Introduction

Agora Lab, Inc. (together with its parent companies, subsidiaries, and affiliates, “Agora,” “we,” or “us”) values the privacy of individuals who interact with our websites, products, and services (collectively, the “Services”).

This Privacy Policy (“Policy”) explains how we collect, use, disclose, and retain Personal Information in connection with the Services, as well as the rights and choices available to individuals. “Personal Information” means information relating to an identified or identifiable individual and excludes de-identified or anonymized data. This Policy should be read as a whole.

To enhance transparency while maintaining clarity, this Policy presents our data processing activities in a structured format:

  • Table A (Agora as Data Controller) describes categories of Personal Information we collect directly, the purposes for which it is used, applicable legal bases where required, and associated retention periods.
  • Table B (Agora as Data Processor) describes categories of Personal Information processed on behalf of enterprise customers (“Enterprise Customers”). In these circumstances, Agora acts as a processor and processes Personal Information in accordance with documented instructions from the Enterprise Customer, which determines the purposes and legal basis of processing.
  • Table C (California Privacy Rights Disclosure) provides additional disclosures required under applicable California law, including categories of Personal Information, recipients, and business purposes.

Where Agora processes Personal Information on behalf of Enterprise Customers, individuals should refer to the applicable Enterprise Customer’s privacy policy for additional information regarding how their Personal Information is handled, including applicable legal bases and available rights.

Additional sections of this Policy address, among other topics, data sharing practices, international data transfers, security measures, and individual rights, and should be read together with the tables referenced above. Descriptions in this Policy, including the tables, are intended to describe our processing activities as of the effective date. Processing may vary depending on the specific Services used and applicable configurations. In the event of any inconsistency, applicable agreements or product-specific terms may further govern.

Please read this Policy carefully. If you do not agree with it, you should not use the Services or provide Personal Information to us.

Contents of this Policy


This Policy outlines the following topics:

  1. Personal Information We Collect and How We Use It
  2. Our Legal Basis for Processing European Personal Information
  3. How We Disclose or Share Your Personal Information
  4. Your Rights and Choices
  5. Third-Party Services
  6. Children’s Privacy
  7. Data Security
  8. Data Transfers
  9. Data Retention
  10. Changes and Updates to This Policy
  11. Contact Us

1. Personal Information We Collect and How We Use It

  1. We obtain Personal Information relating to you from various sources described below. Where applicable, we indicate whether and why you must provide us with your Personal Information, as well as the consequences of failing to do so.  
  1. If you do not provide Personal Information when requested, you may not be able to benefit from our Service if that information is necessary to provide you with the Service, or if we are legally required to collect it.
  1. Notwithstanding the above, we may use your Personal Information to enforce our End User License Agreement and Terms of Service, to defend our legal rights, to conduct audits, to comply with our legal obligations and internal policies, to contact you for administrative purposes such as to address intellectual property infringement, privacy violations or defamation issues related to user content posted on the Service. Where we do so, we will use the Personal Information relevant to such a case. Some processing may also be necessary to comply with a legal obligation placed on us.

Table A: Agora as Data Controller

  1. Applies to website visitors, account holders, job applicants, event attendees, and anyone who contacts Agora directly. Legal bases are cited by GDPR article where applicable.

Data Collected

Purpose

Legal Basis

Retention

Account Registration

Name, email, phone number, password, company name, industry

Account creation; Service delivery; product updates; support

Contract

Art. 6(1)(b) GDPR

Duration of active account + 30 days after deletion

Communication and Support

Name, email, physical address, IP address, phone number, content of correspondence

Respond to support requests, complaints, and inquiries; improve product quality

Legitimate interest 

Art. 6(1)(f) GDPR (responding to and resolving user requests)

3 years from last interaction, or as required by law

Cookies and Site Analytics

IP address, advertising identifiers, browser type, pages visited, session data

Analyze site usage; remember preferences; personalize content and advertising; improve service

Consent for non-essential cookies

Art. 6(1)(a) GDPR

Legitimate interest for essential/analytics

Art. 6(1)(f) GDPR

Per cookie type

See: Cookie Policy

Job Applications

Resume, work history, references, and information voluntarily provided in application

Evaluate candidacy; communicate with applicants

Legitimate interest

Art. 6(1)(f) GDPR (recruitment)

2 years from application date (unless hired; then per employment records policy)

Events and Surveys

Name, email, IP address, phone number, zip/postal code

Manage registration; send event updates; invite feedback; marketing

Legitimate interest

Art. 6(1)(f) GDPR

3 years from event date

Voice, images, photographs, video captured at events
(EEA/UK: explicit consent required before recording)

Promote event; share features and results with participants

Consent

Art. 6(1)(a) GDPR (EEA/UK);

Legitimate interest elsewhere

3 years from event date, or until consent withdrawn

Operational Metrics

Logs and metadata, system-level operation logs, timestamps, and interaction records (does not contain Personal Information)

Troubleshooting, debugging, and quality assurance

Legitimate interest

Art. 6(1)(f) GDPR

Quality Assurance

3 years from event date

Compliance and Safety Information

Content moderation logs (including third-party interception flags)

Content compliance; user safety

Legitimate Interest

Compliance and Safety

3 years from event date

Payment Information

Billing name, phone, address, payment method, company name

Process payment; create and manage paid account

Contract

Art. 6(1)(b) GDPR

7 years (tax and financial record-keeping obligations)


Table B: Agora as Data Processor

  1. Applies to end users of Enterprise Customers using Agora's products. Agora processes this data on behalf of and strictly in accordance with Enterprise Customer instructions. The legal basis for processing rests with the Enterprise Customer as Controller.
  1. No AI Training. Agora does not use Personal Information processed through the Conversational AI Engine or Agent Studio to train its own AI models. However, where Enterprise Customers integrate third-party AI providers (including LLM providers used for call evaluation, embedding services for knowledge base retrieval, and ASR/TTS providers), such providers may process Personal Information in accordance with their own terms and policies, which may include retention, logging, or use for model improvement or training. Agora does not control third-party provider processing beyond applicable contractual restrictions.

Data Processed

Purpose

Instructions From

Retention

Conversational AI Engine

Speech-to-Text (STT) / User Transcripts — text representation of user speech or input provided during a session, which may include image data (such as encoded images or image references) where Enterprise Customer has enabled image modality.

AI-Generated Content — text, responses, or other content generated by the AI during a session.

Troubleshooting; quality assurance

Enterprise Customer

Up to 30 days by default, unless otherwise configured in the applicable Enterprise Customer agreement; securely deleted upon expiry.

Session Logs and Metadata

timestamps, interaction events, AI responses, and system-level session data.

Audio Dumps

audio data captured during active sessions, where enabled by Enterprise Customer

Troubleshooting; quality assurance

Enterprise Customer (necessary for security, integrity, and service performance)

Up to 30 days by default, unless otherwise configured in the applicable Enterprise Customer agreement; securely deleted upon expiry.

Device type, OS version, CPU type, network type, end user ID

Service quality diagnostics, as configured or authorized by Enterprise Customer

Enterprise Customer

Up to 365 days by default, unless otherwise instructed by Enterprise Customer agreement.

Dynamic IP address

Network routing; troubleshooting

Enterprise Customer

Up to 30 days by default, unless otherwise instructed by Enterprise Customer agreement.

ConvoAI Device Kit only

IoT Device ID

Device networking and provisioning as configured by Enterprise Customer

Enterprise Customer

Until device is unbound by user

Phone number entered at registration

Single sign-on (SSO) as configured by Enterprise Customer

Enterprise Customer

Duration of account

Agent Studio and SIP Callcenter

Agent pipeline configuration — ASR/TTS/LLM/VAD/MCP settings and prompt instructions entered by Enterprise Customer (may contain Personal Information depending on content entered by Enterprise Customer)

Provision and operate voice agent as configured by Enterprise Customer

Enterprise Customer

Deleted when Enterprise Customer deletes configuration or terminates account.

 

API keys and credentials stored in Key Management System (KMS)

Technical configuration of third-party AI services; agent operation, as authorized by Enterprise Customer

Enterprise Customer (explicit authorization required)

Deleted when Enterprise Customer deletes or terminates account.

 

Phone numbers and SIP trunk configuration

Elastic SIP trunk info and inbound number configuration (e.g., Twilio import data, phone numbers, IP whitelist)

Inbound/outbound call routing as configured by Enterprise Customer

Enterprise Customer

Deleted when Enterprise Customer removes configuration or terminates account.

Outbound campaign data

Phone number lists and Enterprise Customer-supplied contact data uploaded via CSV by Enterprise Customer

(PII: yes, where campaign source contains contact details).

Campaign execution and call personalization as configured and authorized by Enterprise Customer

Enterprise Customer

Enterprise Customers are responsible for ensuring lawful collection of any personal data included.

Agora does not restrict or validate content of uploaded campaign data.

Deleted when Enterprise Customer deletes campaign or terminates account.

 

Speech-to-Text (STT) transcripts -

Text of inbound/outbound calls generated during interactions, which may include image data. (such as encoded images or image references) where Enterprise Customer has enabled image modality.

Quality assurance and call evaluation as directed by Enterprise Customer; Agora does not access transcript content independently

Enterprise Customer

Stored only if Enterprise Customer enables transcript storage.

Retained based on Enterprise Customer configuration; deleted when Enterprise Customer deletes or terminates account

 

Audio recordings

Audio of inbound/outbound calls captured via SIP Gateway

Quality assurance and Enterprise Customer playback, as enabled by Enterprise Customer; Agora does not access audio content independently

Enterprise Customer

Stored only if Enterprise Customer enables recording

 

Default: 30 days Configurable up to permanent retention (aligned with contract duration), per Enterprise Customer agreement.

Call outcome data — call result, duration, and outcome of inbound/outbound calls (received from SIP gateway via Agora SIP Manager)

Agora does not access individual call content

Metering, analytics, and billing statistics

Enterprise Customer

Deleted when Enterprise Customer terminates account.

 

Evaluation data (Successful Evaluation) automated assessment of call outcome derived from transcript content, using LLM analysis.

 

Provide call outcome evaluation results to Enterprise Customer as directed;

Agora does not use evaluation data for its own analytics or model improvement.

Analysis is automated and probabilistic.

Enterprise Customer

Enabled only if Enterprise Customer activates this feature.

Retained based on Enterprise Customer configuration; deleted when Enterprise Customer deletes knowledge base or terminates account.

Knowledge base documents uploaded by Enterprise Customer (may contain Personal Information depending on content uploaded; Agora does not control, review, or restrict content of uploaded materials)

Enable agent knowledge retrieval (RAG) as configured by Enterprise Customer

Enterprise Customer

Deleted when Enterprise Customer deletes knowledge base or terminates account.

MCP server connections — endpoint configurations set by Enterprise Customer. Agora does not control MCP server content or behavior and is not responsible for outputs generated by third-party MCP servers.

Enable agent access to Enterprise Customer-selected third-party tools or data sources, as configured by Enterprise Customer

Enterprise Customer

Retained based on Enterprise Customer configuration; deleted when Enterprise Customer terminates account.

 

Real-Time Communication (RTC) SDK — Video Calling, Voice Calling, Live Streaming

Real-time audio and video streams

Deliver real-time communication service

Enterprise Customer

Not stored, streamed in real time only

Dynamic IP address

Network routing; troubleshooting

Enterprise Customer

Up to 30 days by default, unless otherwise instructed by Enterprise Customer agreement.

Device information — brand, OS version, CPU, memory usage, battery level, screen resolution, sensor data

Service quality diagnostics; performance optimization.

Enterprise Customer

Up to 365 days by default, unless otherwise instructed by Enterprise Customer agreement.

Wi-Fi information, Bluetooth information, signal strength

Network quality optimization

Enterprise Customer

Up to 30 days by default, unless otherwise instructed by Enterprise Customer agreement.

User UID; channel name / room ID

Session identity; channel management, as configured by Enterprise Customer

Enterprise Customer

Up to 30 days by default, unless otherwise instructed by Enterprise Customer agreement.

Real-Time Speech-to-Text and Real-Time Translation

Audio streams captured from user input during active sessions

Deliver STT service; audio may be retained for troubleshooting (demo app only)

Enterprise Customer

Not stored for production — streamed only. Demo app: per Enterprise Customer agreement

Transcripts (.vtt format)

Deliver STT output to Enterprise Customer application as configured by Enterprise Customer

Enterprise Customer

Per Enterprise Customer configuration

Logs and metadata — UID, channel ID, channel duration, join/leave timestamps

Debugging; troubleshooting

Enterprise Customer

Up to 30 days by default, unless otherwise instructed by Enterprise Customer agreement.

Agora Chat

IP address; device type/model and random identifier

Troubleshooting; technical diagnostics

Enterprise Customer

Up to 30 days by default, unless otherwise instructed by Enterprise Customer agreement.

UID; App Key

Authenticate users; provide core chat functionality as configured by Enterprise Customer

Enterprise Customer

Duration of account

User messages; user metadata (nickname, portrait, email, phone, etc.); user tags

Deliver chat services as configured by Enterprise Customer

Enterprise Customer

Per Enterprise Customer configuration

Push tokens; push messages and attachments

Notification delivery as configured by Enterprise Customer

Enterprise Customer

Duration of account

Interactive Whiteboard

UID; Room UUID

Session continuity; identity management, as configured by Enterprise Customer

Enterprise Customer

Duration of session plus up to 30 days by default, unless otherwise instructed by Enterprise Customer agreement.

Dynamic IP address; device type, OS version, CPU info

Troubleshooting; performance analysis, as authorized by Enterprise Customer

Enterprise Customer

Up to 30 days by default (IP address); up to 365 days by default (device information), unless otherwise instructed by Enterprise Customer agreement.

User draw content; user uploaded attachments

Enable collaborative whiteboard functionality; file sharing, as configured by Enterprise Customer

Enterprise Customer

Per Enterprise Customer configuration


  1. Voice and Audio Sensitivity Notice: Voice and audio data processed through Conversational AI products may reveal sensitive personal characteristics, including health conditions, emotional states, accent, or ethnicity, even where not intentionally provided. Agora processes such data with heightened care, applying encryption in transit and at rest, strict access controls, and retention limited to the periods specified above. Where required by applicable law, processing is subject to the legal basis determined by Enterprise Customer.

Table C: California Privacy Rights Disclosure (CCPA/CPRA)

  1. Required for California residents under CPRA. Discloses categories of personal information, recipients, and business purposes. Agora does not sell personal information.

Category of Personal Information

Examples

Disclosed To

Business / Commercial Purpose

Identifiers

name, email, phone, IP address, account credentials, device IDs

Affiliates; service providers (hosting, analytics, email delivery); advertising partners; law enforcement when required; acquirers in M&A transactions

Account creation; service delivery; marketing; analytics; legal compliance; fraud prevention

Commercial information

billing name, address, payment method, transaction history

Payment processing service providers; affiliates; law enforcement when required

Payment processing; account management; financial record-keeping

Internet or electronic network activity

browsing behavior, cookies, pages visited, ad interactions

Analytics providers; advertising partners; affiliates

Site analytics; personalization; advertising; service improvement

Audio, visual (including image data processed through Conversational AI transcripts), or similar information

voice recordings via ConvoAI/Agent Studio; event photos and video

Enterprise Customers (for voice/audio); event organizers and affiliates (for event media); service providers

Service delivery (voice AI); event promotion; quality assurance

Professional or employment information

resume, work history, references from job applications

Affiliates involved in hiring

Recruitment and hiring

Inferences drawn from personal information

preferences, characteristics inferred from usage patterns

Analytics providers; advertising partners

Service personalization; targeted advertising; product improvement

Sensitive personal information

account login credentials

Service providers (identity/authentication only)

Account security and authentication only


  1. Agora does not sell personal information as defined by CPRA Cal. Civ. Code § 1798.100 et seq. Agora does not use sensitive personal information for purposes beyond those permitted under CPRA § 1798.121. California residents may exercise rights (access, deletion, correction, opt-out of sharing) by contacting privacy@agora.io.
  1. If you are located in the European Economic Area or the United Kingdom, the legal bases for processing Personal Information where Agora acts as a Controller are specified in Table A above. In general, we process Personal Information on one or more of the following bases:
    1. You have consented to the use of your Personal Information;
    1. We need your Personal Information to provide you with the Service, including for account registration and to respond to your inquiries;
    1. We have a legal obligation to use your Personal Information; or
    1. We, or a third party, have a legitimate interest in using your Personal Information. In particular, we have a legitimate interest in using your Personal Information to conduct business analytics and direct marketing, and otherwise improve the safety, security, and performance of our Service. We only rely on our, or a third party's, legitimate interests to process your Personal Information when these interests are not overridden by your rights and interests.
  2. Where Agora acts as a Data Processor on behalf of Enterprise Customers, the legal basis for processing is determined by the Enterprise Customer as Controller.

3. How We Disclose or Share Your Personal Information

Agora Affiliates and Subsidiaries

We will typically disclose Personal Information about you within our Agora affiliates and subsidiaries in a secure manner for the purpose of providing our Service or communicating with you.

Agora Users

Any Personal Information that you choose to include on or through the Service, including information in a publicly accessible area of the Service (such as a public profile page) or information you share with or allow to be shared with other users, will be available to anyone who has access to that content, including other users. We are not responsible for privacy practices of the other users who will view and use the posted information.

Agora’s Partners, Vendors and Service Providers

We work with third party service providers to provide website or application development, hosting, maintenance, and other services for us. These third parties may have access to or process your Personal Information as part of providing those services for us. We limit the information provided to these service providers to that which is necessary for them to perform their functions, and we require them to agree to maintain the confidentiality of such information. Such third parties may typically include storage vendors, internet carriers, payment processing partners, survey firms and virtual or in-person event organizers. For our Conversational AI Engine and Agent Studio products specifically, such providers may include large language model providers, speech recognition and synthesis providers, cloud storage platforms, and telephony infrastructure providers. Data shared with these providers is limited to what is necessary to deliver the requested service. A list of current providers is available upon request at privacy@agora.io.

Advertising Partners

We may share your Personal Information with our third-party advertising partners to provide ads that we think may interest you. For more information about our advertising and marketing practices and those of the third-party advertising partners, please see our Cookie Policy.

Other Third Parties

We may also share Personal Information about you with other third parties in the following circumstances:

  • In Aggregated Form. We may make certain automatically-collected, aggregated, or otherwise de-identified information available to third parties for various purposes, including (i) compliance with various reporting obligations; (ii) for business or marketing purposes; or (iii) to assist such parties in understanding our users' interests, habits, and usage patterns for certain programs, content, services, advertisements, promotions, and/or functionality available through the Service.
  • To Comply with Legal Obligations. We may disclose your information if required to do so by law or in the good-faith belief that such action is necessary to comply with state and federal laws, in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.
  • To Protect and Enforce Our Rights. We also reserve the right to disclose your information that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of the Service, or (v) protect our property or other legal rights, or the rights, property, or safety of others.
  • In case of Merger, Sale, or Other Asset Transfer. Information about our users, including Personal Information, may be disclosed and otherwise transferred to an acquirer, or successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction.
  • With Your Consent. We also may disclose your Personal Information as may be described in a notice to you at the time the information is collected, or in any other manner to which you consent.

4. Your Rights and Choices

Account Information

You are entitled to decline to share certain Personal Information with us, in which case we may not be able to provide you with some of the features and functionalities of the Service. You may update, correct, or delete your profile information and preferences at any time by accessing your account settings page on the Service. If you wish to access or amend any other Personal Information we hold about you, you may contact us at privacy@agora.io.

Opt-Out Rights; Do Not Track; Do Not Sell

  1. Opt-Out from Commercial Communication. If you receive any commercial emails from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt-out by emailing privacy@agora.io or writing to us at the address at the end of this Policy. Please be aware that it may take up to fifteen (15) business days to process your request.
  1. Opt-Out from Conversational AI Data Processing. If you wish to opt out of the storage of transcripts (including user speech-to-text and AI-generated content) or audio recordings generated through our Conversational AI products, you may opt out of the storage of transcripts and audio recordings on a per-session basis by configuring the applicable parameter through the Conversational AI REST API. For details, refer to the https://docs.agora.io/en/conversational-ai/rest-api/agent/join#properties-parameters-opt-out.  Opting out will: (i) not affect your ability to use the core service, though it may limit our ability to investigate technical issues you report, and (ii) not apply retroactively to prior sessions.
  1. Do Not Track. Some web browsers incorporate a “Do Not Track” feature. Because there is not yet an accepted standard for how to respond to Do Not Track signals, our website does not currently respond to such signals.
  1. Do Not Sell Personal Information. We will not sell your Personal Information to any third party without your prior written consent.

Privacy Settings

Although we may allow you to adjust your privacy settings to limit access to certain Personal Information, please be aware that no security measures are perfect or impenetrable. To the fullest extent permitted under applicable law, we are not responsible for circumvention of any privacy settings or security measures on the Service.

Additional Privacy Rights

Depending on your jurisdiction and applicable data protection legislation, you may have additional rights. If you are located in EEA or UK, you have these additional rights in relation to the Personal Information that we hold:

  1. Withdrawal of Consent. Where we rely on consent for the processing of your Personal Information, you have the right to withdraw your consent at any time.
  1. Access. You have the right to access the Personal Information we hold about you, and to receive an explanation of how we use it and with whom we share it.
  1. Correction. You have the right to correct any Personal Information we hold about you that is inaccurate or incomplete.
  1. Erasure. You have the right to request your Personal Information to be erased or deleted.
  1. Object to Processing. You have the right to object to our processing of your Personal Information where we are relying on a legitimate interest.
  1. Restrict Processing. You have a right in certain circumstances to stop us processing your Personal Information other than for storage purposes.
  1. Portability. You have the right to receive, in a structured, commonly used and machine-readable format, Personal Information that you have provided to us where we process it on the basis of our contract with you or with your consent.
  1. Complaint. You have the right to lodge a complaint with a data protection supervisory authority in your country of residence, place of work, or where an incident takes place.

Exercising Your Rights

Please note that, prior to any response to the exercise of such rights, we may require you to verify your identity. In addition, we may have valid legal reasons to refuse your request and will inform you if that is the case. For more information on, or to exercise your rights, please email privacy@agora.io.

5. Third-Party Services

This Policy applies only to the processing of your Personal Information by Agora. The Service may contain features or links to websites and services provided by third parties. The policies and procedures described in this Privacy Policy do not apply to Third Party websites. Any information you provide on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, governing privacy and security, even if accessed through the Service. We are not responsible for the content or privacy and security practices and policies of third-party sites or services to which links or access are provided through the Service. We encourage you to learn about third parties’ privacy and security policies before providing them with information.

6. Children's Privacy

Our Service is not directed to children under the age of 16, and we do not knowingly collect Personal Information from children under the age of 16 without obtaining parental consent. If you are under 16 years of age, then please do not use or access the Service at any time or in any manner. If we learn that Personal Information has been collected on the Service from persons under 16 years of age and without verifiable parental consent, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 16 years of age has obtained an account on the Service, then you may alert us at privacy@agora.io and request that we delete that child’s Personal Information from our systems.

7. Data Security

  1. We use certain physical, managerial, and technical safeguards that are designed to appropriately protect Personal Information against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Information in our possession. WE CANNOT, HOWEVER, ENSURE OR WARRANT THE SECURITY OF ANY INFORMATION YOU TRANSMIT TO US OR STORE ON THE SERVICE, AND YOU DO SO AT YOUR OWN RISK. WE ALSO CANNOT GUARANTEE THAT SUCH INFORMATION MAY NOT BE ACCESSED, DISCLOSED, ALTERED, OR DESTROYED BY BREACH OF ANY OF OUR PHYSICAL, TECHNICAL, OR MANAGERIAL SAFEGUARDS.  
  1. The foregoing is subject to requirements under applicable law to ensure or warrant information security. If, under applicable law, we learn of a security breach, then we may attempt to notify you electronically so that you can take appropriate protective steps. We may post a notice through the Service if a security breach occurs. Depending on where you live, you may have a legal right to receive notice of a security breach in writing. To receive a free written notice of a security breach, you should notify us at privacy@agora.io.  

8. Data Transfers

  1. Agora provides its Service globally. If you choose to use the Service, then please note that you may be transferring your Personal Information outside of your jurisdiction to the U.S. and other regions where our data centers are located for storage and processing, which may not have the same level of data protection as that of your jurisdiction. Also, we may further transfer your data from the U.S. to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating the Service.
  1. If you’re from EEA or UK, when we transfer your Personal Information out of the EEA or UK, we will comply with applicable EEA/UK data protection laws and take appropriate measures to safeguard the security of your Personal Information. For example, we may transfer your Personal Information to countries which have been found to provide adequate protection by the EU Commission (e.g., Switzerland and Canada) to process and store your Personal Information, or we may use contractual protections for the transfer of your Personal Information to regions which haven’t been found to provide adequate protection by the EU Commission. You may contact us as specified below to obtain a copy of the safeguards we use to transfer your Personal Information outside of EEA or the UK.
  1. The EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF were respectively developed by the U.S. Department of Commerce and the European Commission, UK Government, and Swiss Federal Administration to provide U.S. organizations with reliable mechanisms for personal data transfers to the United States from the European Union, United Kingdom, and Switzerland while ensuring data protection that is consistent with EU, UK, and Swiss law. Agora is now part of the DPF program and you may find more info here: https://www.agora.io/en/data-privacy-framework-notice/

9. Data Retention

  1. Specific retention periods for each category of Personal Information are set out in Table A and Table B above.
  2. Retention hierarchy. For Table B data, Enterprise Customer instructions, as documented in applicable agreements, take precedence over system defaults. Where retention periods are listed as defaults, they apply only in the absence of contrary Enterprise Customer configuration or contractual instruction.
  3. The following general principles govern retention across all processing activities.
    1. We take measures to delete your Personal Information or keep it in a form that does not permit identification when this information is no longer required for the purposes for which we processed it, unless we are required by law to keep this information for a longer period.
    2. When determining the retention period, we consider various criteria which include:
    3. The type of products and services used by or provided to you
    4. The nature and length of our relationship with you
    5. Re-enrollment with our products or services
    6. The impact on the services we provide to you if we delete some information from or about you
    7. Mandatory retention periods provided by law and the statute of limitations
  4. Account Deletion. Additionally, if you no longer desire to use our Service, you can choose to delete your account and associated information. We provide you with this option when accessing your account dashboard, where, after authenticating yourself and satisfying certain conditions, you’ll be able to request the deletion of your Agora account and associated information, unless we are legally required to keep it.

10. Changes and Updates to This Policy

  1. Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. If we modify the Policy, we will make it available through the Service, and indicate the date of the latest revision. If the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of the change. For example, we may send a message to your email address, if we have one on file, or generate a pop-up or similar notification when you access the Service for the first time after such material changes are made. If you have an Agora account, we may also notify you of any changes / updates to this Policy in your account dashboard.  
  1. Your continued use of the Service after the revised Policy has become effective indicates that you have read, understood and agreed to the current version of the Policy.

11. Contact Us

Agora Lab, Inc. is the entity responsible for the processing of your Personal Information as described in this Policy. If you have any questions or comments about this Policy, your Personal Information, our use and disclosure practices, your consent choices, or if you would like to exercise your rights, please contact us by email at privacy@agora.io or write to us at:

Agora Lab, Inc.
2804 Mission College Blvd, Suite 110
Santa Clara, CA 95054
United States