Skip to content

Compliance & Privacy

Security at Agora

Trust Agora for Compliance, Safety, and Security

Agora is a global company that works diligently to incorporate security into our products and services, meeting international standards.

As a Platform as a Service (PaaS), we only collect Internet Protocol (IP) addresses and operational information necessary for providing our services. All other end-user data is managed by our customers in their own applications.

If you think you may have found a security vulnerability within any of our services, please contact our security team directly at security@agora.io.


Security Features

Identity and Access Management

Secure your live interactive streaming with tokens that uniquely identifies authorized users to prevent unwanted guests from intruding into private engagement sessions.

Data Protection and Encryption

Agora Software Development Kits (SDKs) provides built-in AES128/256 support or customer provided third party encryption to protect all data transmitted between the end user and Agora services so you can choose how to secure your content.

Network Geo-Fencing

With Agora, you choose the global region(s) that your engagement experience operates within. Agora Geo-Fencing gives you the ability to designate live interactive streaming traffic within selected regions to help customers meet regional and local regulation needs.


White Papers

Agora adopts Secure by Design and Defense in Depth principles when designing our security programs. Learn more about our product security and privacy protection.


Compliance Certification

Compliance Certifications and Attestations

Agora takes security seriously. Our organization, operating systems, and environment have received international recognition with these certifications:

  • ISO/IEC 27001
    • Information Security Management System (ISMS)
  • ISO/IEC 27017
    • Information Security Controls for Cloud Services
  • ISO/IEC 27018
    • Protection of Personally Identifiable Information (PII)
  • SOC 2 Report
    • Trust Services Principles
  • PCI DSS
    • Payment Card Industry Data Security Standards
GDPR logo

General Data Protection Regulation (GDPR)

Agora is aligned with GDPR and is committed to providing GDPR-compliant products and services to our customers in the EU region or with our customers who conduct business within the EU.

HIPAA logo

Health Insurance Portability and Accountability Act (HIPAA)

Agora performs the role of a Business Associate under the definitions of HIPPA and maintains an ongoing HIPAA compliance program.

California Consumer Privacy Act (CCPA) logo

California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act is the first comprehensive privacy law in the United States that aims to provide a variety of privacy rights to California consumers. Agora is aligned with CCPA though the implementation of Information Security and Privacy programs.

FTC Logo

Children’s Online Privacy Protection Act (COPPA)

The Children’s Online Privacy Protection Act regulates the privacy protection requirements for children under the age of thirteen. Agora has engaged privacy experts in meeting the requirements of COPPA.



Meet our Partners

DNV GL logo

DNV GL

DNV GL is an international accredited registrar who provided ISO/IEC 27001, 27017 and 27018 certification services for Agora.

Ernst & Young logo

Ernst & Young

Ernst & Young is a multinational professional service provider advising Agora on information security.

Deloitte logo

Deloitte

Deloitte is a multinational professional services company that performs Agora’s SOC 2 audits.

Trustwave logo

Trustwave

Trustwave is an information security company that performs Agora’s annual compliance and security assessment.