Agora Community
Privacy Policy

Last update: 2023-10-23

This policy describes how Agora VFX Inc. ('we' or "Agora") collects, processes, uses and shares personal information and personal data about members of the Agora Community ('the Agora Community' or "the Website"). The use of the second person ('you', 'your', 'yours') refers to a member of the Agora Community.

In this policy, the term personal data or personal information refers to information about an identifiable individual.

1. Summary
  • Data Collection: Agora collects user data including, but not limited to account details, user activity, and analytics metrics.
  • Purpose of Data Use: Data is used for user identification, responding to requests, operating the community, processing payments via third parties via Stripe, and improving the platform through analytics.
  • Analytics: We use a self-hosted analytics tool (Umami) that runs cookielessly by default. Linking analytics to your account is opt-in via our cookie banner.
  • Data Storage & Security: Your personal information is stored electronically and safeguarded with robust security measures to protect against unauthorized access.
  • Security Measures: Agora employs security protocols to protect data, complies with payment card industry standards, and controls access through a role and permission management system.
  • User Rights: Users have the right to access, correct, port, or delete their data. They can also object to data processing and have the option to withdraw or modify consent at any time, including through the cookie banner.
2. What data do we collect?
2.1. Data collected through the Agora

We collect the following data about customers using the Agora Community.

DATA CATEGORY PURPOSE OF USE
  • Name;
  • Email address;
  • Username;
  • Address (only if using payment and paying in CAD, for sales-tax compliance);
  • Last IP;
  • Timezone (returned by the browser);
  • LinkedIn, Discord, Google account identifier if you log in using one of those providers;
  • Profile metadata you choose to add (bio, avatar, showreel, social links);
  • Subscription plan and billing status;
  • User identification and authentication.
The content of communications transmitted by users Respond to your requests.
User Content (uploads, posts, comments, course progress, animation challenge submissions, likes, favorites) Operate the Agora Community.
Payment Card information We use payment card information to process payments through a third-party provider (Stripe).
Analytics data which may include:
  • The operating system of your device;
  • The language of your device;
  • The IP address from which your device accesses the Agora Community (processed transiently to derive a daily-rotating session hash; not retained as personal data);
  • Browsing and clickthrough data such as the number of connections to the Agora Community, the duration of a session, the date of connections to the Agora Community, the functions used;
  • The web page from which you accessed the Agora Community;
 We use analytics data to improve the Agora Community, for example, by determining which features are used more often or what type of content is preferred by the Agora Community members. We may use analytics data to prevent misuse of the Agora Community, to identify problems or bugs with the Agora Community, and to determine what features need to be improved.
2.2. Data from analytics tools

We operate Umami, a self-hosted, privacy-friendly analytics platform, on our own infrastructure. Umami data is only available to us. We do not use Google Analytics, Facebook Pixel, or any other third-party tracking service.

2.2.1 Default (cookieless) tracking

By default, Umami runs without setting any cookie or storing any identifier in your browser. It records aggregate page-view metrics (page URL, referrer, country derived from IP, language, device type, screen size). IP addresses are used transiently server-side to compute a daily-rotating, salted session hash so we can distinguish one visit from another within a 24-hour window; the raw IP is not stored alongside the analytics record.

2.2.2 Optional analytics identification (opt-in)

If you are logged in and you consent via our cookie banner under the "Analytics" category, we will additionally associate analytics events with your account profile (user id, name, current subscription plan). This helps us understand how features are used by different segments of our community. You can revoke this consent at any time by reopening the cookie banner from the footer or by clearing the agora_community_cookie_consent record; subsequent page loads will no longer attach your account profile to analytics events.

3. Cookies and similar technologies

We use a small number of cookies and similar client-side technologies. The full list is shown below. You can review and customize your preferences at any time via the "Manage cookies" link in the website footer.

3.1 Strictly necessary cookies — required for the Website to function. These do not require consent.

  • XSRF-TOKEN — protects you from cross-site request forgery attacks.
  • Session cookie (set by our framework) — identifies your browsing session while you are signed in.
  • agora_community_cookie_consent — stores your cookie preferences so we do not ask again.

3.2 Optional preferences (consent-based)

  • Analytics identification — tracks your consent for linking analytics events with your account profile when you are logged in (see §2.2.2). This preference is recorded inside the agora_community_cookie_consent cookie above; we do not set a separate cookie on your device.

3.3 Third-party cookies set only when you use certain features

  • Stripe sets fraud-detection cookies on our checkout pages when you make a purchase.
  • YouTube embeds are served in privacy-enhanced mode (youtube-nocookie.com), which prevents cookies from being set until you actually start playing the video.
  • Vimeo embeds may set cookies when you play a video.
  • Google, LinkedIn, Discord may set cookies during the OAuth sign-in flow when you log in using one of these providers.
  • Discord, Twitch embeds may set cookies when content from those services is displayed inline.
  • Tenor (Google) may set cookies when the GIF picker is opened in a post composer.
4. How do we store your data?

We retain collected personal data until you request that we destroy it or until our business no longer requires us to maintain it. We do not, however, commit to keep personal data for a specific period of time.

Personal data is stored electronically in the United States by our service providers on encrypted databases.

Our service providers process some data through facilities that may be located in other jurisdictions.

We keep personal data as stated below:

Type of data Conservation and deletion
Agora Community Profile We keep data about Agora Community members until they request their profile be removed.
Analytics events Aggregate Umami events are retained on a rolling basis for product analysis. We do not store raw IP addresses alongside these events.
Email logs (transactional) Delivery metadata from our transactional email provider is retained for the period defined by that provider's standard logs.
Payment records Records of transactions are retained as long as required by accounting, tax, and anti-fraud regulations.
5. How is your data protected?

Your personal data is hosted on servers operated by our service providers and is protected by security measures proportionate to the sensitivity of the data against unauthorized access. Your payment card information is subject to security measures that comply with the standards established by payment card networks.

Our employees and suppliers are informed of the confidential nature of personal data collected through the Agora Community. They are made aware of the appropriate security measures to prevent unauthorized access to personal data. We control access to your personal data through a role and permission management system.

6. Who has access to your data?

We only share your personal data in the manner described in this policy and when we have obtained your consent. Your personal data may be disclosed to the categories of persons depicted below for the following purposes.

6.1. Employees

Personal data is accessible to our officers and employees who must have access to it in order to use the same as outlined in this policy.

6.2. Members of the Agora Community

When you share content on the Agora Community, your profile information will be visible to other members of the Agora Community and the public accessing the Agora Community website.

6.3. Service Providers

We share personal data with service providers that allow us to provide our services more efficiently. We obtain confidentiality undertakings from these service providers with respect to the personal data provided to them. Our suppliers include the businesses listed below:

Supplier Details Useful links
Hosting providers Our application and databases are hosted by infrastructure providers following industry-standard procedures and security measures.
AWS S3 & CloudFront Amazon Web Services hosts our static assets (images, videos, downloadable resources) on S3 and serves them through the CloudFront content-delivery network at cdn.agora.community. Image transforms are performed by AWS Serverless Image Handler. https://aws.amazon.com/privacy/
Stripe We use Stripe to process payments and payment card information. Stripe is PCI-DSS compliant and certified to process financial information. Stripe Privacy Policy:
https://stripe.com/en-ca/privacy
Mailgun Mailgun delivers our transactional emails (account verification, password resets, notifications). https://www.mailgun.com/legal/privacy-policy/
MailWizz MailWizz is the platform we use to send opt-in newsletters and announcement emails to subscribed members. https://www.mailwizz.com/privacy-policy/
Umami (self-hosted) Self-hosted analytics on our own infrastructure. No data is shared with the Umami project itself; we operate the platform end-to-end. https://umami.is/
Typesense Powers the search functionality across courses, assets, and member content. We send the searchable fields (titles, descriptions, tags) of indexed content to Typesense. https://typesense.org/privacy/
Discord Used for community events, animation challenge feedback, and as an optional social-login provider. When you connect your Discord account, your Discord user identifier is associated with your Agora account. https://discord.com/privacy
Google Optional social-login provider. When you connect your Google account, your Google user identifier and basic profile information are associated with your Agora account. https://policies.google.com/privacy
LinkedIn Optional social-login provider. When you connect your LinkedIn account, your LinkedIn user identifier and basic profile information are associated with your Agora account. https://www.linkedin.com/legal/privacy-policy
YouTube / Vimeo Used to embed videos within courses and other content. YouTube embeds are served in privacy-enhanced no-cookie mode; cookies are only set if you click play. Vimeo embeds may set cookies on play. https://policies.google.com/privacy
https://vimeo.com/privacy
Twitch Used to embed live streams. Twitch may set cookies and process data when the embed is loaded. https://www.twitch.tv/p/legal/privacy-notice/
Tenor (Google) Provides the GIF picker available in our post composer. When you open the picker, requests are sent to Tenor. https://policies.google.com/privacy
Google Gemini Used for automated content moderation. Specifically, profile biographies (text) and selected video frames from showreels, animation challenge submissions, and assignment submissions may be sent to the Google Gemini API to detect spam or profanity. We do not send personal account identifiers with these requests. https://ai.google.dev/gemini-api/terms
https://policies.google.com/privacy
6.4. Sharing Content on Social Media

Our service allows you to share content on various social platforms, including Facebook, Twitter, Tumblr, Email, Pinterest, and LinkedIn. When you share content, you may be disclosing information to these platforms, and their respective privacy policies will govern it.

6.5. Legal Obligations

We may also disclose personal data to third parties if expressly permitted or required by law or if we are compelled to do so by a competent authority. We may disclose personal data in connection with legal proceedings if necessary to protect our rights or those of our users.

6.6. Transfer of Business

In the event that the sale or restructuring of all or part of our business is contemplated, we may disclose personal data to the persons or organizations involved before and after the transaction, whether or not the transaction actually takes place. In such a case, these persons or organizations commit to us to maintain the confidentiality of personal data so disclosed and to use the same exclusively for the purpose of assessing the transaction and in accordance with this policy.

7. What are your rights regarding your personal data?
7.1. Access your Data

If you would like access to the personal data we hold about you, or if you would like us to amend any of the personal data we hold about you that is incorrect, you may also send us a written request to the following address: privacy@agora.studio.

Upon written request, we will provide you with additional information about the processing of your personal data as required by applicable law, including the categories of persons who have access to your information and the length of time we retain it to the extent that such information is not already set out in this Policy.

We will respond to your request promptly (within 30 days of receipt).

7.2. Withdrawal of Consent

Settings and preferences within the Agora Community may allow you to withdraw or modify your consent to the collection, processing, and disclosure of your personal data to a certain extent.

In particular, you can change your cookie and analytics preferences at any time using the "Manage cookies" link in the website footer. Withdrawing analytics identification consent takes effect on your next page load.

If you wish to withdraw your consent to the processing of your personal data beyond what is permitted by the Agora Community, please notify us by writing to us at privacy@agora.studio. Using the Website or the Agora Community entails some processing of your personal data. The only way to stop all processing of your personal data is to stop using the Website and the Agora Community.

7.3. Objection

In certain circumstances, you have the right to object to the processing of your personal data that we carry out for our legitimate interests. Your rights in this respect depend, among other things, on your place of residence. To object to the processing of your personal data, you can write to us at privacy@agora.studio.

7.4. Deletion

Under certain circumstances, you may request the deletion of the personal information we hold about you when its collection was unauthorized or when the purposes for which it was collected have been fulfilled. To make such a request, please write to us at privacy@agora.studio. We will respond to your request as soon as possible (but no later than 30 days after receipt).

If you continue to use the Website or the Service, we will collect certain information about you again.

7.5. Data portability

Where applicable law grants you a right to data portability, you may request a structured, commonly-used, machine-readable copy of the personal data you have provided to us. To make such a request, please write to us at privacy@agora.studio.

7.6. Complaints

If you reside in the European Union, you have the right to file a complaint regarding the processing of your personal data with a supervisory authority responsible for the protection of privacy. This authority varies depending on your country of residence.

Our business is governed by the laws and regulations applicable in Quebec and Canada. It is subject to the jurisdiction of privacy protection authorities in Quebec and Canada. Any complaint or claim based on this policy or on our processing of your personal data should be addressed to the authorities in the province of Quebec or in Canada.

7.7. Identity validation

We may verify the identity of individuals asking to exercise their rights concerning their personal data. Any information collected to perform this verification will not be used for any other purpose.

8. Children and minimum age

The Agora Community is not directed to children under the age of 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@agora.studio and we will take steps to remove that information from our records. Users between the ages of 13 and the age of majority in their jurisdiction should use the Website only with the involvement of a parent or legal guardian.

9. Modifications

We may amend this policy from time to time to reflect changes in our personal information handling and management practices. If a change is made, the new policy will be available through the Service and on our website (this page).

If we have collected your contact information, we will notify you of any material changes to our privacy policy by e-mail before the new policy takes effect.

10. Responsibilities; Complaints

The contact details of the person responsible for processing personal information under this policy are as follows:

Eve Turpin
privacy@agora.studio

The Privacy Officer is responsible for all matters relating to the collection, use, and disclosure of personal information.
Any complaints regarding the processing of your personal information should be addressed to the Privacy Officer.