소개

Agora Lab, Inc. (together with its parent companies, subsidiaries, and affiliates, “Agora,” “we,” or “us”) values the privacy of individuals who interact with our websites, products, and services (collectively, the “Services”).

This Privacy Policy (“Policy”) explains how we collect, use, disclose, and retain Personal Information in connection with the Services, as well as the rights and choices available to individuals. “Personal Information” means information relating to an identified or identifiable individual and excludes de-identified or anonymized data. This Policy should be read as a whole.

To enhance transparency while maintaining clarity, this Policy presents our data processing activities in a structured format:

  • Table A (Agora as Data Controller) describes categories of Personal Information we collect directly, the purposes for which it is used, applicable legal bases where required, and associated retention periods.
  • Table B (Agora as Data Processor) describes categories of Personal Information processed on behalf of enterprise customers (“Enterprise Customers”). In these circumstances, Agora acts as a processor and processes Personal Information in accordance with documented instructions from the Enterprise Customer, which determines the purposes and legal basis of processing.
  • Table C (California Privacy Rights Disclosure) provides additional disclosures required under applicable California law, including categories of Personal Information, recipients, and business purposes.

Where Agora processes Personal Information on behalf of Enterprise Customers, individuals should refer to the applicable Enterprise Customer’s privacy policy for additional information regarding how their Personal Information is handled, including applicable legal bases and available rights.

Additional sections of this Policy address, among other topics, data sharing practices, international data transfers, security measures, and individual rights, and should be read together with the tables referenced above. Descriptions in this Policy, including the tables, are intended to describe our processing activities as of the effective date. Processing may vary depending on the specific Services used and applicable configurations. In the event of any inconsistency, applicable agreements or product-specific terms may further govern.

Please read this Policy carefully. If you do not agree with it, you should not use the Services or provide Personal Information to us.

본 정책의 내용


이 정책은 다음 주제를 간략하게 설명합니다.

  1. 당사가 수집하는 개인 정보 및 사용 방법
  2. 유럽 개인 정보 처리를 위한 당사의 법적 근거
  3. 당사가 귀하의 개인 정보를 공개하거나 공유하는 방법
  4. 귀하의 권리 및 선택
  5. 서드파티 서비스
  6. 어린이 프라이버시
  7. 데이터 보안
  8. 데이터 전송
  9. 데이터 보존
  10. 본 정책의 변경 및 업데이트
  11. 문의하기

1.수집하는 개인 정보 및 사용 방법Personal Information We Collect and How We Use It

  1. We obtain Personal Information relating to you from various sources described below. Where applicable, we indicate whether and why you must provide us with your Personal Information, as well as the consequences of failing to do so.  
  1. If you do not provide Personal Information when requested, you may not be able to benefit from our Service if that information is necessary to provide you with the Service, or if we are legally required to collect it.
  1. Notwithstanding the above, we may use your Personal Information to enforce our End User License Agreement and Terms of Service, to defend our legal rights, to conduct audits, to comply with our legal obligations and internal policies, to contact you for administrative purposes such as to address intellectual property infringement, privacy violations or defamation issues related to user content posted on the Service. Where we do so, we will use the Personal Information relevant to such a case. Some processing may also be necessary to comply with a legal obligation placed on us.

Table A: Agora as Data Controller

  1. Applies to website visitors, account holders, job applicants, event attendees, and anyone who contacts Agora directly. Legal bases are cited by GDPR article where applicable.

Data Collected

Purpose

Legal Basis

Retention

Account Registration

Name, email, phone number, password, company name, industry

Account creation; Service delivery; product updates; support

Contract

Art. 6(1)(b) GDPR

Duration of active account + 30 days after deletion

Communication and Support

Name, email, physical address, IP address, phone number, content of correspondence

Respond to support requests, complaints, and inquiries; improve product quality

Legitimate interest 

Art. 6(1)(f) GDPR (responding to and resolving user requests)

3 years from last interaction, or as required by law

Cookies and Site Analytics

IP address, advertising identifiers, browser type, pages visited, session data

Analyze site usage; remember preferences; personalize content and advertising; improve service

Consent for non-essential cookies

Art. 6(1)(a) GDPR

Legitimate interest for essential/analytics

Art. 6(1)(f) GDPR

Per cookie type

See: Cookie Policy

Job Applications

Resume, work history, references, and information voluntarily provided in application

Evaluate candidacy; communicate with applicants

Legitimate interest

Art. 6(1)(f) GDPR (recruitment)

2 years from application date (unless hired; then per employment records policy)

Events and Surveys

Name, email, IP address, phone number, zip/postal code

Manage registration; send event updates; invite feedback; marketing

Legitimate interest

Art. 6(1)(f) GDPR

3 years from event date

Voice, images, photographs, video captured at events
(EEA/UK: explicit consent required before recording)

Promote event; share features and results with participants

Consent

Art. 6(1)(a) GDPR (EEA/UK);

Legitimate interest elsewhere

3 years from event date, or until consent withdrawn

Operational Metrics

Logs and metadata, system-level operation logs, timestamps, and interaction records (does not contain Personal Information)

Troubleshooting, debugging, and quality assurance

Legitimate interest

Art. 6(1)(f) GDPR

Quality Assurance

3 years from event date

Compliance and Safety Information

Content moderation logs (including third-party interception flags)

Content compliance; user safety

Legitimate Interest

Compliance and Safety

3 years from event date

Payment Information

Billing name, phone, address, payment method, company name

Process payment; create and manage paid account

Contract

Art. 6(1)(b) GDPR

7 years (tax and financial record-keeping obligations)


Table B: Agora as Data Processor

  1. Applies to end users of Enterprise Customers using Agora's products. Agora processes this data on behalf of and strictly in accordance with Enterprise Customer instructions. The legal basis for processing rests with the Enterprise Customer as Controller.
  1. No AI Training. Agora does not use Personal Information processed through the Conversational AI Engine or Agent Studio to train its own AI models. However, where Enterprise Customers integrate third-party AI providers (including LLM providers used for call evaluation, embedding services for knowledge base retrieval, and ASR/TTS providers), such providers may process Personal Information in accordance with their own terms and policies, which may include retention, logging, or use for model improvement or training. Agora does not control third-party provider processing beyond applicable contractual restrictions.

Data Processed

Purpose

Instructions From

Retention

Conversational AI Engine

Speech-to-Text (STT) / User Transcripts — text representation of user speech or input provided during a session, which may include image data (such as encoded images or image references) where Enterprise Customer has enabled image modality.

AI-Generated Content — text, responses, or other content generated by the AI during a session.

Troubleshooting; quality assurance

Enterprise Customer

Up to 30 days by default, unless otherwise configured in the applicable Enterprise Customer agreement; securely deleted upon expiry.

Session Logs and Metadata

timestamps, interaction events, AI responses, and system-level session data.

Audio Dumps

audio data captured during active sessions, where enabled by Enterprise Customer

Troubleshooting; quality assurance

Enterprise Customer (necessary for security, integrity, and service performance)

Up to 30 days by default, unless otherwise configured in the applicable Enterprise Customer agreement; securely deleted upon expiry.

Device type, OS version, CPU type, network type, end user ID

Service quality diagnostics, as configured or authorized by Enterprise Customer

Enterprise Customer

Up to 365 days by default, unless otherwise instructed by Enterprise Customer agreement.

Dynamic IP address

Network routing; troubleshooting

Enterprise Customer

Up to 30 days by default, unless otherwise instructed by Enterprise Customer agreement.

ConvoAI Device Kit only

IoT Device ID

Device networking and provisioning as configured by Enterprise Customer

Enterprise Customer

Until device is unbound by user

Phone number entered at registration

Single sign-on (SSO) as configured by Enterprise Customer

Enterprise Customer

Duration of account

Agent Studio and SIP Callcenter

Agent pipeline configuration — ASR/TTS/LLM/VAD/MCP settings and prompt instructions entered by Enterprise Customer (may contain Personal Information depending on content entered by Enterprise Customer)

Provision and operate voice agent as configured by Enterprise Customer

Enterprise Customer

Deleted when Enterprise Customer deletes configuration or terminates account.

 

API keys and credentials stored in Key Management System (KMS)

Technical configuration of third-party AI services; agent operation, as authorized by Enterprise Customer

Enterprise Customer (explicit authorization required)

Deleted when Enterprise Customer deletes or terminates account.

 

Phone numbers and SIP trunk configuration

Elastic SIP trunk info and inbound number configuration (e.g., Twilio import data, phone numbers, IP whitelist)

Inbound/outbound call routing as configured by Enterprise Customer

Enterprise Customer

Deleted when Enterprise Customer removes configuration or terminates account.

Outbound campaign data

Phone number lists and Enterprise Customer-supplied contact data uploaded via CSV by Enterprise Customer

(PII: yes, where campaign source contains contact details).

Campaign execution and call personalization as configured and authorized by Enterprise Customer

Enterprise Customer

Enterprise Customers are responsible for ensuring lawful collection of any personal data included.

Agora does not restrict or validate content of uploaded campaign data.

Deleted when Enterprise Customer deletes campaign or terminates account.

 

Speech-to-Text (STT) transcripts -

Text of inbound/outbound calls generated during interactions, which may include image data. (such as encoded images or image references) where Enterprise Customer has enabled image modality.

Quality assurance and call evaluation as directed by Enterprise Customer; Agora does not access transcript content independently

Enterprise Customer

Stored only if Enterprise Customer enables transcript storage.

Retained based on Enterprise Customer configuration; deleted when Enterprise Customer deletes or terminates account

 

Audio recordings

Audio of inbound/outbound calls captured via SIP Gateway

Quality assurance and Enterprise Customer playback, as enabled by Enterprise Customer; Agora does not access audio content independently

Enterprise Customer

Stored only if Enterprise Customer enables recording

 

Default: 30 days Configurable up to permanent retention (aligned with contract duration), per Enterprise Customer agreement.

Call outcome data — call result, duration, and outcome of inbound/outbound calls (received from SIP gateway via Agora SIP Manager)

Agora does not access individual call content

Metering, analytics, and billing statistics

Enterprise Customer

Deleted when Enterprise Customer terminates account.

 

Evaluation data (Successful Evaluation) automated assessment of call outcome derived from transcript content, using LLM analysis.

 

Provide call outcome evaluation results to Enterprise Customer as directed;

Agora does not use evaluation data for its own analytics or model improvement.

Analysis is automated and probabilistic.

Enterprise Customer

Enabled only if Enterprise Customer activates this feature.

Retained based on Enterprise Customer configuration; deleted when Enterprise Customer deletes knowledge base or terminates account.

Knowledge base documents uploaded by Enterprise Customer (may contain Personal Information depending on content uploaded; Agora does not control, review, or restrict content of uploaded materials)

Enable agent knowledge retrieval (RAG) as configured by Enterprise Customer

Enterprise Customer

Deleted when Enterprise Customer deletes knowledge base or terminates account.

MCP server connections — endpoint configurations set by Enterprise Customer. Agora does not control MCP server content or behavior and is not responsible for outputs generated by third-party MCP servers.

Enable agent access to Enterprise Customer-selected third-party tools or data sources, as configured by Enterprise Customer

Enterprise Customer

Retained based on Enterprise Customer configuration; deleted when Enterprise Customer terminates account.

 

Real-Time Communication (RTC) SDK — Video Calling, Voice Calling, Live Streaming

Real-time audio and video streams

Deliver real-time communication service

Enterprise Customer

Not stored, streamed in real time only

Dynamic IP address

Network routing; troubleshooting

Enterprise Customer

Up to 30 days by default, unless otherwise instructed by Enterprise Customer agreement.

Device information — brand, OS version, CPU, memory usage, battery level, screen resolution, sensor data

Service quality diagnostics; performance optimization.

Enterprise Customer

Up to 365 days by default, unless otherwise instructed by Enterprise Customer agreement.

Wi-Fi information, Bluetooth information, signal strength

Network quality optimization

Enterprise Customer

Up to 30 days by default, unless otherwise instructed by Enterprise Customer agreement.

User UID; channel name / room ID

Session identity; channel management, as configured by Enterprise Customer

Enterprise Customer

Up to 30 days by default, unless otherwise instructed by Enterprise Customer agreement.

Real-Time Speech-to-Text and Real-Time Translation

Audio streams captured from user input during active sessions

Deliver STT service; audio may be retained for troubleshooting (demo app only)

Enterprise Customer

Not stored for production — streamed only. Demo app: per Enterprise Customer agreement

Transcripts (.vtt format)

Deliver STT output to Enterprise Customer application as configured by Enterprise Customer

Enterprise Customer

Per Enterprise Customer configuration

Logs and metadata — UID, channel ID, channel duration, join/leave timestamps

Debugging; troubleshooting

Enterprise Customer

Up to 30 days by default, unless otherwise instructed by Enterprise Customer agreement.

Agora Chat

IP address; device type/model and random identifier

Troubleshooting; technical diagnostics

Enterprise Customer

Up to 30 days by default, unless otherwise instructed by Enterprise Customer agreement.

UID; App Key

Authenticate users; provide core chat functionality as configured by Enterprise Customer

Enterprise Customer

Duration of account

User messages; user metadata (nickname, portrait, email, phone, etc.); user tags

Deliver chat services as configured by Enterprise Customer

Enterprise Customer

Per Enterprise Customer configuration

Push tokens; push messages and attachments

Notification delivery as configured by Enterprise Customer

Enterprise Customer

Duration of account

Interactive Whiteboard

UID; Room UUID

Session continuity; identity management, as configured by Enterprise Customer

Enterprise Customer

Duration of session plus up to 30 days by default, unless otherwise instructed by Enterprise Customer agreement.

Dynamic IP address; device type, OS version, CPU info

Troubleshooting; performance analysis, as authorized by Enterprise Customer

Enterprise Customer

Up to 30 days by default (IP address); up to 365 days by default (device information), unless otherwise instructed by Enterprise Customer agreement.

User draw content; user uploaded attachments

Enable collaborative whiteboard functionality; file sharing, as configured by Enterprise Customer

Enterprise Customer

Per Enterprise Customer configuration


  1. Voice and Audio Sensitivity Notice: Voice and audio data processed through Conversational AI products may reveal sensitive personal characteristics, including health conditions, emotional states, accent, or ethnicity, even where not intentionally provided. Agora processes such data with heightened care, applying encryption in transit and at rest, strict access controls, and retention limited to the periods specified above. Where required by applicable law, processing is subject to the legal basis determined by Enterprise Customer.

Table C: California Privacy Rights Disclosure (CCPA/CPRA)

  1. Required for California residents under CPRA. Discloses categories of personal information, recipients, and business purposes. Agora does not sell personal information.

Category of Personal Information

Examples

Disclosed To

Business / Commercial Purpose

Identifiers

name, email, phone, IP address, account credentials, device IDs

Affiliates; service providers (hosting, analytics, email delivery); advertising partners; law enforcement when required; acquirers in M&A transactions

Account creation; service delivery; marketing; analytics; legal compliance; fraud prevention

Commercial information

billing name, address, payment method, transaction history

Payment processing service providers; affiliates; law enforcement when required

Payment processing; account management; financial record-keeping

Internet or electronic network activity

browsing behavior, cookies, pages visited, ad interactions

Analytics providers; advertising partners; affiliates

Site analytics; personalization; advertising; service improvement

Audio, visual (including image data processed through Conversational AI transcripts), or similar information

voice recordings via ConvoAI/Agent Studio; event photos and video

Enterprise Customers (for voice/audio); event organizers and affiliates (for event media); service providers

Service delivery (voice AI); event promotion; quality assurance

Professional or employment information

resume, work history, references from job applications

Affiliates involved in hiring

Recruitment and hiring

Inferences drawn from personal information

preferences, characteristics inferred from usage patterns

Analytics providers; advertising partners

Service personalization; targeted advertising; product improvement

Sensitive personal information

account login credentials

Service providers (identity/authentication only)

Account security and authentication only


  1. Agora does not sell personal information as defined by CPRA Cal. Civ. Code § 1798.100 et seq. Agora does not use sensitive personal information for purposes beyond those permitted under CPRA § 1798.121. California residents may exercise rights (access, deletion, correction, opt-out of sharing) by contacting privacy@agora.io.
  1. If you are located in the European Economic Area or the United Kingdom, the legal bases for processing Personal Information where Agora acts as a Controller are specified in Table A above. In general, we process Personal Information on one or more of the following bases:
    1. You have consented to the use of your Personal Information;
    1. We need your Personal Information to provide you with the Service, including for account registration and to respond to your inquiries;
    1. We have a legal obligation to use your Personal Information; or
    1. We, or a third party, have a legitimate interest in using your Personal Information. In particular, we have a legitimate interest in using your Personal Information to conduct business analytics and direct marketing, and otherwise improve the safety, security, and performance of our Service. We only rely on our, or a third party's, legitimate interests to process your Personal Information when these interests are not overridden by your rights and interests.
  2. Where Agora acts as a Data Processor on behalf of Enterprise Customers, the legal basis for processing is determined by the Enterprise Customer as Controller.

3.당사가 귀하의 개인 정보를 공개하거나 공유하는 방법

아고라 계열사 및 자회사

당사는 일반적으로 서비스를 제공하거나 귀하와 소통할 목적으로 Agora 계열사 및 자회사 내에서 안전한 방식으로 귀하에 관한 개인 정보를 공개합니다.

아고라 사용자

공개적으로 액세스할 수 있는 서비스 영역 (예: 공개 프로필 페이지) 에 있는 정보 또는 다른 사용자와 공유하거나 다른 사용자와 공유하도록 허용한 정보를 포함하여 서비스에 또는 서비스를 통해 포함하기로 선택한 모든 개인정보는 다른 사용자를 포함하여 해당 콘텐츠에 액세스할 수 있는 모든 사람이 사용할 수 있습니다.당사는 게시된 정보를 보고 사용하는 다른 사용자의 개인 정보 보호 관행에 대해 책임을 지지 않습니다.

Agora의 파트너, 공급업체 및 서비스 제공업체

당사는 타사 서비스 공급자와 협력하여 웹 사이트 또는 애플리케이션 개발, 호스팅, 유지 관리 및 기타 서비스를 제공합니다.이러한 제3자는 당사에 해당 서비스를 제공하는 과정에서 귀하의 개인 정보에 액세스하거나 이를 처리할 수 있습니다.당사는 이러한 서비스 제공자에게 제공되는 정보를 해당 서비스 제공자가 업무를 수행하는 데 필요한 정보로 제한하며, 해당 정보의 기밀 유지에 동의하도록 요구합니다.이러한 제3자에는 일반적으로 스토리지 공급업체, 인터넷 사업자, 결제 처리 파트너, 설문조사 회사, 가상 또는 대면 이벤트 주최자가 포함될 수 있습니다.privacy@agora.io.

광고 파트너

당사는 귀하가 관심을 가질 것으로 생각되는 광고를 제공하기 위해 타사 광고 파트너와 귀하의 개인 정보를 공유할 수 있습니다.당사의 광고 및 마케팅 관행과 타사 광고 파트너의 광고 및 마케팅 관행에 대한 자세한 내용은 당사를 참조하십시오. 쿠키 정책.

기타 제 3자

또한 당사는 다음과 같은 상황에서 귀하에 관한 개인 정보를 다른 제3자와 공유할 수 있습니다.

  • 집계된 형태로. 당사는 (i) 다양한 보고 의무 준수, (ii) 비즈니스 또는 마케팅 목적, (iii) 서비스를 통해 제공되는 특정 프로그램, 콘텐츠, 서비스, 광고, 프로모션 및/또는 기능에 대한 사용자의 관심사, 습관 및 사용 패턴을 이해하도록 지원하는 등 다양한 목적으로 제3자에게 자동 수집, 집계 또는 기타 신원 정보가 제거된 특정 정보를 제공할 수 있습니다.
  • 법적 의무를 준수하기 위해. 당사는 법률에 의해 요구되거나, 그러한 조치가 주 및 연방 법률 (예: 미국 저작권법) 을 준수하기 위해, 법원 명령, 사법 또는 기타 정부 소환장 또는 영장에 응하거나, 법 집행 기관 또는 기타 정부 기관과 협력하기 위해 필요하다고 선의로 믿는 경우 귀하의 정보를 공개할 수 있습니다.
  • 우리의 권리를 보호하고 집행하기 위해. 또한 당사는 (i) 책임으로부터 예방 조치를 취하고, (ii) 사기, 남용 또는 불법적인 사용 또는 활동으로부터 당사 또는 타인을 보호하고, (iii) 제3자의 클레임 또는 혐의로부터 당사를 조사하고 방어하며, (iv) 서비스 및 서비스를 제공하는 데 사용된 시설 또는 장비의 보안 또는 무결성을 보호하기 위해 적절하거나 필요하다고 판단되는 귀하의 정보를 선의로 공개할 권리를 보유합니다.) 당사의 재산 또는 기타 법적 권리 보호 (계약 집행을 포함하되 이에 국한되지 않음)또는 타인의 권리, 재산 또는 안전.
  • 합병, 매각 또는 기타 자산 양도의 경우. 개인정보를 포함한 당사 사용자에 관한 정보는 합병, 인수, 채무 융자, 자산 매각 또는 이와 유사한 거래의 일환으로 인수자, 승계인 또는 양수인에게 공개되거나 달리 이전될 수 있습니다. 또한 정보가 당사의 비즈니스 자산의 하나로 하나 이상의 제3자에게 이전되는 파산, 파산 또는 관리권의 경우에도 마찬가지입니다.
  • 귀하의 동의하에. 또한 당사는 정보가 수집되는 시점, 공유되기 전 또는 사용자가 동의한 기타 방식으로 사용자에게 보내는 통지에 설명된 대로 귀하의 개인 정보를 공개할 수 있습니다.

4.귀하의 권리와 선택

계정 정보

귀하는 당사와의 특정 개인 정보 공유를 거부할 권리가 있으며, 이 경우 당사는 서비스의 일부 특징 및 기능을 제공하지 못할 수 있습니다.서비스의 계정 설정 페이지에 액세스하여 언제든지 프로필 정보 및 기본 설정을 업데이트, 수정 또는 삭제할 수 있습니다.당사가 귀하에 대해 보유하고 있는 기타 개인 정보에 액세스하거나 수정하려면 다음 연락처로 문의할 수 있습니다. .참고로, 변경 사항은 활성 사용자 데이터베이스에 즉시 또는 합리적인 기간 내에 반영되지만, 당사는 백업, 보관, 사기 및 남용 방지, 분석, 법적 의무 충족을 위해 또는 합법적인 이유가 있다고 합리적으로 판단되는 경우 관련 법률에서 허용하는 범위 내에서 귀하가 제출한 모든 정보를 보관할 수 있습니다.

상업적 커뮤니케이션 수신 거부

  1. Opt-Out from Commercial Communication. If you receive any commercial emails from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt-out by emailing privacy@agora.io or writing to us at the address at the end of this Policy. Please be aware that it may take up to fifteen (15) business days to process your request.
  1. Opt-Out from Conversational AI Data Processing. If you wish to opt out of the storage of transcripts (including user speech-to-text and AI-generated content) or audio recordings generated through our Conversational AI products, you may opt out of the storage of transcripts and audio recordings on a per-session basis by configuring the applicable parameter through the Conversational AI REST API. For details, refer to the https://docs.agora.io/en/conversational-ai/rest-api/agent/join#properties-parameters-opt-out.  Opting out will: (i) not affect your ability to use the core service, though it may limit our ability to investigate technical issues you report, and (ii) not apply retroactively to prior sessions.
  1. Do Not Track. Some web browsers incorporate a “Do Not Track” feature. Because there is not yet an accepted standard for how to respond to Do Not Track signals, our website does not currently respond to such signals.
  1. Do Not Sell Personal Information. We will not sell your Personal Information to any third party without your prior written consent.

프라이버시 설정

특정 개인 정보에 대한 액세스를 제한하도록 개인 정보 설정을 조정할 수 있지만 완벽하거나 침투가 불가능한 보안 조치는 없다는 점에 유의하십시오.관련 법률이 허용하는 최대한의 범위 내에서 당사는 서비스의 개인 정보 설정 또는 보안 조치를 우회하는 것에 대해 책임을 지지 않습니다.또한 당사는 귀하가 귀하의 정보를 공유하기로 선택할 수 있는 다른 사용자의 행동을 통제할 수 없습니다.또한 서비스에 게시된 정보가 삭제된 후에도 캐싱 및 보관 서비스가 해당 정보를 저장했을 수 있으며, 다른 사용자나 제3자가 서비스에서 사용할 수 있는 정보를 복사하거나 저장했을 수 있습니다.관련 법률이 허용하는 최대한의 범위 내에서 당사는 귀하가 서비스에 게시하거나 전송한 정보가 승인되지 않은 사람이 열람하지 않을 것이라고 보장할 수 없으며 보장하지도 않습니다.

추적 금지

Depending on your jurisdiction and applicable data protection legislation, you may have additional rights. If you are located in EEA or UK, you have these additional rights in relation to the Personal Information that we hold:

  1. Withdrawal of Consent. Where we rely on consent for the processing of your Personal Information, you have the right to withdraw your consent at any time.
  1. Access. You have the right to access the Personal Information we hold about you, and to receive an explanation of how we use it and with whom we share it.
  1. Correction. You have the right to correct any Personal Information we hold about you that is inaccurate or incomplete.
  1. Erasure. You have the right to request your Personal Information to be erased or deleted.
  1. Object to Processing. You have the right to object to our processing of your Personal Information where we are relying on a legitimate interest.
  1. Restrict Processing. You have a right in certain circumstances to stop us processing your Personal Information other than for storage purposes.
  1. Portability. You have the right to receive, in a structured, commonly used and machine-readable format, Personal Information that you have provided to us where we process it on the basis of our contract with you or with your consent.
  1. Complaint. You have the right to lodge a complaint with a data protection supervisory authority in your country of residence, place of work, or where an incident takes place.

Exercising Your Rights

Please note that, prior to any response to the exercise of such rights, we may require you to verify your identity. In addition, we may have valid legal reasons to refuse your request and will inform you if that is the case. For more information on, or to exercise your rights, please email privacy@agora.io.

5.서드파티 서비스

본 정책은 Agora의 귀하의 개인 정보 처리에만 적용됩니다.서비스에는 제3자가 제공하는 웹 사이트 및 서비스에 대한 기능이나 링크가 포함될 수 있습니다.본 개인정보 보호정책에 설명된 정책 및 절차는 타사 웹 사이트에는 적용되지 않습니다.귀하가 제3자 사이트 또는 서비스에서 제공하는 모든 정보는 해당 서비스의 운영자에게 직접 제공되며, 서비스를 통해 액세스하는 경우에도 개인 정보 보호 및 보안에 관한 해당 운영자의 정책 (있는 경우) 의 적용을 받습니다.당사는 서비스를 통해 링크 또는 액세스가 제공되는 타사 사이트 또는 서비스의 콘텐츠, 개인정보 보호 및 보안 관행 및 정책에 대해 책임을 지지 않습니다.정보를 제공하기 전에 제3자의 개인정보 보호 및 보안 정책을 숙지하는 것이 좋습니다.

6.어린이 개인정보 보호

당사의 서비스는 16세 미만의 어린이를 대상으로 하지 않으며, 부모의 동의 없이 16세 미만의 어린이로부터 고의로 개인 정보를 수집하지 않습니다.16세 미만인 경우 언제든지 어떤 방식으로든 서비스를 사용하거나 액세스하지 마십시오.서비스에서 16세 미만의 사용자로부터 확인 가능한 부모의 동의 없이 개인 정보가 수집되었다는 사실을 알게 되는 경우, 당사는 적절한 조치를 취하여 해당 정보를 삭제할 것입니다.부모 또는 보호자인데 16세 미만의 자녀가 서비스 계정을 취득한 사실을 알게 되면 다음 주소로 알려주실 수 있습니다. privacy@agora.io 해당 어린이의 개인 정보를 당사 시스템에서 삭제하도록 요청합니다.

7.데이터 보안

  1. We use certain physical, managerial, and technical safeguards that are designed to appropriately protect Personal Information against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Information in our possession. WE CANNOT, HOWEVER, ENSURE OR WARRANT THE SECURITY OF ANY INFORMATION YOU TRANSMIT TO US OR STORE ON THE SERVICE, AND YOU DO SO AT YOUR OWN RISK. WE ALSO CANNOT GUARANTEE THAT SUCH INFORMATION MAY NOT BE ACCESSED, DISCLOSED, ALTERED, OR DESTROYED BY BREACH OF ANY OF OUR PHYSICAL, TECHNICAL, OR MANAGERIAL SAFEGUARDS.  
  1. The foregoing is subject to requirements under applicable law to ensure or warrant information security. If, under applicable law, we learn of a security breach, then we may attempt to notify you electronically so that you can take appropriate protective steps. We may post a notice through the Service if a security breach occurs. Depending on where you live, you may have a legal right to receive notice of a security breach in writing. To receive a free written notice of a security breach, you should notify us at privacy@agora.io.  

8.데이터 전송

  1. Agora provides its Service globally. If you choose to use the Service, then please note that you may be transferring your Personal Information outside of your jurisdiction to the U.S. and other regions where our data centers are located for storage and processing, which may not have the same level of data protection as that of your jurisdiction. Also, we may further transfer your data from the U.S. to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating the Service.
  1. If you’re from EEA or UK, when we transfer your Personal Information out of the EEA or UK, we will comply with applicable EEA/UK data protection laws and take appropriate measures to safeguard the security of your Personal Information. For example, we may transfer your Personal Information to countries which have been found to provide adequate protection by the EU Commission (e.g., Switzerland and Canada) to process and store your Personal Information, or we may use contractual protections for the transfer of your Personal Information to regions which haven’t been found to provide adequate protection by the EU Commission. You may contact us as specified below to obtain a copy of the safeguards we use to transfer your Personal Information outside of EEA or the UK.
  1. The EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF were respectively developed by the U.S. Department of Commerce and the European Commission, UK Government, and Swiss Federal Administration to provide U.S. organizations with reliable mechanisms for personal data transfers to the United States from the European Union, United Kingdom, and Switzerland while ensuring data protection that is consistent with EU, UK, and Swiss law. Agora is now part of the DPF program and you may find more info here: https://www.agora.io/en/data-privacy-framework-notice/

9.데이터 보존

  1. Specific retention periods for each category of Personal Information are set out in Table A and Table B above.
  2. Retention hierarchy. For Table B data, Enterprise Customer instructions, as documented in applicable agreements, take precedence over system defaults. Where retention periods are listed as defaults, they apply only in the absence of contrary Enterprise Customer configuration or contractual instruction.
  3. The following general principles govern retention across all processing activities.
    1. We take measures to delete your Personal Information or keep it in a form that does not permit identification when this information is no longer required for the purposes for which we processed it, unless we are required by law to keep this information for a longer period.
    2. When determining the retention period, we consider various criteria which include:
    3. The type of products and services used by or provided to you
    4. The nature and length of our relationship with you
    5. Re-enrollment with our products or services
    6. The impact on the services we provide to you if we delete some information from or about you
    7. Mandatory retention periods provided by law and the statute of limitations
  4. Account Deletion. Additionally, if you no longer desire to use our Service, you can choose to delete your account and associated information. We provide you with this option when accessing your account dashboard, where, after authenticating yourself and satisfying certain conditions, you’ll be able to request the deletion of your Agora account and associated information, unless we are legally required to keep it.

10.본 정책의 변경 및 업데이트

  1. Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. If we modify the Policy, we will make it available through the Service, and indicate the date of the latest revision. If the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of the change. For example, we may send a message to your email address, if we have one on file, or generate a pop-up or similar notification when you access the Service for the first time after such material changes are made. If you have an Agora account, we may also notify you of any changes / updates to this Policy in your account dashboard.  
  1. Your continued use of the Service after the revised Policy has become effective indicates that you have read, understood and agreed to the current version of the Policy.

11.문의하기

Agora Lab, Inc.는 본 정책에 설명된 대로 귀하의 개인 정보 처리를 담당하는 주체입니다.본 정책, 개인 정보, 당사의 사용 및 공개 관행, 동의 선택에 대한 질문이나 의견이 있거나 권리를 행사하려는 경우 다음 주소로 이메일을 보내 문의하십시오. privacy@agora.io 또는 다음 주소로 편지를 보내주십시오.

아고라 랩, Inc.
2804 미션 칼리지 블러바드, 스위트 110
캘리포니아 주 산타클라라 95054
미국

본 개인정보 보호정책 (이하 “정책”) 은 당사가 제공하는 서비스를 통해 그리고 고객, 파트너 및 공급업체 관계와 관련하여 귀하로부터 또는 귀하에 관한 개인 정보를 수집 및 사용하는 방법, 귀하의 개인 정보와 관련된 귀하의 권리와 선택, 질문이나 우려 사항이 있는 경우 당사에 연락할 수 있는 방법을 설명합니다.본 정책의 목적상 “개인 정보”란 식별되거나 식별 가능한 개인과 관련된 모든 정보를 의미하며, 개인 식별 정보가 제거된 데이터 (예: 익명 데이터) 는 포함되지 않습니다.본 정책에 설명된 활동 외에도 당사는 기업 고객 (“기업 고객”) 이 당사 서비스를 사용할 때 제공한 개인 정보를 처리할 수 있습니다.당사는 데이터 처리를 담당하는 기업 고객 (기업 고객) 의 지시에 따라 데이터 처리자로서 데이터 처리자로서 이러한 개인 정보를 처리합니다.기업 고객이 귀하의 개인 정보를 처리하는 방법을 이해하려면 해당 기업 고객의 개인 정보 보호 정책을 참조하십시오.기업 고객에게 서비스를 제공할 때 당사가 처리하는 개인 정보에 관심이 있는 경우 다음을 참조하십시오. 자세한 내용은 여기를 참조하십시오.