Flat Privacy Policy

Update date of this version: July 23, 2021
Effective date of this release: July 23, 2021

Thank you for your interest in Agora (hereinafter also referred to as "we" or "us"), and welcome and thank you for using our FLAT software ("FLAT") and our other services provided by us (collectively, the "Services").

The FLAT Privacy Policy (this "Privacy Policy") applies to the online interactive services we provide. When you use our online interactive services, you agree to accept this Privacy Policy, and for users under the age of eighteen, both this Privacy Policy and the FLAT Rules for the Protection of Personal Information of Minors and Notice to Guardians apply.。

We understand the importance of personal information to you and will do our best to protect the security and reliability of your personal information. We are committed to maintaining the trust you place in us by adhering to the following principles.

Consistent authority and responsibility
Clarity of purpose
Minimum necessary
Open and transparent
Security
Subject participation

[Special Note] Please read this Privacy Policy and the FLAT Rules for the Protection of Personal Information of Minors and Notice to Guardians (especially those highlighted in bold or underlined) carefully before using the Services to make appropriate choices. By using or continuing to use our products or services after we update this Privacy Policy, you agree to this Privacy Policy and consent to the collection, use, storage, sharing, transfer and disclosure of your personal information in accordance with this Privacy Policy.

This Privacy Policy will help you understand the following.

I. How we collect your personal information

II. How we use your personal information

III. How we use cookies and similar technologies

IV. How we share, transfer and publicly disclose your personal information

V. Your right to protection of information

VI. How we handle personal information of children

VII. How we protect the security of your information

VIII. How long we retain your personal information

IX. How your personal information is transferred globally

X. How to update this policy

XI. How to contact us

I. What personal information we collect about you

We collect your personal information primarily to make it easier and more satisfying for you and other users to use the Service. And this personal information helps us to achieve this goal.

For the purposes of this policy, "personal information" means information recorded electronically or otherwise that, alone or in combination with other information, can identify a specific natural person or reflect the activities of a natural person.

In order to provide our services to you, we may voluntarily collect personal information from you that is necessary to provide the services. You have the right to refuse to provide such personal information, and if you do so, we may not be able to provide you with certain services or you may not be able to enjoy certain features, but this will not prevent you from using services or features that do not require personal information.

We collect personal information necessary for the express, lawful purposes that have been disclosed to you and we ensure that we do not process such information in a manner inconsistent with those purposes. We obtain personal information relating to you from the following sources.

1.1 Information we collect directly from you

When you use our FLAT software, you understand and agree that the Service may require you to enable certain access rights in your device in order to enable the collection and use of the personal information to which those rights relate.

1. When you log in using a third-party platform account (GitHub, WeChat, Google), we will obtain the relevant information (including: username, nickname, avatar, etc.) and authentication information under that third-party account based on your authorization. We promise to use this information to provide you with login services and to protect your account from security risks.
2. When you use the Join a Room or Invite to Join a Room function, we will read your clipboard information according to your authorization
3. When you use the room reservation function, we will get the calendar data written and read according to your authorization; if you refuse the authorization, you cannot use the room reservation function, but it does not affect the use of other services provided by us.
4. when you use the voice chat function, we will obtain the microphone function according to your authorization, which will collect your IP address, mobile device model; if you refuse the authorization, you will not be able to use the voice chat function, but it will not affect the use of other services provided by us.
5. When you use the video chat function, we will authorize the camera function according to you, and this authorization will collect your IP address, mobile device model; if you refuse the authorization, you will not be able to use the video chat function, but will not affect the use of other services we provide.
6. When you use the classroom recording function, we will store whiteboard doodle information and store audio and video call contents according to your authorization; if you refuse the authorization, you will not be able to use the classroom recording function, but will not affect the use of other services provided by us.
7. When you use the classroom cloud function, we will obtain the permission to read and download folders according to your authorization, which will collect your classroom materials (including PPT, PDF, WORD, MP3, MP4, PNG, JPG, JPEG formats);if you refuse the authorization, you will not be able to use the classroom cloud function, but it will not affect the use of other services provided by us.
8. When you use other basic functions such as classroom network detection and log function, we may also collect your machine code, voice chat log, video chat log, device model, and network type; if you refuse to open it, you cannot use the above functions, but it does not affect the use of other services provided by us.

If you no longer use the Service, we also provide cancellation of registered accounts under the conditions agreed in the Service Agreement and the relevant national laws and regulations, you can submit a cancellation request through the contact information agreed in Article 11 [How to Contact Us] of this Privacy Policy, and we will manually help you cancel your account within three days (user-directed cancellation will be supported at a later stage). When your account is cancelled or deleted, all service information and data under the Service related to the account will be deleted or anonymized, except as otherwise provided by laws and regulations.

1.2 Other situations

According to relevant laws and regulations and national standards, we may collect and use your relevant personal information without seeking your authorized consent in the following cases.

1. Directly related to national security, national defense security and other national interests; directly related to public safety, public health, public information and other significant public interests.
2. Directly related to crime investigation, prosecution, trial and execution of judgments, etc.
3. For the purpose of safeguarding your or other individuals' life, property, reputation and other significant legitimate rights and interests but for which it is difficult to obtain your consent.
4. Where the personal information collected is disclosed by you to the public at your own discretion
5. Where personal information is collected from information that is lawfully and publicly disclosed, such as lawful news reports, government information disclosure and other channels.
6. Necessary for the conclusion and performance of a contract at your request.
7. Necessary for maintaining the safe and stable operation of the products or services provided, such as detecting and disposing of malfunctions of products or services.
8. Necessary for the conduct of legitimate news reporting.
9. Necessary for conducting statistical or academic research in the public interest, and when it provides the results of academic research or descriptions to the public, to de-identify the personal information contained in the results.
10. Other circumstances as stipulated by laws and regulations.

II. How we use your personal information

1. We may use your personal information collected under Section 1 of this policy, "What Personal Information We Collect About You," for the following purposes.
   1. To fulfill an agreement with you: When you choose to accept our "Usage Agreement" and continue to use our services, an agreement is made between us. In order to fulfill this agreement and provide you with the services you have chosen, we will use your personal information as necessary.
   2. To maintain the security, quality and stable operation of our services: We will use your personal information to ensure the security and stability of our services and to provide you with a better quality of service.
   3. To comply with legal obligations: We may use your personal information in order to comply with legal and regulatory requirements.
   4. To safeguard legitimate rights and interests: We may use your personal information for the purpose of safeguarding your life, property and other significant legitimate rights and interests of other individuals, or to safeguard our legitimate rights and interests.
   5. Other purposes: If it is necessary to use your personal information beyond the purposes or scope of use established in this policy, we will obtain your consent separately.
2. If you are located in the European Economic Area (EEA) or the United Kingdom, we will only process your personal information on the basis of valid legal grounds, including that:
   1. You have given your consent for us to use your personal information.
   2. We need your personal information to provide you with services, including account registration and responding to your requests.
   3. we are legally obliged to use your personal information.
   4. we or a third party has a legitimate interest in using your personal information. In particular, we have a legitimate interest in using your personal information for business analysis and to improve the security and performance of our services. We rely on our or third parties' legitimate interests to process your personal information only to the extent that it does not conflict with your interests.

III. How we use cookies and similar technologies

3.1 What is a cookie?

A cookie is a small file containing a string of characters that is sent to and stored on your computer, mobile device or other device (usually encrypted) when you log in and use a website or other web content. cookie-like technologies are other technologies that can be used for similar purposes as cookies, such as Web Beacons, Proxies, embedded scripts, etc.
Currently, we primarily use cookies to collect your personal information. You acknowledge and agree that we may also use cookie-like technologies as technology evolves and our products and services are further improved.

3.2 How to Use Cookies

1. When you use our products and/or services, we may use cookies and similar technologies to collect some personal information about you, specifically, we may collect the following information about you.
   1. Your website access habits.
   2. your browsing information.
   3. Your login information.
2. Cookies and similar technologies collect the above information as necessary for you to use our products and/or services and to simplify your repetitive steps, and may be used in the following situations.
   1. Simplify your repetitive steps (e.g., registration, login)
   2. To protect the security of your information and account.
   3. To provide you with content that is more tailored to your individual needs and that may be of greater interest to you
   4. You view your usage history, such as video viewing history
   5. To improve our products and services and other necessary scenarios Please be assured that we are committed to using cookies and similar technologies only for the purposes described in this Privacy Policy.

3.3 How you can manage cookies in your browser

If your browser allows it, the specific management methods are as follows.

1. You can manage, and (partiallyfully) reject, cookies andor similar technologies through your browser's settings.
2. You can delete cookies and/or similar technologies that are already stored on your computer, mobile device or other device so that we cannot track all or part of your personal information.
   For more information on how to change your browser settings, please see the relevant settings page for the browser you are using.

IV. How We Share, Transfer and Publicly Disclose Your Personal Information

1. We will not share your information with third parties without your express consent, except as described in this policy or as specifically stated when collecting your information. We may share your information with third parties in the following circumstances.
   1. Our Affiliates: We may disclose your personal information to our affiliates. An "Affiliate" is any other entity that directly or indirectly controls us, is controlled by us, or is under the common control of others with us.
   2. Other Users: If you post your information in publicly accessible areas or share your information in the course of using the Services, other users will likely access, read, and use the information you post and share, including your avatar, pictures, likeness, voice, video, audio, text, opinions, etc.
   3. Fulfillment of Legal Responsibilities: We are not required to obtain your prior authorized consent to retain, preserve, share, transfer or disclose your information if required by law or regulation, or to enforce a court judgment or ruling, or to comply with a request from a relevant government agency.
   4. Protection and Enforcement of Our Rights: We also reserve the right to disclose your information if we believe in good faith that it is reasonable or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent or unlawful use or activity, (iii) investigate and defend against any third party claims or allegations, (iv) protect the security or integrity of the Services and any facilities or equipment required for the Services, or (v) protect our property or other legal rights (including, but not limited to, enforcing our agreements) and protect the rights, property or safety of others.
   5. Through Your Consent: We may also disclose the information collected at the time of collection by providing notice of how the information will be disclosed, or through your express consent to disclose the information in any other way.
2. We will not transfer your personal information to any company, organization, or individual, except for the following.

   1. Transfers where express consent is obtained.

      Where we obtain your express consent to transfer your personal information to another party.

   2. In the event of a merger, acquisition or bankruptcy liquidation involving.

      In cases involving the transfer of personal information, we will require the new company or organization holding your personal information to continue to be bound by this policy before we require that company or organization to seek your authorized consent again.

   3. We will only publicly disclose your personal information when.

      1. After obtaining your express consent.
      2. Disclosure based on law: We may publicly disclose your personal information when compelled to do so by law, legal process, litigation or government authorities.

V. Your right to information protection

1. Account Management.

   You may refuse to share certain personal information with us, in which case we may not be able to provide certain features of the Service to you. You may access your account settings page on the Service at any time to inquire, update, correct or delete your personal information or to cancel your user account. If you wish to access or correct any other personal information we hold about you, or request that we delete any information about you obtained through our corporate customers, you may contact us at privacy@agora.io. Please note that while any changes you make will be reflected in the active user database immediately or within a reasonable period of time, we may retain all information you submit for backup, archiving, fraud and abuse prevention, analysis, and to satisfy legal obligations, to the extent permitted by applicable law.

2. Privacy Settings.

   1. While we may allow you to adjust your privacy settings to limit access to certain personal information, please note that no security measure is perfect or impenetrable. We are not responsible for circumventing privacy settings or security measures on the Services. In addition, we have no control over the actions of other users with whom you choose to share information. In addition, even after information posted on the Services is deleted, caching and archiving services may have saved that information and other users or third parties may have copied or stored the information available on the Services. We cannot and do not guarantee that the information you post or transmit to the Services will not be viewed by unauthorized persons.

   2. You also have the following personal information protection rights.

      1. Right to Revoke Consent: In scenarios where we rely on your consent to collect and process your personal information, you have the right to request revocation of your consent at any time by giving written notice, and we will process your request within thirty days of verifying your identity.
      2. Right of access to personal information: You have the right to request access to the personal information we collect about you, as well as to request that we explain to you how we use and to whom we share your personal information.
      3. Right to correct personal information: You have the right to correct your personal information to ensure that your personal information is accurate and complete.
      4. Right to delete personal information: You have the right to request that we delete your personal information. In general, we will respect your right to erasure, but we will retain the necessary information if the applicable laws and regulations expressly provide for the retention of your personal information or if we have a legitimate interest in retaining your personal information and such interest can override your individual rights.
      5. Right to Restrict Automated Information System Decisions: In some business functions, we may make decisions based solely on automated, non-human decision-making mechanisms, including information systems, algorithms, and the like. If these decisions significantly affect your legitimate interests, you have the right to request an explanation from us and we will provide appropriate remedies.
      6. Right to a copy of your personal information: In the event that we collect your personal information based on your consent or agreement with you, you have the right to request that we provide you with a machine-readable copy of your personal information in a reasonably structured and commonly used form, or to request that we transfer your personal information to a third party designated by you.

      In order to fulfill your rights as described above, you may send a written notice to privacy@agora.io. In order to verify your identity, we may ask you to provide your personal information and delete it after verifying your identity. We will do so within thirty days of verifying your identity. If we are unable to do so, we will also respond within thirty days of verifying your identity and explain why we are unable to do so.

   3. In principle, we do not charge a fee for your reasonable requests, but we will charge a cost for repeated requests that exceed reasonable limits, depending on the circumstances. We may refuse requests that are unnecessarily repetitive, require excessive technical means (for example, requiring the development of new systems or fundamental changes to current practices), pose a risk to the legal rights of others, or are highly impractical (for example, involving backups of information stored on systems/servers). We will not be able to respond to your request in the following cases.

      1. It is related to the performance of our obligations under laws and regulations.
      2. directly related to national security, national defense security.
      3. Directly related to public safety, public health, or vital public interests.
      4. Directly related to criminal investigation, prosecution, trial and enforcement of judgments, etc.
      5. Where we have sufficient evidence of subjective malice or abuse of rights by an individual you.
      6. Where it is in the interest of safeguarding your or other individuals' significant legitimate rights and interests, such as life and property, but where it is difficult to obtain your own consent
      7. Where responding to your request would result in serious damage to the legitimate rights and interests of the individual you or other individuals, or us
      8. Those that involve commercial secrets.

VI. How we handle personal information of children

1. 如您为未满 18 If you are a minor under the age of 18, please make sure that your guardian reads the FLAT Rules for the Protection of Personal Information of Minors and Notice to Guardians and uses our services or provides us with personal information with the consent of your guardian. We will protect the relevant personal information of minors in accordance with the provisions of relevant national laws and regulations. If the guardian finds that the relevant personal information of the minor is filled in by the minor himself/herself and needs to be revised or deleted for processing, please contact us at any time.

2. Children should not use our services or register for our account without the consent of their parents or guardians. In the case of personal information collected from children with parental consent, we will only use or publicly disclose this information as permitted by law, with the express consent of the parent or guardian, or as necessary to protect the child. Although local laws and customs define children differently, we consider anyone under the age of 14 to be a child. If we find that we have collected personal information from a child without prior verifiable parental consent, we will seek to delete the relevant data as soon as possible.

VII. How we protect the security of your information

1. We promise to strictly comply with the relevant laws and regulations of the People's Republic of China, and to take necessary and appropriate security and technical measures to preserve, manage and transmit users' personal information, to ensure that users' personal information is accurate and intact, and to prevent such personal information from being tampered with, leaked, or destroyed..

2. We employ specific physical, managerial, and technical safeguards designed to protect the personally identifiable information we collect from accidental or unlawful destruction, loss, unauthorized alteration, disclosure or access, misuse, and any other unlawful form of processing of personal information. However, we cannot ensure or warrant the security of any information you transmit to us or store on the Service, and you do so at your own risk. In addition, we cannot guarantee that others will not breach our physical, technical or managerial safeguards by accessing, disclosing, altering or destroying such information. The foregoing is subject to the requirements of applicable law to ensure the security of information.

3. The Internet environment is not 100% secure and we will endeavor to ensure the security of any information sent to us by users, but users should use the services we provide with a full understanding of the risks associated with the Internet environment.

   In the unfortunate event of a personal information security incident, we will promptly inform you by e-mail in accordance with the requirements of laws and regulations so that you can take appropriate protective measures. When it is difficult to inform the subject of personal information one by one, we will take a reasonable and effective way to issue an announcement. At the same time, we will also take the initiative to report the disposition of personal information security incidents in accordance with the requirements of regulatory authorities.

VIII. How we store your personal information

1. Storage period: Different information storage periods may apply to information collected for different purposes. We will only retain your personal information for the minimum period necessary to achieve the purpose or for the period required by law. When you stop using our services and cancel your account, we will, in principle, delete your personal information within thirty days, unless a longer period is required by applicable law or to achieve other legitimate purposes.
2. Storage location: When creating a room, users can choose a server near them according to the actual situation, currently supporting the United States, the United Kingdom, Singapore, India, and China. The courseware used in the room will be stored on the server corresponding to the room.

IX. How your personal information is transferred globally

In principle, the personal information we collect and generate in the People's Republic of China will be stored in the People's Republic of China. Because we provide our services through resources and servers located around the world, this means that if you interact with subjects in other countriesregions in real time, or if you use our services in other countriesregions, your personal information will be transferred, transmitted to other countriesregions, or accessed by servers in other countriesregions. Such jurisdictions may have different data protection laws or even no such laws. In such cases, we will ensure that your personal information is adequately protected to the same extent as in the People's Republic of China. For example, we may request your consent to transfer personal information across borders or implement security measures such as data de-identification, anonymization or digital encryption prior to cross-border data transfers.

X. How this policy is updated

1. This Policy may be updated from time to time and posted on the Site, so please revisit this page periodically to be aware of any changes to this Policy. Your continued use of the services provided by us after updates to this Policy have been posted indicates that you have agreed to the changes or updates.
2. We will also provide more prominent notice of material changes (including, for certain services, by sending a notice via email, etc., or by generating a pop-up or similar notice when you first access the service after such changes are made, stating the specific changes to this policy).

XI. how to contact us

Agora is the entity responsible for the processing of personal information as described in this Policy. For any questions, comments or suggestions regarding this Policy or related matters, or if you wish to exercise your rights, please contact us at the following contact information, and we will generally respond within thirty days.

Address: 7F, Building 12, 333 Songhu Road, Yangpu District, Shanghai      Agora Legal Department
Email: privacy@agora.io

If you are not satisfied with our response, or believe that our treatment has damaged your legitimate rights and interests, you may also seek judicial remedies.