Introduction
Agora Lab, Inc. (together with its parent companies, subsidiaries, and affiliates, “Agora,” “we,” or “us”) values the privacy of individuals who interact with our websites, products, and services (collectively, the “Services”).
This Privacy Policy (“Policy”) explains how we collect, use, disclose, and retain Personal Information in connection with the Services, as well as the rights and choices available to individuals. “Personal Information” means information relating to an identified or identifiable individual and excludes de-identified or anonymized data. This Policy should be read as a whole.
To enhance transparency while maintaining clarity, this Policy presents our data processing activities in a structured format:
- Table A (Agora as Data Controller) describes categories of Personal Information we collect directly, the purposes for which it is used, applicable legal bases where required, and associated retention periods.
- Table B (Agora as Data Processor) describes categories of Personal Information processed on behalf of enterprise customers (“Enterprise Customers”). In these circumstances, Agora acts as a processor and processes Personal Information in accordance with documented instructions from the Enterprise Customer, which determines the purposes and legal basis of processing.
- Table C (California Privacy Rights Disclosure) provides additional disclosures required under applicable California law, including categories of Personal Information, recipients, and business purposes.
Where Agora processes Personal Information on behalf of Enterprise Customers, individuals should refer to the applicable Enterprise Customer’s privacy policy for additional information regarding how their Personal Information is handled, including applicable legal bases and available rights.
Additional sections of this Policy address, among other topics, data sharing practices, international data transfers, security measures, and individual rights, and should be read together with the tables referenced above. Descriptions in this Policy, including the tables, are intended to describe our processing activities as of the effective date. Processing may vary depending on the specific Services used and applicable configurations. In the event of any inconsistency, applicable agreements or product-specific terms may further govern.
Please read this Policy carefully. If you do not agree with it, you should not use the Services or provide Personal Information to us.
Contents of this Policy
This Policy outlines the following topics:
- Personal Information We Collect and How We Use It
- Our Legal Basis for Processing European Personal Information
- How We Disclose or Share Your Personal Information
- Your Rights and Choices
- Third-Party Services
- Children’s Privacy
- Data Security
- Data Transfers
- Data Retention
- Changes and Updates to This Policy
- Contact Us
- We obtain Personal Information relating to you from various sources described below. Where applicable, we indicate whether and why you must provide us with your Personal Information, as well as the consequences of failing to do so.
- If you do not provide Personal Information when requested, you may not be able to benefit from our Service if that information is necessary to provide you with the Service, or if we are legally required to collect it.
- Notwithstanding the above, we may use your Personal Information to enforce our End User License Agreement and Terms of Service, to defend our legal rights, to conduct audits, to comply with our legal obligations and internal policies, to contact you for administrative purposes such as to address intellectual property infringement, privacy violations or defamation issues related to user content posted on the Service. Where we do so, we will use the Personal Information relevant to such a case. Some processing may also be necessary to comply with a legal obligation placed on us.
Table A: Agora as Data Controller
- Applies to website visitors, account holders, job applicants, event attendees, and anyone who contacts Agora directly. Legal bases are cited by GDPR article where applicable.
|
Account Registration
|
|
Name, email, phone number, password, company name, industry
|
Account creation; Service delivery; product updates; support
|
Contract
Art. 6(1)(b) GDPR
|
Duration of active account + 30 days after deletion
|
|
Communication and Support
|
|
Name, email, physical address, IP address, phone number, content of
correspondence
|
Respond to support requests, complaints, and inquiries; improve
product quality
|
Legitimate interest
Art. 6(1)(f) GDPR (responding to and resolving user requests)
|
3 years from last interaction, or as required by law
|
|
Cookies and Site Analytics
|
|
IP address, advertising identifiers, browser type, pages visited,
session data
|
Analyze site usage; remember preferences; personalize content and
advertising; improve service
|
Consent for non-essential cookies
Art. 6(1)(a) GDPR
Legitimate interest for essential/analytics
Art. 6(1)(f) GDPR
|
Per cookie type
See: Cookie Policy
|
|
Job Applications
|
|
Resume, work history, references, and information voluntarily
provided in application
|
Evaluate candidacy; communicate with applicants
|
Legitimate interest
Art. 6(1)(f) GDPR (recruitment)
|
2 years from application date (unless hired; then per employment
records policy)
|
|
Events and Surveys
|
|
Name, email, IP address, phone number, zip/postal code
|
Manage registration; send event updates; invite feedback;
marketing
|
Legitimate interest
Art. 6(1)(f) GDPR
|
3 years from event date
|
|
Voice, images, photographs, video captured at events (EEA/UK: explicit consent required before recording)
|
Promote event; share features and results with participants
|
Consent
Art. 6(1)(a) GDPR (EEA/UK);
Legitimate interest elsewhere
|
3 years from event date, or until consent withdrawn
|
|
Operational Metrics
|
|
Logs and metadata, system-level operation logs, timestamps, and
interaction records (does not contain Personal Information)
|
Troubleshooting, debugging, and quality assurance
|
Legitimate interest
Art. 6(1)(f) GDPR
Quality Assurance
|
3 years from event date
|
|
Compliance and Safety Information
|
|
Content moderation logs (including third-party interception
flags)
|
Content compliance; user safety
|
Legitimate Interest
Compliance and Safety
|
3 years from event date
|
|
Payment Information
|
|
Billing name, phone, address, payment method, company name
|
Process payment; create and manage paid account
|
Contract
Art. 6(1)(b) GDPR
|
7 years (tax and financial record-keeping obligations)
|
Table B: Agora as Data Processor
- Applies to end users of Enterprise Customers using Agora's products. Agora processes this data on behalf of and strictly in accordance with Enterprise Customer instructions. The legal basis for processing rests with the Enterprise Customer as Controller.
- No AI Training. Agora does not use Personal Information processed through the Conversational AI Engine or Agent Studio to train its own AI models. However, where Enterprise Customers integrate third-party AI providers (including LLM providers used for call evaluation, embedding services for knowledge base retrieval, and ASR/TTS providers), such providers may process Personal Information in accordance with their own terms and policies, which may include retention, logging, or use for model improvement or training. Agora does not control third-party provider processing beyond applicable contractual restrictions.
|
Conversational AI Engine
|
|
Speech-to-Text (STT) / User Transcripts — text representation of user
speech or input provided during a session, which may include image
data (such as encoded images or image references) where Enterprise
Customer has enabled image modality.
AI-Generated Content — text, responses, or other content generated by
the AI during a session.
|
Troubleshooting; quality assurance
|
Enterprise Customer
|
Up to 30 days by default, unless otherwise configured in the
applicable Enterprise Customer agreement; securely deleted upon
expiry.
|
|
Session Logs and Metadata
timestamps, interaction events, AI responses, and system-level
session data.
Audio Dumps
audio data captured during active sessions, where enabled by
Enterprise Customer
|
Troubleshooting; quality assurance
|
Enterprise Customer (necessary for security, integrity, and service
performance)
|
Up to 30 days by default, unless otherwise configured in the
applicable Enterprise Customer agreement; securely deleted upon
expiry.
|
|
Device type, OS version, CPU type, network type, end user ID
|
Service quality diagnostics, as configured or authorized by
Enterprise Customer
|
Enterprise Customer
|
Up to 365 days by default, unless otherwise instructed by Enterprise
Customer agreement.
|
|
Dynamic IP address
|
Network routing; troubleshooting
|
Enterprise Customer
|
Up to 30 days by default, unless otherwise instructed by Enterprise
Customer agreement.
|
|
ConvoAI Device Kit only
|
|
IoT Device ID
|
Device networking and provisioning as configured by Enterprise
Customer
|
Enterprise Customer
|
Until device is unbound by user
|
|
Phone number entered at registration
|
Single sign-on (SSO) as configured by Enterprise Customer
|
Enterprise Customer
|
Duration of account
|
|
Agent Studio and SIP Callcenter
|
|
Agent pipeline configuration — ASR/TTS/LLM/VAD/MCP settings and
prompt instructions entered by Enterprise Customer (may contain
Personal Information depending on content entered by Enterprise
Customer)
|
Provision and operate voice agent as configured by Enterprise
Customer
|
Enterprise Customer
|
Deleted when Enterprise Customer deletes configuration or terminates
account.
|
|
API keys and credentials stored in Key Management System (KMS)
|
Technical configuration of third-party AI services; agent operation,
as authorized by Enterprise Customer
|
Enterprise Customer (explicit authorization required)
|
Deleted when Enterprise Customer deletes or terminates account.
|
|
Phone numbers and SIP trunk configuration
Elastic SIP trunk info and inbound number configuration (e.g., Twilio
import data, phone numbers, IP whitelist)
|
Inbound/outbound call routing as configured by Enterprise
Customer
|
Enterprise Customer
|
Deleted when Enterprise Customer removes configuration or terminates
account.
|
|
Outbound campaign data
Phone number lists and Enterprise Customer-supplied contact data
uploaded via CSV by Enterprise Customer
(PII: yes, where campaign source contains contact details).
|
Campaign execution and call personalization as configured and
authorized by Enterprise Customer
|
Enterprise Customer
Enterprise Customers are responsible for ensuring lawful collection
of any personal data included.
Agora does not restrict or validate content of uploaded campaign
data.
|
Deleted when Enterprise Customer deletes campaign or terminates
account.
|
|
Speech-to-Text (STT) transcripts -
Text of inbound/outbound calls generated during interactions, which
may include image data. (such as encoded images or image references)
where Enterprise Customer has enabled image modality.
|
Quality assurance and call evaluation as directed by Enterprise
Customer; Agora does not access transcript content independently
|
Enterprise Customer
|
Stored only if Enterprise Customer enables transcript storage.
Retained based on Enterprise Customer configuration; deleted when
Enterprise Customer deletes or terminates account
|
|
Audio recordings
Audio of inbound/outbound calls captured via SIP Gateway
|
Quality assurance and Enterprise Customer playback, as enabled by
Enterprise Customer; Agora does not access audio content
independently
|
Enterprise Customer
|
Stored only if Enterprise Customer enables recording
Default: 30 days Configurable up to permanent retention (aligned with
contract duration), per Enterprise Customer agreement.
|
|
Call outcome data — call result, duration, and outcome of
inbound/outbound calls (received from SIP gateway via Agora SIP
Manager)
Agora does not access individual call content
|
Metering, analytics, and billing statistics
|
Enterprise Customer
|
Deleted when Enterprise Customer terminates account.
|
|
Evaluation data (Successful Evaluation) automated assessment of call
outcome derived from transcript content, using LLM analysis.
|
Provide call outcome evaluation results to Enterprise Customer as
directed;
Agora does not use evaluation data for its own analytics or model
improvement.
Analysis is automated and probabilistic.
|
Enterprise Customer
|
Enabled only if Enterprise Customer activates this feature.
Retained based on Enterprise Customer configuration; deleted when
Enterprise Customer deletes knowledge base or terminates
account.
|
|
Knowledge base documents uploaded by Enterprise Customer (may contain
Personal Information depending on content uploaded; Agora does not
control, review, or restrict content of uploaded materials)
|
Enable agent knowledge retrieval (RAG) as configured by Enterprise
Customer
|
Enterprise Customer
|
Deleted when Enterprise Customer deletes knowledge base or terminates
account.
|
|
MCP server connections — endpoint configurations set by Enterprise
Customer. Agora does not control MCP server content or behavior and is
not responsible for outputs generated by third-party MCP
servers.
|
Enable agent access to Enterprise Customer-selected third-party tools
or data sources, as configured by Enterprise Customer
|
Enterprise Customer
|
Retained based on Enterprise Customer configuration; deleted when
Enterprise Customer terminates account.
|
|
Real-Time Communication (RTC) SDK — Video Calling, Voice Calling,
Live Streaming
|
|
Real-time audio and video streams
|
Deliver real-time communication service
|
Enterprise Customer
|
Not stored, streamed in real time only
|
|
Dynamic IP address
|
Network routing; troubleshooting
|
Enterprise Customer
|
Up to 30 days by default, unless otherwise instructed by Enterprise
Customer agreement.
|
|
Device information — brand, OS version, CPU, memory usage, battery
level, screen resolution, sensor data
|
Service quality diagnostics; performance optimization.
|
Enterprise Customer
|
Up to 365 days by default, unless otherwise instructed by Enterprise
Customer agreement.
|
|
Wi-Fi information, Bluetooth information, signal strength
|
Network quality optimization
|
Enterprise Customer
|
Up to 30 days by default, unless otherwise instructed by Enterprise
Customer agreement.
|
|
User UID; channel name / room ID
|
Session identity; channel management, as configured by Enterprise
Customer
|
Enterprise Customer
|
Up to 30 days by default, unless otherwise instructed by Enterprise
Customer agreement.
|
|
Real-Time Speech-to-Text and Real-Time Translation
|
|
Audio streams captured from user input during active sessions
|
Deliver STT service; audio may be retained for troubleshooting (demo
app only)
|
Enterprise Customer
|
Not stored for production — streamed only. Demo app: per Enterprise
Customer agreement
|
|
Transcripts
(.vtt
format)
|
Deliver STT output to Enterprise Customer application as configured
by Enterprise Customer
|
Enterprise Customer
|
Per Enterprise Customer configuration
|
|
Logs and metadata — UID, channel ID, channel duration, join/leave
timestamps
|
Debugging; troubleshooting
|
Enterprise Customer
|
Up to 30 days by default, unless otherwise instructed by Enterprise
Customer agreement.
|
|
Agora Chat
|
|
IP address; device type/model and random identifier
|
Troubleshooting; technical diagnostics
|
Enterprise Customer
|
Up to 30 days by default, unless otherwise instructed by Enterprise
Customer agreement.
|
|
UID; App Key
|
Authenticate users; provide core chat functionality as configured by
Enterprise Customer
|
Enterprise Customer
|
Duration of account
|
|
User messages; user metadata (nickname, portrait, email, phone,
etc.); user tags
|
Deliver chat services as configured by Enterprise Customer
|
Enterprise Customer
|
Per Enterprise Customer configuration
|
|
Push tokens; push messages and attachments
|
Notification delivery as configured by Enterprise Customer
|
Enterprise Customer
|
Duration of account
|
|
Interactive Whiteboard
|
|
UID; Room UUID
|
Session continuity; identity management, as configured by Enterprise
Customer
|
Enterprise Customer
|
Duration of session plus up to 30 days by default, unless otherwise
instructed by Enterprise Customer agreement.
|
|
Dynamic IP address; device type, OS version, CPU info
|
Troubleshooting; performance analysis, as authorized by Enterprise
Customer
|
Enterprise Customer
|
Up to 30 days by default (IP address); up to 365 days by default
(device information), unless otherwise instructed by Enterprise
Customer agreement.
|
|
User draw content; user uploaded attachments
|
Enable collaborative whiteboard functionality; file sharing, as
configured by Enterprise Customer
|
Enterprise Customer
|
Per Enterprise Customer configuration
|
- Voice and Audio Sensitivity Notice: Voice and audio data processed through Conversational AI products may reveal sensitive personal characteristics, including health conditions, emotional states, accent, or ethnicity, even where not intentionally provided. Agora processes such data with heightened care, applying encryption in transit and at rest, strict access controls, and retention limited to the periods specified above. Where required by applicable law, processing is subject to the legal basis determined by Enterprise Customer.
Table C: California Privacy Rights Disclosure (CCPA/CPRA)
- Required for California residents under CPRA. Discloses categories of personal information, recipients, and business purposes. Agora does not sell personal information.
|
Identifiers
|
name, email, phone, IP address, account credentials, device IDs
|
Affiliates; service providers (hosting, analytics, email delivery);
advertising partners; law enforcement when required; acquirers in
M&A transactions
|
Account creation; service delivery; marketing; analytics; legal
compliance; fraud prevention
|
|
Commercial information
|
billing name, address, payment method, transaction history
|
Payment processing service providers; affiliates; law enforcement
when required
|
Payment processing; account management; financial record-keeping
|
|
Internet or electronic network activity
|
browsing behavior, cookies, pages visited, ad interactions
|
Analytics providers; advertising partners; affiliates
|
Site analytics; personalization; advertising; service improvement
|
|
Audio, visual (including image data processed through Conversational
AI transcripts), or similar information
|
voice recordings via ConvoAI/Agent
Studio; event photos and video
|
Enterprise Customers (for voice/audio); event organizers and
affiliates (for event media); service providers
|
Service delivery (voice AI); event promotion; quality assurance
|
|
Professional or employment information
|
resume, work history, references from job applications
|
Affiliates involved in hiring
|
Recruitment and hiring
|
|
Inferences drawn from personal information
|
preferences, characteristics inferred from usage patterns
|
Analytics providers; advertising partners
|
Service personalization; targeted advertising; product
improvement
|
|
Sensitive personal information
|
account login credentials
|
Service providers (identity/authentication only)
|
Account security and authentication only
|
- Agora does not sell personal information as defined by CPRA Cal. Civ. Code § 1798.100 et seq. Agora does not use sensitive personal information for purposes beyond those permitted under CPRA § 1798.121. California residents may exercise rights (access, deletion, correction, opt-out of sharing) by contacting privacy@agora.io.
2. Our Legal Basis for Processing European Personal Information
- If you are located in the European Economic Area or the United Kingdom, the legal bases for processing Personal Information where Agora acts as a Controller are specified in Table A above. In general, we process Personal Information on one or more of the following bases:
- You have consented to the use of your Personal Information;
- We need your Personal Information to provide you with the Service, including for account registration and to respond to your inquiries;
- We have a legal obligation to use your Personal Information; or
- We, or a third party, have a legitimate interest in using your Personal Information. In particular, we have a legitimate interest in using your Personal Information to conduct business analytics and direct marketing, and otherwise improve the safety, security, and performance of our Service. We only rely on our, or a third party's, legitimate interests to process your Personal Information when these interests are not overridden by your rights and interests.
- Where Agora acts as a Data Processor on behalf of Enterprise Customers, the legal basis for processing is determined by the Enterprise Customer as Controller.
3. How We Disclose or Share Your Personal Information
Agora Affiliates and Subsidiaries
We will typically disclose Personal Information about you within our Agora affiliates and subsidiaries in a secure manner for the purpose of providing our Service or communicating with you.
Agora Users
Any Personal Information that you choose to include on or through the Service, including information in a publicly accessible area of the Service (such as a public profile page) or information you share with or allow to be shared with other users, will be available to anyone who has access to that content, including other users. We are not responsible for privacy practices of the other users who will view and use the posted information.
Agora’s Partners, Vendors and Service Providers
We work with third party service providers to provide website or application development, hosting, maintenance, and other services for us. These third parties may have access to or process your Personal Information as part of providing those services for us. We limit the information provided to these service providers to that which is necessary for them to perform their functions, and we require them to agree to maintain the confidentiality of such information. Such third parties may typically include storage vendors, internet carriers, payment processing partners, survey firms and virtual or in-person event organizers. For our Conversational AI Engine and Agent Studio products specifically, such providers may include large language model providers, speech recognition and synthesis providers, cloud storage platforms, and telephony infrastructure providers. Data shared with these providers is limited to what is necessary to deliver the requested service. A list of current providers is available upon request at privacy@agora.io.
Advertising Partners
We may share your Personal Information with our third-party advertising partners to provide ads that we think may interest you. For more information about our advertising and marketing practices and those of the third-party advertising partners, please see our Cookie Policy.
Other Third Parties
We may also share Personal Information about you with other third parties in the following circumstances:
- In Aggregated Form. We may make certain automatically-collected, aggregated, or otherwise de-identified information available to third parties for various purposes, including (i) compliance with various reporting obligations; (ii) for business or marketing purposes; or (iii) to assist such parties in understanding our users' interests, habits, and usage patterns for certain programs, content, services, advertisements, promotions, and/or functionality available through the Service.
- To Comply with Legal Obligations. We may disclose your information if required to do so by law or in the good-faith belief that such action is necessary to comply with state and federal laws, in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.
- To Protect and Enforce Our Rights. We also reserve the right to disclose your information that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of the Service, or (v) protect our property or other legal rights, or the rights, property, or safety of others.
- In case of Merger, Sale, or Other Asset Transfer. Information about our users, including Personal Information, may be disclosed and otherwise transferred to an acquirer, or successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction.
- With Your Consent. We also may disclose your Personal Information as may be described in a notice to you at the time the information is collected, or in any other manner to which you consent.
4. Your Rights and Choices
Account Information
You are entitled to decline to share certain Personal Information with us, in which case we may not be able to provide you with some of the features and functionalities of the Service. You may update, correct, or delete your profile information and preferences at any time by accessing your account settings page on the Service. If you wish to access or amend any other Personal Information we hold about you, you may contact us at privacy@agora.io.
Opt-Out Rights; Do Not Track; Do Not Sell
- Opt-Out from Commercial Communication. If you receive any commercial emails from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt-out by emailing privacy@agora.io or writing to us at the address at the end of this Policy. Please be aware that it may take up to fifteen (15) business days to process your request.
- Opt-Out from Conversational AI Data Processing. If you wish to opt out of the storage of transcripts (including user speech-to-text and AI-generated content) or audio recordings generated through our Conversational AI products, you may opt out of the storage of transcripts and audio recordings on a per-session basis by configuring the applicable parameter through the Conversational AI REST API. For details, refer to the https://docs.agora.io/en/conversational-ai/rest-api/agent/join#properties-parameters-opt-out. Opting out will: (i) not affect your ability to use the core service, though it may limit our ability to investigate technical issues you report, and (ii) not apply retroactively to prior sessions.
- Do Not Track. Some web browsers incorporate a “Do Not Track” feature. Because there is not yet an accepted standard for how to respond to Do Not Track signals, our website does not currently respond to such signals.
- Do Not Sell Personal Information. We will not sell your Personal Information to any third party without your prior written consent.
Privacy Settings
Although we may allow you to adjust your privacy settings to limit access to certain Personal Information, please be aware that no security measures are perfect or impenetrable. To the fullest extent permitted under applicable law, we are not responsible for circumvention of any privacy settings or security measures on the Service.
Additional Privacy Rights
Depending on your jurisdiction and applicable data protection legislation, you may have additional rights. If you are located in EEA or UK, you have these additional rights in relation to the Personal Information that we hold:
- Withdrawal of Consent. Where we rely on consent for the processing of your Personal Information, you have the right to withdraw your consent at any time.
- Access. You have the right to access the Personal Information we hold about you, and to receive an explanation of how we use it and with whom we share it.
- Correction. You have the right to correct any Personal Information we hold about you that is inaccurate or incomplete.
- Erasure. You have the right to request your Personal Information to be erased or deleted.
- Object to Processing. You have the right to object to our processing of your Personal Information where we are relying on a legitimate interest.
- Restrict Processing. You have a right in certain circumstances to stop us processing your Personal Information other than for storage purposes.
- Portability. You have the right to receive, in a structured, commonly used and machine-readable format, Personal Information that you have provided to us where we process it on the basis of our contract with you or with your consent.
- Complaint. You have the right to lodge a complaint with a data protection supervisory authority in your country of residence, place of work, or where an incident takes place.
Exercising Your Rights
Please note that, prior to any response to the exercise of such rights, we may require you to verify your identity. In addition, we may have valid legal reasons to refuse your request and will inform you if that is the case. For more information on, or to exercise your rights, please email privacy@agora.io.
5. Third-Party Services
This Policy applies only to the processing of your Personal Information by Agora. The Service may contain features or links to websites and services provided by third parties. The policies and procedures described in this Privacy Policy do not apply to Third Party websites. Any information you provide on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, governing privacy and security, even if accessed through the Service. We are not responsible for the content or privacy and security practices and policies of third-party sites or services to which links or access are provided through the Service. We encourage you to learn about third parties’ privacy and security policies before providing them with information.
6. Children's Privacy
Our Service is not directed to children under the age of 16, and we do not knowingly collect Personal Information from children under the age of 16 without obtaining parental consent. If you are under 16 years of age, then please do not use or access the Service at any time or in any manner. If we learn that Personal Information has been collected on the Service from persons under 16 years of age and without verifiable parental consent, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 16 years of age has obtained an account on the Service, then you may alert us at privacy@agora.io and request that we delete that child’s Personal Information from our systems.
7. Data Security
- We use certain physical, managerial, and technical safeguards that are designed to appropriately protect Personal Information against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Information in our possession. WE CANNOT, HOWEVER, ENSURE OR WARRANT THE SECURITY OF ANY INFORMATION YOU TRANSMIT TO US OR STORE ON THE SERVICE, AND YOU DO SO AT YOUR OWN RISK. WE ALSO CANNOT GUARANTEE THAT SUCH INFORMATION MAY NOT BE ACCESSED, DISCLOSED, ALTERED, OR DESTROYED BY BREACH OF ANY OF OUR PHYSICAL, TECHNICAL, OR MANAGERIAL SAFEGUARDS.
- The foregoing is subject to requirements under applicable law to ensure or warrant information security. If, under applicable law, we learn of a security breach, then we may attempt to notify you electronically so that you can take appropriate protective steps. We may post a notice through the Service if a security breach occurs. Depending on where you live, you may have a legal right to receive notice of a security breach in writing. To receive a free written notice of a security breach, you should notify us at privacy@agora.io.
8. Data Transfers
- Agora provides its Service globally. If you choose to use the Service, then please note that you may be transferring your Personal Information outside of your jurisdiction to the U.S. and other regions where our data centers are located for storage and processing, which may not have the same level of data protection as that of your jurisdiction. Also, we may further transfer your data from the U.S. to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating the Service.
- If you’re from EEA or UK, when we transfer your Personal Information out of the EEA or UK, we will comply with applicable EEA/UK data protection laws and take appropriate measures to safeguard the security of your Personal Information. For example, we may transfer your Personal Information to countries which have been found to provide adequate protection by the EU Commission (e.g., Switzerland and Canada) to process and store your Personal Information, or we may use contractual protections for the transfer of your Personal Information to regions which haven’t been found to provide adequate protection by the EU Commission. You may contact us as specified below to obtain a copy of the safeguards we use to transfer your Personal Information outside of EEA or the UK.
- The EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF were respectively developed by the U.S. Department of Commerce and the European Commission, UK Government, and Swiss Federal Administration to provide U.S. organizations with reliable mechanisms for personal data transfers to the United States from the European Union, United Kingdom, and Switzerland while ensuring data protection that is consistent with EU, UK, and Swiss law. Agora is now part of the DPF program and you may find more info here: https://www.agora.io/en/data-privacy-framework-notice/
9. Data Retention
- Specific retention periods for each category of Personal Information are set out in Table A and Table B above.
- Retention hierarchy. For Table B data, Enterprise Customer instructions, as documented in applicable agreements, take precedence over system defaults. Where retention periods are listed as defaults, they apply only in the absence of contrary Enterprise Customer configuration or contractual instruction.
- The following general principles govern retention across all processing activities.
- We take measures to delete your Personal Information or keep it in a form that does not permit identification when this information is no longer required for the purposes for which we processed it, unless we are required by law to keep this information for a longer period.
- When determining the retention period, we consider various criteria which include:
- The type of products and services used by or provided to you
- The nature and length of our relationship with you
- Re-enrollment with our products or services
- The impact on the services we provide to you if we delete some information from or about you
- Mandatory retention periods provided by law and the statute of limitations
- Account Deletion. Additionally, if you no longer desire to use our Service, you can choose to delete your account and associated information. We provide you with this option when accessing your account dashboard, where, after authenticating yourself and satisfying certain conditions, you’ll be able to request the deletion of your Agora account and associated information, unless we are legally required to keep it.
10. Changes and Updates to This Policy
- Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. If we modify the Policy, we will make it available through the Service, and indicate the date of the latest revision. If the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of the change. For example, we may send a message to your email address, if we have one on file, or generate a pop-up or similar notification when you access the Service for the first time after such material changes are made. If you have an Agora account, we may also notify you of any changes / updates to this Policy in your account dashboard.
- Your continued use of the Service after the revised Policy has become effective indicates that you have read, understood and agreed to the current version of the Policy.
Agora Lab, Inc. is the entity responsible for the processing of your Personal Information as described in this Policy. If you have any questions or comments about this Policy, your Personal Information, our use and disclosure practices, your consent choices, or if you would like to exercise your rights, please contact us by email at privacy@agora.io or write to us at:
Agora Lab, Inc.
2804 Mission College Blvd, Suite 110
Santa Clara, CA 95054
United States