I. Introduction

Online lending apps have become a common source of quick credit in the Philippines. They are marketed as fast, convenient, and accessible, especially for people who need emergency funds but have limited access to banks, credit cards, or formal loans. Many borrowers use online lending apps for medical expenses, rent, food, tuition, utilities, business capital, transportation, or urgent family needs.

However, online lending has also produced widespread complaints of harassment, public shaming, abusive debt collection, excessive interest, hidden fees, threats, fake legal notices, and misuse of personal data. Borrowers often report that online lending apps or their collectors access phone contacts, message relatives and employers, post defamatory statements, threaten arrest, use insulting language, and disclose private loan information to third parties.

In the Philippines, lending and debt collection are legal. But harassment is not legal. A borrower’s failure to pay a loan does not give a lender, collector, or lending app the right to threaten, shame, defame, intimidate, or misuse personal data. The borrower may still owe a valid debt, but the lender must collect it through lawful means.

This article discusses online lending harassment and data privacy violations in the Philippine context, including the rights of borrowers, obligations of lenders, prohibited collection practices, data privacy issues, remedies before government agencies, criminal and civil liability, evidence gathering, and practical steps for victims.

---

II. Online Lending Apps in the Philippine Setting

Online lending apps usually operate through mobile applications, websites, social media pages, or messaging channels. Borrowers submit personal information, identification documents, selfies, employment details, bank or e-wallet information, and sometimes grant app permissions to access phone contacts, photos, storage, SMS, camera, location, or device information.

The promise is convenience. The risk is overcollection and misuse of personal data.

Some apps are operated by registered lending companies or financing companies. Others may operate without proper registration, under multiple app names, through foreign-controlled platforms, or through informal collection networks. Some apps also use third-party collectors whose methods may be aggressive, anonymous, or abusive.

A borrower should distinguish between:

1. A legitimate lender collecting a valid debt through lawful means;
2. A registered lender using abusive collection tactics;
3. A lending app operating under unclear or multiple company names;
4. A scam app using loan collection as a pretext for extortion;
5. A collector with no proof of authority;
6. A fake legal collector pretending to be a lawyer, court officer, police officer, barangay official, or prosecutor.

Even a legitimate lender may violate the law if it engages in harassment or data privacy abuse.

---

III. The Basic Rule: Debt Collection Is Allowed, Abuse Is Not

A lender may lawfully ask a borrower to pay. It may send reminders, demand letters, statements of account, settlement offers, restructuring proposals, or lawful collection notices. It may also file a civil collection case if the debt remains unpaid.

But a lender may not collect by unlawful means.

A collector should not:

1. Threaten physical harm;
2. Threaten imprisonment for ordinary debt;
3. Send abusive or obscene messages;
4. Contact unrelated third parties to shame the borrower;
5. Publicly post the borrower’s name, photo, address, employer, or debt;
6. Call the borrower a scammer, thief, criminal, or estafador without lawful basis;
7. Use fake legal documents;
8. Pretend to be from a court, police station, prosecutor’s office, barangay, or law office;
9. Harass the borrower’s employer, relatives, friends, or co-workers;
10. Access or misuse phone contacts;
11. Use personal data beyond lawful purposes;
12. Force payment through intimidation, public humiliation, or coercion.

The law does not allow “collection by terror.”

---

IV. Common Forms of Online Lending Harassment

Online lending harassment in the Philippines commonly appears in several forms.

A. Excessive Calls and Messages

Collectors may repeatedly call or message the borrower within minutes or hours, sometimes using different numbers. Some call early in the morning, late at night, during work hours, or continuously until the borrower responds.

Persistent communication may become harassment when it is excessive, abusive, threatening, or intended to disturb rather than merely remind.

B. Threatening Messages

Collectors may say:

1. “Ipapakulong ka namin.”
2. “May warrant ka na.”
3. “Pupunta ang pulis sa bahay mo.”
4. “Ipapahiya ka namin sa opisina.”
5. “Ipo-post namin mukha mo.”
6. “Tatawagan namin lahat ng contacts mo.”
7. “Hindi ka titigilan hanggang magbayad ka.”
8. “May pupunta sa bahay mo.”
9. “Estafador ka.”
10. “Scammer ka.”

Threats may give rise to criminal, civil, regulatory, or privacy complaints depending on the facts.

C. Contact List Harassment

One of the most abusive practices is contact blasting. The app or collector messages people in the borrower’s phone contacts, even those who are not co-makers, guarantors, references, or parties to the loan.

Collectors may contact:

1. Parents;
2. Spouse or partner;
3. Children or siblings;
4. Co-workers;
5. Employer or HR department;
6. Friends;
7. Neighbors;
8. Clients;
9. Churchmates;
10. Former classmates;
11. Random contacts saved in the phone.

This may violate data privacy rights and may also amount to harassment, defamation, or unfair collection practice.

D. Public Shaming

Some collectors create posts, group chats, edited photos, memes, or messages branding the borrower as a scammer, criminal, or debtor.

This may include:

1. Posting the borrower’s photo;
2. Publishing the borrower’s name and address;
3. Tagging relatives or co-workers;
4. Sending “wanted” style images;
5. Creating group chats with contacts;
6. Posting in community groups;
7. Calling the borrower “magnanakaw,” “estafador,” or “fraudster”;
8. Publishing ID photos or selfies submitted during loan application.

Public shaming may create liability for privacy violations, libel, cyber libel, defamation, moral damages, and regulatory violations.

E. Fake Legal Threats

Collectors may send fake documents such as:

1. Fake subpoenas;
2. Fake warrants of arrest;
3. Fake court orders;
4. Fake prosecutor notices;
5. Fake barangay summons;
6. Fake police blotters;
7. Fake hold departure orders;
8. Fake notices of criminal complaint;
9. Fake law office letters;
10. Fake “final warning” documents.

A private collector cannot issue a warrant of arrest. A lender cannot simply order police to arrest a borrower for ordinary non-payment of debt. Fake legal documents may be evidence of intimidation, misrepresentation, fraud, or other legal violations.

F. Threats to Employment

Some collectors call or message the borrower’s employer, supervisor, HR department, or co-workers. They may accuse the borrower of fraud or irresponsibility and demand that the employer pressure the borrower to pay.

This can cause embarrassment, workplace issues, reputational harm, and even job loss. If the employer is not a guarantor or authorized contact, disclosure of the borrower’s debt may be improper and may violate privacy rights.

G. Harassment After Payment

Some borrowers continue receiving threats after payment because records were not updated, collectors are working from outdated lists, or the app imposes unclear penalties.

If the borrower already paid, proof of payment should be preserved and sent to official channels. Continued harassment after payment may strengthen a complaint.

---

V. Data Privacy Issues in Online Lending

Online lending apps collect personal data. Personal data may include:

1. Full name;
2. Address;
3. Phone number;
4. Email address;
5. Date of birth;
6. Government ID;
7. Selfie or facial image;
8. Employment details;
9. Employer name;
10. Salary information;
11. Bank or e-wallet details;
12. Phone contacts;
13. Device information;
14. Location data;
15. Photos or media files;
16. Social media information;
17. References;
18. Loan history;
19. Payment behavior.

Because this information is sensitive and may cause harm if misused, lenders must handle it lawfully, fairly, transparently, securely, and proportionately.

---

VI. Data Privacy Principles

Philippine data privacy law is built around key principles. Online lending companies and their collectors should observe these principles when collecting and processing borrower data.

A. Transparency

The borrower should be informed about what data is collected, why it is collected, how it will be used, who will receive it, how long it will be kept, and how the borrower may exercise rights.

A privacy policy hidden in vague language is not enough if the actual data use is abusive or unexpected.

B. Legitimate Purpose

Data should be collected and used only for legitimate lending purposes, such as identity verification, credit assessment, fraud prevention, loan servicing, payment processing, and lawful collection.

Using contact lists to shame borrowers is not a legitimate purpose.

C. Proportionality

The data collected should be limited to what is necessary. A lending app should not collect excessive data unrelated to the loan.

For example, requiring access to all phone contacts, photos, storage, or messages may be questionable if the loan can be processed with less intrusive data.

D. Fairness

Even when data is collected with consent, it must not be used unfairly, abusively, or oppressively. Consent does not authorize humiliation, defamation, or harassment.

E. Security

Lenders must protect borrower data from unauthorized access, disclosure, misuse, leaks, or abuse by employees and third-party collectors.

---

VII. Consent and App Permissions

Many online lending apps ask users to grant access to contacts, camera, storage, SMS, location, or device data. Borrowers often click “allow” because the app will not proceed without permission.

However, permission does not automatically justify all later uses of data.

Important points:

1. Consent should be informed, specific, and freely given;
2. Borrowers should know exactly what data is collected;
3. Consent to verify identity is not consent to public shaming;
4. Consent to provide references is not consent to contact all phone contacts;
5. Consent to collection communication is not consent to abusive harassment;
6. A borrower cannot be forced to surrender excessive personal data as a condition for a small loan if the data is unnecessary;
7. Data must be processed only for lawful and declared purposes;
8. Data processing must remain fair and proportionate.

A lender cannot rely on app permissions to justify unlawful disclosure of a borrower’s debt to third parties.

---

VIII. Contact Harvesting

Contact harvesting occurs when an app accesses the borrower’s phonebook and collects names, numbers, and other contact details.

This is one of the most problematic online lending practices because third parties in the contact list did not borrow money, did not consent to be contacted, and may not even know the borrower well.

Contact harvesting may become a data privacy violation when:

1. The app collects all contacts without necessity;
2. The app uses contacts for debt shaming;
3. The app discloses the borrower’s debt to contacts;
4. The app sends threatening messages to contacts;
5. The app stores contact data without lawful purpose;
6. The app transfers contact data to collectors;
7. The app uses contact data beyond what was disclosed;
8. The app refuses to delete or stop using the data.

A borrower may complain not only for their own privacy violation but also because the contacts’ personal data may have been processed without proper basis.

---

IX. Disclosure of Debt to Third Parties

A loan obligation is private information. A lender may communicate with the borrower, authorized representatives, co-makers, guarantors, or declared references within lawful limits. But disclosure to unrelated persons is highly problematic.

Improper disclosure may include telling third parties:

1. The borrower has a loan;
2. The borrower has not paid;
3. The amount owed;
4. The due date;
5. The borrower is hiding;
6. The borrower is a scammer;
7. The borrower should be pressured to pay;
8. The borrower’s ID, address, employer, or photo;
9. The borrower’s loan app account details.

Disclosure may violate privacy rights even if the statement that the borrower has a debt is true. Truth does not automatically justify unnecessary disclosure of personal financial information.

---

X. Public Posting of Borrower Information

Posting borrower information online is one of the most serious forms of abuse.

Examples include posting:

1. Name;
2. Photo;
3. Government ID;
4. Selfie;
5. Phone number;
6. Address;
7. Employer;
8. Family member details;
9. Loan amount;
10. Alleged unpaid balance;
11. Accusations of fraud;
12. Edited defamatory images;
13. Screenshots of loan information.

This may be actionable under data privacy law, cybercrime law, defamation law, consumer protection principles, and civil law.

Public posting can cause lasting harm because online content may be copied, shared, downloaded, and reuploaded even after deletion.

---

XI. Abusive Collection and Lending Regulation

Online lending companies and financing companies are subject to regulation. They must comply with rules on registration, disclosure, interest and charges, fair collection, consumer protection, and lawful business conduct.

Abusive collection may involve:

1. Threats;
2. Insults;
3. False legal claims;
4. Public shaming;
5. Contact-list harassment;
6. Misrepresentation;
7. Deceptive loan terms;
8. Hidden fees;
9. Excessive penalties;
10. Operating without proper authority;
11. Using unregistered app names;
12. Delegating collection to abusive third parties.

A lender may be sanctioned even if the borrower still owes money.

---

XII. Regulatory Complaints Against Online Lending Apps

Victims may file complaints with government agencies depending on the nature of the violation.

The usual agencies include:

1. Securities and Exchange Commission, for lending companies, financing companies, abusive collection practices, and unregistered lending operations;
2. National Privacy Commission, for data privacy violations, contact harvesting, unauthorized disclosure, and misuse of personal data;
3. PNP Anti-Cybercrime Group, for cyber threats, cyber libel, online harassment, fake accounts, and digital evidence;
4. NBI Cybercrime Division, for cybercrime-related complaints;
5. Bangko Sentral ng Pilipinas, if the entity is a BSP-supervised financial institution or payment-related entity;
6. Department of Trade and Industry, in appropriate consumer protection cases;
7. Local police, for threats, coercion, harassment, or home visits;
8. Prosecutor’s office, for criminal complaints;
9. Courts, for civil damages, injunction, or defense in collection cases.

The same facts may support multiple complaints.

---

XIII. SEC Complaint: When Appropriate

A complaint to the Securities and Exchange Commission may be appropriate when the issue involves the lending company’s conduct as a regulated lender.

Examples:

1. Abusive collection messages;
2. Public shaming;
3. Contacting the borrower’s phone contacts;
4. Threatening arrest;
5. Misrepresenting legal consequences;
6. Using fake legal notices;
7. Unclear or excessive charges;
8. Operating under multiple app names;
9. Lack of company registration or authority;
10. Harassment by collectors acting for the lending company.

The SEC may investigate whether the company is authorized to lend, whether it violated lending regulations, and whether sanctions should be imposed.

---

XIV. NPC Complaint: When Appropriate

A complaint to the National Privacy Commission is appropriate when personal data is misused.

Examples:

1. The app accessed the borrower’s contact list;
2. The app messaged contacts about the borrower’s debt;
3. The app disclosed loan information to third parties;
4. The app posted the borrower’s photo or ID;
5. The app collected excessive permissions;
6. The app failed to explain data use;
7. The app refused to stop using personal data;
8. The app shared data with collectors without proper basis;
9. The app used personal data for shaming or threats;
10. Personal information was leaked or exposed.

The NPC complaint should focus on data collection, processing, disclosure, security, consent, and privacy harms.

---

XV. Cybercrime Complaint: When Appropriate

Cybercrime authorities may be approached when harassment is done through electronic means.

Possible cyber-related issues include:

1. Cyber libel;
2. Online threats;
3. Use of fake accounts;
4. Identity misuse;
5. Hacking or unauthorized access;
6. Data exposure online;
7. Digital forgery or fake legal notices;
8. Harassing group chats;
9. Obscene or abusive online messages;
10. Repeated digital intimidation.

The victim should preserve electronic evidence quickly because posts and accounts may be deleted.

---

XVI. Criminal Liability

Depending on the facts, abusive collectors may face criminal complaints for:

1. Grave threats;
2. Light threats;
3. Unjust vexation;
4. Grave coercion;
5. Oral defamation;
6. Libel or cyber libel;
7. Identity-related offenses;
8. Falsification or use of fake documents;
9. Data-related offenses;
10. Other offenses depending on the conduct.

A criminal case requires evidence and must be evaluated based on the exact acts committed.

---

XVII. Civil Liability

A borrower may also pursue civil remedies if harassment caused harm.

Possible civil claims may include:

1. Moral damages for anxiety, humiliation, sleeplessness, shame, or mental suffering;
2. Actual damages for financial loss;
3. Damages for loss of employment or business opportunities;
4. Damages for reputational injury;
5. Attorney’s fees;
6. Injunction or order to stop harmful acts;
7. Removal or correction of defamatory or privacy-violating content;
8. Other relief allowed by law.

Civil claims require proof of harm, causation, and wrongful conduct.

---

XVIII. Non-Payment of Debt Is Generally Civil, Not Criminal

Collectors often threaten borrowers with imprisonment. This is a common fear tactic.

As a general rule, failure to pay an ordinary debt is a civil matter. A borrower is not automatically imprisoned simply for being unable to pay a loan.

However, separate criminal liability may arise if there are additional facts such as fraud, falsification, identity theft, use of fake documents, or issuance of bad checks where applicable. But the lender cannot simply label every unpaid borrower as a criminal.

Threatening arrest or imprisonment without legal basis may be abusive and misleading.

---

XIX. Estafa Threats by Collectors

Collectors frequently threaten to file estafa. But estafa requires specific elements. Non-payment alone does not automatically equal estafa.

A borrower may become exposed to criminal risk if the loan was obtained through deceit, false identity, fake employment, falsified documents, or fraudulent misrepresentation existing from the beginning. But inability to pay after a genuine loan is ordinarily a civil collection matter.

Collectors who casually threaten estafa to scare borrowers may be engaging in unfair or abusive collection.

---

XX. Fake Warrants and Subpoenas

A warrant of arrest is issued by a court. A subpoena is issued through proper legal processes. A private lender or collector cannot create a fake warrant or fake subpoena to force payment.

If a borrower receives a supposed legal notice, check:

1. Is there a court name?
2. Is there a case number?
3. Is it signed by a real judge, prosecutor, or authorized officer?
4. Is there an official seal?
5. Was it served through proper channels?
6. Does it contain suspicious grammar, layout, or threats?
7. Does it demand payment to a private e-wallet immediately?
8. Does it come from a random phone number?

Fake legal documents should be preserved and included in complaints.

---

XXI. Harassment of References

Borrowers sometimes provide references during loan application. A lender may contact references for verification if properly disclosed and consented to. But references are not automatically liable for the borrower’s debt.

Collectors should not:

1. Demand payment from references;
2. Threaten references;
3. Shame the borrower through references;
4. Disclose unnecessary loan details;
5. Harass references repeatedly;
6. Accuse references of hiding the borrower;
7. Add references to group chats for humiliation.

A reference is usually not a guarantor unless they signed a separate obligation.

---

XXII. Harassment of Family Members

Family members are not automatically liable for the borrower’s online loan. Parents, spouses, siblings, children, or relatives generally do not have to pay unless they signed as co-borrower, co-maker, guarantor, or surety.

Collectors who threaten family members may be liable for harassment, privacy violations, or other offenses.

If family members receive messages, they should preserve screenshots and avoid engaging in heated exchanges.

---

XXIII. Harassment of Employers and Co-Workers

Contacting an employer can be especially damaging. It may embarrass the borrower and affect employment.

Collectors may tell HR or supervisors that the borrower is a scammer or has unpaid loans. This may be improper disclosure of personal financial information and may also be defamatory if false or malicious.

The borrower should request copies of messages sent to the employer or co-workers. These may be strong evidence in complaints.

---

XXIV. Use of Debt-Shaming Group Chats

Some collectors create group chats with the borrower’s contacts and post accusations, threats, or loan details.

This can involve:

1. Data privacy violation;
2. Cyber harassment;
3. Cyber libel;
4. Defamation;
5. Unfair collection;
6. Moral damages;
7. Regulatory sanctions.

The borrower should take screenshots showing the group name, members, sender profile, message content, date, and time.

---

XXV. Edited Photos, Memes, and “Wanted” Posters

Using edited photos or “wanted” posters to shame borrowers is highly abusive.

These materials may include the borrower’s selfie, ID photo, employer, address, or accusations of fraud.

Such posts may support complaints for privacy violation, cyber libel, harassment, and damages.

The victim should preserve the original image, link, screenshot, account name, and evidence of publication or sharing.

---

XXVI. Excessive Interest and Hidden Fees

Harassment often comes with disputes over loan amount. Borrowers may receive less than the stated loan because of upfront deductions, then be asked to pay a much larger amount within a short period.

Common issues include:

1. Hidden processing fees;
2. Service fees deducted before release;
3. Very high daily penalties;
4. Short repayment terms;
5. Automatic renewal charges;
6. Inflated collection amounts;
7. Unclear interest rates;
8. Misleading display of loan cost;
9. Charges not disclosed before acceptance;
10. Payment not properly credited.

A borrower should document the amount applied for, amount actually received, due date, charges, payments made, and current amount demanded.

---

XXVII. Data Privacy Rights of Borrowers

Borrowers have rights over their personal data. These include the right to be informed, to access, to object, to correct inaccurate data, to request blocking or deletion where applicable, and to complain about misuse.

A borrower may ask the lending company:

1. What personal data did you collect?
2. Why did you collect it?
3. Did you access my contacts?
4. To whom did you disclose my data?
5. Who are your third-party collectors?
6. How long will you retain my data?
7. How can I withdraw consent where applicable?
8. How can I request deletion or blocking?
9. Who is your data protection officer?
10. What is the basis for contacting third parties?

A lender should have a clear privacy mechanism and should not ignore data subject requests.

---

XXVIII. Data Subject Request to Lending App

A borrower may send a data privacy request to the company or its data protection officer.

The request may ask for:

1. Access to personal data collected;
2. List of recipients of personal data;
3. Copy of privacy policy accepted;
4. Basis for processing phone contacts;
5. Deletion of unlawfully processed contact data;
6. Cessation of third-party disclosures;
7. Correction of false information;
8. Removal of online posts;
9. Identification of collection agencies;
10. Confirmation that harassment will stop.

If ignored, the request may be attached to an NPC complaint.

---

XXIX. Evidence Needed for Complaints

Evidence is the heart of an online lending harassment case.

Collect and preserve:

1. Screenshots of messages from collectors;
2. Full conversation threads;
3. Call logs;
4. Voice recordings, if lawfully obtained;
5. Screenshots from contacts who were messaged;
6. Social media posts;
7. URLs of posts;
8. Group chat screenshots;
9. Fake warrants or subpoenas;
10. Loan app screenshots;
11. Loan agreement;
12. Privacy policy;
13. App permissions;
14. Amount borrowed;
15. Amount actually received;
16. Payment receipts;
17. Statement of account;
18. App name and developer name;
19. Company name;
20. Collector phone numbers;
21. E-wallet or bank accounts used for payment;
22. Emails with customer service;
23. Demand letters sent;
24. Police or barangay blotter, if any;
25. Affidavits of affected contacts.

Screenshots should show date, time, sender, recipient, and full message.

---

XXX. How to Preserve Digital Evidence

Digital evidence can disappear quickly. Collectors may delete messages, change names, deactivate accounts, or use disposable SIM cards.

Best practices:

1. Take screenshots immediately;
2. Make screen recordings showing profile and full thread;
3. Save URLs;
4. Do not crop important details;
5. Export conversations if possible;
6. Ask contacts to send original screenshots;
7. Preserve call logs;
8. Back up files to cloud storage;
9. Save payment receipts;
10. Keep the phone used for the transaction;
11. Do not delete the app until screenshots are saved;
12. Record the app store link and developer details;
13. Save the privacy policy and terms before they change.

Evidence should be organized chronologically.

---

XXXI. Identifying the Lending Company

Many apps use a brand name different from the registered company name. The complaint should identify all available details:

1. App name;
2. App store link;
3. Developer name;
4. Company name in loan agreement;
5. SEC registration details, if shown;
6. Certificate of authority details, if shown;
7. Website;
8. Customer service email;
9. Data protection officer email;
10. Collector names or aliases;
11. Phone numbers;
12. Social media pages;
13. Payment account names;
14. E-wallet numbers;
15. Bank accounts.

If the company name is unclear, include all identifiers in the complaint.

---

XXXII. Complaint Before the SEC

A complaint to the SEC should focus on lending regulation and abusive collection.

A. Information to Include

Include:

1. Borrower’s full name and contact details;
2. App name;
3. Company name, if known;
4. Loan amount and amount received;
5. Due date;
6. Amount demanded;
7. Description of harassment;
8. Screenshots of threats;
9. Proof of contact blasting;
10. Public shaming posts;
11. Fake legal documents;
12. Proof of payment, if any;
13. Names and numbers of collectors;
14. Relief requested.

B. Possible Requests

The complainant may ask for:

1. Investigation of the lending company;
2. Sanctions for abusive collection;
3. Order to stop harassment;
4. Verification of registration;
5. Action against unauthorized app operations;
6. Referral to other agencies;
7. Direction to correct abusive practices.

The SEC complaint may result in regulatory action but does not automatically cancel the debt.

---

XXXIII. Complaint Before the National Privacy Commission

An NPC complaint should focus on personal data misuse.

A. Information to Include

Include:

1. Borrower’s identity;
2. App and company details;
3. Personal data collected;
4. App permissions requested;
5. How data was misused;
6. Contacts who were messaged;
7. Screenshots of disclosures;
8. Public posts showing personal data;
9. Privacy policy screenshots;
10. Data subject request sent, if any;
11. Company’s response or failure to respond;
12. Harm suffered.

B. Possible Requests

The complainant may ask for:

1. Investigation;
2. Order to stop unlawful processing;
3. Deletion or blocking of unlawfully collected contacts;
4. Removal of public posts;
5. Correction of false information;
6. Sanctions for privacy violations;
7. Direction to improve data protection practices.

The NPC complaint is especially important when the main issue is contact harvesting or disclosure of debt to third parties.

---

XXXIV. Cybercrime Complaint

For online threats, cyber libel, fake accounts, or digital harassment, the victim may approach cybercrime authorities.

Bring:

1. Valid ID;
2. Screenshots;
3. URLs;
4. Phone numbers;
5. Account names;
6. Full message threads;
7. Device used;
8. Payment records;
9. App details;
10. Witness screenshots;
11. Fake documents;
12. Timeline.

Cybercrime complaints should be filed promptly because digital evidence may be lost.

---

XXXV. Police or Barangay Blotter

A police or barangay blotter may be useful when:

1. Collectors threaten to visit;
2. Collectors actually visit the home or workplace;
3. The borrower receives threats of harm;
4. Family members are threatened;
5. There is stalking or intimidation;
6. The borrower needs an official record;
7. Harassment affects safety.

A blotter is not the same as a full case, but it creates documentation.

---

XXXVI. Cease-and-Desist Letter

A borrower may send a cease-and-desist letter to the lending company, collector, or data protection officer.

The letter should demand that they stop:

1. Threatening the borrower;
2. Contacting third parties;
3. Disclosing loan information;
4. Posting personal data;
5. Using abusive language;
6. Sending fake legal notices;
7. Processing contacts unlawfully;
8. Misrepresenting criminal consequences.

The letter should also request a statement of account and proof of authority to collect.

---

XXXVII. Sample Cease-and-Desist Letter

Subject: Demand to Stop Harassment and Unauthorized Use of Personal Data

Date: [Insert Date]

To: [Name of Lending Company / App / Collection Agency] [Email / Address]

Dear Sir/Madam:

I am writing regarding my account with [name of online lending app], loan account number [insert if available].

Your representatives have engaged in abusive collection and unauthorized use of personal data, including the following:

1. Sending threatening and insulting messages on [dates];
2. Contacting my relatives, friends, co-workers, or employer regarding my alleged loan;
3. Disclosing my personal loan information to persons who are not parties to the loan;
4. Threatening to post or actually posting my name, photo, address, or loan details;
5. Sending misleading or fake legal threats.

These acts violate my rights and have caused distress, humiliation, and damage to my privacy and reputation.

You are hereby demanded to immediately stop all harassment, threats, public shaming, third-party contact, unauthorized disclosure, and unlawful processing of my personal data.

Please provide:

1. A complete statement of account;
2. Proof of your authority to collect;
3. The registered name of the lending or financing company;
4. The name and contact details of your data protection officer;
5. Identification of any third-party collection agency handling my account;
6. Confirmation that my personal data and phone contacts will no longer be used for unlawful collection or harassment.

This letter is without prejudice to my right to file complaints before the Securities and Exchange Commission, National Privacy Commission, cybercrime authorities, police, prosecutor’s office, and courts.

Sincerely, [Name] [Contact Details]

---

XXXVIII. Data Privacy Request Letter

Subject: Data Subject Request Regarding Online Lending Account

Date: [Insert Date]

To: The Data Protection Officer [Company / App Name]

Dear Sir/Madam:

I am a borrower / user of [app name]. I request information regarding the personal data your company collected and processed in relation to my loan application and account.

Please provide:

1. The categories of personal data collected from me;
2. The purpose of each category of data processing;
3. Whether my phone contacts, photos, device information, or location were accessed;
4. The legal basis for processing my contacts and third-party information;
5. The persons, collectors, or third parties to whom my personal data was disclosed;
6. The retention period for my data;
7. The process for deleting, blocking, or correcting unlawfully processed data;
8. Confirmation that you will stop contacting persons who are not parties to my loan.

I also object to the use of my personal data for harassment, public shaming, third-party disclosure, or abusive collection.

Please respond in writing.

Sincerely, [Name] [Contact Details]

---

XXXIX. Settlement With the Lending App

A borrower may settle a valid loan while still complaining about harassment. Settlement and harassment complaints are separate.

Before paying, ask for:

1. Official statement of account;
2. Total settlement amount;
3. Waiver of penalties, if agreed;
4. Payment deadline;
5. Official payment channel;
6. Written confirmation that payment fully settles the account;
7. Confirmation that collection will stop;
8. Confirmation that third-party contact will stop;
9. Receipt after payment;
10. Certificate of full payment or clearance.

Do not pay to unknown personal accounts without proof of authority.

---

XL. Sample Settlement Confirmation Request

Subject: Request for Written Settlement Confirmation

Dear [Company/App/Collector]:

Before making any payment, please confirm the following in writing:

1. Total settlement amount;
2. Loan account covered;
3. Official payment channel;
4. Deadline for payment;
5. Confirmation that payment will fully settle the account;
6. Confirmation that no further charges will be imposed after payment;
7. Confirmation that all collection calls, messages, and third-party contacts will stop;
8. Confirmation that no personal information will be posted or disclosed.

Please send confirmation from an authorized company representative.

Sincerely, [Name]

---

XLI. What If the Borrower Cannot Pay Yet?

A borrower who cannot pay immediately should avoid panic. The borrower may:

1. Request a statement of account;
2. Ask for restructuring;
3. Offer installment settlement;
4. Dispute illegal charges;
5. Pay only through official channels;
6. Document harassment;
7. File complaints for abuse;
8. Avoid borrowing from another predatory app to pay the first app;
9. Inform family members not to engage with collectors;
10. Seek financial counseling or legal assistance.

Inability to pay does not justify harassment.

---

XLII. What If the Borrower Already Paid?

If harassment continues after payment:

1. Send proof of payment to official customer service;
2. Request updated account status;
3. Ask for certificate of full payment;
4. Demand that collection stop;
5. Preserve continued harassment evidence;
6. File or supplement complaints;
7. Notify contacts that messages are unauthorized.

Continued harassment after payment is strong evidence of abusive or negligent collection practices.

---

XLIII. What If the Borrower Never Took the Loan?

Sometimes people are harassed for loans they never took. This may involve identity theft, wrong number, stolen ID, fake application, or misuse of contacts.

The person should:

1. Deny the loan in writing;
2. Ask for proof of loan application;
3. Ask what data was used;
4. Demand deletion or correction of false data;
5. File a privacy complaint if personal data was misused;
6. File a cybercrime or police report if identity theft is suspected;
7. Tell contacts not to pay;
8. Preserve all messages and calls.

Do not pay a loan you did not take just to stop harassment without seeking advice.

---

XLIV. Digital Security Steps for Borrowers

Borrowers should protect their digital information.

Recommended steps:

1. Revoke app permissions;
2. Uninstall suspicious apps after saving evidence;
3. Change passwords;
4. Enable two-factor authentication;
5. Check e-wallet and bank security;
6. Review social media privacy settings;
7. Do not share OTPs;
8. Avoid clicking links sent by collectors;
9. Warn contacts about possible harassment;
10. Scan the phone for suspicious apps;
11. Keep backups of evidence;
12. Use official app or company channels only.

Do not delete evidence before saving copies.

---

XLV. Message to Contacts

If contacts are being harassed, the borrower may send:

“Please ignore messages from persons claiming to collect a loan from me. They are not authorized to harass you or disclose my personal information. Please take screenshots of any messages, numbers, or posts and send them to me so I can include them in complaints with the proper authorities.”

This helps gather evidence and reduces panic.

---

XLVI. Employer Communication

If the borrower’s employer is contacted, the borrower may inform HR:

“This is a personal financial matter. The lender or collector is not authorized to harass my workplace or disclose my personal information. If you receive any messages or calls, please preserve screenshots or call details. I am taking legal steps against the harassment.”

This keeps the employer informed and helps preserve evidence.

---

XLVII. Checklist Before Filing Complaints

Prepare:

1. Valid ID;
2. App name and screenshots;
3. Company name, if known;
4. Loan agreement or account screenshots;
5. Amount borrowed and amount received;
6. Statement of account;
7. Payment receipts;
8. Collector messages;
9. Call logs;
10. Screenshots from contacts;
11. Social media posts;
12. URLs;
13. Fake legal notices;
14. App permissions screenshots;
15. Privacy policy screenshots;
16. Cease-and-desist letter, if sent;
17. Data subject request, if sent;
18. Police or barangay blotter, if any;
19. Written timeline;
20. List of harms suffered.

Organized evidence increases the chance of meaningful action.

---

XLVIII. Complaint-Affidavit Template

Republic of the Philippines [City/Province]

Complaint-Affidavit

I, [Name], Filipino, of legal age, residing at [address], after being duly sworn, state:

1. I am the complainant in this case.
2. I used or applied for a loan through [name of online lending app] on or about [date].
3. The stated loan amount was ₱[amount], but I received ₱[amount] after deductions.
4. The due date was [date], and the amount demanded was ₱[amount].
5. On [date], I received messages from [number/account/name] claiming to collect for [app/company].
6. The collector stated: “[insert exact words].”
7. On [date], my [relative/co-worker/employer/friend], [name], received a message from the collector disclosing my alleged loan and stating [summarize or quote].
8. On [date], my personal information, including [name/photo/address/employer/loan details], was posted or shared through [platform/group chat/account].
9. I did not authorize the public disclosure of my personal information or the harassment of my contacts.
10. These acts caused me fear, distress, humiliation, and damage to my privacy and reputation.
11. I attach screenshots, call logs, loan details, and other evidence as annexes.
12. I am executing this affidavit to support the filing of appropriate complaints against the persons and entities responsible.

Affiant further sayeth none.

[Name and Signature] [Date]

Subscribed and sworn to before me this [date] at [place].

---

XLIX. Organizing Annexes

A complaint may be organized as follows:

1. Annex A – Screenshot of loan app and account;
2. Annex B – Loan amount and amount received;
3. Annex C – Threatening message to borrower;
4. Annex D – Message sent to family member;
5. Annex E – Message sent to employer;
6. Annex F – Public shaming post;
7. Annex G – Fake legal document;
8. Annex H – App permissions screenshot;
9. Annex I – Privacy policy screenshot;
10. Annex J – Payment receipt;
11. Annex K – Cease-and-desist letter;
12. Annex L – Police or barangay blotter.

Label each annex clearly.

---

L. Common Defenses of Lending Apps

A lending app may claim:

1. The borrower consented to data access;
2. Contacts were listed as references;
3. The borrower agreed to collection terms;
4. The messages came from unauthorized third-party collectors;
5. Screenshots are fake;
6. The borrower is avoiding payment;
7. The statements were private, not public;
8. The borrower gave false information;
9. Charges were disclosed;
10. The company is registered.

The borrower should respond with complete evidence, especially screenshots of contact harassment, privacy policy gaps, app permissions, and abusive messages.

---

LI. Common Mistakes by Borrowers

Borrowers often weaken their complaints by:

1. Deleting messages;
2. Not saving screenshots from contacts;
3. Paying to unknown accounts without receipts;
4. Ignoring real court documents;
5. Posting defamatory statements online;
6. Threatening collectors back;
7. Signing unclear settlement terms;
8. Failing to identify the app and company;
9. Not documenting the amount actually received;
10. Not requesting a statement of account;
11. Borrowing from more apps to pay old apps;
12. Waiting until posts are deleted;
13. Assuming a complaint automatically cancels the debt.

A complaint against harassment does not automatically erase a valid loan.

---

LII. Common Mistakes by Lending Companies and Collectors

Lenders and collectors expose themselves to liability when they:

1. Access contacts unnecessarily;
2. Disclose debt to third parties;
3. Use abusive language;
4. Threaten imprisonment without basis;
5. Send fake legal notices;
6. Shame borrowers online;
7. Use anonymous numbers;
8. Fail to identify themselves;
9. Continue collecting after payment;
10. Inflate balances without explanation;
11. Ignore data subject requests;
12. Fail to control third-party collectors;
13. Operate through unauthorized app names;
14. Misrepresent civil debt as criminal liability.

The lender’s right to collect must be exercised lawfully.

---

LIII. Remedies Summary

A victim of online lending harassment and data privacy violations may pursue:

1. SEC complaint for abusive lending and collection practices;
2. NPC complaint for unauthorized personal data processing;
3. Cybercrime complaint for online threats, cyber libel, fake accounts, or digital harassment;
4. Police blotter for threats or intimidation;
5. Barangay assistance for local harassment or visits;
6. Prosecutor complaint for criminal offenses;
7. Civil action for damages;
8. Demand for deletion or blocking of unlawfully processed data;
9. Demand for removal of defamatory posts;
10. Settlement of valid loan under written terms;
11. Dispute of excessive or illegal charges;
12. Defense in any actual collection case filed by the lender.

The best remedy depends on the evidence and objective.

---

LIV. Frequently Asked Questions

1. Can an online lending app contact my phone contacts?

Not for harassment, public shaming, or unnecessary disclosure of your debt. Contacting all phone contacts is highly questionable, especially if those people are not parties to the loan.

2. Can they post my photo online because I failed to pay?

No. Public shaming and posting personal information may violate privacy rights and may expose the lender or collector to liability.

3. Can I be jailed for not paying an online loan?

Ordinary non-payment of debt is generally civil, not criminal. Separate criminal liability may arise only if there are additional facts such as fraud or falsification.

4. Can they call my employer?

They should not disclose your debt to your employer unless there is a lawful basis. Employer harassment may support a privacy or harassment complaint.

5. What if I clicked “allow contacts” in the app?

App permission does not authorize abusive, excessive, or unfair use of your contacts. Consent must still comply with data privacy principles.

6. Should I pay before filing a complaint?

Payment and harassment complaints are separate. Paying may settle the loan but does not erase prior abusive conduct. If you pay, use official channels and get receipts.

7. What if they continue harassing me after payment?

Preserve proof of payment and evidence of continued harassment. Demand account closure and file or update complaints.

8. What if the app is unregistered?

Include all app details, payment accounts, phone numbers, and screenshots in your complaint. Unregistered lending may be a serious regulatory issue.

9. Can my relatives be forced to pay?

Not unless they signed as co-borrowers, guarantors, sureties, or otherwise legally bound themselves.

10. Can I sue for damages?

Possibly, if you can prove wrongful conduct and harm, such as humiliation, reputational damage, job loss, or emotional distress.

---

LV. Conclusion

Online lending harassment and data privacy violations are serious problems in the Philippines. While lenders may lawfully collect valid debts, they cannot use threats, public shaming, contact-list harassment, fake legal documents, abusive language, or unauthorized disclosure of personal data.

Borrowers have rights even when they owe money. Personal data collected for loan processing must not be weaponized for humiliation. Phone contacts, employer details, photos, IDs, and private loan information must be handled lawfully, fairly, securely, and only for legitimate purposes.

Victims should preserve evidence, identify the lending app and company, document the timeline, request a statement of account, send cease-and-desist or data privacy requests when appropriate, and file complaints with the proper agencies. The SEC may address abusive lending practices, the National Privacy Commission may address data misuse, cybercrime authorities may address online threats and cyber libel, and courts may provide remedies for damages or unlawful conduct.

A valid debt should be resolved through lawful collection, settlement, or court process. It should never be collected through fear, shame, or misuse of personal data. In the Philippines, the right to collect does not include the right to harass.