Legal

Privacy Policy

Effective Date: April 27, 2026

At DALE Labs, privacy is not a feature—it is a foundational value. We believe that for a human-AI partnership to be effective, it must be built on absolute trust. Your data exists to serve you—not advertisers, not data brokers, not secondary markets. This policy describes what we collect, how we protect it, and the controls you have.

1. Information We Collect

We collect information necessary to provide the ARPilot service. We minimize collection to what is strictly required for operation.

Account Information

Name, email address, and company name provided during registration. Authentication is handled securely with encrypted password storage.

Financial Data

Invoice records, customer information, payment histories, and accounts receivable data that you upload or create within the platform. This data is yours and is used exclusively to power your collection workflows.

Integration Credentials

API keys and credentials for third-party services you choose to connect. All credentials are encrypted at rest before storage.

Communication Data

Email, SMS, and voice communication content generated through your collection workflows. This includes delivery status tracking (opens, clicks, responses) when you enable these features.

Usage Analytics

Anonymous site analytics to help us understand how the platform is used and improve the experience.

2. How We Protect Your Data

Security is not an afterthought. It is built into every layer of our architecture.

Encryption at Rest

All sensitive credentials and data are encrypted at rest using industry-standard encryption. Encryption keys are managed securely and never exposed.

Strict Tenant Isolation

Every data table enforces strict access controls, ensuring complete tenant isolation. Your data is accessible only to you and your authorized team members -- never to other users of the platform.

Multi-Factor Authentication

Two-factor authentication is available for all users and enforced on sensitive operations for business owners. This provides an additional layer of protection beyond passwords.

Role-Based Access Control

Granular permission system with per-resource permission checks. Team members only see and modify what their role allows.

Session Management

Automatic session validation, token refresh, and stale session cleanup prevent unauthorized access.

Secure Public Access

Public-facing features (such as dispute forms and payment pages) use unique, unguessable tokens rather than predictable identifiers, preventing unauthorized access.

3. How We Use Your Data

We use your data to:

  • Provide and operate the ARPilot service, including invoice tracking, workflow execution, and payment processing
  • Send scheduled communications (email, SMS, voice) that you configure and approve
  • Generate AI-powered recommendations for collection timing, channel selection, and template optimization
  • Provide analytics and insights on your accounts receivable performance
  • Improve the platform based on aggregate, anonymized usage patterns

What We Will Never Do

  • We do not sell your data to third parties.
  • We do not use your data to train third-party AI models.
  • We do not share your individual data with other ARPilot users.
  • We do not monetize your data in any way beyond providing you the service.

4. Shared Learning & Anonymization

ARPilot offers an optional shared learning pool that uses anonymized, aggregated data to improve AI recommendations across the platform. Participation is entirely voluntary.

Opt-In Only, Default Off

Data sharing is disabled by default. You must explicitly opt in through your settings. You can opt out at any time with immediate effect. The choice is always yours.

Anonymization Levels

When you opt in, you choose between two anonymization levels. Strict (the recommended default) removes all identifiers and uses broad data bucketing. Standard retains finer-grained patterns while still removing all personally identifiable information.

Deep Anonymization Process

All contributed data undergoes rigorous anonymization:

  • All PII is stripped: customer names, email addresses, phone numbers, business identifiers
  • Dollar amounts are bucketed into ranges rather than stored as exact values
  • Timestamps are reduced to time-of-day categories (morning, afternoon, evening, night)
  • Message content and templates are never shared

What IS Shared

  • +Communication timing patterns
  • +Effectiveness metrics (payment rates, response rates)
  • +Workflow structure (step counts, delays)
  • +Channel mix ratios
  • +Bucketed amount distributions
  • +Payment plan completion rates
  • +Dispute resolution patterns

What Is NEVER Shared

  • ×Customer names, emails, or phone numbers
  • ×Your business name or identifiers
  • ×Exact dollar amounts
  • ×Message content or templates
  • ×Customer addresses or contact details
  • ×Any personally identifiable information

Users who contribute benefit from collective intelligence through deeper AI insights. Users who opt out receive statistical inference from their own data only. Both paths are fully supported.

5. Your Data Rights & Controls

You have full control over your data within ARPilot.

Data Deletion (Right to Erasure)

You can delete all your data through the application settings. This performs a comprehensive deletion of all your records, including invoices, customers, communications, payment plans, workflows, and all associated data.

Notification Preferences

Per-type toggles for all notification categories. You decide which notifications you receive and which are silenced.

Do-Not-Call List

Maintain a per-phone-number blocklist with source tracking. Numbers can be added due to customer request, legal requirement, opt-out, or manual entry.

Call Consent Tracking

Per-customer consent records tracking the method and expiry of consent for phone communications.

Two-Way Communication Control

Toggle whether customer replies are routed back through the platform or directed to your own email address.

Data Sharing Consent

Granular opt-in/opt-out control for the shared learning pool, with your choice of anonymization level. Changes take effect immediately.

6. Third-Party Services

ARPilot integrates with select third-party services to deliver its core functionality. Each integration that requires your credentials is optional and activated only when you explicitly configure it.

Categories of Services

The platform relies on trusted providers across the following categories:

  • Cloud Infrastructure & Authentication

    Hosting, database, and identity management services that form the backbone of the platform.

  • Email & Messaging Delivery

    Services that deliver scheduled email, SMS, and voice communications on your behalf as part of your configured workflows.

  • Payment Processing

    Services that securely handle payment transactions, including subscription billing and customer payment collection.

  • AI & Machine Learning

    Services that power AI-driven recommendations, template generation, and workflow optimization.

  • Product Analytics

    Anonymous usage analytics to help us understand how the platform is used and improve the experience.

Security Measures

  • All third-party credentials you provide are encrypted at rest before storage.
  • All API calls to external services are proxied through server-side functions. Your credentials are never exposed to the browser.
  • Integrations requiring your API keys are only activated when you explicitly configure them in your settings.

7. SMS & Mobile Communications

ARPilot operates as a business-to-business (B2B) platform that enables its business clients to send transactional SMS notifications to their own customers. All SMS messages sent through ARPilot are strictly transactional in nature (payment reminders, payment confirmations, dispute updates, and appointment notifications). No marketing or promotional SMS messages are sent.

SMS Data & Privacy Commitment

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All categories of data described in this policy exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

How Consent Is Obtained

End customers of ARPilot business clients provide explicit SMS consent via a personalized Communication Preferences portal linked from their invoices. At the time of opt-in, full CTIA-required disclosure is displayed: message types, sender identity, message frequency, applicable rates, and STOP/HELP instructions. ARPilot records a timestamped consent event for each opt-in action.

Opt-Out

Recipients may opt out at any time by replying STOP (or UNSUBSCRIBE, CANCEL, END, QUIT) to any SMS message, or by visiting their Communication Preferences portal and disabling Text Messages. Opt-outs are honored immediately and permanently.

Message Frequency & Rates

Message frequency varies based on account activity, typically 1–8 messages per month per recipient. Standard message and data rates may apply.

Shared Learning & SMS Data

The optional Shared Learning program described in Section 4 involves only anonymized workflow performance data. SMS opt-in consent records, phone numbers, and message content are explicitly excluded from the Shared Learning pool and are never contributed to any shared dataset.

8. Contact Information

For any privacy-related questions, data requests, or concerns, contact us at:

DALE Labs, LLC

2261 Market Street STE 78823

San Francisco, CA 94114

Email: privacy@arpilot.ai

We will respond to privacy inquiries within 30 days. This policy may be updated from time to time. Material changes will be communicated through the platform.

Want to learn more about our philosophy and approach?

Read Our Foundational Essay