Security best practice
Security compliance is crucial for instant messaging technology. To guarantee safe and reliable cloud services, Agora follows the compliance regulations of different countries, regions, and industries, and Chat has built-in security measures to prevent common attacks in instant messaging scenarios.
This page describes the security best practices recommended by Chat, as summarized in the following table:
| Security Measure | Enabled by Default | Recommended Scenarios |
|---|---|---|
| Data center geofencing | Yes | All instant messaging scenarios. |
| Authentication with tokens | Yes | All instant messaging applications. |
| Data transmission encryption | Yes | All instant messaging scenarios. |
| Data storage encryption | Yes | All instant messaging scenarios. |
Data center geofencing
In order to meet the laws and regulations of different countries and regions, Chat supports service area geofencing, which prevents the cross-border data transfer of user privacy data in designated service areas.
Chat's data center locations and corresponding service areas are listed as follows:
| Data Center | Location | Service Area |
|---|---|---|
| Singapore | Singapore | Southeast Asia |
| Mainland China | Beijing | Mainland China |
| Europe | Frankfurt, Germany | Europe |
| North America | Virginia, US | North America |
To use Chat, you need to specify a data center. After you select a data center, both the REST requests and the SDK API requests to the message server are directed to the data center accordingly. Once selected, the data center cannot be changed. Chat does not support data migration across service areas. All data is stored in the designated data centers.
Authentication with tokens
Chat uses tokens to validate the identities of end users. A token is a dynamic key generated by the application client with a validation period set by the developers. Tokens ensure that only authenticated users have access to Chat. Each token contains the following information:
- The App ID of your Agora project
- The App Certificate of your Agora project
- The user ID of the user to be authenticated
Data transmission and storage
The communication between users and the Chat server is encrypted using transmission protocols, such as Chat's private transmission protocol, Transport Layer Security (TLS), and Web Socket Secure (WSS). User data and messages generated by Chat are stored in the designated data center. Chat servers retain user information only for as long as the information is needed to fulfill the purposes for which it was collected, as shown in the following table:
| Data Type | Data Classification | Retention Time |
|---|---|---|
| Console account data | Customer data | Until the account is deleted or the account is not used for 180 consecutive days. |
| Messages (History messages, roaming messages, offline messages, and so on) | User data | Depends on the cloud storage time associated with your pricing plan:
|
| Message attachments | User data | 7 days |
| Message callbacks | User data | 3 days |
| User information hosting | User data | Until the account is deleted or the account is not used for 180 consecutive days. |
| Monitoring data | Operational data | 7 days |