Privacy Policy
Last updated: June 20, 2026 · Effective: June 20, 2026
This Privacy Policy explains how Agora Technologies, Inc. collects, uses, shares, retains, and protects your information when you use the AGORA platform. It is part of our Terms of Service.
1. Introduction and data controller
1.1. The AGORA platform (“AGORA”, “the Service”) is operated by Agora Technologies, Inc., a C corporation incorporated in Delaware, USA, doing business as “Agora Puerto Rico” (“Agora”, “we”).
1.2. Agora is the controller of personal data processed through the Service. Privacy: privacy@agorapr.com.
1.3. By using the Service you accept these practices. If you disagree, do not use the Service.
2. Scope
2.1. This policy applies to information we process through the Platform, our sites, and related communications.
2.2. It does not apply to linked third-party sites, or to Public Data in its original form published by official sources (Section 16).
2.3. When you use the Service within an Organization (e.g., your employer), it may act as controller of certain data and apply its own policies.
3. Definitions
- “Personal data”: information that identifies or can identify a person.
- “User Content”: documents, contracts, RFPs, files, prompts, and questions you submit to the Service.
- “Processing”: any operation on personal data.
- “Subprocessor”: a third party that processes data on our behalf to provide the Service.
4. Information we collect
We collect the following categories:
- Account data: name, email, password (stored encrypted/hashed), and verification status.
- Organization data: name, members, roles, Package, and settings.
- User Content: documents you upload and the questions, prompts, and messages you send to the AI assistant.
- AI Output and activity: analyses, proposals, chat messages, and logs of your actions (also to measure Package usage).
- Technical and usage data: IP, browser, operating system, session identifiers, dates, and features used.
- Cookies: identifiers and preferences on your device (Section 8).
- Communications: the messages you send us.
- Payment data: processed by external providers; we do not store full card numbers.
We do not request special categories of sensitive data. Please do not upload sensitive third-party data without a legal basis.
5. How we collect information
- Directly from you: when you register, configure your account, upload content, or contact us.
- Automatically: via cookies and similar technologies (technical and usage data).
- From third parties and public sources: by aggregating Public Data and from our Subprocessors (infrastructure, payment).
6. How we use information and legal bases
We use information for the following purposes (and, where data protection law applies, on the bases indicated):
- Provide the Service (contract performance): operate AGORA, including analysis, chat, and proposal generation.
- Manage accounts and payments (contract performance): registration, verification, subscriptions, and Quota control.
- Communicate with you (contract / legitimate interest): verification, security, support, and Service changes.
- Improve and secure the Service (legitimate interest): aggregate analytics, fraud prevention, security.
- Comply with law (legal obligation).
- Marketing (consent, where applicable): you can opt out.
7. Artificial intelligence and processing of your content
7.1. To generate analyses, responses, and proposals, your content is processed by AI models, our own and Subprocessors acting on our behalf.
- We do not sell your content or use it for advertising.
- We do not use your confidential content to train or fine-tune our or third parties' models without your express consent.
- We contractually require AI providers not to use your data to train their models where that option is available.
- AI Output may be inaccurate; it is informational and must be verified against official sources (see Terms).
7.2. We may retain limited AI usage logs for security and operational improvement (Section 11).
9. How we share information
9.1. We do not sell your personal data. We may share it with:
- Subprocessors under confidentiality and security obligations (Section 10).
- Legal compliance and protection: upon valid requests or to protect rights and security.
- Corporate transactions: mergers, acquisitions, or asset sales, subject to this policy.
- Within your Organization: with the Administrator and users per permissions.
- Aggregated or anonymized data that does not identify you.
- With your consent in any other case.
10. Subprocessors
10.1. We rely on trusted providers. Main categories:
- Cloud infrastructure and hosting: Amazon Web Services (compute, database, and file storage).
- AI models: providers that process AI Input to generate AI Output.
- Transactional email: an email delivery provider for verifications and notices.
- Observability and analytics: tools to monitor performance and security.
10.2. We require Subprocessors to protect data and use it only to provide their services. Material changes will be reflected here.
11. Data retention
11.1. We retain data only as long as necessary, unless the law requires longer:
- Account and Organization data: while the account is active and up to 90 days after closure.
- User Content: while you keep it; deleted when you remove it or close the account.
- Chat history and proposals: while the account is active; you can delete them anytime.
- Activity, usage, and billing logs: up to 24 months.
- Verification tokens: expire after 24 hours.
- Backups: a limited period before routine deletion.
- Data required by law: the applicable legal period.
11.2. After these periods, we delete or anonymize data. Request deletion at privacy@agorapr.com.
12. Security
12.1. We apply reasonable technical and organizational measures: password hashing, encryption in transit, access controls, and logical data segregation per Organization.
12.2. No system is 100% secure. You are responsible for protecting your credentials and notifying us of unauthorized access.
13. Your rights and choices
13.1. Depending on your jurisdiction, you may have the right to:
- Access: confirmation and a copy of your data.
- Rectification: correct inaccurate data.
- Erasure: deletion of your data.
- Portability: receive your data in a common format.
- Objection and restriction of certain processing.
- Withdraw consent without affecting prior lawfulness.
13.2. No sale of data. We do not sell or “share” data for targeted advertising within the meaning of laws like CCPA/CPRA.
13.3. Exercise your rights at privacy@agorapr.com. We may verify your identity. You may lodge a complaint with the competent authority.
13.4. If you use the Service under an Organization, direct your requests to it; we may forward them or assist.
14. International data transfers
14.1. We operate from the USA and use providers that may process data in the USA or other countries. By using the Service you understand your information may be transferred outside your country.
14.2. Where required by law, we will apply appropriate safeguards for such transfers.
15. Children
15.1. The Service is not directed to children under 18 and we do not knowingly collect their data. Write to privacy@agorapr.com if you believe a minor provided us data.
16. Data from public sources
16.1. AGORA aggregates and analyzes information from public, official sources of the Government of Puerto Rico and federal sources (contracts, RFPs, and corporations). It is not generated by you.
16.2. We do not warrant its accuracy, completeness, or currency. Corrections must be pursued with the official source.
17. Changes to this policy
17.1. We may update this policy. We will post the current version and update the “last updated” date.
17.2. We will notify material changes by reasonable means. Continued use after the effective date constitutes acceptance.
18. Contact
For privacy questions or requests:
- Agora Technologies, Inc. (doing business as Agora Puerto Rico)
- Privacy: privacy@agorapr.com
- Legal: legal@agorapr.com