Security compliance is crucial for instant messaging technology. To guarantee safe and reliable cloud services, Agora follows the compliance regulations of different countries, regions, and industries, and Agora Chat has built-in security measures to prevent common attacks in instant messaging scenarios.
This page describes the security best practices recommended by Agora Chat, as summarized in the following table:
|Security Measure||Enabled by Default||Recommended Scenarios|
|Data center geofencing||Yes||All instant messaging scenarios.|
|Authentication with tokens||Yes||All instant messaging applications.|
|Data transmission encryption||Yes||All instant messaging scenarios.|
|Data storage encryption||Yes||All instant messaging scenarios.|
In order to meet the laws and regulations of different countries and regions, Agora Chat supports service area geofencing, which prevents the cross-border data transfer of user privacy data in designated service areas.
Agora Chat's data center locations and corresponding service areas are listed as follows:
|Data Center||Location||Service Area|
|Mainland China||Beijing||Mainland China|
|North America||Virginia, US||North America|
To use Agora Chat, you need to specify a data center. After you select a data center, both the REST requests and the SDK API requests to the message server are directed to the data center accordingly.
Once selected, the data center cannot be changed. Agora Chat does not support data migration across service areas. All data is stored in the designated data centers.
Agora Chat uses tokens to validate the identities of end users. A token is a dynamic key generated by the application client with a validation period set by the developers. Tokens ensure that only authenticated users have access to Agora Chat. Each token contains the following information:
The communication between users and the Agora Chat server is encrypted using transmission protocols, such as Agora Chat's private transmission protocol, Transport Layer Security (TLS), and Web Socket Secure (WSS). User data and messages generated by Agora Chat are stored in the designated data center. Agora Chat servers retain user information only for as long as the information is needed to fulfill the purposes for which it was collected, as shown in the following table:
|Data Type||Data Classification||Retention Time|
|Console account data||Customer data||Until the account is deleted or the account is not used for 180 consecutive days.|
|Messages (History messages, roaming messages, offline messages, and so on)||User data||Depends on the cloud storage time associated with your pricing plan:
|Message attachments||User data||7 days|
|Message callbacks||User data||3 days|
|User information hosting||User data||Until the account is deleted or the account is not used for 180 consecutive days.|
|Monitoring data||Operational data||7 days|