What to Do If You Still Receive Spam Messages After Deleting a Lending App Account

Receiving spam, threats, or “loan offer” messages after you deleted a lending app account is frustrating—and in many cases, it may point to a data privacy or debt collection problem. In the Philippines, deleting an app from your phone is not the same as deleting your account or erasing your personal data. But once you have withdrawn consent, closed the account, paid the loan, or asked the company to stop using your data for marketing, the lending app cannot simply keep using your number, contacts, photos, or other personal information without a lawful reason. This guide explains what may be happening, what Philippine laws protect you, how to preserve evidence, and where to report the lending app, collector, or spam sender.

Why spam messages may continue after deleting a lending app account

There are several possible reasons you are still receiving messages:

  1. You deleted the app, but not the account. Uninstalling the app only removes it from your phone. The company may still have your account records, phone number, ID images, references, payment history, and consent logs.

  2. Your account was deleted, but some data is retained for legal or accounting purposes. A lending company may retain limited records if needed for a legitimate purpose, such as loan documentation, regulatory compliance, fraud prevention, or legal claims. But retention must still follow the principles of transparency, legitimate purpose, and proportionality under the Data Privacy Act.

  3. You still have an unpaid or disputed loan. If there is a valid debt, the lender may contact you for collection. However, it must do so lawfully. It cannot threaten you, shame you, harass your contacts, or use deceptive messages.

  4. A third-party collector has your data. Some online lending platforms use collection agencies or service providers. Under SEC rules, the lending or financing company remains responsible for the acts of its collectors and outsourced service providers.

  5. The messages are from scammers using lending-app style tactics. Some spam messages are not from the original lender at all. They may be phishing attempts, fake “loan approval” messages, or threats designed to make you click a link, send money, or reveal an OTP.

The first step is to identify whether the messages are ordinary marketing, unlawful debt collection, a data privacy violation, or a cybercrime-related scam.

Your rights under Philippine law

Your data privacy rights under the Data Privacy Act

The main law that protects your personal information is the Data Privacy Act of 2012, or Republic Act No. 10173. It applies to the processing of personal information, including collection, recording, storage, use, disclosure, retention, blocking, erasure, and destruction. The law requires personal data processing to follow the principles of transparency, legitimate purpose, and proportionality. In simple terms, a company must tell you what it is doing with your data, use it only for a lawful and declared purpose, and avoid collecting or keeping more than necessary. (National Privacy Commission)

As a data subject, you have rights that are especially important when dealing with lending apps. You may ask what data the company has about you, why it is being processed, who received it, how long it will be retained, and whether it was disclosed to third parties. You may also dispute inaccurate data, withdraw consent where consent is the basis of processing, and request blocking, removal, or destruction of personal information that is outdated, unlawfully obtained, used for unauthorized purposes, or no longer necessary. (National Privacy Commission)

This matters because many lending-app complaints involve:

  • repeated promotional texts after account closure;
  • messages from unknown collectors;
  • unauthorized access to phone contacts;
  • disclosure of loan details to relatives, friends, co-workers, or employers;
  • public shaming on social media or messaging apps;
  • threats using personal photos, IDs, or contact lists.

Lending apps cannot freely harvest or use your contacts

The National Privacy Commission has repeatedly addressed abusive online lending practices. In a joint 2026 advisory with the DICT and SEC, regulators warned against online lending platform practices involving harassment, intimidation, public shaming, and unlawful personal data use. The advisory states that online lending platforms should not request unnecessary app permissions, engage in excessive processing of contacts, use personal data for harassment, or contact persons in a borrower’s contact list for debt collection unless they are properly designated guarantors.

This distinction is important:

Person What the lending app may generally do
Borrower Contact for account-related matters and lawful collection if there is a valid debt
Character reference Use for identification or verification, not automatic debt collection
Guarantor May be contacted about the loan only if the person expressly agreed to be a guarantor
Random contact from your phonebook Should not be contacted for collection merely because their number was in your phone

The advisory also says personal data should be retained only as long as necessary for the declared purpose, legal claims, or applicable law, and should be securely disposed of afterward.

SEC rules prohibit unfair debt collection practices

If the lending app is operated by a lending company or financing company, the Securities and Exchange Commission (SEC) may have jurisdiction. SEC Memorandum Circular No. 18, Series of 2019 prohibits unfair debt collection practices by financing companies, lending companies, and their third-party service providers. The circular recognizes that lenders may collect debts, but they must do so in good faith and avoid abusive, unethical, or deceptive conduct.

Under SEC rules, unfair collection practices include:

  • using threats, violence, or criminal means to harm a person, reputation, or property;
  • using obscene, insulting, or profane language;
  • falsely representing legal consequences;
  • disclosing or publishing the borrower’s names and personal information;
  • communicating false credit information;
  • using deceptive means to collect;
  • contacting the borrower at unreasonable hours, generally before 6:00 a.m. or after 10:00 p.m., unless justified by special circumstances;
  • contacting people in the borrower’s contact list other than guarantors or co-makers.

The SEC may impose fines and, for repeated violations, suspension or revocation of authority to operate. The rules also make clear that when a lender outsources collection, the third-party collector acts as an agent and the lending or financing company remains ultimately responsible.

Threats, public shaming, fraud, and identity misuse may involve criminal laws

Some messages go beyond spam or unfair collection. They may involve criminal conduct, especially if they include threats, extortion, fake legal notices, identity theft, or online shaming.

The Cybercrime Prevention Act of 2012, or Republic Act No. 10175, covers several offenses committed through computer systems, including illegal access, identity theft, computer-related fraud, and cyberlibel. It also regulates unsolicited commercial communications, subject to exceptions such as prior consent, service announcements, or clear opt-out mechanisms. (Supreme Court E-Library)

If a collector posts defamatory statements about you online, sends humiliating messages to your contacts, or creates fake posts about your loan, the issue may also touch on cyberlibel. In Disini v. Secretary of Justice, the Supreme Court explained that cyberlibel under RA 10175 is not a completely new offense but applies libel principles to online publication through a computer system. (Supreme Court E-Library)

Separately, Article 26 of the Civil Code recognizes a person’s right to dignity, personality, privacy, and peace of mind. It allows legal relief against acts such as prying into another’s privacy, disturbing private life, or vexing or humiliating a person because of personal circumstances. (Lawphil)

Step-by-step guide: what to do if spam messages continue

1. Preserve evidence before deleting, blocking, or replying

Before blocking the sender, collect proof. Complaints often fail because the victim deleted the messages, lost access to the phone, or could not show the connection between the messages and the lending app.

Save the following:

Evidence Why it matters
Screenshots of SMS, Viber, Messenger, WhatsApp, Telegram, email, or app notifications Shows the exact words used, sender ID, number, date, and time
Call logs and voicemail recordings Helps prove repeated harassment or collection calls
Screen recording of disappearing messages Useful when messages vanish or are unsent
Account deletion confirmation Shows you attempted to close the account
Loan contract, disclosure statement, or payment receipts Helps show whether the loan is paid, unpaid, or disputed
App privacy notice, permission screen, or consent form Helps show what you supposedly agreed to
App store listing and company name Helps identify the operator
Messages sent to your contacts Strong evidence of improper contact-list use
Customer service emails or tickets Shows you tried to resolve the matter first

For screenshots, include the full sender number or sender ID, date, time, and entire message. Do not crop out important details. If possible, back up the files to cloud storage or another device.

Avoid clicking links in the messages. If a link looks important, take a screenshot instead of opening it.

2. Secure your phone and accounts

After preserving evidence, reduce the risk of further misuse.

Do these immediately:

  1. Revoke app permissions for contacts, camera, photos, microphone, location, SMS, and storage.
  2. Uninstall the app only after saving evidence and confirming whether account deletion was processed.
  3. Change passwords for email, banking apps, e-wallets, and social media.
  4. Enable two-factor authentication where available.
  5. Never give OTPs, passwords, or ID photos to anyone who contacted you through spam messages.
  6. Tell your close contacts not to respond, pay, click links, or provide information if they receive messages about your loan.
  7. Block and report the sender through your phone, telco app, or official reporting channels.

If you suspect malware or unauthorized access, update your phone operating system and scan for suspicious apps. If the messages are coming from many changing numbers, focus on preserving samples and reporting the pattern rather than replying to every number.

3. Send a written request to the lending app or its Data Protection Officer

Before filing a privacy complaint with the National Privacy Commission, you usually need to show that you first informed the company in writing and gave it a chance to act. NPC complaint rules require complainants to show proof that they informed the respondent of the privacy violation or personal data breach and that the respondent failed to take timely or appropriate action within 15 calendar days from receipt. (National Privacy Commission)

Send your request by email, in-app ticket, or any official support channel. Keep proof of sending.

You can use wording like this:

I am requesting that you stop sending marketing, promotional, or non-essential messages to my mobile number and any linked channels. I have deleted/closed my account on [date], and I withdraw consent for direct marketing and any optional processing not necessary for a lawful purpose.

Please confirm what personal information you still retain about me, the legal basis for retaining it, the retention period, and the third parties or collectors to whom my data was disclosed.

I also request the blocking, removal, or destruction of personal information that is no longer necessary, unlawfully obtained, used for unauthorized purposes, or processed beyond the purposes disclosed to me.

Please also confirm that my contacts, character references, relatives, friends, co-workers, or employer will not be contacted for collection unless they are lawful guarantors who expressly consented.

If you have already paid the loan, attach proof of payment. If the loan is disputed, clearly say that the debt is disputed and identify why, such as wrong amount, unauthorized charges, payment not credited, or fake account.

4. Identify the company behind the messages

Many lending apps use trade names that are different from their registered company names. Before filing with the SEC or NPC, gather as much identifying information as possible:

  • app name;
  • registered company name;
  • SEC registration number;
  • Certificate of Authority number, if shown;
  • website, email, customer service number;
  • collector’s name or agency;
  • sender ID or phone numbers used;
  • payment channels or bank/e-wallet accounts used;
  • screenshots of the app store page.

If the sender refuses to identify the company, uses only threats, or demands payment to a personal account, treat it as a possible scam and report it as such.

5. File a complaint with the National Privacy Commission for data misuse

File with the National Privacy Commission (NPC) if the issue involves personal data misuse, such as:

  • continued marketing after withdrawal of consent;
  • refusal to delete or block unnecessary personal data;
  • unauthorized access to contacts, photos, or messages;
  • disclosure of loan information to relatives, friends, co-workers, or employers;
  • failure to explain how your data was used or shared;
  • harassment using personal data.

NPC rules allow complaints by the data subject, by an authorized representative through a Special Power of Attorney, or by the NPC on its own initiative. Complaints may be filed using the NPC complaint-assisted form or a verified complaint, with supporting evidence and witness affidavits where applicable. (National Privacy Commission)

The NPC’s own complaint page instructs complainants to download the form, fill it out, have it notarized, and submit it by personal filing, courier, registered mail, or email to the NPC complaints address. (National Privacy Commission)

Prepare these:

Requirement Practical note
Filled-out NPC complaint form or verified complaint Must clearly identify the respondent and describe the data privacy violation
Notarized signature Required for formal complaint documents
Proof of prior written notice to the company Important because of the 15-calendar-day exhaustion requirement
Screenshots and call logs Include dates, times, sender numbers, and full message content
Proof of account deletion, payment, or withdrawal of consent Helps show why continued messages may be improper
Witness statements Useful if your contacts received messages or calls

If the NPC finds merit, the matter may proceed to investigation and enforcement. The NPC may refer cases involving possible criminal charges to the Department of Justice. (National Privacy Commission)

6. File with the SEC if the issue involves abusive debt collection

File with the SEC Financing and Lending Companies Division if the lending app, financing company, or collector is using unfair collection practices.

Examples include:

  • threatening arrest or imprisonment for debt;
  • threatening to post your face, ID, or loan details online;
  • calling or messaging at unreasonable hours;
  • sending insults, profanity, or humiliating language;
  • contacting your phone contacts who are not guarantors or co-makers;
  • pretending to be a police officer, lawyer, court employee, or government agency;
  • refusing to identify the company or collector.

The 2026 DICT-NPC-SEC advisory directs reports involving online lending platforms to the SEC’s FINLEND channel and identifies other cybercrime-related channels for harassment, threats, frauds, and scams.

When filing with the SEC, include:

  • full name of the lending app and company, if known;
  • app screenshots and app store listing;
  • chronology of events;
  • loan amount, dates, and payment history;
  • screenshots of messages and call logs;
  • proof that your contacts were messaged;
  • account deletion request or confirmation;
  • name or number of the collector;
  • explanation of why the conduct violates SEC debt collection rules.

7. Report spam, scam, fraud, or threats to the proper cybercrime and telecom channels

For spam or scam texts, the National Telecommunications Commission has indicated that complaints may be reported through its text scam and text spam channels. NTC guidance has also identified reporting by email with details such as the complainant’s name, address, contact details, complained-of number, screenshots, and a government ID. (www.foi.gov.ph)

For cyber fraud, the Cybercrime Investigation and Coordinating Center has pointed victims to hotline 1326, while persons who merely receive scam texts may report numbers through the eGov app’s eReport feature, with reports forwarded to the NTC for blocking action. (Philippine News Agency)

For threats, extortion, identity theft, fake legal notices, or public shaming, report to the PNP Anti-Cybercrime Group or NBI Cybercrime Division. RA 10175 recognizes the role of the NBI and PNP in cybercrime law enforcement. (Supreme Court E-Library)

Where to file: NPC, SEC, NTC, PNP, or NBI?

Problem Best office to consider What to prepare
Continued use of your personal data after account deletion or withdrawal of consent National Privacy Commission Written request to company, proof of 15-day waiting period, screenshots, account deletion proof
Lending app contacted your contacts, references, co-workers, or employer NPC and SEC Screenshots from your contacts, proof they were not guarantors, app permission evidence
Threats, insults, public shaming, fake arrest threats, abusive collection SEC, and possibly PNP/NBI Messages, call logs, collector identity, company/app name
Spam or scam texts from unknown numbers NTC, telco reporting tools, eGov eReport Sender number, screenshot, date/time, suspicious links
Identity theft, phishing, extortion, fake legal documents, cyberlibel PNP Anti-Cybercrime Group or NBI Cybercrime Division Screenshots, links, account URLs, payment demands, identity documents misused
Actual court summons or prosecutor subpoena Court or prosecutor’s office named in the document Do not ignore; verify authenticity directly with the issuing office

Common real-life scenarios

“I already paid my loan, but they still text me loan offers.”

This is usually a marketing and data retention issue. Send a written opt-out and withdrawal of consent for direct marketing. Ask the company to confirm whether your account is closed, what data is retained, and when it will be deleted or anonymized. If messages continue after the company receives your request and fails to act within the required period, consider filing with the NPC.

“I still owe money. Can they still message me?”

Yes, a lender may contact you for legitimate collection if there is a valid unpaid loan. But it must follow the law. It cannot threaten you with jail, shame you publicly, contact random people in your phonebook, use profane language, or pretend to have legal powers it does not have.

The Philippine Constitution also provides that no person shall be imprisoned for debt. (Supreme Court E-Library) This does not mean unpaid debts have no consequences. A creditor may pursue civil collection, report legitimate credit information through lawful channels, or file appropriate actions if fraud is involved. But a simple inability to pay a loan is not a basis for imprisonment.

“They messaged my contacts even after I deleted the app.”

This is a serious red flag. Under the DICT-NPC-SEC advisory, online lending platforms should not contact people in a borrower’s contact list for debt collection unless they are guarantors who expressly consented. Character references are for identification or verification, not automatic debt collection.

Ask your contacts to send you screenshots showing the full message, sender, date, and time. Their statements may help prove that the lender or collector used your contact list improperly.

“The sender says they are from a law office or police station.”

Be careful. Some collectors use fake legal titles or government-style language to scare borrowers. Check whether the message identifies a real company, lawyer, court case number, prosecutor’s office, or police unit. Do not send payment to a personal account just because someone uses words like “warrant,” “subpoena,” “estafa,” or “cybercrime.”

If you receive a supposed court document, verify it directly with the court or government office named in the document. Real court processes are not normally served through random threatening SMS alone.

“I am an OFW or foreigner outside the Philippines. Can I still complain?”

Yes, you can still prepare a complaint if the lending app, borrower account, processing activity, or harm is connected to the Philippines. Practical requirements may be harder because some documents must be notarized or authenticated.

For documents executed abroad, Filipinos commonly use notarization before a Philippine embassy or consulate, or local notarization followed by apostille where applicable. Some Philippine embassies state that consularized affidavits and similar documents require personal appearance, while documents notarized locally may need apostille before use in the Philippines. (Philippine Embassy)

If you are abroad, keep digital evidence, preserve the original messages, and use official agency email or online reporting channels where available.

Practical timelines and expectations

Step Usual timing Practical reality
Save evidence and secure accounts Same day Do this before blocking or uninstalling anything
Send written request to lending app or DPO Same day to 3 days Use email or ticket system so you have proof
Wait for company action before NPC complaint 15 calendar days from receipt NPC rules generally require proof that you first informed the respondent
Prepare notarized NPC complaint A few days, longer if abroad Notarization or consular processing can delay filing
SEC complaint preparation A few days Strong screenshots and company identification help
NTC/telco/eGov spam reports Same day Useful for blocking numbers, but changing numbers may continue
PNP/NBI cybercrime report As soon as threats or fraud appear Bring complete screenshots, links, numbers, and payment demands

Do not wait if there are urgent threats, extortion, identity theft, or public posting of your personal information. Preserve the evidence and report to cybercrime authorities promptly.

Mistakes to avoid

Deleting all messages too early

Blocking is useful, but deleting evidence can weaken your complaint. Save screenshots, exports, and backups first.

Replying emotionally to collectors

Angry replies can escalate the situation. Keep responses short, written, and evidence-focused. If you dispute the debt, say so clearly and ask for a statement of account.

Sending IDs or OTPs to “verify” your account

A legitimate lender should not ask for your OTP. Do not send fresh ID photos, passwords, banking details, or e-wallet codes through spam links or random chat accounts.

Assuming every message is from the original lending app

Some scammers use the names of real lending apps. Identify the company before paying or filing. If you are unsure, report the number as suspicious and verify through official channels.

Ignoring a real court notice

Spam threats are common, but real legal documents should not be ignored. If you receive a summons, subpoena, or notice from a court, prosecutor, police unit, or government agency, verify it directly with that office.

Frequently Asked Questions

Does deleting a lending app account automatically delete my data?

Not always. Deleting the app removes it from your phone. Deleting the account may close your user profile, but the company may still retain limited records if needed for lawful purposes, such as regulatory compliance, accounting, fraud prevention, or legal claims. However, it should not keep or use data longer than necessary, and it should not continue marketing or excessive processing after you withdraw consent.

Can a lending app still text me after I withdraw consent?

It depends on the purpose. If the message is direct marketing or promotional spam, the company should generally stop once you opt out or withdraw consent. If the message is necessary for a legitimate account issue, such as a valid unpaid loan, payment confirmation, fraud warning, or legal notice, the company may still have a lawful basis to contact you. The message must still be fair, accurate, and non-abusive.

Can lending apps contact my contacts after I delete my account?

They should not contact random people from your phonebook for debt collection. Under the DICT-NPC-SEC advisory, contact-list persons should not be contacted for collection unless they are guarantors who expressly consented. Character references are not automatically guarantors. If your relatives, friends, employer, or co-workers received collection messages, save screenshots and consider reporting to the NPC and SEC.

What if I still have an unpaid loan?

The lender may collect the debt, but collection must be lawful. It cannot threaten violence, falsely claim you will be jailed for ordinary non-payment, use profanity, shame you online, contact unrelated people, or send messages at unreasonable hours. Ask for a clear statement of account and keep all communications in writing.

Can I go to jail for not paying an online loan in the Philippines?

For ordinary non-payment of debt, no. The Constitution says no person shall be imprisoned for debt. But this does not protect fraud, identity theft, falsification, or other crimes. If a collector threatens jail for simple inability to pay, preserve the message because it may support a complaint for unfair collection or harassment.

Should I file with the NPC, SEC, NTC, PNP, or NBI?

File with the NPC for data privacy violations, such as unauthorized use of contacts or refusal to stop unnecessary processing. File with the SEC for unfair debt collection by lending or financing companies. Report spam or scam numbers to the NTC, your telco, or eGov eReport. Go to the PNP Anti-Cybercrime Group or NBI Cybercrime Division for threats, extortion, cyberlibel, identity theft, phishing, or fraud.

Do I need a notarized complaint for the NPC?

For a formal NPC complaint, yes, the NPC’s complaint process refers to a notarized complaint form or verified complaint, along with supporting evidence. You also generally need proof that you first informed the company in writing and gave it 15 calendar days to act. If you are abroad, you may need consular notarization or local notarization with apostille, depending on how the document will be used.

What if spam messages come from different numbers every day?

Save samples showing the pattern. Report the numbers through telco, NTC, or eGov channels, but also focus on identifying whether one lending app or collector is behind the campaign. If the messages mention the same loan, same app, same payment channel, or same threats, include that pattern in your NPC, SEC, or cybercrime complaint.

What if the lending app says I consented when I installed the app?

Consent is not a blank check. Under the Data Privacy Act, processing must still be transparent, lawful, and proportional. The NPC and other regulators have warned against unnecessary permissions, excessive contact-list processing, and deceptive design patterns. A lending app cannot justify harassment, public shaming, or unlimited use of your contacts merely by pointing to a broad app permission.

Key Takeaways

  • Deleting a lending app from your phone is not the same as deleting your account or personal data.
  • Philippine law protects you against excessive data use, unauthorized contact-list processing, harassment, public shaming, and unfair debt collection.
  • Save evidence before blocking, deleting messages, or uninstalling the app.
  • Send a written request withdrawing consent for marketing and asking for data access, blocking, deletion, or retention details.
  • For privacy violations, file with the National Privacy Commission after observing the usual 15-calendar-day prior notice requirement.
  • For abusive debt collection by lending or financing companies, file with the SEC.
  • For spam, scam texts, threats, identity theft, extortion, or cyberlibel, report to the NTC, telco channels, eGov eReport, PNP Anti-Cybercrime Group, or NBI Cybercrime Division.
  • A valid debt may still be collected, but collectors cannot threaten jail for ordinary non-payment, shame you, or contact unrelated people from your phonebook.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.