AR Buddy
HomeTermsClient login

Legal

Privacy Policy

DRAFT — FOR COUNSEL REVIEW. Not legal advice. Tailored to a commercial (B2B) radio-advertising receivables collection platform that processes (a) Client account/credential data and (b) third-party debtor data on behalf of Client stations. Must be reviewed by state-admitted counsel, reconciled to the Client Service Agreement and the Data Security & Privacy Program, and localized to the operating state(s) before publication. Bracketed items are placeholders.

Last updated: [DATE]

1. Scope and roles

This Privacy Policy explains how [LEGAL ENTITY] (“AR Buddy,” “we,” “us”) handles information in connection with the AR Buddy client portal and API (the “Platform”). It covers two distinct categories of information that we treat very differently:

  • Client information — information about our radio-station clients and their authorized users (business contact details, login credentials, API keys). For this information we act as the controller.
  • Debtor / Account Data — information about the advertiser/debtor on each placed account, which may include an individual's name and contact details. This data is provided to us by the Client station for the sole purpose of collecting a commercial receivable. For Debtor Data we act as a service provider/processor on behalf of the Client station, which is the controller. We process it only to perform collection and only as instructed by the Client and our agreements, not for our own purposes.

2. Important note about debtor data

We receive Debtor Data from our Client stations, not from the debtors themselves. If you are an advertiser or other individual whose information we hold because a station placed an account, the station that engaged us is the controller of your information; please also direct requests to that station. We will assist the station in responding to any request we are obligated to support. We use Debtor Data only to collect the specific account it relates to.

3. What we collect

Client data: business name and call letters, authorized contact name, business email, hashed password (we never store passwords in plain text), API key, and Platform usage/log data.

Debtor / Account Data: advertiser/debtor name, optional invoice reference, original amount, age of the account, account status, and amounts recovered/remitted. Where a Client provides it, we may also hold contact details and the debtor's state of residence (used to determine applicable legal obligations). We follow a data-minimization practice: we do not request or store full Social Security numbers, and we do not store raw bank-account or payment-card numbers — any payment is handled by a PCI-compliant payment processor that returns only a token.

4. How we use information

  • To provide the Platform and perform collection on accounts a Client places;
  • To authenticate users and secure accounts (credentials, API keys, logs);
  • To produce remittance statements and reconcile funds held in trust;
  • To comply with legal obligations, enforce our agreements, and prevent fraud or misuse.

We do not sell personal information, and we do not use Debtor Data for our own marketing or for any purpose other than collecting the account it concerns and meeting our legal and contractual duties.

5. How we share information

We share information only as needed to operate the service and meet legal obligations, with:

  • Service providers / subprocessors acting under contract on our behalf — for example, cloud hosting, the collection management system, a PCI-compliant payment processor, mailing vendors, and, where lawful and necessary to locate a debtor, skip-trace providers. These providers are bound to use the data only to provide their service to us.
  • The Client station that placed the account (for Debtor Data, this is the controller).
  • Legal and regulatory recipients where required by law, legal process, or to protect rights and safety.

We do not sell your information, we do not buy debt, and we do not share information except as described here.

6. Retention

We keep Client data for as long as the account is active and as needed for legal, tax, and recordkeeping purposes. For Debtor Data, our practice is to dispose of it no later than [two (2) years] after the last date it was used to service the account, except where a longer period is required by a litigation/legal hold, by law, or by our agreement with the Client. We review our retention practices at least annually to minimize unnecessary retention.

7. Security

We protect information using access controls scoped so that each Client sees only its own accounts, encrypted transport (TLS), hashed credentials, audit logging, and a written information-security program. No system is perfectly secure; if we experience a security incident affecting personal information, we will notify affected Clients and individuals and applicable regulators as required by the breach-notification law of each affected individual's state of residence and by our Client agreements.

8. Your choices and rights

Depending on your state of residence and the nature of the data, individuals may have rights to access, correct, or request deletion of personal information, or to dispute the accuracy of an account. Because most Debtor Data is held on behalf of a Client station (controller), we will route or support such requests with that station as required by law. Client-account users may update their account information or request closure at any time. To make a request, contact us at [privacy@arbuddy.com]; we may need to verify your identity and, for Debtor Data, coordinate with the relevant Client.

9. Dispute and cease-contact

If you dispute an account or ask that contact stop, tell us or the placing station; we honor validated disputes and cease-contact requests as a matter of policy across our systems.

10. Children

The Platform and the underlying receivables are commercial and not directed to children; we do not knowingly collect information from anyone under 18.

11. Changes

We may update this Policy; material changes will be posted with a new “Last updated” date and, where appropriate, communicated to Clients.

12. Contact

[LEGAL ENTITY], [NOTICE ADDRESS], [privacy@arbuddy.com].


Legal regimes referenced for tailoring — all to be confirmed with counsel and localized: FDCPA 15 U.S.C. §1692 et seq.; FTC Safeguards Rule 16 CFR Part 314 (the launch-kit Data Security & Privacy Program concludes it likely does NOT bind a pure-commercial book — confirm); FCRA 15 U.S.C. §1681 et seq. for any skip-trace data; state breach-notification laws keyed to the affected individual's residence; state comprehensive privacy laws (e.g., CCPA/CPRA) where applicable. None should be cited to a debtor or client as settled until counsel verifies applicability for the named operating state.

Read our Terms of Service →

AR Buddy

Radio's receivables specialists. Commercial advertiser AR, recovered on contingency.

© 2026 AR Buddy (working name). Commercial (B2B) radio advertising receivables only. Funds held in a segregated client-trust account; FDCPA-grade conduct followed voluntarily. Recovery figures are illustrative and not a guarantee of results. Terms · Privacy