How to Block Unknown Numbers Used by Lending Collectors in the Philippines

Blocking unknown numbers used by lending collectors can give you immediate peace, but do it carefully. In the Philippines, you generally have the right to stop abusive calls, preserve your privacy, and report harassment — even if you genuinely owe money. This article explains how to block or silence unknown numbers, what evidence to save before blocking, which debt collection acts are illegal, and where to report lending collectors who use threats, shame messages, repeated calls, or different SIM numbers to pressure you.

Can Lending Collectors Call You in the Philippines?

Yes, a lender or collection agent may contact a borrower to collect a valid debt. Collection itself is not automatically illegal.

What the law does not allow is abusive, deceptive, humiliating, or privacy-invasive collection. The Securities and Exchange Commission (SEC) regulates lending and financing companies under laws such as the Lending Company Regulation Act of 2007, or Republic Act No. 9474, and the Financing Company Act, or Republic Act No. 8556. RA 9474 places lending companies under SEC regulation and requires them to operate with authority from the SEC. (Lawphil)

For financial consumers, Republic Act No. 11765, or the Financial Products and Services Consumer Protection Act of 2022, expressly prohibits financial service providers from using abusive collection or debt recovery practices. (Lawphil)

So the practical rule is simple:

A collector may remind you about a debt. A collector may not harass, threaten, shame, deceive, or expose your personal information to force payment.

Why Lending Collectors Use Unknown or Changing Numbers

Many borrowers receive calls or texts from different prepaid numbers, private numbers, overseas-looking numbers, or messaging apps. This usually happens for one of these reasons:

  • The lender outsourced collection to a third-party service provider.
  • Collectors are using multiple SIMs to avoid being blocked.
  • The caller is not actually from the lender and may be a scammer.
  • The online lending app or its agents harvested contact details and are contacting the borrower or the borrower’s contacts.
  • The number is spoofed or masked, making the displayed caller ID unreliable.

Under Republic Act No. 11934, the SIM Registration Act of 2022, SIM subscribers must be registered, but subscriber information is confidential and generally disclosed only with consent, legal process, court order, or circumstances allowed by law. (Lawphil) This means you usually cannot personally demand from a telco the registered name behind a harassing number. Instead, you preserve evidence and report it to the proper agency.

Before Blocking: Save Evidence First

The biggest mistake victims make is blocking and deleting everything immediately. Blocking is useful, but if you later file a complaint, screenshots and call logs matter.

Before you block a number, save:

Evidence What to Capture Why It Matters
SMS or chat screenshots Full message, sender number, date, time Shows the exact words used
Call logs Number, date, time, duration, missed calls Shows frequency and pattern
Voice recordings Only where lawfully obtained and safely kept Useful for threats or abusive language
App details Name of lending app, Play Store/App Store listing, company name Helps identify the lender
Loan documents Disclosure statement, contract, payment schedule, receipts Shows whether the debt is valid
Messages to contacts Screenshots from relatives, coworkers, or friends Proves privacy violations or public shaming
Payment proof GCash, Maya, bank receipts, screenshots Prevents false claims of nonpayment

Create a folder named something like “Lending Harassment Evidence - [App Name]”. Arrange files by date. If a friend or relative received a message about your debt, ask them to send the screenshot showing the sender, message, date, and time.

How to Block Unknown Lending Collector Calls on iPhone

For iPhone users, you can block specific numbers and also reduce calls from numbers not saved in your contacts.

Block a specific number

  1. Open the Phone app.
  2. Go to Recents.
  3. Tap the information icon beside the number.
  4. Scroll down.
  5. Tap Block Caller.

This is best when the same collector keeps calling from the same number.

Silence unknown callers

Apple allows iPhone users to filter unknown callers so calls from numbers not in your contacts are moved away from the normal call flow. Apple’s support page explains that unknown callers can be moved to an Unknown Callers list, and spam calls identified by the carrier may be silenced and moved to a spam list. (Apple Support)

Use this when collectors keep changing numbers.

Practical warning: this may also silence legitimate calls from delivery riders, banks, hospitals, government offices, schools, embassies, or new clients. Check your missed calls and voicemail regularly.

Filter unknown text senders

For text harassment, turn on message filtering. Apple’s iPhone guide explains that users can screen and filter messages from unknown senders to reduce unwanted texts. (Apple Support)

This does not erase the messages. It simply separates them so they disturb you less.

How to Block Unknown Lending Collector Calls on Android

Android settings vary by brand, but most phones allow number blocking through the Phone app.

Block a specific number

  1. Open the Phone app.
  2. Go to Recents.
  3. Tap the number.
  4. Tap Block or Report spam.
  5. Confirm.

Turn on spam protection or unknown caller blocking

On the Google Phone app, Google says users can go to Phone app > More > Settings > Blocked numbers > Unknown. This blocks calls from private or unidentified numbers, but Google also clarifies that you may still receive calls from phone numbers not stored in your contacts. (Google Help)

This distinction is important. On some Android phones, “unknown” means private or hidden caller ID, not every number outside your contacts.

Block and report spam texts in Google Messages

Google Messages allows users to block and report spam conversations by long-pressing the conversation and selecting Block & report spam. (Google Help)

Use this for repeated collection texts, threats, suspicious links, or messages pretending to be from a court, police station, barangay, or law office.

Stronger Phone Settings When Collectors Keep Changing Numbers

If collectors are using many different numbers, individual blocking may not be enough. Use layered protection.

1. Use Do Not Disturb with exceptions

Set Do Not Disturb so only saved contacts can ring through.

Allow exceptions for:

  • Family
  • Employer
  • School
  • Doctor or hospital
  • Delivery riders if you are expecting a package
  • Embassy, immigration, or government contacts if you are a foreigner or overseas Filipino

This is often more effective than blocking one number at a time.

2. Create a “safe contacts” list

Save important numbers before turning on strict filtering. Include banks, utility companies, schools, clinics, lawyers, government offices, and trusted relatives.

3. Do not answer unknown calls during harassment bursts

Many collectors use rapid calls to pressure borrowers emotionally. Let calls go to voicemail or missed calls. If you answer, keep it short:

“I will communicate only through official written channels. Send the statement of account and your authority to collect.”

Then end the call.

4. Do not click links sent by collectors

A legitimate lender should be able to provide its company name, SEC registration details, official email, office address, account number, and written statement of account. Avoid links sent through random mobile numbers.

What Collection Practices Are Illegal?

SEC Memorandum Circular No. 18, Series of 2019, is one of the most important rules on unfair debt collection by financing and lending companies. It allows reasonable and legally permissible collection, but requires good faith and reasonable conduct. It prohibits, among others, violence or criminal means, threats to take action that cannot legally be taken, insults or profane language, disclosure of borrower information, false representations, and inconvenient contact times.

The same SEC circular also treats as unfair the act of contacting persons in the borrower’s contact list other than those named as guarantors or co-makers.

Common illegal or reportable acts include:

  • Threatening to post your face, ID, or debt online
  • Telling your employer, relatives, group chats, or neighbors that you owe money
  • Calling your contact list even if they are not guarantors
  • Using words like “criminal,” “estafador,” or “wanted” without a court case
  • Pretending to be police, NBI, court staff, barangay, or a lawyer
  • Threatening arrest for ordinary nonpayment of debt
  • Calling before 6:00 a.m. or after 10:00 p.m., unless a narrow exception applies under the SEC rule
  • Using obscene, insulting, or degrading language
  • Sending fake subpoenas, fake warrants, or fake barangay notices
  • Demanding payment through personal accounts without official receipt

The SEC circular also requires financing and lending companies to adopt procedures so personnel handling collections disclose their full name or true identity to the borrower.

Data Privacy Rules for Online Lending Apps

The Data Privacy Act of 2012, or Republic Act No. 10173, protects personal information in government and private information systems. (Lawphil) For lending apps, the National Privacy Commission (NPC) issued specific rules because of complaints that online lending apps were accessing contacts, photos, storage, location, and other phone data.

NPC Circular No. 20-01 covers the processing of personal data for loan-related transactions and was issued after complaints that online lending apps processed borrower data and contact-list data without lawful basis, causing reputational damage. (National Privacy Commission)

The NPC later amended the circular through NPC Circular No. 2022-02. The amendment states that online lending apps must have separate interfaces where borrowers can provide character references and guarantors, and it limits access to contact lists only to the minimum extent necessary for the borrower to choose those references or guarantors. (National Privacy Commission)

In plain English: a lending app should not freely harvest your entire phonebook and use it to shame you into paying.

Can You Block Collectors If You Really Owe Money?

Yes. Blocking abusive or unknown numbers is not illegal by itself.

But remember these practical points:

  1. Blocking does not erase the debt. If the loan is valid, the lender may still pursue lawful collection.
  2. Blocking does not stop a real court case. Court notices must be handled properly.
  3. Blocking random collectors is different from ignoring official notices. Always read documents from courts, barangay offices, or government agencies carefully.
  4. Pay only through verified channels. Ask for the official company name, account number, receipt, and updated statement of account.
  5. Do not pay just because of threats. Verify first, especially when the collector uses a personal GCash or bank account.

A legitimate collector should be able to identify the lender, explain the debt, show authority to collect, and provide official payment instructions.

Where to Report Unknown Numbers Used by Lending Collectors

Different agencies handle different parts of the problem.

Problem Where to Report Best Evidence
Abusive collection by lending or financing company SEC iMessage / SEC Financing and Lending Companies Division Screenshots, call logs, loan documents, app name
Contact harvesting or messaging your contacts National Privacy Commission Screenshots from you and your contacts, app permissions
Scam texts or suspicious numbers Telco, NTC, eGov eReport, CICC hotline 1326 Full SMS screenshot, sender number, link
Threats, fake warrants, extortion, cyber harassment PNP Anti-Cybercrime Group or NBI Cybercrime Division Screenshots, recordings, call logs, identities used
BSP-supervised bank, e-wallet, or financing product BSP consumer assistance channels Account details, transaction proof

The SEC now has the SEC iMessage platform for public inquiries, complaints, incidents, and requests, with ticket tracking. (Securities and Exchange Commission) The NPC’s formal complaint process requires a specific complaint format, a notarized complaint form, and submission either in person, by courier, or by scanned email. (National Privacy Commission)

For scam or spam messages, Globe’s official Stop Spam page says users should report suspected scam calls or messages to Globe through its Stop Spam page or GlobeOne app, and may also report to the NTC. It asks users to upload screenshots showing the sender number or caller ID, timestamp, and full message. (Globe Telecom) Smart’s help page also advises users not to reply to unverified messages, not to give OTPs or bank details, and to block or delete suspicious unknown messages with links. (Smart Help)

The Cybercrime Investigation and Coordinating Center has also advised that victims of cyber fraud may call 1326, while people who received text scams may report numbers through the eGov app’s eReport feature; reports may be forwarded to the NTC for blocking action. (Philippine News Agency)

Step-by-Step: What to Do When Lending Collectors Harass You From Unknown Numbers

  1. Stop engaging emotionally. Do not argue, insult back, or make promises you cannot keep.
  2. Save evidence before blocking. Screenshot messages, call logs, app details, and contact-list harassment.
  3. Block the number. Use your iPhone or Android block feature.
  4. Turn on filtering. Use unknown caller, message filtering, spam protection, or Do Not Disturb.
  5. Revoke app permissions. Check your phone settings and remove contact, camera, microphone, location, SMS, and storage permissions from the lending app if not necessary.
  6. Secure your accounts. Change passwords for email, e-wallets, banking apps, and social media if the lender or app had broad access.
  7. Warn close contacts briefly. Tell family or coworkers: “Please ignore messages about my private loan. I am documenting harassment and reporting it.”
  8. Ask the lender for written details. Request a statement of account, company name, SEC registration, and official payment channels.
  9. Report to the right agency. SEC for unfair collection, NPC for privacy violations, NTC/telco/CICC for numbers and scam messages, police or NBI for threats and cybercrimes.
  10. Keep a follow-up log. Record complaint reference numbers, dates filed, and agency responses.

Criminal Issues: When Harassment Becomes More Serious

Some collector behavior may go beyond regulatory violations and enter criminal law.

Under the Revised Penal Code, grave threats may arise when a person threatens another with harm to person, honor, or property amounting to a crime. The Supreme Court in People v. Bueza, G.R. No. 242513 (November 18, 2020) discussed grave threats in the context of threats coming to the knowledge of the victim. (Supreme Court E-Library)

The Cybercrime Prevention Act of 2012, or Republic Act No. 10175, may also become relevant when the harassment is done through computers, phones, social media, messaging apps, or online platforms. RA 10175 defines cybercrime offenses and provides mechanisms for investigation and prosecution of cybercrime-related acts. (Lawphil)

Examples that deserve immediate escalation include:

  • “Ipapahiya ka namin sa Facebook.”
  • “Ipapadala namin ito sa boss mo.”
  • “May warrant ka na.”
  • “Pupuntahan ka namin diyan.”
  • Edited photos, fake wanted posters, or fake legal documents
  • Threats to harm you or your family
  • Extortionate demands through personal payment channels

For urgent physical danger, go to the nearest police station or barangay and keep the digital evidence intact.

Common Mistakes to Avoid

Deleting the app without saving evidence

If the lending app contains loan terms, payment history, or messages, take screenshots first.

Paying to a personal account because of fear

Many borrowers panic when collectors threaten public shaming. Pay only after verifying the lender and official payment channel.

Ignoring real court papers

Fake threats are common, but real court documents should not be ignored. A real court paper will identify the court, case number, parties, and required response.

Posting the collector’s number publicly

Avoid retaliatory posts that include personal data, insults, or accusations you cannot prove. Report through official channels instead.

Letting collectors talk to your employer

Your employer is generally not part of your private debt unless the employer is a guarantor, co-maker, payroll deduction partner, or otherwise legally involved. Collectors who contact employers simply to shame or pressure you may be committing unfair collection and privacy violations.

Frequently Asked Questions

Can I block all unknown numbers from lending collectors?

Yes, you can block or silence unknown numbers through your phone settings. For heavy harassment, use Do Not Disturb with exceptions for saved contacts. Just remember that this may also affect legitimate calls from delivery riders, hospitals, banks, or government offices.

Is it illegal for an online lending app to call my contacts?

It can be illegal or reportable if your contacts were not named as guarantors, co-makers, or proper references. SEC rules treat contacting people in the borrower’s contact list, other than those named as guarantors or co-makers, as an unfair debt collection practice.

Can collectors call me at night?

SEC Memorandum Circular No. 18 treats contact before 6:00 a.m. or after 10:00 p.m. as an unfair collection practice, subject to the specific exceptions stated in the circular.

Can I be arrested for not paying an online loan?

Ordinary nonpayment of debt is generally a civil matter. But separate crimes may arise if there is fraud, falsified documents, threats, identity misuse, or other criminal acts. Be cautious when collectors say “may warrant ka na” without showing a real court case.

Should I change my SIM number?

Changing your SIM may help your peace of mind, but it can also disrupt banking OTPs, government accounts, work contacts, and evidence continuity. Try blocking, filtering, revoking app permissions, and reporting first. If you change numbers, keep the old SIM and phone records as evidence.

Can a foreigner in the Philippines file complaints against lending collectors?

Yes. Foreigners in the Philippines may file complaints with the relevant Philippine agencies if the harassment, loan, app, number, or lender is connected to the Philippines. Keep copies of your passport bio page, visa or ACR I-Card if available, local address, loan documents, and screenshots. If documents from abroad are needed, Philippine agencies may sometimes require proper authentication or apostille depending on the purpose.

What if the collector uses Viber, WhatsApp, Messenger, or Telegram?

Screenshot the profile, username, phone number, messages, timestamps, and any threats. Do not rely only on the display name because it can be changed. Report the account inside the app, then include the same evidence in your SEC, NPC, or cybercrime complaint.

What if they message my family abroad?

Ask your family member to screenshot the full message, sender number or account, date, time, and platform. If the message exposes your loan or insults you, include it in your complaint. The fact that the recipient is abroad does not automatically prevent you from reporting the Philippine lender or collector.

Will blocking hurt my SEC or NPC complaint?

No, not if you saved evidence first. Blocking can be a reasonable safety and privacy step. What hurts a complaint is having no screenshots, no dates, no numbers, no app name, and no proof of what happened.

Key Takeaways

  • You may block unknown or abusive lending collector numbers, but save screenshots and call logs first.
  • Debt collection is allowed; harassment is not.
  • SEC rules prohibit threats, insults, false representations, public shaming, unreasonable call hours, and contacting non-guarantor contacts.
  • NPC rules restrict online lending apps from excessive contact-list access and privacy-invasive collection.
  • Blocking does not erase a valid debt, so ask for a written statement of account and pay only through verified official channels.
  • Report unfair collection to the SEC, privacy violations to the NPC, scam numbers to your telco/NTC/CICC, and threats or cyber harassment to law enforcement.
  • The safest approach is layered: preserve evidence, block or filter, secure your phone, verify the lender, and report through the proper agency.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Can Lending Collectors Threaten Criminal Charges Over Debt in the Philippines?

If a lending collector is threatening to file “estafa,” “cybercrime,” or “criminal charges” because you missed loan payments, the first thing to know is this: ordinary non-payment of debt is generally a civil matter, not a crime. A lender may demand payment, send lawful notices, negotiate settlement, or file a civil collection case. But collectors cannot use baseless criminal threats, shame tactics, fake police/NBI warnings, or harassment to force payment.

Under the 1987 Philippine Constitution, no person may be imprisoned for debt. That protection does not erase valid loans, and it does not protect fraud. It simply means a person cannot be jailed merely because they failed to pay a private debt. (Lawphil)

The Short Answer: Can Collectors Threaten Criminal Charges Over Debt?

A collector may tell you about a possible legal remedy only if it is real, lawful, and not used deceptively or abusively. For example, if there is genuine evidence of estafa, falsification, identity fraud, or a bounced check case under Batas Pambansa Blg. 22, the creditor may pursue proper legal action.

But a collector crosses the line when they say things like:

  • “Pay today or police will arrest you tomorrow.”
  • “We already filed an NBI case” when no case exists.
  • “We will post your face as a scammer.”
  • “We will message your employer, relatives, and contacts.”
  • “You will go to jail for unpaid online loan.”
  • “A warrant is coming today” when there is no court case or warrant.

For lending and financing companies, the SEC’s Memorandum Circular No. 18, Series of 2019 specifically prohibits unfair debt collection practices, including threats to take action that cannot legally be taken, false representations, abusive language, disclosure of borrowers’ personal information, and contacting people in the borrower’s contact list other than guarantors or co-makers. (SEC Appointment System)

Debt Is Usually Civil, Not Criminal

A loan is normally a contract. Under the Civil Code, obligations may arise from law, contracts, quasi-contracts, crimes, and quasi-delicts. A loan obligation is usually enforced through civil remedies such as demand letters, restructuring, settlement, or a court case for collection. (Lawphil)

If a borrower fails to pay, the creditor may claim damages, interest, penalties, and attorney’s fees if allowed by the contract and law. Civil Code Article 1170 provides that those guilty of fraud, negligence, delay, or violation of the obligation may be liable for damages. (Lawphil)

That is different from a criminal case. A criminal case requires a specific offense defined by law. Not every unpaid loan is estafa. Not every delayed payment is fraud. Not every borrower who cannot pay is a criminal.

The Legal Basis: What Collectors Can and Cannot Do

What collectors may legally do

A lending company, financing company, bank, credit card issuer, or assigned collection agency may generally:

  1. Send payment reminders.
  2. Call or message at reasonable times.
  3. Ask for payment, restructuring, or settlement.
  4. Send a written demand letter.
  5. File a civil case for collection of sum of money.
  6. File a small claims case if the claim falls within the small claims rules.
  7. Report legitimate credit information through lawful channels.
  8. File a genuine criminal complaint if the facts support a criminal offense.

The key words are reasonable, lawful, truthful, and proportionate.

What collectors cannot legally do

Under SEC MC No. 18, Series of 2019, unfair collection practices include:

Collector conduct Why it is problematic
Threatening violence or criminal means to harm a person, reputation, or property Prohibited as unfair collection practice
Threatening action that cannot legally be taken Example: threatening arrest without a case or warrant
Using obscenities, insults, or profane language Abusive collection is prohibited
Publishing the borrower’s name or personal information for refusal to pay Public shaming may violate SEC rules and privacy laws
Communicating false loan information to third parties Debt information must generally remain confidential
Using false representation or deceptive means Example: pretending to be police, prosecutor, court staff, or NBI
Contacting before 6:00 a.m. or after 10:00 p.m., subject to limited exceptions Considered unreasonable or inconvenient contact
Contacting people in the borrower’s contact list who are not guarantors or co-makers Prohibited even if the app obtained “consent” broadly

The SEC circular also requires financing and lending companies to make collectors disclose their full name or true identity to the borrower and maintain a customer service channel for borrower complaints.

Can Non-Payment Become Estafa?

Sometimes, but not automatically.

Estafa is swindling under Article 315 of the Revised Penal Code. It requires legally recognized fraud, deceit, abuse of confidence, or another punishable form of defrauding another person. Article 315 covers, among others, misappropriation of money received in trust or on commission, false pretenses made before or at the time of the fraud, and certain bad-check situations. (Lawphil)

In plain English: estafa is not just “you borrowed and failed to pay.” The issue is whether there was deceit, fraud, or misappropriation of the kind punished by criminal law.

Examples where estafa may be alleged

A creditor may consider estafa if there is evidence that:

  • The borrower used a fake name, fake employment, fake documents, or false identity to obtain the loan.
  • The borrower never intended to pay from the beginning and used fraudulent representations to get the money.
  • The borrower received money not as a simple loan, but in trust, for remittance, for administration, or for a specific purpose, then misappropriated it.
  • The borrower issued a check at the time of obtaining money or property, knowing there were no sufficient funds, and the check induced the creditor to release money or property.

Examples where it is usually civil, not estafa

It is generally a civil matter when:

  • You took a loan using your real identity but later lost your job.
  • You paid some installments but later defaulted.
  • You asked for extensions because of financial difficulty.
  • You issued a postdated check later to cover an already existing debt.
  • You genuinely intended to pay but became unable to do so.

The Supreme Court has recognized the important distinction between a civil debt and estafa. In Guingona, Jr. v. City Fiscal of Manila, the Court treated the relationship in a money placement/deposit context as creditor-debtor rather than estafa by misappropriation where ownership of the money passed and the obligation was to pay an equivalent amount. (Lawphil)

For checks, the Supreme Court has also held that a postdated check issued for a pre-existing obligation does not automatically constitute estafa under Article 315(2)(d), because the check did not cause the creditor to part with money or property at that time. (Lawphil)

What About Bounced Checks?

A bounced check may create a separate issue under Batas Pambansa Blg. 22, commonly called the Bouncing Checks Law. BP 22 penalizes the making, drawing, and issuance of a check that is later dishonored for insufficient funds, closed account, or similar reasons when the legal elements are present. (Lawphil)

This is different from being jailed for debt. BP 22 punishes the issuance of a worthless check, not simple inability to pay a loan. Still, collectors often misuse BP 22 threats. A proper BP 22 case requires legal steps, including proof of dishonor and notice. It is not something a collector can turn into an instant arrest by text message.

Also, Supreme Court administrative circulars have guided courts on the preference for imposing fines in appropriate BP 22 cases, although BP 22 has not been decriminalized. (Lawphil)

“We Will Have You Arrested Tomorrow” Is Usually a Red Flag

In the Philippines, arrest normally requires legal process.

For most debt-related accusations, the usual criminal process is:

  1. A complaint is filed before the prosecutor’s office, police, or NBI, depending on the facts.
  2. The respondent receives a subpoena and complaint-affidavit.
  3. The respondent is given a chance to file a counter-affidavit.
  4. The prosecutor determines whether there is probable cause.
  5. If an Information is filed in court, the judge independently evaluates probable cause.
  6. A warrant of arrest may issue only through the court, unless the law allows a valid warrantless arrest.

A collector cannot lawfully create an arrest warrant by sending a threatening SMS, Messenger message, or email. A “final warning before arrest” from an unknown number is often intimidation, not legal process.

Public Shaming and Contacting Relatives Can Create Separate Legal Problems

Collectors sometimes message a borrower’s spouse, parents, employer, Facebook friends, or phone contacts. Some even send edited photos, “wanted” posters, or messages saying the borrower is a scammer.

That can trigger several legal issues:

  • SEC unfair debt collection complaint, if the collector is connected with a lending or financing company.
  • Data Privacy Act concerns, especially where a loan app harvested contacts or disclosed debt information.
  • Civil damages, because the Civil Code requires persons to act with justice, give everyone their due, observe honesty and good faith, and respect dignity, privacy, and peace of mind. (Lawphil)
  • Possible criminal complaints, depending on the wording and acts, such as grave threats, coercion, unjust vexation, libel, cyberlibel, or identity-related offenses.

The National Privacy Commission has specifically addressed online lending practices involving borrowers’ contact lists. It has said online lenders are barred from harvesting phone and social media contact lists for harassment and shaming, and NPC Circular No. 20-01 regulates personal data processing for loan-related transactions. (National Privacy Commission)

The NPC later explained that processing a borrower’s contact information for identity verification must not be excessive or disproportionate, and must not lead to harassment, collection outside the guarantors provided by the borrower, or unfair collection practices. (National Privacy Commission)

What to Do If a Collector Threatens Criminal Charges

1. Stay calm and do not panic-pay because of fear

A collector’s threat is not the same as a court order. Do not assume that a text saying “estafa case filed” or “NBI warrant today” is true.

Check whether you received any official document such as:

  • Demand letter from the lender or law office
  • Subpoena from a prosecutor’s office
  • Notice from barangay
  • Court summons
  • Small claims notice
  • Police or NBI communication with verifiable office details

A random text or call is not enough.

2. Ask for verification in writing

Send a short written reply:

Please provide your full name, company, authority to collect, lender name, account reference number, complete statement of account, breakdown of principal, interest, penalties, and copy of the document showing your authority to collect.

This puts the conversation on record and discourages anonymous harassment.

3. Preserve evidence immediately

Save:

  • Screenshots of texts, chats, emails, and social media messages
  • Caller numbers, dates, and times
  • Voice mails, if any
  • Names used by collectors
  • The loan app name, lender name, and screenshots of the app page
  • Proof of payment and payment history
  • Loan agreement, disclosure statement, promissory note, or terms and conditions
  • Messages sent to your relatives, employer, or contacts
  • Any public posts, edited images, or threats

Be careful with call recording. The Philippines has an Anti-Wiretapping Law, so secret recording of private communications may create legal issues. Safer evidence includes screenshots, written messages, call logs, emails, and witnesses.

4. Do not admit a wrong amount

It is okay to acknowledge that you want to settle a valid obligation. But avoid messages like:

I admit I owe ₱80,000.

if the original loan was ₱5,000 and the amount includes unclear interest, penalties, rollover fees, or illegal charges.

A better response is:

I am requesting a complete breakdown of the claimed balance. I am willing to discuss the correct amount after verification.

5. Check whether the lender is registered

Lending companies are regulated under Republic Act No. 9474, the Lending Company Regulation Act of 2007, and financing companies under the Financing Company Act. RA 9474 declares a state policy to regulate lending companies and prevent practices prejudicial to public interest. (Lawphil)

You can verify lending and financing companies and submit complaints through the SEC’s official channels, including the SEC iMessage portal. (Securities and Exchange Commission)

6. File complaints with the proper agency

Situation Where to go
Lending company or online lending app harassment SEC
Unauthorized access to contacts, public shaming, misuse of personal data National Privacy Commission
Threats, impersonation, extortion, cyber harassment, fake NBI/police claims PNP Anti-Cybercrime Group or NBI Cybercrime Division
Local harassment by a known individual in the same city/municipality Barangay, when Katarungang Pambarangay rules apply
Actual court summons for collection First-level court or the court stated in the summons
Bank or credit card complaints involving BSP-supervised entities BSP consumer assistance channels

The Credit Information Corporation also notes that concerns involving lending companies, financing companies, online lending apps, and microfinance institutions are generally referred to the SEC, while banks and credit card companies fall under the BSP. (Credit Information Corporation (CIC))

What If They Actually File a Civil Case?

For many unpaid loans, the proper remedy is a civil action for collection.

Under the Supreme Court’s Rules on Expedited Procedures in First Level Courts, small claims now cover money claims not exceeding ₱1,000,000, including money owed under loans and other credit accommodations. The small claims procedure is designed to be faster and simpler, with one hearing day and judgment within 24 hours from the end of the hearing. (Supreme Court of the Philippines)

In a small claims case:

  • Lawyers generally do not appear for the parties in the hearing.
  • The court uses standard forms.
  • The defendant may file a response.
  • The court may encourage settlement.
  • The decision is final, executory, and unappealable, subject only to very limited extraordinary remedies.

This is a lawful way to collect. Threatening fake criminal cases is not.

Special Notes for OFWs and Foreigners

If you are an OFW abroad

A Philippine collector cannot have you arrested abroad simply because you missed loan payments in the Philippines. If a real Philippine case exists, you should receive proper legal documents through recognized channels.

If you need to submit an affidavit from abroad, the document may need notarization and authentication depending on the country. For countries under the Apostille Convention, an apostille is commonly used. For non-apostille countries, Philippine consular authentication may still be required.

If you are a foreigner in the Philippines

A private debt alone does not automatically create an immigration hold, blacklist, or airport arrest. However, a genuine criminal case involving fraud, bouncing checks, falsification, or other offenses may have legal consequences if filed and acted on by the proper authorities.

If the collector threatens to report you to immigration

Treat this carefully but calmly. Ask for the legal basis in writing. Immigration consequences generally require lawful grounds, not merely a collector’s anger over unpaid debt.

Common Collector Threats and What They Usually Mean

Collector statement Practical meaning
“Estafa case filed today” Ask for prosecutor docket number, complaint copy, and subpoena. Without documents, it may be intimidation.
“Police will arrest you tomorrow” Arrest usually requires court process unless a valid warrantless arrest situation exists.
“We will post you online” Public shaming may violate SEC rules, privacy law, civil law, and possibly cybercrime laws.
“We will call your employer” Disclosure to third parties is risky unless legally justified and limited.
“Your contacts consented because you installed the app” Broad app permission does not automatically justify harassment or unfair collection.
“Pay now or we will file cybercrime” Cybercrime requires a specific cyber offense, not mere non-payment.
“We are from NBI/PNP” Verify directly with the official office. Impersonation may itself be unlawful.

Frequently Asked Questions

Can I go to jail for unpaid online loan in the Philippines?

Generally, no, not for debt alone. The Constitution prohibits imprisonment for debt. But you may face a criminal case if the facts involve a separate crime such as estafa, BP 22, falsification, identity fraud, threats, or other offenses.

Is non-payment of loan automatically estafa?

No. Estafa requires fraud, deceit, abuse of confidence, or another punishable act under Article 315 of the Revised Penal Code. Mere inability to pay, late payment, or default is usually handled through civil collection.

Can a lending app message my contacts?

A lending or financing company should not contact people in your contact list unless they are guarantors or co-makers. SEC MC No. 18 treats this as an unfair debt collection practice, and the NPC has also warned against excessive and abusive processing of contact information.

Can collectors post my name, photo, or debt online?

They should not. Publishing names, personal information, or humiliating materials about borrowers may violate SEC debt collection rules, privacy rights, civil law, and possibly criminal laws depending on the content.

What if I issued a postdated check?

A dishonored check may expose you to BP 22 if the legal elements are present. Estafa is a separate issue. If the check was issued only for a pre-existing debt, estafa under Article 315(2)(d) is generally harder to support because the check did not induce the creditor to release money or property at that time. (Lawphil)

Should I ignore collectors completely?

Ignoring harassment may stop you from saying something harmful, but ignoring legitimate notices can create bigger problems. The better approach is to respond briefly in writing, ask for verification, keep evidence, and address only the lawful debt issue.

Can collectors come to my house or workplace?

They may attempt lawful collection contact, but they cannot trespass, threaten, embarrass you, seize property without legal authority, or disclose your debt to co-workers or neighbors. If they disturb your peace, threaten harm, or force you to do something against your will, the conduct may raise criminal or civil issues.

What if the lender is unregistered?

Report it to the SEC. An unregistered lender may face regulatory consequences, but the fact that a lender is unregistered does not automatically erase every peso actually received. It may, however, affect enforceability, charges, penalties, and the remedies available.

Can I complain even if I really owe money?

Yes. Owing money does not give collectors the right to harass, threaten, shame, deceive, or misuse your personal data. You can dispute abusive collection while still addressing the legitimate loan balance.

Key Takeaways

  • Unpaid debt is generally civil, not criminal.
  • The Constitution prohibits imprisonment for debt, but it does not protect fraud or bounced-check violations.
  • Estafa requires specific criminal elements; non-payment alone is not enough.
  • Collectors may demand payment and file lawful cases, but they cannot use fake arrest threats, public shaming, abusive language, or illegal third-party contact.
  • SEC MC No. 18, Series of 2019 protects borrowers against unfair debt collection practices by lending and financing companies.
  • Save evidence before messages disappear.
  • Ask for the collector’s identity, authority, statement of account, and legal basis.
  • File with the SEC for unfair collection, the NPC for data privacy abuse, and PNP/NBI cybercrime units for serious threats, impersonation, or online harassment.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

How to Report Phishing Links from Online Lending Apps in the Philippines

A phishing link from an online lending app can put your money, identity, phone contacts, and reputation at risk very quickly. In the Philippines, these links often arrive through SMS, Facebook Messenger, Viber, WhatsApp, email, or app notifications pretending to be from a lending company, collection agent, “SEC-registered” loan app, or borrower verification page. This guide explains what to do first, where to report the phishing link, what evidence to save, and which Philippine laws and agencies apply.

What Counts as a Phishing Link from an Online Lending App?

A phishing link is a fake or malicious link designed to trick you into giving personal information, installing a harmful app, or authorizing access to your accounts.

In online lending app cases, the link may claim that you need to:

  • “verify” your loan account;
  • “settle” an overdue loan through a payment page;
  • download an APK file outside Google Play or the App Store;
  • update your ID, selfie, bank account, GCash, Maya, or card details;
  • stop harassment by clicking a “removal” or “blacklist clearing” link;
  • view a fake subpoena, barangay complaint, police report, or court case;
  • apply for an instant loan through an unverified app.

The warning signs are familiar: urgency, threats, strange shortened URLs, misspelled domains, links sent from personal mobile numbers, or requests for OTPs, passwords, PINs, card numbers, IDs, or face-verification videos.

The Bangko Sentral ng Pilipinas describes phishing as messages that ask users to click links to spoofed or fake websites to enter personal, bank, credit card, or password information, and advises consumers not to click links or attachments in such messages.

Why This Is a Serious Legal Issue in the Philippines

Phishing from online lending apps may involve more than one legal violation. The same incident can be a cybercrime, a data privacy violation, an unfair debt collection practice, a financial account scam, or ordinary fraud.

Cybercrime and identity theft

Republic Act No. 10175, or the Cybercrime Prevention Act of 2012, covers computer-related fraud and computer-related identity theft. Identity theft includes the intentional acquisition, use, misuse, transfer, possession, alteration, or deletion of identifying information belonging to another person without right. (Lawphil)

This matters when a phishing link captures your name, ID, selfie, login credentials, OTP, contact list, or e-wallet details.

Financial account scamming

Republic Act No. 12010, or the Anti-Financial Account Scamming Act (AFASA), signed in 2024, penalizes financial account scamming, including social engineering schemes. The law covers deception through electronic communications to obtain sensitive identifying information, including usernames, passwords, bank account details, credit card details, e-wallet information, and other credentials. (Lawphil)

AFASA is especially relevant if the phishing link led to unauthorized transfers, e-wallet withdrawals, or use of mule accounts.

Data privacy violations

Republic Act No. 10173, or the Data Privacy Act of 2012, penalizes unauthorized processing of personal information and sensitive personal information. (Lawphil)

For lending apps, this often involves excessive access to contacts, photos, SMS, location, device storage, or IDs. The NPC, DICT, and SEC have reminded online lending platforms that unnecessary app permissions, unauthorized or excessive contact-list processing, contacting non-guarantor contacts, harassment, public shaming, and unfair collection practices are prohibited.

Lending and financing company rules

Online lending platforms are regulated through the SEC when they involve lending companies, financing companies, and their online platforms. Lending companies are governed by Republic Act No. 9474, the Lending Company Regulation Act of 2007, while financing companies are governed by Republic Act No. 8556, the Financing Company Act of 1998. (Lawphil)

The SEC’s online lending rules include prohibitions on unfair debt collection practices and requirements for reporting online lending platforms. The 2026 joint DICT-NPC-SEC advisory specifically directs unfair debt collection complaints to the SEC Financing and Lending Companies Department through the SEC complaint portal.

Estafa, threats, and access-device fraud

Depending on the facts, phishing links may also involve:

  • Estafa under Article 315 of the Revised Penal Code, when deceit causes financial damage;
  • grave threats or coercion, when collectors or scammers threaten harm, public shame, or illegal action;
  • access device fraud under Republic Act No. 8484, as amended by Republic Act No. 11449, when cards, account numbers, PINs, access codes, or similar account-access tools are misused. RA 8484 defines an access device broadly to include cards, codes, account numbers, PINs, and other means of account access used to obtain money or initiate fund transfers. (Lawphil)

What to Do Immediately Before Reporting

Do these first, especially if you clicked the link or installed something.

  1. Do not enter any information. Stop if the page asks for OTP, PIN, password, ID upload, selfie, card details, or e-wallet login.

  2. Disconnect and secure your accounts. Change passwords for email, banking apps, e-wallets, social media, and loan apps. Turn on multi-factor authentication.

  3. Call your bank or e-wallet through the official app or hotline. Do not use numbers shown on the suspicious link. BSP guidance says unauthorized or suspicious transactions should be reported to the bank or financial institution immediately.

  4. Revoke app permissions. On Android or iPhone, check app permissions for contacts, camera, files, SMS, microphone, phone, location, and notifications. Remove permissions that are not needed.

  5. Uninstall suspicious APKs. If you installed an APK from a link, uninstall it and run a device security scan. Consider backing up important files and resetting the phone if you see unauthorized logins, pop-ups, or remote-control behavior.

  6. Do not delete the messages. Screenshots help, but investigators often prefer original messages, email headers, transaction records, URLs, sender numbers, and timestamps.

  7. Warn contacts if your contact list was accessed. Tell them not to believe messages claiming you owe money, are under investigation, or used them as guarantors unless they personally consented.

Where to Report Phishing Links from Online Lending Apps

Different agencies handle different parts of the problem. In practice, many victims report to more than one office because a single phishing incident can involve scam operations, data privacy violations, financial loss, and lending-company misconduct.

Situation Report to Why
You received a phishing link, scam message, or malicious URL CICC / DICT Cyber Hotline 1326 Central cyber incident reporting and referral
Money was taken from your bank or e-wallet Bank/e-wallet first, then BSP if unresolved, and law enforcement Account freezing, dispute, fraud investigation
The sender is an online lending app or collector SEC Financing and Lending Companies Department SEC supervises lending and financing companies
Contacts were harvested, shamed, or harassed NPC and SEC Data privacy and unfair collection issues
You need a criminal investigation PNP Anti-Cybercrime Group or NBI Cybercrime Division Evidence preservation, tracing, case build-up
Link came through SMS/text scam NTC and telco Blocking or referral to telcos and agencies

The joint DICT-NPC-SEC advisory lists these reporting channels for abusive online lending behavior: SEC I-Message Mo portal for unfair debt collection, DICT cyber hotline email, NBI Cybercrime Division, and PNP Anti-Cybercrime Group.

Step-by-Step Guide to Reporting

Step 1: Prepare your evidence

Before filing, organize your evidence in one folder.

Include:

  • screenshot of the phishing message showing the sender’s number, username, or email;
  • the full phishing URL, not just the preview;
  • date and time received;
  • name of the lending app, website, or Facebook page;
  • app store link or APK source, if any;
  • screenshots of permissions requested by the app;
  • screenshots of threats, harassment, or public shaming;
  • proof of loan application, loan agreement, payment receipts, or transaction history;
  • bank or e-wallet transaction reference numbers;
  • your valid ID;
  • contact details where investigators can reach you.

For emails, save the full email and, if possible, the email headers. For SMS, keep the original message on the phone until the report is acknowledged.

Step 2: Report urgent scam activity to CICC / Hotline 1326

For phishing links, scam messages, malicious URLs, online harassment, and cyber fraud, call 1326, the Inter-Agency Response Center hotline. ScamWatch Pilipinas, associated with CICC reporting, lists 1326 and alternative I-ARC numbers for Smart, Globe, and DITO users. (ScamWatch Pilipinas)

Use this when:

  • the link is still active;
  • many people may be receiving the same message;
  • money was recently transferred;
  • the sender is still communicating with you;
  • you need guidance on where the report should be routed.

Step 3: Report lending-company misconduct to the SEC

If the phishing link appears connected to a lending company, financing company, online lending app, or collection agency, submit a complaint through the SEC’s I-Message Mo portal. The SEC portal allows users to open a new ticket, submit a complaint, and check ticket status. (Securities and Exchange Commission)

Report to the SEC when the issue involves:

  • fake or unregistered lending app operations;
  • hidden fees or misleading loan terms;
  • threats from collectors;
  • use of your contacts for collection;
  • public shaming;
  • impersonation of SEC, police, courts, or barangay officials;
  • phishing links sent as part of collection pressure.

Be specific in the complaint. State whether you actually borrowed money, only applied, never borrowed, or were contacted because someone else listed you as a reference.

Step 4: Report data privacy violations to the NPC

File with the National Privacy Commission if the lending app or collector:

  • accessed your contact list without a valid purpose;
  • contacted your friends, employer, relatives, or co-workers even if they were not guarantors;
  • posted or threatened to post your personal information;
  • used your ID, selfie, or messages for harassment;
  • continued processing your data after the legitimate purpose ended;
  • forced consent through deceptive app design.

The NPC requires a formal complaint in a specific format. Its complaint process states that the complaint form should be downloaded, printed, filled out, notarized, then submitted in person, by courier, or by scanned email to the NPC complaints address. (National Privacy Commission)

The NPC also announced that a new Complaint-Affidavit template took effect on 1 July 2025, and that the previous version would no longer be accepted after the transition period. (National Privacy Commission)

For fees, NPC Circular No. 2023-01 lists a ₱500 filing fee for complaints, plus possible additional fees for damage claims, motions, cease-and-desist applications, and related requests. It also provides exemptions for qualified indigent litigants who submit the required barangay certificate, affidavits, and supporting tax declaration if any.

Step 5: File a cybercrime complaint with PNP ACG or NBI

Use law enforcement when there is identity theft, unauthorized account access, financial loss, threats, extortion, or repeated harassment.

The NBI Cybercrime Division citizen’s charter states that complainants fill out a complaint form and submit it to the division personnel, and that complaints are monitored, evaluated, and compiled. (National Bureau of Investigation)

The NBI website lists its Cybercrime Division and official division email, while the 2026 DICT-NPC-SEC advisory lists the NBI Cybercrime Division email and telephone numbers for online lending-related scams. (National Bureau of Investigation)

For PNP ACG, official government responses and the DICT-NPC-SEC advisory point complainants to the PNP Anti-Cybercrime Group email, e-complaint channel, and contact numbers for cybercrime complaints. (www.foi.gov.ph)

Expect law enforcement to ask for:

  • your government ID;
  • a written complaint or sworn statement;
  • screenshots and original messages;
  • transaction records;
  • device details;
  • sender numbers, URLs, account names, and payment destinations.

Some cases start online, but investigators may still require personal appearance for verification, affidavit execution, or digital forensic handling.

Step 6: Report SMS phishing to NTC and your telco

If the phishing link came by text message, report it to the National Telecommunications Commission and your mobile provider.

NTC guidance for text scam complaints requires a valid ID and an image of the text spam or scam showing the cellphone number, with submission through the NTC text scam reporting page, email, or the nearest regional office. NTC also explains that its role is generally to receive the complaint and endorse it to telcos or concerned agencies for blocking or appropriate action. (www.foi.gov.ph)

Step 7: Escalate bank or e-wallet disputes properly

If your account was charged or drained, report first to the bank, e-wallet, or payment provider. Ask for:

  • ticket or reference number;
  • temporary account hold or card blocking;
  • reversal or dispute process;
  • copy of transaction details;
  • destination account or merchant details, if available.

If the financial institution is BSP-supervised and the issue remains unresolved, BSP says consumers should first report to the institution’s Financial Consumer Protection Assistance Mechanism, then escalate through the BSP Online Buddy or by CIR form if needed.

For fraud or scam cases, BSP also encourages reporting to law enforcement agencies such as PNP, NBI, or CICC, and notes that online lending app and collection agency complaints are best directed to the SEC.

Practical Evidence Checklist

Evidence Why it matters
Screenshot of message with sender number or account Shows source and timing
Full URL or copied link Helps agencies block or trace the phishing site
App name, package name, or APK file name Helps identify fake or unregistered lending apps
App permissions screenshot Supports data privacy complaint
Loan agreement or application screenshot Shows relationship, if any, with the lending platform
Payment receipts and reference numbers Helps trace funds
Bank/e-wallet dispute ticket Shows you reported promptly
Threats or shaming posts Supports SEC, NPC, and criminal complaints
Contact-list harassment screenshots from friends Shows third-party harassment
Valid ID Common requirement for formal complaints

Common Mistakes That Weaken Reports

Deleting the original message

A screenshot is useful, but original SMS, email, or chat data is better. Keep the original message until the report is filed and acknowledged.

Clicking the link again “to check”

Do not revisit the link from your main phone. It can trigger tracking, malware download, or additional credential theft.

Sending your ID to strangers who claim to be investigators

Real agencies do not investigate through random private messages asking for your OTP, PIN, password, or full card details. BSP specifically warns consumers not to share PINs, passwords, account numbers, card numbers, passports, or IDs unnecessarily in complaint processing.

Reporting only to Facebook or the app store

Platform reports can help remove pages or apps, but they do not replace reports to SEC, NPC, CICC, PNP, NBI, NTC, or your bank/e-wallet.

Assuming a “registered company” can do anything to collect

Even legitimate lenders cannot harass, shame, threaten, or contact non-guarantor contacts for debt collection. The DICT-NPC-SEC advisory states that contacting persons on the borrower’s contact list other than named guarantors is prohibited for debt collection.

Treating all contacts as guarantors

A character reference is not automatically a guarantor. The 2026 advisory states that guarantors must have expressly consented to assume responsibility for the loan in case of default.

Timelines and What to Expect

Reporting phishing links is usually faster than building a full criminal case.

Process Typical practical timeline
CICC / Hotline 1326 report Immediate intake or referral, depending on volume
Bank/e-wallet blocking Same day is ideal for urgent fraud reports
SEC complaint ticket Online submission first; review and routing may take days to weeks
NPC formal complaint Longer because of form, notarization, fees, and evaluation
NBI or PNP cybercrime complaint Initial intake can be quick, but investigation may take weeks or months
NTC text scam report Intake and referral/blocking process depends on telco and agency action

Delays often happen because screenshots are incomplete, the URL is no longer active, the victim deleted the original message, the sender used fake accounts, or the money passed through multiple mule accounts.

Special Notes for OFWs, Foreigners, and People Outside the Philippines

You can still report phishing links connected to Philippine online lending apps even if you are outside the Philippines.

Practical points:

  • Use email or online complaint channels first.
  • Keep Philippine phone numbers active if the messages were sent there.
  • Save timestamps with timezone.
  • If a sworn complaint-affidavit is required, ask the receiving agency what form of notarization it will accept.
  • If you executed a document abroad, formal use in the Philippines may require consular notarization or proper authentication depending on the document and the agency’s instructions.
  • If your Philippine bank, e-wallet, or SIM is involved, report to that provider immediately even while abroad.

Foreigners who were targeted by a Philippine lending app should include passport or government ID details only in secure official submissions, not through links sent by collectors or unknown “agents.”

Frequently Asked Questions

Can I report a phishing link even if I did not lose money?

Yes. Report it, especially if the link impersonates a lending app, asks for OTPs or IDs, installs an APK, or is being sent to many people. Early reporting helps agencies and telcos block links before more victims are affected.

Which agency should I report to first?

For an active phishing or scam link, start with CICC / Hotline 1326. If money moved, contact your bank or e-wallet immediately. If the link is connected to an online lending app or collection activity, report to the SEC. If your personal data or contacts were misused, report to the NPC. For criminal investigation, report to PNP ACG or NBI Cybercrime Division.

Is it illegal for a lending app to access my contacts?

A lending app cannot freely harvest and use your entire contact list for collection. The 2026 DICT-NPC-SEC advisory says excessive or disproportionate processing of contact lists is prohibited, and lenders may contact only guarantors for debt collection.

What if the lending app says my contacts agreed to be guarantors?

A guarantor must give separate consent to assume responsibility if the borrower defaults. Merely being listed as a character reference does not automatically make someone a guarantor.

Can I file an NPC complaint by email?

Yes, but the NPC process requires the complaint in the proper format, with the form filled out and notarized, then submitted in person, by courier, or by scanned email. (National Privacy Commission)

Do I need a lawyer to report a phishing link?

For initial reports to CICC, NTC, SEC, your bank, PNP ACG, or NBI, you can usually prepare and submit the report yourself. For a formal NPC complaint, criminal complaint-affidavit, damages claim, or complex case involving multiple victims, legal assistance can help organize facts, evidence, and claims.

What if the online lending app is not SEC-registered?

Report it to the SEC and CICC. The SEC regulates lending and financing companies, and unregistered online lending operations may face enforcement action. The 2026 advisory also notes that violations can lead to fines, suspension, revocation of authority to operate, and other penalties.

Should I pay the amount demanded to stop the harassment?

Do not pay through a suspicious link or personal account without verifying the lender and the debt. If you owe a legitimate debt, ask for official billing, statement of account, and payment channels under the registered company name. If the demand includes threats, public shaming, or phishing links, preserve evidence and report it.

Can the police trace the person behind the link?

Sometimes, but tracing takes time and depends on available evidence, platform cooperation, telco records, financial account records, and whether accounts used were fake, stolen, or mule accounts. Fast reporting improves the chance of preserving digital trails.

What if my friends or employer received shame messages about me?

Ask them to screenshot the messages showing sender, date, time, and content. Their screenshots can support your SEC complaint for unfair collection, NPC complaint for misuse of personal data, and possible criminal complaint for threats, harassment, identity misuse, or cyber-related offenses.

Key Takeaways

  • A phishing link from an online lending app should be treated as a cybercrime and data-risk incident, not just a nuisance message.
  • Do not click, install APKs, enter OTPs, or upload IDs through suspicious loan links.
  • Report urgent scams to CICC / Hotline 1326, financial loss to your bank or e-wallet, lending-app misconduct to the SEC, data misuse to the NPC, SMS scams to NTC, and criminal conduct to PNP ACG or NBI.
  • Preserve original messages, full URLs, screenshots, transaction references, app details, and proof of harassment.
  • Lending apps and collectors cannot freely use your contact list, shame you publicly, or contact non-guarantors for debt collection.
  • Fast reporting matters because phishing pages, SIMs, mule accounts, and fake pages can disappear quickly.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

How to Verify If an Online Lending App Is SEC Registered in the Philippines

A loan app can look professional on Google Play, Apple App Store, Facebook, TikTok, or through SMS, but that does not automatically mean it is legal to lend money in the Philippines. To verify if an online lending app is SEC registered, you need to check three things: the company behind the app, its Certificate of Authority to operate as a lending or financing company, and whether the specific online lending platform or app is properly recorded or approved by the Securities and Exchange Commission.

This matters because many abusive or fake lending apps use confusing names, screenshots of old SEC documents, or generic claims like “SEC registered” to make borrowers feel safe. The safer approach is to verify the exact corporate name, license, app name, and SEC status before borrowing, paying, or giving access to your phone contacts.

What “SEC Registered” Really Means for an Online Lending App

In ordinary conversation, people say “SEC registered” to mean a lender is legitimate. Legally, that phrase can be misleading.

There are three different levels you should understand:

What the lender claims What it actually means Is it enough?
“Registered with SEC” The corporation may exist as a registered company No
“Has Certificate of Authority” or “CA” The SEC has authorized it to operate as a lending or financing company Usually necessary
“Recorded/approved online lending platform” The particular app, website, or digital lending channel is connected to an authorized company Needed for online lending apps

A regular SEC Certificate of Incorporation only means the company has legal personality as a corporation. It does not automatically allow the company to lend money to the public.

For online lending, the key question is not only “Is this company registered?” but also:

  • What is the exact corporate name behind the app?
  • Does it have a valid Certificate of Authority from the SEC?
  • Is the specific app, website, or online lending platform listed, recorded, approved, or otherwise recognized by the SEC?
  • Has the company been suspended, revoked, fined, warned, or included in an SEC advisory?

Legal Basis: Why Online Lending Apps Need SEC Authority

Lending companies are regulated under RA 9474

The main law for lending companies is Republic Act No. 9474, or the Lending Company Regulation Act of 2007. Under this law, a lending company is generally a corporation engaged in granting loans from its own capital funds or funds sourced from not more than 19 persons, and it is regulated by the SEC. The law’s policy is to regulate lending companies, place their operations on a sound and stable basis, and prevent practices prejudicial to public interest. (Lawphil)

The practical point for borrowers is simple: a business cannot just create a mobile app, advertise “instant cash,” collect IDs, and lend to the public without SEC authority.

Financing companies are regulated under RA 8556

Some online lenders operate as financing companies rather than lending companies. Financing companies are governed by Republic Act No. 8556, the Financing Company Act of 1998, which amended the earlier Financing Company Act. Financing companies are also regulated by the SEC and must comply with specific corporate, capitalization, and licensing requirements. (Lawphil)

For ordinary borrowers, the distinction between a lending company and a financing company is less important than this rule: the company must have the proper SEC authority for the type of credit business it is doing.

Borrowers must be told the true cost of credit under RA 3765

Republic Act No. 3765, the Truth in Lending Act, requires disclosure of finance charges in credit transactions. Its policy is to protect citizens from lack of awareness of the true cost of credit by requiring full disclosure of that cost. (Lawphil)

This is why a legitimate lender should clearly show:

  • principal loan amount;
  • interest rate;
  • processing or service fees;
  • penalty charges;
  • total amount to be received by the borrower;
  • total amount to be repaid;
  • payment schedule; and
  • consequences of late or missed payment.

If the app only shows “approved amount” but hides deductions until after release, that is a serious warning sign.

Interest and fee caps apply to certain small online loans

For covered loans, BSP Circular No. 1133, Series of 2021, implemented through SEC rules, set ceilings on interest rates and other charges for unsecured, general-purpose loans offered by lending companies, financing companies, and their online lending platforms where the loan amount does not exceed ₱10,000 and the tenor is up to four months. The ceilings include 6% nominal interest per month, 15% effective interest per month including applicable fees and charges, a 5% monthly cap on late-payment penalties, and a 100% total cost cap.

This does not mean every high-cost loan is automatically illegal, because coverage depends on the loan type, amount, and tenor. But for small short-term online loans, these caps are a useful benchmark when checking whether charges are excessive.

Data privacy rules apply to online lending apps

Online lending apps often ask for phone permissions. Some request access to contacts, gallery, SMS, location, or social media information. Under Philippine data privacy rules, unnecessary or excessive processing of personal data for loan-related transactions is prohibited.

A 2026 public advisory by the DICT, National Privacy Commission, and SEC specifically warned that unnecessary app permissions, excessive access to contact lists, harassment, and contacting persons in the borrower’s contacts other than proper guarantors are prohibited. It also states that for debt collection, lending or financing companies may contact only a guarantor, and a person is a guarantor only if that person expressly consented to assume responsibility for the loan in case of default.

This is important because many borrowers think, “I allowed the app to access my contacts, so maybe they can call everyone.” That is not correct. App permission is not a free pass to shame, threaten, or harass your family, officemates, Facebook friends, or phone contacts.

New online lending registration rules in 2026

As of July 8, 2026, the major current development is SEC Memorandum Circular No. 20, Series of 2026, which was reported as lifting the moratorium on new online lending platforms starting August 1, 2026. The moratorium had been in place since November 5, 2021 under SEC Memorandum Circular No. 10, Series of 2021. The reported 2026 rules emphasize that new online lending platforms are not automatically approved; they must satisfy licensing, capitalization, operational, disclosure, data privacy, and consumer protection requirements. (GMA Network)

The new rules also reportedly require online lenders to disclose official websites, mobile applications, and customer service channels, and prohibit automatic loan release or auto-renewal without the borrower’s informed consent. (Daily Tribune)

Step-by-Step Guide: How to Verify If an Online Lending App Is SEC Registered

1. Get the exact legal name of the company behind the app

Do not rely on the app name alone.

Many lending apps use short, generic, or brand-style names such as “Fast Cash,” “Peso Loan,” “Quick Peso,” “Easy Pera,” or “Cash Now.” These may not be the actual corporate names registered with the SEC.

Look inside the app, website, privacy policy, loan agreement, disclosure statement, app store listing, or email/SMS messages for:

  • complete corporate name;
  • SEC Registration Number;
  • Certificate of Authority Number;
  • business or trade name;
  • app name or platform name;
  • registered office address;
  • customer service email;
  • official website;
  • name of the developer shown in the app store.

If the lender refuses to give its complete corporate name, treat that as a major red flag.

2. Check the SEC list of lending companies and financing companies

The SEC has identified public links for checking registered lending companies, registered financing companies, and recorded online lending platforms. In an SEC response on the government FOI portal, the SEC specifically directed the public to verify lending companies, financing companies, and online lending platforms through its official lists, including the list of recorded online lending platforms. (www.foi.gov.ph)

When checking, compare details carefully. Do not stop at a partial match.

Detail to compare Why it matters
Corporate name App names and company names are often different
SEC Registration Number Confirms corporate registration
Certificate of Authority Number Confirms authority to operate as lender/financing company
App or platform name Confirms the specific online lending app is connected to the company
Business/trade name Some companies operate under approved trade names
Status Revoked, suspended, or penalized entities may appear in advisories

If the app is not on the relevant SEC list, the safest assumption is not that it is legitimate but “just new.” Verify directly with the SEC before transacting.

3. Check whether the specific app is recorded or approved

A company may be authorized as a lending or financing company but still use an app name that is not properly recorded, disclosed, or approved.

For example:

Situation Risk
Company is licensed, but app name is not listed The app may be unauthorized, a clone, or newly unverified
App shows an SEC number but no CA number Corporation may exist, but lending authority is unclear
App uses the name of a real licensed company Possible impersonation or fake app
App store developer name differs from the lender Possible third-party operator or clone app
App has many similar versions Possible attempt to evade complaints or takedowns

The SEC has warned the public about unrecorded online lending platforms and has advised people to check the official list of authorized or recorded OLPs. A February 2026 public advisory stated that listed OLPs, mobile applications, and websites were not authorized to offer, process, or provide loan products through app stores or websites. (Bulacan Government)

4. Use SEC online tools and public assistance channels

The SEC’s online services include eSEARCH and Check with SEC, and its public ticketing system is iMessage, which is described as the SEC’s official web-based platform for public inquiries, complaints, incidents, and requests. The iMessage system generates an electronic ticket and allows users to track status. (Securities and Exchange Commission) (Securities and Exchange Commission)

Use these channels when:

  • the company name appears on a list but the app name does not;
  • the lender shows a suspicious SEC certificate;
  • the app claims it is “under a partner license”;
  • the app name is similar to a real lender but not exactly the same;
  • the app has been harassing borrowers or contacts;
  • you need written confirmation for a complaint.

5. Search SEC advisories, not just registration lists

A lender may have been registered before but later became the subject of:

  • an SEC advisory;
  • suspension;
  • revocation;
  • cease-and-desist order;
  • administrative fine;
  • complaint notice;
  • warning for unrecorded OLP activity.

Search the SEC website and official SEC advisories using:

  • the app name;
  • the company name;
  • the developer name;
  • the website domain;
  • the collection agency name;
  • the phone number or email used by collectors.

This is especially important because illegal operators often disappear, rebrand, or launch another app under a slightly different name.

6. Check the app permissions before installing or borrowing

Before you borrow, look at the permissions requested by the app.

Be cautious if the app asks for access to:

  • all contacts;
  • gallery or photos;
  • SMS;
  • call logs;
  • social media accounts;
  • location when not needed;
  • microphone or camera beyond identity verification;
  • device storage beyond what is necessary.

The 2026 DICT-NPC-SEC advisory specifically warns users to download OLPs from official or verified sources only, ensure they are operated by duly registered and licensed entities, read privacy notices carefully, and review app permissions because unnecessary permissions are prohibited.

What Information a Legitimate Online Lending App Should Show

A legitimate online lender should not make you guess who you are borrowing from.

Before you accept the loan, the app should clearly disclose:

Information What to look for
Corporate name Full SEC-registered company name
SEC Registration Number Company registration details
Certificate of Authority Number Authority to operate as lending/financing company
App/platform name Same name as listed or recorded with the SEC
Loan amount Gross amount and net amount released
Fees and deductions Processing fee, service fee, verification fee, other charges
Interest rate Nominal and effective cost where applicable
Payment schedule Due date, installments, total repayment
Penalties Late fees and how computed
Privacy policy What data is collected and why
Complaint channel Official email, hotline, or customer service address

If the app releases a loan without letting you review the final terms, automatically renews your loan, or deducts unexplained fees, document everything.

Red Flags That an Online Lending App May Not Be Legitimate

Be careful if you see any of these:

  • The app only says “SEC registered” but does not show a Certificate of Authority number.
  • The company name in the app does not match the app store developer name.
  • The lender refuses to give its complete corporate name.
  • The app claims its license is “processing.”
  • The app says it is registered abroad, so Philippine SEC authority is unnecessary.
  • The lender asks you to pay through a personal GCash, Maya, or bank account not under the company name.
  • The app requires full contact-list access before showing loan terms.
  • The app automatically releases money without clear consent.
  • The lender threatens to post your photo, contact your employer, message your relatives, or shame you online.
  • Collectors use insults, threats, fake subpoenas, fake barangay notices, or fake police/NBI messages.
  • The app has no verifiable office, website, customer service channel, or privacy notice.
  • The same company operates many nearly identical apps with different names.

One red flag may be explainable. Several red flags together usually mean you should stop, document, and verify directly with the SEC.

What to Do If You Already Borrowed from a Suspicious Lending App

If you already borrowed money, separate two issues: the debt and the lender’s conduct.

A borrower may still have a civil obligation to pay a valid loan, but a lender cannot use illegal or abusive methods to collect. Debt collection must be lawful, professional, and based on the actual loan agreement.

1. Preserve evidence immediately

Take screenshots or screen recordings of:

  • app name and app store listing;
  • developer name;
  • loan agreement;
  • disclosure statement;
  • amount approved;
  • amount actually received;
  • deductions and fees;
  • payment instructions;
  • collector messages;
  • threats or shaming posts;
  • calls or messages sent to your contacts;
  • proof of payment;
  • SEC registration or CA claims shown by the lender.

Save the date, time, phone number, email address, username, and links. If messages disappear inside the app, screenshot them before logging out.

2. Ask for a statement of account

Request a written statement showing:

  • principal amount;
  • amount released;
  • interest;
  • fees;
  • penalties;
  • payments made;
  • remaining balance;
  • official payment channel;
  • full corporate name of the lender.

Do not rely only on verbal statements from collectors.

3. Pay only through official channels

If you decide to pay, avoid sending money to personal accounts unless the company can clearly prove that the account is an official payment channel.

Keep receipts. In online lending disputes, borrowers often lose leverage because they paid collectors through informal channels and cannot later prove the payment was credited.

4. Revoke unnecessary app permissions

On your phone, review the app permissions and revoke access to contacts, photos, SMS, location, or storage where not necessary. Consider uninstalling the app after preserving evidence, especially if it continues to access data or send threatening messages.

5. Report to the proper agency

For unfair collection practices, unrecorded lending activity, or unauthorized online lending, report to the SEC Financing and Lending Companies Department through official SEC channels, including iMessage. The 2026 public advisory identifies SEC iMessage as a complaint channel for unfair debt collection practices involving financing and lending companies.

For privacy violations, such as unlawful use of contact lists, report to the National Privacy Commission.

For threats, extortion, identity misuse, hacking, fake police documents, fake subpoenas, or cyber harassment, consider reporting to the NBI Cybercrime Division or the PNP Anti-Cybercrime Group. If threats involve immediate danger, local police assistance may also be necessary.

Documents and Evidence Usually Needed for an SEC or Privacy Complaint

Prepare your complaint in an organized way. A clear timeline helps agencies understand what happened.

Document or evidence Why it helps
Valid ID of complainant Establishes identity
App name and screenshots Identifies the platform
Corporate name, if available Identifies respondent company
SEC/CA claims shown by lender Helps verify legitimacy
Loan agreement or disclosure statement Shows terms and charges
Proof of amount received Shows actual net proceeds
Proof of payment Shows what you already paid
Collection messages Shows harassment, threats, or unfair practices
Screenshots from contacted relatives/friends Shows third-party contact or public shaming
App permissions screenshot Supports privacy complaint
Timeline of events Helps investigators follow the facts

For messages from relatives or officemates, ask them to send screenshots showing the sender, date, time, and content. Do not edit screenshots except to blur unrelated private information.

Practical Timelines and Bottlenecks

Verification can be quick if the company and app appear clearly on SEC lists. It becomes slower when the app uses a brand name, foreign developer name, trade name, or possible clone identity.

Task Usual practical timing
Checking app store listing and privacy policy Same day
Searching SEC public lists and advisories Same day
Filing an SEC iMessage ticket Same day submission; response time varies
FOI-style verification request Can take days or weeks depending on complexity
Formal complaint review Varies depending on evidence and agency workload
NPC privacy complaint Often longer if formal investigation is needed
Cybercrime complaint Depends on evidence, urgency, and law enforcement assessment

Common bottlenecks include incomplete corporate names, deleted app listings, collectors using prepaid numbers, payment through personal wallets, and borrowers losing access to in-app loan records.

Special Notes for OFWs, Foreigners, and Borrowers Outside the Philippines

If you are an OFW or foreigner dealing with a Philippine online lending app, you can still verify using the SEC website and online complaint channels.

Important points:

  • A lender targeting Philippine borrowers generally cannot avoid Philippine rules simply by claiming to be “foreign.”
  • A foreign app-store listing does not replace SEC authority.
  • If documents are executed abroad for formal legal use in the Philippines, notarization, consular acknowledgment, or apostille issues may arise depending on the document and country.
  • For complaints, screenshots, transaction receipts, app store links, phone numbers, and emails are often more immediately useful than notarized statements at the first verification stage.
  • If the lender claims to be licensed in another country, ask for the Philippine company name and Philippine SEC authority. Foreign licensing does not automatically authorize public lending in the Philippines.

Frequently Asked Questions

How do I know if an online lending app is SEC registered in the Philippines?

Check the SEC’s official lists for the exact corporate name, Certificate of Authority number, and recorded or approved online lending platform. Verify both the company and the specific app. Do not rely only on screenshots sent by the lender.

Is an SEC registration number enough for a loan app?

No. A regular SEC registration number only shows that a corporation may exist. A lending or financing company also needs the proper SEC authority to operate, and an online lending app should be properly recorded, approved, or disclosed as a platform of that authorized company.

What is a Certificate of Authority from the SEC?

A Certificate of Authority, often called a CA, is the SEC authorization that allows a lending company or financing company to operate in that regulated business. Without it, a corporation may be registered but still not authorized to lend to the public.

What if the company is SEC registered but the app is not listed?

Be cautious. The company may be legitimate, but the app may be unrecorded, unauthorized, newly pending approval, or even a clone using the name of a real company. Verify directly through SEC channels before borrowing or paying.

Can an online lending app access my contacts?

An app should not require unnecessary or excessive permissions. Philippine privacy regulators have warned that unauthorized or disproportionate processing of contact lists is prohibited, and lenders may contact only proper guarantors for debt collection purposes. A character reference is not automatically a guarantor.

Can a lender contact my relatives, employer, or Facebook friends?

A lender cannot freely contact people in your phonebook to shame, pressure, or harass you. Contacting third parties outside proper guarantors may raise data privacy and unfair collection issues, especially if the messages include threats, insults, false accusations, or disclosure of your debt.

Are online lending apps allowed to charge high interest?

They may charge interest and fees if properly disclosed and legally allowed, but certain small short-term loans are subject to BSP and SEC ceilings. For covered loans not exceeding ₱10,000 with a tenor of up to four months, the rules include caps on nominal interest, effective interest, late-payment penalties, and total cost.

What should I do if a loan app threatens to post my photo or message all my contacts?

Save evidence immediately. Screenshot the threat, sender details, app name, loan record, and any messages sent to contacts. Report unfair collection to the SEC, privacy violations to the NPC, and threats, extortion, or cyber harassment to the proper cybercrime authorities.

Can a foreign online lender operate in the Philippines without SEC registration?

A foreign company does not automatically have authority to lend to Philippine borrowers. If it is offering loan products to the Philippine public through an app, website, agents, or local payment channels, check whether there is a Philippine SEC-authorized lending or financing company behind it.

Does being listed in an app store mean the lender is legal?

No. Google Play or Apple App Store availability is not the same as Philippine SEC authority. App stores may remove reported apps, but borrowers should still verify the company, Certificate of Authority, app name, and SEC status through official Philippine sources.

Key Takeaways

  • SEC registration alone is not enough. Verify the lender’s Certificate of Authority and the specific online lending app or platform.
  • Check the exact corporate name, app name, SEC Registration Number, CA number, and official SEC lists before borrowing.
  • A legitimate online lender should clearly disclose the true cost of credit, including interest, fees, penalties, net proceeds, and repayment schedule.
  • Online lending apps cannot use phone permissions as a license to harass your contacts or publicly shame you.
  • For covered small short-term online loans, Philippine rules impose caps on interest, penalties, and total borrowing cost.
  • If you already borrowed from a suspicious app, preserve evidence, ask for a statement of account, pay only through official channels, revoke unnecessary permissions, and report abusive conduct to the proper agency.
  • For OFWs and foreigners, foreign registration or app-store availability does not replace Philippine SEC authority when the lender is targeting borrowers in the Philippines.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

How to Secure Evidence for an SEC Complaint Against an Online Lending App

If an online lending app is harassing you, contacting your family or coworkers, threatening to shame you online, or using your personal data to pressure you into paying, the strength of your SEC complaint will depend heavily on the evidence you preserve. The SEC can act against abusive collection practices, but it needs clear proof: who did what, when it happened, how it relates to a specific loan or app, and why the conduct violates Philippine lending, financing, consumer protection, and data privacy rules.

Why Evidence Matters in an SEC Complaint Against an Online Lending App

Most online lending app complaints involve fast-moving digital evidence: SMS, chat messages, call logs, screenshots, app permissions, push notifications, contact-list misuse, social media posts, and payment demands. These can disappear quickly when:

  • the collector deletes messages;
  • the app is removed from Google Play or the App Store;
  • the borrower changes phones;
  • the number used by the collector becomes unreachable;
  • social media posts are taken down;
  • the borrower accidentally deletes the chat thread; or
  • the phone automatically clears old call logs or notifications.

The SEC’s concern is usually not whether you borrowed money. Its concern is whether the lending company, financing company, online lending platform, or its collectors violated rules on fair collection, proper registration, truthful disclosure, interest and charges, customer service, privacy-related conduct, or authority to operate.

The SEC now uses iMessage, its official web-based ticketing system, for public inquiries, complaints, incidents, and requests. The system creates an electronic ticket and allows users to check the status of submissions. The SEC iMessage user guide also lists “Complaints on Financing and Lending Companies” under the Financing and Lending Companies Department’s Legal and Enforcement Division. (Securities and Exchange Commission)

Legal Basis: What Online Lending App Conduct Can Be Reported

SEC Regulation of Lending and Financing Companies

The SEC supervises lending and financing companies under specific laws. Republic Act No. 9474, or the Lending Company Regulation Act of 2007, regulates lending companies and gives the SEC authority over their establishment and operation. Republic Act No. 8556, the Financing Company Act of 1998, regulates financing and leasing companies and specifically aims to prevent practices prejudicial to public interest. (Lawphil)

Online lending platforms are not treated as lawless apps simply because they operate through mobile phones. If the app is connected with a lending company or financing company, the SEC may examine whether the company and its online platform complied with SEC rules. The 2026 DICT-NPC-SEC public advisory also refers to online lending platforms as mobile lending applications, websites, and other fintech-enabled systems where the products of financing companies and lending companies are made available.

SEC Memorandum Circular No. 18, Series of 2019

The main SEC rule on abusive collection is SEC Memorandum Circular No. 18, Series of 2019, which prohibits unfair debt collection practices by financing companies, lending companies, and third-party service providers hired by them. The circular covers conduct such as threats of violence, threats to take illegal action, abusive language, publication of borrower information, false or deceptive collection methods, unreasonable collection times, and improper contact with persons in the borrower’s contact list.

The circular is important because it makes the lending or financing company responsible even when the harassment is done by a collector, agent, call center, outsourced collection agency, or third-party service provider. It states that outsourced collectors are considered agents, and ultimate responsibility for collection practices remains with the financing or lending company.

Data Privacy and Contact-List Abuse

Many online lending app cases involve data privacy issues: accessing the borrower’s contacts, messaging relatives, posting debt-shaming content, or using personal photos. The Data Privacy Act of 2012, or Republic Act No. 10173, protects personal information in government and private information systems. The National Privacy Commission has also issued rules on personal data processing for loan transactions, including NPC Circular No. 20-01 as amended by NPC Circular No. 2022-02. (National Privacy Commission)

The 2026 DICT-NPC-SEC advisory states that unnecessary app permissions, unauthorized or excessive processing of contact lists, harassment, public shaming, and contacting persons other than guarantors for debt collection are prohibited. It also reminds borrowers to download online lending apps only from official or verified sources and to check whether they are operated by registered and licensed entities.

Financial Consumer Protection

Republic Act No. 11765, the Financial Products and Services Consumer Protection Act, applies to financial products and services and empowers financial regulators, including the SEC, to protect consumers under their jurisdiction. This law strengthens the SEC’s ability to address abusive, fraudulent, or unfair practices involving financial products and services. (Lawphil)

What Evidence Should You Secure?

A strong SEC complaint usually has four kinds of evidence: identity evidence, loan evidence, harassment evidence, and preservation evidence.

Evidence Type What to Save Why It Matters
Identity of the app/company App name, developer name, website, privacy policy, SEC registration details, Certificate of Authority if available, screenshots from the SEC list or app store Shows who the respondent is and whether the app is tied to a registered lending or financing company
Loan transaction Loan agreement, disclosure statement, amount borrowed, amount received, deductions, due date, interest, penalties, repayment history Shows the transaction being collected and whether disclosures or charges appear questionable
Collection abuse SMS, chat messages, call logs, screenshots, voice notes, social media posts, messages sent to contacts, threats, abusive language Shows the specific unfair collection practices
Preservation proof Backup folder, file dates, exported chat files, screenshots with timestamps, affidavit or written chronology Helps show that your evidence was not invented, edited, or selectively created later

Step-by-Step Guide to Secure Evidence Before Filing With the SEC

1. Do Not Delete the App, Messages, or Call Logs Yet

Your first instinct may be to uninstall the app immediately. That is understandable, especially if you feel unsafe. But if you delete the app too soon, you may lose:

  • the in-app loan agreement;
  • repayment schedule;
  • disclosure statement;
  • customer service chat;
  • notifications;
  • app permissions;
  • privacy notice;
  • account details; and
  • transaction history.

Before uninstalling, take screenshots and screen recordings of the important pages. If the app is aggressively accessing permissions, you may revoke unnecessary permissions after preserving screenshots of what permissions were requested or granted.

For Android phones, take screenshots of:

  1. the app info page;
  2. app permissions;
  3. notification permissions;
  4. developer details from Google Play;
  5. privacy policy link;
  6. data safety information, if available;
  7. loan dashboard; and
  8. all in-app messages.

For iPhone users, capture:

  1. the app’s App Store page;
  2. app privacy details;
  3. Settings page showing permissions;
  4. notifications received;
  5. loan dashboard;
  6. repayment page; and
  7. any in-app chat or collection notice.

2. Identify the Real Respondent, Not Just the App Name

Many borrowers only know the app name. But SEC complaints are stronger when you identify the company behind the app.

Look for:

  • registered corporate name;
  • SEC registration number;
  • Certificate of Authority number, if shown;
  • office address;
  • customer service email;
  • privacy policy owner;
  • data protection officer;
  • app developer name;
  • payment recipient name;
  • bank, e-wallet, or payment channel used; and
  • collection agency or agent name, if disclosed.

SEC Memorandum Circular No. 18 also requires companies to have collection personnel disclose their full name or true identity to the borrower, and to maintain a customer service department or designated personnel for borrower complaints.

If the app uses one name in the app store, another name in the loan contract, and another name in payment instructions, preserve all three. That mismatch may itself be useful for the SEC when tracing responsibility.

3. Capture the Full Message Thread, Not Just the Worst Line

Do not submit only one cropped screenshot saying, “Magbayad ka kundi ipopost ka namin.” A cropped image is easy to attack as incomplete or misleading.

For every abusive SMS, Messenger, Viber, WhatsApp, Telegram, email, or in-app chat:

  1. screenshot the message with the sender name or number visible;
  2. screenshot the date and time;
  3. screenshot the messages before and after the threat;
  4. record a short screen video scrolling from the top of the conversation to the abusive part;
  5. save the contact profile or number details;
  6. export the chat if the platform allows it; and
  7. keep the original thread on the phone.

This matters because Philippine rules recognize electronic documents and electronic data messages, but authenticity and reliability still matter. Republic Act No. 8792 gives legal recognition to electronic data messages and electronic documents, while the Rules on Electronic Evidence treat electronic documents as admissible when they comply with evidentiary rules and are properly authenticated. (Lawphil)

4. Preserve Evidence That They Contacted Your Family, Friends, or Employer

Contact-list harassment is one of the most common online lending app abuses. Evidence from third parties can be very powerful.

Ask the contacted person to save:

  • the SMS or chat message they received;
  • the sender’s number or account;
  • the date and time;
  • any screenshot showing your name, debt, photo, workplace, or personal details;
  • call logs from the collector;
  • voicemails or voice notes, if any;
  • social media tags, comments, or posts; and
  • their relationship to you.

Do not ask them to edit the screenshot. If they want to protect their privacy, they can provide you a copy for the SEC and keep the original on their own device.

A short supporting statement can also help:

“I am [name]. On [date/time], I received a message from [number/account] claiming that [borrower’s name] owed money to [app/company]. I did not act as guarantor or co-maker. Attached are screenshots from my phone.”

The 2026 DICT-NPC-SEC advisory specifically states that contacting persons on a borrower’s contact list other than guarantors is prohibited for debt collection purposes.

5. Document Calls Carefully Without Illegal Secret Recordings

Call logs are useful. Secret recordings are risky.

Republic Act No. 4200, the Anti-Wiretapping Law, prohibits a person who is not authorized by all parties to a private communication from secretly overhearing, intercepting, or recording that communication, and unlawfully obtained recordings are not admissible in judicial, quasi-judicial, legislative, or administrative proceedings. (Lawphil)

Safer evidence includes:

  • screenshots of call logs;
  • number used by the collector;
  • date, time, and duration of calls;
  • your written notes immediately after the call;
  • text messages sent before or after the call;
  • voicemail voluntarily left by the collector;
  • voice messages sent through chat apps; and
  • screenshots showing repeated missed calls.

After a threatening call, write a short incident note while it is fresh:

Detail Example
Date and time 12 March 2026, 8:43 PM
Number used 09XX-XXX-XXXX
Speaker’s claimed name “Mark from ABC Lending Collections”
Exact words remembered “Ipapahiya ka namin sa office mo bukas.”
Your response “I asked for the company name and written statement of account.”
Follow-up evidence SMS received at 8:51 PM with same threat

6. Save Proof of the Loan Amount, Deductions, Interest, and Charges

The SEC complaint should show not only harassment but also the loan context. Preserve:

  • loan agreement;
  • disclosure statement;
  • amount applied for;
  • amount approved;
  • actual amount received;
  • deductions before release;
  • interest rate;
  • service fee;
  • processing fee;
  • penalty charges;
  • due date;
  • repayment instructions;
  • proof of payments; and
  • collection demand showing total amount claimed.

If the app approved a ₱5,000 loan but released only ₱3,200 and demanded ₱6,000 after seven days, create a simple computation table. Do not exaggerate; use only what the documents show.

SEC rules also address interest and fees. SEC Memorandum Circular No. 3, Series of 2022 implemented ceilings on interest rates and other fees charged by lending and financing companies and their online lending platforms. (Law and Policy Reform Program)

7. Screenshot the App Store Page Before It Disappears

Online lending apps may change names, icons, developers, or listings. Capture:

  • app name;
  • icon;
  • developer;
  • package name, if visible;
  • downloads or ratings;
  • privacy policy;
  • permissions/data safety section;
  • reviews mentioning harassment;
  • date of screenshot; and
  • the app URL or listing source if available.

If you cannot access the app store page anymore, screenshot the error page or removal notice. That may help show that the app was previously active but later removed or hidden.

8. Make a Chronology of Events

A chronology helps the SEC understand your complaint quickly.

Use a table like this:

Date/Time Event Evidence File
1 March 2026, 10:15 AM Installed app and granted permissions Screenshot A1-A4
1 March 2026, 10:40 AM Loan of ₱5,000 approved; ₱3,200 received Loan dashboard B1, GCash receipt B2
8 March 2026, 7:30 AM Collector sent abusive SMS SMS C1-C3
8 March 2026, 9:10 AM Collector messaged borrower’s sister Sister screenshot D1-D2
8 March 2026, 11:45 AM Collector threatened to post borrower online Messenger E1-E4
9 March 2026, 8:02 PM Repeated calls from same number Call log F1

This table is often more useful than a long emotional narrative. It lets the agency see the pattern.

9. Organize Files Before Uploading to SEC iMessage

Create a folder with clear filenames:

  • 01_Complaint_Narrative.pdf
  • 02_Borrower_ID.pdf
  • 03_Loan_Agreement_and_Disclosure.pdf
  • 04_Proof_of_Release_and_Payments.pdf
  • 05_SMS_Threats.pdf
  • 06_Chat_Screenshots.pdf
  • 07_Call_Logs.pdf
  • 08_Messages_to_Contacts.pdf
  • 09_App_Store_and_App_Permissions.pdf
  • 10_Chronology.pdf

If you have many screenshots, combine related screenshots into PDFs. Keep the original photos and videos in a separate backup folder. Do not rely on one phone only. Save copies to a secure cloud drive, external drive, or trusted storage.

10. File Through the Correct SEC Channel

For unfair debt collection by lending and financing companies, the 2026 DICT-NPC-SEC advisory directs the public to report to the SEC Financing and Lending Companies Department through iMessage, with hotline 1-4732 or 1-4SEC. It also lists DICT Cyber Hotline, NBI Cybercrime Division, and PNP Anti-Cybercrime Group for other forms of harassment, threats, frauds, or scams.

When creating your SEC ticket, choose the service closest to Complaints on Financing and Lending Companies. State the complaint clearly:

“Complaint for unfair debt collection practices, contact-list harassment, threats, public shaming, and unauthorized processing of personal data by [app/company name].”

Evidence Checklist for Common Online Lending App Violations

Violation Evidence to Secure
Threats to shame you online Screenshots of threats, social media posts, tags, comments, messages to contacts
Contacting relatives, employer, or coworkers Screenshots from contacted persons, their statements, call logs, relationship to borrower
Abusive or obscene language Full message thread, screen recording, sender details
False threats of arrest or criminal case SMS/chat screenshots, call notes, demand letters
Collecting at unreasonable hours Call logs and messages showing time stamps
Using fake legal documents Screenshots or PDFs of “warrant,” “subpoena,” “police blotter,” or fake demand notice
Excessive app permissions Screenshots of phone settings and app permissions
Unauthorized contact-list access Messages received by people who were not guarantors
Hidden or excessive charges Loan agreement, disclosure, amount received, repayment demand
Unregistered or suspicious app App store page, developer name, SEC list search result, payment recipient details

Common Mistakes That Weaken SEC Complaints

Submitting Only Emotional Narratives

It is natural to feel angry, scared, or humiliated. But the SEC needs facts. Instead of writing only “They harassed me many times,” specify:

  • who contacted you;
  • what number or account was used;
  • what exact words were said;
  • when it happened;
  • who else was contacted;
  • what evidence is attached; and
  • what rule was violated.

Cropping Screenshots Too Much

Cropped screenshots may hide the sender, date, or surrounding context. Use full-screen captures whenever possible. If you need to redact something for privacy, keep an unredacted copy for your records.

Deleting the Original Thread

A PDF compilation is useful, but keep the original chat thread on the device if possible. If authenticity is later questioned, the original thread, export file, device, metadata, and your testimony can help.

Secretly Recording Calls

Do not assume that secretly recorded calls are safe to use. Under RA 4200, unauthorized recordings of private communications can create legal problems and may be inadmissible. Use call logs, notes, voicemails, written threats, and chat messages instead. (Lawphil)

Filing Against Only the Collector’s First Name

“Mark,” “Jenny,” or “Attorney Reyes” may not be real. Identify the company, app, developer, payment recipient, and customer service channel. SEC enforcement is stronger when the regulated entity can be traced.

Mixing SEC, NPC, Police, and Small Claims Issues

Different offices handle different issues.

Concern Usual Office
Unfair debt collection by lending/financing company or OLP SEC Financing and Lending Companies Department
Unauthorized processing of personal data, contact-list misuse, debt shaming National Privacy Commission
Threats, fraud, scams, identity theft, cyber harassment PNP Anti-Cybercrime Group, NBI Cybercrime Division, DICT Cyber Hotline
Collection or payment dispute over a debt Courts, small claims, or appropriate civil process depending on the claim

The same evidence packet can often be reused, but the complaint should be tailored to the agency’s jurisdiction.

Special Notes for OFWs, Foreigners, and Borrowers Abroad

Filipinos abroad and foreigners dealing with Philippine online lending apps can still preserve and submit digital evidence. The practical challenge is verification of identity, sworn statements, and document authentication.

If a sworn statement or affidavit is required and you are outside the Philippines:

  • documents executed in a country that is part of the Apostille Convention may need an apostille from the competent authority in that country;
  • documents from non-Apostille countries may still require consular authentication or legalization; and
  • Philippine documents for use abroad are handled through the apostille system, with the Philippines becoming a party to the Apostille Convention on 14 May 2019. (Apostille Government)

For online filing, prepare clear scans of your passport, Philippine ID if available, screenshots, and a written explanation of your location and relationship to the loan or complaint.

Frequently Asked Questions

Can I file an SEC complaint against an online lending app even if I really owe money?

Yes. Owing money does not give a lender the right to harass you, threaten you, shame you publicly, contact unrelated people in your phonebook, or use unfair collection practices. The SEC complaint focuses on the company’s conduct, not simply the existence of the debt.

Are screenshots enough for an SEC complaint?

Screenshots can be enough to start a complaint, but they are stronger when supported by full message threads, screen recordings, exported chats, call logs, app details, payment records, and a chronology. Electronic evidence should be preserved in a way that shows authenticity, integrity, and reliability.

Should I uninstall the lending app immediately?

Preserve evidence first if it is safe to do so. Screenshot the loan dashboard, permissions, messages, disclosure statement, repayment details, app store page, and privacy policy. After preservation, you may revoke unnecessary permissions and secure your phone.

What if the collector contacted my relatives or employer?

Ask them to save screenshots, call logs, sender details, and a short written statement saying they were contacted about your debt and whether they were ever a guarantor or co-maker. Contacting persons in the borrower’s contact list other than guarantors is specifically prohibited for debt collection under the 2026 DICT-NPC-SEC advisory.

Can collectors threaten me with arrest for not paying an online loan?

A simple unpaid debt is generally a civil matter. Threats of arrest, fake warrants, or fake criminal accusations should be preserved carefully because SEC Memorandum Circular No. 18 prohibits threats to take actions that cannot legally be taken and false or deceptive means to collect a debt.

Can I use a secretly recorded phone call as evidence?

Be careful. RA 4200 prohibits unauthorized secret recording of private communications and makes unlawfully obtained recordings inadmissible in judicial, quasi-judicial, legislative, or administrative proceedings. Safer evidence includes call logs, written notes, voicemails voluntarily left by the collector, and written threats sent by SMS or chat. (Lawphil)

Where do I report contact-list abuse and debt shaming?

For unfair debt collection by lending or financing companies, report to the SEC through iMessage. For privacy violations such as unauthorized processing of contacts, debt shaming, or misuse of personal data, the National Privacy Commission may also be involved. For threats, fraud, scams, or cybercrime, the 2026 advisory lists DICT Cyber Hotline, NBI Cybercrime Division, and PNP Anti-Cybercrime Group.

What penalties can the SEC impose for unfair collection practices?

Under SEC Memorandum Circular No. 18, violations may lead to monetary penalties. For lending companies, the circular lists ₱25,000 for the first offense and ₱50,000 for the second offense; for financing companies, ₱50,000 for the first offense and ₱100,000 for the second offense. For a third offense, the SEC may impose higher fines, suspension, or revocation of authority depending on the facts and gravity of the violation.

What if the app is not registered or not on the SEC list?

Preserve the app store page, developer name, payment recipient, screenshots, website, privacy policy, and messages. If the app is unregistered or suspicious, the matter may involve not only unfair collection but also unauthorized lending, fraud, scam activity, or cybercrime. The SEC, NBI, PNP Anti-Cybercrime Group, DICT, and NPC may have different roles depending on the facts.

Key Takeaways

  • Strong SEC complaints against online lending apps are built on organized evidence, not just a general statement that harassment happened.
  • Preserve full message threads, call logs, app details, loan documents, payment records, screenshots from contacted relatives, and a clear chronology.
  • SEC Memorandum Circular No. 18 prohibits unfair debt collection practices by lending and financing companies, including threats, abusive language, deceptive collection, publication of borrower information, and improper contact with people in the borrower’s contact list.
  • Contact-list harassment and debt shaming may also raise Data Privacy Act issues before the National Privacy Commission.
  • Avoid secretly recording calls because RA 4200 can make unauthorized recordings legally risky and inadmissible.
  • File through the proper SEC iMessage service for complaints involving financing and lending companies, and keep your ticket number and complete evidence backup.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Can Lending Apps Use Your Contacts Without Consent? Data Privacy Rights Explained

If a lending app accessed your phonebook, messaged your family, called your employer, or threatened to shame you online because of a loan, the key point is this: a lending app cannot treat your contacts list as a free collection tool. Philippine data privacy rules allow only limited, necessary, transparent, and lawful processing of personal data. Clicking “Allow” on your phone does not automatically mean the app may harvest your entire phonebook, contact random people, or pressure them to make you pay. This article explains what Philippine law says, what your rights are, and what practical steps you can take if an online lending app misused your contacts.

Quick Answer: Can Lending Apps Use Your Contacts Without Consent?

Generally, no. Lending and financing apps are not allowed to access, upload, store, or use your contacts in an excessive or disproportionate way. They also cannot contact people in your phonebook for debt collection unless those people are properly declared guarantors who separately consented to that role.

A lending app may ask for limited access to contacts in specific situations, such as helping you select a declared character reference or guarantor. But that access must be tied to a clear, legitimate, and necessary purpose. It should not become a blanket permission to copy your entire contacts list, shame you, or harass people who never agreed to be involved in your loan. (National Privacy Commission)

The National Privacy Commission, Securities and Exchange Commission, and Department of Information and Communications Technology have specifically warned online lending platforms against unnecessary permissions, excessive contact-list processing, harassment, intimidation, and public shaming. The 18 March 2026 joint advisory also reminds borrowers to download apps only from official or verified sources, read privacy notices, and watch out for dark patterns such as pre-ticked boxes or confusing consent screens.

Why Your Contacts List Is Protected Personal Data

Your contacts list is not just a technical app permission. It usually contains the personal information of many people: names, mobile numbers, email addresses, workplaces, family relationships, nicknames, and sometimes photos.

Under the Data Privacy Act of 2012, or Republic Act No. 10173, “processing” includes collecting, recording, storing, using, disclosing, or otherwise handling personal information. A lending app that uploads, scans, stores, or sends messages to your contacts is processing personal data. (National Privacy Commission)

This matters because the law requires personal information controllers, such as lending apps and financing companies, to follow the core privacy principles of:

Principle What it means in lending app cases
Transparency You must be told what data is being collected, why, how long it will be kept, who will receive it, and how you can exercise your rights.
Legitimate purpose The collection or use of data must be connected to a lawful and clearly stated purpose, not harassment or public shaming.
Proportionality The app should collect only data that is adequate, relevant, and not excessive for the declared purpose.

These principles are expressly recognized under the Data Privacy Act. Personal information must be collected for specified and legitimate purposes, processed fairly and lawfully, and kept adequate, relevant, suitable, necessary, and not excessive. (National Privacy Commission)

Phone Permission Is Not Always Valid Consent

Many borrowers say, “But I clicked Allow. Does that mean I consented?”

Not always.

Under RA 10173, consent must be freely given, specific, informed, and shown by written, electronic, or recorded means. Consent is not valid just because it is hidden in long terms and conditions, forced through confusing screens, or bundled with unnecessary permissions. (National Privacy Commission)

The 2026 joint advisory also warns that dark patterns, pre-ticked boxes, unclear prompts, and coercive consent methods may invalidate consent. For example, if an app makes it look impossible to proceed unless you give full phonebook access, even when full access is not necessary, that may be legally questionable.

Examples of questionable consent

Situation Why it may be a problem
The app requires full contacts access before showing loan terms The permission may be excessive or not yet necessary.
The app says “Allow contacts to verify your identity” but later texts your relatives The actual use is different from the disclosed purpose.
The privacy notice is hidden, vague, or unreadable on mobile Consent may not be properly informed.
The app harvests all contacts when you only selected two references The processing may be disproportionate.
The app contacts your employer even though the employer is not a guarantor This may be unauthorized processing and unfair collection behavior.

Legal Basis: Data Privacy Rights in the Philippines

Data Privacy Act of 2012

The Data Privacy Act gives data subjects several important rights. A data subject is the person whose personal information is being processed. In lending app cases, this may include the borrower, the borrower’s spouse or relatives, character references, guarantors, employers, and other people in the borrower’s contact list.

Under the law, you have the right to be informed about the nature, purpose, and extent of data processing. You also have the right to know the identity and contact details of the personal information controller, the recipients of your data, how long the data will be stored, and how you can complain or exercise your rights. (National Privacy Commission)

You may also have the right to object, access your data, correct inaccurate information, and request blocking, removal, or destruction of personal data that was unlawfully obtained, used without authorization, or processed in violation of your rights. The law also recognizes a right to indemnification for damages caused by inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal information. (National Privacy Commission)

NPC Rules on Lending and Financing Apps

The National Privacy Commission has issued specific guidance for lending and financing companies. These rules are important because online lending harassment became a common problem in the Philippines, especially through apps that accessed phone contacts.

The NPC requires lending and financing companies to give “just-in-time” notices before obtaining consent. Important privacy details should be easy to find inside the app. The rules also prohibit unnecessary permissions involving personal or sensitive personal information. Apps should prompt users to turn off, disallow, or revoke permissions once the purpose has been achieved. (National Privacy Commission)

For borrower contact information, the NPC recognizes limited legitimate uses, such as identity verification and checking the truthfulness of information supplied by the borrower. But the processing must not be unbridled, excessive, or disproportionate. Most importantly, debt collection may not involve contacting people in the borrower’s contact list except declared guarantors. (National Privacy Commission)

SEC and Financial Consumer Protection

Lending companies and financing companies are also regulated by the Securities and Exchange Commission. The Financial Products and Services Consumer Protection Act, or Republic Act No. 11765, protects financial consumers in areas such as fair treatment, transparency, data privacy, and timely handling of complaints. It also gives financial regulators, including the SEC, enforcement powers over covered financial service providers. (Supreme Court E-Library)

RA 11765 also makes financial service providers responsible for their representatives and third-party agents, including debt collectors. This is important because some lending apps blame “collection agencies” or “outsourced collectors” when harassment happens. Under consumer protection rules, a company cannot easily escape responsibility by saying the abusive messages came from its collector. (Supreme Court E-Library)

Borrower, Character Reference, and Guarantor: Know the Difference

Many lending app problems happen because apps blur the difference between a character reference and a guarantor.

Person Role Can they be contacted for collection? Are they liable for the loan?
Borrower The person who took out the loan Yes, through lawful and fair collection methods Yes, based on the loan agreement
Character reference Someone who may confirm identity or contact details Not as a debt collection target No, not merely because they were listed as a reference
Guarantor Someone who separately agrees to answer for the borrower’s obligation Yes, if properly declared and consented May be liable depending on the guarantee or surety agreement

The NPC has made clear that a character reference is not automatically a guarantor. A character reference must be informed and given an option to remove their personal data. A guarantor, on the other hand, must give separate consent. (National Privacy Commission)

This distinction is practical. If your friend was listed only as a reference, the lending app should not pressure that friend to pay. If your employer was merely in your phonebook, the app should not call your workplace to embarrass you. If your spouse, parent, sibling, or co-worker never agreed to guarantee the loan, the app cannot simply treat them as legally responsible.

What Lending Apps Are Not Allowed to Do

A lending app or its collector may be violating Philippine privacy and consumer protection rules if it does any of the following:

  1. Uploads or harvests your entire contacts list when only limited contact information is necessary.
  2. Calls or texts random people in your phonebook to pressure you to pay.
  3. Contacts your employer, relatives, classmates, or neighbors even though they are not guarantors.
  4. Posts your name, face, ID, address, or alleged debt on Facebook, Messenger, Viber, Telegram, or group chats.
  5. Threatens public shaming, arrest, deportation, barangay exposure, or police action for an ordinary unpaid civil debt.
  6. Uses insulting, obscene, defamatory, or intimidating messages.
  7. Pretends to be a court, police officer, barangay official, lawyer, or government agency.
  8. Keeps using your contacts after you revoke permission or after the purpose has already been achieved.
  9. Uses your contacts for marketing or other undisclosed purposes.
  10. Blames a third-party collector while benefiting from the abusive collection activity.

The 2026 joint advisory specifically identifies harassment, intimidation, public shaming, unlawful use of personal data, excessive permissions, and unauthorized contact-list processing as concerns involving online lending platforms. It also states that, for debt collection, platforms should not contact people in the borrower’s contact list other than named guarantors.

If the app’s messages include identity theft, cyberlibel, fraudulent impersonation, or other computer-related acts, the Cybercrime Prevention Act of 2012, or Republic Act No. 10175, may also become relevant. The law covers computer-related identity theft and cyberlibel, among other offenses. (Supreme Court E-Library)

What to Do If a Lending App Used Your Contacts

1. Preserve evidence before deleting anything

Do this first. Many borrowers panic and uninstall the app immediately. That may remove useful evidence.

Save:

  • Screenshots of the app permission screen
  • Screenshots of the privacy notice, terms, and consent page
  • The app name, developer name, website, and store listing
  • Loan agreement, disclosure statement, repayment schedule, and collection messages
  • Text messages, call logs, Messenger/Viber/Telegram chats, emails, and social media posts
  • Names and numbers used by collectors
  • Screenshots from relatives, employers, friends, or contacts who received messages
  • Dates and times of calls, messages, threats, or posts
  • Proof of payment, if any

Ask affected contacts to save their own screenshots. If possible, ask them to prepare a short written statement describing what they received, when they received it, and how they are connected to you.

Avoid secretly recording phone calls unless you have checked the law carefully. The safer practical step is to keep call logs, voicemails, written messages, screenshots, and detailed notes immediately after each call.

2. Revoke app permissions

After saving evidence, revoke unnecessary permissions.

On most phones, you can go to:

Phone Usual path
Android Settings → Apps → App name → Permissions → Contacts → Deny
iPhone Settings → Privacy & Security → Contacts → App name → Turn off

Also consider:

  • Removing access to photos, camera, microphone, location, and files if not necessary
  • Changing passwords if you uploaded IDs or sensitive documents
  • Blocking collector numbers after saving evidence
  • Reporting the app inside the app store
  • Keeping the app installed only long enough to preserve proof, then uninstalling if needed for safety and privacy

The NPC has stated that apps should prompt users to turn off, disallow, or revoke permissions once the purpose has been achieved. (National Privacy Commission)

3. Send a written privacy request or objection

If it is safe and practical, send a written message to the lending company, financing company, app operator, or its Data Protection Officer. Keep a copy and proof of sending.

Your message may ask them to:

  • Identify the legal basis for accessing or using your contacts
  • State what personal data they collected from your phone
  • Identify who received the data
  • Explain why your contacts were contacted
  • Stop contacting anyone except a properly declared guarantor
  • Delete or block unlawfully collected contact data
  • Provide the name and contact details of the collector or collection agency
  • Confirm in writing that the harassment or contact-list use has stopped

NPC procedure generally expects a complainant to first inform the personal information controller, processor, or concerned entity of the alleged violation and allow action or response, subject to exceptions where there is no plain, speedy, or adequate remedy or the act is patently illegal. (National Privacy Commission)

4. Report privacy violations to the National Privacy Commission

For misuse of contacts, unauthorized disclosure, excessive data collection, or unlawful processing of personal information, the main agency is the National Privacy Commission.

The NPC requires a complaint to be supported by evidence. Its complaint process may involve a filled-out and notarized complaint-assisted form or a verified complaint with supporting evidence and witness affidavits. Complaints may be filed personally, by registered mail, by courier, or through authorized email submission, depending on current NPC procedure. (National Privacy Commission)

Beginning 1 July 2025, the NPC implemented a new Complaint-Affidavit template and stopped accepting the old forms after a transition period. The current template asks complainants to identify the personal data involved, explain the alleged violation, and attach evidence that complies with the Rules on Electronic Evidence. (National Privacy Commission)

5. Report unfair collection to the SEC

For lending or financing companies, abusive debt collection, unregistered lending activity, or misleading loan practices, report the matter to the SEC, especially through its financing and lending company complaints channels.

The 2026 joint advisory identifies the SEC’s FINLEND unit and the SEC iMessage complaint system as reporting channels for abusive online lending behavior.

The SEC can impose regulatory consequences on covered financial service providers. Under RA 11765, regulators may take enforcement actions such as restrictions, suspension, fines, cease-and-desist orders, suspension of operations, and other administrative sanctions, depending on the violation. (Supreme Court E-Library)

6. Report threats, identity theft, or cyber harassment to cybercrime authorities

If the lending app or collector used threats, fake identities, fake legal documents, defamatory posts, identity theft, or online harassment, you may also report to:

Agency When it may help
NBI Cybercrime Division Identity theft, cyberlibel, online threats, fake accounts, fraudulent impersonation
PNP Anti-Cybercrime Group Cyber harassment, threats, online scams, unlawful online disclosures
DICT Cyber Hotline Cyber-related incident reporting and referral
Barangay or police station Immediate documentation of threats, harassment, or safety risks

RA 10175 designates the National Bureau of Investigation and the Philippine National Police as law enforcement authorities responsible for enforcing cybercrime laws. (Supreme Court E-Library)

Documents and Evidence to Prepare

Evidence or document Why it matters Practical note
Government ID Establishes your identity as complainant Use a clear copy; redact unnecessary details when sharing outside official channels.
Loan agreement or disclosure statement Shows the lender, amount, terms, and collection basis Save PDF copies and screenshots from the app.
Privacy notice and consent screens Shows what the app claimed it would collect and why Capture the entire screen, including date and app version if possible.
App permission screenshots Shows whether contacts, photos, camera, location, or files were requested Take screenshots before changing permissions.
Messages from collectors Shows harassment, threats, disclosure, or unfair collection Include sender number, date, time, and full message thread.
Screenshots from contacted persons Shows that third parties were contacted Ask contacts not to crop out the sender, date, or time.
Social media posts or group chats Shows public shaming or disclosure Preserve links, screenshots, group name, date, and participants if visible.
Witness statements or affidavits Supports the complaint with third-party accounts NPC complaints may require witness affidavits depending on the facts.
Written request to the app or company Shows you tried to assert your rights Keep email receipts, ticket numbers, or screenshots.
Proof of payment Useful if the app continues collection after payment Save receipts, bank confirmations, wallet transaction IDs, and reference numbers.

Common Real-Life Scenarios

“The app required contacts access before approving my loan.”

That does not automatically make the access lawful. If full contacts access was unnecessary, excessive, or not properly explained, the processing may violate the principles of transparency, legitimate purpose, and proportionality. The NPC has specifically prohibited unnecessary permissions involving personal or sensitive personal information. (National Privacy Commission)

“They messaged my mother, employer, and co-workers.”

If those people were not declared guarantors, this is a serious red flag. The 2026 joint advisory says online lending platforms should not contact people in the borrower’s contact list for debt collection except named guarantors.

“I listed my friend as a character reference. Is my friend liable?”

No, not merely because they were listed as a character reference. A character reference is not automatically a guarantor. The NPC requires separate treatment for character references and guarantors, and guarantors must expressly consent. (National Privacy Commission)

“I really owe the money. Do I still have privacy rights?”

Yes. A valid debt may be collected, but collection must still be lawful, fair, and proportionate. Owing money does not give a lender the right to shame you, expose your personal information, or harass unrelated people.

In the Philippines, inability to pay an ordinary civil debt is different from criminal fraud. Separate criminal issues may arise if there are facts such as deceit, falsified documents, bouncing checks, identity theft, or other punishable acts. But a collector should not use fake criminal threats to force payment.

“The app is based abroad. Can Philippine privacy law still help?”

Often, yes, if the app is operating in the Philippines, targeting Philippine borrowers, using Philippine collection channels, or processing the personal data of people in the Philippines. The NPC and SEC have been actively addressing online lending platforms that affect Philippine users.

For Filipinos abroad or foreigners outside the Philippines, practical filing may require extra steps. If documents are notarized abroad, authentication or consular requirements may arise depending on where the document will be used. The DFA explains that foreign documents for use in the Philippines generally need proper attestation or authentication through the appropriate foreign or consular process. (Apostille Government)

Where to File: NPC, SEC, NBI, PNP, or Barangay?

Problem Best office to consider Main purpose
App accessed or uploaded contacts without proper consent National Privacy Commission Data privacy complaint
App contacted non-guarantor contacts NPC and SEC Privacy violation and unfair collection
Harassing collection calls or abusive messages SEC Lending/financing company regulation
Public shaming using social media NPC, SEC, PNP ACG, or NBI CCD Privacy, unfair collection, and possible cybercrime
Fake police/court threats or identity theft NBI CCD or PNP ACG Cybercrime investigation
Immediate threats to safety Police station or barangay, then cybercrime authorities if online Incident documentation and urgent protection
Unclear lender identity or suspected illegal lending app SEC Check registration and report suspicious lending activity

These remedies can overlap. For example, if a lending app harvested your contacts and then posted your photo in a group chat, you may have both a privacy complaint and a cybercrime or unfair collection issue.

Practical Timelines and Bottlenecks

There is no single fixed timeline because each agency has its own docket, intake process, and workload. In practice, expect these common stages:

Stage Practical timeline Common bottleneck
Gathering screenshots and statements 1 to 7 days Contacts delete messages or forget details.
Sending written request to lender/app Same day to a few days App has no clear company name or Data Protection Officer.
Waiting for response, where required Often around 15 calendar days under NPC procedural rules, subject to exceptions Company ignores the complaint or uses automated replies.
Preparing NPC complaint Several days to a few weeks Notarization, organizing evidence, and witness affidavits.
SEC complaint intake Varies Need to identify the registered company or app operator.
Cybercrime report As soon as possible for serious threats Need original screenshots, account links, phone numbers, and device details.

The most common mistake is waiting too long. Messages disappear, app listings change, numbers get deactivated, and social media posts are deleted. Preserve evidence early.

Frequently Asked Questions

Can a lending app access all my contacts because I clicked “Allow”?

Not automatically. Phone permission is only one part of the issue. The app must still comply with the Data Privacy Act and NPC rules. Consent must be informed, specific, freely given, and proportionate to a legitimate purpose. Full phonebook access may be unlawful if it is unnecessary or excessive. (National Privacy Commission)

Can a lending app call my contacts if I miss a payment?

Generally, not for random contacts. For debt collection, the 2026 joint advisory says online lending platforms should not contact people in the borrower’s contact list except named guarantors. A character reference, employer, family member, or co-worker is not automatically a guarantor.

Is my character reference required to pay my loan?

No. A character reference is not automatically liable for your loan. A guarantor must be separately identified and must expressly consent. The app should not pressure a mere reference to pay. (National Privacy Commission)

What if the lending app says I agreed in the terms and conditions?

The company may point to its terms, but terms and conditions do not override the Data Privacy Act. Consent must still be clear, specific, informed, and proportionate. Hidden clauses, confusing screens, pre-ticked boxes, and coercive designs may be challenged.

Can I demand deletion of my contacts from the lending app?

Yes, where the data was unlawfully obtained, used without authorization, or processed in violation of your rights, you may request blocking, removal, or destruction of the personal data. The Data Privacy Act recognizes this right. (National Privacy Commission)

Can I complain even if I still owe money?

Yes. The debt issue and the privacy issue are separate. A lender may pursue lawful collection, but it must not use unlawful data processing, public shaming, harassment, or threats against unrelated people.

Can the lending app post my photo, ID, or debt on Facebook?

That is a serious red flag. Publicly posting your personal information or alleged debt may involve unauthorized disclosure, unfair collection, and possibly cybercrime issues depending on the content and method of posting. The 2026 advisory specifically mentions public shaming and unlawful use of personal data as reported abusive practices.

Should I file with the NPC or the SEC first?

File with the NPC for privacy violations such as unauthorized access, disclosure, or use of contacts. File with the SEC for abusive collection practices, unregistered lending activity, or violations by lending and financing companies. If both privacy misuse and unfair collection happened, both agencies may be relevant.

Can I file a complaint from abroad?

Yes, but prepare for practical requirements such as identity documents, organized evidence, and notarized or authenticated complaint documents if required. The NPC allows certain complaints to be filed personally, by registered mail, by courier, or through authorized email submission. For documents executed abroad, check authentication or consular requirements before filing. (National Privacy Commission)

Should I delete the lending app immediately?

Preserve evidence first if you can do so safely. Take screenshots of permissions, privacy notices, loan details, messages, and app information. Then revoke unnecessary permissions and uninstall the app if needed for privacy or safety.

Key Takeaways

  • Lending apps cannot freely use your contacts list as a debt collection weapon.
  • Clicking “Allow” on your phone does not automatically create valid consent under Philippine data privacy law.
  • Consent must be freely given, specific, informed, and proportionate to a legitimate purpose.
  • Debt collection should not target random contacts, employers, relatives, or friends who are not declared guarantors.
  • A character reference is not automatically liable for your loan.
  • Preserve screenshots, messages, call logs, app permission screens, privacy notices, and statements from affected contacts.
  • Report privacy violations to the National Privacy Commission and abusive lending or collection practices to the SEC.
  • For threats, identity theft, fake accounts, or online harassment, the NBI Cybercrime Division and PNP Anti-Cybercrime Group may also be appropriate.
  • Owing money does not erase your privacy rights, dignity, or protection from unlawful harassment.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

How to File an NPC Complaint Against a Lending App for Privacy Violations

If a lending app accessed your contacts, sent embarrassing messages to your family or co-workers, used your photo or ID to shame you, or kept collecting and sharing your personal data after you already asked them to stop, you may have grounds to file a complaint with the National Privacy Commission (NPC). In the Philippines, online lending apps are allowed to collect only the personal data that is necessary and lawful for loan-related purposes. They are not allowed to use your phonebook, photos, character references, or private information as weapons for harassment. This guide explains when an NPC complaint is proper, what evidence to prepare, how to file, what fees and timelines to expect, and when you may also need to report the lending app to the SEC, NBI, PNP, or DICT.

What Counts as a Privacy Violation by a Lending App?

A privacy violation happens when a lending app processes personal data in a way that violates the Data Privacy Act of 2012, or Republic Act No. 10173, its implementing rules, or NPC issuances.

“Processing” is a broad legal term. It includes collecting, recording, storing, using, sharing, disclosing, deleting, or otherwise handling personal information. For lending apps, this may involve your:

  • Name, phone number, address, email, birthday, and employment details
  • Government IDs, selfies, signatures, bank details, GCash or Maya information
  • Contact list, call logs, gallery, camera, device information, or location data
  • Character references, relatives, employer, co-workers, or social media contacts
  • Loan application details, payment history, and credit-scoring information

A lending app complaint is usually strongest when the problem is not merely “high interest” or “I cannot pay.” The NPC focuses on privacy and personal data violations. The issue is how the lending app collected, used, shared, retained, or disclosed personal data.

Common examples include:

  • The app accessed your full contact list even though only one or two references were needed.
  • Collectors texted your relatives, employer, co-workers, classmates, or neighbors about your debt.
  • The app called or threatened people who were only character references, not guarantors.
  • Your photo, ID, or “wanted” poster was sent to group chats or posted online.
  • The app used your gallery, camera, location, or contacts for debt collection or harassment.
  • The app refused to explain what data it collected or refused to delete data no longer needed.
  • You were added as a character reference without your consent and then harassed.
  • The app continued processing your information after the loan was denied, cancelled, or fully paid without a lawful reason.

An unpaid loan does not erase your privacy rights. A creditor may pursue lawful collection, but it cannot use unlawful or excessive data processing to pressure, shame, threaten, or expose you.

Legal Basis: Your Privacy Rights Against Lending Apps

The Data Privacy Act protects borrowers and affected third persons

The Data Privacy Act of 2012 applies to personal information controllers and processors that handle personal data in the Philippines. A lending company or financing company that decides what borrower data to collect and how to use it is generally a personal information controller.

Under the law, personal data processing must follow core principles, especially:

  • Transparency — you should be told what data is collected, why, how it will be used, who will receive it, and how long it will be kept.
  • Legitimate purpose — the processing must be for a declared, lawful, and specific purpose.
  • Proportionality — the data collected must be adequate, relevant, suitable, necessary, and not excessive.

Section 16 of the Data Privacy Act gives data subjects important rights, including the right to be informed, the right to access personal data, the right to correct inaccurate data, the right to object, the right to blocking or removal in proper cases, and the right to indemnity for damages when privacy rights are violated.

The Supreme Court has also recognized informational privacy as a person’s ability to control information about themselves. In Vivares v. St. Theresa’s College, G.R. No. 202666, the Court discussed informational privacy especially in situations where information is collected or used in improper ways.

NPC rules specifically cover online lending apps

The NPC issued NPC Circular No. 20-01, the Guidelines on the Processing of Personal Data for Loan-Related Transactions, after many complaints against online lending apps that accessed contacts, cameras, locations, and storage.

The circular applies to lending companies, financing companies, and persons acting as such, including online lending apps and their service providers. It covers activities such as:

  • Know-your-customer checks
  • Creditworthiness assessment
  • Loan approval
  • Loan servicing
  • Repayment and collection
  • Remedial measures for unpaid loans

The NPC later amended these rules through NPC Circular No. 2022-02. The amendments made the rules clearer for app permissions, contact lists, character references, and guarantors.

Important rules include:

  • Lending apps must not request unnecessary app permissions.
  • Permissions should begin only when the information is actually necessary.
  • Once the purpose is fulfilled, the app must prompt the user to turn off or revoke the permission.
  • Borrower photos must not be used to harass, embarrass, or shame the borrower.
  • Unbridled access to a contact list is prohibited.
  • Contacting people in a borrower’s contact list for debt collection is prohibited unless the person is a true guarantor.
  • A character reference is not automatically a guarantor.
  • A guarantor must separately and expressly agree to be bound for the debt.

This is important because many lending apps blur the line between a “reference” and a “guarantor.” Under the Civil Code concept of guaranty, particularly Article 2047 of the Civil Code of the Philippines, Republic Act No. 386, a guarantor binds themselves to answer for another person’s obligation. Merely being named as a reference does not automatically make someone liable for the loan.

The 2026 DICT-NPC-SEC advisory confirms the government focus on abusive lending apps

In the 2026 DICT-NPC-SEC Public Advisory on Online Lending Platforms, the government warned the public about online lending platforms involved in harassment, intimidation, public shaming, and unlawful use of personal data.

The advisory emphasized that:

  • Unnecessary app permissions are prohibited.
  • Excessive or disproportionate contact list processing is prohibited.
  • Contacting non-guarantors for debt collection is prohibited.
  • Character references may be contacted only for verification, not collection.
  • Borrower data should be retained only as long as necessary.
  • Deceptive consent practices, such as pre-ticked boxes or designs that make withdrawal difficult, may invalidate consent.

Before Filing: Do You Need to Contact the Lending App First?

Usually, yes.

Under the 2021 NPC Rules of Procedure, as amended, the NPC generally requires the complainant to first inform the personal information controller, processor, or concerned entity in writing and give it an opportunity to act. If the entity does not respond or take timely and appropriate action within 15 calendar days from receipt, you may proceed with the NPC complaint.

This is called exhaustion of remedies. In simple terms, the NPC wants to see that you first tried to raise the privacy issue directly with the lending app, unless there is a good reason not to.

What to send to the lending app before filing

Your written notice does not need to be complicated. It should clearly state:

  • Your name and contact details
  • The app name and loan account, if any
  • The privacy violation complained of
  • The date and time of the incident
  • What personal data was used or disclosed
  • Who received the messages, calls, posts, or threats
  • What you are asking the app to do

You may ask the lending app to:

  • Stop accessing or using your contact list
  • Stop contacting non-guarantors
  • Stop using your photo, ID, or private information for collection
  • Delete personal data that is no longer necessary
  • Remove posts, messages, or public shaming materials
  • Identify its data protection officer or privacy contact
  • Provide a copy of its privacy notice and explanation of processing
  • Preserve records, logs, call recordings, and collector identities

Send this through a channel you can prove later, such as email, in-app support ticket, registered mail, or a screenshot-confirmed customer service chat. Keep proof of sending and proof of receipt if available.

The NPC may waive the prior notice requirement for good cause or serious violations. For example, if collectors are actively threatening you, spreading your photo, or contacting your employer in a way that worsens every hour, explain in your complaint why immediate NPC action is needed.

Step-by-Step Guide: How to File an NPC Complaint Against a Lending App

1. Identify the lending app and the responsible company

Start by gathering every identifying detail you can find. Many abusive apps use different app names, business names, collector names, and payment channels.

Look for:

  • App name and app store link
  • Developer name on Google Play, Apple App Store, or APK source
  • Company name in the loan agreement, privacy policy, SMS, email, or payment instruction
  • SEC registration name, if shown
  • Customer service email, hotline, Viber, WhatsApp, Telegram, or Facebook page
  • Data protection officer contact, if available
  • Collector names, numbers, or accounts
  • Payment account names, bank accounts, e-wallet numbers, or remittance names

If you cannot identify the legal company, do not leave the respondent section vague. State the app name and include all available clues. Attach screenshots of the app store page, privacy policy, loan contract, messages, and payment instructions.

2. Preserve evidence before deleting the app

Evidence is the heart of an NPC complaint. Do not rely only on memory. Capture proof while the messages, posts, permissions, and app pages are still available.

Useful evidence includes:

  • Screenshots of threatening or shaming messages
  • Screenshots showing the sender’s phone number, profile, email, or account
  • Call logs showing repeated collection calls
  • Screen recordings of the app permissions requested
  • Screenshots of the app’s privacy notice and consent screens
  • Copies of the loan agreement, payment schedule, and disclosure statements
  • Messages sent to your contacts, relatives, employer, or co-workers
  • Affidavits or written statements from people who received messages or calls
  • Posts, group chat messages, “wanted” posters, edited photos, or public accusations
  • Proof that you asked the lending app to stop
  • The app’s reply, refusal, or failure to respond after 15 calendar days
  • Proof of payment, full settlement, denied application, or account closure if relevant
  • Screenshots of the app store listing and developer information

For screenshots, include the full screen when possible, not just cropped messages. The date, time, sender, recipient, phone number, URL, account name, or group chat name can matter.

3. Download the current NPC Complaint-Affidavit form

The NPC requires a specific complaint format. Use the current form from the NPC filing a complaint page or the current NPC Complaint-Affidavit with Q&A.

The form asks for:

  • Complainant information
  • Respondent information
  • The personal information involved
  • The alleged privacy violations
  • The date, time, and place of the incident
  • A narration of facts
  • Evidence attached
  • Reliefs requested
  • Verification and certification against forum shopping

Use the updated form. Old forms may be rejected or may cause delay.

4. Write the facts in chronological order

The NPC does not need dramatic language. It needs a clear timeline.

A practical format is:

  1. When you downloaded the app
  2. What permissions the app requested
  3. What personal data you submitted
  4. Whether the loan was approved, denied, paid, overdue, or disputed
  5. What the app or collectors did
  6. Who received calls or messages
  7. What personal data was disclosed
  8. When you asked the app to stop
  9. Whether the app responded within 15 calendar days
  10. What harm or damage happened

For example:

On 10 May 2026, I downloaded the ABC Loan app from Google Play. The app required access to my contacts and camera before I could submit my loan application. On 15 May 2026, after I missed the payment deadline, collectors using mobile numbers 09xx and 09xx sent messages to my employer and relatives stating that I was a scammer and attaching my profile photo. These persons were not guarantors. On 16 May 2026, I emailed the app requesting them to stop contacting my contacts and delete unnecessary data. No response was received after 15 calendar days.

5. Match the facts to possible Data Privacy Act violations

You do not need to sound like a lawyer, but it helps to connect the facts to the law.

Possible violations may include:

Possible violation What it may look like in a lending app case
Unauthorized processing Accessing contacts, photos, gallery, or location without valid consent or lawful basis
Processing for unauthorized purposes Using KYC photos, IDs, or contact data for harassment or public shaming
Malicious disclosure Sharing personal data to shame, embarrass, or pressure the borrower
Unauthorized disclosure Revealing loan details to relatives, employers, co-workers, or group chats
Violation of data subject rights Refusing access, correction, deletion, blocking, or information requests
Violation of proportionality Collecting a whole contact list when only specific references were needed
Failure to implement security measures Allowing collectors or third parties to misuse borrower data

The NPC form includes references to specific Data Privacy Act offenses, such as unauthorized processing, accessing due to negligence, improper disposal, processing for unauthorized purposes, malicious disclosure, and unauthorized disclosure. Choose the items that honestly match your facts.

6. Notarize the complaint and prepare your ID

The complaint must be verified and notarized. Bring a valid government-issued ID when signing before a notary public.

The NPC form recognizes common IDs such as:

  • Philippine passport
  • Driver’s license
  • PRC ID
  • Postal ID
  • Voter’s ID
  • GSIS card
  • SSS card
  • TIN card
  • Student ID

If you are abroad, notarization or authentication may require extra steps. The NPC Rules allow a non-resident Filipino citizen with no Philippine representative to submit a complaint notarized by a Philippine embassy or consulate, or apostilled in the country of origin when applicable.

If someone will file for you, prepare a Special Power of Attorney (SPA). For a company or juridical entity, the representative generally needs an SPA and corporate authority, such as a board resolution or secretary’s certificate.

7. File the complaint with the NPC

According to the NPC’s official filing instructions, a complaint may be submitted:

  • Personally at the NPC
  • By courier or registered mail
  • By scanning and emailing the notarized complaint and attachments to complaints@privacy.gov.ph

The NPC’s listed office is at The Upper Class Tower, Quezon Avenue corner Scout Reyes Street, Quezon City, based on the NPC contact page. Check the official page before visiting because government office locations and receiving arrangements may change.

For electronic filing, prepare the complaint and attachments in PDF when practicable. Use clear file names, such as:

  • Complaint-Affidavit_JuanDelaCruz.pdf
  • Annex A_App Store Page.pdf
  • Annex B_Threatening Messages.pdf
  • Annex C_Messages to Employer.pdf
  • Annex D_Written Notice to Lending App.pdf
  • Annex E_Proof of Non-Response.pdf

Make the evidence easy to follow. A well-organized complaint is easier to evaluate than a folder of random screenshots.

What to Put in the NPC Complaint-Affidavit

Use simple, factual language. The table below shows what the NPC usually needs to understand in a lending app privacy complaint.

Part of complaint What to include
Complainant Your complete name, address, email, mobile number, and valid ID
Respondent App name, company name, developer, email, numbers, website, app store link, collector accounts
Personal data involved Name, phone number, contacts, photos, ID, address, employer, loan details, messages, location, device data
Violation Contact list harvesting, public shaming, unauthorized disclosure, excessive permissions, refusal to delete data
Date, time, place Exact dates and times when possible; if continuing, state the period
Narration A chronological story of what happened
Evidence Screenshots, call logs, affidavits, privacy policy, app permissions, demand letter, proof of receipt
Prior notice Copy of your written complaint to the app and proof of non-response or inadequate response
Reliefs requested Stop processing, delete data, takedown, damages, administrative fines, recognition of rights violated

Sample reliefs you may ask for

Depending on your facts, you may request that the NPC:

  • Order the lending app to stop contacting non-guarantors
  • Order deletion, blocking, or destruction of unnecessary personal data
  • Order removal of posts, images, or public shaming materials
  • Declare that the app violated your rights under the Data Privacy Act
  • Impose administrative fines or other appropriate penalties
  • Award indemnity or damages when supported by evidence
  • Issue appropriate orders to prevent continued unlawful processing

Do not ask for relief that has nothing to do with privacy. For example, the NPC is not the usual forum to recompute interest, declare a loan void, or settle the amount of debt. Those issues may belong to the SEC, courts, or another agency depending on the facts.

Fees, Documents, and Timelines

The NPC has a Schedule of Fees and Charges. Fees may change, so always check the latest NPC issuance before paying.

Item Current practical detail
Filing fee for complaint ₱500
Additional fee if claiming damages Depends on the amount claimed
Motion for reconsideration ₱500
Application for cease and desist order ₱1,000
Temporary ban bond Computed under NPC rules, with a stated maximum under the fee circular
Mediation fee ₱500, shared equally by parties applying for mediation
Legal research fee Generally 1% of filing fee, but not less than ₱10
Indigent complainants May be exempt if they meet income and property requirements and submit required proof

Typical documents include:

  • Notarized NPC Complaint-Affidavit
  • Valid government-issued ID
  • Evidence and annexes
  • Proof of written notice to the lending app
  • Proof of receipt or proof of no response after 15 calendar days
  • Witness affidavits, if available
  • SPA, if filing through a representative
  • Consular notarization or apostille, if applicable for overseas filing

Practical timeline

Stage Usual timing
Written notice to lending app Wait 15 calendar days from receipt, unless waiver is justified
NPC initial evaluation The investigating officer generally has 30 calendar days from receipt to give due course or dismiss without prejudice
Mediation, if approved May run up to 60 days from preliminary mediation conference, extendible by 30 days, not exceeding 90 days
Temporary ban application Can add a separate process and may suspend the main complaint while resolved
Full process up to final adjudication NPC public guidance estimates around 10 to 12 months, depending on complexity

Delays often happen because of incomplete addresses, missing notarization, unclear evidence, failure to show prior written notice, or difficulty identifying the real operator behind the app.

What Happens After Filing

After you file, the NPC’s Complaints and Investigation Division reviews whether the complaint is sufficient in form and substance.

Possible outcomes at the early stage include:

  • The complaint is given due course.
  • The complaint is dismissed without prejudice because it is incomplete or premature.
  • The NPC asks for clarification or additional documents.
  • The matter may proceed to mediation, investigation, or adjudication depending on the rules and circumstances.

If the case proceeds, the respondent may be required to answer. The NPC may conduct conferences, mediation, investigation, or further proceedings. If the matter is resolved through mediation, the settlement may include deletion of data, takedown of posts, an agreement to stop contacting third parties, payment, apology, or other terms acceptable under the rules.

If the case goes to adjudication, the NPC may issue orders, impose administrative sanctions, award indemnity when proper, or refer matters for possible criminal prosecution when the facts support it.

Temporary ban or urgent relief

If the lending app is actively spreading your data, contacting your employer, posting your photo, or continuing unlawful processing, you may ask for urgent relief such as a temporary ban or cease-and-desist-type remedy when supported by the rules and facts.

This is not automatic. You must clearly show why immediate action is needed, what processing should be stopped, and what harm may continue if the NPC waits for the full case to finish.

Common Mistakes That Delay or Weaken NPC Complaints

Filing without proof of prior notice

The NPC usually requires proof that you informed the lending app first and waited 15 calendar days. If you did not do this, explain why the case involves serious violations or urgent circumstances.

Submitting screenshots without context

A screenshot of a rude message helps, but it is stronger if it shows the sender, date, time, phone number, recipient, and connection to the lending app.

Deleting the app too early

Before uninstalling, record the app name, permissions, privacy policy, consent screens, loan account details, and messages. Once deleted, some information may be hard to recover.

Treating a collection dispute as a privacy complaint

The NPC is not mainly a debt-restructuring agency. Focus on the misuse of personal data: contact harvesting, disclosure, harassment, public shaming, excessive permissions, and refusal to honor data rights.

Naming only the app but not the operator

Many lending apps change names or use third-party collectors. Include all identifying details: developer, company name, payment accounts, phone numbers, email addresses, privacy policy, app store links, and collector accounts.

Using an old form or unsigned complaint

The NPC requires the proper complaint format. A complaint that is not signed, verified, notarized, or supported by required documents may be dismissed or delayed.

Overstating facts

Do not exaggerate. A calm, date-based, evidence-backed complaint is more persuasive than an emotional narrative with unsupported accusations.

Special Situations: Borrowers, References, Guarantors, OFWs, and Foreigners

If you are the borrower

You can file if your own personal data was misused. Even if you owe money, the lending app must still follow the Data Privacy Act and NPC lending app rules. The debt may still be collected through lawful means, but collectors cannot use unlawful disclosure, threats, or public shaming.

If you are only a character reference

You may also be a data subject if your name, number, messages, or other personal information was processed. A character reference may be contacted for verification, but not automatically for collection. You are not automatically liable for the borrower’s debt.

If collectors repeatedly call or text you, disclose the borrower’s debt, pressure you to pay, or threaten you, preserve the messages and consider filing your own NPC complaint as an affected data subject.

If you are a guarantor

A true guarantor is different from a character reference. A guarantor must expressly agree to answer for the borrower’s obligation. Even then, the lending app must still process personal data lawfully and proportionately. Threats, public shaming, excessive disclosure, or harassment may still create privacy and collection issues.

If you are an OFW or Filipino abroad

You may file even if you are outside the Philippines. If you have no Philippine representative, prepare for consular notarization or apostille requirements. If a relative will file for you, execute an SPA and include clear authority to file, sign, receive notices, and act in the NPC case.

If you are a foreigner

The Data Privacy Act can protect foreign nationals when the processing has a Philippine connection, such as when the lending company operates in the Philippines, uses equipment in the Philippines, maintains a Philippine office or agent, or processes data involving Philippine residents or transactions.

In your complaint, explain the Philippine link clearly. Attach evidence that the app operates in the Philippines, targets Philippine borrowers, uses Philippine payment channels, has a Philippine address, or is connected to a Philippine lending or financing company.

NPC Complaint vs SEC Complaint vs NBI, PNP, or DICT Report

Some lending app cases involve more than one legal issue. An NPC complaint is for privacy violations, but other agencies may handle lending regulation, cybercrime, threats, or scams.

Problem Possible forum
Contact list harvesting, unauthorized disclosure, public shaming, misuse of photos or IDs NPC
Unfair debt collection by lending or financing company SEC, especially through SEC iMessage
Violation of SEC collection rules SEC under issuances such as SEC Memorandum Circular No. 18, Series of 2019
Threats, extortion, identity misuse, cyber harassment, fake posts, scams NBI Cybercrime Division, PNP Anti-Cybercrime Group, or DICT Cyber Hotline
Pure dispute over loan amount, interest, or payment SEC, courts, or other proper forum depending on the facts
Defamation, threats, coercion, or harassment Possible criminal, civil, or cybercrime remedies depending on the act

Some acts may fall under the Revised Penal Code, such as grave threats, unjust vexation, coercion, libel, or slander, and may become cyber-related when committed through information and communications technology under the Cybercrime Prevention Act of 2012, or RA 10175. Privacy complaints and criminal complaints are separate. Filing one does not automatically resolve the other.

Frequently Asked Questions

Can I file an NPC complaint even if I still owe the lending app money?

Yes. Owing money does not waive your privacy rights. The lending app may pursue lawful collection, but it cannot unlawfully access your contacts, shame you publicly, disclose your debt to non-guarantors, misuse your photos, or process excessive personal data.

Can a lending app message my contacts?

A lending app cannot use your entire contact list for debt collection. Under NPC rules, character references are generally for verification. For collection, the app may contact a true guarantor, but a character reference is not automatically a guarantor.

What if I clicked “Allow Contacts” or agreed to the app’s terms?

Consent must be freely given, specific, informed, and limited to a lawful purpose. A broad “allow contacts” button does not automatically justify unbridled harvesting, harassment, public shaming, or contacting non-guarantors. Deceptive or excessive consent practices may also be questioned.

Do I need a lawyer to file with the NPC?

The NPC complaint process is designed so individuals can file using the official Complaint-Affidavit form. A lawyer is not strictly required for a basic complaint, but legal help can be useful if the case involves large damages, multiple respondents, criminal issues, foreign documents, or complex evidence.

Can a character reference file a complaint?

Yes, if the character reference’s own personal data was processed or misused. For example, if collectors repeatedly contacted you, disclosed the borrower’s debt, threatened you, or used your number beyond verification, you may be an affected data subject.

Where do I email an NPC complaint?

The NPC’s official complaint email is complaints@privacy.gov.ph. Attach the notarized complaint-affidavit, valid ID, and evidence. Check the NPC complaint filing page for the current form and latest instructions before submitting.

How long does an NPC complaint take?

Initial evaluation generally happens within 30 calendar days from receipt, but the full process can take months. NPC public guidance estimates around 10 to 12 months up to final adjudication, depending on complexity, mediation, temporary relief applications, and the parties’ submissions.

Can I ask the NPC to make the lending app delete my data?

Yes, if the facts support it. You may request blocking, removal, destruction, takedown, or cessation of unlawful processing. The NPC will evaluate whether the data is still necessary, whether there is a lawful basis to retain it, and whether your rights under the Data Privacy Act were violated.

What if the lending app is not registered or I cannot find the company name?

Still gather and submit all identifying evidence: app name, app store link, developer name, screenshots, payment accounts, collector numbers, privacy policy, loan documents, and messages. You may also report lending or financing violations to the SEC and cyber-related threats or scams to the proper cybercrime authorities.

Should I uninstall the lending app immediately?

Preserve evidence first. Take screenshots or recordings of the app permissions, account page, privacy notice, loan details, messages, and settings. After preserving evidence, you may revoke unnecessary permissions through your phone settings and uninstall the app if needed for your safety and privacy.

Key Takeaways

  • The NPC handles privacy violations by lending apps, especially unauthorized processing, excessive app permissions, contact list misuse, public shaming, and unlawful disclosure.
  • A lending app cannot treat your entire phonebook as a collection tool.
  • A character reference is not automatically a guarantor.
  • Before filing, you usually need to notify the lending app in writing and wait 15 calendar days, unless serious or urgent circumstances justify waiver.
  • Use the current NPC Complaint-Affidavit form, notarize it, attach a valid ID, and organize your evidence clearly.
  • The basic NPC complaint filing fee is currently ₱500, with possible additional fees depending on damages and other applications.
  • NPC cases can take months, but urgent relief may be available when unlawful processing is ongoing.
  • Privacy complaints may be filed separately from SEC complaints, cybercrime reports, or other remedies when the facts involve unfair collection, threats, scams, or harassment.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

How to Stop SMS Harassment from Online Lending Apps in the Philippines

If an online lending app keeps sending threatening SMS messages, texting your contacts, calling your employer, or shaming you over a loan, the most important thing to know is this: owing money does not give a lender the right to harass you, threaten you, or misuse your personal data. Philippine law allows legitimate debt collection, but it must be done lawfully, fairly, and with respect for your privacy. This guide explains what counts as illegal SMS harassment, what laws protect you, what evidence to save, where to complain, and how to make your complaint strong enough for the SEC, NPC, police, or prosecutors to act.

What Counts as SMS Harassment by an Online Lending App?

SMS harassment usually happens when a lending app, financing company, lending company, or third-party collection agent uses pressure tactics that go beyond lawful collection.

Common examples include:

  • Repeated threatening texts such as “Ipapakulong ka namin,” “Pupuntahan ka namin,” or “Ipapahiya ka namin sa trabaho.”
  • Texting your family, friends, co-workers, or employer about your debt.
  • Sending your photo, ID, or loan details to other people.
  • Calling you a scammer, thief, estafador, or criminal without a valid court finding.
  • Threatening violence, arrest, barangay action, deportation, or “legal raid.”
  • Using fake titles such as “attorney,” “sheriff,” “police,” “NBI,” or “court officer.”
  • Collecting through insults, profanity, sexual comments, or degrading language.
  • Demanding payment through a personal GCash, Maya, bank account, or number not clearly connected to the registered lender.
  • Contacting you before 6:00 a.m. or after 10:00 p.m. in a manner prohibited by SEC rules.
  • Using information from your phone contacts, gallery, location, or social media to pressure you.

Not every collection message is illegal. A lender may remind you of a due date, ask for payment, send a statement of account, or inform you that it may pursue lawful remedies. The problem begins when the collection method becomes abusive, deceptive, threatening, privacy-invasive, or directed at people who are not legally responsible for your loan.

Your Basic Rights as a Borrower in the Philippines

You cannot be jailed simply for unpaid debt

The 1987 Philippine Constitution states that no person shall be imprisoned for debt. This means a borrower cannot be jailed merely because they failed to pay a civil loan obligation. (Supreme Court E-Library)

However, this does not mean loans can be ignored. A lender may still file a proper civil collection case, report legitimate credit information through lawful channels, or take other legal steps allowed by law. Criminal liability may arise only if there is a separate crime, such as fraud, falsification, identity theft, threats, or bouncing checks, depending on the facts.

A lender may collect, but only through lawful and fair means

The Securities and Exchange Commission regulates lending companies under the Lending Company Regulation Act of 2007, or Republic Act No. 9474, and financing companies under related laws. SEC Memorandum Circular No. 18, Series of 2019 specifically prohibits unfair debt collection practices by financing companies, lending companies, and their third-party service providers. (Lawphil)

Under SEC MC No. 18, prohibited practices include:

  • Use or threat of violence or other criminal means.
  • Threats to take action that cannot legally be taken.
  • Obscenities, insults, or profane language that amount to abuse.
  • Disclosure or publication of borrowers’ names and personal information for allegedly refusing to pay.
  • Communicating false loan information to others.
  • False representation or deceptive means to collect.
  • Contacting the borrower at unreasonable or inconvenient times, subject to the circular’s specific rules.
  • Contacting people in the borrower’s contact list other than those named as guarantors or co-makers, even if the borrower supposedly gave consent.

This last rule is very important. If the lending app texts your mother, spouse, employer, co-worker, or random phone contacts even though they are not your guarantor or co-maker, that can be an unfair debt collection practice.

Your personal data is protected

The Data Privacy Act of 2012, or Republic Act No. 10173, protects personal information handled by private companies and government agencies. Borrowers are “data subjects,” which means they have rights over personal data collected, stored, used, shared, or disclosed by a lending app. The National Privacy Commission explains that data subjects have rights such as the right to be informed, access, correction, objection, erasure or blocking, and damages for misuse of personal data. (National Privacy Commission)

For online lending, the NPC issued rules on loan-related transactions. NPC Circular No. 20-01 and NPC Circular No. 2022-02 address the use of personal data in loan applications, character references, loan collection, and closure of accounts. The NPC has repeatedly acted against online lending apps that accessed contact lists or other phone data in ways that violated the principles of transparency, legitimate purpose, and proportionality. (National Privacy Commission)

In plain English: a lending app should not collect more data than necessary, hide what it will do with your data, or use your data for harassment.

What Laws May Apply to SMS Harassment?

Problem Possible legal basis Where it usually goes
Threats, insults, public shaming, contacting non-guarantor contacts SEC MC No. 18, Series of 2019 SEC
Accessing contact lists, photos, IDs, phone data, or sharing debt information RA 10173, Data Privacy Act; NPC Circulars on loan-related transactions NPC
Threats of harm, intimidation, coercion, repeated abusive conduct Revised Penal Code Articles 282, 285, 286, 287 Police, prosecutor
Defamatory posts or messages online Revised Penal Code libel provisions; RA 10175 Cybercrime Prevention Act Police, NBI, prosecutor
Identity theft, fake accounts, unauthorized use of your photo or details RA 10175 Cybercrime Prevention Act; Data Privacy Act PNP-ACG, NBI Cybercrime, DOJ-OOC, NPC
Bank, e-wallet, or BSP-supervised financial institution issue RA 11765; BSP consumer assistance channels BSP
SEC-regulated lending or financing company issue RA 11765; SEC rules SEC

The Financial Products and Services Consumer Protection Act, Republic Act No. 11765, also protects financial consumers and gives financial regulators such as the SEC, BSP, Insurance Commission, and CDA authority over financial service providers within their jurisdiction. It covers financial products and services, including credit, and recognizes consumer rights such as fair treatment, disclosure, data privacy, and timely complaint handling. (Supreme Court E-Library)

Step-by-Step Guide: How to Stop SMS Harassment from Online Lending Apps

1. Preserve evidence before blocking, deleting, or uninstalling

Do not rely on memory. Agencies will need proof.

Save:

  • Screenshots of all SMS messages, with date, time, sender number, and full content visible.
  • Call logs showing repeated calls.
  • Messages sent to your contacts, employer, relatives, or friends.
  • Screenshots from the people who received the messages.
  • The app name, logo, developer name, website, Facebook page, or Play Store/App Store page.
  • Loan agreement, disclosure statement, amortization schedule, interest, penalties, and charges.
  • Proof of payments.
  • Screenshots of app permissions, privacy policy, and terms before uninstalling.
  • Any threats using fake police, court, barangay, lawyer, or NBI language.
  • Wallet or bank account details where the collector demanded payment.

For stronger evidence, export or back up SMS threads, save screen recordings, and keep the original phone if possible. Screenshots are useful, but investigators may later ask to inspect the original device or message source.

2. Identify the real company behind the app

Many apps use brand names different from the company’s legal name. Look for:

  • Company name in the loan agreement.
  • SEC registration number.
  • Certificate of Authority number, if shown.
  • Privacy policy company name.
  • Collection agency name.
  • Email address, website, office address, and customer service number.
  • Payment account name.

If the app hides the legal company name, say that in your complaint. Concealment or confusing identity is itself relevant because SEC MC No. 18 requires collection personnel to disclose their full name or true identity to the borrower.

3. Send one firm written notice to the lender

A short written notice can help show that you objected and gave the company a chance to stop. Send it through the app’s customer support email, in-app support, official Facebook page, or registered contact details.

You can use this wording:

I am requesting that all collection communications be made only through lawful, respectful, and privacy-compliant means. Do not contact my relatives, employer, co-workers, or phone contacts unless they are legally named as guarantors or co-makers. Do not disclose my personal information, loan details, photo, ID, or alleged debt to third parties. Please identify the registered company name, SEC registration details, Certificate of Authority, name of the collector, statement of account, and lawful basis for processing my personal data. I reserve my rights to file complaints with the SEC, NPC, and law enforcement for unfair debt collection, data privacy violations, threats, and harassment.

Keep proof that you sent it.

Do not argue emotionally. Do not send insults back. Do not admit facts that are not true. Do not send new IDs, passwords, OTPs, selfies, or contact lists.

4. Revoke unnecessary app permissions

After saving evidence, review your phone permissions.

On Android or iPhone, check whether the app has access to:

  • Contacts
  • Photos or gallery
  • Camera
  • Microphone
  • Location
  • Files
  • SMS
  • Call logs
  • Social media login

Revoke anything unnecessary. If the app will not function without excessive permissions, take screenshots showing that. The NPC has treated excessive and unnecessary app permissions in online lending as a serious privacy issue, especially where the permissions allow access to contact lists, location, storage, or other data not proportionate to loan processing. (National Privacy Commission)

5. File a complaint with the SEC for unfair debt collection

File with the Securities and Exchange Commission when the issue involves:

  • Harassing or abusive collection.
  • Contacting your contacts, employer, or relatives.
  • Misleading threats of arrest, court action, or criminal cases.
  • Hidden charges, excessive penalties, or unclear loan terms.
  • Unregistered or suspicious lending activity.
  • Collection agents refusing to identify themselves.
  • Apps operating as lending or financing companies without proper authority.

The SEC has an iMessage ticketing system for public inquiries, complaints, incidents, and requests, which provides ticket tracking and centralized handling. (Securities and Exchange Commission)

In your SEC complaint, include:

  1. Your full name, contact details, and address.
  2. App name and company name, if known.
  3. Loan amount, date borrowed, due date, payments made, and current dispute.
  4. Exact harassment incidents, arranged by date.
  5. Screenshots and files as attachments.
  6. Names and numbers of collectors, if visible.
  7. Names of third parties contacted, with their screenshots.
  8. Specific request: investigation, order to stop harassment, sanctions, and verification of authority to operate.

SEC MC No. 18 allows administrative penalties, including fines. For repeated or serious violations, the SEC may impose heavier sanctions, including suspension or revocation of authority to operate, depending on the circumstances.

6. File a complaint with the NPC for data privacy violations

File with the National Privacy Commission when the lending app:

  • Accessed or used your contact list.
  • Texted or called your contacts.
  • Sent your photo, ID, or loan details to others.
  • Posted or threatened to post your personal information.
  • Used your data for purposes not properly disclosed.
  • Refused to delete or correct unlawfully obtained data.
  • Continued processing your personal data after you objected.
  • Required excessive phone permissions.

The NPC says formal complaints must follow a specific format. Its complaint procedure includes downloading the form, printing and filling it out, having it notarized, and submitting it in person, by courier, or by scanning and emailing the notarized complaint to the NPC. Fees may apply under the NPC fee schedule. (National Privacy Commission)

A strong NPC complaint should include:

  • A notarized complaint-affidavit.
  • Copy of government ID or passport.
  • Screenshots of the harassment.
  • Screenshots from contacted third parties.
  • Privacy policy and app permission screenshots.
  • Loan agreement or account screenshots.
  • Written request you sent to the lender, if any.
  • Timeline of events.
  • Clear explanation of what data was misused and how.

For OFWs or foreigners abroad, notarization can be the bottleneck. If a Philippine agency requires a notarized affidavit executed abroad, check whether the document should be acknowledged before a Philippine Embassy or Consulate, or notarized locally and apostilled if the country is part of the Apostille Convention. Keep both scanned and original copies because agencies may accept an emailed scan for initial filing but later require originals.

7. Report threats or cyber harassment to law enforcement

If the SMS messages contain threats of harm, blackmail, identity theft, fake accounts, sexualized harassment, defamatory posts, or impersonation of authorities, consider a criminal complaint.

Possible offices include:

  • PNP Anti-Cybercrime Group.
  • NBI Cybercrime Division.
  • DOJ Office of Cybercrime.
  • Local police station for immediate threats or blotter documentation.
  • City or provincial prosecutor’s office for formal criminal complaints.

The DOJ Office of Cybercrime has publicly encouraged reporting of unfair debt collection practices and cyber harassment involving online lending companies. (Department of Justice)

Relevant criminal provisions may include:

  • Article 282, Revised Penal Code — grave threats, when a person threatens another with a wrong amounting to a crime.
  • Article 285 — other light threats.
  • Article 286 — grave coercion, when someone uses violence, threats, or intimidation to compel another to do something against their will.
  • Article 287 — unjust vexation or other coercions, often raised for repeated acts that unjustly annoy, distress, or disturb a person.
  • RA 10175, Cybercrime Prevention Act of 2012 — for covered acts committed through information and communications technology, including online libel and computer-related offenses. (Lawphil)

The Supreme Court in Disini v. Secretary of Justice, G.R. No. 203335 upheld cyberlibel as online defamation under the Cybercrime Prevention Act, explaining that online defamation is treated as a similar means of committing libel under the Revised Penal Code. (Lawphil)

8. Secure your accounts and warn your contacts calmly

If your contacts are receiving messages, send a short neutral warning:

Please ignore any messages from people claiming I owe money or asking for payment. They are not authorized to contact you about my private account. Please send me screenshots, including the number, date, and full message, so I can include them in official complaints.

Do not ask contacts to fight with collectors. The goal is to gather clean evidence, not create more conflict.

Also secure your accounts:

  • Change passwords for email and social media.
  • Turn on two-factor authentication.
  • Do not share OTPs.
  • Report fake profiles using your name or photo.
  • Block collector numbers only after saving evidence.
  • Keep a list of all numbers used.

9. Pay only through verified official channels if you decide to pay

Harassment does not erase a legitimate debt, but it also does not make abusive collection lawful.

If you decide to pay:

  • Pay only to the official company account, not a collector’s personal wallet.
  • Ask for a statement of account.
  • Ask for written confirmation that payment fully settles the account, if applicable.
  • Keep receipts and transaction references.
  • Avoid “discount” offers that are not in writing.
  • Do not give new personal data just to get a settlement.

If the app is unregistered, uses hidden company names, or demands payment to suspicious personal accounts, include that in your SEC complaint.

What Government Office Should You Choose?

Office Best for Practical notes
SEC Unfair debt collection by lending or financing companies; abusive collectors; unregistered lending apps File with app/company details, screenshots, loan documents, and third-party messages
NPC Contact list harvesting, disclosure of debt, use of photos/IDs, privacy policy violations, excessive app permissions Formal complaint usually requires a notarized complaint-affidavit
PNP-ACG / NBI Cybercrime Threats, cyber harassment, fake accounts, identity theft, blackmail, online defamation Bring phone, screenshots, links, numbers, and original messages
DOJ Office of Cybercrime Cybercrime reports and coordination Useful for serious ICT-related harassment and online lending abuse
BSP Banks, e-wallets, BSP-supervised financial institutions BSP directs consumers to first raise the concern with the institution’s consumer assistance mechanism, then escalate through BSP channels if unresolved. (Bureau of Small and Medium Enterprises)
Local police / barangay blotter Immediate safety threats, local incidents, documentation Barangay is usually not the main regulator for online lending apps, but a blotter may help document threats

Common Mistakes That Weaken Complaints

Deleting messages too early

Many borrowers panic and delete everything. Save first. Take screenshots, back up the phone, and ask contacted friends to send screenshots.

Filing only a vague complaint

“Hinaharass po ako” is not enough. Agencies need dates, times, numbers, exact words, screenshots, and the app/company name.

Paying a collector’s personal account

This can create a second problem: you may pay but the lender may not credit it. Always verify the official payment channel.

Assuming consent allows everything

Some lending apps claim you “agreed” to let them access contacts. Under SEC MC No. 18, contacting people in your contact list other than guarantors or co-makers can still be an unfair collection practice even if the borrower supposedly consented.

Ignoring data privacy issues

If the harassment involved your contacts, photo, ID, phonebook, or employer, the complaint is not only about debt collection. It may also be a data privacy issue for the NPC.

Posting accusations without proof

It is understandable to be angry, but public accusations can create separate defamation risks. Use official complaints and attach evidence.

Changing numbers without preserving evidence

Changing SIMs may give temporary peace, but if you lose the old messages or phone logs, your complaint becomes weaker. Back up first.

Practical Timeline: What Usually Happens After Filing

Stage What to expect
Evidence gathering Same day to several days, depending on how many contacts were messaged
SEC ticket or complaint filing Usually starts with online submission and ticket/reference tracking
NPC formal complaint Takes longer if notarization, proper form, attachments, or original copies are needed
Law enforcement report Faster for urgent threats, slower if the sender must be traced through numbers, accounts, or platforms
Agency evaluation May require additional documents, clearer screenshots, or proof linking the app to the company
Possible outcomes Warning, order to answer, investigation, administrative penalties, takedown-related action, referral for criminal investigation, or formal case filing

A common bottleneck is identifying the real operator behind the app. Another is proving that the collector who sent the SMS was acting for the lending company. That is why screenshots of the app name, account number, collector messages, payment instructions, and loan documents should be kept together.

Frequently Asked Questions

Can an online lending app have me arrested for not paying?

Not simply for unpaid debt. The Constitution prohibits imprisonment for debt. A lender must use lawful civil remedies. Arrest threats are often misleading unless there is a separate criminal case based on facts that amount to a crime.

Can a lending app text my contacts?

Not for debt shaming or pressure. Under SEC MC No. 18, contacting people in your contact list other than those named as guarantors or co-makers is an unfair debt collection practice. Using contact lists may also raise Data Privacy Act issues.

Should I file with the SEC or NPC?

File with the SEC for unfair collection practices, abusive collectors, hidden charges, or questionable lending authority. File with the NPC for misuse of personal data, contact list access, debt disclosure, photos, IDs, or privacy violations. Many online lending harassment cases should be filed with both.

What if the messages come from different random numbers?

Save each number and message. Include all of them in your complaint. Repeated use of different numbers can show a pattern of harassment. If the messages identify the same app, loan account, payment channel, or collector script, point that out.

Can I complain even if I really owe money?

Yes. The issue is not only whether the loan exists. The issue is whether the lender used unlawful, abusive, deceptive, or privacy-violating collection methods.

Can I demand deletion of my data?

You can object to unlawful processing and request blocking, removal, or deletion of personal data under the Data Privacy Act, especially if the data was unlawfully obtained, used for unauthorized purposes, or is no longer necessary. The lender may retain some records required by law, regulation, accounting, or legitimate claims, but it cannot use that as an excuse for harassment.

What if I am an OFW or foreigner outside the Philippines?

You can still document the harassment and file with Philippine agencies if the lending app, borrower account, victim contacts, or company is connected to the Philippines. The practical issue is notarization. If a notarized complaint-affidavit is required, prepare for consular acknowledgment or apostille requirements, depending on where the document is executed and what the receiving agency accepts.

Can I sue for damages?

Possible remedies may include administrative complaints, criminal complaints, and civil claims for damages, depending on the facts. The Data Privacy Act recognizes damages for unauthorized or unlawful use of personal data, and the Civil Code may also support damages where abusive acts violate rights, privacy, honor, or cause injury. The stronger your evidence, the more realistic the remedy.

Is uninstalling the lending app enough to stop harassment?

Not always. Uninstalling may stop further app access, but it does not erase data already collected. Save evidence first, revoke permissions, uninstall if needed, and file complaints if the lender already misused your data.

What if the app threatens to post me on Facebook?

Take screenshots immediately. A threat to publish your name, face, ID, or debt information may support complaints for unfair debt collection, data privacy violations, and possibly criminal liability if the facts show threats, coercion, or cyber-related offenses.

Key Takeaways

  • Unpaid debt does not justify harassment. Lenders may collect only through lawful and fair means.
  • You cannot be jailed simply for failing to pay a loan. Civil debt is not a basis for imprisonment.
  • Texting your contacts is a major red flag. It may violate SEC rules and the Data Privacy Act.
  • Save evidence before blocking or deleting anything. Screenshots, call logs, app details, and third-party messages matter.
  • File with the right office. SEC for unfair collection, NPC for data misuse, PNP/NBI/DOJ for threats or cybercrime, BSP for BSP-supervised institutions.
  • Do not pay personal accounts of collectors. Use only verified official payment channels and keep receipts.
  • A strong complaint is specific. Include dates, numbers, screenshots, company details, loan documents, and a clear timeline.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Can Lending Apps Post Your Photo Over Debt? Your Legal Rights Explained

A lending app cannot legally post your photo, name, debt amount, ID, address, contact list, or insulting “wanted-style” graphic just because you missed a payment. In the Philippines, a debt may be collected through lawful means, but debt shaming is different: it can violate data privacy rules, SEC debt collection regulations, cybercrime laws, and civil rights protecting your dignity, reputation, and privacy. This article explains what lending apps may and may not do, what laws protect you, how to preserve evidence, and where to report abusive online lending practices.

Quick Answer: Can a Lending App Post Your Photo Because of Debt?

No. A lending app, online lending platform, collection agency, or collector should not post your photo publicly to pressure you to pay.

Even if you truly owe money, the lender’s remedy is to collect lawfully. That may include sending proper reminders, contacting you through disclosed channels, negotiating payment, reporting to lawful credit information systems when allowed, or filing a collection case. It does not include humiliating you on Facebook, group chats, TikTok, Messenger, your workplace page, or your family’s social media accounts.

The Philippine government’s 2026 public advisory on online lending platforms specifically recognized reports of harassment, intimidation, public shaming, and unlawful use of personal data by online lenders. It also reiterated that unnecessary app permissions, excessive access to contacts, and collection practices that lead to harassment or public shaming are prohibited. (National Privacy Commission)

Why Posting Your Photo Over Debt Is Legally Dangerous for the Lender

When a lending app posts your photo, it is usually doing more than “collecting.” It is processing and disclosing personal information to shame you into paying.

That can involve several legal issues at the same time:

Act by the lending app Possible legal issue
Posting your face with “hindi nagbabayad,” “scammer,” or “wanted” Cyberlibel, civil damages, unfair debt collection
Posting your name, phone number, address, employer, ID, or loan amount Data privacy violation, unfair debt collection
Messaging your family, boss, co-workers, or phone contacts Unauthorized disclosure, harassment, unfair collection
Threatening to post your photo unless you pay immediately Threats, coercion, possible blackmail, unfair collection
Using your gallery photos after app installation Excessive or unauthorized data processing
Calling or messaging repeatedly using insults or threats Harassment, unfair debt collection, possible criminal complaint

The key point is simple: a valid debt does not give a lender permission to publicly shame you.

Your Rights Under the Data Privacy Act

The main privacy law is Republic Act No. 10173, or the Data Privacy Act of 2012. It protects personal information in both government and private-sector systems. The law defines personal information broadly as information from which your identity is apparent or can be reasonably and directly ascertained. It also defines “processing” broadly to include collection, recording, storage, use, disclosure, blocking, erasure, or destruction of data. (National Privacy Commission)

A borrower’s photo, name, mobile number, address, Facebook profile, employer, government ID, and loan account details are personal data. A lending company may collect and use some data for legitimate loan purposes, but it must follow data privacy principles such as lawful purpose, proportionality, transparency, and security.

Data Privacy Rights You Can Invoke

Under the Data Privacy Act, a borrower may invoke rights such as:

  • The right to know how personal data is collected, used, stored, and shared.
  • The right to access personal information processed by the lender.
  • The right to correct inaccurate information.
  • The right to object or withdraw consent in appropriate cases.
  • The right to block, remove, or order destruction of unlawfully obtained or unauthorized data.
  • The right to claim damages for inaccurate, incomplete, false, unlawfully obtained, or unauthorized use of personal information. (National Privacy Commission)

The Act also penalizes unauthorized processing of personal information and sensitive personal information. For ordinary personal information, unauthorized processing may carry imprisonment and fines; for sensitive personal information, the penalties are heavier. (National Privacy Commission)

NPC Rules for Online Lending Apps

The National Privacy Commission (NPC) issued NPC Circular No. 20-01, later amended by NPC Circular No. 2022-02, specifically for loan-related transactions.

These rules matter because many lending apps used to demand broad phone permissions, including contacts, camera, gallery, location, or social media access. Some apps then used those permissions to contact relatives, co-workers, or friends, or to obtain photos for collection pressure.

The 2026 DICT-NPC-SEC advisory reiterates that online lending platforms should not require unnecessary permissions, should not process contact lists excessively, and should not use personal data in a way that leads to harassment or unfair collection. It also states that borrowers’ contacts should not be contacted for debt collection unless they are proper guarantors. (National Privacy Commission)

Character Reference vs. Guarantor

This is a common source of abuse.

A character reference is someone who may help verify your identity or application details. A reference is not automatically liable for your loan.

A guarantor is someone who separately agrees to answer for the debt if you default. Under the 2026 advisory, guarantors must give separate consent before being bound to any obligation. (National Privacy Commission)

So, if a lending app messages your mother, spouse, boss, officemate, or neighbor saying you owe money, ask:

  1. Did I name this person as a guarantor?
  2. Did this person separately consent to be a guarantor?
  3. Is the app merely using my contact list to shame me?

If the answer points to public shaming or pressure, the conduct may be reportable.

SEC Rules Against Unfair Debt Collection

The Securities and Exchange Commission (SEC) regulates lending companies under the Lending Company Regulation Act of 2007 and financing companies under the Financing Company Act of 1998. Lending companies generally need authority from the SEC to operate. (Supreme Court E-Library)

The most important SEC issuance for collection harassment is SEC Memorandum Circular No. 18, Series of 2019, titled Prohibition on Unfair Debt Collection Practices of Financing Companies and Lending Companies.

Under SEC MC No. 18, lending and financing companies, including their third-party service providers, may use reasonable and legally permissible means to collect, but they must observe good faith and refrain from unscrupulous or untoward acts. The circular prohibits conduct such as threats of violence or criminal means to harm a person’s body, reputation, or property; threats to take action that cannot legally be taken; abusive or profane language; false representations; and disclosure or publication of borrowers’ names and other personal information when they allegedly refuse to pay.

The same circular also requires confidentiality of borrower data, allows disclosure only in limited circumstances, and makes lending or financing companies ultimately responsible even when they outsource collection to third-party collectors.

SEC Penalties

For violations of SEC MC No. 18, the SEC may impose administrative penalties. The circular provides fines for first and second offenses and, for a third offense depending on the facts and gravity, possible higher fines, suspension of lending or financing activities, or revocation of authority to operate.

This means the complaint is not only about your personal embarrassment. It may affect the company’s license and regulatory standing.

Can Posting Your Photo Be Cyberlibel?

It can be, depending on the words, image, and context.

Cyberlibel generally involves libel committed through a computer system or similar electronic means. Traditional libel under Article 355 of the Revised Penal Code covers defamatory statements made through writing or similar means, while the Cybercrime Prevention Act, Republic Act No. 10175, applies when the defamatory act is committed online. The Supreme Court upheld the constitutionality of cyberlibel in Disini v. Secretary of Justice, G.R. No. 203335, February 18, 2014. (Lawphil)

A post may become legally serious when it says or implies something like:

  • “Scammer ito.”
  • “Magnanakaw.”
  • “Wanted for estafa.”
  • “Walanghiya, takbuhan ng utang.”
  • “Do not hire this person.”
  • “This person is a criminal.”

A collector may say you have an overdue account in a private, lawful, proportionate collection communication. But publicly accusing you of criminality, dishonesty, or immoral conduct is different.

Other Possible Criminal and Civil Remedies

Depending on what happened, other laws may be relevant.

Threats and Coercion

If the collector says, “Pay today or we will post your photo,” “We will message your employer,” or “We will destroy your reputation,” that may support complaints involving threats, coercion, or unfair collection practices.

Article 356 of the Revised Penal Code also punishes threatening to publish libel or offering to prevent such publication for compensation. (Lawphil)

Civil Damages

The Civil Code gives additional protection. Articles 19, 20, and 21 require people to act with justice, give everyone their due, observe honesty and good faith, and compensate others for damage caused contrary to law, morals, good customs, or public policy. (Lawphil)

Article 26 of the Civil Code is also commonly invoked in privacy and dignity cases because it protects against acts that vex or humiliate another person on account of personal conditions and similar intrusions into privacy.

In real life, this matters because victims often suffer more than inconvenience. Public shaming can affect employment, family relationships, mental health, and community reputation.

What to Do If a Lending App Threatens to Post or Already Posted Your Photo

Act quickly, but do not panic. Evidence is often deleted, edited, or hidden once the lender realizes you are preparing a complaint.

1. Preserve Evidence Immediately

Save proof before blocking anyone.

Collect:

  • Screenshots of the post, message, comment, or group chat.
  • The full URL or profile link if posted online.
  • Date and time shown on the screen.
  • Name of the lending app and company, if available.
  • Sender’s phone number, email, username, or collector name.
  • Loan agreement, disclosure statement, repayment schedule, and app screenshots.
  • Proof of payment, if any.
  • Screenshots of app permissions requested.
  • Names of people contacted by the collector.
  • Their screenshots, with date and time.
  • Call logs and recordings, if lawfully obtained.

Do not edit screenshots. Keep originals. Back them up in cloud storage or email them to yourself.

2. Ask the Platform to Take Down the Post

Report the content to Facebook, TikTok, Instagram, X, Google, or the messaging platform. Use grounds such as harassment, bullying, doxxing, privacy violation, or unauthorized use of personal image.

This does not replace a legal complaint, but it helps limit damage.

3. Send a Written Demand to Stop Processing and Disclosing Your Data

A short written message can help show that the company was informed of the violation.

You can write:

I dispute and object to the public posting, disclosure, or sharing of my photo, name, loan details, contact list, employer, family contacts, and other personal information for debt collection. I demand that you immediately stop such processing, delete any public posts, stop contacting persons who are not guarantors, and preserve all records relating to this incident for regulatory investigation.

Send it through email, in-app support, official customer service, or any channel where you can keep proof of delivery.

4. File a Complaint With the SEC for Unfair Debt Collection

For lending and financing companies, the SEC is the main regulator for unfair debt collection. The 2026 advisory identifies the SEC Financing and Lending Companies Department (FINLEND) and the SEC iMessage portal as the channel for unfair debt collection complaints.

Prepare:

Requirement Practical notes
Complaint narration Tell the story chronologically: loan date, due date, threats, posts, contacts made
Borrower details Full name, contact number, email, address
Respondent details App name, company name, collector name, phone numbers, links
Evidence Screenshots, links, call logs, messages, payment proof
Loan documents Loan agreement, disclosure statement, repayment schedule, app screenshots
Proof you contacted the company Email or chat demanding removal or explaining the issue

Be specific. Instead of saying “they harassed me,” state: “On March 3 at 8:41 p.m., collector number 09xx posted my photo in a Facebook group with the words ___ and tagged my employer.”

5. File a Complaint With the NPC for Data Privacy Violations

If the issue involves unauthorized use of your photo, contact list, gallery, ID, employer details, or loan information, the NPC is the proper privacy regulator. The NPC states that a person may file a complaint when personal information has been misused, maliciously disclosed, improperly disposed of, or when data privacy rights have been violated. (National Privacy Commission)

NPC complaints usually require a specific complaint format. The NPC complaint page provides forms and instructions for formal complaints. (National Privacy Commission)

6. Report Serious Threats, Fraud, or Cyber Harassment

If there are threats of harm, extortion, identity theft, fake accounts, hacking, or continuing cyber harassment, the 2026 advisory identifies the DICT Cyber Hotline, NBI Cybercrime Division, and PNP Anti-Cybercrime Group as relevant reporting channels. (National Privacy Commission)

For urgent safety concerns, go to the nearest police station for blotter and immediate assistance. A blotter is not a full criminal case, but it creates an official record that may support later action.

Should You Still Pay the Debt?

Yes, if the debt is valid and the amount is correct, you still have a legal obligation to pay or settle it. The lender’s misconduct does not automatically erase the loan.

But you should separate two issues:

  1. Debt obligation: Do you owe money? How much is legally due?
  2. Illegal collection: Did the lender violate your privacy, reputation, or rights?

You may dispute excessive interest, hidden fees, penalties not disclosed, payments not credited, or wrong account balances. Keep asking for a statement of account and disclosure documents.

A good practical approach is:

  • Request a written computation.
  • Pay only through official payment channels.
  • Save receipts.
  • Avoid sending money to personal GCash or Maya accounts unless officially authorized and documented.
  • Do not admit false amounts just to stop harassment.
  • Do not sign a settlement you do not understand.

Common Real-Life Scenarios

The App Posted My Photo in a Facebook Group

Screenshot the entire post, including group name, poster profile, comments, date, and URL. Report it to the platform, then prepare complaints with the SEC and NPC. If the caption accuses you of being a criminal or scammer, cyberlibel may also be considered.

The Collector Sent My Photo to My Employer

This may be unfair collection and unauthorized disclosure. Save the message received by HR or your supervisor. If possible, ask the recipient to provide a screenshot showing the sender, date, and message.

The App Contacted Everyone in My Phonebook

This is one of the most common online lending abuses. Under current guidance, contact list access must not be excessive, and debt collection should not be directed to people who are not proper guarantors. (National Privacy Commission)

I Gave Camera or Gallery Permission During Application

Permission for identity verification does not mean unlimited permission to use your photos for public shaming. The 2026 advisory says camera or photo gallery access may be allowed only for specified legitimate purposes, such as KYC or similar verification, and must be turned off once the purpose is fulfilled. (National Privacy Commission)

I Am an OFW or Foreigner Outside the Philippines

You can still preserve digital evidence and file online complaints where available. If a sworn affidavit or notarized document is required and you are abroad, practical options may include notarization before a Philippine Embassy or Consulate, or local notarization followed by apostille if the country is part of the Apostille Convention. Philippine consular pages explain that private documents such as affidavits and sworn statements may be notarized or consularized before Philippine posts abroad. (Philippine Embassy)

Frequently Asked Questions

Can a lending app post my photo if I gave consent in the app?

Usually, no. Consent must be freely given, specific, and informed. A general app permission for identity verification or uploading a profile photo does not automatically authorize public posting for debt shaming. Consent may also be invalid if obtained through deceptive design, excessive permissions, or unfair pressure.

Is it illegal for a lender to message my contacts?

It may be illegal or reportable if your contacts are not guarantors or if the message discloses your debt, insults you, threatens you, or pressures them to pay. Current official guidance says persons in the borrower’s contact list other than guarantors should not be contacted for debt collection. (National Privacy Commission)

Can the lending app call my employer?

A lender should not disclose your loan details to your employer just to shame or pressure you. If your employer is not a guarantor and has no legal role in the loan, disclosure of your debt may violate privacy and debt collection rules.

What if the lending app says I am a scammer?

That is risky for the lender. Calling someone a scammer, criminal, estafador, or thief in a public post or message may support a cyberlibel complaint if the legal elements are present.

Can I file both SEC and NPC complaints?

Yes. The SEC complaint addresses unfair debt collection and lending or financing company regulation. The NPC complaint addresses misuse, unauthorized disclosure, or excessive processing of personal data. The same facts may support both.

Do I need a lawyer to file a complaint?

Many administrative complaints can be started by the borrower directly, especially if the evidence is clear. However, cases involving cyberlibel, damages, identity theft, serious threats, or large financial claims may require more careful preparation.

Will my debt be cancelled if the lender violated my privacy?

Not automatically. A privacy or harassment violation does not erase a valid loan by itself. But the lender may face administrative sanctions, takedown orders, damages, or criminal exposure depending on the facts.

What if the app is not SEC-registered?

That makes the situation more serious. Keep proof of the app name, screenshots, payment channels, and collector details. Report it to the SEC because lending companies generally must be properly registered and authorized to operate.

Can I sue for damages?

Possibly. Civil damages may be available when the public posting caused reputational harm, humiliation, anxiety, employment problems, or other injury. Civil Code principles on abuse of rights, unlawful acts, and acts contrary to morals or public policy may apply. (Lawphil)

What is the strongest evidence?

The strongest evidence usually includes screenshots with dates, URLs, sender details, full message threads, proof that the account belongs to the lending app or collector, and statements from people who received the defamatory or debt-shaming messages.

Key Takeaways

  • A lending app cannot legally post your photo just because you owe money.
  • Debt collection must be lawful, proportionate, confidential, and free from harassment.
  • Posting your photo, name, loan amount, employer, ID, address, or contact list may violate the Data Privacy Act, SEC MC No. 18, and possibly cybercrime or civil laws.
  • Lending apps should not contact random phonebook contacts for collection; current guidance limits collection contact to proper guarantors.
  • Preserve evidence immediately before posts or messages disappear.
  • Report unfair collection to the SEC and privacy misuse to the NPC.
  • The debt may still exist, but the lender’s abusive collection tactics can create separate legal liability.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

How to Report Online Lending App Harassment to the NBI Cybercrime Division

Online lending app harassment is not “normal collection.” If collectors are threatening you, messaging your contacts, posting your photo, calling your employer, sending fake warrants, or using your personal data to shame you into paying, you can report the incident to the NBI Cybercrime Division and preserve evidence for possible criminal investigation. This guide explains what counts as harassment, which Philippine laws may apply, how to prepare your complaint, what to submit to the NBI, and when to file separate complaints with the SEC or National Privacy Commission.

What Counts as Online Lending App Harassment?

A lender may remind a borrower about a loan, send a statement of account, or make lawful collection demands. What it cannot do is use threats, public shaming, illegal access to personal data, or deception.

Common online lending harassment in the Philippines includes:

  • Sending threats like “ipapahiya ka namin,” “pupuntahan ka namin,” “ipapakulong ka namin,” or “may warrant ka na”
  • Calling or messaging your family, friends, co-workers, employer, or phone contacts even if they are not guarantors
  • Posting your photo, name, ID, address, or loan details in group chats or social media
  • Labeling you as a scammer, estafador, thief, or wanted person
  • Sending fake court summons, fake NBI/police notices, fake barangay blotters, or fake warrants
  • Using your contact list, gallery, location, or phone data beyond what is necessary for the loan
  • Creating edited images, memes, or defamatory posts to pressure payment
  • Repeated calls or texts at unreasonable hours, especially with insults or intimidation
  • Threatening harm to your body, property, job, immigration status, family, or reputation

A 2026 joint public advisory by the DICT, National Privacy Commission, and SEC specifically recognized reports of online lending platforms engaging in harassment, intimidation, public shaming, and unlawful use of personal data in collection practices. The advisory also states that contacting people on the borrower’s contact list, other than those named as guarantors, is prohibited for debt collection.

When Should You Report to the NBI Cybercrime Division?

Report to the NBI Cybercrime Division when the harassment involves the internet, mobile apps, text messages, messaging apps, social media, fake online documents, or misuse of digital data.

The NBI is especially appropriate when there are:

  • Threats made through SMS, Messenger, Viber, WhatsApp, Telegram, email, calls, or app notifications
  • Public shaming on Facebook, TikTok, Instagram, group chats, community pages, or workplace chats
  • Fake online legal documents, fake warrants, fake subpoenas, or fake court notices
  • Identity theft, fake profiles, impersonation, or edited photos
  • Unauthorized access or misuse of your phone contacts, photos, ID, address, or employer details
  • Coordinated harassment by multiple numbers, accounts, or collection agents

The NBI’s own Citizen’s Charter lists “Investigative Assistance for Victims of Computer Crimes” under the Cybercrime Division, available to the general public, with the complainant proceeding to the Cybercrime Division to file a complaint or request investigation. (National Bureau of Investigation)

Legal Basis: Why Online Lending App Harassment May Be Illegal

1. Cybercrime Prevention Act of 2012 — RA 10175

Republic Act No. 10175, or the Cybercrime Prevention Act of 2012, covers cyber-related offenses and also applies when crimes under the Revised Penal Code or special laws are committed through information and communications technology.

For online lending harassment, RA 10175 may become relevant when collectors use digital systems to commit acts such as:

  • Cyberlibel, if defamatory accusations are posted or sent online
  • Identity theft or impersonation, if fake accounts or false identities are used
  • Computer-related fraud or forgery, if fake documents or manipulated digital records are used
  • Threats, coercion, or other crimes committed through mobile phones or online platforms

The Supreme Court in Disini v. Secretary of Justice upheld the validity of cyberlibel under RA 10175, explaining that online defamation is not a completely new crime but a digital means of committing libel under the Revised Penal Code. (Supreme Court E-Library)

2. Revised Penal Code provisions on threats, coercion, and defamation

Depending on the facts, harassment by collectors may be evaluated under several provisions of the Revised Penal Code, including:

Conduct Possible legal issue
Threatening physical harm, arrest, or public humiliation Grave threats or light threats
Forcing payment through intimidation or illegal pressure Coercion
Repeated insulting calls or messages Unjust vexation or related offenses, depending on facts
Calling someone a scammer, thief, criminal, or estafador in public posts or chats Libel, cyberlibel, slander, or related defamation issues
Sending fake legal notices or pretending to be law enforcement Possible falsification, usurpation, fraud, or cybercrime-related offenses

The exact charge is not chosen by the victim alone. The NBI investigator and later the prosecutor will evaluate the evidence and determine what law fits the facts.

3. Data Privacy Act of 2012 — RA 10173

Republic Act No. 10173, or the Data Privacy Act of 2012, protects personal information such as your name, mobile number, photo, address, employer, ID, contact list, loan details, and other identifiable data.

This law becomes important when an online lending app:

  • Harvests your contact list
  • Messages people who are not guarantors
  • Uses your photo or ID for shaming
  • Discloses your loan details to other people
  • Processes your personal data beyond the purpose you agreed to
  • Makes it difficult to withdraw permissions or uses deceptive consent screens

The National Privacy Commission has said that online lenders are prohibited from harvesting phone and social media contact lists for harassing delinquent borrowers. (National Privacy Commission) The 2026 joint advisory also states that unnecessary, unauthorized, excessive, or disproportionate processing of personal data through mobile applications is prohibited, especially processing that leads to harassment or collection from non-guarantors.

4. SEC rules on unfair debt collection practices

Many online lending apps are operated by lending companies or financing companies regulated by the Securities and Exchange Commission. The SEC’s rules prohibit unfair debt collection practices, including threats of violence, criminal means to harm a person, reputational harm, or threats to take actions that cannot legally be taken. The 2026 advisory identifies the SEC Financing and Lending Companies Department as the proper office for unfair debt collection complaints and lists the SEC iMessage portal for submissions.

This means an NBI complaint and an SEC complaint can exist at the same time:

  • NBI: cybercrime, threats, fake documents, online shaming, impersonation, criminal investigation
  • SEC: unfair collection practices by lending or financing companies
  • NPC: misuse of personal data, contact-list harvesting, unauthorized disclosure
  • PNP Anti-Cybercrime Group: alternative law-enforcement route for cyber-related threats or scams

5. Civil Code rights to dignity, privacy, and damages

Even if some conduct does not result in a criminal charge, the Civil Code may still matter. Articles 19, 20, and 21 require people to act with justice, honesty, good faith, and accountability for wrongful injury. Article 26 protects dignity, personality, privacy, and peace of mind. These provisions can support a civil claim for damages in proper cases, especially when harassment causes reputational harm, anxiety, job problems, or social humiliation. (Lawphil)

Step-by-Step Guide: How to Report Online Lending App Harassment to the NBI Cybercrime Division

Step 1: Preserve the evidence before blocking or deleting anything

Before blocking numbers or uninstalling the app, collect evidence. Many victims delete messages out of panic, but investigators need the clearest possible trail.

Save the following:

  1. Screenshots of messages

    • Include the sender’s number, username, profile photo, date, and time.
    • Take full-screen screenshots, not cropped images.
  2. Screen recordings

    • Record yourself opening the chat thread from the app or messaging platform.
    • Show the sender profile, number, date, and message history.
  3. Call logs

    • Screenshot repeated calls, missed calls, and call times.
    • If your phone legally records calls, preserve the original files.
  4. Social media posts or group chats

    • Screenshot the post, comments, group name, URL if visible, date, and account name.
    • Ask friends or co-workers who received messages to send you screenshots.
  5. Fake warrants, subpoenas, court notices, or police/NBI documents

    • Save the image or PDF.
    • Do not edit or mark it up.
    • Keep the sender details.
  6. Loan app details

    • App name as shown in the app store
    • Developer name
    • Website
    • Email address
    • SEC registration details if shown
    • Privacy policy
    • Screenshots of permissions requested by the app
  7. Proof of loan transaction

    • Loan agreement
    • Disclosure statement
    • Amount received
    • Interest, penalties, and due dates
    • Payment receipts
    • GCash/Maya/bank transfer records
  8. Timeline

    • Date you installed the app
    • Date you borrowed
    • Amount received
    • Date harassment started
    • People contacted
    • Platforms used
    • Threats made

Electronic evidence can be used in Philippine proceedings if it complies with admissibility rules. The Supreme Court’s Rules on Electronic Evidence state that an electronic document is admissible if it meets the rules on admissibility under the Rules of Court. (Lawphil)

Step 2: Secure your phone and accounts

After saving evidence:

  • Revoke unnecessary app permissions for contacts, camera, gallery, storage, microphone, and location.
  • Change passwords for email, social media, and e-wallet accounts.
  • Turn on two-factor authentication.
  • Do not click links sent by collectors.
  • Warn family, co-workers, and friends not to engage with unknown collectors.
  • Keep your SIM active if it contains evidence, unless safety requires otherwise.
  • Back up evidence to cloud storage or another device.

If the threats are immediate — for example, a collector says someone is coming to hurt you, extort you, or harm your family — go to the nearest police station or barangay for immediate safety assistance while preparing the NBI cybercrime complaint.

Step 3: Prepare a concise complaint narrative

Your complaint should be clear, chronological, and evidence-based. Avoid making it emotional only. Investigators need facts they can verify.

A practical format:

  1. Your details

    • Full name
    • Address
    • Contact number
    • Email
    • Valid ID details
  2. Lender/app details

    • App name
    • Company name if known
    • Collection numbers/accounts
    • App store link or website
    • SEC registration number if shown
  3. Loan details

    • Date of loan
    • Amount applied for
    • Amount actually received
    • Due date
    • Payments made
    • Outstanding balance claimed by the app
  4. Harassment details

    • What happened
    • When it happened
    • Who sent the threat
    • What exact words were used
    • Who else was contacted
    • What personal data was exposed
  5. Evidence list

    • Screenshot file names
    • Screen recordings
    • Message exports
    • Witness screenshots
    • Payment records
    • Fake legal documents
  6. Request

    • Investigation of the collector/app/company
    • Preservation and examination of digital evidence
    • Appropriate referral for prosecution if warranted

Step 4: Execute or prepare a complaint-affidavit

The NBI may assist you in filling out a complaint sheet and may require sworn statements. Under the NBI Citizen’s Charter process for computer crime complaints, complainants and witnesses may execute sworn statements or submit prepared affidavits, and relevant devices may be examined. (National Bureau of Investigation)

A complaint-affidavit is a sworn written statement of facts. It should attach or refer to the evidence. If you prepare it in advance, bring the original and extra copies.

For ordinary cases, prepare:

  • Complaint-affidavit
  • Valid government ID
  • Printed screenshots
  • Digital copies on USB or cloud link
  • Loan records and payment receipts
  • Witness affidavits or screenshots from people contacted
  • A list of phone numbers, account names, links, and app details

If you are abroad, a complaint-affidavit may need to be signed before a Philippine Embassy or Consulate, or notarized locally and apostilled depending on where it is executed and how the receiving office requires it. Philippine consulates commonly notarize affidavits and other documents for use in the Philippines, and personal appearance is normally required for consular notarization. (Philippine Embassy)

Step 5: File with the NBI Cybercrime Division

You may report through the NBI Cybercrime Division or the nearest NBI Regional or District Office. The NBI Divisions & Services page lists the Cybercrime Division and its official email address as ccd@nbi.gov.ph. (National Bureau of Investigation) The 2026 DICT-NPC-SEC advisory also lists the NBI Cybercrime Division email as ccd@nbi.gov.ph and telephone number (632) 8523-8231 to 38 for harassment, threats, frauds, and scams.

The NBI’s main office is listed at Filinvest Cyberzone Bay, Diosdado Macapagal Boulevard, Pasay City, with hotline (02) 8523-8231. (National Bureau of Investigation)

When filing in person:

  1. Bring your ID, complaint-affidavit, printed evidence, and digital evidence.
  2. Tell the receiving personnel that the matter involves online lending app harassment and cybercrime-related threats/data misuse.
  3. Undergo the preliminary interview.
  4. Fill out the complaint sheet.
  5. Execute a sworn statement if required.
  6. Allow the investigator to review or examine relevant digital evidence.
  7. Ask how to follow up and whether your case will be assigned to an agent/investigator.

The NBI Citizen’s Charter states that the basic listed process for investigative assistance to victims of computer crimes has no fees and indicates an initial processing time of about one hour and ten minutes for the filing and preliminary steps, although the actual investigation can take much longer depending on the evidence, number of suspects, platform records, subpoenas, and case complexity. (National Bureau of Investigation)

Step 6: File parallel complaints with SEC and NPC when appropriate

An NBI complaint focuses on criminal/cyber investigation. It does not automatically suspend the lender’s SEC authority, order takedown of the app, or resolve data privacy violations. For a stronger paper trail, file with the appropriate regulator too.

Problem Office to consider What to submit
Threats, fake warrants, cyberlibel, fake accounts, online shaming NBI Cybercrime Division or PNP ACG Complaint-affidavit, screenshots, messages, app details, witness evidence
Unfair debt collection by lending/financing company SEC Financing and Lending Companies Department App name, company name, collection messages, loan records, proof of harassment
Contact-list harvesting, disclosure of loan details, misuse of photos/ID National Privacy Commission Notarized NPC complaint form, evidence of data misuse, screenshots from contacts
Immediate physical danger Local police/barangay, then NBI/PNP ACG Threat messages, identity of sender, location details

The NPC complaint page states that a formal complaint must be filed in a specific format, printed and filled out, notarized, and submitted in person, by courier, or by scanned email to the NPC. (National Privacy Commission) The SEC iMessage portal is the SEC’s online ticketing system for submitting complaints and checking ticket status. (Securities and Exchange Commission)

Required Documents and Evidence Checklist

Document or evidence Why it matters Practical tip
Valid government ID Confirms complainant identity Bring original and photocopies
Complaint-affidavit or written narrative Organizes the facts under oath Use dates, names, exact words, and platforms
Screenshots of threats Shows the harassment Include number/profile, date, and time
Screen recordings Helps authenticate chat history Record opening the thread from the app itself
Call logs Shows frequency and pattern Screenshot repeated calls by date
Messages sent to contacts Proves third-party harassment Ask contacts to send screenshots and short statements
Fake warrants/summons/notices Shows deception or intimidation Preserve original image/PDF and sender details
Loan agreement and payment records Gives context and identifies app/company Include amount received, payments, and claimed balance
App details and permissions Supports data privacy issues Screenshot app store page and permissions
Witness statements Supports claims of public shaming Useful when employer, relatives, or co-workers were contacted

Practical Timelines and What Usually Happens After Filing

The first visit or submission is only the start. In practice, timelines vary widely.

Stage Typical practical reality
Initial filing and interview Same day if filed in person and the office is available
Evidence review May happen during filing or after assignment to an investigator
Follow-up requests Investigator may ask for clearer screenshots, original phone, witness statements, or additional details
Identification of suspects Can be difficult when collectors use prepaid SIMs, fake names, VPNs, or rotating accounts
Coordination with platforms/telcos May require formal requests, preservation, subpoenas, or prosecutor/court processes
Referral for prosecution Depends on whether evidence supports a specific offense and identifies responsible persons
SEC/NPC action Separate timeline; regulatory agencies may ask for forms, notarization, and additional proof

Common bottlenecks include incomplete screenshots, deleted chats, unknown app operator, fake company names, numbers that are no longer active, and witnesses who are unwilling to give statements.

Common Mistakes That Weaken an NBI Complaint

Deleting the app immediately

Uninstalling the app may remove useful logs, app permissions, notifications, and account details. Preserve evidence first.

Sending only one screenshot

A single screenshot may not show the sender, date, or full context. A better evidence package shows the full thread, the profile or number, dates, repeated conduct, and the effect on other people.

Not getting evidence from contacted relatives or co-workers

If collectors messaged your contacts, ask those contacts for screenshots showing the sender, date, and message. Their evidence is often stronger than your own statement that “they contacted my friends.”

Relying only on verbal narration

Investigators need proof. Prepare a timeline and label your files clearly, such as:

  • 01_SMS_threat_2026-03-12.png
  • 02_Message_to_employer_2026-03-13.png
  • 03_Fake_warrant_sent_by_collector.pdf
  • 04_GCash_payment_receipt.png

Ignoring SEC and NPC remedies

NBI investigates possible crimes. SEC and NPC handle regulatory and data privacy violations. Filing only with one office may leave other remedies unused.

Believing that nonpayment automatically means jail

Nonpayment of a loan, by itself, is generally a civil obligation. Collectors often misuse fear by saying “estafa,” “warrant,” or “NBI case” even when no criminal case exists. A real warrant or court order does not come from a collector’s random text message. It comes from a court through proper legal channels.

Special Notes for OFWs, Foreigners, and People Outside the Philippines

If you are outside the Philippines but the app, collector, borrower, or affected contacts are in the Philippines, you can still preserve evidence and start reporting.

Practical steps:

  1. Email the NBI Cybercrime Division with a clear summary and evidence index.
  2. Prepare a complaint-affidavit.
  3. Have your affidavit notarized at a Philippine Embassy or Consulate, or locally notarized and apostilled if required.
  4. Ask affected contacts in the Philippines to preserve screenshots and execute statements if needed.
  5. Keep your Philippine SIM, e-wallet records, and loan app account accessible.
  6. If a representative in the Philippines will follow up, prepare a proper authorization or special power of attorney when required by the receiving office.

Foreigners should include passport bio page, Philippine address or contact details if applicable, and proof showing how the Philippine-based app or collector affected them. If documents are in a foreign language, prepare an English translation when needed.

What to Write in Your NBI Complaint Email

Use a subject line that helps the office identify the issue quickly:

Subject: Online Lending App Harassment Complaint – Threats, Contact-List Shaming, and Fake Legal Notices

A concise email body can follow this format:

I am reporting online lending app harassment involving [app name/company name, if known].

I borrowed [amount] on [date]. Beginning [date], collectors using [numbers/accounts] sent threats and contacted my [family/employer/friends] even though they are not guarantors. They also sent [fake warrant/fake summons/defamatory post/threats].

Attached are my complaint narrative, valid ID, screenshots, call logs, loan records, payment receipts, and evidence from affected contacts. I respectfully request assistance for investigation of the cybercrime-related harassment and misuse of my personal data.

Attach files in organized folders or PDFs. If there are many files, include an evidence index.

Frequently Asked Questions

Can I report an online lending app to the NBI even if I really owe money?

Yes. A real debt does not give collectors the right to threaten you, shame you, contact non-guarantors, misuse your personal data, or send fake legal documents. The NBI complaint concerns the harassment or cybercrime-related conduct, not simply the existence of the loan.

Will filing with the NBI erase my loan?

No. Filing a complaint does not automatically cancel the debt. It may lead to investigation of unlawful collection methods, cybercrime, threats, or data misuse. Loan validity, excessive charges, and unfair collection practices may also be raised with the SEC or in the proper civil/regulatory process.

What if the lending app contacted my employer?

Save screenshots from your employer or HR, including the sender’s number/account, date, and exact message. This can support claims of harassment, public shaming, defamation, unfair collection, and unauthorized disclosure of personal information.

What if the collector sent a fake warrant or fake court summons?

Preserve the document and sender details. Do not panic. A real warrant is issued by a court, not by a lending app collector through a random message. Fake legal documents may support possible criminal, cybercrime, or unfair collection complaints.

Should I file with NBI, PNP ACG, SEC, or NPC?

File with the NBI or PNP ACG for cybercrime-related threats, fake accounts, cyberlibel, scams, or digital harassment. File with the SEC for unfair debt collection by lending or financing companies. File with the NPC for contact-list harvesting, disclosure of personal data, or misuse of photos, IDs, employer details, and loan information.

Can the lender message my references?

A character reference is not automatically a guarantor. The 2026 DICT-NPC-SEC advisory states that online lending platforms must distinguish between character references and guarantors, and that a person must have expressly consented to be a guarantor before being treated as one.

Is it illegal for an online lending app to access my contacts?

Accessing contacts is not automatically illegal in every situation, but unbridled, excessive, unauthorized, or disproportionate processing of contact lists is prohibited. The 2026 advisory states that online lending platforms may access contact lists only for limited legitimate purposes, such as allowing the borrower to select references or guarantors, and that contacting non-guarantors for debt collection is prohibited.

Do I need a lawyer to file with the NBI?

You can file a complaint personally. A well-organized complaint-affidavit, evidence folder, timeline, and witness screenshots are often more important at the initial reporting stage than legal jargon.

How long does an NBI cybercrime complaint take?

The initial filing can be done relatively quickly if documents are ready, but the investigation may take weeks or months depending on the complexity, cooperation of platforms or telcos, identification of suspects, and whether the case is referred for preliminary investigation.

What if I already blocked the collector?

Blocking is understandable, especially for mental health and safety. If possible, preserve screenshots, call logs, and account details before blocking. Ask contacted relatives, friends, or co-workers to save their own screenshots too.

Key Takeaways

  • Online lending app harassment can be reported to the NBI Cybercrime Division when it involves threats, fake legal notices, cyberlibel, impersonation, online shaming, or misuse of digital data.
  • Save evidence before deleting messages, uninstalling the app, changing phones, or blocking numbers.
  • Prepare a clear timeline, complaint-affidavit, valid ID, screenshots, call logs, loan records, payment receipts, app details, and witness screenshots.
  • A real loan does not authorize threats, public shaming, contacting non-guarantors, or misuse of your contact list.
  • File parallel complaints when needed: NBI/PNP ACG for cybercrime and threats, SEC for unfair debt collection, and NPC for data privacy violations.
  • For OFWs and foreigners abroad, complaint-affidavits may need consular notarization or apostille before formal use in the Philippines.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

What to Do If Lending Collectors Keep Calling You in the Philippines

Repeated calls from a lending collector can be frightening, especially when the caller threatens to shame you online, contact your employer, message your relatives, or “file a criminal case” if you do not pay immediately. In the Philippines, lenders may collect a valid debt, but they must do it lawfully. A debt does not give a collector permission to harass you, threaten you, expose your personal information, or pressure your family and contacts. This guide explains your rights, what collectors are not allowed to do, what evidence to save, and where to report abusive lending collectors in the Philippines.

Can Lending Collectors Call You in the Philippines?

Yes. A lending company, financing company, bank, collection agency, or authorized representative may contact you to collect a legitimate unpaid loan. The law does not erase your obligation just because the collector is annoying.

But collection must be done with good faith, reasonable conduct, and lawful means. The Securities and Exchange Commission (SEC) specifically regulates lending and financing companies under the Lending Company Regulation Act of 2007, or RA 9474, and related SEC rules. (Lawphil)

The key distinction is this:

Situation Usually allowed? Why it matters
Calling you to remind you of a due loan Yes Collection itself is lawful if the debt is valid.
Asking for payment, restructuring, or settlement Yes Lenders may negotiate repayment.
Calling before 6:00 a.m. or after 10:00 p.m. without a valid exception Generally no SEC rules treat unreasonable hours as an unfair collection practice.
Threatening violence, jail, public shame, or fake legal action No This may violate SEC rules, civil law, criminal law, and data privacy law.
Messaging your contacts who are not guarantors or co-makers No Philippine regulators have repeatedly warned against contact-list harassment.
Posting your name, photo, loan details, or “scammer” accusations online No This may involve unfair collection, data privacy violations, and possible defamation or cyberlibel.

Your Main Legal Rights Against Abusive Debt Collection

1. You cannot be jailed simply for unpaid debt

The Philippine Constitution is clear: “No person shall be imprisoned for debt or non-payment of a poll tax.” (Supreme Court E-Library)

This means a collector cannot truthfully say, “Makukulong ka bukas kapag hindi ka nagbayad,” if the issue is only failure to pay a civil loan.

However, this does not mean all loan-related disputes are impossible to criminalize. Fraud, falsified documents, bouncing checks, threats, identity theft, or cybercrime may create separate criminal issues. But ordinary non-payment of a loan is generally a civil obligation, not a reason for immediate arrest.

A legitimate lender’s usual legal remedy is to file a civil collection case, often a small claims case if the amount qualifies. Under the Rules on Expedited Procedures in the First Level Courts, small claims may cover money claims not exceeding ₱1,000,000, exclusive of interest and costs. (Supreme Court of the Philippines)

2. Collectors must avoid unfair debt collection practices

SEC Memorandum Circular No. 18, Series of 2019 prohibits unfair debt collection practices by financing companies, lending companies, and their third-party service providers. The rule covers abusive practices such as threats of violence or other criminal means, threats to take actions that cannot legally be taken, profane or insulting language, false representations, publication of borrower information, and improper contact with people in the borrower’s contact list.

A lending company cannot escape liability by saying, “Collection agency lang po iyon.” SEC rules state that third-party collectors are treated as agents, and the lending or financing company remains ultimately responsible for collection practices.

3. You have financial consumer rights

The Financial Products and Services Consumer Protection Act, or RA 11765 (2022), recognizes the rights of financial consumers to fair treatment, disclosure and transparency, data privacy and protection, and timely handling of complaints. It also prohibits financial service providers from using abusive collection or debt recovery practices. (Supreme Court E-Library)

RA 11765 is especially important because it makes financial service providers responsible for the acts or omissions of their officers, employees, agents, and accredited third-party service providers, including those involved in debt collection. (Supreme Court E-Library)

4. Your contact list is not collateral

Loan apps and online lenders sometimes pressure borrowers by accessing phone contacts, then messaging relatives, co-workers, employers, neighbors, or Facebook friends. This is one of the most common abusive patterns in the Philippines.

The National Privacy Commission (NPC), SEC, and DICT have warned that unnecessary, excessive, or disproportionate processing of personal data is prohibited, especially when it involves access to borrowers’ contact lists and leads to harassment or unfair collection. Their 2026 public advisory states that for debt collection, lending companies and financing companies may contact the guarantor, not random people from the borrower’s contact list.

Under the Data Privacy Act of 2012, or RA 10173, the State protects the fundamental human right of privacy while regulating the processing of personal information. (National Privacy Commission)

What Collectors Are Not Allowed to Do

Under Philippine law and regulatory rules, the following are serious red flags:

  1. Threatening harm

    • “Ipapahiya ka namin.”
    • “Pupuntahan ka namin sa bahay.”
    • “May mangyayari sa pamilya mo.”
    • “Ipapabugbog ka namin.”
  2. Threatening illegal or fake legal action

    • Claiming there is already a warrant when there is none.
    • Pretending to be police, NBI, sheriff, court staff, or barangay official.
    • Sending fake subpoenas, fake court orders, or fake arrest notices.
  3. Using obscene, insulting, or degrading language

    • Repeated verbal abuse may support complaints before regulators and, depending on facts, possible criminal complaints.
  4. Public shaming

    • Posting your photo, name, address, ID, employer, or loan details online.
    • Calling you a “scammer,” “magnanakaw,” or similar accusation in group chats or social media.
  5. Contacting third parties who are not legally involved

    • Messaging your spouse, parents, siblings, co-workers, boss, neighbors, or phone contacts when they are not guarantors, co-makers, or properly authorized contacts.
    • Character references are not automatically guarantors.
  6. Calling at unreasonable hours

    • SEC rules identify contact before 6:00 a.m. or after 10:00 p.m. as unreasonable or inconvenient, subject to specific exceptions stated in the circular. Even when a time exception may apply, threats, insults, shaming, and data misuse remain prohibited.
  7. Hiding the collector’s identity

    • SEC rules require personnel handling collection accounts, whether in-house or third-party collectors, to disclose their full name or true identity to the borrower.

What to Do Immediately If Collectors Keep Calling

1. Do not panic and do not pay blindly

Collectors often create urgency because fear leads to mistakes. Before paying, confirm:

  • the exact name of the lending or financing company;
  • the collector’s full name and authority;
  • the loan account number;
  • the principal amount, interest, penalties, and total balance;
  • the official payment channels;
  • whether the company is SEC-registered or BSP-supervised.

Never send payment to a collector’s personal GCash, Maya, bank account, or crypto wallet unless the lender gives written confirmation that it is an official payment channel. Ask for an official receipt or payment acknowledgment.

2. Ask for written details

A practical message may look like this:

Please send the complete statement of account, loan agreement, breakdown of principal, interest, penalties, and official payment channels. I request that all communications be made in writing or during reasonable hours. Please do not contact my employer, relatives, friends, or phone contacts unless they are legally bound as guarantors or co-makers.

Keep the tone calm. Do not insult the collector back. Your goal is to create a clear record.

3. Preserve evidence before blocking

Blocking may protect your peace, but save evidence first. Regulators usually need proof.

Save:

Evidence Why it helps
Call logs with date, time, and number Shows frequency and unreasonable hours.
Screenshots of texts, chats, and emails Shows threats, insults, false claims, or shaming.
Voice messages or recordings, if available Captures actual statements made by collectors.
Social media posts or group chat screenshots Proves public shaming or disclosure of personal data.
Messages sent to relatives, employer, or contacts Shows third-party harassment.
Loan agreement and disclosure statement Shows original terms and whether charges match the contract.
Proof of payment Prevents double collection and supports disputes.
App permissions screenshots Helps show contact-list or gallery access issues.

If a relative, co-worker, or employer received a message, ask them to preserve the screenshot showing the sender, date, time, and full message.

4. Revoke risky app permissions

For online lending apps, check your phone settings and revoke permissions that are not necessary, especially access to:

  • contacts;
  • photos or gallery;
  • camera, if KYC verification is already complete;
  • SMS;
  • microphone;
  • location.

The 2026 DICT-NPC-SEC advisory states that online lending platforms must not request unnecessary permissions and must prompt users to turn off, disallow, or revoke permissions once the purpose has been achieved.

5. Verify the lender

Check whether the company is a lending company, financing company, bank, cooperative, pawnshop, or another type of financial service provider.

Type of lender Usual regulator
Lending company or financing company SEC
Bank, e-wallet, pawnshop, money service business, BSP-supervised financial institution BSP
Cooperative lending operation CDA, unless otherwise under BSP or IC
Insurance-related credit or product Insurance Commission
Unregistered online loan app or scam lender SEC, NPC, DICT, PNP Anti-Cybercrime Group, or NBI Cybercrime Division depending on the act

The SEC’s public advisory on online lending platforms identifies imessage.sec.gov.ph as the complaint channel for unfair debt collection practices involving financing and lending companies.

Where to File Complaints Against Lending Collectors

SEC complaint for unfair debt collection

File with the SEC if the collector is connected with a lending company, financing company, or online lending platform.

Include:

  • your full name and contact details;
  • respondent company name and app name, if any;
  • collector’s name and number, if known;
  • account or loan reference number;
  • short timeline of events;
  • screenshots, call logs, voice messages, and proof of third-party harassment;
  • what you are asking the SEC to act on, such as harassment, contact-list misuse, fake legal threats, or disclosure of your personal information.

SEC Memorandum Circular No. 18 provides penalties for violations, including fines and possible suspension or revocation of authority depending on the facts and gravity of the offense.

NPC complaint for misuse of personal data

File with the National Privacy Commission if the lender or collector:

  • accessed your contacts without proper basis;
  • messaged people in your phonebook;
  • posted your personal information;
  • used your ID, photo, address, workplace, or loan details to shame you;
  • refused to stop unnecessary data processing.

The NPC’s complaint page states that a formal complaint must follow a specific format, be printed and filled out, notarized, and submitted in person, by courier, or by scanned email. (National Privacy Commission)

BSP complaint if the collector is from a bank or BSP-supervised institution

If the debt is from a bank, credit card issuer, e-wallet, pawnshop, or BSP-supervised financial institution, start with the provider’s Financial Consumer Protection Assistance Mechanism. If unresolved, escalate to the BSP through its consumer assistance channels. BSP materials explain that complaints submitted through BSP Online Buddy, or BOB, are processed and given a case reference number, while email or mail submissions follow BSP handling procedures. (Bureau of Small and Medium Enterprises)

Police, NBI, or prosecutor’s office for threats and cyber harassment

Go beyond regulator complaints when there are:

  • threats of physical harm;
  • blackmail;
  • extortion;
  • fake warrants or impersonation of authorities;
  • hacking or unauthorized account access;
  • cyberlibel or public online shaming;
  • sexual threats or threats against family members.

Possible legal bases may include the Revised Penal Code provisions on threats, coercions, unjust vexation, libel or slander, and the Cybercrime Prevention Act of 2012 for online offenses. In Disini v. Secretary of Justice, the Supreme Court recognized that online defamation may fall within cyberlibel under RA 10175 when the legal elements are present. (Supreme Court E-Library)

For repeated acts that unjustly annoy, irritate, or distress a person, Philippine courts have also recognized unjust vexation under Article 287 of the Revised Penal Code, as discussed in Maderazo v. People. (Supreme Court E-Library)

Practical Timeline: What Usually Happens

Step Typical timing Practical note
Save evidence and send written boundary notice Same day Do this before evidence disappears.
Internal complaint to lender Same day to 3 days Ask for a written response and statement of account.
SEC or BSP complaint Within days after evidence is complete Stronger if you attach organized screenshots and a timeline.
NPC complaint After preparing notarized complaint Privacy complaints are more document-heavy.
Police/NBI cyber complaint Immediately for threats or public shaming Bring phone, screenshots, URLs, numbers, and IDs if available.
Civil collection case by lender Weeks to months, depending on lender Do not ignore court summons.
Settlement or restructuring Any stage Get every agreement in writing.

Common Scenarios

“They keep calling my relatives even though they did not borrow money.”

This is one of the strongest grounds for complaint, especially if your relatives are not guarantors or co-makers. Save screenshots from each person contacted. Ask them not to argue with the collector; they should simply preserve proof.

“They said they will post me on Facebook as a scammer.”

Save the threat. If they actually post, capture the URL, screenshot, date, time, account name, comments, and shares. Public accusation can raise issues under SEC rules, data privacy law, civil damages, and possibly defamation or cyberlibel depending on the exact words and facts.

“They said a police officer will arrest me tomorrow.”

Ask for the case number, court, prosecutor’s office, and copy of the warrant. Real warrants are issued by courts, not by collectors. A fake warrant or impersonation of law enforcement is a serious matter.

“I really owe the money, but the charges are too high.”

Ask for a full breakdown. Under RA 11765, financial consumers have rights to disclosure, transparency, fair treatment, and redress. (Supreme Court E-Library) You may dispute unexplained charges while still acknowledging the legitimate principal balance. In settlement, ask for waiver or reduction of penalties in writing.

“I am an OFW or foreigner outside the Philippines.”

You can still preserve evidence, send written complaints, and use online complaint channels where available. If a representative in the Philippines will file or follow up for you, prepare a Special Power of Attorney. Documents signed abroad may need notarization and, depending on the country, apostille or consular authentication if required by the receiving office or court.

“They filed a small claims case against me.”

Do not ignore it. Small claims are designed to move quickly. Prepare proof of payments, screenshots of settlement discussions, the loan agreement, statement of account, and any proof of excessive or disputed charges. Even if the collector harassed you, the court may still separately determine whether a valid unpaid civil obligation exists.

Documents to Prepare

Purpose Documents or evidence
SEC complaint Complaint narrative, screenshots, call logs, loan agreement, statement of account, proof of harassment, proof collector is connected to lender
NPC complaint Notarized complaint form, screenshots of data misuse, app permissions, messages to contacts, proof of public posting, IDs
BSP complaint Provider complaint reference, account details, statement of account, screenshots, proof of unresolved complaint
Police/NBI cyber complaint Phone, screenshots, URLs, sender numbers, account names, voice recordings, witness screenshots, valid ID
Settlement negotiation Updated statement of account, proposed payment schedule, proof of prior payments, written settlement terms

How to Communicate With Collectors Safely

Use short, controlled messages. Avoid emotional replies.

Good phrases:

  • “Please send the complete statement of account and proof of authority to collect.”
  • “I dispute the unexplained charges. Please provide a breakdown.”
  • “Please communicate only through this number/email and during reasonable hours.”
  • “Do not contact third parties who are not guarantors or co-makers.”
  • “Any payment arrangement must be in writing and paid only through official channels.”
  • “I am preserving these communications for regulatory review.”

Avoid:

  • admitting to an amount you have not verified;
  • promising a date you cannot meet;
  • sending your new employer’s details;
  • sending additional IDs unless necessary and secure;
  • arguing through voice calls where there is no record;
  • paying a collector personally without official acknowledgment.

Frequently Asked Questions

Can a lending collector call me every day?

A collector may follow up, but repeated calls can become abusive depending on frequency, timing, language, and purpose. Calls with threats, insults, deception, or unreasonable-hour harassment may support a complaint.

Can I be arrested for not paying an online loan?

Not for ordinary unpaid debt alone. The Constitution prohibits imprisonment for debt. Arrest becomes a different issue only if there is a separate criminal case, lawful warrant, or criminal act such as fraud, threats, falsification, or cybercrime.

Can online lending apps message my contacts?

They should not message random contacts for debt collection. Regulators have warned that contact-list processing must not be excessive, and debt collection contact should be limited to proper guarantors where applicable.

What if my relative was only a character reference?

A character reference is not automatically a guarantor. A guarantor is someone who separately and clearly agreed to answer for the debt if the borrower defaults. Without that obligation, collection pressure against the reference is improper.

Is it legal for collectors to call my employer?

Usually, no, if the purpose is to shame or pressure you. Contacting an employer may expose your personal loan information and can become unfair collection or data privacy misuse.

Should I uninstall the loan app?

First save evidence, screenshots, account details, and payment history. Then revoke unnecessary permissions. Uninstalling may reduce further access, but make sure you retain records needed for complaints or payment disputes.

What if the lender is not SEC-registered?

Save proof that the app or company is operating. Report it to the SEC and, if personal data was misused, to the NPC. Unregistered status does not automatically erase every peso borrowed, but it creates serious regulatory issues for the lender.

Can I sue the collector for damages?

Depending on the facts, civil remedies may be available under the Civil Code. Articles 19, 20, and 21 require persons to act with justice, give everyone their due, observe honesty and good faith, and compensate others for willful or negligent acts contrary to law, morals, good customs, or public policy. (Lawphil)

What should I do if they already posted my photo or loan details online?

Take screenshots immediately, copy the URL, record the account name, and ask trusted contacts to preserve what they saw. Report the post to the platform, then prepare complaints with the SEC and NPC. If the post contains defamatory accusations or threats, preserve evidence for police, NBI, or prosecutor evaluation.

Should I still pay if the collector harassed me?

A collector’s misconduct does not automatically cancel a valid debt. Treat them as separate issues: dispute harassment and illegal charges through complaints, while verifying the legitimate balance and paying only through official channels under written terms.

Key Takeaways

  • A lender may collect a valid debt, but collectors cannot harass, threaten, shame, deceive, or misuse your personal data.
  • You cannot be jailed simply for unpaid civil debt in the Philippines.
  • SEC Memorandum Circular No. 18 prohibits unfair collection practices by lending and financing companies, including abusive third-party collectors.
  • RA 11765 protects financial consumers against abusive collection and gives rights to fair treatment, transparency, data privacy, and complaint redress.
  • Contact-list harassment by online lending apps is a serious privacy and consumer protection issue.
  • Save evidence before blocking collectors: screenshots, call logs, voice messages, URLs, and messages sent to relatives or employers.
  • File with the SEC for unfair debt collection, NPC for data privacy violations, BSP for BSP-supervised institutions, and police/NBI for threats, fake warrants, cyber harassment, or public shaming.
  • Verify the debt, demand a written breakdown, pay only through official channels, and get any settlement in writing.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

How to Request Personal Data Deletion from Online Lending Apps in the Philippines

If an online lending app in the Philippines keeps using your contacts, photos, IDs, messages, or other personal information after you paid, cancelled, or were denied a loan, you can formally request deletion or blocking of your personal data. Philippine law gives you a real process for this, but it is important to ask for the right thing, send it to the right entity, preserve evidence first, and understand what the app may legally keep, especially if you still have an unpaid loan.

What “personal data deletion” means under Philippine law

In the Philippines, the right most people call “data deletion” is legally known as the right to erasure or blocking. It comes from Section 16(e) of Republic Act No. 10173, or the Data Privacy Act of 2012.

This right allows you to request the suspension, withdrawal, blocking, removal, or destruction of your personal information from the filing system of a personal information controller, including live systems and backup systems.

For online lending apps, this may cover:

  • your name, phone number, email address, address, birthday, employment details, and ID copies;
  • selfies, face scans, proof-of-billing documents, and uploaded payslips;
  • device information, app logs, location data, and access history;
  • contact list data, character references, guarantor details, and metadata from your phone;
  • marketing profiles, credit-scoring inputs, and automated decision-making records;
  • personal data shared with collectors, affiliates, third-party processors, or debt collection agencies.

But deletion is not always “delete everything immediately.” A lending company may still retain data that is necessary for lawful purposes such as loan servicing, accounting, tax, regulatory compliance, credit reporting required by law, fraud investigation, or the establishment, exercise, or defense of legal claims.

The practical goal is to force the lender to stop unlawful or excessive processing and delete or block data that is no longer necessary.

Your legal rights against online lending apps

The Data Privacy Act protects borrowers, rejected applicants, references, and contacts

Under the Data Privacy Act, an online lending app is usually a personal information controller or PIC. This means it decides why and how your personal data is collected, used, stored, shared, and deleted.

A PIC must follow the general data privacy principles of:

Principle What it means in ordinary language
Transparency The app must clearly tell you what data it collects, why, how long it keeps it, and who receives it.
Legitimate purpose The app must use your data only for lawful and declared purposes.
Proportionality The app must collect only data that is necessary and not excessive.

Section 11 of the Data Privacy Act also states that personal information must be retained only for as long as necessary for the purpose for which it was obtained, for legal claims, for legitimate business purposes, or as provided by law.

This matters because many abusive lending apps collect far more than they need, especially contact lists, gallery access, social media contacts, and phone permissions.

Special NPC rules for loan apps

The National Privacy Commission issued NPC Circular No. 20-01, later amended by NPC Circular No. 2022-02, specifically for personal data processing in loan-related transactions.

These rules are important because they directly address online lending app abuses.

Under these NPC circulars:

  • online lending apps must not require unnecessary app permissions;
  • access to contact lists, camera, gallery, storage, or location must be suitable, necessary, and not excessive;
  • unbridled processing of contact lists is prohibited;
  • contact list access must not be used for harassment, debt shaming, or collection from persons who are not guarantors;
  • character references must not automatically be treated as guarantors;
  • a guarantor must separately consent to be a guarantor;
  • lending and financing companies must provide an option for a character reference to have their personal data removed as a character reference;
  • personal data must not be retained forever just because the company may want to use it later.

The 2026 DICT-NPC-SEC Public Advisory on Online Lending Platforms also reminds the public that unnecessary processing, excessive contact-list access, harassment, public shaming, and unfair debt collection practices are prohibited.

SEC rules also matter when the issue involves collection harassment

The Securities and Exchange Commission regulates lending companies under Republic Act No. 9474, the Lending Company Regulation Act of 2007, and financing companies under Republic Act No. 8556, the Financing Company Act of 1998.

The SEC also handles unfair debt collection complaints against lending and financing companies. Republic Act No. 11765, the Financial Products and Services Consumer Protection Act, strengthens consumer protection in financial products and services.

For data deletion, the main agency is the National Privacy Commission. For abusive collection, unregistered lending activity, threats, or harassment by a lending or financing company, the SEC may also be involved.

When you can request deletion from an online lending app

You may request deletion, blocking, or removal when you have substantial proof that your personal data is:

  • incomplete, outdated, false, or unlawfully obtained;
  • used for an unauthorized purpose;
  • no longer necessary for the purpose for which it was collected;
  • processed unlawfully;
  • processed despite your valid objection;
  • used in violation of your rights as a data subject.

Common examples include:

Situation What you can usually request
You paid the loan in full Deletion or blocking of data no longer needed, closure of account, removal from marketing and collection systems, and retention explanation for records they must keep.
Your loan application was denied Deletion of application data that is no longer necessary, especially uploaded IDs, selfies, employment documents, and app permissions data.
You cancelled before loan release Withdrawal of consent and deletion of unnecessary onboarding data.
The app accessed your contacts Deletion of harvested contacts and proof that contacts were not shared with collectors or affiliates.
Your relatives or officemates were contacted Removal of their data, disclosure of how their data was obtained, and cessation of processing.
You were listed as a character reference Removal of your personal data as a character reference.
You were wrongly treated as guarantor Removal from guarantor records unless you separately and expressly agreed to be one.

What the lending app may refuse to delete

A deletion request is stronger when it is realistic. Lending apps may deny deletion, wholly or partly, if the data is still necessary for:

  • the fulfillment of the loan contract;
  • collection of an existing unpaid obligation;
  • compliance with law or regulation;
  • accounting, tax, audit, or regulatory recordkeeping;
  • submission or correction of credit data where required by law;
  • fraud prevention or investigation;
  • establishment, exercise, or defense of legal claims;
  • legitimate business purposes consistent with proper retention standards.

For example, if you still owe money, the lender may keep your loan agreement, statement of account, repayment history, and identity verification records. But that does not mean it can keep your entire phonebook, shame you online, message your employer, or contact people who are not guarantors.

Step-by-step guide to request personal data deletion

1. Preserve evidence before deleting the app

Before revoking permissions or uninstalling the app, save proof. This is important because abusive apps may disappear, change names, or remove pages later.

Keep:

  • screenshots of the app name, logo, developer, and app store listing;
  • the privacy policy and consent screens;
  • screenshots of permissions requested by the app;
  • account number, loan reference number, and registered mobile number;
  • proof of full payment, cancellation, or denied application;
  • text messages, emails, chat messages, and call logs;
  • screenshots of messages sent to your contacts;
  • names and numbers of collectors, if visible;
  • proof that third persons were contacted or shamed;
  • copies of IDs or documents you uploaded, if available;
  • dates and times of incidents.

If relatives, officemates, or friends were contacted, ask them to save screenshots too. Their evidence can be very important.

2. Revoke unnecessary app permissions

After preserving evidence, revoke permissions in your phone settings.

For Android, check:

  • Settings → Apps → App name → Permissions
  • Remove access to Contacts, Camera, Photos, Files, Microphone, Location, SMS, and Phone where not necessary.

For iPhone, check:

  • Settings → Privacy & Security
  • Review Contacts, Photos, Camera, Location Services, Tracking, and Microphone permissions.

Revoking permissions does not automatically delete data already collected. It only stops or limits future access from your device. You still need to send a written deletion request.

3. Identify the legal company behind the app

Many online lending apps use trade names, app names, or collection names different from the registered company.

Look for the company’s:

  • registered corporate name;
  • SEC registration number;
  • Certificate of Authority number, if listed;
  • privacy policy;
  • Data Protection Officer or DPO email;
  • customer support email;
  • office address;
  • app developer name in Google Play or App Store;
  • collection agency name, if different.

You can check the SEC’s public information pages, including the SEC list of recorded online lending platforms, through the official SEC Philippines website and related lending and financing company pages. For complaints, the SEC now uses the iMessage SEC portal.

4. Send a written data subject request

Send your request by email, in-app support ticket, registered mail, courier, or any official channel listed in the privacy notice. Email is usually fastest, but keep proof that it was sent.

Use a subject line like:

Request for Erasure/Blocking of Personal Data under RA 10173 – [Your Name] – [Registered Mobile Number]

Your request should include:

  1. your full name;
  2. registered mobile number and email used in the app;
  3. loan reference number or account ID, if any;
  4. clear statement that you are exercising your right to erasure or blocking;
  5. specific data you want deleted or blocked;
  6. reason for deletion;
  7. request for confirmation of deletion;
  8. request for a list of third parties who received your data;
  9. request to notify those third parties of the deletion;
  10. attachments proving identity and supporting facts.

5. Ask for access and deletion together when needed

If you are not sure what data the app collected, combine your deletion request with a right of access request.

Ask the lending app to disclose:

  • what personal data it collected;
  • where it obtained the data;
  • why it processed the data;
  • who received it;
  • whether collectors, affiliates, or overseas processors received it;
  • how long it will be retained;
  • whether automated credit scoring or profiling was used;
  • whether contact-list data was copied, stored, or shared.

This is useful because many borrowers do not know whether the app actually uploaded contacts or merely accessed them temporarily.

6. Attach only necessary proof of identity

The app may verify that you are the correct data subject. That is allowed. But it should not demand excessive new personal data just to process your request.

Practical attachments may include:

  • one valid ID, with unnecessary details covered where possible;
  • screenshot of your app account;
  • proof of payment or account closure;
  • screenshots of offending messages;
  • authorization letter or Special Power of Attorney if another person is filing for you.

Avoid sending a full set of new IDs, selfies, bank statements, or passwords unless truly necessary. Data minimization applies both ways.

7. Wait for the proper response period

Under NPC Advisory No. 2021-01 on Data Subject Rights, a personal information controller should comply with data subject requests without undue delay, and not beyond 30 working days after receiving the request and necessary documents. If the request is complex or numerous, it may be extended by up to another 15 working days, but you should be informed of the reason.

For an NPC complaint, however, the NPC Rules of Procedure require exhaustion of remedies. This means you generally need to show that you first informed the company in writing and gave it an opportunity to act. The NPC’s mechanics for complaints state that if the respondent fails to take timely or appropriate action, or there is no response within 15 calendar days from receipt of your written notice, proof of this must be attached to the complaint.

A practical approach is:

  • ask the lender to acknowledge and stop unlawful processing within 15 calendar days;
  • allow the full data subject rights response period for complete deletion or explanation;
  • prepare an NPC complaint if there is no response, an unreasonable denial, continued harassment, or continued unlawful processing.

Sample deletion request you can adapt

Subject: Request for Erasure/Blocking of Personal Data under RA 10173

To the Data Protection Officer / Privacy Office:

I am exercising my right to erasure or blocking under Section 16(e) of Republic Act No. 10173, the Data Privacy Act of 2012, and applicable NPC issuances on loan-related transactions.

Name: [Full name] Registered mobile number: [Number] Registered email: [Email] Loan/account reference number: [If available] App name: [App name]

I request the deletion, blocking, or removal of my personal data that is no longer necessary, unlawfully obtained, excessive, or used for unauthorized purposes, including any contact-list data, uploaded photos, device permissions data, marketing profile, and data shared with collectors, affiliates, or third-party processors beyond what is legally necessary.

I also withdraw consent for marketing, cross-selling, contact-list processing, and disclosure to third parties not necessary for lawful loan servicing or legal compliance.

Please confirm in writing:

  1. what personal data you currently hold about me;
  2. the purpose and legal basis for each category of data retained;
  3. the recipients or third parties to whom my data was disclosed;
  4. what data has been deleted, blocked, or retained;
  5. the legal basis and retention period for any data you refuse to delete;
  6. whether my contact list, character references, or guarantor information were accessed, stored, or shared; and
  7. whether third parties who received my data have been instructed to delete, block, or stop processing it.

Attached are documents supporting my identity and request. Please respond within the period required by NPC rules and advisories.

[Name] [Date]

Documents, timelines, and where to file

Purpose Where to send/file Key documents Practical timeline
Initial deletion request Lending app DPO, privacy email, support email, in-app ticket, registered mail, or courier ID, account details, screenshots, proof of payment or cancellation Acknowledgment may vary; full response should generally be within 30 working days, extendible by 15 working days for complex requests
NPC privacy complaint National Privacy Commission Notarized complaint-affidavit, proof of written notice, evidence, IDs, affidavits if available NPC evaluates sufficiency; respondent may be required to comment if given due course
SEC unfair collection complaint SEC through iMessage SEC Loan documents, screenshots, call logs, proof of harassment, app details Ticket-based handling; timeline depends on completeness and agency action
Cyber harassment, threats, fraud, or scams DICT Cyber Hotline, NBI Cybercrime Division, PNP Anti-Cybercrime Group, local police where appropriate Screenshots, links, numbers, names, call logs, account details, affidavits Urgent threats should be documented immediately
Barangay or police blotter Barangay or police station Screenshots, witnesses, IDs Useful for documenting harassment, but it does not replace NPC or SEC complaints

How to file a complaint with the National Privacy Commission

If the lending app ignores your request, refuses without a valid reason, continues using your data, or keeps harassing your contacts, you may file a formal complaint with the NPC.

The NPC’s official filing a complaint page requires a complaint in the proper format. The NPC has also implemented updated complaint-affidavit templates, so use the latest form from the NPC website before filing.

In general, you need:

  • a completed complaint-affidavit or verified complaint;
  • notarization;
  • your evidence;
  • proof that you first informed the company in writing;
  • proof of no response, inadequate response, or continued violation;
  • witness affidavits, if available;
  • proof of identity;
  • Special Power of Attorney if someone else files for you.

You may file personally, by registered mail, by courier, or by email if authorized by the NPC. Electronic submissions should be in PDF format where practicable and must comply with NPC rules on electronic filing.

For OFWs, Filipinos abroad, and foreigners outside the Philippines, the NPC Rules of Procedure allow complaints filed from outside the Philippines, but notarization may need to be done through a Philippine Embassy or Consulate, or with an apostille certificate from the country of origin, depending on the document and place of execution.

Common problems and how to handle them

The app says it cannot delete anything because you borrowed money

That is too broad. If you still owe money, the lender may retain records necessary for the loan, collection within legal limits, accounting, and legal claims. But it must still justify retention and should not keep excessive data.

A better response is:

  • request deletion of contact-list data, gallery data, marketing data, and excessive app permissions data;
  • request blocking of data not needed for collection;
  • request the retention period and legal basis for loan records;
  • request that third-party collectors stop processing data not necessary for lawful collection.

The loan is fully paid but the app keeps calling your contacts

Once the loan is fully settled, collection-related processing should stop. Ask for account closure, deletion of unnecessary data, removal from collection systems, and confirmation that collectors and processors were instructed to stop.

Attach proof of full payment. If they keep contacting third parties, preserve screenshots and escalate to NPC and SEC.

You were only a character reference

A character reference is not automatically a guarantor. NPC Circular No. 2022-02 states that character references should be informed that they were chosen, told how their details were obtained, and given the option to have their personal data removed.

Your request can be short:

“I did not borrow from your company and did not agree to be contacted for collection. Please remove my name and number as a character reference and confirm deletion or blocking of my personal data.”

The app claims your consent allowed contact-list access

Consent must be freely given, specific, informed, and tied to a legitimate purpose. Blanket consent hidden in a long privacy policy is weak if the processing is excessive or used for harassment.

NPC rules specifically prohibit unbridled contact-list processing. Even if you clicked “Allow,” the app cannot use that permission to shame you, pressure relatives, or collect from persons who are not guarantors.

The app is not registered or uses a fake company name

Unregistered or hard-to-trace apps are common. Still preserve evidence and file complaints using all identifying details available:

  • app name;
  • package name or app store link;
  • developer name;
  • phone numbers used;
  • GCash, bank, or payment channels;
  • collection messages;
  • privacy policy link;
  • screenshots of ads and social media pages.

Report the data privacy issue to NPC, the lending/collection issue to SEC, and threats or scams to cybercrime authorities.

You are a foreigner who used a Philippine lending app

The Data Privacy Act protects data subjects, not only Filipino citizens. If a Philippine lending app or Philippine-based company processed your personal data, you may exercise data subject rights. For formal complaints filed from abroad, expect identity verification and possible notarization, consular acknowledgment, or apostille requirements.

What not to do

Avoid these common mistakes:

  • Do not delete the app before saving evidence.
  • Do not rely only on phone calls; send a written request.
  • Do not send unnecessary IDs, selfies, or bank documents.
  • Do not admit to facts you dispute just to get deletion.
  • Do not threaten the company with false accusations.
  • Do not ignore a legitimate unpaid loan; deletion rights do not erase debt.
  • Do not file an NPC complaint without proof that you first notified the company, unless there is a strong reason why prior notice was not possible or safe.
  • Do not confuse a character reference with a guarantor. A guarantor must separately agree to answer for the debt.

Frequently Asked Questions

Can I ask an online lending app to delete my data after I fully pay my loan?

Yes. After full payment, you can request account closure and deletion or blocking of personal data no longer necessary. The lender may retain some records for legal, accounting, tax, regulatory, or claims-related purposes, but it should explain what it is keeping, why, and for how long.

Can I request deletion if I still have an unpaid loan?

Yes, but the lender may retain data necessary for lawful collection and legal claims. You can still request deletion or blocking of excessive data, especially contact-list data, gallery access data, marketing data, and information about people who are not guarantors.

Can the app contact everyone in my phonebook?

No. NPC rules prohibit unbridled contact-list processing. For debt collection, lending and financing companies may contact the guarantor. Contacting people in your contact list who were not named as guarantors is prohibited under NPC rules and may also violate SEC rules on unfair debt collection.

Is a character reference responsible for my loan?

No. A character reference is not automatically a guarantor. A guarantor must expressly agree to be responsible for the borrower’s obligation in case of default. If a lending app treats a character reference as a guarantor without separate consent, that is a serious red flag.

How long should the lending app take to answer my deletion request?

Under NPC Advisory No. 2021-01, the PIC should act without undue delay and generally not beyond 30 working days after receiving the request and necessary documents. For complex or numerous requests, it may extend by up to 15 working days, but it should notify you of the reason.

What if the lending app ignores me?

Save proof of your written request and proof of receipt or sending. If there is no response, an inadequate response, or continued unlawful processing, prepare an NPC complaint. For collection harassment, also file with the SEC through iMessage SEC.

Can I make the app delete my data from its collectors and affiliates?

You can request that the lending app inform third parties who received your personal data of the erasure or blocking. The PIC remains accountable for personal data under its control or custody, including data processed by third-party processors.

Can I file a complaint even if I am abroad?

Yes, but formal documents executed abroad may need consular notarization or an apostille. If someone in the Philippines files for you, prepare a specific authorization or Special Power of Attorney.

Is uninstalling the app enough?

No. Uninstalling may stop some future access, but it does not delete data already collected, copied, uploaded, or shared. Send a written deletion or blocking request and preserve evidence before uninstalling.

Can I demand deletion of negative credit records?

Not automatically. If the data is accurate and lawfully reported under applicable credit or financial regulations, the lender may have a legal basis to retain or report it. If the information is false, outdated, excessive, or unlawfully processed, request correction, blocking, or deletion and attach proof.

Key Takeaways

  • The Philippine legal right to “delete my data” is the right to erasure or blocking under the Data Privacy Act.
  • Online lending apps cannot collect or keep excessive data, and unbridled contact-list processing is prohibited.
  • A deletion request does not erase a valid debt, but it can stop unlawful use of contacts, photos, IDs, marketing data, and unnecessary app permissions data.
  • Send a written request to the lending app’s DPO or official privacy channel and keep proof of sending.
  • The app generally has up to 30 working days to comply with a data subject request, with a possible 15-working-day extension for complex requests.
  • Before filing with the NPC, preserve proof that you first informed the company in writing and gave it an opportunity to act.
  • File with the NPC for data privacy violations and with the SEC for unfair debt collection or unauthorized lending activity.
  • Character references are not guarantors, and guarantors must separately consent to be responsible for the loan.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Can Online Lending Apps Contact Your Employer? Philippine Borrower Rights Explained

An online lending app cannot legally call your employer just to shame you, pressure you to pay, or tell HR that you have an unpaid loan. Philippine rules allow lenders to collect legitimate debts, but collection must be lawful, fair, and respectful of your privacy. The key question is not simply “Did I owe money?” but “How did the lending app use my personal data, and did it disclose my debt to people who had no legal reason to know?” Philippine regulators have repeatedly flagged online lending platforms for harassment, intimidation, public shaming, and unlawful use of personal data in collection practices.

Can online lending apps contact your employer in the Philippines?

Generally, no, not for debt collection, harassment, or public shaming.

An online lending app, lending company, financing company, or third-party collector may not contact your employer, supervisor, HR department, co-workers, relatives, or phone contacts to pressure you into paying, embarrass you, threaten your job, or disclose your loan details.

The DICT, National Privacy Commission (NPC), and Securities and Exchange Commission (SEC) stated in their 2026 public advisory that contacting persons in the borrower’s contact list, other than those named as guarantors, is prohibited for debt collection. The advisory also states that, for debt collection, lending companies, financing companies, and persons acting for them may only contact the guarantor.

This means an online lending app crosses the line when it sends messages like:

  • “Your employee refuses to pay. Please discipline him.”
  • “We will report this borrower to HR.”
  • “This person is a scammer and has unpaid debt.”
  • “Tell your employee to pay today or we will keep calling the office.”
  • “We will post this borrower’s ID and company details online.”

Even if you owe money, the lender’s remedy is to collect lawfully, report to proper credit channels when allowed, negotiate payment, or file the proper civil case. It cannot turn your employer into a collection tool.

When contacting an employer may be allowed

There are limited situations where a lender may communicate with an employer or workplace-related contact, but the contact must be specific, necessary, proportionate, and properly disclosed.

Situation Usually allowed? Important limit
Employment verification during loan application Sometimes The lender should only verify relevant employment or income information and should not disclose unnecessary loan details.
Employer is part of a salary loan or payroll deduction arrangement Sometimes There must be a valid arrangement and borrower authorization; processing must stay within that purpose.
Employer or HR officer was named only as a character reference Limited A character reference is for identification or verification, not debt collection.
Employer personally signed as guarantor or co-maker Yes, if true A guarantor must have expressly consented to assume responsibility for the loan.
Collector calls HR to shame or pressure the borrower No This is likely unfair collection and may violate privacy rules.
Collector threatens to get the borrower fired No A collector cannot threaten action it has no legal right to take.
Court, lawful government order, or proper legal process Possible The disclosure must follow the exact legal authority and scope.

The 2026 advisory is clear that online lending platforms must separate character references from guarantors. Character references are provided for identification or verification purposes, while guarantors are persons who expressly consent to assume responsibility for the loan in case of default.

The legal basis: borrower privacy and fair collection rules

Data Privacy Act of 2012: your loan information is personal data

Republic Act No. 10173, or the Data Privacy Act of 2012, protects personal information in government and private-sector information systems. The law defines personal information broadly as information from which a person’s identity is apparent or can be reasonably and directly ascertained. It also defines consent as a freely given, specific, and informed indication of will, evidenced by written, electronic, or recorded means. (National Privacy Commission)

Loan-related data can include:

  • your name, phone number, address, and ID;
  • your employer, job title, and salary details;
  • your loan amount, due date, penalties, and payment history;
  • screenshots of your ID, face, payslip, or company ID;
  • your character references and guarantors;
  • your phone contacts if the app accessed them.

Under the Data Privacy Act, data processing must have a lawful basis and must be limited to a declared purpose. A lender cannot collect one set of data for loan verification, then use it later to shame you before your employer or co-workers.

The law also gives data subjects rights to dispute inaccurate data and to seek blocking, removal, or destruction of personal information that is unlawfully obtained, used for unauthorized purposes, or no longer necessary for the purpose for which it was collected. (National Privacy Commission)

NPC rules on loan-related data

The NPC issued Circular No. 20-01 on the processing of personal data for loan-related transactions after receiving complaints that online lending apps were illegally using borrowers’ personal data and contact lists in ways that damaged reputations and violated data subject rights. (National Privacy Commission)

The NPC later amended those guidelines through NPC Circular No. 2022-02, covering the processing of personal data for evaluating loan applications, granting loans, collecting loans, closing loan accounts, character references, and guarantors. (National Privacy Commission)

A practical way to understand the rule is this:

  • A lender may collect data needed to evaluate and administer a loan.
  • It may contact a proper guarantor for collection if that person truly agreed to be responsible.
  • It may not harvest your contact list and blast messages to people who never agreed to be involved.
  • It may not use your employer’s name, HR number, or office contact details as leverage to shame you.

SEC rules on unfair debt collection

SEC Memorandum Circular No. 18, Series of 2019, applies to financing companies, lending companies, and third-party service providers hired by them. It allows reasonable and legally permissible collection, but requires good faith and prohibits unscrupulous or untoward acts.

The SEC circular treats the following as unfair collection practices:

  • use or threat of violence or other criminal means to harm a person’s body, reputation, or property;
  • threats to take action that cannot legally be taken;
  • obscenities, insults, or profane language meant to abuse the borrower;
  • disclosure or publication of names and personal information of borrowers who allegedly refuse to pay;
  • communicating or threatening to communicate false loan information, including failing to say that the debt is disputed;
  • false representation or deceptive means to collect a debt;
  • contacting persons in the borrower’s contact list other than named guarantors or co-makers.

The same circular says lenders must keep borrower data strictly confidential for collection purposes, subject only to specific exceptions such as borrower consent, disclosure to authorized credit information channels, court or government orders, collection agencies or counsel enforcing the lender’s rights, service providers, or insurers for limited purposes.

Lending companies must be regulated

Online lending platforms usually operate through lending companies or financing companies. Lending companies are regulated under Republic Act No. 9474, the Lending Company Regulation Act of 2007, while financing companies are regulated under Republic Act No. 8556, the Financing Company Act of 1998. The SEC lists Memorandum Circular No. 18, Series of 2019, and Memorandum Circular No. 19, Series of 2019, under its financing and lending companies issuances. (Lawphil)

Republic Act No. 11765, or the Financial Products and Services Consumer Protection Act, also strengthens protection for consumers of financial products and services, including those offered or marketed by financial service providers. (Lawphil)

What if the lending app says you “gave consent”?

Many online lending apps hide broad consent clauses in long terms and conditions. They may claim that because you tapped “I agree,” they can contact your employer, relatives, Facebook friends, or phone contacts.

That is not how proper consent works.

Under the Data Privacy Act, consent must be freely given, specific, and informed. The 2026 government advisory warns borrowers to watch out for deceptive design patterns such as pre-ticked boxes, interfaces that make consent easy to give but difficult to withdraw, or designs that push users toward more personal data processing while hiding privacy-protective choices.

Also, SEC Memorandum Circular No. 18 says that, notwithstanding the borrower’s consent, contacting persons in the borrower’s contact list other than named guarantors or co-makers is an unfair debt collection practice.

So even if the app flashes “You consented,” ask:

  1. Consent to what exact act?
  2. Was it only for verification, or also for debt collection?
  3. Was the employer a guarantor or merely employment information?
  4. Did the lender disclose your debt to people who had no need to know?
  5. Did the app use pressure, threats, or shaming?

Broad, vague, or forced consent does not automatically legalize abusive collection.

Can you be jailed for not paying an online loan?

For ordinary unpaid debt, no. The 1987 Philippine Constitution states that no person shall be imprisoned for debt or non-payment of a poll tax. (Lawphil)

A lending app cannot truthfully say:

  • “We will have you arrested today.”
  • “Police are coming to your office.”
  • “You will go to jail if you do not pay by 5 p.m.”
  • “We filed a criminal case because you are late.”

A lender may file a civil collection case if it has a valid claim. A criminal case may arise only when there are separate criminal acts, such as fraud, falsification, identity theft, or issuance of bouncing checks under applicable laws. Simple inability to pay a loan is not automatically a crime.

What to do if an online lending app contacted your employer

Act quickly, but stay organized. Regulators and investigators need clear proof.

1. Preserve evidence before it disappears

Save:

  • screenshots of messages to you, your employer, HR, co-workers, or family;
  • screenshots showing the sender’s number, profile, app name, and date/time;
  • call logs showing repeated calls;
  • emails from HR or co-workers confirming what was received;
  • the loan agreement, disclosure statement, privacy notice, and app screenshots;
  • proof of payments, if any;
  • app permissions showing access to contacts, photos, SMS, camera, or storage.

Be careful with secret call recordings. Republic Act No. 4200, the Anti-Wiretapping Law, prohibits secretly recording private communications without authorization from all parties to the communication. (Lawphil)

2. Tell the lender in writing to stop improper contact

Send a short written message through the app, email, or official customer service channel:

I am requesting that you stop contacting my employer, HR department, co-workers, relatives, and phone contacts for debt collection. Any loan-related communication should be directed to me or to a lawful guarantor, if any. I dispute any disclosure of my personal loan information to unauthorized third parties and request a copy of your privacy notice, loan agreement, and basis for processing my employer’s information.

Keep proof that you sent it.

This written notice is useful because the NPC complaint process generally requires exhaustion of remedies: the complainant must first inform the respondent in writing of the privacy violation or personal data breach and allow the respondent to address it. If the respondent does not take timely or appropriate action, or fails to respond within 15 calendar days from receipt, proof of that written notice should be attached to the complaint. (National Privacy Commission)

3. Notify HR calmly

You do not need to reveal every personal detail. A practical HR message can say:

I am dealing with an online lending app that appears to be contacting third parties improperly. Please do not disclose my employment records, salary, schedule, personal contact details, or disciplinary information to callers claiming to be collectors unless there is a verified lawful basis or proper legal process. Please forward any messages or call details to me for documentation.

This protects you from rumors and helps HR treat the call as a privacy and security issue, not workplace misconduct.

4. File a complaint with the SEC for unfair debt collection

For abusive collection by a lending company, financing company, or online lending platform, file with the Securities and Exchange Commission, particularly the Financing and Lending Companies Department. The 2026 advisory identifies SEC as the authority for unfair debt collection practices and points the public to SEC’s iMessage platform and hotline 1-4732 or 1-4SEC.

The SEC iMessage platform is the SEC’s official web-based ticketing system for submitting complaints, reports, and requests, and it allows users to open a new ticket and check ticket status. (Securities and Exchange Commission)

Attach:

  • screenshots of the employer contact;
  • screenshots of threats, shaming, or false statements;
  • the name of the app and corporate operator, if known;
  • your loan agreement or disclosure statement;
  • proof that the collector contacted your workplace;
  • your written demand to stop contacting third parties.

5. File a privacy complaint with the NPC

If the issue involves unlawful processing, excessive access to contacts, disclosure of loan details, use of employer information, or harassment through personal data, file with the National Privacy Commission.

The NPC’s filing page states that a formal complaint must be in the required format, printed and filled out, notarized, and submitted in person, by courier, or by scanned email to the NPC complaints address. (National Privacy Commission)

The NPC mechanics page says a complaint should include copies of evidence and witness affidavits, and that insufficient evidence may cause outright dismissal. (National Privacy Commission)

NPC Circular No. 2023-01 lists a ₱500 filing fee for complaints, with additional fees if claims for damages are included.

6. Report threats, scams, or cyber harassment when needed

If the collector threatens violence, uses identity theft, fake police documents, extortion, or online shaming, you may also report to law enforcement.

The 2026 government advisory identifies these channels for other forms of harassment, threats, frauds, and scams:

Issue Office mentioned in the advisory
Cyber threats, scams, or harassment DICT Cyber Hotline
Cybercrime investigation NBI Cybercrime Division
Online threats or anti-cybercrime concerns PNP Anti-Cybercrime Group

The same advisory lists the relevant email addresses and contact numbers for these offices.

Depending on the facts, abusive collectors may expose themselves to liability under the Revised Penal Code for threats, coercions, unjust vexation, oral defamation, or libel; and under Republic Act No. 10175, the Cybercrime Prevention Act of 2012, if defamatory or unlawful acts are committed through a computer system. In Disini v. Secretary of Justice, the Supreme Court discussed cyber libel under RA 10175 in relation to libel under the Revised Penal Code. (Lawphil)

Practical documents checklist

Document or proof Why it matters
Screenshot of the collector’s message to employer Shows unauthorized third-party contact
HR email or written confirmation Proves the workplace actually received the communication
Call logs Shows repeated or harassing contact
Loan agreement and disclosure statement Identifies lender, amount, terms, and consent clauses
Privacy notice or app consent screen Shows what data use was disclosed
App permission screenshots Shows whether the app requested contacts, photos, camera, SMS, or storage
Payment receipts Helps correct exaggerated or false balance claims
Written demand to stop contacting employer Supports exhaustion of remedies for NPC filing
Affidavit of borrower or witness Useful for formal complaints and investigations
Police blotter, if threats were made Useful when there are threats, extortion, or safety concerns

Common real-life scenarios

“The app called HR and said I am a scammer.”

That is not legitimate collection. Accusing a borrower of being a scammer, thief, or criminal before HR may be defamatory, may be unfair debt collection, and may involve unauthorized disclosure of personal loan information. Preserve the message and ask HR for a copy.

“They said they will report me to my employer if I do not pay today.”

A threat to report your private debt to your employer as pressure for payment is highly problematic. SEC rules prohibit threats to take action that cannot legally be taken and prohibit conduct that harms reputation or property through unfair collection.

“I listed my employer in the application. Does that mean they can call?”

Not automatically. Employment information may be relevant for verification, but that does not mean the lender may disclose your delinquency to HR or use your employer for collection. The purpose matters.

“My boss received a message because the app accessed my contacts.”

That is exactly the type of practice regulators have warned against. The NPC has stated that online lenders are prohibited from harvesting phone and social media contact lists for harassing delinquent borrowers, and the 2026 advisory prohibits unauthorized, excessive, or disproportionate processing of borrowers’ contact lists. (National Privacy Commission)

“The collector is from an agency, not the lending app.”

The lender may still be responsible. SEC Memorandum Circular No. 18 states that financing and lending companies may outsource collection to third-party service providers, but the ultimate responsibility for collection practices and compliance remains with the financing or lending company.

“I am an OFW or foreigner outside the Philippines.”

You can still preserve digital evidence and file written complaints. If documents must be notarized abroad for use in the Philippines, check whether the document needs consular acknowledgment or apostille depending on where it is executed and what the receiving office requires. For NPC complaints, the formal complaint process requires notarization and supporting evidence, so overseas complainants should plan for authentication and scanning time.

Frequently Asked Questions

Can online lending apps call my employer in the Philippines?

They generally cannot call your employer to collect, shame you, disclose your unpaid loan, or pressure HR to discipline you. Limited verification may be allowed if necessary and properly disclosed, but debt collection through your employer is a different matter.

Can a lending app message my boss on Facebook or Messenger?

No, not for harassment or debt collection. Messaging your boss about your unpaid loan may be an unauthorized disclosure of personal information and an unfair collection practice, especially if your boss is not a guarantor or co-maker.

What if my employer was listed as my character reference?

A character reference is not the same as a guarantor. Under the 2026 advisory, character references are for identification or verification, while guarantors must expressly consent to assume responsibility for the loan in case of default.

Can the lending app contact my guarantor?

Yes, if that person truly agreed to be a guarantor. A guarantor is someone who expressly consented to answer for the loan if you default. The lender should not treat random contacts, HR officers, or co-workers as guarantors.

Can I be fired because an online lending app contacted my employer?

A private debt is not automatically a valid ground for dismissal. If your employer takes action, it must still comply with Philippine labor rules on just or authorized causes and due process. The more immediate concern is stopping unauthorized disclosure and documenting the collector’s conduct.

Can an online lending app post my name, ID, or company online?

No. SEC rules prohibit disclosure or publication of names and personal information of borrowers who allegedly refuse to pay, except as allowed under the confidentiality rules. Public shaming may also raise privacy, defamation, and cybercrime issues.

Should I delete the lending app?

Do not delete it before saving evidence. First screenshot the loan details, privacy notice, permissions, messages, repayment history, and company name. After preserving evidence, you may review and revoke unnecessary app permissions.

Where do I complain if the app contacted my employer?

For unfair collection, file with the SEC through iMessage or the SEC Financing and Lending Companies Department. For privacy violations, file with the NPC. For threats, scams, identity theft, or cyber harassment, consider reporting to DICT, NBI Cybercrime Division, or PNP Anti-Cybercrime Group. (Securities and Exchange Commission)

Do I still have to pay if the lender violated my privacy?

A privacy or collection violation does not automatically erase a valid debt. However, it may give you grounds to complain, demand that unlawful processing stop, dispute improper charges or false claims, and seek appropriate remedies. Keep the debt issue separate from the harassment issue.

Key Takeaways

  • Online lending apps may collect debts, but they must do it lawfully.
  • They generally cannot contact your employer, HR, boss, or co-workers to shame you or pressure payment.
  • A character reference is not a guarantor.
  • A guarantor must expressly consent to be responsible for the loan.
  • Broad app consent does not automatically allow harassment, contact-list blasting, or workplace shaming.
  • Save screenshots, call logs, HR confirmations, loan documents, app permissions, and payment proof.
  • Send a written demand to stop third-party contact before filing with the NPC when possible.
  • File unfair collection complaints with the SEC and privacy complaints with the NPC.
  • You cannot be jailed merely for ordinary non-payment of debt.
  • Do not secretly record private calls without proper consent; preserve evidence through lawful screenshots, logs, emails, and affidavits.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

What to Do If an Unauthorized Loan Appears in Your Lending App Account

Seeing a loan balance in a lending app that you never applied for is not something to brush aside. In the Philippines, you should treat it as three problems at once: a disputed debt, a possible identity theft or account-takeover incident, and a possible data privacy violation. Your first goals are to preserve evidence, stop further unauthorized access, formally dispute the loan, prevent wrongful collection or credit reporting, and escalate to the correct government office if the app or lender does not act properly.

Is an Unauthorized Loan Legally Binding in the Philippines?

A loan is still a contract. Under the Civil Code, a contract requires a “meeting of minds” between the parties, and the essential requisites are consent, a certain object, and cause or consideration. Consent is shown by a valid offer and acceptance. A person generally cannot bind another person to a contract without authority, and a contract entered into in another person’s name without authority may be unenforceable unless properly ratified. (Lawphil)

In practical terms, this means a lending app or collection agent should not simply say, “It is in your account, so you must pay.” They should be able to show how the loan was applied for, who accepted the terms, what identity verification was used, where the money was disbursed, and what proof shows that you actually consented.

An unauthorized loan may happen because:

  • Someone accessed your lending app account using your mobile number, email, password, OTP, or SIM.
  • Someone used your ID, selfie, or personal details to create or verify an account.
  • The app processed a loan after confusing or misleading screens.
  • A prior borrower entered your number or details by mistake.
  • A debt collector is using false or incomplete information.
  • A legitimate account exists, but the specific loan transaction was not authorized.

The most important point: do not admit the debt casually. Avoid messages like “I will pay later” or “I just need more time” if your position is that you never borrowed the money. Say clearly and consistently that the loan is unauthorized and disputed.

Your Key Rights Under Philippine Law

You Have the Right to Dispute a Loan You Did Not Authorize

Lending companies are regulated under the Lending Company Regulation Act of 2007, or Republic Act No. 9474, which recognizes the State’s power to regulate lending companies and prevent unfair or prejudicial practices against borrowers. (Supreme Court E-Library)

Digital lending also falls within broader financial consumer protection rules. The Financial Products and Services Consumer Protection Act, Republic Act No. 11765, covers financial products and services accessed through digital channels, and gives financial regulators such as the SEC and BSP authority to act against unfair, unreasonable, abusive, or deceptive practices. It also recognizes that financial service providers may be responsible for acts or omissions of their agents and representatives. (Supreme Court E-Library)

If you did not authorize the loan, your dispute should focus on facts:

  • You did not apply for the loan.
  • You did not consent to the loan terms.
  • You did not receive or benefit from the money, or if money was sent to your account, you did not request it and have not used it.
  • You are requesting investigation, suspension of collection, and correction of records.

You Have Data Privacy Rights

Unauthorized lending app loans often involve personal data: names, phone numbers, IDs, selfies, contacts, device information, or location data. The Data Privacy Act of 2012, Republic Act No. 10173, protects personal information in both government and private information systems, and data subjects have rights over the processing of their personal data. (National Privacy Commission)

A March 2026 public advisory by the DICT, National Privacy Commission, and SEC specifically warned online lending platforms against excessive data processing, unnecessary app permissions, and abusive use of contact lists. It stated that online lending platforms should not contact persons in a borrower’s contact list except legitimate guarantors, and guarantors must separately and expressly consent.

This matters because many victims of unauthorized lending app loans are harassed not only personally, but through family members, coworkers, employers, or random phone contacts. That conduct may become both a debt-collection issue and a data privacy issue.

Debt Collectors Cannot Use Harassment, Public Shaming, or False Threats

SEC Memorandum Circular No. 18, Series of 2019, prohibits unfair debt collection practices by financing and lending companies. These include threats, insults, obscene or profane language, false representations, disclosure or publication of borrower information, contacting people other than guarantors or co-makers, and communicating false loan information, including failing to say that a debt is disputed. The circular also provides penalties, which may include fines, suspension, or revocation of authority depending on the violation.

If collectors call your contacts, post your name online, threaten to report you to your employer, send edited photos, or say you will be arrested for a disputed app loan, preserve those messages. Those details are often more useful in a complaint than a general statement that you were “harassed.”

Identity Theft, Account Takeover, and Financial Account Scams May Be Criminal Issues

If someone used your identity, phone, bank account, e-wallet, access credentials, or OTP to obtain a loan, the issue may go beyond civil debt. Depending on the facts, it may involve cybercrime, misuse of access devices, fraud, or financial account scamming.

The Access Devices Regulation Act of 1998, Republic Act No. 8484, covers access devices such as account numbers, cards, codes, PINs, or other means of account access used to obtain money, goods, services, or transfer funds. It also recognizes unauthorized or fraudulently applied-for access devices. (Lawphil)

The Anti-Financial Account Scamming Act, Republic Act No. 12010, covers financial accounts such as deposits, transaction accounts, e-wallets, and other accounts used for financial products or services. It penalizes acts such as social engineering schemes and opening or using accounts under another person’s identity, and it allows temporary holding of disputed funds in certain circumstances. (Lawphil)

What to Do Immediately If an Unauthorized Loan Appears

1. Preserve Evidence Before Deleting the App

Do not uninstall the app until you have captured the evidence. Deleting the app too early can make it harder to prove what appeared in your account.

Take screenshots or screen recordings showing:

  • The app name and account profile.
  • Loan amount, loan ID, reference number, and date of loan release.
  • Repayment schedule, interest, penalties, and charges.
  • Any digital contract, disclosure statement, or terms and conditions.
  • Disbursement details, including bank, e-wallet, or recipient account if visible.
  • Collection messages, call logs, SMS, emails, in-app notices, and push notifications.
  • App permissions requested or granted, especially contacts, camera, gallery, SMS, phone, and location.
  • App store page, developer name, website, and customer service details.
  • SEC registration, certificate of authority, or lending company name shown in the app.

Save copies in more than one place, such as cloud storage and an external drive. If harassment is happening, keep the original messages and call logs. Do not rely only on screenshots if the actual message thread can still be preserved.

2. Secure Your Phone, Email, SIM, E-Wallets, and Bank Accounts

An unauthorized lending app loan may be a symptom of a wider compromise.

Do these immediately:

  1. Change the password of the lending app account, email account, e-wallet, online banking, and social media accounts connected to your phone number.
  2. Enable multi-factor authentication where available.
  3. Log out of other devices.
  4. Check whether your SIM recently lost signal, which may suggest SIM swap or unauthorized SIM activity.
  5. Call your telco if you suspect SIM replacement, lost SIM access, or OTP interception.
  6. Review bank and e-wallet transaction histories for unfamiliar transfers.
  7. Revoke unnecessary app permissions, especially contacts and SMS access.
  8. Scan your phone for suspicious apps or malware.

If loan proceeds were deposited into your bank or e-wallet account without your request, do not spend the money. Spending it can make the dispute harder. Report it immediately to the lender and the bank or e-wallet provider, and ask for a documented process to reverse, hold, or return the funds.

3. Send a Formal Written Dispute to the Lending App or Company

Do not rely only on phone calls. Send a written complaint through the app, official email, website form, and any customer support channel available. Use a clear subject line:

Formal Dispute: Unauthorized Loan in My Account — Request for Investigation and Suspension of Collection

Your message should include:

  • Your full name, registered mobile number, and email address.
  • Loan ID, amount, and date appearing in the app.
  • A clear statement that you did not apply for or authorize the loan.
  • A request to suspend collection, penalties, interest accrual, and credit reporting while the dispute is investigated.
  • A request for the full loan documents and digital transaction records.
  • A request for proof of consent, KYC records, OTP logs, device logs, IP address logs, and disbursement details.
  • A request to preserve all records and recordings.
  • A request to stop contacting your references, contacts, employer, relatives, or coworkers unless they are lawful guarantors who separately consented.
  • A request for the name, SEC registration details, certificate of authority, and data protection officer or privacy contact of the company.

Keep the ticket number, email headers, automated replies, and screenshots showing when the complaint was submitted.

4. Ask the Lender to Mark the Account as Disputed

This is important because a disputed loan should not be treated as an ordinary overdue account. Ask the lender to:

  • Mark the account as formally disputed.
  • Stop automated collection messages.
  • Stop referring the account to third-party collectors while under investigation.
  • Stop adding interest, penalties, and collection fees.
  • Stop reporting the account as delinquent to credit bureaus or the Credit Information Corporation while the issue is unresolved.
  • Correct or delete any inaccurate record if the loan is confirmed unauthorized.

If a collector continues to pressure you, reply once in writing: “This loan is formally disputed as unauthorized. Please communicate only in writing and provide proof of my consent and the disbursement trail.”

5. File a Complaint With the Proper Government Office

Different agencies handle different parts of the problem. Filing with the wrong office may delay the case, so match your complaint to the issue.

Problem Where to Report What to Prepare
Unauthorized loan by a lending or financing company SEC Financing and Lending Companies Division / SEC iMessage Screenshots, loan ID, company or app name, complaint letter, collection messages, proof of dispute
Harassment, public shaming, contact-list blasting, threats, abusive collection SEC Messages, call logs, names or numbers of collectors, screenshots sent to contacts
Misuse of personal data, excessive app permissions, use of contacts, disclosure of your information National Privacy Commission Complaint-assisted form or verified complaint, evidence, witness affidavits if available
Unauthorized bank, e-wallet, payment, or BSP-supervised financial account transaction Bank/e-wallet provider first, then BSP Consumer Assistance Transaction details, complaint reference number, screenshots, account statements
Incorrect credit record or wrongful reporting Credit Information Corporation or relevant credit bureau Credit report, dispute letter, proof that the loan is unauthorized or under dispute
Hacking, identity theft, extortion, threats, fake accounts, or use of your ID PNP Anti-Cybercrime Group or NBI Cybercrime Division Screenshots, device details, account logs, IDs used, transaction trail

The SEC iMessage portal receives reports, feedback, and complaints involving SEC-regulated entities. (Securities and Exchange Commission) The NPC complaint process may require a filled-out and notarized complaint-assisted form or a verified complaint with evidence and affidavits, filed personally, by mail, courier, or authorized email process. (National Privacy Commission) For BSP-supervised institutions, the BSP Online Buddy system issues a case reference number for complaints and provides response channels for financial consumer concerns. (Bureau of Small and Medium Enterprises)

6. Check Whether the Loan Was Reported to the Credit Information Corporation

A wrongful lending app loan can damage your credit record if it is reported as unpaid. The Credit Information System Act, Republic Act No. 9510, gives borrowers the right to access their credit information and dispute erroneous, incomplete, outdated, or misleading credit information. The law provides a verification process and requires correction or deletion if information cannot be verified. (Supreme Court E-Library)

If the unauthorized loan appears in your credit report, file a dispute and attach:

  • Your written dispute to the lender.
  • The lender’s acknowledgment or ticket number.
  • Screenshots showing the unauthorized loan.
  • Police, SEC, NPC, BSP, or bank complaint references, if already filed.
  • Any proof that you did not receive the proceeds or did not authorize the transaction.

Evidence Checklist for an Unauthorized Lending App Loan

Good evidence is often the difference between a complaint that moves forward and one that gets dismissed as incomplete.

Prepare a folder with the following:

  • Government ID used in the app, if known.
  • Your own valid ID for identity verification.
  • Screenshots of the loan account.
  • Loan agreement, disclosure statement, amortization, and repayment schedule.
  • Date and time you first discovered the loan.
  • All SMS, emails, push notifications, and in-app messages.
  • Call logs and recordings, if lawfully available.
  • Names, phone numbers, and account names of collectors.
  • Screenshots from relatives, coworkers, or contacts who were messaged.
  • Bank or e-wallet statements showing whether money was received.
  • Proof that you were abroad, offline, hospitalized, at work, or otherwise unable to make the transaction, if relevant.
  • Telco reports if you lost SIM access or suspect SIM swap.
  • Police blotter or cybercrime complaint reference, if already filed.
  • Your formal dispute letter and proof of submission.

For OFWs, foreigners, and Filipinos abroad, evidence may include passport stamps, visa records, overseas employment documents, foreign phone records, or foreign bank statements. If an affidavit is needed for a Philippine proceeding, expect that it may need consular notarization, apostille, or other authentication depending on where it is executed and where it will be submitted.

What to Say in Your Dispute Letter

Keep the letter factual and firm. Avoid emotional accusations unless you can support them with evidence.

You can use wording like this:

I am formally disputing the loan appearing in my account because I did not apply for, authorize, consent to, or benefit from this loan. Please immediately suspend collection activity, interest, penalties, and any reporting to credit bureaus or the Credit Information Corporation while this dispute is under investigation. Please provide the complete loan documents, proof of consent, KYC records, OTP logs, device and IP logs, disbursement details, and the name and authority of the lending company and any collection agency handling the account.

Add this if collectors are contacting others:

Please also stop contacting my relatives, coworkers, employer, phone contacts, or any third person regarding this disputed loan, unless that person is a lawful guarantor who separately and expressly consented. I am preserving all messages, call logs, and screenshots for submission to the proper regulators.

Send the complaint to every official channel you can document: in-app helpdesk, official email, website contact form, and registered business address if available.

Common Mistakes That Make the Problem Worse

Paying “Just to Stop the Calls”

Many people pay because they are embarrassed or afraid. But if you truly did not authorize the loan, payment may create confusion later. The lender may argue that your payment shows acknowledgment or ratification. At minimum, it weakens the clarity of your position.

If money was deposited into your account without your consent, the safer approach is to report it in writing, avoid using it, and request an official reversal or documented return process.

Deleting the App Too Early

Deleting the app may remove access to loan details, transaction IDs, chat support, and notices. Capture evidence first. After preserving the evidence, you can secure the device and revoke permissions.

Arguing With Collectors by Phone

Collectors may pressure you into saying things you do not mean. Keep communications in writing. If you receive a call, ask for the caller’s name, company, authority to collect, and email address. Then say the debt is disputed and request written communication.

Giving New OTPs, IDs, or Selfies

A real investigator does not need your OTP. Never give OTPs, passwords, remote access, or live selfies to anyone claiming they will “verify” or “delete” the loan. Send documents only through official channels after confirming the company identity.

Ignoring Messages Sent to Your Contacts

If the app or collector messages your contacts, ask those people to send you screenshots showing the number, message, date, and time. Do not just tell them to delete the message. Those screenshots may support an SEC or NPC complaint.

Filing Only a Police Report

A police or cybercrime complaint may be necessary, especially for identity theft or hacking, but it does not automatically fix the lending app record, stop collection, or correct credit reporting. You may still need to file with the lender, SEC, NPC, BSP, or CIC depending on the issue.

What If the App Says You Consented Through OTP?

An OTP is evidence, but it is not always conclusive. Ask for the full context:

  • What number received the OTP?
  • What device submitted the OTP?
  • What IP address was used?
  • Was the device previously linked to your account?
  • Was there a recent password reset?
  • Was there a SIM replacement or loss of signal?
  • Was the OTP entered after a phishing message?
  • Was the loan accepted through clear and separate consent, or through a confusing interface?

For lending apps, consent should be specific, informed, and connected to the actual transaction. A prior account registration does not automatically mean every future loan is authorized.

What If the Loan Proceeds Were Sent to Your Bank or E-Wallet?

If the money entered your account, act quickly and carefully.

Do not withdraw, transfer, spend, or gamble with the funds. Report the transaction to the lender and to the bank or e-wallet provider. Ask them to place the amount on hold or provide an official return process.

If the transaction involves a bank, e-wallet, payment provider, or other financial account, it may also fall under banking, electronic money, consumer protection, or financial account scam rules. RA 12010 recognizes temporary holding of disputed funds in certain cases and requires covered institutions to maintain security measures such as fraud monitoring and multi-factor authentication. (Lawphil)

Your written report should say:

  • You did not request the loan.
  • You are not using the funds.
  • You are requesting investigation and documented reversal.
  • You want the account protected from further unauthorized transactions.

What If Collectors Threaten Barangay, Police, Employer, or Social Media Exposure?

Preserve the threat. Do not panic.

Collectors often use words like “legal action,” “field visit,” “barangay report,” “police report,” or “posting” to scare people into paying. Some legal remedies may exist for real debts, but collectors cannot use false threats, insults, public shaming, unauthorized disclosure, or contact-list harassment to collect.

Under SEC rules, unfair collection practices include threats, insults, false representations, disclosure of borrower information, and contacting persons other than guarantors or co-makers.

If they message your employer or coworkers, save:

  • The exact message.
  • Sender number or account.
  • Date and time.
  • Name of the person who received it.
  • Any screenshot showing your name, photo, loan amount, or accusation.

This evidence can support both an SEC complaint and a data privacy complaint.

If the Lender Actually Files a Case

Most collection threats never become court cases, but do not ignore real court documents.

If you receive an actual summons, subpoena, or court notice, check:

  • The name of the court.
  • Case number.
  • Names of parties.
  • Deadline to respond.
  • Whether the document was served officially.
  • Whether the claim is for a civil debt, fraud allegation, or something else.

Small claims procedures in the Philippines cover certain money claims, including loans and credit accommodations, and the Supreme Court has recognized a small claims threshold of up to ₱1,000,000 under the Rules on Expedited Procedures. (Supreme Court of the Philippines)

Your defense should be evidence-based:

  • No consent to the loan.
  • No receipt or benefit from the proceeds.
  • Account takeover or identity theft.
  • Prior written dispute.
  • Failure of the lender to produce reliable digital records.
  • Abusive or unlawful collection conduct, if relevant.

The important distinction is this: a collector does not decide whether you owe the money; a proper court or regulator evaluates the evidence.

Frequently Asked Questions

Should I pay an unauthorized lending app loan?

If you did not apply for or authorize the loan, do not immediately pay just to stop harassment. First, formally dispute the loan in writing, preserve evidence, ask for proof of consent and disbursement, and request suspension of collection and credit reporting. If funds were deposited into your account, do not spend them; report the transaction and ask for an official reversal process.

Can a lending app contact my phone contacts?

Online lending platforms should not contact people in your contact list except legitimate guarantors who separately consented. The 2026 DICT-NPC-SEC advisory specifically warns against excessive contact-list processing and improper contacting of third persons, and SEC rules also prohibit unfair collection practices involving third parties.

Can I be arrested for not paying a lending app loan?

A disputed app loan is usually a civil collection issue, not something a collector can turn into an arrest by sending threats. However, separate criminal issues may exist if there was actual fraud, identity theft, hacking, falsification, or misuse of financial accounts. If the loan is unauthorized, your focus should be to document that you are the victim or disputed account holder, not the borrower who intentionally refused to pay.

What if I previously borrowed from the same app?

A previous loan does not automatically prove that a later loan was authorized. Each loan transaction should have its own consent, terms, amount, release date, and disbursement record. In your dispute, be specific: you may acknowledge prior legitimate transactions while clearly denying the specific unauthorized loan.

What if the app says my ID and selfie were used?

Ask for copies of the KYC records, timestamps, device information, IP logs, and the method used to capture or upload the ID and selfie. If your ID was used without permission, report possible identity theft and data misuse. If the selfie appears edited, old, AI-generated, or taken from another source, mention that clearly in your complaint.

Can an unauthorized loan affect my credit record?

Yes, if the lender reports it as unpaid. Under RA 9510, borrowers have the right to access and dispute erroneous, incomplete, outdated, or misleading credit information. If the loan appears in your credit report, file a dispute and attach proof that the loan was unauthorized or already formally disputed. (Supreme Court E-Library)

Where should I complain first: SEC, NPC, BSP, or police?

Start with the lender’s written dispute because you need a record that the account is contested. Then file with the agency that matches the issue. Use SEC for lending companies, financing companies, online lending apps, and unfair collection. Use NPC for personal data misuse and contact-list harassment. Use BSP if a bank, e-wallet, or BSP-supervised financial institution is involved. Use PNP-ACG or NBI Cybercrime for hacking, identity theft, extortion, or threats.

What if I am an OFW or foreigner outside the Philippines?

You can still preserve digital evidence, email the lender, and file complaints through official online channels where available. Use your passport, Philippine ID if any, ACR I-Card if applicable, overseas phone records, travel records, and bank or e-wallet statements. If a sworn statement is required, check whether the receiving office needs consular notarization, apostille, or another form of authentication.

How long does it take to resolve an unauthorized lending app loan?

Timelines vary. Some lenders respond within days, while SEC, NPC, BSP, police, or credit-report disputes can take weeks or longer depending on evidence and workload. BSP’s complaint channel provides a case reference for complaints submitted through its system, while RA 9510 provides a verification process for disputed credit information. (Bureau of Small and Medium Enterprises)

Key Takeaways

  • An unauthorized lending app loan should be treated as a formal disputed debt, not an ordinary overdue loan.
  • Under Philippine contract law, a valid loan requires consent; the lender should be able to prove that you authorized the transaction.
  • Preserve screenshots, messages, call logs, loan IDs, app permissions, disbursement records, and complaint tickets before deleting anything.
  • Send a written dispute asking the lender to suspend collection, penalties, interest, and credit reporting while investigating.
  • Do not pay casually, admit the debt, give OTPs, or spend loan proceeds deposited without your consent.
  • Report lending app abuse and unfair collection to the SEC, data misuse to the NPC, bank or e-wallet issues to the provider and BSP, credit-report errors to the CIC, and cybercrime or identity theft to PNP-ACG or NBI Cybercrime.
  • Contact-list harassment, public shaming, false threats, and disclosure of borrower information may violate SEC rules and data privacy principles.
  • If real court papers arrive, respond based on evidence: no consent, no benefit, prior dispute, identity theft, account takeover, or lack of reliable proof from the lender.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

How to File an SEC Complaint Against a Lending App for Public Shaming

When a lending app posts your name, photo, debt details, or insults in a group chat, messages your contacts to shame you, or threatens to tell your employer or barangay that you are a “scammer,” the issue is no longer just unpaid debt. In the Philippines, these acts may violate SEC rules on unfair debt collection, data privacy laws, and even criminal laws on threats or defamation. This guide explains how to file an SEC complaint against a lending app for public shaming, what evidence to prepare, where to submit it, and when to also go to the National Privacy Commission, PNP Anti-Cybercrime Group, NBI Cybercrime Division, or prosecutor’s office.

What Public Shaming by a Lending App Means

Public shaming happens when a lending app, collector, agent, or collection agency uses humiliation as a collection tool. Common examples include:

  • Sending your name, photo, address, ID, loan amount, or alleged balance to your phone contacts
  • Posting “wanted,” “estafa,” “scammer,” “magnanakaw,” or similar accusations in group chats or social media
  • Calling or messaging your employer, co-workers, relatives, neighbors, or barangay officials even if they are not your guarantors or co-makers
  • Threatening to publish your photo or personal details if you do not pay immediately
  • Telling third parties that you refused to pay, even when the amount, charges, or due date is disputed
  • Using obscene, insulting, or degrading language in texts, calls, emails, Facebook Messenger, Viber, Telegram, or WhatsApp

The Securities and Exchange Commission regulates lending companies under Republic Act No. 9474, the Lending Company Regulation Act of 2007, which declares a State policy to regulate lending companies, prevent practices prejudicial to public interest, and set minimum standards for their operations. A lending company is generally a corporation engaged in granting loans from its own capital funds or from funds sourced from not more than 19 persons. (Supreme Court E-Library)

If the business is a financing company instead of a lending company, Republic Act No. 8556, the Financing Company Act of 1998, is relevant. That law also recognizes the public-interest need to regulate financing and leasing companies and prevent practices prejudicial to the public. (Lawphil)

Why Public Shaming Can Be an SEC Violation

The main SEC rule is SEC Memorandum Circular No. 18, Series of 2019, titled Prohibition on Unfair Debt Collection Practices of Financing Companies and Lending Companies. It applies to financing companies, lending companies, and third-party service providers hired by them. The circular was issued because the SEC had received numerous complaints that some lenders were harassing borrowers and using abusive, unethical, and unfair collection methods.

Under SEC MC 18, collectors may use reasonable and legally permissible means to collect, but they must observe good faith, reasonable conduct, and must refrain from unscrupulous or untoward acts. The circular specifically treats the following as unfair collection practices:

Conduct by lending app or collector Why it matters
Threatening violence or other criminal means Covers threats to harm a person, reputation, or property
Threatening actions that cannot legally be taken Covers fake threats of arrest, imprisonment, NBI “blacklisting,” or immediate criminal case for ordinary nonpayment
Using obscenities, insults, or profane language Covers abusive collection texts and calls
Publishing names or personal information of borrowers who allegedly refuse to pay Directly covers public shaming and debt-shaming posts
Communicating false loan information to third persons Covers telling relatives or employers false or disputed debt details
Using deception to collect or obtain borrower information Covers pretending to be from court, police, NBI, barangay, or government
Contacting at unreasonable hours Generally before 6:00 a.m. or after 10:00 p.m., subject to stated exceptions
Contacting phone contacts other than named guarantors or co-makers Important for lending apps that scrape or misuse contact lists

SEC MC 18 also states that, even if a borrower gave consent, contacting persons in the borrower’s contact list other than those named as guarantors or co-makers is an unfair debt collection practice.

This is why “but you allowed phone permissions” is not a complete defense for a lending app. App permission does not automatically allow public shaming, harassment, disclosure of debt to unrelated contacts, or misuse of personal data.

Public Shaming Can Also Involve Data Privacy and Criminal Issues

An SEC complaint focuses on the lending or financing company’s regulatory violation. But the same incident may also fall under other laws.

Data Privacy Act

Republic Act No. 10173, the Data Privacy Act of 2012, protects personal information in government and private-sector information systems. It defines personal information as information from which an individual’s identity is apparent or can reasonably be ascertained, and it gives data subjects rights such as access, correction, blocking, removal, destruction, and indemnity for damages caused by unauthorized use of personal information. (National Privacy Commission)

Publicly posting your name, photo, ID, contact list, loan details, workplace, or address may involve unauthorized processing, malicious disclosure, unauthorized disclosure, or processing for unauthorized purposes, depending on the facts.

Cybercrime and online defamation

Republic Act No. 10175, the Cybercrime Prevention Act of 2012, covers misuse, abuse, illegal access, and certain online offenses involving computer systems and data. (Supreme Court E-Library) If the lending app or collector posts defamatory statements online, cyberlibel may be considered together with the Revised Penal Code provisions on libel.

Under Article 353 of the Revised Penal Code, libel involves a public and malicious imputation of a crime, vice, defect, act, omission, condition, status, or circumstance that tends to cause dishonor, discredit, or contempt. Article 355 punishes libel committed through writing or similar means, while Article 358 covers oral defamation or slander. (Lawphil)

Threats, coercion, and unjust vexation

If the collector threatens harm to your person, honor, property, or family, Article 282 of the Revised Penal Code on grave threats may become relevant. If the conduct involves intimidation, forcing you to do something against your will, or persistent harassment, Articles 286 and 287 on coercions and unjust vexations may also be considered. (Lawphil)

Where to File an SEC Complaint Against a Lending App

The current SEC-wide public platform is iMessage, the SEC’s official web-based ticketing system for public inquiries, complaints, incidents, and requests. The SEC user guide describes iMessage as a centralized platform that replaces informal channels like email and Google Forms, generates an electronic ticket for every submission, and lets users track ticket status in real time. (Securities and Exchange Commission)

For lending app harassment, choose the service for Complaints on Financing and Lending Companies under the SEC Financing and Lending Companies Department. The SEC iMessage user guide lists this complaint service under the department’s Monitoring and Compliance Division. (Securities and Exchange Commission)

The SEC has also historically instructed complainants to use its complaint form, attach supporting evidence, attach a valid government-issued ID, show proof that remedies with the company were first exhausted, and submit one complaint form per respondent company. (www.foi.gov.ph)

Step-by-Step Guide to Filing the SEC Complaint

1. Identify the actual company behind the app

Many borrowers know only the app name, such as the name shown in Google Play, Apple App Store, text messages, or loan reminders. For the SEC complaint, try to identify:

  • App name
  • Registered corporate name
  • SEC registration number, if shown
  • Certificate of Authority number, if shown
  • Website, app store link, Facebook page, or customer service email
  • Collection agency name, if a separate collector contacted you
  • Names, aliases, phone numbers, email addresses, or social media accounts used by collectors

If the app refuses to disclose the registered company, say so in your complaint and attach screenshots showing the app profile, loan page, privacy policy, messages, and payment instructions.

2. Preserve evidence before it disappears

Take screenshots immediately. Some lending apps, collectors, or Telegram accounts delete messages after the borrower complains.

Your evidence should show:

  • Date and time
  • Sender’s phone number, username, email address, or account name
  • Full message thread, not just one cropped message
  • Public posts, group chat messages, or messages sent to your contacts
  • The exact defamatory or humiliating words used
  • Your photo, ID, name, workplace, address, or loan details if disclosed
  • Proof that the recipient was not your guarantor or co-maker
  • Call logs showing repeated calls or calls outside reasonable hours
  • App permission screenshots, if the app accessed contacts, photos, or files
  • Loan agreement, disclosure statement, repayment schedule, receipts, and proof of payments

For videos or disappearing messages, screen-record when lawful and safe. Save copies in cloud storage and on another device. Rename files clearly, such as 2026-07-05_collector_text_public_shaming.png.

3. Contact the lending company first, unless there is immediate danger

SEC complaint forms have required proof that the complainant tried to exhaust remedies with the company before filing. In practice, this can be a short email or message to the company’s official customer service channel saying:

  • You dispute or complain about the public shaming and third-party contact
  • You demand that they stop contacting non-guarantor contacts
  • You ask them to preserve records of the collector, account, and messages
  • You request a written explanation or resolution

If the company does not respond, blocks you, continues the harassment, or gives an unfavorable response, attach that proof to your SEC complaint. A prior FOI response from the SEC explained that borrowers are generally expected to first try resolving the loan issue with the company because the loan agreement is between borrower and lender, but after an unfavorable response or no response, they may file a formal complaint with the SEC. (www.foi.gov.ph)

If there are threats of violence, blackmail, publication of intimate images, identity theft, or imminent harm, file with the relevant enforcement agency immediately and explain in the SEC complaint why prior company resolution was unsafe or impractical.

4. Prepare one complaint per lending or financing company

If three different apps harassed you and they are operated by three different companies, prepare separate complaint packets. If several app names belong to the same company, list all app names in one complaint but make the relationship clear.

Your complaint narrative should be chronological:

  1. Date you downloaded or used the app
  2. Amount borrowed and amount actually received
  3. Due date and amount demanded
  4. Whether you disputed charges, fees, or collection conduct
  5. Exact public shaming incident
  6. Who received the messages or saw the posts
  7. Why those people were not guarantors or co-makers
  8. Harm caused, such as workplace embarrassment, family conflict, anxiety, reputational damage, or business loss
  9. What you asked the company to do
  10. Whether the company ignored, continued, or escalated the harassment

5. File through SEC iMessage

Go to the SEC iMessage portal, open a new ticket, sign in with or register for eSECURE if required, choose the correct service, complete the form, upload your complaint and evidence, then create the ticket. The SEC user guide states that users choose a service, fill out the form, create the ticket, and the system assigns the ticket to the responsible department. (Securities and Exchange Commission)

For the subject or description, use a clear format such as:

JUAN DELA CRUZ_ABC LENDING APP_PUBLIC SHAMING AND CONTACTING NON-GUARANTOR CONTACTS

Avoid emotional labels alone, such as “scammer app” or “illegal app,” without facts. SEC evaluators need facts, dates, screenshots, documents, and the specific rule violated.

6. Track the ticket and respond to compliance requests

After submission, monitor the ticket status. The iMessage guide states that open tickets are being processed, while closed tickets may require user action, such as compliance, payment, or resolution. Users may also post replies and upload files in the ticket conversation thread. (Securities and Exchange Commission)

Common SEC follow-up requests include:

  • Clearer screenshots
  • Complete loan agreement or disclosure statement
  • Valid ID
  • Proof you contacted the company first
  • Correct respondent company name
  • Separate complaint form for each company
  • More details on dates, phone numbers, or persons contacted

Respond within the period given in the ticket. If you need more time to gather evidence, say so in the ticket and submit what you already have.

Documents and Evidence Checklist

Requirement Practical notes
Complaint form or written complaint State facts in chronological order
Valid government-issued ID Passport, driver’s license, UMID, PhilSys ID, PRC ID, voter’s ID, or similar
Loan agreement or app screenshots Include disclosure statement, repayment schedule, amount received, charges, and due date
Screenshots of harassment Show sender, date, time, full message, and recipient if possible
Proof of public shaming Group chat screenshots, social media posts, messages to relatives, employer, or contacts
Proof recipients were not guarantors/co-makers Short statements from contacts may help
Proof of prior complaint to company Email, app ticket, chat, SMS, or screenshot of failed attempt
Payment proof Receipts, GCash/Maya/bank transfer records, reference numbers
App details App store page, developer name, privacy policy, website, customer service details
Optional affidavit Useful if filing parallel NPC, police, NBI, or prosecutor complaint

What the SEC Can Do

The SEC process is administrative and regulatory. It can evaluate whether a lending or financing company violated SEC rules, require explanations or compliance, and impose sanctions when warranted.

Under SEC MC 18, penalties for violations include fines of ₱25,000 for a lending company’s first offense and ₱50,000 for the second offense; for financing companies, ₱50,000 for the first offense and ₱100,000 for the second offense. For a third offense, depending on the facts and gravity, the SEC may impose a fine up to ₱1,000,000, suspension of lending or financing activities for 60 days, or revocation of the Certificate of Authority.

An SEC complaint usually does not automatically erase the debt, award moral damages, or send collectors to jail. Those are different remedies. If the loan is valid, the lender may still pursue lawful collection. What the lender cannot do is collect through public shaming, harassment, false threats, or unlawful disclosure of personal information.

When to File With Other Agencies Too

Situation Agency or office to consider Why
Lending app or financing company harassment SEC Regulates lending and financing companies and online lending apps
Misuse of contacts, photos, ID, personal data National Privacy Commission Handles Data Privacy Act complaints
Hacking, identity theft, threats online, cyberlibel PNP Anti-Cybercrime Group or NBI Cybercrime Division Cybercrime investigation
Serious threats, extortion, coercion, defamation Prosecutor’s office, PNP, or NBI Criminal complaint route
Bank, credit card, EMI, or BSP-supervised entity Bangko Sentral ng Pilipinas Consumer protection for BSP-regulated institutions
Credit report or credit bureau issue Credit Information Corporation Credit information concerns

The Credit Information Corporation’s consumer guidance directs harassment by lending and financing companies, online lending apps, and microfinance institutions to the SEC, and data privacy violations to agencies such as the NPC, PNP Anti-Cybercrime Group, NBI Cybercrime Division, and DOJ Office of Cybercrime. (Credit Information Corporation (CIC))

For NPC complaints, the NPC requires a specific complaint format. Its complaint mechanics refer to a filled-out and notarized complaint-assisted form or verified complaint, together with evidence and witness affidavits, submitted personally, by registered mail, courier, or authorized electronic mail. (National Privacy Commission)

Practical Timelines and Bottlenecks

Stage Usual practical timing Common bottleneck
Evidence gathering Same day to 1 week Deleted messages, disappearing chats, blocked accounts
Prior complaint to company 1 to 10 business days Company ignores or uses only in-app support
SEC ticket filing Same day once documents are ready Wrong service category or incomplete attachments
SEC initial review Several days to several weeks Heavy complaint volume or unclear respondent details
SEC follow-up/compliance Depends on ticket instructions Missing ID, missing loan agreement, no proof of company contact
Parallel NPC or cybercrime filing Same day to several weeks Notarization, affidavits, device evidence, witness cooperation

A well-organized complaint is usually faster to evaluate than a long emotional message with scattered screenshots. Put your evidence in order and label it.

Special Notes for OFWs, Foreigners, and Borrowers Abroad

Filipinos abroad and foreigners dealing with a Philippine lending app can still file if the respondent is a Philippine SEC-regulated lending or financing company, or if the personal data processing has a sufficient Philippine link. The Data Privacy Act can apply to acts done outside the Philippines when the processing relates to a Philippine citizen or resident, or when the entity has links with the Philippines, such as carrying on business in the country or collecting or holding personal information in the Philippines. (National Privacy Commission)

Practical points:

  • Use a passport or foreign government ID if you do not have a Philippine ID.
  • Provide a Philippine mailing address if the SEC form or process asks where orders or letters may be sent.
  • If you are abroad and someone in the Philippines will file or appear for you, prepare a Special Power of Attorney.
  • If an affidavit or SPA is executed abroad, it may need consular notarization or apostille depending on where it will be used and what the receiving office requires.
  • Screenshots from your own phone usually do not need apostille, but sworn statements executed abroad may require authentication if used in formal proceedings.

Common Mistakes That Weaken SEC Complaints

Filing only a rant without evidence

A complaint saying “they harassed me” is weaker than one showing exact messages, dates, phone numbers, group chats, and proof that the recipients were not guarantors.

Naming only the app, not the company

SEC regulates companies. Always try to identify the operator behind the app. If unknown, explain what steps you took to identify it and attach app store screenshots.

Combining many unrelated apps in one complaint

If different companies are involved, separate the complaints. This avoids confusion and prevents delay.

Deleting the app too soon

Before deleting, capture loan details, terms, transaction history, customer service information, permissions, and messages inside the app.

Ignoring proof of prior company contact

Because the SEC may ask for proof that you first tried to resolve the matter with the company, keep your email, app ticket, SMS, or chat complaint.

Admitting false facts out of fear

Do not write that you committed estafa, fraud, or “refused to pay” if that is not true. State the facts neutrally: amount borrowed, amount received, amount demanded, amount disputed, payments made, and harassment experienced.

Sample SEC Complaint Narrative

Use plain, factual language:

I am filing this complaint against [company/app name] for unfair debt collection practices, specifically public shaming, disclosure of my loan information to third persons, and contacting persons who are not my guarantors or co-makers. On [date], I borrowed ₱____ through the app and received ₱. On [date], I received messages from [number/name] demanding payment of ₱. On [date/time], the collector sent messages to my [relative/employer/contact] stating “[exact words].” This person is not my guarantor or co-maker. The collector also sent my photo/name/address/loan details in [group chat/social media/SMS]. I attach screenshots marked Annexes A to __. I contacted the company on [date] through [email/app/SMS] and requested that they stop contacting third parties and address my complaint, but [no response/harassment continued/response attached]. I request SEC action for violation of SEC MC 18, Series of 2019 and other applicable rules.

Frequently Asked Questions

Can I file an SEC complaint if I really owe money?

Yes. A valid debt does not give a lending app the right to shame you publicly, contact unrelated third parties, threaten illegal action, or misuse your personal data. The SEC complaint is about unlawful collection conduct, not simply whether you borrowed money.

Can a lending app message my contacts if I allowed contact permissions?

Not automatically. Under SEC MC 18, contacting persons in the borrower’s contact list other than those named as guarantors or co-makers is an unfair debt collection practice, even if the borrower supposedly gave consent.

What if the collector says they will file estafa if I do not pay today?

Ordinary nonpayment of debt is usually a civil matter. Estafa requires specific criminal elements, such as deceit or abuse of confidence, not merely inability to pay. A fake or automatic threat of criminal prosecution may support your complaint, especially if used to scare you into immediate payment.

Can the SEC remove the public shaming post?

The SEC can act against regulated lending or financing companies, but takedown of online content may require platform reporting, NPC action for privacy violations, or cybercrime assistance depending on the facts. Preserve evidence before reporting the post for removal.

Should I file with the SEC or NPC?

File with the SEC for unfair debt collection by a lending or financing company. File with the NPC when the issue involves misuse, unauthorized disclosure, or unlawful processing of personal data. Many public-shaming cases involve both.

Do I need a lawyer to file an SEC complaint?

The SEC complaint process is designed so ordinary borrowers can file using the complaint form or iMessage ticket. What matters most is complete information, clear facts, and organized evidence.

Is there a filing fee for an SEC lending app complaint?

For ordinary complaint filing through the SEC’s public complaint process, borrowers typically focus on submitting the complaint form and attachments rather than paying a filing fee. If the SEC later requires a specific payment, compliance item, or additional process, follow the instructions in the ticket.

What if the lending app is not registered with the SEC?

Still report it. State that you could not find the app or company in SEC records and attach the app store page, messages, payment accounts, and company names used. Operating as a lending or financing company without authority may create separate regulatory issues.

Can I sue for damages because my employer or relatives were contacted?

Possibly, depending on the evidence and harm. Civil Code principles on human relations, privacy, dignity, and abuse of rights may be relevant, and defamation or data privacy remedies may also apply. The SEC complaint itself is mainly regulatory; damages usually require a separate court, NPC, or criminal/civil process depending on the claim.

What should I do if the collector threatens to visit my house or barangay?

A lawful collector may communicate through legal means, but threats, intimidation, fake police or court claims, public humiliation, or barangay shaming should be documented. If there is a threat to safety, report to local law enforcement and preserve the messages for SEC, NPC, or cybercrime filing.

Key Takeaways

  • Public shaming by a lending app can violate SEC MC 18, especially when the app publishes your name, photo, loan details, or contacts people who are not guarantors or co-makers.
  • File the SEC complaint against the company behind the app, not only the app name.
  • Use SEC iMessage and choose the complaint service for financing and lending companies.
  • Attach screenshots, loan documents, ID, proof of payment, proof of prior complaint to the company, and evidence showing third-party disclosure.
  • File separate complaints for separate lending or financing companies.
  • SEC action is regulatory; data privacy, cybercrime, threats, defamation, and damages may require parallel action with the NPC, PNP, NBI, prosecutor’s office, or court.
  • A real debt does not authorize harassment, public shaming, false threats, or misuse of personal information.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

What to Do If a Fully Paid Online Loan Still Leads to Harassment

If you already paid your online loan in full but the app, collector, or “legal department” still keeps calling, texting, threatening to post you online, or contacting your relatives and workmates, treat the problem as two separate issues: first, prove that the loan is fully paid or properly disputed; second, document and report the harassment. In the Philippines, a lending company may collect a legitimate unpaid debt, but it cannot use threats, public shaming, abusive language, false claims, or your contact list as collection weapons. Those acts can trigger action by the SEC, the National Privacy Commission, and, in serious cases, law enforcement.

Why harassment can still happen after full payment

A fully paid online loan can still lead to harassment because of poor recordkeeping, delayed posting of payment, third-party collection agencies using outdated account lists, unauthorized “extension fees,” or outright abusive collection tactics.

Common real-life causes include:

  • The app did not properly match your GCash, Maya, bank, or payment-center reference number to your loan account.
  • The collector is working from an old spreadsheet and was not updated that the account was already paid.
  • The app claims there are “late fees,” “processing fees,” or “rollover fees” that were not clearly explained.
  • The loan was sold or assigned to a third-party collector that continues to demand payment.
  • The online lending platform is unrecorded, unregistered, or operating through shifting app names.
  • The borrower paid through an unofficial channel or personal account and now needs to prove where the money went.
  • The collector is deliberately pressuring the borrower to pay again just to stop the embarrassment.

The important point is this: even if there were a genuine dispute over a remaining balance, the collector still cannot shame you, threaten violence, reveal your debt to random contacts, or misrepresent legal consequences.

Your key rights under Philippine law

The SEC bans unfair debt collection by lending and financing companies

The Securities and Exchange Commission regulates lending companies under Republic Act No. 9474, or the Lending Company Regulation Act of 2007, and financing companies under Republic Act No. 8556, or the Financing Company Act of 1998. SEC Memorandum Circular No. 18, series of 2019 applies to financing companies, lending companies, and third-party service providers hired by them for collection. It expressly recognizes that collectors may use only reasonable and legally permissible collection methods, and they must act in good faith and with reasonable conduct.

Under SEC Memorandum Circular No. 18, the following are unfair collection practices:

  • Threatening or using violence or other criminal means to harm a person, reputation, or property.
  • Threatening to take action that cannot legally be taken.
  • Using obscenities, insults, or profane language that tends to abuse the borrower or amounts to a criminal offense.
  • Publishing or disclosing the names and personal information of borrowers who allegedly refuse to pay, except in limited lawful situations.
  • Telling other people about loan information that is false, or failing to say that the debt is disputed when that is known.
  • Using false representations or deceptive means to collect a debt or obtain borrower information.
  • Contacting the borrower at unreasonable or inconvenient times, subject to the specific rules in the circular.
  • Contacting people in the borrower’s contact list other than those named as guarantors or co-makers.

This matters especially when the loan is already paid. If the collector knows or should know that the debt is paid or disputed, continuing to tell third parties that you are a delinquent borrower may create a stronger case for unfair collection, privacy violation, and possible civil or criminal liability.

Contacting your phone contacts is not normal collection

Many online lending harassment cases involve collectors messaging the borrower’s relatives, co-workers, Facebook friends, or phone contacts. In 2026, the DICT, National Privacy Commission, and SEC issued a public advisory on online lending platforms reminding the public that unnecessary app permissions, excessive access to contact lists, and contacting persons other than guarantors for debt collection are prohibited. The advisory states that online lending platforms may only contact the guarantor for collection purposes, and that access to contacts must be limited to legitimate, proportionate purposes such as selecting references or guarantors.

A “character reference” is not automatically a guarantor. A guarantor is someone who separately and expressly agreed to answer for the loan if the borrower defaults. If your app simply asked you to select names from your contacts, that does not mean those people became liable for your debt.

Data privacy law protects your personal information

Republic Act No. 10173, or the Data Privacy Act of 2012, protects personal information processed by private companies, including online lending platforms. For loan apps, the usual privacy problems include excessive access to contacts, use of borrower photos, disclosure of loan information to third parties, public shaming, and continued processing of personal data even after the loan purpose has already ended. (Lawphil)

A lending app may process personal data needed for identity verification, fraud prevention, loan assessment, collection through lawful means, and legal claims. But it should not use your contact list as a pressure tool, expose your debt to people who are not liable, or retain and reuse your data longer than necessary.

The Truth in Lending Act supports your right to a clear breakdown

Republic Act No. 3765, or the Truth in Lending Act, requires disclosure of finance charges and the true cost of credit. This is important when an app says you are “not fully paid” because of unclear charges, penalties, service fees, or “extension” charges that were not properly disclosed. (Lawphil)

A borrower facing post-payment collection should ask for a written statement of account showing:

  • principal amount released;
  • finance charges and interest;
  • penalties or late charges;
  • all payments received;
  • payment reference numbers;
  • remaining balance, if any;
  • basis for any remaining charge.

If they cannot give a clear breakdown and instead rely on threats or public humiliation, that weakens their position.

Harassment may also become a criminal or civil issue

Depending on the messages, posts, and calls, the conduct may involve provisions of the Revised Penal Code, Republic Act No. 10175 or the Cybercrime Prevention Act of 2012, and the Civil Code.

Possible legal issues include:

Conduct Possible legal angle
“We will hurt you,” “we will go to your house,” or threats to harm family Grave threats or other threats under the Revised Penal Code, depending on wording and circumstances
Forcing payment through intimidation or illegal pressure Possible coercion or unjust vexation
Posting that you are a scammer, criminal, or debtor on Facebook or group chats Libel, cyber libel, oral defamation, or civil damages, depending on the medium and facts
Sending abusive, obscene, repeated messages Unjust vexation or other applicable offenses
Publicly exposing your loan, ID, photos, or contact details Data Privacy Act issue, Civil Code privacy issue, and possibly cybercrime-related complaint
Disturbing your private life and peace of mind Civil Code Article 26 on dignity, privacy, and peace of mind

Civil Code Article 26 states that every person must respect the dignity, personality, privacy, and peace of mind of others, and that certain acts may give rise to damages, prevention, and other relief even if they do not constitute a criminal offense. (Lawphil)

What to do immediately if the loan is fully paid but harassment continues

1. Preserve evidence before confronting the collector

Do not rely on memory. These cases often depend on screenshots, payment records, phone logs, and proof that your contacts were messaged.

Save the following:

  • loan agreement, disclosure statement, or screenshots of the loan terms;
  • app screenshots showing loan ID, amount, due date, and account status;
  • payment receipts from GCash, Maya, bank transfer, 7-Eleven, Cebuana, M Lhuillier, or payment gateway;
  • transaction reference numbers;
  • emails or in-app confirmations;
  • screenshots of abusive texts, Viber, Messenger, WhatsApp, Telegram, SMS, or email messages;
  • call logs showing repeated calls and the time of calls;
  • screen recordings of voice messages or threats;
  • screenshots of posts, comments, tags, or group chats;
  • messages sent to your relatives, employer, co-workers, or friends;
  • names, phone numbers, usernames, and email addresses of collectors;
  • the app name, company name, website, and app store link.

For screenshots, capture the full screen showing date, time, sender, and platform. Avoid cropping out phone numbers or usernames. If a relative or co-worker received the message, ask them to forward the original message and take their own screenshot.

2. Make a clean payment timeline

Create a simple timeline. This helps agencies quickly understand that the harassment continued after payment.

Example:

Date Event Proof
May 3 Loan released App screenshot, loan agreement
May 10 Paid ₱5,000 through GCash GCash receipt, reference number
May 10 App still showed unpaid Screenshot
May 11 Collector texted threats SMS screenshot
May 12 Collector messaged borrower’s sister Messenger screenshot from sister
May 13 Borrower emailed proof of payment Sent email screenshot
May 14 Harassment continued Call log and messages

This timeline is more effective than a long emotional narrative. Keep it factual.

3. Send a written dispute and demand for correction

Send the lender a short written notice through official channels: in-app support, official email, website contact form, or registered mail if you can identify the office address.

Use calm, precise wording:

I am disputing further collection because this loan was fully paid on [date] through [payment channel], reference number [number]. Attached are proof of payment and screenshots. Please update my account to fully paid, stop all collection activity, instruct your third-party collectors to stop contacting me and my contacts, and issue a written statement of account or clearance within a reasonable period.

Do not insult the collector. Do not threaten them back. Do not make new admissions such as “I will pay again later” unless you truly agree there is a remaining balance.

4. Do not pay a second time just to stop the embarrassment

Many borrowers pay again because collectors threaten to contact the employer or family. Before paying anything more, require:

  • written statement of account;
  • legal name of the lending or financing company;
  • official payment channel;
  • explanation of each charge;
  • confirmation that payment will close the account;
  • receipt under the company’s name, not a personal wallet or personal bank account.

A demand to send money to a personal GCash or personal bank account is a red flag. If you pay through an unofficial channel, you may have difficulty proving that the company actually received it.

5. Revoke unnecessary app permissions

On your phone, check the app’s permissions. Revoke access to contacts, photos, files, microphone, camera, and location unless still strictly necessary. The 2026 public advisory reminds borrowers to review app permissions and notes that unnecessary permissions and unbridled contact-list processing are prohibited.

For Android and iPhone users, this is usually under:

  • Settings
  • Apps
  • choose the lending app
  • Permissions
  • remove access that is no longer needed

Deleting the app may stop some access, but preserve evidence first. Take screenshots before uninstalling.

6. Warn your contacts without spreading the issue further

If collectors are messaging your contacts, send a brief neutral notice:

Someone claiming to collect for an online loan may contact you. The account is disputed and has been paid. Please do not engage, do not send money, and please forward any message or screenshot to me for documentation.

Do not accuse named individuals of crimes in public posts unless the facts are verified. Keep your own statements factual to avoid creating a separate defamation issue.

Where to file complaints in the Philippines

SEC: for unfair debt collection by lending or financing companies

File with the SEC when the harassment is connected to a lending company, financing company, or online lending platform. The SEC’s iMessage portal accepts complaints and tickets, and the 2026 public advisory specifically lists SEC FINLEND and the iMessage portal for unfair debt collection practices. (Securities and Exchange Commission)

Include:

  • your full name and contact details;
  • app name and company name;
  • SEC registration number or certificate of authority, if known;
  • loan ID or account number;
  • amount borrowed and amount paid;
  • payment receipts;
  • statement that the account is fully paid or disputed;
  • screenshots of harassment;
  • phone numbers and names used by collectors;
  • names of contacts who were messaged;
  • requested action, such as stopping collection, correcting the account, and investigating unfair collection practices.

Possible SEC consequences for violations of SEC MC No. 18 include fines. The circular lists penalties starting at ₱25,000 for a lending company’s first offense and ₱50,000 for a financing company’s first offense; later offenses may lead to higher fines, suspension, or revocation of authority, depending on the facts and gravity.

National Privacy Commission: for misuse of personal data

File with the National Privacy Commission if the app accessed your contact list, disclosed your debt, posted your personal information, used your ID or photos improperly, or continued using your data after the loan was paid.

The NPC requires a formal complaint in a specific format. Its filing page states that the complaint form should be downloaded, printed and filled out, notarized, then submitted to the NPC in person, by courier, or by scanned email. (National Privacy Commission)

Prepare:

  • notarized complaint form;
  • government ID;
  • proof of loan and payment;
  • screenshots showing unauthorized contact-list use or disclosure;
  • messages sent to third parties;
  • app privacy notice or consent screen, if available;
  • explanation of how the data use was excessive, unauthorized, or harmful.

If you are abroad, you may need a notarized affidavit or complaint executed before a Philippine consulate, or a locally notarized document with apostille, depending on the receiving office’s requirements and the country where you are located.

PNP Anti-Cybercrime Group or NBI Cybercrime Division: for threats, extortion, fake posts, and cyber harassment

Report to law enforcement if there are threats of violence, extortion, identity misuse, fake social media posts, cyber libel, hacking, or coordinated online harassment. The 2026 advisory lists the NBI Cybercrime Division and PNP Anti-Cybercrime Group as reporting channels for harassment, threats, frauds, and scams linked to online lending platforms.

For serious threats, go to the nearest police station immediately and request that the incident be blottered. For online evidence, avoid deleting the messages. Investigators may need to see the original device, account, URLs, phone numbers, and timestamps.

Court action: for damages, injunction, or defense against a collection case

A borrower may consider a civil action if the harassment caused serious damage, loss of employment, reputational harm, medical distress, or public humiliation. Civil Code Articles 19, 20, 21, and 26 are commonly relevant in abusive conduct and privacy-related claims.

If the lender files a collection case despite full payment, do not ignore the summons. In a small claims or civil collection case, your proof of payment, payment timeline, screenshots, and written dispute become your main defense. Court notices are formal documents from the court, not threats sent by random collectors through text.

Documents to prepare

Purpose Documents
Prove full payment Official receipts, payment gateway screenshots, bank or e-wallet transaction history, reference numbers, confirmation email
Prove loan identity Loan agreement, app screenshots, loan ID, borrower profile, disclosure statement
Prove harassment SMS, chat screenshots, call logs, recordings where lawful, social media posts, messages sent to contacts
Prove third-party disclosure Screenshots from relatives, co-workers, employer, group chats, affidavits if needed
File with SEC Complaint narrative, payment proof, harassment evidence, company/app details
File with NPC Notarized complaint form, ID, privacy-related evidence, screenshots of contact-list misuse
File with PNP/NBI Original device, screenshots, URLs, phone numbers, account names, threat messages, payment demands
File or defend in court All of the above, plus organized timeline and copies for the court and opposing party

Practical timelines and bottlenecks

Step Typical timing Common bottleneck
Internal dispute with app A few days to several weeks No real customer service, bot replies, collectors not updated
SEC complaint Acknowledgment may be faster through online ticketing; investigation can take longer Incomplete company name, weak screenshots, no payment proof
NPC complaint Depends on completeness and notarization Missing notarized form or unclear privacy violation
Police/NBI cybercrime report Initial report may be made quickly; investigation varies Need original links, account identifiers, and preserved digital evidence
Court case for damages or collection defense Months or longer Filing fees, service of summons, need for formal evidence

Common mistakes that make the case harder

Deleting the app before saving proof

Borrowers often uninstall the app out of panic. Before deleting it, save your loan details, account status, payment screen, customer service thread, and privacy permissions.

Paying through unofficial channels

If a collector says “send it to my personal GCash so I can close your account,” be careful. Payment should go to the lender’s official channel. If the lender later denies receipt, the burden becomes harder.

Posting angry accusations online

It is understandable to feel humiliated, but public accusations can create a separate defamation issue. Keep public statements factual or avoid posting while the complaint is pending.

Ignoring formal court papers

A collector’s threat is different from a court summons. But if you receive real court documents, respond within the period stated. Attach proof that the loan was paid.

Filing only one complaint when several rights were violated

A single incident may involve several offices:

  • SEC for unfair debt collection;
  • NPC for misuse of personal data;
  • PNP/NBI for threats, extortion, or cybercrime;
  • court for damages or defense against collection.

You do not have to choose only one if the facts support several remedies.

Special notes for OFWs and foreigners

Filipinos abroad and foreigners dealing with Philippine online lenders often face extra difficulty because collectors exploit distance and fear. The evidence process is still similar: preserve proof, send a written dispute, and file with the proper Philippine agency.

For documents executed abroad, check whether the receiving agency requires:

  • notarization before a Philippine Embassy or Consulate;
  • local notarization plus apostille;
  • scanned submission first, with hard copies later;
  • special authorization if someone in the Philippines will file for you.

Foreigners should also keep copies of passport pages, local contact details used in the loan, Philippine phone number or e-wallet account records, and any written agreement showing the governing terms of the loan. If the online lending app is Philippine-based or operated by a Philippine lending or financing company, Philippine regulators may still be relevant even if the borrower is outside the Philippines.

Frequently Asked Questions

Can an online loan collector still contact me after I fully paid?

They may send reasonable account confirmation or correction messages, but they should not continue collection demands as if the loan were unpaid. If they claim there is still a balance, ask for a written statement of account and proof of the remaining charge. Harassment, threats, shaming, and contact-list messaging remain prohibited.

What if the app says I still owe late fees?

Ask for a complete written breakdown. Check whether the fees were disclosed before you accepted the loan. If the charges are unclear or were never properly disclosed, raise that in your SEC complaint and attach the Truth in Lending issue to your payment dispute.

Is it legal for collectors to message my contacts?

Generally, no, if those people are merely from your phone contact list and are not guarantors or co-makers. The 2026 DICT-NPC-SEC advisory specifically states that contacting persons in the borrower’s contact list other than guarantors is prohibited for debt collection.

Can they post my face, ID, or name on Facebook?

Public shaming can trigger SEC, NPC, civil, and possibly criminal issues. Save the URL, screenshot the post, identify the account, and report it promptly. If the post contains false statements that damage your reputation, cyber libel or civil damages may become relevant depending on the facts.

Should I file first with the SEC or the NPC?

File with the SEC if the main issue is unfair collection by a lending or financing company. File with the NPC if the main issue is misuse or disclosure of personal data, such as contact-list harassment, posting personal information, or excessive app permissions. Many online lending harassment cases justify filing with both.

What if the online lending app is not registered?

Still document everything and file a report. An unregistered or unrecorded app may raise additional regulatory concerns. The 2026 public advisory applies reminders to entities offering or facilitating loans through online lending platforms, whether recorded or unrecorded.

Can collectors threaten me with imprisonment for unpaid debt?

Mere nonpayment of a loan is generally a civil matter. However, separate acts such as fraud, falsification, or bouncing checks may create different legal issues depending on the facts. A collector should not falsely threaten imprisonment just to force payment, especially when the account is fully paid or legitimately disputed.

What if my employer was contacted?

Save the message received by your employer and document who received it, when it was received, and what was said. This can support an SEC complaint for unfair collection and an NPC complaint for unauthorized disclosure of personal data. If your employment was affected, keep HR communications and written proof of the damage.

Can I get damages for harassment after paying the loan?

Possibly, if you can prove wrongful conduct and actual injury, such as reputational harm, emotional distress, job consequences, or public humiliation. Civil Code Article 26 protects dignity, privacy, and peace of mind, and other Civil Code provisions may apply depending on the facts. (Lawphil)

Does deleting the app stop the harassment?

It may stop some app access, but it does not erase data already copied by the lender or collector. Save evidence first, revoke permissions, then consider uninstalling. Also file complaints if your data was already misused.

Key Takeaways

  • A fully paid online loan should not continue to be collected as unpaid.
  • Even if a balance is disputed, collectors cannot use threats, insults, public shaming, false claims, or contact-list harassment.
  • SEC Memorandum Circular No. 18 protects borrowers from unfair debt collection by lending and financing companies and their third-party collectors.
  • The Data Privacy Act protects borrowers from excessive, unauthorized, or harmful use of personal data.
  • Save proof before deleting the app or blocking numbers.
  • Ask for a written statement of account and account correction.
  • File with the SEC for unfair collection, the NPC for privacy violations, and PNP/NBI for threats, extortion, cyber harassment, or fake posts.
  • Do not pay again through unofficial channels just to stop harassment.
  • If court papers arrive, respond and present proof of full payment.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

How to Escalate a Complaint Against an Online Lending App to the SEC

If an online lending app is threatening you, shaming you to your contacts, adding unexplained charges, or ignoring your requests for a proper statement of account, you can escalate the complaint to the Philippine Securities and Exchange Commission (SEC). The key is to file it as a clear, evidence-backed regulatory complaint against the company behind the app, not just as a general rant against “OLA harassment.” The SEC regulates lending companies, financing companies, and their online lending platforms, and it now uses its iMessage ticketing system for public complaints and requests. (Securities and Exchange Commission)

What the SEC Can Do About an Online Lending App Complaint

The SEC is not just a business registration office. For lending apps, it is the main regulator for:

  • Lending companies under Republic Act No. 9474, or the Lending Company Regulation Act of 2007
  • Financing companies under Republic Act No. 8556, or the Financing Company Act of 1998
  • Online lending platforms used by those companies
  • Unfair debt collection practices by registered lending or financing companies and their agents

Under RA 9474, a lending company must be a corporation and cannot conduct business unless it has authority to operate from the SEC. The same law gives the SEC power to regulate, require reports, exercise visitorial powers, and impose sanctions such as suspension or revocation of authority and fines. (Supreme Court E-Library)

This matters because many borrowers only know the app name, such as the name appearing on Google Play, the App Store, Facebook ads, SMS, or GCash instructions. But the SEC complaint should identify, as much as possible, the legal entity behind the app: the corporation, its SEC registration number, Certificate of Authority, office address, customer service email, collection agency, or payment account.

Legal Basis: What Online Lending Apps Are Not Allowed to Do

The most important SEC rule for harassment complaints is SEC Memorandum Circular No. 18, Series of 2019, titled Prohibition on Unfair Debt Collection Practices of Financing Companies and Lending Companies. It applies to financing companies, lending companies, and third-party service providers they hire for collection.

Under this circular, lenders may use reasonable and lawful ways to collect a debt, but they must act in good faith and refrain from unscrupulous or untoward acts. The following are examples of prohibited unfair collection practices:

  • Threatening violence or other criminal means against a person, reputation, or property
  • Threatening legal action that cannot legally be taken
  • Using obscenities, insults, or profane language that tends to abuse the borrower
  • Publishing or disclosing names and personal information of borrowers who allegedly refuse to pay
  • Telling third persons false information, including falsely saying a debt is disputed or falsely implying that the third person is liable
  • Using false representation or deceptive means to collect a debt or obtain borrower information
  • Contacting the borrower at unreasonable times, generally before 6:00 a.m. or after 10:00 p.m., subject to the specific exceptions in the circular
  • Contacting persons in the borrower’s contact list other than those named as guarantors or co-makers

The circular also makes clear that outsourcing collection does not excuse the lending or financing company. A third-party service provider is treated as the company’s agent, and the ultimate responsibility for collection practices remains with the financing or lending company.

Penalties for Unfair Debt Collection

For violations of SEC MC No. 18, the penalties may include:

Violation level Lending company Financing company
First offense ₱25,000 ₱50,000
Second offense ₱50,000 ₱100,000
Third offense Fine of at least twice the second-offense fine but not more than ₱1,000,000, and/or 60-day suspension, and/or revocation of Certificate of Authority

The SEC may also consider other penalties under the Revised Corporation Code and other applicable laws, and the courts or other government agencies may impose separate penalties within their own jurisdiction.

When a Complaint Should Be Escalated to the SEC

You should consider escalating to the SEC when the issue involves a lending or financing company, an online lending app, or an app that claims to offer loans in the Philippines, especially if any of these happened:

  1. The app or collector threatened you with arrest, barangay blotter, cybercrime charges, public posting, or home visits in a misleading or abusive way.
  2. The collector messaged your relatives, employer, co-workers, Facebook friends, or phone contacts.
  3. The collector sent screenshots of your ID, selfie, loan details, or private information to other people.
  4. The app imposed charges that do not match the disclosure statement or loan agreement.
  5. The app appears unregistered, unrecorded, fake, or pretending to be a legitimate company.
  6. The lender refuses to provide a statement of account, payment breakdown, or proper customer service channel.
  7. You already complained to the app’s customer support but harassment continued.

A complaint to the SEC does not automatically erase a valid loan. If you borrowed money and received the proceeds, the issue of repayment is separate from the issue of illegal collection, excessive charges, privacy violations, or unlicensed lending. The SEC complaint is mainly used to trigger regulatory action, investigation, sanctions, or instructions to the company.

Check First: Is the App Registered, Recorded, or Possibly Fake?

Before filing, try to classify the app. This helps the SEC understand what action may be needed.

What you find What it may mean How to describe it in your complaint
Company is in SEC records and has a Certificate of Authority It may be a regulated lending or financing company “Respondent appears to be a registered lending/financing company, but its collectors committed unfair collection practices.”
Company is registered, but app name is not in the recorded online lending platform list The app may be unrecorded or unauthorized “The app appears connected to a company, but I could not verify that this specific online lending platform is recorded.”
App uses the name/logo of a known company but different payment accounts or numbers Possible impersonation or fake app “The app may be misusing the name of a registered company.”
No company name, no SEC number, no address, only Telegram/Viber/SMS/GCash Possible illegal or unregistered operator “The app appears to be operating without transparent company information.”

The SEC maintains public resources for checking lending companies, financing companies, and recorded online lending platforms, and its iMessage page also links to “Check with SEC.” (www.foi.gov.ph)

Step-by-Step Guide to Escalating an Online Lending App Complaint to the SEC

1. Preserve evidence before blocking, deleting, or uninstalling anything

Do not rely on memory. SEC reviewers need proof that shows who did what, when, and how.

Save:

  • Screenshots of threatening messages, including the sender’s number, username, email address, or profile
  • Screenshots showing date and time
  • Call logs, SMS logs, Viber/Telegram/Messenger messages, and emails
  • Screenshots of messages sent to your contacts
  • Statements from relatives, friends, co-workers, or employers who were contacted
  • Loan agreement, disclosure statement, repayment schedule, and statement of account
  • Proof of loan proceeds received
  • Proof of payments already made
  • App page screenshots showing app name, developer name, permissions, privacy policy, and customer support details
  • Payment instructions showing GCash, Maya, bank account, or QR code details
  • SEC verification screenshots, if available

A common mistake is uninstalling the app immediately. If you need to protect your data, take screenshots first. Then review app permissions, revoke unnecessary permissions, and preserve the device if the case may become a cybercrime or privacy complaint.

2. Identify the respondent correctly

In your complaint, list all names connected to the app:

  • App name
  • Developer name shown in the app store
  • Corporate name, if shown
  • SEC registration number, if shown
  • Certificate of Authority number, if shown
  • Website or Facebook page
  • Customer service email
  • Collection agency or collector name
  • Phone numbers and messaging accounts used
  • Payment account names and numbers

If you do not know the company behind the app, say so directly. For example:

“The app does not disclose a clear corporate name, SEC registration number, office address, or Certificate of Authority. I am requesting SEC assistance to verify whether this app is authorized to operate as an online lending platform.”

3. Prepare a short timeline

A good complaint is usually chronological. Keep it factual.

Example:

Date What happened Evidence
5 March 2026 I borrowed ₱5,000 through the app and received ₱3,850 after deductions. Loan screenshot, GCash receipt
12 March 2026 Collector texted threats that they would message my employer. SMS screenshot
13 March 2026 My sister and co-worker received messages saying I was a scammer. Screenshots from sister and co-worker
14 March 2026 I emailed customer support asking them to stop contacting third parties. No reply. Email screenshot
15 March 2026 Collector demanded payment to a different GCash number. SMS and GCash details

This format helps the SEC see the pattern quickly.

4. File through SEC iMessage

The SEC’s iMessage system is its official web-based platform for handling public inquiries, complaints, incidents, and requests. The user guide says it generates a unique electronic ticket, allows users to track status, and centralizes communications that used to be handled through more informal channels. (Securities and Exchange Commission)

To file:

  1. Go to SEC iMessage.
  2. Choose Open a New Ticket.
  3. Agree to the privacy policy.
  4. Sign in using an eSECURE account.
  5. In the Service field, choose the service related to the Financing and Lending Companies Department.
  6. Select Complaints on Financing and Lending Companies.
  7. Fill out the form.
  8. Upload your evidence files.
  9. Submit and save the ticket number. (Securities and Exchange Commission)

The SEC iMessage service list identifies Complaints on Financing and Lending Companies under the Financing and Lending Companies Department’s Legal and Enforcement Division. (Securities and Exchange Commission)

5. Write the complaint in a way the SEC can act on

Use a direct subject line:

Complaint Against [App Name] / [Company Name] for Unfair Debt Collection, Harassment, Possible Unrecorded OLP, and Excessive Charges

In the body, include:

  • Your full name and contact details
  • App name and company name, if known
  • Loan date, amount borrowed, amount received, and due date
  • Summary of the abusive collection acts
  • Names or numbers of collectors
  • Names of third persons contacted
  • Whether you already paid anything
  • Whether you asked customer support to stop the harassment
  • Specific request for SEC action

Possible wording:

I respectfully request the SEC to investigate the respondent company and/or online lending platform for possible violations of SEC Memorandum Circular No. 18, Series of 2019, including threats, abusive language, disclosure of my personal information, and contacting persons in my phone contacts who are not guarantors or co-makers. I also request verification of whether the app is a recorded online lending platform and whether the company has authority to operate as a lending or financing company.

6. Attach organized files

Use clear file names. SEC staff should not have to open 50 random screenshots to understand the case.

Examples:

  • 01_Loan_Agreement_AppName.pdf
  • 02_Proof_of_Proceeds_GCash_March5.png
  • 03_Threats_From_Collector_0917xxxxxxx.pdf
  • 04_Message_To_Employer.png
  • 05_Request_To_Stop_Harassment_Email.pdf
  • 06_SEC_Verification_Screenshot.png

If you have many screenshots, combine them into one PDF and add page numbers. Put the most serious evidence first: threats, public shaming, messages to employer, messages to family, and proof that the contacted persons were not guarantors or co-makers.

7. Track the ticket and reply promptly

After filing, monitor the ticket. The iMessage user guide explains that users can view tickets, check status, open the ticket conversation thread, post replies, and upload files if needed. (Securities and Exchange Commission)

If harassment continues after filing, do not create multiple duplicate tickets unless necessary. Use the existing ticket and post a reply such as:

Additional harassment occurred after my SEC complaint was filed. Attached are new screenshots dated [date]. The collector again contacted my employer and threatened public posting.

This shows continuing conduct and may help establish urgency.

What to Attach: Required Documents and Evidence Checklist

Document or evidence Why it helps
Government ID Confirms complainant identity if requested
Loan agreement or disclosure statement Shows loan amount, charges, due date, and stated lender
Screenshots of app profile and app permissions Helps identify the online lending platform and possible privacy issues
Screenshots of threats or insults Supports unfair collection complaint
Messages sent to contacts, employer, or relatives Shows third-party disclosure or harassment
Proof contacts were not guarantors or co-makers Important under SEC MC No. 18
Proof of payment Prevents false claims that no payment was made
Statement of account or demand letters Shows charges and collection basis
SEC verification screenshots Helps show whether app/company is registered or unrecorded
Customer support emails Shows you tried to resolve the matter directly

What If the Main Issue Is Excessive Interest or Hidden Fees?

High interest, by itself, is not always the same as harassment. But for certain small, short-term, unsecured general-purpose loans, there are regulatory caps.

SEC Memorandum Circular No. 3, Series of 2022 implemented BSP Circular No. 1133 for covered loans offered by lending companies, financing companies, and their online lending platforms. It applies to unsecured general-purpose loans not exceeding ₱10,000 with a loan tenor of up to four months, entered into, restructured, or renewed beginning 3 March 2022.

For covered loans, the caps include:

Charge Ceiling
Nominal interest 6% per month
Effective interest rate, including applicable fees and charges but excluding late-payment penalties 15% per month
Late-payment or non-payment penalty 5% per month on outstanding scheduled amount due
Total cost cap 100% of total amount borrowed

If your complaint is about excessive charges, attach the loan computation and explain the numbers. For example:

I borrowed ₱5,000, received ₱3,500 after deductions, and was asked to pay ₱7,500 after seven days. I request SEC review of whether the charges comply with the applicable ceilings for covered loans.

When to File With Other Agencies Too

Some online lending app cases involve more than one legal issue. The SEC handles the lending or financing company regulation side, but privacy and cybercrime issues may require parallel complaints.

Problem Possible agency
Lending company harassment, unfair collection, unrecorded OLP, lack of authority to operate SEC
Harvesting contacts, misuse of phonebook, unauthorized disclosure of personal data National Privacy Commission
Threats, cyberlibel, identity misuse, hacking, fake accounts, online extortion PNP Anti-Cybercrime Group or NBI Cybercrime Division
Credit report dispute or improper credit data Credit Information Corporation dispute process

The Credit Information Corporation’s consumer guidance specifically points consumers to the SEC for lending and financing companies, online lending apps, and microfinance institutions, and points data privacy concerns to the NPC, PNP Anti-Cybercrime Group, NBI Cybercrime Division, and DOJ Office of Cybercrime. (Credit Information Corporation (CIC))

Filing With the National Privacy Commission

If the app accessed or used your contacts, photos, employer details, ID, or private information to shame or pressure you, the issue may fall under the Data Privacy Act of 2012 and NPC rules.

The NPC has stated that online lenders are prohibited from harvesting phone and social media contact lists for harassment, and that unnecessary permissions include accessing phone contact lists, harvesting social media contacts, and saving these for debt collection or harassment. (National Privacy Commission)

A formal NPC complaint must be filed in a specific format. The NPC’s complaint page says to download the form, print and fill it out, have it notarized, and submit it in person, by courier, or by scanned email to the NPC complaints address. (National Privacy Commission)

Filing a Cybercrime or Criminal Complaint

If the collector threatens physical harm, posts defamatory accusations online, uses your identity, or demands money through intimidation, consider a report to cybercrime authorities.

Under the Revised Penal Code, threats may fall under provisions such as Article 282 on grave threats, while coercive or vexatious conduct may implicate Article 287 on light coercions or unjust vexations, depending on the facts. Libel is defined under Article 353, and libel by writings or similar means is punished under Article 355. (Lawphil)

Under Republic Act No. 10175, or the Cybercrime Prevention Act of 2012, cyberlibel covers libel committed through a computer system or similar means, and crimes under the Revised Penal Code or special laws committed through information and communications technologies may be covered by the Act. The law also designates the NBI and PNP as law enforcement authorities for cybercrime cases. (Supreme Court E-Library)

Practical Timelines and What to Expect

Stage Practical timeline What usually happens
SEC iMessage ticket creation Same day You receive a ticket and can monitor status
Initial routing A few days to a few weeks Ticket is assigned to the appropriate SEC department or unit
Clarification or document request Varies SEC may ask for clearer evidence, company details, or more documents
Company response or regulatory review Weeks to months More complex if the app hides its operator or uses fake names
Enforcement action Case-dependent May include warning, penalty, suspension, revocation, advisory, or referral

Bottlenecks commonly happen when the borrower cannot identify the company, only has screenshots without dates, paid through personal e-wallet accounts, or deleted the messages. Cases involving fake apps, foreign operators, or rotating SIM cards may take longer because the SEC may need coordination with platforms, payment channels, or law enforcement.

Common Mistakes That Weaken SEC Complaints

1. Filing only against the app name

The app name is useful, but the SEC regulates legal entities. Always try to identify the corporation behind the app.

2. Sending only emotional statements without evidence

It is understandable to be angry or scared, but a complaint is stronger when it shows dates, screenshots, numbers, names, and exact messages.

3. Deleting messages after being threatened

Keep the evidence. If you need to block the collector, screenshot first.

4. Ignoring the distinction between debt and harassment

The SEC may investigate harassment even if you still owe money. But it helps to be honest about the loan, amount received, and payments made.

5. Paying random personal accounts without documenting

If you pay, save the payment instruction, account name, number, receipt, and confirmation. Some fake or abusive apps use changing payment channels.

6. Filing only with the wrong agency

If the main issue is lending harassment, file with the SEC. If the main issue is contact harvesting or data misuse, file with the NPC too. If there are threats, impersonation, cyberlibel, or extortion, report to cybercrime authorities as well.

Special Notes for OFWs, Filipinos Abroad, and Foreigners

You can file an SEC iMessage complaint online even if you are outside the Philippines. What matters is that the lending app, company, borrower, transaction, or harmful conduct has a Philippine connection.

For Filipinos abroad and foreigners, practical issues usually include:

  • Screenshots may show a foreign time zone, so note your location and time zone.
  • If a sworn statement is later required for an SEC, NPC, prosecutor, or court proceeding, documents executed abroad may need consular acknowledgment or an apostille, depending on where they were signed and how they will be used.
  • If your Philippine relatives or employer were contacted, ask them to preserve their own screenshots.
  • If your foreign employer was contacted, document the reputational harm clearly and calmly.
  • If payment was made through Philippine e-wallets or bank accounts, keep the transaction reference numbers.

Foreigners should also distinguish between a personal loan dispute and immigration-related threats. A private lender or collector generally cannot deport someone, hold a passport, or cause arrest merely because of an unpaid civil debt. Threats of deportation, imprisonment, or “blacklisting” should be screenshot and included because they may show deceptive or abusive collection tactics.

Frequently Asked Questions

Can I file an SEC complaint even if I still owe the online lending app?

Yes. The SEC complaint focuses on whether the lender, app, or collector violated lending regulations, collection rules, or authority-to-operate requirements. A remaining balance does not give collectors the right to threaten, shame, deceive, or contact unauthorized third persons.

Will the SEC cancel my loan?

Not automatically. The SEC may investigate the company, require compliance, impose penalties, or take regulatory action. Loan validity, exact balance, and civil liability may still depend on the loan documents, payments, charges, and applicable law.

What if the app contacted my family, friends, or employer?

Include screenshots from those people. Under SEC MC No. 18, contacting persons in the borrower’s contact list other than those named as guarantors or co-makers may constitute an unfair collection practice.

What if the app says I will be arrested for not paying?

Non-payment of a loan is generally a civil matter. However, fraud, threats, identity misuse, or other criminal acts may be separate issues depending on the facts. Screenshot the threat and include it in your SEC complaint, and consider a cybercrime or police report if the threat is serious.

What if the app is not on the SEC list?

Say that clearly in your complaint. Ask the SEC to verify whether the company has a Certificate of Authority and whether the app is a recorded online lending platform. If the app is fake or impersonating a registered company, include proof of the impersonation.

Should I file with the SEC or NPC?

File with the SEC for lending company misconduct, unfair debt collection, unrecorded online lending platforms, and excessive covered-loan charges. File with the NPC when the issue involves misuse of personal data, harvesting contacts, unauthorized disclosure, or privacy violations. Many serious online lending app cases justify filing with both.

Do I need a notarized complaint for the SEC?

For an initial SEC iMessage ticket, you submit information and upload evidence through the online system. If the SEC later requires a sworn statement, affidavit, or formal pleading, follow the specific instruction given for that stage. NPC formal complaints, by contrast, are expressly required to be notarized under the NPC’s complaint-filing instructions. (National Privacy Commission)

How long does an SEC online lending app complaint take?

You can usually create the ticket immediately, but review and action may take weeks or months depending on the evidence, the company’s identity, the number of complainants, and whether the app is registered, unrecorded, fake, or using third-party collectors.

Can I complain if the collector used another number after I blocked them?

Yes. Save each number and message. Repeated use of different numbers can help show a pattern of harassment, evasion, or coordinated collection activity.

What should I do if harassment continues after filing?

Update your existing SEC iMessage ticket with new screenshots and dates. If the conduct involves threats, public posting, identity misuse, or contact harvesting, file or update complaints with the NPC and cybercrime authorities as appropriate.

Key Takeaways

  • The SEC is the primary regulator for Philippine lending companies, financing companies, and their online lending platforms.
  • The strongest complaints identify the company behind the app, not just the app name.
  • SEC MC No. 18 prohibits threats, abusive language, false representations, public shaming, and unauthorized contact with people in your contact list.
  • For covered small, short-term unsecured loans, SEC MC No. 3, Series of 2022 implements caps on interest, fees, penalties, and total cost.
  • File through SEC iMessage under Complaints on Financing and Lending Companies, attach organized evidence, and keep your ticket updated.
  • File parallel complaints with the NPC for privacy violations and with cybercrime authorities for threats, cyberlibel, identity misuse, or online extortion.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

What to Do If You Still Receive Spam Messages After Deleting a Lending App Account

Receiving spam, threats, or “loan offer” messages after you deleted a lending app account is frustrating—and in many cases, it may point to a data privacy or debt collection problem. In the Philippines, deleting an app from your phone is not the same as deleting your account or erasing your personal data. But once you have withdrawn consent, closed the account, paid the loan, or asked the company to stop using your data for marketing, the lending app cannot simply keep using your number, contacts, photos, or other personal information without a lawful reason. This guide explains what may be happening, what Philippine laws protect you, how to preserve evidence, and where to report the lending app, collector, or spam sender.

Why spam messages may continue after deleting a lending app account

There are several possible reasons you are still receiving messages:

  1. You deleted the app, but not the account. Uninstalling the app only removes it from your phone. The company may still have your account records, phone number, ID images, references, payment history, and consent logs.

  2. Your account was deleted, but some data is retained for legal or accounting purposes. A lending company may retain limited records if needed for a legitimate purpose, such as loan documentation, regulatory compliance, fraud prevention, or legal claims. But retention must still follow the principles of transparency, legitimate purpose, and proportionality under the Data Privacy Act.

  3. You still have an unpaid or disputed loan. If there is a valid debt, the lender may contact you for collection. However, it must do so lawfully. It cannot threaten you, shame you, harass your contacts, or use deceptive messages.

  4. A third-party collector has your data. Some online lending platforms use collection agencies or service providers. Under SEC rules, the lending or financing company remains responsible for the acts of its collectors and outsourced service providers.

  5. The messages are from scammers using lending-app style tactics. Some spam messages are not from the original lender at all. They may be phishing attempts, fake “loan approval” messages, or threats designed to make you click a link, send money, or reveal an OTP.

The first step is to identify whether the messages are ordinary marketing, unlawful debt collection, a data privacy violation, or a cybercrime-related scam.

Your rights under Philippine law

Your data privacy rights under the Data Privacy Act

The main law that protects your personal information is the Data Privacy Act of 2012, or Republic Act No. 10173. It applies to the processing of personal information, including collection, recording, storage, use, disclosure, retention, blocking, erasure, and destruction. The law requires personal data processing to follow the principles of transparency, legitimate purpose, and proportionality. In simple terms, a company must tell you what it is doing with your data, use it only for a lawful and declared purpose, and avoid collecting or keeping more than necessary. (National Privacy Commission)

As a data subject, you have rights that are especially important when dealing with lending apps. You may ask what data the company has about you, why it is being processed, who received it, how long it will be retained, and whether it was disclosed to third parties. You may also dispute inaccurate data, withdraw consent where consent is the basis of processing, and request blocking, removal, or destruction of personal information that is outdated, unlawfully obtained, used for unauthorized purposes, or no longer necessary. (National Privacy Commission)

This matters because many lending-app complaints involve:

  • repeated promotional texts after account closure;
  • messages from unknown collectors;
  • unauthorized access to phone contacts;
  • disclosure of loan details to relatives, friends, co-workers, or employers;
  • public shaming on social media or messaging apps;
  • threats using personal photos, IDs, or contact lists.

Lending apps cannot freely harvest or use your contacts

The National Privacy Commission has repeatedly addressed abusive online lending practices. In a joint 2026 advisory with the DICT and SEC, regulators warned against online lending platform practices involving harassment, intimidation, public shaming, and unlawful personal data use. The advisory states that online lending platforms should not request unnecessary app permissions, engage in excessive processing of contacts, use personal data for harassment, or contact persons in a borrower’s contact list for debt collection unless they are properly designated guarantors.

This distinction is important:

Person What the lending app may generally do
Borrower Contact for account-related matters and lawful collection if there is a valid debt
Character reference Use for identification or verification, not automatic debt collection
Guarantor May be contacted about the loan only if the person expressly agreed to be a guarantor
Random contact from your phonebook Should not be contacted for collection merely because their number was in your phone

The advisory also says personal data should be retained only as long as necessary for the declared purpose, legal claims, or applicable law, and should be securely disposed of afterward.

SEC rules prohibit unfair debt collection practices

If the lending app is operated by a lending company or financing company, the Securities and Exchange Commission (SEC) may have jurisdiction. SEC Memorandum Circular No. 18, Series of 2019 prohibits unfair debt collection practices by financing companies, lending companies, and their third-party service providers. The circular recognizes that lenders may collect debts, but they must do so in good faith and avoid abusive, unethical, or deceptive conduct.

Under SEC rules, unfair collection practices include:

  • using threats, violence, or criminal means to harm a person, reputation, or property;
  • using obscene, insulting, or profane language;
  • falsely representing legal consequences;
  • disclosing or publishing the borrower’s names and personal information;
  • communicating false credit information;
  • using deceptive means to collect;
  • contacting the borrower at unreasonable hours, generally before 6:00 a.m. or after 10:00 p.m., unless justified by special circumstances;
  • contacting people in the borrower’s contact list other than guarantors or co-makers.

The SEC may impose fines and, for repeated violations, suspension or revocation of authority to operate. The rules also make clear that when a lender outsources collection, the third-party collector acts as an agent and the lending or financing company remains ultimately responsible.

Threats, public shaming, fraud, and identity misuse may involve criminal laws

Some messages go beyond spam or unfair collection. They may involve criminal conduct, especially if they include threats, extortion, fake legal notices, identity theft, or online shaming.

The Cybercrime Prevention Act of 2012, or Republic Act No. 10175, covers several offenses committed through computer systems, including illegal access, identity theft, computer-related fraud, and cyberlibel. It also regulates unsolicited commercial communications, subject to exceptions such as prior consent, service announcements, or clear opt-out mechanisms. (Supreme Court E-Library)

If a collector posts defamatory statements about you online, sends humiliating messages to your contacts, or creates fake posts about your loan, the issue may also touch on cyberlibel. In Disini v. Secretary of Justice, the Supreme Court explained that cyberlibel under RA 10175 is not a completely new offense but applies libel principles to online publication through a computer system. (Supreme Court E-Library)

Separately, Article 26 of the Civil Code recognizes a person’s right to dignity, personality, privacy, and peace of mind. It allows legal relief against acts such as prying into another’s privacy, disturbing private life, or vexing or humiliating a person because of personal circumstances. (Lawphil)

Step-by-step guide: what to do if spam messages continue

1. Preserve evidence before deleting, blocking, or replying

Before blocking the sender, collect proof. Complaints often fail because the victim deleted the messages, lost access to the phone, or could not show the connection between the messages and the lending app.

Save the following:

Evidence Why it matters
Screenshots of SMS, Viber, Messenger, WhatsApp, Telegram, email, or app notifications Shows the exact words used, sender ID, number, date, and time
Call logs and voicemail recordings Helps prove repeated harassment or collection calls
Screen recording of disappearing messages Useful when messages vanish or are unsent
Account deletion confirmation Shows you attempted to close the account
Loan contract, disclosure statement, or payment receipts Helps show whether the loan is paid, unpaid, or disputed
App privacy notice, permission screen, or consent form Helps show what you supposedly agreed to
App store listing and company name Helps identify the operator
Messages sent to your contacts Strong evidence of improper contact-list use
Customer service emails or tickets Shows you tried to resolve the matter first

For screenshots, include the full sender number or sender ID, date, time, and entire message. Do not crop out important details. If possible, back up the files to cloud storage or another device.

Avoid clicking links in the messages. If a link looks important, take a screenshot instead of opening it.

2. Secure your phone and accounts

After preserving evidence, reduce the risk of further misuse.

Do these immediately:

  1. Revoke app permissions for contacts, camera, photos, microphone, location, SMS, and storage.
  2. Uninstall the app only after saving evidence and confirming whether account deletion was processed.
  3. Change passwords for email, banking apps, e-wallets, and social media.
  4. Enable two-factor authentication where available.
  5. Never give OTPs, passwords, or ID photos to anyone who contacted you through spam messages.
  6. Tell your close contacts not to respond, pay, click links, or provide information if they receive messages about your loan.
  7. Block and report the sender through your phone, telco app, or official reporting channels.

If you suspect malware or unauthorized access, update your phone operating system and scan for suspicious apps. If the messages are coming from many changing numbers, focus on preserving samples and reporting the pattern rather than replying to every number.

3. Send a written request to the lending app or its Data Protection Officer

Before filing a privacy complaint with the National Privacy Commission, you usually need to show that you first informed the company in writing and gave it a chance to act. NPC complaint rules require complainants to show proof that they informed the respondent of the privacy violation or personal data breach and that the respondent failed to take timely or appropriate action within 15 calendar days from receipt. (National Privacy Commission)

Send your request by email, in-app ticket, or any official support channel. Keep proof of sending.

You can use wording like this:

I am requesting that you stop sending marketing, promotional, or non-essential messages to my mobile number and any linked channels. I have deleted/closed my account on [date], and I withdraw consent for direct marketing and any optional processing not necessary for a lawful purpose.

Please confirm what personal information you still retain about me, the legal basis for retaining it, the retention period, and the third parties or collectors to whom my data was disclosed.

I also request the blocking, removal, or destruction of personal information that is no longer necessary, unlawfully obtained, used for unauthorized purposes, or processed beyond the purposes disclosed to me.

Please also confirm that my contacts, character references, relatives, friends, co-workers, or employer will not be contacted for collection unless they are lawful guarantors who expressly consented.

If you have already paid the loan, attach proof of payment. If the loan is disputed, clearly say that the debt is disputed and identify why, such as wrong amount, unauthorized charges, payment not credited, or fake account.

4. Identify the company behind the messages

Many lending apps use trade names that are different from their registered company names. Before filing with the SEC or NPC, gather as much identifying information as possible:

  • app name;
  • registered company name;
  • SEC registration number;
  • Certificate of Authority number, if shown;
  • website, email, customer service number;
  • collector’s name or agency;
  • sender ID or phone numbers used;
  • payment channels or bank/e-wallet accounts used;
  • screenshots of the app store page.

If the sender refuses to identify the company, uses only threats, or demands payment to a personal account, treat it as a possible scam and report it as such.

5. File a complaint with the National Privacy Commission for data misuse

File with the National Privacy Commission (NPC) if the issue involves personal data misuse, such as:

  • continued marketing after withdrawal of consent;
  • refusal to delete or block unnecessary personal data;
  • unauthorized access to contacts, photos, or messages;
  • disclosure of loan information to relatives, friends, co-workers, or employers;
  • failure to explain how your data was used or shared;
  • harassment using personal data.

NPC rules allow complaints by the data subject, by an authorized representative through a Special Power of Attorney, or by the NPC on its own initiative. Complaints may be filed using the NPC complaint-assisted form or a verified complaint, with supporting evidence and witness affidavits where applicable. (National Privacy Commission)

The NPC’s own complaint page instructs complainants to download the form, fill it out, have it notarized, and submit it by personal filing, courier, registered mail, or email to the NPC complaints address. (National Privacy Commission)

Prepare these:

Requirement Practical note
Filled-out NPC complaint form or verified complaint Must clearly identify the respondent and describe the data privacy violation
Notarized signature Required for formal complaint documents
Proof of prior written notice to the company Important because of the 15-calendar-day exhaustion requirement
Screenshots and call logs Include dates, times, sender numbers, and full message content
Proof of account deletion, payment, or withdrawal of consent Helps show why continued messages may be improper
Witness statements Useful if your contacts received messages or calls

If the NPC finds merit, the matter may proceed to investigation and enforcement. The NPC may refer cases involving possible criminal charges to the Department of Justice. (National Privacy Commission)

6. File with the SEC if the issue involves abusive debt collection

File with the SEC Financing and Lending Companies Division if the lending app, financing company, or collector is using unfair collection practices.

Examples include:

  • threatening arrest or imprisonment for debt;
  • threatening to post your face, ID, or loan details online;
  • calling or messaging at unreasonable hours;
  • sending insults, profanity, or humiliating language;
  • contacting your phone contacts who are not guarantors or co-makers;
  • pretending to be a police officer, lawyer, court employee, or government agency;
  • refusing to identify the company or collector.

The 2026 DICT-NPC-SEC advisory directs reports involving online lending platforms to the SEC’s FINLEND channel and identifies other cybercrime-related channels for harassment, threats, frauds, and scams.

When filing with the SEC, include:

  • full name of the lending app and company, if known;
  • app screenshots and app store listing;
  • chronology of events;
  • loan amount, dates, and payment history;
  • screenshots of messages and call logs;
  • proof that your contacts were messaged;
  • account deletion request or confirmation;
  • name or number of the collector;
  • explanation of why the conduct violates SEC debt collection rules.

7. Report spam, scam, fraud, or threats to the proper cybercrime and telecom channels

For spam or scam texts, the National Telecommunications Commission has indicated that complaints may be reported through its text scam and text spam channels. NTC guidance has also identified reporting by email with details such as the complainant’s name, address, contact details, complained-of number, screenshots, and a government ID. (www.foi.gov.ph)

For cyber fraud, the Cybercrime Investigation and Coordinating Center has pointed victims to hotline 1326, while persons who merely receive scam texts may report numbers through the eGov app’s eReport feature, with reports forwarded to the NTC for blocking action. (Philippine News Agency)

For threats, extortion, identity theft, fake legal notices, or public shaming, report to the PNP Anti-Cybercrime Group or NBI Cybercrime Division. RA 10175 recognizes the role of the NBI and PNP in cybercrime law enforcement. (Supreme Court E-Library)

Where to file: NPC, SEC, NTC, PNP, or NBI?

Problem Best office to consider What to prepare
Continued use of your personal data after account deletion or withdrawal of consent National Privacy Commission Written request to company, proof of 15-day waiting period, screenshots, account deletion proof
Lending app contacted your contacts, references, co-workers, or employer NPC and SEC Screenshots from your contacts, proof they were not guarantors, app permission evidence
Threats, insults, public shaming, fake arrest threats, abusive collection SEC, and possibly PNP/NBI Messages, call logs, collector identity, company/app name
Spam or scam texts from unknown numbers NTC, telco reporting tools, eGov eReport Sender number, screenshot, date/time, suspicious links
Identity theft, phishing, extortion, fake legal documents, cyberlibel PNP Anti-Cybercrime Group or NBI Cybercrime Division Screenshots, links, account URLs, payment demands, identity documents misused
Actual court summons or prosecutor subpoena Court or prosecutor’s office named in the document Do not ignore; verify authenticity directly with the issuing office

Common real-life scenarios

“I already paid my loan, but they still text me loan offers.”

This is usually a marketing and data retention issue. Send a written opt-out and withdrawal of consent for direct marketing. Ask the company to confirm whether your account is closed, what data is retained, and when it will be deleted or anonymized. If messages continue after the company receives your request and fails to act within the required period, consider filing with the NPC.

“I still owe money. Can they still message me?”

Yes, a lender may contact you for legitimate collection if there is a valid unpaid loan. But it must follow the law. It cannot threaten you with jail, shame you publicly, contact random people in your phonebook, use profane language, or pretend to have legal powers it does not have.

The Philippine Constitution also provides that no person shall be imprisoned for debt. (Supreme Court E-Library) This does not mean unpaid debts have no consequences. A creditor may pursue civil collection, report legitimate credit information through lawful channels, or file appropriate actions if fraud is involved. But a simple inability to pay a loan is not a basis for imprisonment.

“They messaged my contacts even after I deleted the app.”

This is a serious red flag. Under the DICT-NPC-SEC advisory, online lending platforms should not contact people in a borrower’s contact list for debt collection unless they are guarantors who expressly consented. Character references are for identification or verification, not automatic debt collection.

Ask your contacts to send you screenshots showing the full message, sender, date, and time. Their statements may help prove that the lender or collector used your contact list improperly.

“The sender says they are from a law office or police station.”

Be careful. Some collectors use fake legal titles or government-style language to scare borrowers. Check whether the message identifies a real company, lawyer, court case number, prosecutor’s office, or police unit. Do not send payment to a personal account just because someone uses words like “warrant,” “subpoena,” “estafa,” or “cybercrime.”

If you receive a supposed court document, verify it directly with the court or government office named in the document. Real court processes are not normally served through random threatening SMS alone.

“I am an OFW or foreigner outside the Philippines. Can I still complain?”

Yes, you can still prepare a complaint if the lending app, borrower account, processing activity, or harm is connected to the Philippines. Practical requirements may be harder because some documents must be notarized or authenticated.

For documents executed abroad, Filipinos commonly use notarization before a Philippine embassy or consulate, or local notarization followed by apostille where applicable. Some Philippine embassies state that consularized affidavits and similar documents require personal appearance, while documents notarized locally may need apostille before use in the Philippines. (Philippine Embassy)

If you are abroad, keep digital evidence, preserve the original messages, and use official agency email or online reporting channels where available.

Practical timelines and expectations

Step Usual timing Practical reality
Save evidence and secure accounts Same day Do this before blocking or uninstalling anything
Send written request to lending app or DPO Same day to 3 days Use email or ticket system so you have proof
Wait for company action before NPC complaint 15 calendar days from receipt NPC rules generally require proof that you first informed the respondent
Prepare notarized NPC complaint A few days, longer if abroad Notarization or consular processing can delay filing
SEC complaint preparation A few days Strong screenshots and company identification help
NTC/telco/eGov spam reports Same day Useful for blocking numbers, but changing numbers may continue
PNP/NBI cybercrime report As soon as threats or fraud appear Bring complete screenshots, links, numbers, and payment demands

Do not wait if there are urgent threats, extortion, identity theft, or public posting of your personal information. Preserve the evidence and report to cybercrime authorities promptly.

Mistakes to avoid

Deleting all messages too early

Blocking is useful, but deleting evidence can weaken your complaint. Save screenshots, exports, and backups first.

Replying emotionally to collectors

Angry replies can escalate the situation. Keep responses short, written, and evidence-focused. If you dispute the debt, say so clearly and ask for a statement of account.

Sending IDs or OTPs to “verify” your account

A legitimate lender should not ask for your OTP. Do not send fresh ID photos, passwords, banking details, or e-wallet codes through spam links or random chat accounts.

Assuming every message is from the original lending app

Some scammers use the names of real lending apps. Identify the company before paying or filing. If you are unsure, report the number as suspicious and verify through official channels.

Ignoring a real court notice

Spam threats are common, but real legal documents should not be ignored. If you receive a summons, subpoena, or notice from a court, prosecutor, police unit, or government agency, verify it directly with that office.

Frequently Asked Questions

Does deleting a lending app account automatically delete my data?

Not always. Deleting the app removes it from your phone. Deleting the account may close your user profile, but the company may still retain limited records if needed for lawful purposes, such as regulatory compliance, accounting, fraud prevention, or legal claims. However, it should not keep or use data longer than necessary, and it should not continue marketing or excessive processing after you withdraw consent.

Can a lending app still text me after I withdraw consent?

It depends on the purpose. If the message is direct marketing or promotional spam, the company should generally stop once you opt out or withdraw consent. If the message is necessary for a legitimate account issue, such as a valid unpaid loan, payment confirmation, fraud warning, or legal notice, the company may still have a lawful basis to contact you. The message must still be fair, accurate, and non-abusive.

Can lending apps contact my contacts after I delete my account?

They should not contact random people from your phonebook for debt collection. Under the DICT-NPC-SEC advisory, contact-list persons should not be contacted for collection unless they are guarantors who expressly consented. Character references are not automatically guarantors. If your relatives, friends, employer, or co-workers received collection messages, save screenshots and consider reporting to the NPC and SEC.

What if I still have an unpaid loan?

The lender may collect the debt, but collection must be lawful. It cannot threaten violence, falsely claim you will be jailed for ordinary non-payment, use profanity, shame you online, contact unrelated people, or send messages at unreasonable hours. Ask for a clear statement of account and keep all communications in writing.

Can I go to jail for not paying an online loan in the Philippines?

For ordinary non-payment of debt, no. The Constitution says no person shall be imprisoned for debt. But this does not protect fraud, identity theft, falsification, or other crimes. If a collector threatens jail for simple inability to pay, preserve the message because it may support a complaint for unfair collection or harassment.

Should I file with the NPC, SEC, NTC, PNP, or NBI?

File with the NPC for data privacy violations, such as unauthorized use of contacts or refusal to stop unnecessary processing. File with the SEC for unfair debt collection by lending or financing companies. Report spam or scam numbers to the NTC, your telco, or eGov eReport. Go to the PNP Anti-Cybercrime Group or NBI Cybercrime Division for threats, extortion, cyberlibel, identity theft, phishing, or fraud.

Do I need a notarized complaint for the NPC?

For a formal NPC complaint, yes, the NPC’s complaint process refers to a notarized complaint form or verified complaint, along with supporting evidence. You also generally need proof that you first informed the company in writing and gave it 15 calendar days to act. If you are abroad, you may need consular notarization or local notarization with apostille, depending on how the document will be used.

What if spam messages come from different numbers every day?

Save samples showing the pattern. Report the numbers through telco, NTC, or eGov channels, but also focus on identifying whether one lending app or collector is behind the campaign. If the messages mention the same loan, same app, same payment channel, or same threats, include that pattern in your NPC, SEC, or cybercrime complaint.

What if the lending app says I consented when I installed the app?

Consent is not a blank check. Under the Data Privacy Act, processing must still be transparent, lawful, and proportional. The NPC and other regulators have warned against unnecessary permissions, excessive contact-list processing, and deceptive design patterns. A lending app cannot justify harassment, public shaming, or unlimited use of your contacts merely by pointing to a broad app permission.

Key Takeaways

  • Deleting a lending app from your phone is not the same as deleting your account or personal data.
  • Philippine law protects you against excessive data use, unauthorized contact-list processing, harassment, public shaming, and unfair debt collection.
  • Save evidence before blocking, deleting messages, or uninstalling the app.
  • Send a written request withdrawing consent for marketing and asking for data access, blocking, deletion, or retention details.
  • For privacy violations, file with the National Privacy Commission after observing the usual 15-calendar-day prior notice requirement.
  • For abusive debt collection by lending or financing companies, file with the SEC.
  • For spam, scam texts, threats, identity theft, extortion, or cyberlibel, report to the NTC, telco channels, eGov eReport, PNP Anti-Cybercrime Group, or NBI Cybercrime Division.
  • A valid debt may still be collected, but collectors cannot threaten jail for ordinary non-payment, shame you, or contact unrelated people from your phonebook.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

How to Protect Your Personal Data from Online Lending Apps in the Philippines

If an online lending app has accessed your contacts, threatened to message your family or employer, used your selfie to shame you, or refused to delete your information after payment, Philippine law gives you real protections. Online lending apps may collect certain personal data for legitimate loan purposes, but they cannot freely harvest your phonebook, embarrass you online, contact everyone you know, or keep your data forever “just in case.” This guide explains your rights under Philippine law, what lending apps can and cannot do, how to lock down your data, what evidence to collect, and where to file complaints in the Philippines.

Why online lending apps are a personal data risk

Online lending apps often ask for fast access to your phone before they release a loan. Some permissions may look harmless at first: contacts, camera, gallery, location, SMS, microphone, storage, or social media access. But in many complaints in the Philippines, borrowers later discover that the app or its collectors used this access to:

  • Call or message people in the borrower’s contact list
  • Threaten to tell the borrower’s employer, relatives, neighbors, or Facebook friends
  • Use the borrower’s selfie, ID, or edited photo to shame them
  • Send false accusations such as “scammer,” “estafador,” or “wanted”
  • Pressure non-borrowers who never signed the loan
  • Keep marketing or sharing borrower data even after the loan was denied or fully paid

The legal issue is not simply “may utang ba o wala?” A valid debt does not give a lender unlimited power over your privacy. In the Philippines, online lending apps are covered by data privacy, lending, consumer protection, cybercrime, and debt collection rules.

Your legal rights under Philippine law

Your rights under the Data Privacy Act

The main law is the Data Privacy Act of 2012, or Republic Act No. 10173. It protects personal information handled by companies, apps, collectors, service providers, and other entities that process data.

Under the law, personal information means information that can identify you, such as your name, mobile number, address, email, photo, ID details, employment information, and contact details. Sensitive personal information includes more protected data, such as government-issued ID numbers, health information, marital status, education, age, and information about legal proceedings.

The Data Privacy Act gives you important rights, including the right to:

  • Be informed about how your data will be collected, used, stored, shared, and retained
  • Access the personal data the app holds about you
  • Correct inaccurate or outdated data
  • Object to certain processing of your data
  • Suspend, block, remove, or destroy data that is false, outdated, unlawfully obtained, used without authority, or no longer necessary
  • Be indemnified for damages caused by inaccurate, incomplete, outdated, unlawfully obtained, or unauthorized use of personal data
  • File a complaint with the National Privacy Commission, or NPC

The Implementing Rules and Regulations of the Data Privacy Act also require companies to give clear information about the purpose of processing, legal basis, scope, recipients of the data, automated decision-making or profiling, retention period, and the identity of the personal information controller.

In simple terms: an online lending app must explain what data it collects, why it needs the data, who receives it, how long it keeps it, and how you can exercise your rights.

Specific NPC rules for online lending apps

The National Privacy Commission issued specific rules for loan-related transactions through NPC Circular No. 20-01, later amended by NPC Circular No. 2022-02.

These circulars are very important for borrowers because they directly address online lending apps. They say that lending and financing companies processing personal data for loan transactions are personal information controllers. This means they are responsible for complying with the Data Privacy Act.

The NPC rules require loan apps to observe the principles of:

  • Transparency — borrowers must know how their data will be used
  • Legitimate purpose — data must be used for a lawful and specific loan-related reason
  • Proportionality — the app must not collect more data than necessary

Under the NPC circulars, online lending apps are prohibited from requiring unnecessary permissions involving personal or sensitive personal information. They may request app permissions only when suitable, necessary, and not excessive for purposes such as know-your-customer checks, creditworthiness assessment, fraud prevention, payment verification, or lawful debt collection.

The circulars also specifically address contact lists and photos. Apps should not engage in unbridled processing of a borrower’s contact list. They should not harvest contacts for harassment or unfair collection practices. If the borrower needs to provide a character reference, guarantor, or co-maker, the app should use a separate interface that lets the borrower provide those persons, instead of copying the entire phonebook.

SEC rules on abusive debt collection

Lending companies and financing companies are regulated by the Securities and Exchange Commission, or SEC, under laws such as the Lending Company Regulation Act of 2007, or Republic Act No. 9474.

The SEC issued Memorandum Circular No. 18, series of 2019, which prohibits unfair debt collection practices by financing companies, lending companies, and their third-party service providers.

Under this SEC circular, collectors must not use unfair, abusive, unethical, or unreasonable practices, including:

  • Threats of violence or criminal means to harm a person, reputation, or property
  • Obscene, insulting, or profane language
  • False representations or deceptive means to collect a debt
  • False threats of legal action
  • Publication or disclosure of borrower names and personal information, except in legally allowed situations
  • Contacting the borrower at unreasonable or inconvenient times, generally before 6:00 a.m. or after 10:00 p.m., subject to the circular’s exceptions
  • Contacting persons in the borrower’s contact list other than guarantors or co-makers, even if the borrower gave general consent

This is crucial: even when the borrower owes money, the lender still cannot use public shaming, threats, or mass contact-list harassment as a collection strategy.

Consumer protection and cybercrime laws may also apply

The Financial Products and Services Consumer Protection Act, or Republic Act No. 11765, strengthens consumer protection in financial products and services. It supports the right of financial consumers to clear, complete, and accurate information about financial products, charges, fees, and services.

If the online abuse involves threats, fake posts, identity theft, hacked accounts, or defamatory online content, the Cybercrime Prevention Act of 2012, or Republic Act No. 10175, may also be relevant. This law covers offenses such as illegal access, computer-related identity theft, cyberlibel, and crimes committed through information and communications technology.

The Revised Penal Code may also apply in serious cases involving grave threats, coercion, unjust vexation, libel, or other criminal acts.

What online lending apps may and may not do with your data

Data or practice When it may be allowed Red flags
Selfie, ID, or camera access For know-your-customer checks, fraud prevention, or payment verification at the relevant stage Using your photo to shame you, threaten you, or create humiliating posts
Contact references When you manually provide a character reference, guarantor, or co-maker Copying your entire phonebook or messaging people who did not sign the loan
Contact list access Only if limited, necessary, proportional, and compliant with NPC rules “Allow contacts” before you can apply, mass harvesting, or contacting friends/employers for collection
Location, storage, gallery, SMS, or social media data Only when suitable, necessary, and not excessive for a legitimate loan purpose Blanket permissions unrelated to the loan, hidden access, or continued access after the purpose ends
Marketing or cross-selling With a separate lawful basis, such as valid consent Sharing your data with partner lenders or marketers without clear consent
Data retention For a lawful and stated retention period Keeping data forever after denial, cancellation, or full payment without a valid reason
Debt collection Through lawful, fair, and reasonable collection methods Threats, insults, fake legal claims, public shaming, late-night harassment, or contacting non-guarantors

Step-by-step: how to protect your personal data before using an online lending app

1. Check if the lender is legitimate

Before installing or borrowing, check whether the lender is registered and authorized by the SEC. Do not rely only on the app name. Many apps use brand names that are different from the corporate name.

Look for:

  • SEC registration name
  • Certificate of Authority to operate as a lending or financing company
  • Official website or published contact details
  • Privacy notice
  • Customer service channel
  • Data Protection Officer or privacy contact
  • Physical office address
  • Clear loan terms, interest, fees, penalties, and repayment schedule

If the app hides the corporate name or gives only a mobile number or chat account, treat that as a serious warning sign.

2. Read the permission prompts before tapping “Allow”

Do not automatically approve permissions. Ask yourself:

  • Why does this loan app need my contacts?
  • Why does it need my gallery or storage?
  • Why does it need my location?
  • Can I continue the application without granting that permission?
  • Does the app explain when the permission will be turned off or how I can revoke it?

Under NPC rules, access should be limited to what is suitable, necessary, and not excessive. A loan app should not force broad permissions that are unrelated to the loan.

3. Provide references manually

If a lender requires a character reference, provide the specific person manually. Avoid apps that require full phonebook access just to select a reference.

Before naming someone as a reference, inform them that:

  • You are applying for a loan
  • You may list them as a reference
  • The lender may contact them to verify your details
  • They are not a guarantor or co-maker unless they separately agree and sign

A reference is not automatically liable for your loan. A guarantor or co-maker is different because that person may become legally responsible depending on the contract signed.

4. Use strong account security

Protect your phone and accounts before applying:

  • Use a strong phone passcode
  • Enable two-factor authentication on your email
  • Do not share OTPs
  • Do not save passwords in unsecured notes
  • Avoid installing APK files sent through links or chat messages
  • Download only from official app stores
  • Keep screenshots of the app’s privacy notice, loan disclosure, and permissions

If you are sending ID photos, consider adding a watermark such as: “For KYC with [lender name] only — [date].” Make sure the watermark does not cover important ID details if the lender legitimately needs to verify the document.

5. Keep complete loan records

From day one, save:

  • Loan agreement
  • Disclosure statement
  • Interest, service fee, processing fee, and penalty terms
  • Repayment schedule
  • Receipts
  • In-app messages
  • Customer service messages
  • Screenshots of any permission request
  • Privacy policy or privacy notice

These records help if you later need to dispute charges, prove payment, or file a complaint.

What to do if the app already accessed your contacts or is harassing you

1. Preserve evidence before deleting anything

Do not immediately uninstall the app if doing so will erase useful evidence. First, collect and save:

  • Screenshots of threats, insults, or shaming messages
  • Call logs showing date, time, and number
  • Screen recordings of in-app messages
  • Screenshots from relatives, friends, employers, or co-workers who were contacted
  • Social media posts, URLs, usernames, and timestamps
  • Copies of edited photos, fake posts, or public accusations
  • Loan agreement, payment receipts, and account statement
  • Privacy notice and permission prompts
  • Name of the app, developer, and corporate lender
  • App version and package name, if visible

Ask affected contacts to send screenshots to you. If the matter becomes serious, their affidavits may help.

2. Revoke app permissions

After preserving evidence, lock down your phone.

For Android, check:

  1. Settings
  2. Apps
  3. Select the lending app
  4. Permissions
  5. Deny contacts, camera, location, SMS, phone, microphone, photos, and files if not necessary

For iPhone, check:

  1. Settings
  2. Privacy & Security
  3. Contacts, Photos, Camera, Location Services, Microphone
  4. Remove or limit access for the lending app

Also check whether the app has access to your email, social media, cloud storage, or payment accounts. Change passwords if you suspect unauthorized access.

3. Send a written data privacy request

Before filing a formal NPC complaint, you usually need to show that you informed the company in writing and gave it a chance to respond. The NPC’s complaint mechanics require complainants to show that they notified the respondent of the privacy violation or breach, and that the respondent did not act on it or failed to respond within 15 calendar days from receipt.

Send your request to the lender’s customer service, Data Protection Officer, official email, in-app support, or other published channel. Keep proof of sending.

Use clear language. For example:

Subject: Data Privacy Request and Notice to Stop Unauthorized Processing

I am writing regarding my loan account with [name of app/lender], registered under [mobile number/email].

Under the Data Privacy Act of 2012 and NPC Circulars on loan-related transactions, I request that you:

  1. Stop processing any personal data obtained from my contact list, gallery, photos, or device permissions that is not necessary for my loan.
  2. Stop contacting persons who are not my guarantors, co-makers, or validly provided references.
  3. Provide the categories of personal data you collected from my device.
  4. Identify the recipients or third parties to whom my personal data was disclosed.
  5. Explain the purpose and legal basis for such processing.
  6. Block, delete, or destroy unlawfully obtained or unnecessary personal data, including contact-list data and photos used for harassment or collection.
  7. Confirm your data retention period for denied, cancelled, fully paid, or closed accounts.
  8. Provide the name and contact details of your Data Protection Officer or privacy contact.

Please respond in writing within 15 calendar days from receipt.

4. Tell your contacts not to engage with collectors

If your family, employer, or friends receive messages:

  • Ask them to screenshot everything
  • Tell them not to confirm your personal details
  • Tell them not to pay on your behalf unless they knowingly choose to
  • Ask them to request the collector’s full name, company, and authority
  • Remind them they may also object to the use of their personal data

A collector cannot make a random contact person liable for your loan unless that person legally agreed to be a guarantor, co-maker, or other liable party.

5. Separate the privacy issue from the debt issue

Protecting your personal data does not automatically erase a valid loan. If the loan is legitimate, the lender may still collect through lawful means. But the lender must not use threats, public shaming, harassment, or unlawful data processing.

If you decide to pay, pay only through verified channels. Avoid sending money to personal wallets or personal bank accounts unless the lender officially confirms the channel in writing. Always ask for a receipt, updated statement of account, and confirmation of full settlement.

Where to complain in the Philippines

Office Best for What to prepare
National Privacy Commission Unauthorized access to contacts, misuse of photos, unlawful disclosure, refusal to delete unnecessary data, privacy rights violations Notarized complaint-affidavit or verified complaint, evidence, proof you first notified the lender, screenshots, IDs
Securities and Exchange Commission Abusive debt collection, unfair practices by lending/financing companies, unregistered or suspicious lenders App name, corporate name, SEC registration details if known, loan agreement, messages, call logs, screenshots
PNP Anti-Cybercrime Group or NBI Cybercrime Division Threats, fake posts, identity theft, hacked accounts, cyberlibel, online harassment, fraud Device, screenshots, URLs, usernames, call logs, message headers, affidavits, IDs
DOJ Office of Cybercrime Cybercrime-related concerns and coordination Evidence of online threats, identity theft, hacking, or cyber-related offenses
Barangay Local, identifiable individuals in the same city or municipality Useful only for certain local disputes; less suitable for corporate, app-based, privacy, SEC, or cybercrime issues

Filing with the National Privacy Commission

For privacy violations, the NPC is the main agency. The NPC provides guidance on filing a formal complaint and its mechanics for complaints.

In practice, prepare:

  • Completed NPC complaint form or complaint-affidavit
  • Notarization, when required
  • Valid ID
  • Evidence screenshots and files
  • Proof of your written complaint to the lender
  • Proof that the lender failed to respond or act within 15 calendar days from receipt
  • Witness affidavits, if available
  • A clear timeline of what happened

The NPC may dismiss complaints that are incomplete, unsupported by evidence, outside the Data Privacy Act, or filed without first giving the respondent a chance to address the issue. If the complaint is sufficient, it may proceed to investigation. Possible outcomes may include orders, administrative sanctions, fines, damages, or referral for criminal prosecution when warranted.

Filing with the SEC

For unfair debt collection or problems involving lending and financing companies, you can submit a complaint through the SEC iMessage complaint portal.

The SEC complaint should be as specific as possible. Include:

  • App name
  • Corporate name of the lender, if known
  • Screenshots of the app page or website
  • Loan agreement or disclosure statement
  • Collection messages
  • Call logs
  • Names or numbers used by collectors
  • Screenshots from contacts who were harassed
  • Proof of payment, if any

If the lender is unregistered, hiding its identity, or using multiple app names, say so clearly and attach screenshots.

Filing with cybercrime authorities

Go to the PNP Anti-Cybercrime Group, NBI Cybercrime Division, or appropriate law enforcement office if the conduct includes:

  • Threats of harm
  • Fake criminal accusations posted online
  • Use of your photo or ID in defamatory posts
  • Identity theft
  • Hacked accounts
  • Fake profiles
  • Unauthorized access to accounts or devices
  • Extortion or demands using threats

Bring the device if possible. Do not rely only on cropped screenshots. Preserve URLs, usernames, timestamps, phone numbers, and original messages.

Evidence checklist before filing a complaint

Prepare one organized folder with:

  • App name, app store link, developer name, and app version
  • Corporate name, address, email, and Data Protection Officer details, if available
  • Loan agreement and disclosure statement
  • Privacy notice and screenshots of permission prompts
  • Screenshots of messages, threats, insults, or shaming posts
  • Call logs showing dates and times
  • Screenshots from contacted relatives, employers, friends, or co-workers
  • Proof that contacts were not guarantors or co-makers
  • Copies of edited photos, public posts, or fake accusations
  • Payment receipts and statement of account
  • Written privacy request sent to the lender
  • Proof of receipt by the lender, or proof of no response after 15 calendar days
  • Valid government ID
  • Timeline of events

For OFWs or foreigners abroad, documents signed outside the Philippines may need notarization, consular acknowledgment, or apostille depending on the receiving agency and document type. When filing electronically, keep scanned PDF copies, but also preserve original files and the original device where possible.

Common mistakes to avoid

Deleting the app before saving evidence

Uninstalling may remove in-app notices, messages, account information, or proof of permissions. Save evidence first.

Paying a random collector without verification

Some borrowers panic and pay to personal e-wallets or personal bank accounts. This can create a second problem: you may still be marked unpaid. Always verify the payment channel and ask for a receipt.

Assuming “I clicked agree” means the app can do anything

Consent under Philippine data privacy law must be freely given, specific, and informed. A broad consent clause buried in small print does not automatically justify excessive, unnecessary, or unlawful processing.

Ignoring the corporate name

The app brand may be different from the lending company. For complaints, identify both if possible.

Posting angry accusations online

It is understandable to feel angry, but public accusations can create separate legal risks. Preserve evidence and file with the proper agency instead of escalating the issue on social media.

Treating a reference like a guarantor

A character reference is not automatically liable for the loan. A guarantor or co-maker usually has a stronger legal obligation because they agreed to answer for the debt. If collectors threaten ordinary references, document it.

Not sending a written privacy request before filing with the NPC

For many NPC complaints, you should show that you first informed the lender of the privacy violation and gave it a chance to respond. Keep proof of sending and count 15 calendar days from receipt.

Special notes for OFWs and foreigners

OFWs are common targets of online loan harassment because collectors may pressure family members in the Philippines. If you are abroad, you can still preserve evidence, send a written privacy request, and explore filing with the NPC or SEC through available channels.

If you need affidavits while abroad, check whether the receiving office requires Philippine consular acknowledgment, local notarization, or apostille. Requirements can vary depending on how the document will be used.

Foreigners dealing with Philippine online lending apps also have privacy rights when the processing has a Philippine connection, such as a lender operating in the Philippines, data processed in the Philippines, or a loan transaction governed by Philippine law. Avoid sending unnecessary passport, visa, or ACR I-Card information unless the lender clearly explains why it is needed for legitimate verification.

Frequently Asked Questions

Can an online lending app access all my contacts in the Philippines?

Not freely. NPC rules prohibit unnecessary and excessive processing of contact lists. A lending app should not harvest your entire phonebook for debt collection or harassment. If references are needed, the app should use a limited method, such as a separate interface where you provide specific references or guarantors.

Is it legal for a lending app to message my family, employer, or Facebook friends?

It is a red flag if those people are not your guarantors, co-makers, or validly provided references. SEC rules prohibit contacting persons in the borrower’s contact list other than guarantors or co-makers as an unfair collection practice. NPC rules also restrict excessive and unlawful processing of contact data.

Can a lender use my selfie or ID photo to shame me?

No. Camera access and ID photos may be used for legitimate verification, fraud prevention, or payment verification. They should not be used to harass, embarrass, threaten, or publicly shame a borrower.

Can I ask an online lending app to delete my data after I paid?

Yes, you may request deletion, blocking, or destruction of data that is no longer necessary, unlawfully obtained, outdated, false, or used without authority. The lender may still retain certain records when required by law, regulation, accounting, audit, fraud prevention, or legitimate legal purposes, but it should not keep data forever for vague future use.

What if I really owe the money? Can I still complain about harassment?

Yes. A valid debt does not legalize harassment, threats, public shaming, contact-list abuse, or unlawful data processing. The lender may pursue lawful collection, but it must follow data privacy and fair collection rules.

Where should I file a complaint: NPC, SEC, PNP, or NBI?

File with the NPC for data privacy violations, such as unauthorized contact-list access, misuse of photos, unlawful disclosure, or refusal to honor privacy rights. File with the SEC for unfair debt collection or lending company issues. Go to PNP or NBI cybercrime units for threats, fake posts, identity theft, hacking, cyberlibel, or online extortion.

Do I need a notarized complaint for the NPC?

For a formal NPC complaint, the NPC generally requires a specific complaint format, often a notarized complaint-affidavit or verified complaint, plus evidence. Check the NPC’s current complaint instructions before filing because forms and submission rules may change.

What evidence should I collect before uninstalling the app?

Save screenshots, call logs, in-app messages, privacy notices, permission prompts, loan agreements, receipts, app details, and screenshots from contacts who were messaged. Also save URLs, usernames, phone numbers, dates, and times.

Can an OFW file a complaint against a Philippine online lending app?

Yes, if the app or lender has a Philippine connection and the issue involves Philippine data privacy, lending, collection, or cybercrime rules. OFWs should organize digital evidence carefully and check notarization, consular, or apostille requirements for affidavits signed abroad.

Will filing a privacy complaint cancel my loan?

Not automatically. A privacy or harassment complaint addresses unlawful processing, abusive collection, or related violations. It does not automatically erase a legitimate loan. Debt disputes, payment issues, and privacy violations should be documented separately.

Key Takeaways

  • Online lending apps in the Philippines must follow the Data Privacy Act, NPC circulars, SEC debt collection rules, and consumer protection laws.
  • Loan apps cannot freely harvest your contacts, use your selfie for shaming, or contact everyone in your phonebook to collect a debt.
  • A valid debt does not give collectors the right to threaten, insult, publicly shame, or harass you or your contacts.
  • Preserve evidence before deleting the app or blocking collectors.
  • Revoke unnecessary app permissions through your phone settings.
  • Send a written data privacy request to the lender and keep proof of receipt.
  • File with the NPC for privacy violations, the SEC for unfair lending or collection practices, and cybercrime authorities for threats, fake posts, identity theft, or hacking.
  • Keep loan records, payment receipts, screenshots, and a clear timeline so your complaint is easier to evaluate.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

How to Protect Your Personal Data from Online Lending Apps in the Philippines

Online lending apps can be useful in an emergency, but they become dangerous when they demand excessive phone permissions, harvest your contacts, shame you on Facebook or Messenger, call your employer, or threaten your family over a loan. In the Philippines, you have legal rights over your personal data even if you borrowed money, even if you are delayed in payment, and even if you clicked “I agree” in the app. This article explains what online lending apps may and may not do, how to protect your phone and contacts, how to document harassment, and where to complain in the Philippines.

What personal data do online lending apps usually collect?

An online lending app may collect basic information needed to assess and process a loan, such as your name, mobile number, address, selfie, ID, income details, bank or e-wallet information, and loan history. Some apps also ask for access to your contacts, photos, location, camera, microphone, SMS, social media accounts, or installed apps.

The legal issue is not simply whether the app collected data. The bigger questions are:

  • Was the data collection lawful, fair, and transparent?
  • Was the data necessary for the loan?
  • Were you clearly told what data would be collected and why?
  • Did the app use your data only for the purpose disclosed?
  • Did it disclose your loan information to people who had no legal need to know?
  • Did it use your contacts or photos to pressure, shame, or threaten you?

Under the Philippine Data Privacy Act, “consent” must be freely given, specific, and informed, and it may be shown through written, electronic, or recorded means. The Act also defines a “data subject” as the individual whose personal information is processed. (National Privacy Commission)

Your legal rights under Philippine law

1. Your data privacy rights under RA 10173

The main law is Republic Act No. 10173, or the Data Privacy Act of 2012. If an online lending app processes your personal information, you are a data subject and you have enforceable rights.

Important rights include the right to be informed whether your personal information is being processed, the right to know the purpose, scope, method, recipients, controller identity, retention period, and available remedies, and the right to access information about what data was processed, where it came from, who received it, and why it was disclosed. (National Privacy Commission)

You also have the right to correct inaccurate data and, upon substantial proof, to suspend, withdraw, block, remove, or destroy personal information that is incomplete, outdated, false, unlawfully obtained, used for unauthorized purposes, or no longer necessary. The law also recognizes a right to damages for inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal information. (National Privacy Commission)

In simple terms: being in debt does not erase your privacy rights. A lender may collect a legitimate debt, but it may not treat your phonebook, photos, workplace, or family as collection tools.

2. SEC rules on unfair debt collection

Most lending companies and financing companies in the Philippines are regulated by the Securities and Exchange Commission (SEC) under laws such as RA 9474, the Lending Company Regulation Act of 2007, and RA 8556, the Financing Company Act of 1998, as amended.

SEC Memorandum Circular No. 18, Series of 2019 specifically prohibits unfair debt collection practices by financing companies, lending companies, and third-party service providers hired by them. The circular covers abusive acts such as threats of violence or criminal means, threats to take action that cannot legally be taken, insults or profane language intended to abuse the borrower, and publication of names or personal information of borrowers who allegedly refuse to pay.

The same SEC circular treats as unfair the act of communicating or threatening to communicate false loan information, including a false claim that a debt is being disputed, and contacting borrowers at unreasonable hours, generally before 6:00 a.m. or after 10:00 p.m., subject to the circular’s stated exceptions. It also states that contacting people in the borrower’s contact list other than those named as guarantors or co-makers is an unfair debt collection practice, notwithstanding the borrower’s consent.

This is one of the most important protections for borrowers. If the app calls your mother, officemate, barangay captain, HR manager, or Facebook friend just because their number was in your phone contacts, that may be a serious red flag unless that person was actually named as a guarantor or co-maker.

3. Truth in Lending Act disclosures

RA 3765, the Truth in Lending Act, requires disclosure of finance charges and credit costs so borrowers can understand the true cost of credit before entering into a loan transaction. The SEC also lists Memorandum Circular No. 7, Series of 2011 as an issuance implementing the Truth in Lending Act for transaction transparency among financing and lending companies. (Lawphil)

Before borrowing, you should be able to see the loan amount, interest, processing fees, penalties, net proceeds, due date, and total amount payable. If an app advertises “0% interest” but deducts hidden fees or makes the repayment amount unclear, keep screenshots.

4. Civil Code protection against privacy invasion and humiliation

Even outside the Data Privacy Act, the Civil Code of the Philippines may apply. Articles 19, 20, and 21 require every person to act with justice, give everyone his due, observe honesty and good faith, and compensate another person for damage caused contrary to law, morals, good customs, or public policy. (Lawphil)

Article 26 also protects a person’s dignity, personality, privacy, and peace of mind. It recognizes civil actions for acts such as meddling with private life or humiliating another person because of personal condition. This can matter where debt collectors publicly shame a borrower or drag family and workplace relationships into a private loan dispute. (AMSLAW)

5. Possible criminal issues: threats, coercion, libel, and cybercrime

Depending on the facts, abusive collection may also involve criminal laws. Examples include:

  • Grave threats under Article 282 of the Revised Penal Code, if a collector threatens harm that amounts to a crime.
  • Coercion under Articles 286 or 287, if intimidation is used to force a person to do something against their will.
  • Libel or cyberlibel, if defamatory statements are published online.
  • Identity-related cybercrime or unauthorized access issues under RA 10175, the Cybercrime Prevention Act of 2012, depending on the conduct.

The Supreme Court in Disini v. Secretary of Justice, G.R. No. 203335 (2014) dealt with the constitutionality of the Cybercrime Prevention Act, including online libel issues. (Lawphil) For repeated harassment that causes distress but may not fit a heavier offense, Philippine jurisprudence on unjust vexation is also relevant; in Maderazo v. People, G.R. No. 165065 (2006), the Court discussed unjust vexation as conduct causing annoyance, irritation, or vexation. (Supreme Court E-Library)

How to protect your personal data before using an online lending app

1. Check if the lender is legitimate

Do not rely on Google Play, the App Store, Facebook ads, TikTok videos, or professional-looking websites. App-store availability is not the same as SEC authority.

Before applying, check:

What to verify Why it matters
Corporate name The app name may be only a brand; you need the actual company behind it.
SEC registration number Shows the entity is registered, but this alone is not enough.
Certificate of Authority number Lending and financing companies need authority to operate.
Whether the online lending platform is recorded with SEC An app may be connected to a company but still not properly recorded as an online platform.
Office address, customer service channel, and privacy notice Legitimate lenders should be traceable and responsive.

SEC Memorandum Circular No. 19, Series of 2019 covers disclosure requirements in advertisements of financing and lending companies and reporting of online lending platforms; the SEC lists it under financing and lending company issuances. (SEC Appointment System) Professional summaries of the circular state that financing and lending companies are required to disclose their corporate name, SEC registration number, Certificate of Authority number, and an advisory for borrowers to study the disclosure statement before proceeding. (PwC)

2. Read the permissions before installing

Be careful if the app asks for access to:

  • Your full contacts list
  • Photos and videos
  • SMS messages
  • Call logs
  • Microphone
  • Precise location
  • Social media accounts
  • Files unrelated to loan processing

A lending app may need your camera to capture an ID or selfie, but it usually should not need broad access to your entire phonebook, private gallery, messages, or social media. If the app refuses to proceed unless you allow excessive permissions, consider that a warning sign.

3. Use privacy settings immediately

On Android or iPhone, review app permissions after installation. Turn off anything not needed.

Common privacy steps:

  1. Go to Settings.
  2. Open Apps or Privacy & Security.
  3. Select the lending app.
  4. Disable access to contacts, photos, location, microphone, and SMS unless truly necessary.
  5. Disable background activity if available.
  6. Keep screenshots of the permissions requested.

If you already granted access before, disabling permissions later may not erase data already copied by the app. That is why early caution matters.

4. Do not upload unnecessary documents

Many borrowers panic and upload extra documents to “increase approval chances.” Avoid sending unnecessary files such as:

  • Family members’ IDs
  • Employer documents not required for the loan
  • Children’s school records
  • Utility bills under another person’s name
  • Screenshots of private conversations
  • Full bank statements when a limited proof of income would do

If the app requires a reference person, do not list someone without telling them. Do not list a person as guarantor or co-maker unless that person actually agreed to be legally bound.

What to do if an online lending app is already harassing you

Step 1: Secure evidence before blocking

Do not delete messages right away. First, collect proof.

Save:

  • Screenshots of texts, chats, push notifications, emails, and Facebook messages
  • Call logs showing date, time, and number
  • Recordings, if available and lawfully obtained
  • Screenshots of threats to contact your family, employer, or social media contacts
  • Screenshots of posts publicly shaming you
  • App permissions and privacy policy
  • Loan disclosure statement, repayment schedule, and proof of payments
  • Names, phone numbers, email addresses, and account names of collectors
  • Screenshots from relatives or coworkers who were contacted

Make a simple timeline:

Date and time What happened Evidence
Jan. 3, 9:15 p.m. Collector threatened to message employer Screenshot of SMS
Jan. 4, 7:30 a.m. Mother received call about loan Mother’s screenshot and statement
Jan. 5, 11:45 p.m. Collector called after 10 p.m. Call log
Jan. 6 Facebook post with borrower’s photo Screenshot and URL

This timeline helps SEC, NPC, police, prosecutors, and courts understand the pattern quickly.

Step 2: Send a short written objection to the lender

Before filing with the NPC, it is usually helpful to show that you informed the personal information controller or lender and gave them a chance to act, unless the situation is urgent or dangerous.

Use a short message like this:

I object to the unauthorized use and disclosure of my personal data. I do not consent to your collectors contacting persons in my phone contacts, employer, relatives, friends, or social media connections who are not guarantors or co-makers. Please stop processing my personal data for harassment, public shaming, or disclosure of my loan information to unauthorized persons. Please also provide the identity and contact details of your Data Protection Officer, the source of the data used, the recipients of my data, and the legal basis for your processing.

Send it by email, in-app support, registered mail, or any channel that creates a record. Keep proof of sending.

Step 3: Revoke unnecessary app permissions and preserve your accounts

After saving evidence:

  1. Turn off the app’s access to contacts, photos, location, SMS, and microphone.
  2. Change passwords for email, e-wallets, social media, and banking apps.
  3. Enable two-factor authentication.
  4. Warn close contacts not to respond to collectors or send money to unknown accounts.
  5. Report fake profiles or public shaming posts to the platform.
  6. Avoid sending more IDs or selfies to “settle” harassment.

Deleting the app may reduce access going forward, but it does not cancel the debt and does not erase data already copied. Treat deletion as a privacy step, not a legal solution.

Step 4: File the right complaint with the right office

Different offices handle different issues.

Problem Where to report What to prepare
Unauthorized use, disclosure, or harvesting of personal data National Privacy Commission Notarized complaint or assisted complaint form, evidence, timeline, proof you contacted the lender if available
Unfair debt collection by lending or financing company SEC Complaint, screenshots, loan details, company/app name, collector details
Threats, extortion, identity misuse, hacking, cyberlibel, fake posts PNP Anti-Cybercrime Group or NBI Cybercrime Division Screenshots with URLs, call logs, account names, device details, IDs
Local in-person harassment by an identifiable collector Police station; barangay blotter may help document the incident Name/description, video/CCTV, witnesses
Bank or credit card issue, not a lending app BSP consumer assistance channels Bank name, account details, complaint history
Credit report dispute Credit Information Corporation or relevant credit bureau Credit report, disputed entry, proof of payment or correction request

The Credit Information Corporation itself notes that concerns involving lending and financing companies, online lending apps, and microfinance institutions should be directed to the SEC, while banks and credit card companies fall under the BSP. (Credit Information Corporation (CIC))

SEC also has the iMessage SEC platform for public complaints, inquiries, incidents, and requests, with ticket tracking. (Securities and Exchange Commission)

Step 5: File a privacy complaint with the NPC when data misuse is involved

For privacy violations, the National Privacy Commission is the main agency. The NPC states that a formal complaint must be in the required format, printed and filled out, notarized, and submitted personally, by courier, or by scanned email. (National Privacy Commission) The NPC also states that a complaint may be filed by the data subject, or by a representative authorized by a special power of attorney. (National Privacy Commission)

The NPC’s complaint guidance says a complainant should file a filled-out and notarized complaint-assisted form or verified complaint together with copies of evidence and witness affidavits, through personal filing, registered mail, courier, or authorized email filing. (National Privacy Commission)

Practical documents to prepare:

  • Government ID
  • Loan agreement, disclosure statement, or screenshots of loan details
  • App name and company name
  • Privacy policy and terms of service
  • Screenshots of permissions requested
  • Screenshots of harassment or disclosure
  • Call logs and messages
  • Statements from contacted relatives, coworkers, or friends
  • Proof you asked the lender to stop, if available
  • Notarized complaint form
  • Special Power of Attorney, if someone else files for you

If you are abroad, check whether the NPC will accept scanned notarized submissions for your situation. For documents signed abroad and used in the Philippines, notarization before a Philippine Embassy or Consulate, or local notarization plus apostille depending on the country and document, may be required. The Philippine Embassy in Washington, D.C., for example, explains the general process for private documents as local notarization, apostille by the competent authority, then use in the Philippines. (Philippine Embassy)

Common real-life scenarios

“The app messaged my contacts even though they are not guarantors.”

Save screenshots from each contacted person. Ask them to send you the date, time, number or account used, and exact message received. Under SEC MC No. 18, contacting people in your contact list other than guarantors or co-makers may be an unfair collection practice. It may also support a privacy complaint if your loan information or personal data was disclosed without a lawful basis.

“They posted my photo and called me a scammer.”

Take screenshots showing the full post, URL, account name, date, time, reactions, and comments. Ask friends not to argue online because arguments can make the post spread further. Report the post to the platform, but preserve evidence first. Depending on the wording and facts, this may raise issues under data privacy law, SEC debt collection rules, Civil Code damages, and possibly cyberlibel.

“They said I will be arrested if I do not pay today.”

A simple unpaid private debt is generally a civil matter. There is no automatic arrest merely because you failed to pay a loan. However, fraud, falsified documents, bouncing checks, or other separate criminal acts may create different issues. If a collector falsely threatens arrest, jail, or police action to force payment, keep the message and include it in your SEC complaint.

“They keep calling late at night.”

Save call logs. SEC MC No. 18 treats contact before 6:00 a.m. or after 10:00 p.m. as unreasonable or inconvenient, subject to its stated exceptions. Repeated late-night calls may also support a complaint for harassment or unfair collection.

“I paid, but they still threaten me.”

Keep proof of payment: screenshots, reference numbers, receipts, bank or e-wallet confirmations, and any settlement agreement. Send a written demand for account reconciliation and correction of records. If the lender continues to disclose that you are unpaid despite proof, that can strengthen a privacy and regulatory complaint.

Practical timelines, fees, and bottlenecks

Process Typical timing in practice Common bottlenecks
App customer service complaint A few days to 2 weeks No response, generic replies, app disappears
SEC ticket or complaint intake Days to several weeks Incomplete company details, missing screenshots, wrong app name
NPC complaint preparation 1–7 days if evidence is complete Notarization, lack of proof, failure to identify respondent
NPC proceedings Often months, depending on complexity Need for comments, mediation, investigation, volume of cases
Police/NBI cyber complaint Same day intake possible, investigation varies Need for original device, URLs, account identifiers, technical tracing
Platform takedown request Hours to weeks Post already shared, fake accounts, incomplete reporting

The biggest bottleneck is usually not the law. It is evidence. Many borrowers delete the app, erase messages, change phones, or block everyone before saving proof. Preserve evidence first, then secure your accounts.

What not to do

Avoid these common mistakes:

  • Do not ignore serious threats involving violence, stalking, or identity misuse.
  • Do not post the collector’s personal information publicly in revenge.
  • Do not send more IDs, selfies, or passwords to stop harassment.
  • Do not pay a random GCash number unless you can verify it is an official payment channel.
  • Do not sign a settlement admitting false facts just to stop calls.
  • Do not assume a Facebook page, Telegram group, or app-store listing proves legitimacy.
  • Do not rely only on a barangay complaint if the issue is data misuse by a regulated company.
  • Do not delete evidence before filing with SEC, NPC, PNP, or NBI.

Frequently Asked Questions

Can online lending apps access my contacts in the Philippines?

They may ask for permission, but asking does not automatically make broad access lawful. The lender must still comply with the Data Privacy Act’s principles of lawful, fair, transparent, necessary, and proportionate processing. Under SEC MC No. 18, contacting people in your contact list other than guarantors or co-makers is treated as an unfair debt collection practice.

Can an online lending app post my name and photo online if I do not pay?

No lender should use public shaming as a collection method. Publication of names and personal information of borrowers who allegedly refuse to pay is identified in SEC MC No. 18 as an unfair collection practice, subject to the circular’s rules. It may also create data privacy, civil, or criminal issues depending on the facts.

Can I file a complaint even if I really owe money?

Yes. Your obligation to pay a lawful debt is separate from your right to privacy and protection from abusive collection. A lender can pursue lawful collection, but it cannot threaten, shame, deceive, or misuse your personal data.

Where do I report online lending app harassment in the Philippines?

Report privacy violations to the National Privacy Commission, unfair debt collection by lending or financing companies to the SEC, and threats, hacking, identity misuse, or cyberlibel to the PNP Anti-Cybercrime Group or NBI Cybercrime Division. Use the office that matches the conduct, and file with more than one office if the facts involve multiple violations.

Do I need a lawyer to file with the NPC or SEC?

Not always. Many complaints can be filed personally if your evidence is organized and your complaint is clear. A lawyer becomes more important if there are large damages, criminal accusations, settlement negotiations, identity theft, employer involvement, or court action.

Is deleting the lending app enough to protect my data?

No. Deleting the app may stop future access, but it may not erase data already collected or shared. Before deleting, save evidence, revoke permissions, secure your accounts, and send a written request or objection if appropriate.

Can foreigners file privacy complaints in the Philippines?

Yes, if their personal data is processed in a way covered by Philippine law, especially by an entity operating in the Philippines. Practical issues may include notarization, identity documents, and special powers of attorney if someone in the Philippines will file or follow up for them.

Can a lending app call my employer?

A lender should not disclose your loan information to your employer unless there is a lawful basis and the employer is genuinely involved, such as where the employer was properly authorized for verification or the person contacted is a guarantor or co-maker. Calling HR or your boss simply to shame you or pressure payment can be evidence of unfair collection and unauthorized disclosure.

Can I demand deletion of my data after paying the loan?

You may request blocking, removal, or destruction of personal information if it is unlawfully obtained, used for unauthorized purposes, no longer necessary, or falls under the grounds recognized by the Data Privacy Act. The lender may still retain some records required by law, regulation, accounting, tax, anti-fraud, or legitimate claims purposes, but it should not keep or use your data without a lawful basis.

What if the online lending app is unregistered?

Document everything and report it to the SEC. If there are threats, fake posts, identity misuse, or hacking, report those facts to cybercrime authorities as well. Do not assume that an unregistered app will respond to ordinary customer service complaints; prioritize evidence preservation and official reporting.

Key Takeaways

  • Debt does not cancel privacy rights. Borrowers still have rights under the Data Privacy Act.
  • Contacting your phone contacts is not automatically allowed. SEC rules treat contacting contacts other than guarantors or co-makers as an unfair collection practice.
  • Public shaming, threats, insults, false statements, and late-night harassment can be reportable.
  • Check the lender’s corporate name, SEC registration, Certificate of Authority, and recorded online lending platform status before borrowing.
  • Save evidence before deleting messages or blocking collectors.
  • File with the right office: NPC for data privacy, SEC for lending company abuse, and PNP/NBI for cybercrime or threats.
  • If you are abroad, prepare for notarization, apostille, or a Special Power of Attorney if someone will file for you in the Philippines.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.