Accountability Act (HIPAA)
Agora performs the role of a Business Associate under the definitions of HIPAA and maintains an ongoing HIPAA compliance program.

Children’s Online Privacy Protection Act (COPPA)
COPPA requires that online services for children 13 years old and younger give parents direct notice of their information practices before collecting information from their children.
Meet our Partners

DNV GL
DNV GL is an international accredited registrar who provided ISO/IEC 27001, 27017 and 27018 certification services for Agora.

Ernst & Young
Ernst & Young is a multinational professional service provider advising Agora on information security.

Deloitte
Deloitte is a multinational professional services company that performs Agora’s SOC 2 audits.

Trustwave
Trustwave is an information security company that performs Agora’s annual compliance and security assessment.