How to Report Harassment and Privacy Violations by Online Lending Apps

I. Introduction

Online lending apps have become a common source of fast credit in the Philippines. Many borrowers use them for emergency expenses, bills, tuition, medical needs, food, rent, or temporary cash shortages. While some online lenders operate lawfully, others engage in abusive collection practices and privacy violations that can cause serious harm.

Common complaints include repeated threats, contact-list harassment, employer shaming, public posting of borrower information, fake legal notices, threats of arrest, insults, excessive penalties, unauthorized use of photos and IDs, and messages to relatives, friends, co-workers, or phone contacts who are not legally liable for the loan.

A borrower’s failure to pay on time does not give a lender or collector the right to humiliate, threaten, defame, or expose personal information. A lender may collect a valid debt, but collection must be lawful, fair, proportionate, and respectful of privacy rights.

This article explains how to report harassment and privacy violations by online lending apps in the Philippine context. It discusses what acts may be unlawful, what evidence to gather, where to file complaints, how to prepare complaints before the Securities and Exchange Commission, National Privacy Commission, law enforcement, app platforms, and other agencies, and what practical steps borrowers and affected contacts should take.

II. Common Abuses by Online Lending Apps

Online lending app abuse may take many forms. The most common are:

  1. threatening arrest for ordinary nonpayment;
  2. sending fake subpoenas, warrants, or court notices;
  3. repeatedly calling or messaging at unreasonable hours;
  4. using insults, profanity, or degrading language;
  5. calling the borrower a scammer, thief, fraudster, criminal, or estafador;
  6. contacting relatives, friends, co-workers, employers, or phone contacts;
  7. disclosing the borrower’s debt to third parties;
  8. sending group messages to shame the borrower;
  9. posting the borrower’s name, face, ID, address, or workplace online;
  10. creating fake “wanted” posters;
  11. threatening to visit the borrower’s home or workplace;
  12. demanding payment from people who are not co-makers, guarantors, or co-borrowers;
  13. using personal data collected from the borrower’s phone;
  14. accessing contacts, photos, files, or other device data beyond what is necessary;
  15. refusing to provide a clear statement of account;
  16. adding hidden, excessive, or unexplained charges;
  17. demanding payment through suspicious personal accounts;
  18. continuing collection after payment or settlement;
  19. threatening to report the borrower to HR, barangay, police, NBI, or court without lawful basis;
  20. using fake names, fake law offices, fake government titles, or fake collection agencies.

These acts may support regulatory, privacy, civil, and criminal complaints depending on the facts.

III. Lawful Collection vs. Harassment

A creditor has the right to collect a valid debt. The law does not prevent a lender from reminding a borrower of payment obligations or filing a lawful collection case.

Lawful collection may include:

  • payment reminders;
  • formal demand letters;
  • calls during reasonable hours;
  • statement of account;
  • restructuring offers;
  • settlement proposals;
  • referral to a legitimate collection agency;
  • lawful civil action for collection;
  • lawful credit reporting where allowed.

Harassment may include:

  • threats of arrest for ordinary unpaid debt;
  • public shaming;
  • contact-list blasting;
  • messages to employers and co-workers;
  • fake legal documents;
  • threats of physical harm;
  • insults and abusive language;
  • disclosure of debt to unrelated persons;
  • use of borrower photos or IDs to shame;
  • impersonation of police, lawyers, courts, or government officers;
  • coercive demands for immediate payment under threat of exposure.

The line is crossed when collection becomes abusive, deceptive, defamatory, threatening, or privacy-invasive.

IV. Ordinary Loan Nonpayment Is Generally Civil

A frequent tactic of abusive collectors is telling borrowers that they will be arrested immediately if they do not pay.

In general, nonpayment of a private debt is a civil matter. A person is not imprisoned merely for failing to pay a loan. Criminal liability may arise only if there are separate criminal acts, such as fraud, falsification, use of fake identity, bouncing checks where applicable, threats, extortion, identity theft, cyberlibel, or similar offenses.

Collectors should not use fake criminal threats to force payment.

Examples of improper threats include:

  • “Police will arrest you today.”
  • “NBI is already tracking you.”
  • “A warrant has been issued.”
  • “You will be jailed if you do not pay in one hour.”
  • “We will file estafa automatically.”
  • “Your employer will receive a criminal notice.”
  • “Barangay and police are coming to your house.”

If the borrower receives such threats, they should preserve them as evidence.

V. Privacy Violations by Online Lending Apps

Online lending apps often collect personal data during registration and loan application. Some data collection may be legitimate for identity verification, credit assessment, fraud prevention, loan release, and collection. However, the collection and use of personal data must remain lawful, transparent, proportionate, and limited to legitimate purposes.

Privacy violations may occur when the app or collector:

  1. accesses the borrower’s contact list without proper basis;
  2. sends debt messages to contacts;
  3. discloses the debt to relatives, friends, employers, or co-workers;
  4. posts the borrower’s photo, ID, address, or phone number;
  5. uses borrower data for public shaming;
  6. collects excessive permissions unrelated to lending;
  7. shares borrower data with unknown collectors;
  8. refuses to identify who has the borrower’s data;
  9. uses personal data after the account is settled;
  10. threatens to expose private information;
  11. uses data for purposes not disclosed in the privacy notice;
  12. keeps data longer than necessary;
  13. fails to secure borrower information;
  14. uses emergency contacts as collection targets;
  15. obtains consent through vague or deceptive app terms.

Consent is not a blank check. Even if a borrower clicked “agree,” the lender cannot use personal data for harassment, humiliation, or unlawful disclosure.

VI. Contact-List Harassment

Contact-list harassment is one of the most serious and common abuses. It happens when the app or collector messages or calls people from the borrower’s phonebook.

The messages may say:

  • the borrower is a scammer;
  • the borrower is a criminal;
  • the borrower refuses to pay;
  • the recipient should pressure the borrower;
  • the borrower used the recipient as a reference;
  • the recipient must pay instead;
  • the borrower will be exposed publicly;
  • the borrower is subject to a case.

This may violate privacy rights and may also amount to harassment or defamation.

A phone contact is not automatically liable for a borrower’s loan. A person becomes liable only if they validly agreed to be a co-borrower, co-maker, guarantor, surety, or other legally responsible party.

A mere emergency contact or reference should not be treated as a debtor.

VII. Employer Harassment

Some collectors contact the borrower’s employer, supervisor, HR department, or co-workers. They may disclose the debt, call the borrower dishonest, or threaten to file a case with the company.

This can cause serious harm:

  • workplace embarrassment;
  • disciplinary action;
  • loss of promotion;
  • damaged professional reputation;
  • anxiety and stress;
  • possible termination risk;
  • strained relationship with management.

Unless the employer is legally connected to the loan, such as through a valid payroll loan arrangement or co-maker agreement, disclosure to the employer may be improper.

The borrower should ask the employer or co-worker to preserve and forward screenshots, emails, numbers used, and call details.

VIII. Public Shaming

Public shaming may include:

  • posting the borrower’s photo on Facebook or other platforms;
  • calling the borrower a scammer or thief;
  • creating fake “wanted” posters;
  • posting IDs or selfies;
  • tagging relatives or employer;
  • posting in community groups;
  • sending defamatory group messages;
  • threatening public exposure unless payment is made.

Public shaming may give rise to complaints for privacy violations, cyberlibel, harassment, coercion, or other legal remedies depending on content and facts.

Even if the borrower owes money, a lender cannot freely publish personal loan information or defamatory accusations.

IX. Fake Legal Notices

Borrowers often receive fake documents designed to look like official notices.

These may pretend to be:

  • warrant of arrest;
  • subpoena;
  • court summons;
  • police notice;
  • NBI notice;
  • prosecutor notice;
  • barangay blotter;
  • hold departure order;
  • final criminal notice;
  • cybercrime notice;
  • law office demand with fake lawyer names.

A genuine court, prosecutor, police, or barangay document should come from the proper office and contain verifiable details. Collectors cannot create fake government documents to intimidate borrowers.

Signs of fake notices include:

  • demand for immediate e-wallet payment;
  • personal mobile number as the only contact;
  • no court branch or case number;
  • poor formatting or wrong legal terms;
  • threat of arrest within hours;
  • no official service method;
  • sender is a collector using a private number;
  • generic template with the borrower’s name inserted.

Fake legal notices should be preserved and reported.

X. Excessive and Hidden Charges

Harassment complaints often occur together with disputes over charges. Some apps release far less than the approved amount but demand repayment of a much larger sum within a very short period.

Example:

  • approved amount: PHP 5,000;
  • amount released: PHP 3,000;
  • repayment due after 7 days: PHP 5,500.

This may involve hidden processing fees, service fees, platform charges, or penalties. Borrowers should document the amount approved, amount actually received, deductions, due date, interest, penalties, and total amount demanded.

A complaint may include both abusive collection and unfair or misleading lending practices.

XI. Identify the Online Lending App and Legal Entity

Before filing a complaint, identify the lender as accurately as possible.

Gather:

  • app name;
  • app developer name;
  • website;
  • Facebook page or social media page;
  • corporate name;
  • SEC registration number, if claimed;
  • Certificate of Authority number, if claimed;
  • customer service email;
  • collection agency name;
  • payment account name;
  • e-wallet or bank details;
  • collector numbers;
  • privacy policy;
  • terms and conditions;
  • loan agreement;
  • disclosure statement;
  • related apps using the same collectors or templates.

Many apps use brand names different from the registered company name. A complaint is stronger if the borrower identifies both the app name and the company behind it.

XII. SEC Registration Is Not Enough

A company may be registered with the Securities and Exchange Commission as a corporation, but that does not automatically mean it is authorized to operate as a lending or financing company.

For online lending legitimacy, the borrower should check:

  1. corporate registration;
  2. authority to operate as a lending company or financing company;
  3. whether the app is connected to that authorized entity;
  4. whether the authority is current, suspended, revoked, or cancelled;
  5. whether the app uses a name different from the registered entity.

A lender that says “SEC registered” but cannot show authority to lend may be suspicious.

XIII. Agencies Where Complaints May Be Filed

Depending on the violation, complaints may be filed or reported to:

  1. Securities and Exchange Commission for unauthorized lending, abusive collection, lending company violations, and deceptive lending practices;
  2. National Privacy Commission for misuse of personal data, contact-list harassment, data exposure, and privacy violations;
  3. PNP Anti-Cybercrime Group for threats, cyberlibel, identity theft, fake accounts, extortion, and cybercrime-related acts;
  4. NBI Cybercrime Division for serious cybercrime, identity misuse, extortion, fake legal notices, and organized online harassment;
  5. Presidential Anti-Organized Crime Commission where conduct appears organized, large-scale, syndicated, or connected to illegal online lending networks;
  6. Bangko Sentral ng Pilipinas if the entity is a BSP-supervised financial institution, payment service provider, e-money issuer, or bank-related product;
  7. Department of Trade and Industry for some consumer complaints, depending on the nature of the transaction;
  8. App stores and social media platforms for takedown, app removal, impersonation, harassment, scam, and privacy reports;
  9. Courts or prosecutor’s office for criminal or civil cases where appropriate.

A borrower may file with more than one agency if the facts justify it.

XIV. When to File With the SEC

The SEC is the usual agency for complaints involving lending companies, financing companies, and online lending app practices.

File or report to the SEC when:

  • the lender is not authorized to operate;
  • the app claims SEC registration but may not have lending authority;
  • the app uses abusive collection practices;
  • the lender uses threats, shaming, or misleading legal claims;
  • fees and charges are hidden or deceptive;
  • the app refuses to identify the legal lender;
  • collectors act on behalf of a lending or financing company;
  • the lender contacts third parties as part of debt collection;
  • the lender uses unfair or abusive practices;
  • multiple apps appear to be operated by the same company.

The SEC complaint should focus on lender legitimacy, authority to operate, disclosure of charges, and abusive collection practices.

XV. Evidence for an SEC Complaint

Prepare:

  • app name and screenshots;
  • app store listing;
  • company name and SEC number if available;
  • Certificate of Authority if claimed;
  • loan agreement;
  • disclosure statement;
  • privacy policy;
  • terms and conditions;
  • amount approved;
  • amount released;
  • fees deducted;
  • repayment demand;
  • interest and penalties;
  • screenshots of collection messages;
  • fake legal notices;
  • threats;
  • calls and call logs;
  • messages to contacts;
  • public shaming posts;
  • payment instructions;
  • e-wallet or bank account details;
  • statement of account, if any;
  • proof of payment;
  • chronology of events.

The complaint should be organized and factual.

XVI. Sample SEC Complaint Narrative

A borrower may write:

I am filing this complaint against [name of online lending app/company] for abusive online lending and collection practices. I applied for a loan through the app on [date]. The approved amount was [amount], but only [amount] was released after deductions. The app demanded repayment of [amount] by [date].

After I was unable to pay on time, collectors using the numbers/accounts [list] sent threats, fake legal notices, and defamatory messages. They contacted my relatives, friends, and employer, even though those persons are not co-borrowers, guarantors, or co-makers. They also threatened arrest and public posting of my information.

I request investigation into the company’s authority to operate, its fees and charges, its collection practices, and the acts of its collectors or agents. Attached are screenshots, loan documents, payment records, and messages sent to my contacts.

XVII. When to File With the National Privacy Commission

The National Privacy Commission is the proper agency for personal data misuse.

File or report to the NPC when:

  • the app accessed contacts;
  • collectors messaged contacts;
  • the lender disclosed the debt to third parties;
  • the app posted the borrower’s photo, ID, address, or workplace;
  • the app collected excessive permissions;
  • the lender shared personal data with unknown collectors;
  • the borrower’s data was used for shaming;
  • the privacy policy was unclear, missing, or deceptive;
  • the lender refused to stop processing or disclosing data;
  • the lender continued using data after settlement;
  • private information was exposed online;
  • contacts themselves were harassed.

The NPC complaint should focus on unlawful, excessive, unauthorized, or disproportionate processing of personal data.

XVIII. Evidence for an NPC Complaint

Prepare:

  • app name and company name;
  • screenshots of app permissions;
  • privacy policy;
  • terms and conditions;
  • registration screens showing data requested;
  • screenshots showing contact access request;
  • messages sent to phone contacts;
  • screenshots from relatives, friends, co-workers, or employer;
  • public posts containing personal data;
  • photos, IDs, or personal details used;
  • collector messages threatening data exposure;
  • list of persons contacted;
  • proof that those persons were not liable for the loan;
  • proof of loan settlement if harassment continued;
  • written request to stop data misuse, if any;
  • response or non-response by lender;
  • emotional, reputational, or employment harm.

Contacts who received messages should send their own screenshots showing sender, date, time, and content.

XIX. Sample NPC Complaint Narrative

A borrower may write:

I am filing this complaint against [app/company] for unauthorized and excessive processing of my personal data. The app collected my personal information and accessed or used my phone contacts. After I was delayed in payment, collectors disclosed my loan information to my relatives, friends, and co-workers, who are not co-borrowers, guarantors, or co-makers.

The collectors sent messages identifying me as a debtor and accusing me of being a scammer or criminal. They also threatened to expose my personal information. This caused embarrassment, anxiety, and reputational harm.

I request investigation into the app’s collection, use, disclosure, and sharing of my personal data; an order to stop unlawful processing and disclosure; removal of any posted personal data; and appropriate action against the responsible parties.

XX. When to Report to Police or NBI Cybercrime

Report to cybercrime authorities when the conduct involves possible criminal acts, such as:

  • threats of physical harm;
  • extortion;
  • fake warrants or subpoenas;
  • cyberlibel;
  • identity theft;
  • impersonation;
  • hacking or unauthorized access;
  • use of fake accounts;
  • public posting of defamatory material;
  • threats to release private photos;
  • obscene or sexualized harassment;
  • repeated intimidation;
  • fake law office or fake government identity;
  • scam or advance-fee scheme;
  • payment demands through suspicious accounts.

Law enforcement may help identify persons behind numbers, accounts, or coordinated operations, subject to legal process.

XXI. Evidence for Cybercrime Complaint

Prepare:

  • government ID;
  • written narrative;
  • screenshots of threats;
  • screenshots of fake legal notices;
  • screenshots of public posts;
  • call logs;
  • voice recordings, if available and lawfully obtained;
  • collector names and numbers;
  • social media account links;
  • app details;
  • payment account details;
  • proof of loan transaction;
  • proof of payments;
  • screenshots from contacts;
  • witness statements;
  • timeline of harassment;
  • medical or psychological records if harm is serious.

Do not delete the app or messages before preserving evidence.

XXII. When to Refer to PAOCC

The Presidential Anti-Organized Crime Commission may be relevant when online lending harassment appears to be part of a large, organized, or syndicate-like operation.

Indicators include:

  • many victims with similar harassment;
  • multiple lending apps using identical collectors;
  • same payment accounts across different apps;
  • foreign-linked operators;
  • suspected scam hub operations;
  • systematic fake legal notices;
  • use of many SIM cards or fake accounts;
  • coordinated intimidation networks;
  • large-scale illegal data harvesting;
  • organized extortion or threats;
  • connections to other cybercrime schemes.

PAOCC is not usually the first forum for every individual loan dispute. It is more relevant where there appears to be organized criminal activity or large-scale abuse.

XXIII. Evidence for PAOCC Referral

A referral should include:

  • list of apps involved;
  • names of companies or aliases;
  • app screenshots;
  • related websites or social media pages;
  • multiple victim statements;
  • collector numbers;
  • identical messages from different apps;
  • payment account details;
  • fake legal notices;
  • evidence of foreign or organized operations;
  • possible office addresses;
  • screenshots showing patterns;
  • SEC or NPC complaint references if already filed.

Coordinated complaints from multiple victims may be more useful for organized-crime evaluation.

XXIV. Reporting to App Stores and Platforms

Borrowers should also report the app or abusive accounts to platforms.

Report to:

  • Google Play Store;
  • Apple App Store;
  • Facebook;
  • Messenger;
  • TikTok;
  • Instagram;
  • X;
  • Telegram;
  • Viber;
  • WhatsApp;
  • website hosting services;
  • e-wallet providers, if scam-like payment channels are used.

Grounds may include:

  • harassment;
  • scam;
  • impersonation;
  • privacy violation;
  • unauthorized sharing of personal information;
  • fake account;
  • abusive collection;
  • threats;
  • misleading financial service;
  • fake legal notice;
  • non-consensual use of images.

Always preserve evidence before reporting because the content may be removed.

XXV. What to Do First: Preserve Evidence

Before blocking numbers, deleting the app, reporting posts, or confronting collectors, preserve evidence.

Save:

  1. app name and app store page;
  2. developer name;
  3. loan agreement;
  4. privacy policy;
  5. terms and conditions;
  6. app permissions;
  7. screenshots of the loan dashboard;
  8. amount borrowed and released;
  9. repayment demand;
  10. collector messages;
  11. call logs;
  12. fake notices;
  13. public posts;
  14. messages sent to contacts;
  15. payment receipts;
  16. settlement agreements;
  17. proof of full payment;
  18. screenshots from contacts;
  19. employer messages;
  20. numbers, names, and accounts used by collectors.

Evidence disappears quickly. Apps, posts, and accounts may be deleted after complaints.

XXVI. How to Take Strong Screenshots

A strong screenshot should show:

  • sender name or number;
  • date and time;
  • full message;
  • app or platform used;
  • borrower’s name if mentioned;
  • threats or defamatory words;
  • attached documents or photos;
  • profile or account link where possible.

For social media posts, capture:

  • full post;
  • account name;
  • profile URL;
  • date and time;
  • comments;
  • shares;
  • reactions;
  • group or page name;
  • photos used;
  • tags.

Screen recording is often better because it shows navigation from the profile or chat to the content.

Keep original copies. Do not edit the originals.

XXVII. Ask Contacts to Preserve Evidence

If collectors message your relatives, friends, co-workers, or employer, ask them to preserve evidence.

Suggested message:

Please do not reply to the collector. Please send me a screenshot showing the sender’s number or account, the full message, and the date and time. You are not liable for my loan unless you signed as a co-borrower, guarantor, or co-maker. I am gathering evidence for complaints with the proper authorities.

Contacts should avoid arguing with collectors. They may block after preserving evidence.

XXVIII. Make a Timeline

A clear timeline helps agencies understand the complaint.

Include:

  • date loan was applied for;
  • app used;
  • amount approved;
  • amount actually released;
  • fees deducted;
  • due date;
  • first collection reminder;
  • first threat;
  • first contact-list message;
  • employer contact;
  • public shaming post;
  • fake legal notice;
  • payments made;
  • settlement discussion;
  • complaints filed;
  • current harassment status.

A timeline should be factual and supported by attachments.

XXIX. Create an Evidence Folder

Organize evidence into folders:

  1. App Identity
  2. Loan Documents
  3. Privacy Policy and Permissions
  4. Payment Records
  5. Collection Messages
  6. Threats and Fake Notices
  7. Messages to Contacts
  8. Employer Harassment
  9. Public Posts
  10. Proof of Harm
  11. Complaints Filed
  12. Settlement or Full Payment Records

Use filenames with dates, such as:

  • 2026-05-04_CashLoanApp_ThreatMessage.png
  • 2026-05-04_MessageToEmployer.png
  • 2026-05-05_FakeWarrant.pdf
  • 2026-05-05_ProofOfPayment.png

Good organization makes complaints stronger.

XXX. Send a Written Demand to Stop Harassment

A borrower may send a calm written message to the lender or collector. This is not required in all cases, but it creates a record.

Sample message:

I request a complete statement of account and proof that you are authorized to collect this loan. You are directed to stop contacting my relatives, friends, employer, co-workers, and other third parties. They are not co-borrowers, guarantors, co-makers, or sureties. You are also directed to stop disclosing my personal data and loan information. I am preserving all screenshots, call logs, and messages for complaints before the proper authorities.

Avoid insults, threats, or emotional replies. Keep it factual.

XXXI. Request a Statement of Account

Before paying, request a complete statement of account.

Ask for:

  • principal amount;
  • amount released;
  • deductions;
  • interest;
  • penalties;
  • service fees;
  • processing fees;
  • collection fees;
  • payments already made;
  • current balance;
  • official payment channel;
  • lender’s corporate name;
  • collection agency authority.

Do not rely only on a collector’s verbal computation.

XXXII. Payment Safety

If the borrower decides to pay or settle, payment should be made carefully.

Before paying:

  1. verify the lender;
  2. verify the payment channel;
  3. avoid personal accounts unless officially confirmed;
  4. request written settlement terms;
  5. confirm whether payment fully settles the account;
  6. request official receipt or confirmation;
  7. save proof of payment;
  8. request account closure;
  9. request that collection and data disclosure stop.

If a collector demands payment through a personal e-wallet while threatening exposure, preserve the message. It may support a complaint.

XXXIII. Full Payment but Continued Harassment

If the borrower already paid but harassment continues, preserve:

  • proof of payment;
  • settlement agreement;
  • receipt;
  • account closure confirmation;
  • later collection messages;
  • later messages to contacts;
  • lender’s refusal to correct records;
  • screenshots of balance still showing as unpaid.

Continuing harassment after payment can strengthen complaints.

XXXIV. Should the Borrower Delete the App?

Deleting the app does not cancel the loan. But uninstalling may prevent further access or reduce risk if the app has intrusive permissions.

Before deleting, capture:

  • loan agreement;
  • loan balance;
  • terms and conditions;
  • privacy policy;
  • app permissions;
  • payment instructions;
  • chat messages;
  • account number;
  • customer service details;
  • screenshots proving harassment.

After preserving evidence, the borrower may revoke permissions and uninstall if necessary for privacy and safety.

XXXV. Revoke App Permissions

Check phone settings and revoke unnecessary permissions, such as:

  • contacts;
  • photos;
  • camera;
  • microphone;
  • location;
  • files;
  • SMS;
  • call logs;
  • nearby devices;
  • storage.

The app may already have copied data before permissions were revoked, but revocation may reduce future access.

XXXVI. If the App Accessed Contacts Without Permission

If the borrower did not knowingly allow contact access, or if access was hidden, forced, excessive, or used for harassment, document:

  • app permission screenshots;
  • app installation flow, if available;
  • privacy policy;
  • terms and conditions;
  • messages to contacts;
  • collector threats about contacting all contacts;
  • screenshots from contacts;
  • proof contacts were not loan parties.

This is highly relevant to an NPC complaint.

XXXVII. If Contacts Are Threatened

Contacts themselves may be victims of harassment. They may preserve evidence and report if:

  • they receive threats;
  • they are repeatedly called;
  • their own data is used;
  • they are told to pay despite no legal obligation;
  • they are insulted or defamed;
  • they are included in group-shaming messages.

A contact may respond once:

I am not a co-borrower, guarantor, co-maker, or surety. Do not contact me again or disclose another person’s loan information to me.

Then preserve evidence and block if necessary.

XXXVIII. If the Employer Was Contacted

The borrower may notify HR or the supervisor calmly.

Suggested message:

A lending app or collector may have contacted the company about a private loan matter and disclosed personal information without authority. I am documenting the matter and filing appropriate complaints. I respectfully request confidentiality and a copy of any messages, emails, or call details received.

This helps protect employment and gather evidence.

Employers should not spread the information or take action based solely on collector accusations.

XXXIX. If Public Posts Were Made

If the lender or collector posted the borrower’s information online:

  1. screenshot and screen-record the post;
  2. save the post URL;
  3. capture account name and profile link;
  4. capture comments and shares;
  5. ask witnesses to screenshot;
  6. report to the platform;
  7. include the post in SEC and NPC complaints;
  8. consider cyberlibel or privacy remedies;
  9. avoid arguing in comments.

Do not share the defamatory post further unless necessary for evidence, and preferably with sensitive data redacted in public settings.

XL. If Fake Legal Notices Were Sent

Preserve:

  • full notice;
  • sender number or account;
  • date and time;
  • payment demand connected to the notice;
  • alleged court, police, NBI, barangay, or law office name;
  • attachments;
  • file metadata if available.

Verify with the supposed issuing office if necessary. Fake legal notices may support complaints before law enforcement and regulators.

XLI. If the Collector Pretends to Be a Lawyer

A collector may use titles such as “Atty.,” “legal officer,” “legal department,” or “law firm.” A real lawyer or law office should be identifiable and professional.

Red flags:

  • refusal to provide full name;
  • no office address;
  • threats of arrest for ordinary debt;
  • personal e-wallet payment demand;
  • fake case number;
  • abusive language;
  • immediate ultimatum;
  • no proper demand letter;
  • use of police-style threats.

Preserve the communication. False representation as a lawyer or misuse of legal threats may be relevant to complaints.

XLII. If the Collector Threatens Home Visit

A lawful demand visit is different from intimidation. If the collector threatens to shame the borrower at home, involve barangay, or cause public embarrassment, preserve the message.

For safety:

  • do not meet alone;
  • inform trusted family;
  • avoid confrontation;
  • document any visit through CCTV or witnesses;
  • call authorities if threats or trespass occur;
  • request written communication only.

XLIII. If the Collector Threatens Workplace Visit

Workplace visits can be abusive if intended to shame, disrupt employment, or disclose debt. Preserve threats and inform security or HR.

The borrower may write:

I do not consent to any visit to my workplace. Any communication should be in writing through official channels. Do not disclose my personal loan information to my employer or co-workers.

XLIV. If the Collector Uses Sexualized or Gender-Based Insults

Some collectors use sexual slurs or gendered abuse, especially against women borrowers. They may call borrowers immoral, prostitutes, mistresses, or other degrading names.

This may support complaints for:

  • abusive collection;
  • privacy violation;
  • cyberlibel;
  • unjust vexation;
  • gender-based online harassment depending on facts;
  • civil damages.

Preserve exact words and screenshots.

XLV. If the Borrower Is in Emotional Crisis

Online lending harassment can cause severe anxiety, depression, panic, shame, and suicidal thoughts. Safety and mental health must come before debt collection.

If the borrower feels at risk of self-harm:

  • contact a trusted person immediately;
  • do not stay alone;
  • seek emergency medical or mental health support;
  • preserve evidence later if necessary;
  • ask someone trusted to help handle complaints and communications.

Debt harassment should not be faced alone.

XLVI. Can Harassment Cancel the Debt?

Harassment does not automatically cancel a valid loan. A borrower may still owe the lawful principal and properly disclosed charges.

However, harassment may create separate claims against the lender or collector. Hidden charges, unauthorized lending, deceptive terms, excessive penalties, invalid consent, or unlawful practices may affect the amount or enforceability depending on the facts.

Borrowers should distinguish:

  • debt validity;
  • amount computation;
  • lender authority;
  • collection misconduct;
  • privacy violations;
  • criminal conduct by collectors.

A borrower may owe something and still have valid complaints against abusive collectors.

XLVII. Negotiating While Complaining

A borrower may file complaints and still negotiate payment. These are not necessarily inconsistent.

When negotiating:

  • keep everything in writing;
  • request accurate computation;
  • ask for waiver or reduction of penalties;
  • demand cessation of third-party contact;
  • pay only official channels;
  • get written settlement;
  • get receipt;
  • get closure confirmation;
  • do not agree to silence unlawful complaints under pressure;
  • do not sign broad waivers without understanding them.

A settlement should not allow continued data misuse.

XLVIII. Settlement Agreement Checklist

A settlement should state:

  1. lender’s legal name;
  2. borrower’s name;
  3. loan account number;
  4. original principal;
  5. current balance;
  6. settlement amount;
  7. payment deadline;
  8. official payment channel;
  9. confirmation that payment fully settles the account;
  10. waiver of remaining balance;
  11. stop to all collection activity;
  12. stop to third-party contact;
  13. correction of account status;
  14. deletion or limitation of personal data where legally appropriate;
  15. removal of defamatory or privacy-violating posts;
  16. receipt or certificate of full payment.

Do not rely only on a chat saying “pay now, closed na.”

XLIX. Complaints by Multiple Borrowers

If many borrowers are affected by the same app, coordinated complaints may be useful. Patterns help show that abuse is systematic.

A group complaint may show:

  • identical threats;
  • same fake legal notice template;
  • same collector numbers;
  • same payment accounts;
  • same contact-list harassment;
  • same hidden fee structure;
  • same app operator;
  • same abusive scripts;
  • multiple victims’ evidence.

Each borrower should still submit individual facts and evidence.

L. Complaint by a Non-Borrower Contact

A person who is not the borrower but receives harassment may also preserve evidence and consider a complaint.

A non-borrower may complain if:

  • their number was obtained without permission;
  • they were contacted repeatedly;
  • they were told to pay another person’s debt;
  • they were threatened;
  • they received personal loan information of the borrower;
  • their own personal data was used;
  • they were included in group shaming.

The contact’s evidence can support the borrower’s NPC or SEC complaint.

LI. Complaint by Employer or HR

An employer receiving abusive messages from collectors may also document and report the matter, especially if collectors disrupt the workplace, harass staff, or disclose private employee data.

The employer should:

  • preserve messages;
  • avoid spreading the debt information;
  • protect employee privacy;
  • block abusive numbers if appropriate;
  • give copies to the employee;
  • cooperate with lawful investigations.

LII. If the Lending App Is Unregistered or Anonymous

If the app hides its company name, that should be stated in the complaint.

Gather identifying details:

  • app name;
  • developer name;
  • package name or app ID;
  • website;
  • email address;
  • phone numbers;
  • payment accounts;
  • privacy policy names;
  • collector scripts;
  • related apps;
  • bank or e-wallet recipients;
  • social media pages;
  • screenshots of app interface.

Even if the company is unknown, regulators or law enforcement may use available details to investigate.

LIII. If the App Uses a Different Company Name

Many apps use a brand name that differs from the legal lender. The borrower should include all names found:

  • app name;
  • legal name in loan agreement;
  • company in privacy policy;
  • payment account name;
  • collector agency name;
  • email domain;
  • developer name;
  • social media page name.

A mismatch may be relevant, especially if the app misleads borrowers about the true creditor.

LIV. If the Loan Was Never Released

Some borrowers are harassed even though no loan was released, or they are asked to pay an upfront processing fee.

This may be a scam.

Evidence:

  • loan approval message;
  • demand for processing fee;
  • payment instruction;
  • proof no loan was released;
  • later threats;
  • fake loan agreement;
  • e-wallet or bank account used.

Report as possible fraud or scam, and avoid sending further payments.

LV. If the Borrower Did Not Apply for the Loan

If a person receives collection messages for a loan they never applied for, possible issues include identity theft, mistaken identity, or fraudulent account creation.

Steps:

  1. request loan documents;
  2. deny the loan in writing;
  3. preserve messages;
  4. ask for the identity verification used;
  5. report identity theft or privacy violation;
  6. check if IDs or photos were misused;
  7. file with NPC and cybercrime authorities if necessary;
  8. notify payment platforms if accounts were misused.

Do not pay a debt that may be fraudulent without verifying.

LVI. If the App Automatically Credited a Loan

Some apps may release funds after incomplete or unclear consent, then demand repayment with fees.

The borrower should preserve:

  • app screens before release;
  • loan acceptance process;
  • amount credited;
  • bank or e-wallet transaction;
  • terms shown before release;
  • messages from app;
  • repayment demand.

This may support a complaint about deceptive or unfair lending practice.

LVII. If the Borrower Used False Information

If the borrower used fake employment details, fake documents, or another person’s identity, there may be separate legal risks. However, collectors still cannot use threats, public shaming, or unlawful data disclosure.

A borrower in this situation should seek legal advice before filing, especially if the lender is alleging fraud.

LVIII. If the Borrower Has Multiple App Loans

Create a debt and complaint inventory:

  • app name;
  • company name;
  • amount received;
  • amount demanded;
  • due date;
  • payments made;
  • harassment type;
  • contacts messaged;
  • fake notices received;
  • public posts;
  • complaint status;
  • settlement status.

Prioritize safety, essential needs, and lawful resolution. Avoid borrowing from one app to pay another unless there is a realistic repayment plan.

LIX. Evidence of Damages

For stronger complaints or civil claims, document harm:

  • anxiety or panic attacks;
  • medical or counseling expenses;
  • lost work time;
  • employer investigation;
  • disciplinary action caused by collector messages;
  • family conflict;
  • social humiliation;
  • harassment by contacts;
  • public comments;
  • business or client loss;
  • reputational harm;
  • relocation or security expenses.

Receipts, medical certificates, HR messages, witness statements, and screenshots help.

LX. Civil and Criminal Remedies

Beyond regulatory complaints, the borrower may consider civil or criminal action depending on the facts.

Possible legal claims may involve:

  • damages for privacy violation;
  • damages for defamation;
  • cyberlibel complaint;
  • grave threats or light threats;
  • unjust vexation;
  • coercion;
  • identity theft;
  • extortion-related complaints;
  • fraud or scam complaints;
  • use of fake documents;
  • harassment-related claims.

A lawyer can help determine the proper remedy and avoid counterclaims.

LXI. Defamation by Collectors

Collectors may commit defamation if they falsely label the borrower as:

  • scammer;
  • thief;
  • criminal;
  • estafador;
  • fraudster;
  • wanted person;
  • immoral person.

Even if there is an unpaid debt, it does not automatically make such accusations true. Statements sent to third parties or posted online may support cyberlibel or civil damages depending on the facts.

LXII. Threats and Coercion

Threats may include:

  • “Pay now or we will post your face.”
  • “Pay or we will send this to your boss.”
  • “Pay or police will arrest you.”
  • “Pay or we will go to your house.”
  • “Pay or your family will know everything.”
  • “Pay or we will file fake cases.”
  • “Pay or we will release your private photos.”

When threats are used to force payment, criminal issues may arise. Preserve the exact words.

LXIII. Data Privacy Rights of Borrowers

Borrowers may exercise privacy rights, including the right to:

  • know what data is collected;
  • know why data is collected;
  • know who receives the data;
  • access personal data;
  • correct inaccurate data;
  • object to unlawful processing;
  • request deletion or blocking where appropriate;
  • withdraw consent where applicable;
  • complain to the NPC;
  • demand accountability for misuse.

These rights are subject to legal limits. A lender may retain some data for lawful obligations, but cannot use it for harassment or unlawful disclosure.

LXIV. What to Ask the Lender About Personal Data

A borrower may ask:

  1. What personal data do you hold about me?
  2. Did your app access my contacts?
  3. To whom did you disclose my data?
  4. What collection agency received my data?
  5. What is your legal basis for contacting my relatives, friends, or employer?
  6. How long will you retain my data?
  7. How can I request correction or deletion?
  8. Who is your data protection officer or privacy contact?
  9. How will you stop further unauthorized disclosure?

If the lender ignores the request, include that in the NPC complaint.

LXV. Model Privacy Demand

I request information on the personal data your company collected from me, including whether my contact list, photos, IDs, workplace information, and emergency contacts were accessed or shared. I also request the names of any collection agencies or third parties that received my data. I object to any use of my personal data for harassment, public shaming, or disclosure of my debt to persons who are not legally liable for the loan. Please stop all unauthorized processing and disclosure immediately.

LXVI. Model Cease-and-Desist for Third-Party Contact

You are directed to stop contacting my relatives, friends, employer, co-workers, and phone contacts regarding my alleged loan. They are not parties to the loan and are not liable for payment. Any further disclosure of my personal data or loan information to third parties will be documented and included in complaints before the appropriate authorities.

LXVII. Model Response to Fake Arrest Threat

Please send a complete statement of account, the name of the creditor, proof of your authority to collect, and official payment channels. Do not send false or misleading threats of arrest. Any legal action should proceed through proper lawful process. I am preserving your messages for reporting.

LXVIII. Model Message to Contacts

A lending app or collector may contact you about my private loan matter. You are not liable unless you signed as co-borrower, guarantor, co-maker, or surety. Please do not engage. Kindly send me screenshots showing the sender, message, date, and time so I can include them in my complaint.

LXIX. Model Complaint Checklist

Before filing, prepare:

  1. valid ID;
  2. written narrative;
  3. app screenshots;
  4. company name if known;
  5. loan agreement;
  6. privacy policy;
  7. app permissions;
  8. amount approved and released;
  9. statement of account;
  10. payment receipts;
  11. collection messages;
  12. call logs;
  13. fake legal notices;
  14. screenshots from contacts;
  15. employer messages;
  16. public posts;
  17. proof of damages;
  18. collector numbers and accounts;
  19. payment account details;
  20. timeline.

LXX. What Reliefs to Request

Depending on the agency, the borrower may request:

Before the SEC:

  • investigation of the lender;
  • verification of authority to operate;
  • sanctions for abusive collection;
  • action against unauthorized lending;
  • investigation of hidden fees;
  • directive to stop abusive practices;
  • accountability for collectors.

Before the NPC:

  • investigation of unlawful data processing;
  • order to stop contact-list harassment;
  • takedown or removal of posted personal data;
  • disclosure of data recipients;
  • correction or blocking of unlawfully processed data;
  • penalties for privacy violations.

Before cybercrime authorities:

  • investigation of threats, extortion, fake documents, cyberlibel, identity theft, or impersonation;
  • identification of persons behind numbers and accounts;
  • preservation of digital evidence;
  • filing of appropriate criminal complaints.

Before platforms:

  • removal of posts;
  • suspension of abusive accounts;
  • takedown of fake accounts;
  • removal of abusive apps;
  • action against privacy violations.

LXXI. What Not to Do

Borrowers should avoid:

  1. deleting evidence before saving it;
  2. arguing emotionally with collectors;
  3. threatening collectors back;
  4. posting collectors’ private data recklessly;
  5. fabricating screenshots;
  6. ignoring real court documents;
  7. paying to unverified personal accounts;
  8. signing settlement without written terms;
  9. borrowing from more apps impulsively;
  10. assuming harassment cancels all debt;
  11. publicly accusing specific people without evidence;
  12. waiting too long to preserve screenshots;
  13. relying only on verbal promises;
  14. uninstalling the app before saving loan terms;
  15. sending IDs or additional personal data to suspicious collectors.

LXXII. What Lenders and Collectors Should Not Do

Lenders and collectors should not:

  • threaten arrest without lawful basis;
  • disclose debt to unrelated third parties;
  • contact all phone contacts;
  • post borrower information online;
  • use fake legal documents;
  • pretend to be police, court, NBI, prosecutor, or barangay;
  • demand payment from non-liable contacts;
  • use insults or obscene language;
  • threaten violence;
  • shame borrowers at work;
  • misuse photos or IDs;
  • add undisclosed fees;
  • refuse to identify the creditor;
  • collect through suspicious personal accounts;
  • continue harassment after settlement;
  • ignore privacy rights.

A lender’s right to collect is not a right to abuse.

LXXIII. If a Real Court Case Is Filed

A borrower should not ignore genuine court documents. Real court papers must be verified and answered within proper deadlines.

Steps:

  1. check the court name and branch;
  2. verify the case number;
  3. read the summons or notice;
  4. check deadlines;
  5. gather payment records;
  6. review the amount claimed;
  7. prepare defenses;
  8. seek legal advice if needed.

Regulatory complaints do not automatically stop a civil collection case. The borrower must respond properly.

LXXIV. If Barangay Summons Is Received

A real barangay summons should be verified and attended if required. But a collector’s fake “barangay notice” is not the same as an official summons.

At barangay proceedings, the borrower may raise:

  • disputed amount;
  • harassment;
  • privacy violations;
  • lack of authority of collector;
  • settlement proposal;
  • request to stop third-party contact.

For corporate lenders, parties in different cities, or serious cybercrime issues, barangay may not be the final or proper forum.

LXXV. Special Concerns for Students

Students may be especially vulnerable to shaming. Collectors may contact parents, classmates, school pages, or organizations.

Students should:

  • preserve evidence;
  • inform trusted family or school official if necessary;
  • avoid panic borrowing from another app;
  • report privacy violations;
  • seek legal aid if threatened;
  • document messages sent to classmates or school personnel.

Schools should treat collector harassment carefully and protect student privacy.

LXXVI. Special Concerns for Employees

Employees may suffer workplace harm if collectors contact HR or supervisors.

Employees should:

  • preserve employer messages;
  • ask HR for confidentiality;
  • provide evidence that collector disclosure was unauthorized;
  • file privacy and regulatory complaints;
  • avoid workplace disruption;
  • seek help if employment is affected.

Employers should not discipline employees solely because a collector sends accusations.

LXXVII. Special Concerns for OFWs and Families

Families of overseas Filipino workers may be targeted through harassment, remittance pressure, or threats. If the borrower is abroad, family members in the Philippines may still preserve evidence and assist with complaints.

OFWs should save:

  • app documents;
  • messages;
  • payment receipts;
  • contact harassment proof;
  • family screenshots;
  • foreign number messages.

They may authorize a representative if needed.

LXXVIII. Special Concerns for Senior Citizens

Senior citizens may be vulnerable to threats, confusion, and shame. Family members should help verify the loan, preserve evidence, and report harassment.

If a senior citizen did not understand the app terms or was pressured, legal advice may be needed.

LXXIX. Special Concerns for Identity Theft Victims

If someone used the victim’s ID or phone number to obtain a loan:

  1. deny the debt in writing;
  2. request proof of application;
  3. ask for the identity documents used;
  4. preserve collector messages;
  5. file privacy and cybercrime complaints;
  6. monitor financial accounts;
  7. avoid paying unless liability is verified;
  8. report misuse of IDs.

Identity theft should be treated seriously.

LXXX. Practical Step-by-Step Reporting Plan

Step 1: Preserve evidence

Take screenshots, screen recordings, save app details, loan documents, privacy policy, permissions, messages, fake notices, and call logs.

Step 2: Ask contacts for screenshots

Collect proof of third-party disclosure and harassment.

Step 3: Identify the lender

Find app name, company name, SEC number, Certificate of Authority if claimed, payment channels, collector numbers, and related apps.

Step 4: Revoke unnecessary app permissions

After preserving evidence, restrict contact, photo, file, SMS, location, and other intrusive permissions.

Step 5: Send a written demand to stop harassment

Keep it calm and factual.

Step 6: File with the SEC

Use this for abusive lending, unauthorized lending, hidden charges, and collection misconduct.

Step 7: File with the NPC

Use this for contact-list harassment, debt disclosure, misuse of photos, IDs, workplace information, and excessive data processing.

Step 8: Report to cybercrime authorities if threats or fake documents are involved

Use this for threats, extortion, cyberlibel, identity theft, fake legal notices, and serious harassment.

Step 9: Report the app or accounts to platforms

Request takedown or suspension after preserving evidence.

Step 10: Negotiate or settle only in writing

Pay only verified channels and request proof of account closure.

LXXXI. Frequently Asked Questions

1. Can an online lending app contact my phone contacts?

A lender should not use your contact list to shame you, disclose your debt, or harass third parties. Contact-list blasting may support privacy and regulatory complaints.

2. Can collectors message my employer?

They should not use your employer to shame or pressure you unless there is a lawful and limited basis. Unauthorized disclosure to employers may be a privacy violation.

3. Can I be arrested for not paying an online loan?

Ordinary nonpayment of debt is generally civil. Arrest threats are often scare tactics unless there is a separate criminal case and proper legal process.

4. Where should I report harassment?

Report lending and collection abuse to the SEC. Report personal data misuse to the NPC. Report threats, extortion, fake notices, identity theft, or cyberlibel to cybercrime authorities.

5. Can I file both SEC and NPC complaints?

Yes. SEC and NPC complaints address different issues. One focuses on lending practices; the other focuses on privacy and data protection.

6. What evidence is most important?

Screenshots, screen recordings, loan documents, app permissions, privacy policy, messages to contacts, fake legal notices, call logs, payment records, and public posts.

7. Should I delete the app?

Save all evidence first. After preserving loan terms and app permissions, you may revoke permissions and uninstall if needed for privacy and safety.

8. Does harassment mean I no longer need to pay?

Not automatically. You may still owe a lawful amount, but harassment and privacy violations may give you separate claims and complaints.

9. What if I already paid but they still harass me?

Preserve proof of payment and continued harassment. File complaints and demand account closure confirmation.

10. Are my references liable?

No, not unless they signed or validly agreed to be co-borrowers, guarantors, co-makers, or sureties.

11. Can I sue for damages?

Possibly, if harassment caused emotional distress, reputational harm, job consequences, privacy injury, or other damage.

12. Can collectors post my photo online?

Public posting of your photo, ID, address, or loan details may violate privacy, defamation, and harassment rules.

13. What if the app is not registered?

Document everything and report to the SEC. Also report privacy violations to the NPC and threats or scams to law enforcement.

14. What if the collector uses a fake lawyer or fake police notice?

Preserve the notice and report it. Fake legal threats may support criminal and regulatory complaints.

15. What should I do first?

Preserve evidence, ask contacts for screenshots, identify the app and lender, revoke unnecessary permissions, and file targeted complaints.

LXXXII. Conclusion

Harassment and privacy violations by online lending apps are serious legal issues in the Philippines. A lender may collect a valid debt, but it cannot threaten arrest without basis, shame the borrower, disclose debt to unrelated persons, misuse contact lists, post personal data, send fake legal notices, or harass employers, relatives, and co-workers.

The strongest response is organized and evidence-based. Borrowers should preserve screenshots, screen recordings, loan agreements, privacy policies, app permissions, call logs, payment records, messages to contacts, and fake notices. Complaints should be filed with the proper agency: the SEC for abusive or unauthorized lending practices, the NPC for personal data misuse and privacy violations, and cybercrime authorities for threats, extortion, fake documents, identity theft, cyberlibel, or serious online harassment.

Borrowers may still need to address valid debts, but they retain the right to dignity, privacy, safety, and lawful treatment. Online lending collection must remain within the bounds of law. Abusive collectors and unlawful lending apps may face regulatory sanctions, privacy enforcement, criminal complaints, civil liability, platform removal, and reputational consequences.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login