Credit Repair Contracts: Required Disclosures and Cancellation Rights
Federal law imposes specific written contract requirements on credit repair organizations before any services can begin, making the contract itself a regulated document — not merely a business formality. The Credit Repair Organizations Act (CROA), codified at 15 U.S.C. § 1679 et seq., establishes the minimum disclosures, cancellation rights, and structural protections that every such agreement must contain. Understanding these requirements helps consumers identify compliant providers and recognize contracts that violate federal standards before signing. This page covers the mandatory contract elements under CROA, how cancellation rights operate in practice, and the boundaries between compliant and defective agreements.
Definition and Scope
A credit repair contract, under CROA, is any written agreement between a consumer and a credit repair organization under which the organization agrees to perform — or represents that it will perform — services in exchange for compensation. The statute's definition of "credit repair organization" is broad: it covers any person or business that uses mail, telephone, or other means of interstate commerce to sell services represented to improve a consumer's credit record, credit history, or credit rating (15 U.S.C. § 1679a).
Three categories of entities are expressly excluded from CROA's scope:
- Nonprofit organizations — entities exempt from taxation under Section 501(c)(3) of the Internal Revenue Code, provided they are bona fide nonprofits and not operating as a front for a commercial credit repair scheme.
- Depository institutions — banks, credit unions, and savings institutions regulated under federal or state banking law.
- Creditors — entities extending credit to the consumer as part of a legitimate credit transaction, when acting in connection with that credit.
For-profit credit repair companies do not qualify for any of these exemptions and are fully subject to the contract mandates. The Consumer Financial Protection Bureau (CFPB) enforces CROA alongside the Federal Trade Commission, and both agencies treat defective contracts as actionable violations rather than curable defects.
How It Works
CROA mandates a structured, sequential process before services may be delivered or payment collected. The statute prohibits any credit repair organization from charging or receiving money before the contracted services are fully performed (15 U.S.C. § 1679b).
Required Contract Elements (numbered by statute):
- Full written disclosure — Before the contract is signed, the organization must provide the consumer with a written statement titled "Consumer Credit File Rights Under State and Federal Law," containing the verbatim text specified in 15 U.S.C. § 1679c. This document must be separate from the contract itself and delivered at least 3 business days before the contract is executed.
- Detailed description of services — The contract must itemize the specific services to be performed, the time frame for performance, and any guarantees offered.
- Total cost — The contract must state the total amount the consumer will pay, including all fees, penalties, and charges, whether one-time or recurring.
- S.C. § 1679d](https://uscode.house.gov/view.xhtml?req=granuleid:USC-prelim-title15-section1679d&num=0&edition=prelim)).
- Starting date — The contract must identify the date on which the 3-business-day cancellation window begins.
- Organization's name and principal business address — Required for service of cancellation notice.
The 3-day cancellation right is absolute. A consumer who cancels within this window is entitled to a full refund of any money paid, even if some services were partially performed. The organization must provide a dated cancellation form at contract signing, and if the form is not provided, the cancellation window does not close — meaning the consumer retains the right to cancel indefinitely until the form is properly delivered.
As explained in depth at Credit Repair Laws and Regulations, CROA also prohibits contract clauses that waive any consumer right established by the statute; any such waiver clause is void as a matter of law.
Common Scenarios
Scenario 1: Monthly subscription model vs. pay-per-deletion model
These two credit repair fee structures present different compliance risks. A monthly subscription arrangement — where consumers pay a flat fee (commonly ranging from $50 to $150 per month) for ongoing dispute services — must still satisfy the advance disclosure and 3-day cancellation rules for the initial contract. Pay-per-deletion models, which charge only when a negative item is removed, must ensure that payment is not collected before the deletion is confirmed on the consumer's credit report, consistent with the CROA prohibition on advance fees.
Scenario 2: Contract missing the required disclosure document
If a credit repair company presents a contract without first providing the separate "Consumer Credit File Rights" disclosure, the contract is unenforceable under CROA. The FTC has pursued enforcement actions on precisely this basis. Consumers in this situation retain cancellation rights regardless of elapsed time, and any payments made may be recoverable.
Scenario 3: Contracts that include prohibited provisions
CROA explicitly bars contracts that contain representations that the organization will create a new identity for the consumer (sometimes marketed as a "credit privacy number" scheme). Such provisions render the contract void and may expose both the company and the consumer to liability under 18 U.S.C. § 1028 (identity document fraud). This overlaps directly with the warning signs covered at Legitimate vs. Fraudulent Credit Repair.
Scenario 4: State-level overlay requirements
CROA establishes a federal floor, not a ceiling. States including California (Credit Services Act, Cal. Civ. Code § 1789.10 et seq.) and Texas (Credit Services Organizations Act, Tex. Fin. Code § 393) impose additional bonding, registration, and contract disclosure requirements beyond CROA. Consumers in states with their own statutes — addressed further at State Credit Repair Laws — are protected by whichever layer of law provides greater consumer protection.
Decision Boundaries
The table below captures the functional distinctions between a CROA-compliant contract and a defective one:
| Element | Compliant Contract | Defective Contract |
|---|---|---|
| Disclosure timing | Separate document delivered ≥3 business days before signing | Disclosure embedded in contract or delivered at signing |
| Payment timing | No payment until services fully performed | Upfront fee or retainer collected at signing |
| Cancellation notice | Conspicuous, dated, includes cancellation form | Absent, buried in fine print, or waived by clause |
| Service description | Specific, itemized, time-bound | Vague promises ("improve your score") |
| Prohibited provisions | None present | New identity schemes, waiver clauses, guarantee of specific score |
Comparing CROA contracts to general service contracts: Ordinary service agreements are governed by state contract law and permit advance payment, binding arbitration waivers, and general performance descriptions. CROA contracts are governed by federal statute, and state contract principles apply only where CROA is silent. A court applying general contract law cannot enforce a provision that CROA voids — the federal statute controls.
When a contract defect does not automatically void the entire agreement: The Seventh Circuit and other federal courts have interpreted CROA's remedies section (15 U.S.C. § 1679g) to allow recovery of actual damages, punitive damages, and attorney's fees for contract violations, but individual defects may be remedied without voiding every obligation. Consumers evaluating whether a specific contractual defect entitles them to rescission or damages should consult the CFPB's complaint resources detailed at Consumer Financial Protection Bureau Complaints or the FTC's published guidance.
Industry licensing and registration: The existence of a formally compliant contract does not confirm that the issuing organization is licensed. As covered at Credit Repair Industry Licensing Requirements, 47 states have enacted some form of registration, bonding, or licensing requirement for credit services organizations. A contract that meets CROA's federal standards but is issued by an unlicensed organization in a state requiring licensure creates a separate enforcement problem under state law.
The baseline consumer protection question — whether a contract is legally sufficient under CROA — turns on four observable facts: whether the separate disclosure was delivered at least 3 business days before signing, whether the contract itemizes services and total cost, whether a dated cancellation form was provided, and whether no payment was collected before service delivery. Absence of any one of these elements is an actionable statutory violation, not merely a drafting imperfection.
References
- 15 U.S.C. § 1679 et seq. — Credit Repair Organizations Act (CROA) — U.S. House of Representatives, Office of the Law Revision Counsel
- Consumer Financial Protection Bureau (CFPB) — Credit Repair — CFPB official consumer resource
- Federal Trade Commission (FTC) — Credit Repair Scams — FTC consumer