How to Report Harassment and Privacy Violations by Online Lending Apps

A Legal Article in the Philippine Context

I. Introduction

Online lending apps have become common in the Philippines because they offer quick, convenient, and mostly paperless access to credit. Many borrowers use them for emergency expenses, bills, school needs, medical costs, small business cash flow, or short-term personal loans. However, some online lending platforms and their collection agents engage in abusive practices: public shaming, repeated calls, threats, unauthorized contact with relatives and employers, access to phone contacts, malicious messages, false criminal accusations, data exposure, and harassment through social media or messaging apps.

A borrower who fails to pay a debt may still be legally liable for the loan. But non-payment does not give a lender the right to harass, threaten, shame, defame, or misuse personal data. Debt collection must remain lawful, fair, proportionate, and respectful of privacy.

In the Philippines, abusive online lending practices may raise issues under lending and financing laws, securities and corporate regulation, data privacy law, cybercrime law, consumer protection principles, civil law, and criminal law. Complaints may be filed before several agencies, depending on the misconduct: the Securities and Exchange Commission, the National Privacy Commission, the Bangko Sentral ng Pilipinas in proper cases, the Philippine National Police Anti-Cybercrime Group, the National Bureau of Investigation Cybercrime Division, the prosecutor’s office, courts, and other relevant government offices.

This article explains the rights of borrowers, the legal limits on online lending collection, how to preserve evidence, where to report harassment and privacy violations, what remedies may be available, and how to protect oneself from further abuse.

II. Online Lending Apps and the Philippine Regulatory Context

Online lending apps may operate under different business models. Some are:

  1. Lending companies;
  2. Financing companies;
  3. fintech platforms;
  4. loan marketplaces;
  5. payment or credit platforms;
  6. collection agents acting for lenders;
  7. informal or unregistered lenders pretending to be legitimate apps.

The exact regulator depends on the nature of the entity. Many lending and financing companies are regulated by the Securities and Exchange Commission. Banks and certain financial institutions fall under Bangko Sentral ng Pilipinas supervision. Data privacy issues fall under the National Privacy Commission. Criminal cyber-harassment and online threats may be handled by law enforcement and prosecutors.

A key practical issue is whether the app is registered and authorized to lend. Some abusive apps use vague company names, foreign-controlled operators, changing app names, fake addresses, disposable phone numbers, and multiple collection accounts. Borrowers should identify the true legal entity behind the app whenever possible.

III. Borrower Debt Does Not Cancel Borrower Rights

A borrower may owe money, interest, penalties, or charges under a valid loan. But even a delinquent borrower remains protected by law.

A lender may lawfully:

  • Remind the borrower of due dates;
  • Send demand letters;
  • Call or message at reasonable times;
  • Offer restructuring or settlement;
  • Collect lawful charges;
  • Report to authorized credit bureaus if legally permitted;
  • File a civil collection case;
  • Use lawful collection agencies;
  • Enforce valid contractual remedies.

A lender may not lawfully:

  • Threaten violence;
  • Threaten imprisonment for ordinary unpaid debt;
  • Publicly shame the borrower;
  • Contact all phone contacts without authority;
  • Disclose the debt to employers, relatives, co-workers, or social media groups without lawful basis;
  • Send defamatory messages;
  • Use obscene, abusive, or degrading language;
  • Pretend to be police, court, prosecutor, barangay, or government officer;
  • Create fake warrants, subpoenas, or criminal complaints;
  • Access personal data beyond what is necessary and consented to;
  • Use the borrower’s photos or IDs for humiliation;
  • Harass third parties;
  • Threaten to report the borrower as a criminal when the matter is purely civil;
  • Continue abusive collection after being told to stop unlawful conduct.

Debt collection is not a license to violate dignity, privacy, reputation, safety, or mental health.

IV. Common Harassment Practices by Online Lending Apps

A. Repeated and abusive calls

Some collectors call dozens or hundreds of times a day, use different numbers, call late at night, or use automated harassment. Repeated calls intended to intimidate may support a complaint.

B. Threatening messages

Collectors may threaten arrest, jail, police blotter, barangay action, immigration hold, employer termination, public posting, or physical harm. Many of these threats are false or abusive.

C. Public shaming

Some apps post the borrower’s name, photo, ID, or alleged debt on social media, group chats, community pages, or contact lists. This may involve privacy violations, defamation, cyber-libel, or civil damages.

D. Contacting phone contacts

Some apps access the borrower’s phone contacts and message relatives, friends, co-workers, customers, employers, or neighbors. This is one of the most common privacy complaints.

E. False accusations

Collectors may call the borrower a scammer, thief, estafador, criminal, fugitive, or fraudster even when the issue is only unpaid debt. False statements to third parties may be actionable.

F. Fake legal documents

Some collectors send fake subpoenas, warrants, court notices, police reports, or prosecutor letters. This may amount to misrepresentation, harassment, or more serious legal violations depending on the document.

G. Impersonation of authorities

Collectors may claim to be lawyers, police officers, NBI agents, prosecutors, court sheriffs, barangay officials, or government employees. This can be legally serious.

H. Threats to employers

Collectors may call HR, supervisors, or company owners to pressure the borrower. They may disclose the debt or ask the employer to deduct salary. This can violate privacy and reputation rights.

I. Harassment of family members

Collectors may contact spouses, parents, children, siblings, in-laws, or household members. Third parties generally should not be harassed for another person’s debt.

J. Misuse of photos and IDs

Some apps use ID photos, selfies, profile pictures, or edited images to shame borrowers. This may raise data privacy, cybercrime, and civil liability issues.

K. Excessive and hidden charges

Some online loans impose very high interest, processing fees, service charges, extension charges, penalties, and rollover fees. Excessive charges may be challenged, especially if hidden, unconscionable, or contrary to regulation.

L. Threatening criminal prosecution for ordinary debt

Mere inability or failure to pay a debt is generally civil in nature. Criminal liability may arise only if separate criminal elements exist, such as fraud at the time of borrowing, use of fake identity, or other punishable acts. Collectors should not misuse criminal threats to force payment.

V. Privacy Violations by Online Lending Apps

Online lending apps often require borrowers to install an app and grant permissions. The most problematic permissions include access to:

  • Contacts;
  • SMS;
  • call logs;
  • camera;
  • microphone;
  • photos and gallery;
  • location;
  • device ID;
  • social media accounts;
  • storage files;
  • installed apps.

A lending app should collect only personal data that is necessary, lawful, transparent, and proportionate to the lending purpose. Borrowers should be informed what data is collected, why it is collected, how it is used, how long it is kept, who receives it, and how rights may be exercised.

Privacy violations may include:

  1. Collecting excessive data;
  2. Accessing contacts without valid consent or lawful basis;
  3. Using contacts for shaming or collection pressure;
  4. Disclosing debt to third parties;
  5. Publishing borrower information online;
  6. Using borrower photos or IDs for threats;
  7. Failing to provide a clear privacy notice;
  8. Sharing data with unknown collectors;
  9. Retaining data longer than necessary;
  10. Refusing to delete or correct data when legally required;
  11. Using deceptive consent screens;
  12. Failing to secure borrower data;
  13. Using data for purposes beyond loan evaluation and lawful collection.

Consent is not a magic shield. Even where the borrower clicked “allow,” the lender’s data processing must still comply with law, fairness, proportionality, transparency, and legitimate purpose.

VI. Key Legal Principles

A. Right to privacy

Borrowers have a right to privacy over personal information, identity documents, contacts, employment details, communications, and debt information. Debt information is not something lenders may freely broadcast.

B. Lawful and fair processing of personal data

A lender must process personal data lawfully, fairly, and transparently. It must collect data for a legitimate purpose and use only data necessary for that purpose.

C. Proportionality

Even if a lender has a legitimate interest in collecting debt, contacting all phone contacts or publicly posting a borrower’s face and alleged debt is generally disproportionate.

D. Confidentiality

Loan information should be treated with confidentiality. Disclosure to third parties must have lawful basis.

E. Protection against harassment

Collection must not use threats, intimidation, abuse, obscenity, or humiliation.

F. Civil liability for abuse of rights

Under civil law principles, rights must be exercised in good faith and not in a manner that harms others unjustly.

G. Criminal liability in proper cases

Threats, coercion, cyber-libel, unjust vexation, grave threats, identity misuse, falsification, or other offenses may arise depending on facts.

H. Regulatory accountability

Registered lending and financing companies may face regulatory sanctions for unfair, abusive, or unlawful collection practices.

VII. Is Non-Payment of Online Loan a Crime?

As a general rule, mere non-payment of debt is not a crime. The Philippine Constitution protects against imprisonment for debt.

However, criminal liability may arise if the borrower committed a separate criminal act, such as:

  • Using a fake identity;
  • Submitting forged documents;
  • Intentionally deceiving the lender at the time of borrowing;
  • Issuing a bouncing check, if applicable;
  • Committing fraud;
  • Committing identity theft.

Collectors often blur this line. A borrower who simply cannot pay on time should not be threatened with jail as if all unpaid loans are criminal cases.

The lender’s proper remedy for ordinary unpaid debt is usually civil collection, lawful settlement, restructuring, or reporting through authorized channels—not harassment.

VIII. What Borrowers Should Do Immediately

Step 1: Stop engaging emotionally

Do not respond with threats, insults, or admissions made under panic. Stay calm. Abusive collectors often provoke borrowers into emotional replies.

Step 2: Preserve all evidence

Evidence is critical. Save everything before blocking numbers or uninstalling apps.

Collect:

  • Screenshots of messages;
  • Call logs;
  • Voice recordings where lawfully obtained;
  • Chat messages;
  • Collection texts sent to your contacts;
  • Social media posts;
  • Names and numbers of collectors;
  • App name and screenshots;
  • loan agreement;
  • payment history;
  • disbursement proof;
  • due date notices;
  • privacy policy;
  • app permissions;
  • emails;
  • proof of harassment to family or employer;
  • fake legal documents;
  • links to posts;
  • screen recordings;
  • affidavits or statements from contacted third parties.

Step 3: Ask contacts to preserve messages

If relatives, friends, co-workers, or employers were contacted, ask them to send screenshots and identify the number or account that contacted them.

Step 4: Identify the company

Look for:

  • app name;
  • company name;
  • SEC registration number;
  • address;
  • email;
  • customer service number;
  • collection agency name;
  • privacy officer contact;
  • terms and conditions;
  • loan agreement;
  • payment channel name;
  • bank or e-wallet account used.

Some apps use one public app name but another legal corporate name. Capture both.

Step 5: Revoke app permissions

On the phone settings, revoke permissions to contacts, camera, photos, microphone, location, and SMS if no longer necessary. Consider uninstalling the app only after preserving evidence.

Step 6: Secure accounts

Change passwords for email, social media, e-wallets, and banking apps. Enable two-factor authentication. Check whether the app had access to sensitive files.

Step 7: Communicate in writing

If you choose to communicate, use short written statements. For example:

“I dispute your harassment and unauthorized disclosure of my personal information. Communicate only through lawful channels. Do not contact my family, employer, or contacts. I reserve my rights to file complaints with the proper authorities.”

Step 8: Report to the proper agencies

Choose the agency depending on the violation, as discussed below.

IX. Where to Report Online Lending Harassment and Privacy Violations

A. Securities and Exchange Commission

Complaints against lending companies, financing companies, and online lending platforms may be filed with the Securities and Exchange Commission if the issue involves:

  • abusive debt collection;
  • unregistered lending operations;
  • violations by lending or financing companies;
  • unfair collection practices;
  • false threats;
  • harassment by collection agents;
  • unauthorized charges;
  • misleading loan terms;
  • app-based collection abuses.

The SEC may investigate, issue orders, impose penalties, suspend or revoke certificates, or take other regulatory action within its authority.

Documents to attach

  • complaint affidavit or letter;
  • screenshots of harassment;
  • loan agreement;
  • app screenshots;
  • company name and SEC registration, if known;
  • payment records;
  • messages to contacts;
  • proof of public shaming;
  • demand letters;
  • collector numbers and names;
  • borrower ID and contact information.

B. National Privacy Commission

The National Privacy Commission is the proper agency for personal data privacy violations.

File with the NPC if the app or collector:

  • accessed contacts without proper basis;
  • disclosed your loan to contacts;
  • posted your personal data online;
  • used your photo or ID for shaming;
  • shared your debt information with your employer;
  • collected excessive data;
  • failed to provide privacy notice;
  • refused to delete or correct unlawful data;
  • used your personal data for harassment;
  • sent messages to third parties using your personal information.

The complaint should focus on the personal data involved, how it was collected, how it was used or disclosed, and the harm caused.

Documents to attach

  • screenshots of app permissions;
  • privacy policy screenshots;
  • messages sent to contacts;
  • posts showing personal data;
  • loan documents;
  • proof of unauthorized disclosure;
  • identity of affected third parties;
  • communications with the lending app’s data protection officer, if any;
  • screenshots showing app name and developer;
  • statement explaining harm.

C. Philippine National Police Anti-Cybercrime Group

The PNP Anti-Cybercrime Group may assist when harassment involves cybercrime or online abuse, such as:

  • cyber-libel;
  • online threats;
  • identity theft;
  • unauthorized use of photos;
  • fake legal documents online;
  • hacking or unauthorized access;
  • malicious social media posts;
  • extortion through digital messages.

Bring digital evidence and, if possible, the device used to receive messages.

D. National Bureau of Investigation Cybercrime Division

The NBI Cybercrime Division may also investigate online harassment, cyber-libel, identity misuse, fake accounts, extortion, and other cyber-related offenses.

NBI complaints are useful where there is serious online abuse, anonymous accounts, coordinated harassment, or threats.

E. Prosecutor’s Office

If there is sufficient evidence of a crime, a criminal complaint may be filed before the prosecutor’s office. Possible offenses depend on facts, such as:

  • grave threats;
  • light threats;
  • unjust vexation;
  • coercion;
  • cyber-libel;
  • identity theft;
  • falsification;
  • extortion;
  • other offenses.

Criminal complaints usually require affidavits, supporting evidence, and witness statements.

F. Bangko Sentral ng Pilipinas

If the lender is a BSP-supervised financial institution, or if the issue involves a regulated bank, electronic money issuer, payment provider, or financial institution under BSP authority, a complaint may be filed through BSP consumer assistance channels.

However, not all online lending apps are BSP-supervised. Many are SEC-regulated lending or financing companies.

G. Department of Trade and Industry

For certain consumer protection issues involving deceptive practices, unfair terms, or misleading representations, DTI may be relevant, although lending company regulation is often handled elsewhere.

H. Barangay

Barangay assistance may help if harassment involves local individuals, physical threats, or known collectors residing nearby. However, app-based lending harassment often requires SEC, NPC, or cybercrime agencies.

I. Courts

Civil court remedies may be available for damages, injunction, defamation, abuse of rights, privacy invasion, or other civil claims. Court action may be considered for serious harm, repeated harassment, or failure of administrative remedies.

X. Which Agency Should You Choose?

The same incident may involve more than one agency.

If the issue is abusive collection

File with the SEC if the lender is a lending or financing company.

If the issue is misuse of personal data

File with the NPC.

If the issue is online threats, fake posts, identity misuse, or cyber-libel

File with PNP-ACG, NBI Cybercrime, or prosecutor’s office.

If the issue is a bank or BSP-supervised financial institution

File with BSP consumer assistance.

If the issue is immediate physical danger

Call police or seek barangay/police assistance.

If the issue is civil damages

Consider court action.

A borrower may file parallel complaints if the facts support different violations. For example, a borrower may file with the SEC for abusive collection, with the NPC for privacy violations, and with cybercrime authorities for threats and public shaming.

XI. Preparing a Strong Complaint

A strong complaint should be organized and evidence-based.

A. Identify the complainant

Include:

  • full name;
  • address;
  • contact number;
  • email;
  • government ID, if required by the agency;
  • relationship to loan account.

B. Identify the respondent

Include:

  • app name;
  • company name;
  • SEC registration number, if known;
  • address;
  • email;
  • phone numbers;
  • collector names or aliases;
  • payment account names;
  • app developer name;
  • website;
  • social media pages;
  • screenshots of app store listing.

C. State the facts chronologically

Example:

  • Date loan was downloaded;
  • Date app installed;
  • Amount borrowed;
  • Amount received;
  • Due date;
  • Amount paid, if any;
  • Date harassment began;
  • What messages were sent;
  • Who was contacted;
  • What personal data was disclosed;
  • What threats were made;
  • What harm occurred.

D. Identify the violations

State whether the complaint involves:

  • harassment;
  • unauthorized contact with third parties;
  • public shaming;
  • privacy violation;
  • excessive collection;
  • threats;
  • fake legal documents;
  • defamation;
  • unauthorized access to contacts;
  • deceptive lending practices.

E. Attach evidence

Number attachments clearly.

Example:

  • Annex A: Screenshot of loan app profile;
  • Annex B: Loan agreement;
  • Annex C: Payslip or payment receipt;
  • Annex D: Harassing messages to borrower;
  • Annex E: Messages sent to mother/employer/co-worker;
  • Annex F: Screenshot of public Facebook post;
  • Annex G: App permissions screenshot;
  • Annex H: Demand to stop harassment;
  • Annex I: Payment history.

F. State the relief requested

Possible requests:

  • investigation;
  • order to stop harassment;
  • takedown of public posts;
  • deletion of unlawfully processed personal data;
  • correction of data;
  • sanctions against app or company;
  • revocation or suspension of authority;
  • damages, if forum allows;
  • referral for criminal investigation;
  • written apology or cease-and-desist;
  • lawful computation of remaining balance;
  • recognition of payments made.

XII. Sample Complaint Narrative

A complaint may state:

I obtained a loan through the mobile application “[App Name]” on [date]. The amount advertised was ₱, but the amount actually received was ₱ after deductions. The due date was [date].

Beginning [date], agents using the numbers [numbers] repeatedly called and messaged me using abusive and threatening language. They threatened to post my photo online and contact my employer.

On [date], my mother, co-worker, and supervisor received messages stating that I am a scammer and that I should be reported to police. These persons are not parties to the loan. I did not authorize the disclosure of my loan information to them.

The collectors also sent a photo of my ID and threatened public posting. Attached are screenshots of the messages and call logs.

I respectfully request investigation and appropriate action for abusive collection practices and unauthorized processing and disclosure of my personal information.

XIII. Sample Cease-and-Desist Message to Collector

A borrower may send:

I acknowledge that there is a loan dispute/account with your company. However, your agents have contacted my relatives, employer, and other persons who are not parties to the loan, and have sent threatening and defamatory messages.

You are directed to stop harassment, public shaming, threats, and unauthorized disclosure of my personal information. Communicate with me only through lawful and appropriate channels. I am preserving evidence and will file complaints with the proper government agencies.

This message should be factual, not abusive. It is not necessary to argue at length.

XIV. Evidence Preservation Guide

A. Screenshots

Take screenshots showing:

  • sender number or account;
  • date and time;
  • full message;
  • profile photo or name;
  • group chat name, if any;
  • URL for public posts;
  • app name and loan details.

B. Screen recordings

A screen recording may help show scrolling chats, public posts, or app permissions.

C. Call logs

Export or screenshot call history showing repeated calls.

D. Voice calls

If calls contain threats, write a call log immediately after each call:

  • date;
  • time;
  • number;
  • name used;
  • exact words;
  • witnesses;
  • duration.

Audio recording rules can be legally sensitive. Do not illegally record private communications. If recording is needed, seek legal advice or rely on lawful documentation.

E. Witness statements

Ask contacted third parties to write a short statement:

“On [date], I received a message from [number/account] stating that [borrower] owed money and calling him/her [words]. Attached is the screenshot.”

F. Preserve links

For social media posts, copy the URL. Take screenshots before the post is deleted.

G. Do not edit evidence

Do not crop out dates, numbers, or names. Keep original files.

H. Back up evidence

Save to cloud storage, email, USB drive, or another device.

XV. What If the App Accessed Your Contacts?

If an app accessed and used your contacts:

  1. Screenshot app permission settings.
  2. Screenshot the app’s privacy policy and consent screen.
  3. Ask contacted persons for screenshots.
  4. List all contacted persons and their relationship to you.
  5. Revoke contact permission.
  6. File a privacy complaint with the NPC.
  7. File a regulatory complaint with the SEC if the lender is a lending or financing company.
  8. Consider cybercrime complaint if messages contain threats, defamation, or identity misuse.

Important point: Even if the borrower gave app permission to access contacts, using those contacts to shame, threaten, or pressure third parties may still be unlawful or excessive.

XVI. What If the Collectors Contacted Your Employer?

Contacting an employer is especially damaging. It may affect reputation, employment, promotion, or workplace relationships.

Steps:

  1. Ask HR or the supervisor for screenshots or written confirmation.
  2. Request that the employer not entertain collection harassment.
  3. Tell the collector in writing not to contact your workplace.
  4. File complaints with SEC and NPC.
  5. If false accusations were made, consider defamation or cyber-libel remedies.
  6. If employment was affected, preserve documents showing harm.

A lawful debt collector should not disclose debt information to an employer simply to shame or pressure the borrower.

XVII. What If They Posted You on Social Media?

If your name, photo, ID, or alleged debt was posted online:

  1. Screenshot the post, comments, profile, date, and URL.
  2. Ask friends to preserve screenshots.
  3. Report the post to the platform for privacy violation or harassment.
  4. File with the NPC for unauthorized disclosure.
  5. File with SEC for abusive collection.
  6. Consider cyber-libel or other cybercrime complaint if defamatory statements were made.
  7. Send a takedown demand to the app or collector, if identifiable.
  8. Preserve evidence before the post is deleted.

Public shaming is not a lawful substitute for collection litigation.

XVIII. What If They Threaten Arrest or Jail?

A collector may say:

  • “Police will arrest you today.”
  • “You have a warrant.”
  • “You will be jailed for estafa.”
  • “NBI is tracking you.”
  • “We filed a criminal case.”
  • “Barangay will pick you up.”

For ordinary unpaid debt, these threats are often misleading. Ask for:

  • case number;
  • court name;
  • prosecutor docket number;
  • police station;
  • copy of complaint;
  • name and authority of person contacting you.

Do not panic. Verify independently. If the document is fake or the threat is baseless, include it in your complaint.

XIX. What If They Send Fake Subpoenas or Warrants?

Fake legal documents should be preserved and reported.

Check:

  • Does it name a real court or agency?
  • Is there a docket number?
  • Is there a judge, prosecutor, or officer?
  • Is the format suspicious?
  • Was it sent by a random mobile number?
  • Does it demand payment to avoid arrest?
  • Does it use threatening language?
  • Does it contain wrong grammar or unofficial seals?

Possible complaints may include SEC, PNP-ACG, NBI Cybercrime, and prosecutor’s office depending on facts.

XX. What If They Threaten Your Family?

If collectors threaten or harass family members:

  1. Preserve messages.
  2. Ask family not to argue.
  3. Send a cease-and-desist message.
  4. File complaints with SEC and NPC.
  5. If threats are serious, report to police or cybercrime authorities.
  6. If minors are contacted, emphasize this in the complaint.

Family members are generally not liable for the borrower’s debt unless they are co-borrowers, guarantors, sureties, or otherwise legally bound.

XXI. What If They Demand Payment Through Personal E-Wallets?

Some collectors instruct borrowers to pay through personal GCash, Maya, bank accounts, or unofficial channels.

Be careful. Paying through unofficial channels may create disputes about whether payment was credited.

Before paying:

  1. Ask for official payment channels.
  2. Ask for account name matching the lending company.
  3. Ask for official receipt or confirmation.
  4. Screenshot payment instructions.
  5. Avoid sending money to a personal account unless the company confirms in writing.
  6. Keep proof of payment.

If the lender refuses official channels, include that in the complaint.

XXII. What If You Actually Owe the Loan?

Owing the loan does not prevent you from reporting harassment or privacy violations. The debt issue and the harassment issue are separate.

A borrower should consider:

  1. Asking for a complete statement of account;
  2. Verifying principal, interest, fees, and penalties;
  3. Negotiating a payment plan;
  4. Paying only through official channels;
  5. Avoiding admission of inflated charges;
  6. Keeping receipts;
  7. Reporting abusive conduct regardless of debt status.

You can say:

“I am willing to settle any lawful obligation, but I do not consent to harassment, threats, public shaming, or disclosure of my personal data.”

XXIII. Challenging Excessive Interest and Charges

Some online loans advertise low rates but deduct fees upfront and impose heavy penalties. The effective cost may be much higher than expected.

Borrowers should request:

  • principal amount;
  • amount actually disbursed;
  • interest rate;
  • service fee;
  • processing fee;
  • platform fee;
  • penalty;
  • extension fee;
  • total amount due;
  • due date;
  • basis of computation;
  • copy of loan agreement.

Charges may be challenged if they are hidden, misleading, unauthorized, unconscionable, or contrary to regulation. Complaints may be filed with the appropriate regulator.

XXIV. Can Online Lending Apps Access Your Contacts Legally?

An app may request permissions, but legal access is not automatic. The app must have a lawful basis and must comply with privacy principles.

Problems arise when:

  • access is forced as a condition without meaningful choice;
  • the app collects all contacts even if unnecessary;
  • contacts are used for collection harassment;
  • third parties are contacted without being parties to the loan;
  • the app discloses loan information to contacts;
  • the privacy notice is vague or misleading;
  • the app retains contacts after loan closure;
  • collectors use contact data outside the lending purpose.

Borrowers may complain even if they clicked “allow,” especially if the data was used abusively or beyond legitimate purpose.

XXV. Rights of Third Parties Contacted by Collectors

Relatives, friends, employers, and co-workers contacted by collectors may also have rights.

They may complain if:

  • their personal data was used without basis;
  • they were harassed;
  • they received threats;
  • they were falsely told they were liable;
  • their number was obtained from the borrower’s contact list;
  • they were added to group chats;
  • their workplace was disturbed;
  • they suffered reputational harm.

A third party who is not a co-borrower or guarantor generally should not be pressured to pay another person’s debt.

XXVI. Reporting an Unregistered or Suspicious Lending App

If the app appears unregistered or suspicious, gather:

  • app name;
  • screenshots of app store listing;
  • developer name;
  • website;
  • phone numbers;
  • payment accounts;
  • loan agreement;
  • messages;
  • advertised registration number;
  • business address;
  • privacy policy;
  • names of collectors.

Report to the SEC and, where cyber abuse is involved, to cybercrime authorities. Unregistered lending activity may have regulatory consequences.

XXVII. What Relief Can Agencies Grant?

Depending on the agency and case, possible outcomes include:

A. SEC

  • Investigation;
  • warning;
  • fines;
  • suspension;
  • revocation of authority;
  • cease-and-desist orders;
  • takedown or app-related action;
  • referral for prosecution;
  • compliance directives.

B. NPC

  • Investigation;
  • orders to stop unlawful processing;
  • orders to delete or correct data;
  • orders to take down unlawfully disclosed data;
  • compliance orders;
  • administrative fines or penalties;
  • referral for prosecution in proper cases.

C. Cybercrime authorities

  • Investigation of online threats, fake accounts, identity misuse, cyber-libel, or extortion;
  • identification of perpetrators;
  • referral for prosecution.

D. Prosecutor or court

  • Criminal proceedings;
  • civil damages;
  • injunction;
  • other judicial relief.

Administrative complaints may stop abusive practices and sanction companies, while civil or criminal actions may address personal liability and damages.

XXVIII. Possible Criminal Offenses

Depending on the facts, abusive collectors may risk liability for:

  1. Grave threats — if serious threats of harm are made;
  2. Light threats — depending on the nature of the threat;
  3. Coercion — if force, violence, or intimidation is used to compel an act;
  4. Unjust vexation — for acts causing annoyance, irritation, or distress without lawful justification;
  5. Cyber-libel — if defamatory statements are publicly made online;
  6. Identity theft — if identity data is misused;
  7. Falsification — if fake documents are created or used;
  8. Extortion or robbery-related offenses — in severe cases involving threats to obtain money unlawfully;
  9. Data privacy offenses — for unlawful processing or disclosure of personal information;
  10. Other cybercrime-related offenses depending on the acts.

The exact offense depends on the wording, medium, publication, intent, and evidence.

XXIX. Civil Remedies

A borrower may pursue civil remedies if harassment caused harm.

Possible claims may include:

  • damages for abuse of rights;
  • damages for defamation;
  • damages for invasion of privacy;
  • damages for mental anguish;
  • injunction against continued harassment;
  • correction or deletion of data;
  • accounting of loan balance;
  • refund of unlawful charges;
  • attorney’s fees in proper cases.

Civil cases require time and cost, so they are usually considered when harm is serious or repeated.

XXX. Data Privacy Complaint: Key Points to Prove

A privacy complaint should show:

  1. The respondent is a personal information controller or processor;
  2. The complainant’s personal data was collected or processed;
  3. The processing was unlawful, excessive, unfair, unauthorized, or beyond purpose;
  4. Personal data was disclosed to third parties or publicly posted;
  5. The complainant suffered harm or rights were violated;
  6. The complainant seeks specific relief.

The strongest privacy complaints include screenshots showing the actual disclosure to contacts or online posts.

XXXI. SEC Complaint: Key Points to Prove

A regulatory complaint against a lending app should show:

  1. The respondent is an online lending platform, lending company, financing company, or collector;
  2. The complainant obtained or was offered a loan;
  3. The respondent engaged in unfair, abusive, or unlawful collection;
  4. The acts were committed by company agents, collectors, or accounts linked to the app;
  5. The complainant has evidence of threats, shaming, unauthorized contact, or improper charges;
  6. Regulatory action is requested.

Even if the collector uses a personal number, screenshots linking the collector to the app or loan account are important.

XXXII. Cybercrime Complaint: Key Points to Prove

A cybercrime complaint should show:

  1. The online account, number, or platform used;
  2. The exact content of the threat, defamatory statement, or misuse;
  3. The date and time;
  4. The victim and audience;
  5. Screenshots, URLs, metadata, or device evidence;
  6. Identity of suspect, if known;
  7. Harm caused.

For public posts, preserve URLs. For private threats, preserve full chat threads.

XXXIII. Protecting Yourself While Complaints Are Pending

While complaints are pending:

  1. Block abusive numbers after preserving evidence;
  2. Use call filtering;
  3. Inform family and employer that collectors may contact them unlawfully;
  4. Ask contacts not to engage;
  5. Monitor social media posts;
  6. Preserve new evidence;
  7. Pay only through verified channels if settling;
  8. Avoid downloading similar apps;
  9. Review credit and financial records;
  10. Change passwords and revoke permissions.

XXXIV. Communicating With Family, Friends, and Employer

If collectors contacted your contacts, consider sending a calm explanation:

“You may receive messages from an online lending collector about a personal loan. They are not authorized to harass or involve you. You are not responsible for my account. Please do not engage with them. Kindly send me screenshots if they contact you so I can include them in my complaint.”

For employers:

“I apologize for any disturbance caused by unauthorized collectors. This is a personal matter, and they have no authority to contact the company or disclose my personal information. I am documenting the incident and filing complaints with the proper agencies.”

This helps prevent panic and preserves evidence.

XXXV. Settlement Without Waiving Rights

A borrower may want to settle the loan to stop harassment. Settlement should be documented.

Before paying, request:

  • complete computation;
  • principal;
  • interest;
  • penalties;
  • discounts;
  • final settlement amount;
  • official payment channel;
  • written confirmation that payment fully settles the account;
  • receipt;
  • deletion or cessation of collection processing, where appropriate.

A settlement should not include a forced waiver of complaints for prior harassment unless the borrower knowingly agrees after considering the consequences.

A sample settlement request:

“Please provide the final settlement amount, official payment channel, and written confirmation that payment of ₱____ will fully settle the account and stop all collection activity. Payment will be made only through official channels.”

XXXVI. Avoiding Further Online Lending Abuse

Practical precautions:

  1. Do not install lending apps without checking legitimacy.
  2. Read app permissions before granting access.
  3. Avoid apps requiring full contact access.
  4. Check company registration and reviews.
  5. Read loan terms before accepting.
  6. Compare amount borrowed vs. amount disbursed.
  7. Avoid rolling over loans repeatedly.
  8. Do not borrow from one app to pay another.
  9. Keep records of every transaction.
  10. Use formal financial institutions when possible.
  11. Do not submit unnecessary IDs or selfies.
  12. Avoid apps that threaten contact disclosure.
  13. Delete unused apps after account closure and data request, where appropriate.

XXXVII. Red Flags in Online Lending Apps

Be cautious if the app:

  • gives loan approval instantly with almost no screening;
  • requires access to all contacts;
  • requires access to photos or SMS unrelated to lending;
  • has no clear company name;
  • has no SEC registration details;
  • uses vague addresses;
  • disburses much less than advertised;
  • imposes very short repayment periods;
  • charges huge processing fees;
  • threatens contact disclosure in its terms;
  • uses abusive collection language;
  • asks payment to personal accounts;
  • has many similar clone apps;
  • has no customer service;
  • changes app names frequently.

XXXVIII. Frequently Asked Questions

1. Can I report an online lending app even if I owe money?

Yes. Debt and harassment are separate issues. You may still owe lawful amounts, but the lender may not harass or misuse personal data.

2. Can they contact my family or employer?

They should not disclose your debt or harass third parties without lawful basis. Contacting third parties to shame or pressure you may be actionable.

3. Can they post my name and photo online?

Public shaming may violate privacy, defamation, cybercrime, and civil law principles. Preserve evidence and report it.

4. Can they access my contacts because I clicked “allow”?

Permission does not authorize abusive or excessive use. Using contacts for harassment or disclosure may still violate privacy rules.

5. Can I be jailed for not paying an online loan?

Mere non-payment of debt is generally not a crime. Criminal liability requires separate criminal acts such as fraud or falsification.

6. What if they say they filed estafa?

Ask for official case details and verify independently. Collectors often use false criminal threats to pressure borrowers.

7. Should I block them?

Preserve evidence first. After saving screenshots and call logs, you may block abusive numbers while keeping lawful communication channels open.

8. What if they use different numbers every day?

Continue preserving evidence. Include all numbers in your complaint.

9. Where should I file first?

For abusive lending collection, file with SEC. For privacy violations, file with NPC. For threats, cyber-libel, fake posts, or identity misuse, file with PNP-ACG, NBI Cybercrime, or the prosecutor.

10. Can my relatives file complaints too?

Yes, if they were harassed, threatened, or had their personal data used.

11. Can I ask the app to delete my data?

You may exercise data privacy rights, subject to lawful retention requirements. The app cannot use retention as an excuse for harassment or unlawful disclosure.

12. What if I already paid but they still harass me?

Send proof of payment and demand cessation. File complaints if harassment continues.

13. What if the app is no longer on the app store?

Still preserve screenshots, payment records, messages, company names, and numbers. Report the entity and collectors.

14. What if the collector is a third-party agency?

The lender may still be responsible for its collectors. File against the app/company and identify the collection agency if known.

15. Can I recover damages?

Possibly, especially if there was public shaming, privacy breach, defamation, threats, or harm to employment or reputation. Civil action may be needed.

XXXIX. Sample Evidence Index

A complaint may attach:

  1. Screenshot of app name and profile;
  2. Screenshot of app permissions;
  3. Loan agreement;
  4. Proof of amount received;
  5. Statement of account;
  6. Payment receipts;
  7. Harassing messages to borrower;
  8. Call logs;
  9. Messages sent to mother;
  10. Messages sent to employer;
  11. Public social media post;
  12. Fake warrant or subpoena;
  13. Demand to stop harassment;
  14. Privacy policy screenshot;
  15. Affidavit of contacted third party;
  16. Screenshot of payment channel;
  17. App store listing;
  18. Company registration screenshot, if available;
  19. Any response from app support;
  20. Timeline of events.

XL. Sample Timeline for Complaint

Date Event Evidence
Jan. 5 Loan app installed and permissions granted App screenshots
Jan. 5 Loan of ₱5,000 approved; ₱3,500 disbursed Loan agreement, wallet receipt
Jan. 12 Due date App notice
Jan. 13 Collector began threats SMS screenshots
Jan. 14 Mother and employer contacted Third-party screenshots
Jan. 15 Borrower’s photo posted in group chat Group chat screenshot
Jan. 16 Cease-and-desist sent Message screenshot
Jan. 17 Harassment continued Call logs

This type of timeline makes the complaint easier to evaluate.

XLI. Practical Reporting Checklist

Before filing, prepare:

  • Your valid ID;
  • Your contact details;
  • App name and company name;
  • Loan account number, if any;
  • Loan amount and due date;
  • Payment records;
  • Screenshots of harassment;
  • Screenshots of third-party messages;
  • Contact numbers used by collectors;
  • Links to public posts;
  • App permissions screenshots;
  • Privacy policy or terms;
  • Names of affected contacts;
  • Written narrative;
  • Relief requested.

XLII. Key Legal Principles Summarized

  1. Borrowers must pay lawful debts, but lenders must collect lawfully.
  2. Mere non-payment of debt is generally not a crime.
  3. Debt collectors may not threaten, shame, defame, or harass borrowers.
  4. Loan information should not be disclosed to third parties without lawful basis.
  5. Contact list access must comply with data privacy principles.
  6. Consent does not justify excessive or abusive data use.
  7. Public posting of borrower information may create privacy, defamation, and cybercrime issues.
  8. Fake legal threats and impersonation of authorities should be reported.
  9. Evidence must be preserved before blocking, deleting, or uninstalling.
  10. SEC handles many abusive online lending complaints.
  11. NPC handles personal data privacy violations.
  12. Cybercrime authorities handle online threats, identity misuse, and cyber-libel.
  13. Borrowers may file complaints even if the loan remains unpaid.
  14. Third parties contacted by collectors may also have rights.
  15. Settlement should be documented and paid only through official channels.

XLIII. Conclusion

Online lending apps may lawfully lend money and collect unpaid obligations, but they must do so within the bounds of Philippine law. A borrower’s default does not authorize harassment, threats, public shaming, unauthorized contact with relatives or employers, misuse of phone contacts, fake legal notices, or disclosure of personal data.

The best response is organized documentation. Preserve screenshots, call logs, app permissions, loan documents, payment records, and messages sent to third parties. Identify the app and company behind the loan. Then file with the proper agency: the Securities and Exchange Commission for abusive lending and collection practices, the National Privacy Commission for personal data misuse, cybercrime authorities for online threats or public shaming, and courts or prosecutors for serious civil or criminal violations.

Borrowers should remain calm, avoid retaliatory threats, pay only lawful obligations through verified channels, and assert their rights firmly. The law does not protect debt evasion, but it also does not tolerate abusive collection. In the Philippines, the proper remedy for unpaid debt is lawful collection—not humiliation, intimidation, or privacy invasion.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login