Data Privacy

Agora Practices

Using a technology platform that has more than 30.000.000 in customer communication monthly, Agora gives security and reliability high priority. Agora Platform runs automated tests to evaluate performance and security. Focusing in Data Protection and business integrity of our clients, we follow the highest market standards for privacy, governance and infrastructure security to make our platform secure.

 

Cloud Infrastructure and Availability

Agora Platform is hosted in facilities certified with ISO 27001, ISO 9001, PCI DSS, Tier III+, CSA/CCM, ITAR, CJIS, HIPAA, IRS 1075 and has a real time monitoring automated center. The Agora Platform’s data center runs with SLA of 99,982% yearly in service availability. Our Customer Support and Security Infrastructure Teams are available 24/7.

 

Security in Platform Application

Agora has strategic partnerships with major global audit and cybersecurity companies to ensure safety of our clients and platform. We regularly run tests and have our platform audited so as to prevent security threats and make sure all traffic of information with Agora is secure. All communication with Agora platform is encrypted, using SSO options and HTTPS over all networks. We apply the best standards for data transfers.

 

APIs

All access to the APIs built by Agora for integration with other systems adopts strong authentication standards based on JWT/OAUTH2 and levels of permission for users and roles.

 

PRIVACY POLICY

Agora platform appreciate and acknowledge the vital importance of privacy, security and data protection to our clients and to all data subjects that might have their Personal Data (as defined below) processed through our systems. As a global organization, Agora does its utmost to provide adequate protections across all of its operations and implement consistent and rigorous policies and procedures.

For the purposes of this Data Privacy Policy, "You" means, in the case of an individual accepting this Data Privacy Policy on his or her own behalf, such individual, or in the case of an individual accepting this Data Privacy Policy on behalf of a company or other legal entity, the company or other legal entity for which You are accepting this Data Privacy Policy, and Affiliates of that company or legal entity.

You are deemed to have accepted this Data Privacy Policy whenever You navigate our website, subscribe to and/or use Agora Platform, whether it is a trial or beta version thereof, and enter into the Platform Subscription Agreement, as applicable.

This Data Privacy Policy informs you of our privacy practices and of the choices you can make about the way we collect and use information about you, including information that may be collected from your online activity and which may be processed as a consequence of our services.

For the purposes of this Data Privacy Policy, personal data ("Personal Data") means any information relating to an identified or identifiable natural person (you); whenever you can be identified, directly or indirectly, in particular by reference to an identifier such as your name, an identification number, location data, an online identifier or to one or more factors specific to your identity.

 

SCOPE AND AGREEMENT

This Privacy Policy describes the collection and use of Personal Data when you visit and use the services offered by Agora. By agreeing to this Privacy Policy, you declare and agree that Agora may use your Personal Data accordingly.

By design, the provision of our services per se does not demand the direct collection of personal data, but, rather, entails the processing of data, including Personal Data, which is originally collected and provided to Agora by its corporate clients. As such, except for the Personal Data which may be collected when You use our portal, as further detailed below, Agora will only occasionally collect your Personal Data. If and when your Personal Data is collected for purposes not associated to your portal usage you will be duly notified and given the opportunity to exercise your rights to have your Personal Data rectified or erased.

Moreover, this policy does not apply to Personal Data to which we may have access in order to provide services to you ("Services Data"), which is detailed in our Services Privacy Policy below.
 

THIRD PARTY SERVICES AND APPLICATIONS

This Privacy Policy does not apply to third-party applications, products, services, websites or social media features that may be accessed through links we provide for your convenience and information. Accessing those links will cause you to leave our environment and may result in the collection or sharing of information about you by a third-party. We do not control, endorse or make any representations about those third-party websites or their privacy practices, which may differ from ours. We encourage you to review the privacy policy of any website you interact with before allowing the collection and use of your Personal Data.

 

INFORMATION WE COLLECT

Agora collects certain Personal Data when you register with Agora, request information about us or when you use Agora services. In registering with Agora or requesting information, you may provide us with a password, your real name, industry, organization name, job role, and contact information, such as e-mail address, phone number, and shipping address. We may also collect your product registration information, product interest information or demographic information. We may also combine information you provide with data we collect automatically (as further described below).

Whenever you visit the Agora website, Agora also receives and records information on our server logs from your browser, including your computer's or mobile device's operating system type and version, browser type and language, your Internet Protocol (IP) address, and geographic areas derived from your IP address, Agora cookie information, file information, time stamped logs regarding access times and duration of visits and other usage data relating to your activities on our portal, including the pages you request. We may relate this information to the Personal Data you provide for purposes described in this Privacy Policy.

When you use our mobile apps, we also automatically collect information about your device and about your usage of and activity on our mobile apps. For example, we collect your device’s mobile operating system type and version, browser type, device type, geolocation data, Wi-Fi networking connection data, Internet Protocol (IP) address, device identifiers, time stamped logs regarding access times and duration of visits, and other information.

 

DATA COLLECTED AUTOMATICALLY – COOKIES AND IP

Cookies are text files containing small amounts of information which are downloaded to your device, or more technically, to the browser that you use on that device, when you visit a website. The entity that places cookies on your browser can then read the information on that cookie that it set. Cookies are typically classified as either "session cookies" which do not stay on your device after you close your browser or "persistent cookies" which will usually remain on your device until you delete them or they expire.

When you visit our website, we place information on your computer in the form of a cookie, which is recognized automatically the next time you visit us. Cookies allow us, for example, to adapt our website to meet your interests. If you do not wish us to recognize your computer again later, please set your web browser to delete cookies from your computer, to block all cookies or to warn you before saving a cookie. Note, however, you may not be able to avail of the full scope of our website functions. In this respect, note that Agora uses certain cookies which are unrelated to online advertising: (i) account access security cookies; (ii) functional cookies, which preserve the functionality of navigational elements; and (iii) language or regional setting cookies.

Agora may also track IP addresses for purposes of system administration, to report aggregate information, site tracking, to prevent our servers from being abused and for other uses described in this Privacy Policy.

 

HOW WE USE YOUR PERSONAL DATA

We use your Personal Data for the purposes described in this Privacy Policy and to manage our relationship with you and provide you with better services, including by personalizing your interaction and experience with us. For example, we may use your information to:

 

  • (a) conduct our ordinary business operations, including to verifying your identity, making credit decisions, completing transactions and orders of our products or services, administering your account, processing payments and conducting business research and analytics;
  • (b) for staff training and quality assurance purposes and, generally, improving our internal operations and the performance of systems, products and services, which includes innovation activities such as creating new products, features and services using research and development tools and incorporating data analysis activities;
  • (c) improve your customer experiences, by maintaining accurate contact and registration data, offering adequate services and features that may interest you and enabling you to participate in contests and surveys;
  • (d) respond to your comments, questions and complaints;
  • (e) send you service-related information, including confirmations, communications, updates, security alerts, and support and administrative messages;
  • (f) communicate with you and your referrals about promotions, upcoming events, and news about products and services offered by this portal and our business partners;
  • (g) link or combine information about you with other data we get from third parties, to help understand your needs and provide you with better and more personalized service;
  • (h) enforce our terms and conditions or protect our business, partners or clients; and
  • (i) protect against, investigate, and deter fraudulent, unauthorized, or illegal activity.

 

SHARING OR TRANSFERRING PERSONAL DATA

We do not share Personal Data to third parties unless you have previously agreed to this or it is legally permissible for us to do so.

We may transfer Personal Data to other Agora entities or partners. To ensure that your Personal Data is secure, Agora entities are contractually bound to comply with this Privacy Policy and our internal privacy guidelines. Those, in turn, are communicated regularly to our employees, as part of our specific compliance program. By accessing this portal you consent to the transfer and sharing of your Personal Data among Agora entities.

As any other business, Agora relies on service providers to manage and support, on our behalf, certain aspects of our business operations. These service providers may be located in a number of global regions and may provide services such as, data hosting, IT and cloud services, debt-collection, fraud management services and customer support. Our service providers are required by contract to safeguard any Personal Data they receive from us and are prohibited from using the Personal Data for any purpose other than to perform the services as instructed by Agora as our Public Cloud and Technology Partners.

We may also share your Personal Data when we believe, in good faith, that we have an obligation to: (i) comply with any law, regulation or court order; (ii) respond to duly authorized information requests of regulators, law enforcement agencies and other public authorities, including in instances associated to natural security threats; (iii) enforce and/or protect the rights and properties of Agora, including to investigate fraud and help prevent security threats or other criminal or malicious activity; or (iv) protect the legitimate interests of third parties, including the personal safety of Agora employees.

Agora may, for strategic or other reasons, decide to sell, buy, merge or otherwise reorganize its businesses. In such instances, it may be the case that we disclose or transfer your Personal Data to prospective or actual purchasers.

 

CHILDREN’S PRIVACY

Agora does not knowingly collect information from children as defined by local law, and does not target its websites or mobile applications to children.

 

E-MAIL COMMUNICATIONS

We will only use your email address for those purposes for which you have provided it (e.g. membership-related messages, sending status emails, notifications regarding purchases and sales). You will only receive advertising from us via email if you have agreed to do so or where the law otherwise allows.

Agora communications may appear at regular or irregular intervals and, in addition to information pertaining to Agora, may contain offers from portal business owners. You can unsubscribe to portal’s communications.

 

DATA SECURITY – PROTECTION OF YOUR DATA

We use the usual standard physical, electronic and managerial security procedures, including encryption, passwords and physical security as an effort to protect your Personal Data from unauthorized access and disclosure and to prevent annoying communication (spam). However, you should know that no company, including Agora, can fully eliminate security risks associated with Personal Data.

To help protect yourself, please use a strong password, do not use the same passwords to access your Agora accounts that you use with other accounts or services, and protect your user names and passwords to help prevent others from accessing your accounts and services.

Personal Data we collect may be retained for as long as needed to fulfill legitimate business purposes, including the purposes outlined in this Privacy Policy, or for a period of time specifically required or allowed by applicable regulations or laws.

 

EXCERCISING YOUR RIGHTS

You have the right to have access granted to any Personal Data that you have provided to us or that we keep about you. Moreover, you have the right to withdraw any consent previously granted or to request amendment, correction, anonymization or deletion of your Personal Data and to request clarification about the processing. In certain cases, your request may be denied on a legitimate basis such as where making information available would reveal Personal Data about another data subject or where Agora is legally prevented from disclosing such information.

 

CHANGE

As technology and our services advance, we will also adapt our Privacy Policy. When this happens, we will post the revised statement here, with an updated revision date. If necessary, ask you for fresh agreement. All the same, you should view this page on a regular basis in order to find out about the current status of our Privacy Policy.

 

REVOCATION

If most use of your Personal Data is based on your consent, this consent can be revoked at any time; the revocation, however, will only apply to future use of the data. You can revoke this consent by an email to our main contacts. Revocation of your consent and consent may mean that certain services are no longer available or will be limited. Agora retains the right to exercise our data activities on a legal basis at any time.

 

CONTACT US

If you have any questions or concerns about this Privacy Policy, our collection and use practices or regarding a possible data or privacy breach you can contact us via e-mail.

 

ADDENDUM


AGORA SERVICES PRIVACY POLICY

This Agora Services Privacy Policy ("Services Privacy Policy") is an addendum to our Privacy Policy and is offered to You in order to clarify that the use of information to which we may be provided access in order to provide services to our clients, including Personal Data, is more limited than set forth in the Privacy Policy.

For the purposes of this Services Privacy Policy, "You" means, in the case of an individual accepting this Services Privacy Policy on his or her own behalf, such individual, or in the case of an individual accepting this Services Privacy Policy on behalf of a company or other legal entity, the company or other legal entity for which You are accepting this Services Privacy Policy, and Affiliates of that company or legal entity.

You are deemed to have accepted this Services Privacy Policy whenever You navigate our website, subscribe to and/or use Agora Platform, whether it is a trial or beta version thereof, and enter into the Platform Subscription Agreement, as applicable.

We may collect information from your use of Agora websites and your interactions with us offline ("Your Data"). We deal with Your Data according to the terms of the Privacy Policy.

Conversely, the data that resides on Agora Platform, Your or third-party systems, and to which Agora is provided access specifically to enable it to perform services ("Services Data") is treated according to the terms of this Services Privacy Policy, and as confidential data in accordance with the terms of the Platform Subscription Agreement.

 

HOW WE COLLECT AND USE SERVICES DATA

Services Data may be accessed and used to perform services under your explicit or implicit orders or instructions, including support, and to confirm your compliance with the terms of the Platform Subscription Agreement. This may include testing and applying new product or system versions, patches, updates and upgrades; monitoring and testing system use and performance; and resolving bugs and other issues You have reported to us. Any copies of Services Data created for these purposes are only maintained for time periods relevant to those purposes.

Agora may be required to retain or provide access to Services Data to comply with legally mandated reporting, disclosure or other legal process requirements. We may transfer and access Services Data globally as required for the purposes specified above.

If Agora hires subcontractors to assist in providing services, their access to Services Data will be consistent with the terms of the Platform Subscription Agreement and this Services Privacy Policy. Agora is responsible for its own subcontractors’ compliance with the terms of this Services Privacy Policy and the Platform Subscription Agreement.

Agora will not use Services Data except as stated above or in the Platform Subscription Agreement.

 

SECURITY AND BREACH NOTIFICATION

Agora is also committed to reducing risks of human error, theft, fraud, and misuse of our facilities. Our efforts include making personnel aware of security policies and training employees to implement security policies. Our employees are required to maintain the confidentiality of Services Data. Employees' obligations include written confidentiality agreements, regular training on information protection, and compliance with company policies concerning protection of confidential information.

Agora promptly evaluates and responds to incidents that create suspicions of unauthorized handling of Services Data. Our cybersecurity and legal teams are informed of such incidents and, depending on the nature of the activity, define escalation paths and response teams to address the incidents. If Agora determines that your Services Data has been misappropriated (including by a Agora employee) or otherwise wrongly acquired by a third party, we will promptly report such misappropriation or acquisition to You.

 

CROSS BORDER TRANSFERS

As a global corporation Agora has developed global data security practices designed to ensure that Services Data is appropriately protected. Please note that Services Data may be transferred, accessed and stored globally as necessary in accordance with this Services Privacy Policy and the Platform Subscription Agreement.

 

PORTAL’s & APPs TERMS OF USE

These Website Terms of Use ("Terms of Use") apply to the Agora website located at agora.brokerslink.com and all associated sites linked to it by Agora ("Website"). Please read these Terms of Use carefully as they are a binding agreement between you and Agora. and its subsidiaries ("Agora" or "We").

BY ACCESSING OR USING THE WEBSITE AND APPs, YOU AGREE TO THESE TERMS OF USE AND OUR PRIVACY POLICY. IF YOU DO NOT AGREE WITH ANY OF THEM, DO NOT USE THE WEBSITE.

Agora reserves the right to change, add or remove parts of these Terms of Use, at any time. It is your responsibility to check these Terms of Use periodically for changes. Your continued use of the Website following the updating of these Terms of Use with changes mean that you accept and agree to such changes. Agora may also change or discontinue any aspect, service or feature of the Website or APPs at any time, including but not limited to, content, availability, and equipment needed for access or use. You are responsible for obtaining and maintaining all connectivity, computer software, hardware and other equipment needed for access to and use of the Website.

These Terms do not apply to your access to and use of Agora Platform and related services, which are governed by the Platform Subscription Agreement and the Privacy Policy, as applicable.

 

YOUR ACCOUNT

In order to have access to and participate in certain features of the Website You may be required to register via an online registration form and create a user account ("Your Account"). We will use the information you provide in accordance with the Privacy Policy. By registering you represent and warrant that all information that you provide on the registration form is current, complete and accurate to the best of your knowledge.

Please keep your password confidential and do not share your account with anyone else. You are entirely responsible for maintaining the confidentiality of your account information, including your password, and for any and all activity that under your account as a result of your failing to keep this information secure and confidential. If you believe that your account has been compromised at any time, please notify us via e-mail.

 

AGORA CONTENT

All text, graphics, user interfaces, visual interfaces, photographs, trademarks, logos, sounds, music, artwork and computer code ("Our Content"), including but not limited to the design, structure, selection, coordination, expression, "look and feel" and arrangement of such Content, contained on the Website is owned, controlled or licensed to Agora, and is protected by trade dress, copyright, patent and trademark laws, as well as other intellectual property rights and competition laws.

Except as expressly provided in these Terms of Use, no part of the Website, including Our Content, may be copied, reproduced, republished, uploaded, posted, publicly displayed, encoded, transmitted or distributed in any way, to any other computer, server, website or other medium for publication or distribution or for any commercial enterprise, without Agora prior written consent.

You may display, copy and download Content from the Website solely for your personal and non-commercial use provided that: (a) you do not remove any copyright or proprietary notice from the Content; (b) such Content will not be copied or posted on any networked computer or published in any medium; and (c) no modifications are made to such Content.

 

USER CONTENT

You may post text, photographs, videos, or other content ("User Content") on the Website or APPs. You can only post User Content if you own all the rights to that User Content, or if another rights holder has given you permission. You do not transfer ownership of your User Content simply by posting it. However, by posting User Content, you grant us an irrevocable, perpetual, non-exclusive right to reproduce, encode, store, copy, transmit, publish, post, broadcast, display, publicly perform, adapt, modify, create derivative works of, exhibit, and otherwise use your User Content, even if you stop using our Website or APPs. You agree to indemnify, release, and hold us harmless from any all liability, claims, actions, loss, harm, damage, injury, cost or expense arising out of any User Content you post. Keep in mind that if you send us any information, ideas, suggestions, or other communications to us, those communications will not be confidential. Moreover, Agora reserves the right to reproduce, use, disclose, and distribute such communications without any obligation to you.

You agree that you will not upload, post or otherwise transmit any User Content that (a) violates the rights of others, including any User Content that may defame, harass, stalk or threaten others; (b) you know to be false, misleading or inaccurate; (c) contains expressions of bigotry, racism, xenophobia, hate speech, vulgarity or profanity; (d) contains or advocates pornography or that is otherwise obscene or lewd; (e) violates any law or advocates violent behavior; (f) poses a threat to personal or public safety; (g) is protected by copyright, trademark, trade secret, right of publicity or other proprietary right without the express permission of the owner of such other proprietary right; (h) does not generally pertain to the designated topic of any given blog or discussion area within the Website; (i) contains any unsolicited or unauthorized advertising or promotional material, "junk mail", "spam", "chain letters", "pyramid schemes", or any other form of solicitation; (j) uses the name or allows identification of a natural person without such person’s consent; and (k) contains a virus or other harmful or disruptive component.

Agora reserves the right to monitor User Content posted in the Website to determine compliance with these Terms of Use, as well as to screen, edit, refuse to post or remove without notice any User Content posted in the Website at any time and for any reason. Agora reserves the right, at its own discretion, to prevent any person deemed to have violated the rights of others, including intellectual property rights, from posting any further material on the Website. Agora is not responsible for, and does not endorse, User Content posted by you or any other person. Accordingly, we may not be held liable, directly or indirectly, for any loss or damaged caused to you or any third party in connection with any such User Content. You shall be solely liable for any damage resulting from any violation of copyrights, trademarks, trade secrets, rights of publicity or other proprietary rights or any other harm resulting from User Content you post.

 

YOUR USE OF THE WEBSITE AND/OR APPs

YOU MAY (a) comply with these Terms of Use and other policies applicable to the use of the Website and/or APPs; (b) comply with all applicable laws and governmental regulations regarding, including, but not limited to, with regard to intellectual property, data privacy, and export control; (c) upload or post only User Content to which you own all required rights under law and under contractual and fiduciary relationship, as applicable; (d) use commercially reasonable efforts to prevent unauthorized access to or use of your account; (e) keep passwords and all other login information confidential; (f) monitor and control all activity conducted through your account; and (g) promptly notify Agora if you become aware of or reasonably suspect any illegal or unauthorized activity or a security breach involving your account.

YOU MAY NOT (a) interfere with or disrupt the Website, APPs or the servers or networks connected to the Website; (b) engage in any activity that would constitute a criminal offense or give rise to a civil liability; (c) impersonate any person or entity or falsely state your affiliation with any person or entity; and (d) interfere with any other user’s right to privacy, including by harvesting or collecting personally-identifiable information about users of the Website and or APPs or posting private information about a third party; (e) probe, scan or test the vulnerability of the Website/APPs or any network connected to the Website, nor breach the security or authentication measures of the Website or any network connected to the Website and or APPs; (f) take any action that imposes a disproportionately large load on the infrastructure of the Website or any systems or networks connected to the Website and or APPs; (g) reverse look-up or trace any information on any other user or visitor of the Website, or any customer of Agora, including any account not owned by you, or exploit the Website or any service or information made available through the Website, with the purpose to reveal any information, including but not limited to personal information, other than your own information; (h) use any automatic device to access, acquire, copy or monitor any portion of the Website or any Content, or in any way circumvent the navigational structure of the Website or any Content to obtain any materials, documents or information not purposely made available through the Website; (i) attempt to gain unauthorized access to any portion or feature of the Website, or to any of the services offered through the Website, by hacking, password "mining" or any other illegitimate means; (j) interfere with the proper working of the Website or any transaction being conducted on the Website, or with any other person’s use of the Website; and (k) forge headers or otherwise manipulate identifiers in order to disguise the origin of any message you send to Agora through the Website or any service offered through the Website; (l) use any service, technology or automated system to artificially inflate the page views that your User Content receives – such as pay-per-click services and web "robots"; and (m) post more User Content than an individual could upload in a given period of time.

 

DISCLAIMER OF WARRANTY

YOU EXPRESSLY AGREE THAT USE OF THE WEBSITES AND OR APPs IS AT YOUR SOLE RISK. AGORA DOES NOT WARRANT THAT USE OF THE WEBSITES AND OR APPs WILL BE UNINTERRUPTED OR ERROR FREE; NOR DO WE MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE WEBSITES, NOR AS TO THE ACCURACY, RELIABILITY OR CONTENT OF ANY INFORMATION, SERVICE, OR MERCHANDISE PROVIDED THROUGH THE WEBSITES. THE WEBSITES ARE PROVIDED ON AN "AS IS" BASIS WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF TITLE OR IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. WE DISCLAIM ANY AND ALL LIABILITY OF ANY KIND FOR ANY UNAUTHORIZED ACCESS TO OR USE OF YOUR PERSONALLY IDENTIFIABLE INFORMATION. BY ACCESSING THE WEBSITES, YOU ACKNOWLEDGE AND AGREE TO OUR DISCLAIMER OF ANY SUCH LIABILITY. IF YOU DO NOT AGREE, YOU SHOULD NOT ACCESS OR USE THE WEBSITES AND OR APPs.

LIMITATION OF LIABILITY

TO THE FULLEST EXTENT PERMISSIBLE BY APPLICABLE LAW, IN NO EVENT SHALL AGORA BE LIABLE TO YOU FOR ANY PERSONAL INJURY, PROPERTY DAMAGE, LOST PROFITS, COST OF SUBSTITUTE GOODS OR SERVICES, LOSS OF DATA, LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER AND/OR DEVICE OR TECHNOLOGY FAILURE OR MALFUNCTION OR FOR ANY FORM OF DIRECT OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY OR PUNITIVE DAMAGES BASED ON ANY CAUSES OF ACTION ARISING OUT OF USE OF THE WEBSITES OR ANY ALLEGED FAILURE OF PERFORMANCE, ERROR, OMISSION, INTERRUPTION, DELETION, DEFECT, OR DELAY IN SERVICE, OPERATION, OR TRANSMISSION OF THE WEBSITES, OR ANY ALLEGED COMPUTER VIRUS, COMMUNICATION LINE FAILURE, THEFT OR DESTRUCTION OF PROPERTY, AND/OR UNAUTHORIZED ACCESS TO, ALTERATION OF, OR USE OF OR POSTING OF ANY RECORD, CONTENT, OR TECHNOLOGY, PERTAINING TO OR ON THE WEBSITES. YOU AGREE THAT THIS LIMITATION OF LIABILITY APPLIES WHETHER SUCH ALLEGATIONS ARE FOR BREACH OF CONTRACT, TORTIOUS BEHAVIOR, NEGLIGENCE, OR FALL UNDER ANY OTHER CAUSE OF ACTION, REGARDLESS OF THE BASIS UPON WHICH LIABILITY IS CLAIMED AND EVEN IF AGORA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, YOU ALSO ACKNOWLEDGE THAT AGORA IS NOT LIABLE FOR ANY ACTUAL OR ALLEGED DEFAMATORY, OFFENSIVE, OR ILLEGAL CONDUCT OF OTHER USERS OF THE WEBSITES OR ANY OTHER THIRD PARTIES.

 

INDEMNIFICATION

You agree to defend, indemnify and hold Agora – including its affiliates and their respective directors, officers, employees and agents – harmless from and against all claims and expenses, including attorneys’ fees, arising out of the use of the Website and/or Apps by you.

Agora reserves the right to take over the exclusive defense of any claim for which we are entitled to indemnification. In such event, you shall cooperate with Agora as reasonably requested.

 

TERMINATION

We may terminate or suspend these Terms of Use at any time without notice to you. We also reserve the right to immediately terminate your access to the Website and/or Apps in the event of any conduct by you which we, in our sole discretion, consider to be unacceptable, or in the event of any breach by you of these Terms of Use.

 

GOVERNING LAW AND JURISDICTION

If You reside in Europe, this Agreement is governed by and shall be construed in accordance with the laws of Switzerland, without regard to its conflict of laws rules. Any dispute arising out of or in connection with this Agreement shall be submitted exclusively to the jurisdiction of the ordinary courts of the Canton of Zurich, venue being Zurich 1.

If You reside in the United States of America, this Agreement is governed by and shall be construed in accordance with the laws of the State of California, without regard to its conflict of laws rules. Any dispute arising out of or in connection with this Agreement shall be submitted exclusively to the jurisdiction of the ordinary courts of California State.

If You reside in any country of Latin America, this Agreement is governed by and shall be construed in accordance with the laws of Brazil, without regard to its conflict of laws rules.

Any dispute arising out of or in connection with this Agreement shall be submitted exclusively to the jurisdiction of the ordinary courts of São Paulo, State of São Paulo, Brazil. Please report any violations of these Terms of Use via e-mail.

 

MISCELLANEOUS

These Terms of Use constitute the entire agreement of the parties with respect to the subject matter hereof, and supersede all previous written or oral agreements between the parties with respect to such subject matter.

The provisions of these Terms of Use are for the benefit of Agora, its affiliates and its third-party content providers and licensors and each of them shall have the right to enforce such provisions directly or on their own behalf.

The failure of either party to enforce at any time any of the provisions of these Terms of Use, or the failure to require at any time performance by the other party of any of the provisions of these Terms of Use, shall in no way be construed to be a present or future waiver of such provisions, nor in any way affect the validity of either party to enforce each and every such provision thereafter.

If, for any reason, a court of competent jurisdiction finds any provision of these Terms of Use, or portion thereof, to be invalid or unenforceable, such provision will be enforced to the maximum extent permissible, and the remainder of these Terms of Use will continue in full force and effect.

 

Cloud Infrastructure, Scalability and Availability

Security in Physical Environment

Data Centers

Agora servers are hosted at ISO 27001, ISO 9001, PCI DSS, Tier III+, CSA/CCM, ITAR, CJIS, HIPAA, IRS 1075 compliant facilities running on Amazon AWS data centers distributed in the United States, Europe, and Latin America. The best location is chosen based on each client’s needs and Agora products they use.

On-site Restrictions Access

Our team work on a secured perimeter with multi-level security zones, 24/7 manned security, video surveillance, multifactor identification access control, physical locks, and security alarms.

Real Monitoring

All Production Systems and Networks are constantly monitored and logically administered by Agora staff and partners using top rated market tools as Dynatrace. Physical security, power, and internet connectivity beyond co-location cage doors or Public Clouds as Microsoft Azure, Amazon AWS and Google Cloud services are monitored by the providers.

 

Security in Network

Dedicated Team

Our support team is on call 24/7 to respond to security alerts and events.

Network Protection

Our network is protected by redundant firewalls, best-in-class router technology, secure HTTPS transport over public networks, regular audits, and network Intrusion detection and/or Prevention technologies which monitor and/or block malicious traffic and network attacks.

Network Architecture

Security monitoring and access controls may apply in all kinds of levels. The network architecture consists in security zones. Our sensitive systems, like database servers, are protected in our most trusted zones. Other systems are placed in zones with their sensitivity, depending on function, information classification, and risk. DMZs are set between the Internet, and internally between the different trusted zones.

Network Vulnerability Scan

Network security scanning gives insight for quick identification of out-of-compliance or potentially vulnerable systems.

PEN Test (Security Penetration Testing)

Each half with help of external security experts, Agora performs detailed penetration tests on all platform and products in addition to our internal scanning and testing programs and best practices.

Security Incident Event Management (SIEM)

The SIEM alerts on triggers that notify the Security team based on correlated events for investigation and response. Our SIEM system gathers extensive logs from important network devices and host systems in order to increase protection.

Detection and Prevention of Intrusion

The systems are set up to create alerts according to incidents and values that are not predetermined in thresholds and do not use regularly updated signatures based on new threats. Application data flow is monitored with Intrusion Prevention Systems or Intrusion Detection Systems. This includes 24/7 system monitoring.

Threat Intelligence Program

Agora participates in several threat intelligences sharing programs. We monitor threats posted to these threat intelligence networks and take action based on our risk analysis and exposure to a threat.

Mitigation of DDoS

Agora contracts with on-demand DDoS scrubbing providers and experts to mitigate Distributed Denial of Service (DDoS) attacks in addition to our own tools and practices.

Access to Logical Network

For access Production Network are required to use multiple factors of authentication. Controlled by our Operations Team, Production Network is restricted accessed by an explicit need-to-know basis, uses least privilege, is audited frequently and monitored in real time.

Response in Security Incident

Employees are trained on security incident response processes, including communication channels and escalation paths. System alerts and events are escalated to our 24/7 teams providing Operations, Network Engineering, and Security coverage.

 

Data Encryption

Transit Encryption

Communications between customers and Agora’s servers are encrypted via industry best-practices HTTPS and Transport Layer Security (TLS) over public networks. Using the best practices in market and tools like Connect: Direct, SFTP, CtfXfb and VPN IPSEC.

Rest Encryption

Client benefits from the protections of encryption at rest for offsite storage of attachments and full daily backups. Agora implements primary and secondary DR data-stores encrypted at rest performed by datacenter Tier 3 .

 

Continuity & Availability

Uptime

Agora maintains a real time monitoring system not only for network and infrastructure but also application platforms. It includes system availability details, scheduled maintenance, service incident history, and relevant security events.

Redundancy

The backup strategies ensures Application and Service Data is actively replicated across primary and secondary DR systems and facilities. Service clustering and network redundancies are used in order to eliminate single points of failure. Our DR databases are stored on efficient Flash Memory devices with multiple servers per database cluster.

Disaster Recovery

Disaster Recovery (DR) strategy is built and configured in a robust technical environment, creating Disaster Recovery plans, and testing. Our DR program ensures that our services remain available or are easily recoverable in the case of a disaster.

Continuity Program

All operations and applications environments, including Service and Application Data, is replicated in a secondary site to support service resumption if primary site become unavailable.

 

Application’s Security

Security in Software Development Life Cycle

Security Education and Training

Periodically, at least once a year, all engineer team participate in secure training covering Top 10 security most dangerous flaws in web applications, common attack vectors, and, together with all employees, once a year participate in compliance training for business security too.

Security Controls in Development Languages and Tools

Continuously we validate the best in security tools and techniques available for our development tools, languages and platforms. Not only with practices in development process but also with tools that are part or will be added to our security framework to limit exposure to Top 10 most dangerous security flaws in web applications. Including inherent controls for reducing our exposure to Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), SQL Injection (SQLi) and others.

QA

Agora dedicated engineers and professional QA’s reviews and tests our application base, identifying, testing, and triaging security vulnerabilities in code and application. With developer engineers and ALM specialists build and apply automated practices for ensure not only functionality and performance but also security and compliance in Agora’s  Products.

Dedicated Environments

No production or customer data are used for any kind of test in staging or testing environments.
Testing and staging environments are separated physically and logically from the Production environment.

 

Vulnerabilities in Application’s Platform

Dynamic Vulnerability Scanning

We use third-party, qualified security tools to scan our Support applications against flaws. In order to provide a security environment for our customer, we use the best tools for support operations and customer success activities as also for development process. Our dedicated team team perform tests and work with engineering teams to remediate any discovered issues counting with direct support from our tool’s provider and partners.

Code Analysis and Application Build

The source code repositories are continuously scanned for security issues using our integrated static analysis tooling. We use one of the leader of Application Lifecycle Management tools to ensure not only engineering features, but security and automated tools for build, security, test and deploy software.

PEN Test (Security Penetration Testing)

Every 12 months with help of external security experts, Agora performs detailed penetration tests on all platform and products in addition to our internal scanning and testing programs and best practices.

COE Program (Correction of Errors)

Continuously Agora team and partners runs security researchers and workshops for safely testing, notifying and correcting bugs, performance problems, functional errors and security vulnerabilities with the internal team and our partners around the globe.

 

Platform Security Features

Authentication

Authentication Options

All users has their own sign-in user and password for Agora Platform. Some integrations with third parties could be configured to use SSO. Some workflows could require an integration and our APIs fully support the industry standards to implement it.

Single sign-on (SSO) and API authentication

Single sign-on (SSO) allows to authenticate users in our systems without requiring them to enter additional login credentials. Both JSON Web Token (JWT) and OAuth2 are supported. API has authentication methods that implement handshake between third-party system and Agora Platform implementing users and group security access with full monitoring and logging for audition.

Password Policy

Agora Platform sets custom password rules for all kinds of users. Only admins roles can change the password security level.

Credential Storage Security

Agora applies secure credential storage best practices and never stores passwords in human readable format, and only as the result of a secure, salted, one-way hash.

Security & Authentication for APIs

All APIs access are done and supported by SSL channel and must be a valid and verified user to make requests. Its possible to authorize against the API using basic authentication with username and password or with an API token. OAuth2 authentication is supported.

 

Product Security Features

Roles and Access Privileges

All access to Agora Platform is governed by access rights, and can be configured to define granular access privileges.

IP Restrictions

Platform can be configured to only allow access from specific IP address ranges.

Transmission Security

All communications with Agora Platform servers are encrypted using industry standard HTTPS over public networks. Security communication and data transfer supports Transport Layer Security (TLS), VPN with IPSEC using the best practices in and tools as Connect:Direct under IPSEC.

Email Security

Agora Platform perform using of DKIM (Domain Keys Identified Mail), SMINE (Secure/Multipurpose Internet Mail Extensions)SPF (Sender Policy Framework) for outbound emails.