Online Lending App Hidden Charges, Threats, and Privacy Violations

Introduction

Online lending apps have become common in the Philippines because they offer fast, phone-based loans with minimal paperwork. For many borrowers, they provide quick access to emergency cash. But they have also produced recurring complaints: hidden charges, excessive interest, short repayment periods, harassment, threats, debt-shaming, unauthorized access to contacts, public posting of borrower information, and messages sent to family, employers, friends, and co-workers.

The legal issue is not simply whether the borrower owes money. A lender may lawfully collect a valid debt, but it must do so through lawful, fair, transparent, and privacy-compliant means. A borrower’s default does not give a lending app the right to threaten, shame, deceive, harass, impersonate authorities, access private data without lawful basis, or disclose the borrower’s debt to third parties.

In the Philippines, online lending app problems may involve the Securities and Exchange Commission, National Privacy Commission, Bangko Sentral ng Pilipinas, Department of Trade and Industry, Philippine National Police Anti-Cybercrime Group, National Bureau of Investigation Cybercrime Division, and the courts, depending on the facts.

This article discusses the Philippine legal framework on online lending app hidden charges, threats, and privacy violations; the rights of borrowers; the obligations of lenders; evidence to collect; complaint remedies; and practical steps for borrowers and families.

This is general legal information, not legal advice for a specific case.

I. What Are Online Lending Apps?

Online lending apps are mobile or web-based platforms that offer loans through digital application, approval, disbursement, and collection processes. They may be operated by:

  1. lending companies;
  2. financing companies;
  3. banks;
  4. electronic money or fintech companies;
  5. informal lenders;
  6. unregistered or illegal operators;
  7. foreign-based apps targeting Filipino borrowers;
  8. scammers pretending to be licensed lenders.

Some online lending apps are legitimate and regulated. Others are abusive, unregistered, deceptive, or outright fraudulent.

A legitimate online lender should have:

  • registered corporate identity;
  • proper authority or license, where required;
  • clear loan terms;
  • transparent interest and fees;
  • privacy notice;
  • lawful collection policy;
  • official customer service channel;
  • compliant data processing practices;
  • proper receipts and records.

A suspicious lending app often has:

  • unclear company name;
  • no verifiable registration;
  • hidden fees;
  • extremely short loan term;
  • automatic deduction of large “processing fees”;
  • access to contacts and gallery;
  • threats before or after due date;
  • public shaming;
  • fake legal notices;
  • collection through anonymous agents;
  • refusal to provide loan documents;
  • repeated calls to third parties.

II. Main Legal Issues

Online lending app complaints usually involve three major categories:

A. Hidden charges

These include interest, service fees, processing fees, platform fees, disbursement fees, membership fees, penalties, rollover fees, collection fees, and deductions that were not clearly disclosed before the borrower accepted the loan.

B. Threats and abusive collection

These include harassment, insults, profane language, repeated calls, false threats of arrest, threats to contact employers, death threats, fabricated court notices, fake barangay or police notices, and debt-shaming.

C. Privacy violations

These include excessive app permissions, contact-list harvesting, access to photos, disclosure of debt to third parties, posting of borrower details online, sending messages to contacts, use of borrower’s image, and processing of personal data beyond what is necessary for the loan.

The National Privacy Commission has specifically condemned online lending platforms that harvest excessive information without legitimate purpose, including unreasonable and unnecessary permissions such as saving and storing contact lists and photo galleries supposedly for creditworthiness evaluation. (National Privacy Commission)

III. Governing Philippine Laws and Regulations

A. Lending Company Regulation Act

The Lending Company Regulation Act of 2007, or Republic Act No. 9474, regulates lending companies in the Philippines. Lending companies generally must be registered and authorized to operate. They cannot simply lend money to the public as a business without complying with legal requirements.

The Securities and Exchange Commission supervises lending companies and financing companies. For many online lending app complaints, especially abusive collection and hidden lending terms, the SEC is a key regulator.

B. Financing Company Act

Some apps may operate as financing companies rather than ordinary lending companies. Financing companies are also regulated and must comply with relevant SEC rules.

C. Truth in Lending Act

The Truth in Lending Act, Republic Act No. 3765, requires transparency in credit transactions. Borrowers must be informed of finance charges, interest, and the true cost of credit.

For online lending apps, this means borrowers should be told, before accepting the loan:

  • principal amount;
  • amount to be released;
  • interest rate;
  • finance charges;
  • processing fees;
  • service fees;
  • penalties;
  • repayment date;
  • total amount payable;
  • effective cost of the loan.

A lender should not advertise “low interest” while hiding large deductions or fees.

D. Financial Products and Services Consumer Protection Act

The Financial Products and Services Consumer Protection Act, Republic Act No. 11765, strengthens consumer protection in financial products and services. It addresses unfair, deceptive, abusive, and unconscionable practices. It is relevant to complaints involving misleading fees, unfair collection, abusive treatment, and lack of transparency.

The BSP provides consumer assistance channels for complaints against BSP-supervised financial institutions, including email and its consumer assistance mechanisms. (Bangko Sentral ng Pilipinas)

E. Data Privacy Act

The Data Privacy Act of 2012, Republic Act No. 10173, is central to online lending app privacy complaints. The National Privacy Commission regulates personal data processing and protects data subjects’ rights. The NPC describes its role as protecting individual privacy, regulating the collection, storage, use, disclosure, and other processing of personal data, and ensuring Philippine compliance with data protection standards. (National Privacy Commission)

The Data Privacy Act may apply when lending apps:

  • access contacts without valid consent or legitimate basis;
  • collect photos, messages, or files unnecessarily;
  • disclose debts to third parties;
  • send shame messages to contacts;
  • post personal information online;
  • use the borrower’s ID or photo for harassment;
  • fail to provide a privacy notice;
  • process data beyond the purpose of lending;
  • continue processing data after the loan dispute is settled;
  • fail to protect borrower data from agents or collectors.

F. Cybercrime Prevention Act

The Cybercrime Prevention Act may apply if threats, identity theft, cyber libel, unauthorized access, harassment, or fraud are committed through digital means.

Possible cybercrime-related issues include:

  • fake legal threats sent online;
  • use of borrower photos to defame or shame;
  • account takeover;
  • identity theft;
  • cyber libel;
  • online threats;
  • fraudulent loan apps;
  • phishing or credential theft.

G. Revised Penal Code

Traditional criminal law may still apply even if the acts are committed online. Depending on the facts, possible offenses include:

  • grave threats;
  • light threats;
  • unjust vexation;
  • coercion;
  • slander or libel;
  • grave coercion;
  • falsification;
  • estafa;
  • usurpation of authority, if pretending to be police, court, prosecutor, sheriff, or barangay official.

H. Consumer Act and Civil Code

Borrowers may also rely on consumer protection principles and civil law remedies where there is fraud, bad faith, abuse of rights, unjust enrichment, damages, or unconscionable contractual terms.

IV. Hidden Charges in Online Lending Apps

A. What counts as hidden charges?

Hidden charges are amounts imposed on the borrower without clear, prior, and understandable disclosure.

Examples:

  • processing fee deducted before release;
  • service fee not shown before approval;
  • platform fee;
  • insurance fee;
  • membership fee;
  • disbursement fee;
  • collection fee;
  • penalty fee;
  • rollover fee;
  • extension fee;
  • convenience fee;
  • “VIP” or “verification” fee;
  • default fee larger than disclosed;
  • fee imposed after acceptance but not in the loan agreement.

B. Common deceptive structure

A borrower applies for ₱5,000 but receives only ₱3,000 because the app deducts ₱2,000 in “processing,” “service,” or “platform” fees. A few days later, the app demands repayment of ₱5,000 or more.

This may be legally problematic if the effective finance charge was not clearly disclosed before acceptance.

C. Disclosure must be meaningful

Disclosure should not be buried in fine print, unclear app screens, confusing pop-ups, or post-approval notices. A borrower should know the true cost before clicking accept.

Important details include:

  • amount borrowed;
  • net proceeds;
  • interest;
  • all fees;
  • payment deadline;
  • total repayment amount;
  • penalties;
  • consequences of default;
  • collection policy;
  • data privacy policy.

D. Effective interest and finance charge

Some apps claim low interest but impose large fees. The legal analysis should consider the total cost of borrowing, not merely the stated interest rate.

For example:

  • stated loan: ₱5,000;
  • net release: ₱3,500;
  • repayment in 7 days: ₱5,000;
  • hidden charges: ₱1,500.

Even if the app calls the ₱1,500 a “service fee,” it still forms part of the cost of credit.

E. Penalties and rollover fees

Apps may encourage borrowers to “extend” or “roll over” the loan by paying a fee. The borrower pays repeatedly but the principal barely decreases. This can become abusive when fees are excessive, undisclosed, or structured to trap borrowers in repeated payments.

F. Are hidden charges automatically illegal?

Not every fee is illegal. A lender may charge interest and reasonable fees if properly disclosed and lawful. The problem arises when fees are:

  • hidden;
  • misleading;
  • excessive;
  • unconscionable;
  • not agreed to;
  • contrary to law or regulation;
  • imposed after the fact;
  • designed to evade interest or disclosure rules.

V. Threats and Abusive Collection

A. A debt may be collected, but not by abuse

If a borrower owes money, the lender may send reminders, demand payment, negotiate settlement, offer restructuring, or file a proper legal action. But the lender or collector cannot use harassment, threats, public shaming, deception, or privacy violations.

A lender’s right to collect does not cancel the borrower’s rights.

B. Common abusive collection practices

Examples include:

  • repeated calls every few minutes;
  • calling late at night or very early morning;
  • insults, curses, or degrading language;
  • threats to post the borrower’s photo;
  • threats to contact all phone contacts;
  • threats to tell employer or school;
  • threats to barangay-blotter the borrower;
  • threats of arrest;
  • fake subpoena, warrant, or court order;
  • fake police or NBI notice;
  • calling the borrower a scammer or thief;
  • telling contacts that the borrower committed fraud;
  • creating group chats to shame the borrower;
  • posting borrower’s ID or selfie online;
  • contacting relatives who are not co-makers;
  • contacting employer without legal basis;
  • threatening harm or death;
  • threatening to seize property without court process.

C. False threat of arrest

A borrower is generally not arrested merely for failure to pay a civil debt. Non-payment of a loan is usually a civil matter unless there is fraud, falsification, bouncing check issues, or another criminal act.

Collectors often say:

  • “May warrant ka na.”
  • “Pupuntahan ka ng police.”
  • “Ipapa-blotter ka namin.”
  • “May kaso ka na sa court.”
  • “Makukulong ka bukas.”
  • “May sheriff na pupunta.”

These statements may be deceptive or threatening if false.

D. Fake legal documents

Some collectors send fake documents titled:

  • subpoena;
  • warrant of arrest;
  • court order;
  • small claims notice;
  • barangay summons;
  • NBI complaint;
  • police blotter;
  • prosecutor notice;
  • final demand before arrest.

A real court or government notice has official case details, issuing office, and proper service. A collector cannot create a fake “warrant” to scare a borrower.

E. Debt-shaming

Debt-shaming is the act of humiliating a borrower publicly or through third parties. Examples:

  • telling contacts the borrower is a scammer;
  • posting the borrower’s photo and ID;
  • messaging employer or co-workers;
  • creating group chats with family and friends;
  • tagging the borrower online;
  • sending edited photos;
  • threatening to expose the debt.

Debt-shaming may violate data privacy law, debt collection rules, civil law, and possibly criminal law.

The NPC previously issued a ban on data processing against several online lending apps for privacy violations including debt-shaming, which led to takedowns from app stores; it also issued a circular ordering online lending applications to stop accessing borrowers’ contact lists. (National Privacy Commission)

VI. Privacy Violations by Online Lending Apps

A. Personal data commonly collected

Online lending apps may collect:

  • full name;
  • address;
  • phone number;
  • email;
  • employment details;
  • income;
  • bank or e-wallet details;
  • government ID;
  • selfie;
  • contacts;
  • photos;
  • location;
  • phone metadata;
  • device information;
  • social media profile;
  • references.

Some data may be reasonably necessary for lending. But excessive, intrusive, or unrelated data collection may violate privacy principles.

B. Data privacy principles

The Data Privacy Act is guided by principles such as:

  • transparency;
  • legitimate purpose;
  • proportionality;
  • security;
  • accountability.

For online lending, this means:

  1. the borrower should know what data is collected;
  2. the lender should collect data for a legitimate lending purpose;
  3. the data collected should be limited to what is necessary;
  4. the lender should secure the data;
  5. the lender should not use data for harassment or public shaming.

C. Excessive app permissions

A lending app may ask for permissions such as:

  • contacts;
  • camera;
  • photos;
  • location;
  • microphone;
  • SMS;
  • storage.

Not all permissions are justified. Access to camera may be needed for selfie verification. Access to contacts, gallery, SMS, or microphone is much harder to justify and can be excessive.

The NPC and finance industry groups have publicly condemned online lending platforms that harvest excessive information without legitimate purpose, including unreasonable app permissions involving contact lists and photo galleries. (National Privacy Commission)

D. Contact-list harvesting

This is one of the most common abuses. The app accesses the borrower’s contact list and later sends messages to friends, family, employers, or random contacts.

This may violate privacy law because:

  • contacts did not consent;
  • borrower’s debt is disclosed to third parties;
  • contact information is processed for harassment;
  • disclosure is unnecessary for collection;
  • the app may have collected more data than necessary;
  • the borrower’s consent may not be valid if forced, bundled, or unclear.

E. Disclosure of debt to third parties

A lender may contact a co-maker, guarantor, or authorized reference within lawful limits. But contacting unrelated third parties to shame or pressure the borrower is highly questionable.

Examples of problematic disclosures:

  • “Si Juan ay may utang at ayaw magbayad.”
  • “Scammer ang kaibigan mo.”
  • “Pakisabihan siya magbayad kundi kakasuhan namin.”
  • sending the loan amount to contacts;
  • sending ID or selfie to contacts;
  • sending edited defamatory images;
  • informing employer without authority.

Debt information is personal data. It should not be disclosed casually.

F. Use of borrower’s photo or ID

Using a borrower’s selfie, ID, or profile photo in shame posts or threat messages may violate privacy rights and may also expose the collector to civil or criminal liability.

G. Data retention after payment

After a loan is paid, the lender should not keep using borrower data for unrelated purposes. Retention should be limited to lawful business, accounting, regulatory, and dispute-resolution purposes. Data should not be retained indefinitely for harassment, resale, or profiling.

VII. Borrower Rights

A borrower has the right to:

  1. know the true cost of the loan;
  2. receive clear loan terms before acceptance;
  3. be free from hidden charges;
  4. be treated fairly and respectfully;
  5. be free from threats and harassment;
  6. have personal data processed lawfully;
  7. object to unauthorized processing;
  8. complain to regulators;
  9. demand correction or explanation of charges;
  10. request deletion or blocking of unlawfully processed data, where applicable;
  11. refuse to pay illegal or unsupported charges while addressing valid obligations;
  12. challenge abusive collection practices;
  13. file civil, administrative, or criminal complaints in proper cases.

These rights do not automatically erase a valid debt. But they limit what the lender may do in collecting it.

VIII. Lender Rights and Lawful Collection

A lender may still:

  • send payment reminders;
  • call during reasonable hours;
  • send demand letters;
  • negotiate restructuring;
  • offer discounts;
  • report to lawful credit systems where permitted;
  • file a civil action;
  • file small claims if legally appropriate;
  • enforce valid contract terms;
  • collect from co-makers or guarantors according to law.

The key is that collection must be lawful, truthful, proportionate, and privacy-compliant.

IX. Which Agency Handles the Complaint?

A. Securities and Exchange Commission

The SEC is usually the main agency for complaints against lending companies and financing companies, especially for:

  • abusive debt collection;
  • hidden charges;
  • unregistered lending operations;
  • violations of lending company regulations;
  • misleading loan terms;
  • unauthorized online lending business;
  • unfair collection by third-party collectors.

The SEC maintains an online ticket/complaint portal where users may submit concerns and complaints. (imessage.sec.gov.ph)

B. National Privacy Commission

File with the NPC when the issue involves:

  • contact-list harvesting;
  • disclosure of debt to contacts;
  • posting borrower’s personal information;
  • access to photos or gallery;
  • use of ID or selfie for shaming;
  • unauthorized data sharing with collectors;
  • lack of privacy notice;
  • refusal to delete or stop unlawful processing;
  • harassment involving personal data.

The NPC is the primary authority for Data Privacy Act complaints.

C. Bangko Sentral ng Pilipinas

File with BSP if the lender is a BSP-supervised financial institution, such as a bank, quasi-bank, e-money issuer, or other BSP-supervised entity. The BSP Consumer Assistance Management System allows financial consumers to escalate concerns against BSP-supervised institutions. (Bangko Sentral ng Pilipinas)

D. PNP Anti-Cybercrime Group or NBI Cybercrime Division

Report to cybercrime authorities if there are:

  • threats of violence;
  • cyber libel;
  • identity theft;
  • fake legal documents;
  • hacking;
  • phishing;
  • extortion;
  • online fraud;
  • repeated digital harassment;
  • public posting of personal data;
  • fabricated criminal accusations.

E. Department of Trade and Industry

DTI may be relevant for consumer protection issues, especially if the transaction involves deceptive marketing, unfair practices, or non-financial consumer concerns. But for licensed lending companies, SEC or BSP may be more directly relevant.

F. Courts

Courts may be involved for:

  • small claims by lender;
  • borrower’s civil claim for damages;
  • injunction;
  • criminal cases;
  • data privacy damages;
  • declaration of unenforceable or unconscionable terms;
  • harassment-related remedies.

X. Evidence to Collect

A complaint is strongest when supported by organized evidence.

A. Loan documents

Save:

  • loan agreement;
  • screenshots of app terms;
  • disbursement amount;
  • repayment amount;
  • interest and fee screen;
  • due date;
  • penalty terms;
  • privacy policy;
  • consent screen;
  • app permissions requested;
  • loan reference number;
  • payment history.

B. Hidden charge evidence

Collect:

  • screenshot showing approved principal;
  • screenshot showing actual amount received;
  • bank or e-wallet receipt;
  • repayment demand;
  • list of fees deducted;
  • computation of total repayment;
  • app disclosure before acceptance;
  • screenshots showing fees were not disclosed.

C. Harassment evidence

Preserve:

  • text messages;
  • call logs;
  • voicemail;
  • Messenger/Viber/WhatsApp/Telegram messages;
  • screenshots from family or contacts;
  • group chat screenshots;
  • threats;
  • fake legal documents;
  • phone numbers used by collectors;
  • names or aliases of collectors;
  • date and time of each incident.

D. Privacy violation evidence

Collect:

  • app permission screenshots;
  • messages sent to contacts;
  • posts containing personal data;
  • screenshots of borrower’s ID or photo being shared;
  • privacy policy;
  • proof that contacts were not co-makers or guarantors;
  • affidavits or statements from contacted persons;
  • evidence of contact-list access.

E. Payment evidence

Keep:

  • GCash or Maya receipts;
  • bank transfer receipts;
  • app payment confirmations;
  • collection agent instructions;
  • official receipts, if any;
  • settlement offers;
  • proof of overpayment.

XI. How to File a Complaint with the SEC

Step 1: Identify the lender

Find:

  • app name;
  • corporate name;
  • SEC registration number, if shown;
  • certificate of authority number, if shown;
  • app developer name;
  • website;
  • email;
  • phone number;
  • collection agency name;
  • payment account names.

If the app does not disclose a company name, that itself is relevant.

Step 2: Prepare the complaint narrative

State:

  • when you borrowed;
  • amount approved;
  • amount actually received;
  • amount demanded;
  • fees and charges;
  • collection acts;
  • threats;
  • privacy violations;
  • payments made;
  • relief requested.

Step 3: Attach evidence

Attach screenshots, receipts, messages, call logs, and app screens.

Step 4: Submit through SEC complaint channels

The SEC’s online message/ticket portal allows submission of complaints and concerns. (imessage.sec.gov.ph)

Step 5: Monitor and respond

Keep the ticket number and submit additional evidence if requested.

XII. How to File a Complaint with the NPC

Step 1: Identify the privacy violation

Examples:

  • app accessed contacts;
  • collector messaged contacts;
  • debt was disclosed;
  • ID was posted;
  • photo was used for shaming;
  • data was processed without proper notice;
  • privacy request was ignored.

Step 2: Preserve evidence

The NPC complaint should include proof of the data processing and harm.

Step 3: Send a privacy request, where appropriate

In some cases, first request the lender to:

  • stop contacting third parties;
  • delete unlawfully collected contact data;
  • explain data processing;
  • identify recipients of data;
  • stop using borrower’s image or ID;
  • correct inaccurate data.

For urgent harassment, filing directly may be appropriate.

Step 4: File with NPC

The NPC handles complaints involving violations of data subject rights and unlawful personal data processing. Its website states that it protects privacy and regulates data processing. (National Privacy Commission)

XIII. Sample SEC Complaint Narrative

I am filing a complaint against [name of lending app/company] for hidden charges and unfair debt collection practices. I applied for a loan of ₱[amount] on [date]. The app approved ₱[amount], but only ₱[amount] was released to my [bank/e-wallet] because the app deducted undisclosed fees. The app now demands ₱[amount] by [date], which was not clearly disclosed before I accepted the loan.

After the due date, collectors repeatedly called and sent threatening messages. They also contacted my relatives/friends/employer, even though these persons are not co-makers or guarantors. The collectors threatened to post my photo and report me to police/court, using fake legal language.

I request investigation, correction of charges, action against unfair collection, and order directing the company and its collectors to stop harassment and unlawful disclosure of my personal information.

XIV. Sample NPC Complaint Narrative

I am filing a data privacy complaint against [lending app/company]. The app accessed or used my contact list and disclosed my alleged loan obligation to my relatives, friends, and/or co-workers without my consent and without lawful basis. Collectors sent messages stating that I owed money and threatened to shame me publicly. They also used my name, phone number, ID/photo, and loan information to pressure third parties to contact me.

These persons are not co-makers or guarantors. I believe the app collected excessive personal data and used it for debt-shaming and harassment. I request investigation, order to stop unlawful processing, deletion or blocking of unlawfully processed data, and appropriate penalties or remedies.

XV. Sample Message to the Lending App

A borrower may send:

I dispute the hidden charges and collection practices on my account. Please provide a complete statement of account showing principal, interest, finance charges, processing fees, penalties, payments, and legal basis for each amount.

I also demand that you and your collectors stop contacting my relatives, friends, employer, and other third parties who are not co-makers or guarantors. You are not authorized to disclose my personal data or alleged debt to them. Further threats, debt-shaming, or unauthorized disclosure will be reported to the SEC, NPC, and cybercrime authorities.

XVI. Is the Debt Still Valid If the App Violated Privacy Rights?

Possibly, yes.

A privacy violation or abusive collection practice does not automatically erase a valid loan. But it may give the borrower separate remedies, such as:

  • complaint against the lender;
  • damages;
  • penalties against the company;
  • correction of unlawful fees;
  • order to stop data processing;
  • criminal complaint for threats or cybercrime;
  • defense against excessive or unsupported charges.

The borrower should distinguish:

  1. valid principal and lawful charges, which may still be payable; and
  2. illegal hidden charges, penalties, harassment, and privacy violations, which may be challenged.

XVII. Can Borrowers Be Arrested for Non-Payment?

Generally, failure to pay a loan is a civil matter. A borrower is not arrested merely because of unpaid debt.

However, criminal liability may arise if there are separate criminal acts, such as:

  • fraud from the beginning;
  • falsified documents;
  • identity theft;
  • bouncing checks;
  • use of another person’s ID;
  • deliberate misrepresentation amounting to estafa.

Collectors who threaten automatic arrest for ordinary non-payment may be using deceptive pressure.

XVIII. Can the App Contact the Borrower’s Employer?

Usually, contacting an employer to disclose debt or shame the borrower is legally risky unless the employer is a co-maker, guarantor, authorized reference, payroll deduction partner, or there is a lawful and proportionate basis.

Even when an employer is listed as employment information, that does not automatically authorize disclosure of the borrower’s debt to HR, managers, co-workers, or company group chats.

XIX. Can the App Contact References?

A reference is not automatically a co-maker or guarantor.

A lender may verify information within lawful limits, but it should not:

  • disclose unnecessary debt details;
  • harass the reference;
  • demand payment from the reference;
  • shame the borrower through the reference;
  • repeatedly call after being told to stop;
  • threaten the reference.

If the reference did not agree to be a guarantor, the reference generally does not owe the debt.

XX. Can the App Access Contacts Because the Borrower Clicked “Allow”?

Not always.

Consent under data privacy law must be valid. If consent is bundled, forced, vague, excessive, or used for purposes beyond what was disclosed, it may be challenged.

Even if the borrower allowed access, the lender still must comply with proportionality and legitimate purpose. Accessing all contacts to shame a borrower is not the same as verifying identity or creditworthiness.

XXI. Can the App Post the Borrower Online?

Posting the borrower’s name, face, ID, debt, phone number, address, or accusations online may expose the app and collectors to liability for privacy violations, defamation, unjust vexation, cyber libel, harassment, and civil damages.

A borrower’s default does not authorize public shaming.

XXII. What If the App Is Unregistered?

If the app is unregistered, the borrower should still preserve evidence and report it.

Possible consequences for the operator include:

  • regulatory enforcement;
  • takedown requests;
  • penalties;
  • criminal investigation if fraud or cybercrime is involved.

Borrowers should be careful not to give more data or money to an unregistered app without verifying the account and legal basis.

XXIII. What If the Loan Was Already Paid?

If the loan was paid but harassment continues:

  1. send proof of payment;
  2. demand updated statement of account;
  3. demand cessation of collection;
  4. file complaint with SEC and NPC;
  5. report threats to cybercrime authorities;
  6. ask for deletion or blocking of unnecessary data, where applicable.

Continuing to collect a paid debt may be abusive and potentially fraudulent.

XXIV. What If the App Demands Payment for a Loan Not Taken?

This may involve identity theft or fraudulent loan application.

Steps:

  1. deny the loan in writing;
  2. demand copies of application, ID, selfie, loan agreement, disbursement record, and recipient account;
  3. report to SEC/NPC;
  4. report identity theft to PNP/NBI if needed;
  5. notify the e-wallet or bank used for disbursement;
  6. secure IDs and accounts.

Do not pay a loan you did not take merely to stop harassment without documenting protest.

XXV. What If the App Uses a Third-Party Collection Agency?

The lender may outsource collection, but it remains responsible for lawful collection. Third-party collectors must also comply with privacy and collection rules.

A borrower should identify:

  • collector name;
  • agency name;
  • phone number;
  • relationship to lender;
  • authority to collect;
  • official receipt process.

Never pay a random collector without proof of authority and payment channel.

XXVI. Settlement and Restructuring

A borrower may negotiate settlement, especially if the principal is valid but charges are excessive.

Before paying settlement:

  • ask for written settlement offer;
  • confirm total amount;
  • confirm that payment fully settles the account;
  • use official payment channel;
  • get receipt;
  • demand account closure certificate;
  • require cessation of collection;
  • keep screenshots.

Avoid verbal settlement promises from collectors.

XXVII. Defenses in Collection Cases

If the lender files a case, the borrower may raise defenses such as:

  • loan already paid;
  • hidden charges;
  • unconscionable interest or fees;
  • lack of proper disclosure;
  • incorrect computation;
  • identity theft;
  • no valid loan agreement;
  • unauthorized account;
  • lender not licensed;
  • violation of consumer protection rules;
  • harassment and privacy violations as counterclaims or separate complaints.

The borrower should keep all records.

XXVIII. Remedies Available to Borrowers

Possible remedies include:

A. Administrative remedies

  • SEC complaint;
  • NPC complaint;
  • BSP complaint if lender is BSP-supervised;
  • app store report;
  • complaint to payment provider;
  • complaint to employer if collector used workplace harassment.

B. Civil remedies

  • refund of overpayment;
  • damages for harassment;
  • damages for privacy violation;
  • injunction or restraining relief in appropriate cases;
  • challenge to excessive or unconscionable charges.

C. Criminal remedies

Where facts support it:

  • grave threats;
  • unjust vexation;
  • cyber libel;
  • identity theft;
  • estafa;
  • falsification;
  • coercion;
  • unauthorized access;
  • usurpation of authority.

D. Data privacy remedies

  • order to stop unlawful processing;
  • deletion or blocking of data;
  • damages;
  • administrative penalties;
  • corrective orders.

XXIX. Practical Safety Steps for Borrowers

A. Do not ignore the debt, but do not tolerate abuse

Separate the valid debt issue from illegal collection behavior. Communicate in writing and preserve evidence.

B. Secure phone privacy

  • review app permissions;
  • uninstall suspicious apps after preserving evidence;
  • change passwords;
  • enable two-factor authentication;
  • monitor e-wallets and bank accounts;
  • warn close contacts if harassment has begun.

C. Avoid giving more IDs

Do not send additional selfies, IDs, or OTPs to collectors.

D. Do not pay personal accounts without verification

Pay only official channels and keep receipts.

E. Inform contacts

If contacts are being harassed, send a short explanation:

I am dealing with an online lending app complaint. You are not responsible for my loan. Please do not engage with collectors. Kindly screenshot any messages and send them to me for evidence.

F. File complaints promptly

Harassment can escalate. Early complaints help preserve evidence.

XXX. Practical Checklist for Filing Complaints

Prepare a folder containing:

  1. borrower name and contact details;
  2. lending app name;
  3. company name, if known;
  4. SEC registration or certificate number, if shown;
  5. loan amount approved;
  6. amount received;
  7. amount demanded;
  8. due date;
  9. payment history;
  10. hidden charges;
  11. screenshots of terms;
  12. harassment messages;
  13. call logs;
  14. messages to contacts;
  15. app permission screenshots;
  16. privacy policy screenshots;
  17. IDs or documents misused;
  18. list of affected contacts;
  19. proof of complaint already sent to lender;
  20. relief requested.

XXXI. Frequently Asked Questions

1. Can an online lending app charge processing fees?

Yes, if lawful, reasonable, and clearly disclosed before the borrower accepts the loan. Hidden or misleading fees may be challenged.

2. Can the app deduct fees before releasing the loan?

It may deduct disclosed fees if the borrower clearly agreed, but the deduction must be transparent. The borrower should know the principal, deductions, net proceeds, and total repayment amount before accepting.

3. Can collectors threaten arrest?

For ordinary non-payment of debt, threats of automatic arrest are usually misleading. Debt collection should proceed through lawful civil remedies unless there is a separate criminal offense.

4. Can the app message my contacts?

Messaging contacts to disclose the debt, shame the borrower, or pressure payment is legally risky and may violate data privacy law.

5. Can the app access my contact list because I installed it?

Not necessarily. App permission does not authorize unlimited or abusive use. Collection and use of personal data must still be lawful, necessary, transparent, and proportionate.

6. Can I file with the SEC and NPC at the same time?

Yes, if the facts involve both unfair lending or collection practices and data privacy violations.

7. Should I still pay the loan?

If the loan is valid, the principal and lawful charges may still be due. But hidden charges, excessive penalties, and abusive collection may be disputed.

8. What if I already paid but they still harass me?

Send proof of payment, demand account closure, and file complaints with SEC and NPC if harassment continues.

9. What if they sent messages to my employer?

Preserve screenshots and file complaints. Employer contact for debt-shaming may violate privacy and fair collection rules.

10. What if the app is not in Google Play anymore?

It may have been removed or changed name. Preserve APK/app screenshots, website links, messages, payment accounts, and company details.

XXXII. Common Mistakes to Avoid

  1. Deleting messages before taking screenshots.
  2. Paying random personal accounts.
  3. Sending OTPs or passwords to collectors.
  4. Ignoring hidden fee computations.
  5. Admitting false amounts under pressure.
  6. Letting collectors speak to employers or relatives without documenting.
  7. Signing settlement without written full-payment terms.
  8. Posting emotional accusations online without evidence.
  9. Filing vague complaints without attachments.
  10. Assuming harassment erases the entire debt.
  11. Borrowing from another abusive app to pay the first.
  12. Allowing app permissions without review.
  13. Sending more IDs after harassment begins.

XXXIII. Borrower’s Demand Letter Template

Subject: Demand to Stop Harassment, Disclose Loan Computation, and Cease Unauthorized Data Processing

I am writing regarding my account with [lending app/company]. I request a complete written statement of account showing the principal, net proceeds, interest, finance charges, processing fees, penalties, payments, and total amount allegedly due.

I dispute all hidden, undisclosed, excessive, or unsupported charges. I also demand that your company, agents, and third-party collectors immediately stop contacting my relatives, friends, employer, co-workers, and other third parties who are not co-makers or guarantors. You are not authorized to disclose my personal information, loan status, ID, photo, or alleged debt to them.

Any further threats, debt-shaming, false legal claims, or unauthorized processing of my personal data will be reported to the Securities and Exchange Commission, National Privacy Commission, and cybercrime authorities.

Please confirm in writing that collection will proceed only through lawful channels.

XXXIV. Conclusion

Online lending apps in the Philippines may lawfully lend and collect money, but they must comply with lending laws, truth-in-lending rules, financial consumer protection standards, data privacy law, and ordinary civil and criminal law. Hidden charges, abusive threats, fake legal notices, contact-list harassment, debt-shaming, and unauthorized disclosure of personal information are legally dangerous practices.

The borrower’s obligation to pay a valid loan does not give the lender permission to violate privacy, threaten arrest, shame the borrower, contact unrelated third parties, or impose undisclosed fees. Borrowers should preserve evidence, demand a full computation, pay only through verified official channels, and file complaints with the proper agency: SEC for lending and collection abuses, NPC for privacy violations, BSP for BSP-supervised financial institutions, and PNP or NBI for cybercrime, threats, fraud, and identity misuse.

The best complaint is specific and evidence-based: identify the app, the company, the loan amount, the hidden charges, the threats, the data misuse, the affected contacts, and the exact relief requested. A borrower may still need to address a valid debt, but no borrower should be forced to endure unlawful collection, public humiliation, or privacy abuse.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login