What Information Must a Credit Repair Company Provide Before I Sign Up? Legal Disclosures and Contract Requirements
Written by Mark Clayborne
Last updated on April 24, 2026
On this page
Before a consumer signs a credit repair service agreement, the Credit Repair Organizations Act (CROA) requires two specific disclosures delivered in a specific sequence, and that sequence is as legally significant as the content of the disclosures themselves.
The Consumer Rights Statement, required by 15 U.S.C. section 1679c, must be delivered to the consumer and acknowledged by them as a completely separate document before the service contract is presented for signature.
The written service contract, required by 15 U.S.C. section 1679d, must then be signed before any services begin, and it must contain four specific elements that CROA mandates by statute. A credit repair company that skips either disclosure, delivers them in the wrong order, or buries the Consumer Rights Statement inside the contract rather than presenting it as a standalone document has committed a CROA violation before a single dispute letter is sent.
Understanding what credit repair companies must legally disclose before a client signs up is equally important for consumers evaluating a credit repair service and for credit repair business owners building compliant onboarding workflows.
For consumers, the required disclosures are the primary tool for identifying whether a company is operating legally before any money changes hands.
For business owners, the disclosure and contract requirements are the compliance foundation that every client relationship is built on, and getting them wrong creates legal exposure that no amount of excellent dispute work can retroactively cure.
What information must a credit repair company provide before I sign up?
Credit repair companies are legally required to provide two specific documents before a consumer signs any agreement: the Consumer Rights Statement under 15 U.S.C. section 1679c and the written service contract under 15 U.S.C. section 1679d.
These are not optional disclosures that a company can choose to provide or withhold based on business preference. They are statutory requirements under CROA, and the sequence matters as much as the content: the Consumer Rights Statement must be received and acknowledged by the consumer before the contract is presented, not simultaneously with it and not after.
A credit repair company that provides both documents at the point of signing has not satisfied CROA’s sequencing requirement even if both documents are correctly worded.
The Consumer Rights Statement: Content Requirements Under 15 U.S.C. Section 1679c
The Consumer Rights Statement is a standalone disclosure document whose specific content is defined by CROA at 15 U.S.C. section 1679c. The statute specifies what this document must communicate to the consumer before any contract is signed.
It must inform the consumer that they have the right to dispute inaccurate information in their credit report directly with the credit bureaus at no cost. It must inform the consumer that they have the right to obtain a free copy of their credit report.
And it must inform the consumer that they have the right to sue a credit repair organization that violates CROA, recovering actual damages, punitive damages, and attorney fees. The Consumer Rights Statement cannot be embedded in the service contract as a clause, a footnote, an addendum, or a section of the broader agreement.
It must be provided as a completely independent document, delivered before the contract is presented for signature, and the credit repair company must obtain and retain a signed or date-stamped acknowledgment confirming the consumer received it before signing the contract.
That acknowledgment is the primary compliance documentation in any FTC or CFPB review, and a company that delivered the disclosure correctly but failed to retain the acknowledgment has lost the evidence it needs to demonstrate compliance when compliance is later questioned.
The Written Service Contract: What It Must Contain Before Any Work Begins
The written service contract required by 15 U.S.C. section 1679d must include four specific elements that CROA mandates, and a contract that is missing any one of them is non-compliant regardless of how thoroughly it addresses other aspects of the client relationship.
The four required elements are: a full and specific description of every service to be performed, the total amount of all payments the consumer will make, the date by which those services will be completed or the length of the performance period, and a clear statement of the consumer’s right to cancel within three business days without penalty.
| Required Contract Element | Statutory Source | What It Must Include | Consumer Protection Purpose |
|---|---|---|---|
| Full Description Of Services | 15 U.S.C. § 1679d(b)(2) | Specific services to be performed, not a general category or vague promise | Prevents companies from signing clients to indefinite, undefined engagements |
| Total Amount Of All Payments | 15 U.S.C. § 1679d(b)(1) | Every fee the consumer will pay, disclosed completely before signing | Prevents hidden or escalating fees that emerge after the client is already committed |
| Date Or Period Of Performance | 15 U.S.C. § 1679d(b)(3) | Specific completion date or defined service period, not open-ended | Prevents indefinite engagements with no accountability for results |
| Three-Day Right To Cancel Statement | 15 U.S.C. § 1679d(b)(4) | Clear statement of the right to cancel and instructions for exercising it | Ensures consumer awareness of the cancellation right before they are bound |
| Notice Of Cancellation Form | 15 U.S.C. § 1679e | A separate cancellation form with instructions included in the contract package | Provides the consumer with a ready mechanism to exercise the cancellation right |
What legal requirements govern the service agreements of credit improvement companies?
The service agreements of credit improvement companies are governed primarily by CROA at 15 U.S.C. section 1679d, which establishes the minimum elements every written credit repair contract must contain before services begin, and by the advance fee prohibition at 15 U.S.C. section 1679b(b), which dictates the timing of fee collection and therefore shapes the structure of every permissible credit repair service agreement.
A contract that contains all required elements but obligates the consumer to pay before services are performed violates CROA’s billing rules even if its disclosure language is perfect. A contract with correct billing structure but missing required elements violates CROA’s contract requirements even if the fees are reasonable and post-service.
Both failures can be present in the same agreement simultaneously, and FTC enforcement cases show that they frequently are.
The Advance Fee Prohibition and How It Shapes Every Credit Repair Contract
The advance fee prohibition at 15 U.S.C. section 1679b(b) is not merely a billing rule that sits alongside the contract requirements. It is a structural constraint that determines what a legally compliant credit repair service agreement can look like.
A contract that obligates the consumer to pay a setup fee, enrollment fee, or first-month retainer at the time of signing, before any dispute work has been performed, is non-compliant regardless of how the fee is labeled. The label does not determine legality under CROA.
The timing of payment relative to service delivery is what the statute controls. The Telemarketing Sales Rule (TSR) at 16 C.F.R. section 310.4(a)(2) reinforces this prohibition for credit repair services marketed by telephone or online, adding that no fee can be collected until six months after the promised results have been delivered.
A credit repair business using a monthly subscription model satisfies both CROA and the TSR when it structures each month’s fee to be collected after that month’s work has been completed and documented, because the service has been fully performed before the fee is charged.
The contractual obligation to pay must follow performance, not precede it, and a service agreement that structures payment any other way is a CROA violation from the moment it is signed.
What a Credit Repair Contract Cannot Include: Prohibited Clauses Under CROA
CROA prohibits specific contract clauses that credit repair companies have historically used to limit consumer rights or obscure their legal obligations. A contract clause that waives or limits the consumer’s three-day right to cancel is void under 15 U.S.C. section 1679e and is unenforceable regardless of whether the consumer signed the agreement acknowledging its terms.
The presence of such a clause in a credit repair contract is itself evidence of a CROA violation independent of whether the company ever attempted to enforce it, because the statute prohibits including the clause, not only enforcing it.
A contract clause that makes any representation that is untrue or misleading about the credit repair company’s services, the consumer’s creditworthiness, or what the company can accomplish for the consumer’s credit record violates 15 U.S.C. section 1679b(a).
A guarantee that all negative items will be removed, a promise of a specific score increase by a specific date, or a representation that accurate information can be permanently deleted from a credit report are all prohibited misrepresentations regardless of how they are worded in the contract.
A credit repair company whose service agreement contains any of these provisions has multiple simultaneous CROA violations before the first service is delivered.
What legal disclosures are required from credit improvement firms regarding their service guarantees?
Credit improvement firms are prohibited from making guarantees about credit repair outcomes under CROA at 15 U.S.C. section 1679b(a), and the required disclosures about service capabilities flow directly from that prohibition: a legally compliant credit repair company must either make no guarantee claim at all or make a clear, specific, and documented statement that no guarantee of results is being made.
A company that represents in any channel, including its contract, its marketing materials, or its sales conversations, that it will remove all negative items from a client’s credit report, increase a client’s score by a specific amount, or achieve any other defined outcome has made a false or misleading representation that violates CROA regardless of how prominently it places a disclaimer elsewhere in its materials.
The Guarantee Prohibition: What Credit Repair Companies Are Legally Prohibited From Promising
The guarantee prohibition in CROA is categorical: a credit repair company cannot make any representation that is false or misleading with respect to a consumer’s creditworthiness, credit standing, or credit capacity.
Because accurate, verifiable information on a credit report cannot be legally removed through the dispute process regardless of how the dispute is worded or how many times it is filed, any guarantee of removal for items that are accurate is a statement the company knows or should know to be false at the moment it makes it.
| Prohibited Guarantee Claim | Why It Violates Croa | Statutory Basis |
|---|---|---|
| "We guarantee we will remove all negative items from your credit report." | Accurate, verifiable items cannot be legally removed. This claim is false when made. | CROA 15 U.S.C. § 1679b(a) + FTC Act Section 5 |
| "Your credit score will increase by X points within X days." | Score outcomes depend on bureau and furnisher decisions the company cannot control or predict. | CROA 15 U.S.C. § 1679b(a) + FTC Act Section 5 |
| "We will permanently delete accurate negative information from your report." | Permanently deleting accurate information is not legally possible. The claim is inherently false. | CROA 15 U.S.C. § 1679b(a) |
| "Results are guaranteed or your money back." | A money-back guarantee on credit repair outcomes is itself a guarantee of outcomes, which CROA prohibits. | CROA 15 U.S.C. § 1679b(a) |
What Compliant Disclosure Language About Services Must Actually Say
A legally compliant credit repair service agreement must contain a clear statement that no guarantee of specific outcomes is made, and that the company’s services consist of disputing inaccurate, incomplete, or unverifiable information on the consumer’s credit report through the processes established by the Fair Credit Reporting Act.
That description is truthful, documentable, and consistent with what FCRA’s dispute process can actually accomplish. It is also the description that a company needs in its contract to avoid the guarantee prohibition while still clearly representing what services it provides.
The contract must also distinguish between what credit repair can accomplish and what it cannot. It can dispute items that are inaccurate or unverifiable. It cannot remove accurate, verified information regardless of the dispute method used.
It can manage the dispute process on the consumer’s behalf under FCRA’s investigation framework. It cannot control how credit bureaus or furnishers respond to disputes or guarantee that any specific item will be removed.
A contract that makes those distinctions clearly in writing is both legally compliant under CROA and factually accurate in a way that protects the credit repair company from client complaints when results fall short of expectations the company should never have created.
What data security and privacy standards are legally mandated for credit restoration providers?
Credit restoration providers that collect and maintain consumer financial information are subject to data security and privacy obligations under the FTC Safeguards Rule, which requires financial service businesses including credit repair companies to implement a written information security program that protects customer data from unauthorized access, disclosure, or use.
The FTC amended the Safeguards Rule in 2023 to impose more specific technical requirements on covered financial institutions, including encryption of customer information, access controls limiting which employees can access sensitive data, and incident response procedures for responding to data breaches.
For credit repair businesses, which routinely handle client Social Security numbers, credit reports, bank statements, and correspondence with credit bureaus and collectors, these data security obligations are directly applicable and routinely underestimated.
The FTC Safeguards Rule and What Credit Repair Businesses Must Implement
The FTC Safeguards Rule, implemented under the Gramm-Leach-Bliley Act and updated in 2023, requires financial institutions engaged in financial activities, which the FTC interprets to include credit repair services, to develop, implement, and maintain a comprehensive written information security program that contains administrative, technical, and physical safeguards appropriate to the size, complexity, and sensitivity of the customer information the business maintains.
For a credit repair business, the Safeguards Rule requirements translate into specific operational obligations that go well beyond password protection and basic email security.
A compliant information security program for a credit repair business must designate a qualified individual responsible for overseeing the program, conduct a risk assessment identifying where customer information is stored and how it could be compromised, implement technical controls including encryption of customer data at rest and in transit, establish access controls ensuring that only authorized personnel can access client files, develop a written incident response plan for responding to data breaches, and train employees who handle customer information on the security procedures and the consequences of violations.
A credit repair business that maintains client credit reports, Social Security numbers, and financial records on an unsecured cloud storage platform or an unencrypted laptop has not met its Safeguards Rule obligations regardless of how excellent its CROA compliance is.
Consumer Privacy Rights When Working With a Credit Repair Company
Consumers who provide personal financial information to a credit repair company have privacy rights under the Gramm-Leach-Bliley Act’s Privacy Rule, which requires financial institutions to provide consumers with a clear and conspicuous privacy notice explaining what information is collected, how it is used, with whom it is shared, and what choices the consumer has regarding that sharing.
Credit repair companies must provide this privacy notice at the inception of the customer relationship and annually thereafter, and consumers have the right to opt out of certain information sharing arrangements with non-affiliated third parties.
A consumer who shares their credit reports, financial statements, and account information with a credit repair company has a legitimate expectation that this information will not be sold, shared with marketers, or used for purposes beyond the scope of the credit repair engagement.
A credit repair company that sells client data to lead generation services, shares it with affiliated businesses without proper disclosure, or uses it for purposes the consumer did not authorize has violated both the Privacy Rule and its own contractual obligations to the client.
Consumers who believe their personal information has been misused by a credit repair company can file a complaint with the FTC at ReportFraud.ftc.gov and with the CFPB at ConsumerFinance.gov/complaint.
What Documentation Should I Keep When Working With A Credit Improvement Agency?
Consumers working with a credit improvement agency should retain four categories of documentation throughout and after the engagement, because those records are the primary evidence available if a dispute about the company’s performance or conduct arises after the relationship ends.
The four categories are the signed CROA-compliant service contract with all required elements, the Consumer Rights Statement with the signed or date-stamped acknowledgment of its receipt before the contract was signed, all dispute letters sent on the consumer’s behalf with proof of mailing or delivery, and all bureau and furnisher response letters with the dates they were received.
Retaining all four categories for at least three years after the engagement ends preserves the consumer’s ability to pursue any CROA private right of action that might arise from the company’s conduct during the engagement.
The Four Document Categories Every Credit Repair Client Should Retain
The CROA-compliant service contract is the first and most fundamental document a credit repair client must retain because it defines what the company agreed to do, what the consumer agreed to pay, and what rights the consumer has if the company fails to deliver.
A contract that does not include all required CROA elements is itself evidence of a violation, and the client who retained the contract has the primary document needed to support a private CROA claim or a regulatory complaint.
A client who cannot produce the contract they signed has lost the most important piece of evidence available. The Consumer Rights Statement with the acknowledgment of receipt is the second critical document, because its presence or absence establishes whether the company met CROA’s pre-contract disclosure requirement.
The absence of a separately delivered, pre-contract Consumer Rights Statement in the client’s records is evidence that the company violated section 1679c, and a client who can produce the statement along with proof of when it was delivered has the documentation to support that element of a CROA complaint or lawsuit.
All dispute correspondence, including every dispute letter submitted on the client’s behalf with certified mail receipts or electronic delivery confirmations, and every bureau and furnisher response received during the engagement, documents what services were actually performed and when.
This correspondence record is the evidence that either confirms the company delivered the services it promised or reveals that the services described in the contract were not in fact provided.
A client whose credit repair company sent no dispute letters but collected monthly fees for twelve months and kept no correspondence records has limited evidence to support a claim, while a client with complete correspondence records has a clear factual record of exactly what was and was not done.
How Long to Keep Credit Repair Records and Why It Matters
CROA’s statute of limitations for private right of action under 15 U.S.C. section 1679g is five years from the date the violation occurred or three years from the date the violation was discovered by the consumer, whichever is later.
That limitations period defines the minimum retention window for all credit repair documentation, because a consumer who discovers a CROA violation more than three years after it occurred but within five years of when it happened still has a viable claim if they can produce the relevant documentation.
Retaining records for at least five years from the end of the engagement is the conservative approach that preserves all available legal options. Credit repair business owners have parallel record retention obligations.
A business that cannot produce its client contracts, Consumer Rights Statement acknowledgments, dispute correspondence, and billing records when a CFPB or FTC examination demands them has not only a documentation problem.
It has a compliance posture problem that the absence of records makes impossible to defend, because the presumption in regulatory review is that records that do not exist were never created, and records that were never created mean the required actions they document were never taken.
Maintaining complete, organized, time-stamped records for every client file is not a secondary compliance consideration. It is the evidence that compliance happened.
Frequently Asked Questions About Credit Repair Disclosures and Contract Requirements
What Information Must a Credit Repair Company Provide Before I Sign Up?
Before you sign any credit repair contract, the company must provide two specific documents in a specific order. First, a Consumer Rights Statement under 15 U.S.C. section 1679c must be delivered as a separate standalone document and acknowledged by you before the contract is presented.
Second, the written service contract under 15 U.S.C. section 1679d must be signed before any services begin. The contract must include the total cost of all services, a full description of services, the performance timeframe, and a Notice of Cancellation form.
A company that skips either disclosure or delivers them simultaneously rather than sequentially has violated CROA before any work begins.
What Legal Disclosures Are Required From Credit Improvement Firms Regarding Their Service Guarantees?
CROA at 15 U.S.C. section 1679b(a) prohibits credit improvement firms from making any false or misleading representation about their services or a consumer’s creditworthiness. No compliant credit repair company can guarantee removal of specific items, promise a specific credit score increase, or claim the ability to delete accurate information from a credit report.
A legally compliant disclosure about services describes what the company actually does: disputing inaccurate, incomplete, or unverifiable information through FCRA’s dispute process, with a clear statement that no specific outcome is guaranteed.
What Data Security and Privacy Standards Are Legally Mandated for Credit Restoration Providers?
Credit restoration providers are subject to the FTC Safeguards Rule under the Gramm-Leach-Bliley Act, which requires a written information security program that includes risk assessment, encryption of customer data, access controls, employee training, and an incident response plan for data breaches.
They are also subject to the Privacy Rule, requiring a privacy notice at the start of the relationship explaining what information is collected and how it is used. A credit repair company that sells client data or fails to secure Social Security numbers and credit reports in its possession has violated both the Safeguards Rule and its obligations to the client.
What Documentation Should I Keep When Working With a Credit Improvement Agency?
Keep four categories of documentation throughout and after any credit repair engagement: the signed CROA-compliant service contract with all required elements, the Consumer Rights Statement with proof it was received before the contract was signed, all dispute letters submitted on your behalf with proof of mailing or delivery, and all bureau and furnisher response letters with their received dates.
Retain everything for at least five years after the engagement ends to preserve all options under CROA’s statute of limitations. Consumers who cannot produce these records have significantly less evidence to support any claim against a non-performing credit repair company.
Can I Cancel a Credit Repair Service Contract Without Penalty Based on Credit Repair Laws?
Yes. Under 15 U.S.C. section 1679e, consumers have an unconditional three-day right to cancel any credit repair service contract without penalty, without providing a reason, and without any advance notice beyond informing the company of the decision.
The credit repair company must include a Notice of Cancellation form in every contract package. Any contract clause purporting to limit or eliminate this right is void under federal law, and its presence in the contract is itself a CROA violation.
Consumers denied the right to cancel can file a complaint with the FTC at ReportFraud.ftc.gov or sue the company directly under CROA’s private right of action.
Conclusion
The legal disclosures and contract requirements that CROA imposes on credit repair companies before any services begin are not administrative formalities that a business can work around or a consumer can reasonably expect to skip.
The Consumer Rights Statement, the written service contract with all required elements, the advance fee prohibition, and the three-day right to cancel are the statutory architecture that Congress put in place specifically because the credit repair industry produced widespread consumer harm when those protections did not exist.
A consumer who receives both disclosures in the correct sequence, reviews a contract that clearly states the total cost and scope of services, and understands the right to cancel without penalty before committing to an engagement is in a fundamentally different legal position than one who signed a contract that skipped those steps, and the credit repair company that provided those disclosures correctly is in a fundamentally different regulatory position than one that did not.
Credit repair business owners who build their client onboarding workflows around CROA’s disclosure and contract requirements from the first engagement are not imposing unnecessary compliance overhead on their operations.
They are creating the documentation record that protects the business in the event of a client complaint, a regulatory inquiry, or a private lawsuit, and they are building client relationships that start with accurate expectations rather than promises the law prohibits making.
Client Dispute Manager Software is built around these requirements, with Consumer Rights Statement delivery sequencing, CROA-compliant contract templates containing all required statutory elements, and document storage that maintains the complete client record that a regulatory review or private litigation will demand.
The compliance infrastructure is not separate from the operational tool. It is the operational tool.
Mark Clayborne
Mark Clayborne specializes in credit repair, starting and running credit repair businesses. He's passionate about helping businesses gain freedom from their 9-5 and live the life they really want. You can follow him on YouTube.
Start Today and Explore the Features Firsthand!
Related Guides:
- How Do State-Specific Credit Repair Laws Differ From Federal Regulations? (2026)
- Is Charging for Credit Repair Illegal? What You Need to Know
- What Information Must a Credit Repair Company Provide Before I Sign Up? Legal Disclosures and Contract Requirements
- What Are the Penalties for Companies That Break Credit Repair Laws?
- What Is the Credit Repair Organizations Act (CROA) and What Does It Cover? (2026)
Client Dispute Manager
Free 30-Day Trial
Experience our credit repair software, risk-free.