Privacy Policy
Effective Date: February 22, 2026
AI AR Agent ("we," "us," "our") respects your privacy. This Privacy Policy explains what information we collect, how we use it, how we protect it, and your rights regarding your data. This policy applies to all users of the AI AR Agent platform, including business clients ("Clients") and the customers of those businesses ("End Customers").
1. Information We Collect
From Clients (Businesses Using AI AR Agent)
| Data Type | What We Collect | Why |
|---|
| Account information | Name, email address, business name, phone number | To create and manage your account |
| Billing data | Payment method (processed by Stripe), billing history | To charge for our services |
| Integration credentials | OAuth tokens for QuickBooks, Xero, Stripe, FreshBooks | To sync your invoice data |
| Invoice data | Invoice amounts, due dates, invoice numbers, customer names and contact info | To send reminders and track recovery |
| Usage data | Login times, feature usage, dashboard activity | To improve the product |
From End Customers (People Receiving Reminders)
| Data Type | What We Collect | Why |
|---|
| Contact information | Name, email, phone number (provided by the Client) | To send payment reminders |
| Invoice information | Amount owed, due date, invoice number (provided by the Client) | To include in reminders and payment links |
| Communication data | Delivery status, opens, replies, opt-out requests | To manage the reminder process and honor opt-outs |
| Payment data | Payment confirmation (processed by Stripe — we do not store card numbers) | To confirm payment and update invoice status |
2. How We Use Your Information
We use the information we collect to:
- Provide and operate the AI AR Agent platform
- Send payment reminders on behalf of our Clients
- Process payments through our payment processor (Stripe)
- Track invoice and recovery status
- Communicate with Clients about their account, billing, and product updates
- Improve the platform based on usage patterns
- Comply with legal obligations
3. How We Do NOT Use Your Information
- We do not sell, rent, or trade any personal data to third parties
- We do not use End Customer data for marketing or advertising
- We do not share data between Clients — each Client's data is fully isolated
- We do not report debts to credit bureaus
- We do not use personal data to train AI models
4. Data Sharing
We share data only in the following limited circumstances:
- Payment processor (Stripe): To process payments. Stripe's privacy policy governs their handling of payment data.
- Email/SMS delivery providers: To send communications on behalf of Clients. These providers process data only as instructed and are bound by data processing agreements.
- Legal requirements: If required by law, court order, or government request.
- Business transfer: In connection with a merger, acquisition, or sale of assets, with notice to affected users.
5. Data Security
- All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
- Access to production systems is restricted to authorized personnel with multi-factor authentication
- We maintain audit logs of all data access
- Client data is logically isolated — no Client can access another Client's data
- Integration tokens (OAuth) are stored encrypted and scoped to minimum necessary permissions
6. Data Retention
- Active accounts: Data is retained for as long as your account is active.
- After cancellation: We delete your data within 30 days of account closure, unless we are required by law to retain it longer.
- Communication logs: Retained for 12 months after the last communication for audit and compliance purposes, then deleted.
- End Customer opt-outs: Opt-out records are retained indefinitely to ensure we honor them.
7. Healthcare Data (HIPAA)
If you are a healthcare provider subject to HIPAA:
- You must execute a Business Associate Agreement (BAA) with us before uploading any Protected Health Information (PHI)
- We limit PHI in communications to the minimum necessary for payment collection (patient name, amount owed, due date)
- We do not include diagnosis codes, treatment information, or clinical data in any communication
- All PHI is encrypted in transit and at rest
- Contact compliance@aiaragent.com to request a BAA
8. End Customer Rights
If you are an End Customer receiving reminders through our platform:
- Opt out of SMS: Reply STOP to any text message. We will immediately cease SMS communications.
- Opt out of email: Click the unsubscribe link in any email. We will immediately cease email communications.
- Dispute an invoice: Reply to any message to raise a dispute. The Client will be notified and reminders will be paused.
- Request data deletion: Contact us at privacy@aiaragent.com. We will coordinate with the Client to delete your data.
- Questions: Contact us at privacy@aiaragent.com for any privacy-related questions.
9. California Residents (CCPA)
If you are a California resident, you have the right to:
- Know what personal information we collect and how we use it
- Request deletion of your personal information
- Opt out of the sale of your personal information (we do not sell personal information)
- Not be discriminated against for exercising your privacy rights
To exercise these rights, contact privacy@aiaragent.com.
10. Cookies and Tracking
Our website uses:
- Essential cookies: For login sessions and security. Required for the platform to function.
- Analytics: We may use privacy-respecting analytics to understand how the website is used. No third-party advertising trackers are used.
11. Children's Privacy
AI AR Agent is a business tool and is not directed at individuals under 18. We do not knowingly collect data from children.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify Clients of material changes via email. The effective date at the top of this page will be updated accordingly.
13. Contact Us
For privacy questions or requests:
Email: privacy@aiaragent.com
Website: aiaragent.com