Privacy Policy

Effective Date

This Privacy Policy shall take effect from July 12, 2025.

To Our Clients

Cashpedia Lending, Inc. ("the Company") is committed to protecting your personal information in compliance with applicable data protection laws, including the Data Privacy Act of 2012 (Republic Act No. 10173) of the Philippines. We ensure that all personal data collected through our official websites, mobile applications, credit services, and other financial products are processed lawfully, securely, and only for legitimate business purposes.

Company Information

Company Name: Cashpedia Lending, Inc.

SEC Registration No. CS201906528

Certificate of Authority No. 2945

Scope of Application

This policy applies to all individuals who interact with our services, including but not limited to:

• Users of our mobile applications
• Visitors to our websites and digital platforms
• Loan applicants and existing borrowers
• Participants in any financial services offered by the Company

Your personal data will be protected consistently, regardless of how you engage with us-whether online, in-person, or through other channels.

Information We Collect

To ensure the highest level of service quality and regulatory compliance, Cashpedia Lending, Inc. collects and processes various categories of personal data in accordance with the Data Privacy Act of 2012. The information we gather enables us to provide customized financial solutions while maintaining rigorous security standards. Below is a detailed explanation of the data we collect and its specific purposes:

1.Personal Identification Information

We collect comprehensive personal identification details to establish your identity, prevent fraudulent activities, and fulfill our legal obligations. This information forms the foundation of our customer verification process and service delivery framework:

(1)Full Legal Name

Your complete legal name as shown on official documents is required to create and maintain your loan account records. This ensures all transactions and communications are properly documented.

(2)Government-Issued ID

We collect the type, number and expiration date of your valid government-issued identification (such as passport, driver's license, or UMID) to verify your identity and comply with anti-money laundering regulations.

(3)Date of Birth, Age, and Gender

These demographic details help us verify your eligibility for specific loan products, ensure compliance with age-related financial regulations, and maintain accurate customer records for reporting purposes.

(4) Marital Status and Educational Background

We collect this information to better understand your financial profile, assess creditworthiness, and determine suitable loan products that match your financial capacity and needs.

(5)Current Residential Address

Your complete and updated residential address is necessary to confirm you reside within our serviceable areas, facilitate accurate communication, and comply with know-your-customer (KYC) requirements. This includes your house number, street, barangay, city/municipality, and postal code.

(6)Emergency Contact Information

We require the full names, contact numbers, and relationships of at least two emergency contacts to support identity verification, fraud prevention, and risk management processes. These contacts will only be used for legitimate business purposes.

2.Financial Information

To conduct thorough credit assessments and ensure responsible lending practices, we collect the following financial details:

(1)Bank Account or E-Wallet Details

We require your active bank account or e-wallet information (including account name, number, and branch details) to process loan disbursements, facilitate repayments, and verify financial transactions. These details are protected with advanced encryption.

(2)Employment Details

We collect comprehensive employment information including your current employer's name, your job position, length of employment, and monthly income to assess your financial stability, repayment capacity, and employment verification.

3.Device and Technical Information

To enhance platform security, improve service quality, and prevent fraudulent activities, we collect the following technical data:

(1)Device Details

We collect device-specific information including your device model, operating system version, unique device identifiers, and battery status (charging condition and battery level) to optimize application performance, ensure compatibility, and detect potential security risks.

(2)Network Details

We gather network-related information such as your IP address, connection type (WiFi/mobile data), and service provider to monitor for suspicious activities, prevent fraudulent transactions, and improve service delivery based on network conditions.

(3)Advertising ID

We may collect your device's advertising identifier to deliver relevant marketing content and promotional offers. This ID is not linked to your personal identity and is used in accordance with platform-specific advertising policies.

4.App Permissions and Data Usage

To optimize your user experience while maintaining the highest security standards, our application may request specific device permissions. Below is a detailed explanation of each permission's purpose and our strict usage guidelines:

(1)Device Information

To ensure security and prevent duplicate or fraudulent accounts, we collect limited technical data about your device, such as its model, OS version, and unique identifiers (e.g., IMEI, Android ID). This data is used solely for identity verification and fraud prevention, and is handled securely in compliance with relevant privacy laws.

(2)Camera and Photo Gallery Access

You may be asked to grant access to your camera or photo album when uploading identification documents or proof of income. This access is used only to capture or select required documents and is not used to browse or collect unrelated media. All images are used strictly for verification purposes and are not stored indefinitely.

(3)Biometric Data (Face Recognition)

As part of identity verification, we may request a live photo of your face to confirm your identity. This helps ensure your application is authentic and protects you against identity fraud. Biometric data is used only for verification and dispute resolution purposes and is handled with the highest security standards.

How We Use Your Information

We use your personal data for clear and lawful business purposes to ensure responsible service delivery. These include:

(1)Processing Your Loan Application

Your information helps us evaluate loan eligibility, assess risk, approve or reject applications, issue agreements, and manage disbursement, repayment, and other account activities.

(2)Verifying Your Identity and Credit Standing

We use identity documents, biometric data (e.g., facial photos), and historical financial behavior to confirm who you are and assess your repayment ability-enabling responsible lending.

(3)Meeting Legal and Regulatory Obligations

Your data may be processed and retained to comply with requirements from Philippine authorities such as the Securities and Exchange Commission (SEC), Bangko Sentral ng Pilipinas (BSP), and under the Data Privacy Act of 2012.

(4)Providing Notifications and Customer Support

We use your contact information to send important updates, transaction details, repayment reminders, service messages, and support responses.

(5)Enhancing Our Services

We analyze user behavior, app usage, and feedback to improve functionality, fix issues, and develop features that meet your evolving needs.

(6)Preventing Fraud and Unlawful Activity

We monitor and analyze user behavior to detect suspicious activity, verify legitimacy, and protect users and our system from fraud or unauthorized actions.

(7)Conducting Business Analysis

Aggregated and anonymized data is used for internal reporting, performance monitoring, service optimization, and ensuring compliance with internal policies.

We handle your information with care-ensuring all uses are necessary, proportionate, and fully compliant with data privacy standards.

Third-Party SDK Disclosure

To support core features, enhance usability, and ensure system stability, our app integrates certain third-party Software Development Kits (SDKs).

Each SDK is carefully assessed prior to integration to understand its data handling practices and ensure compliance with relevant privacy regulations.

Any data collected through these SDKs is subject to your explicit consent and is managed in line with applicable laws, as well as app store and platform policies.

(1)AppsFlyer

To help us better understand how users interact with our app and to optimize marketing performance, we integrate AppsFlyer - a third-party analytics and attribution platform.

Through AppsFlyer, we may collect anonymized device and interaction data, such as app installs, clicks, and usage patterns. This helps us identify which marketing sources are effective and refine our outreach strategies.

We do not use AppsFlyer to collect personal content or sensitive information. All data shared is handled in accordance with privacy regulations and is used exclusively for performance tracking, analytics, and user engagement improvement.

(2)Advance.AI

As part of our identity verification process, we may request a real-time image of your face to ensure that only you can access and complete your loan application.

Facial recognition is used strictly for authentication purposes-to confirm the match between your live photo and official ID, reduce impersonation risks, and safeguard against unauthorized access or fraudulent claims.

Your facial data is encrypted during transmission and processed only for this purpose. It is never shared with third parties unrelated to verification and is not retained longer than necessary under applicable data protection laws.

Legal Basis for Processing

We handle your personal data in accordance with applicable laws, including the Data Privacy Act of 2012 of the Republic of the Philippines. Our data processing activities are based on one or more of the following legal grounds:

(1)Your Consent

In certain situations, we will only collect and process your data after obtaining your explicit and voluntary consent-such as when accessing your camera, location, or uploading identity-related documents. You may withdraw your consent at any time, though doing so may affect your access to specific app features.

(2)Contractual Necessity

We process your data when it’s necessary to provide the services you’ve requested-such as reviewing your loan application, verifying your identity, disbursing funds, or managing repayments-so we can fulfill our responsibilities under the agreement between you and us.

(3)Legal and Regulatory Compliance

We are legally obligated to collect and report certain personal information to meet requirements set by authorities such as the Securities and Exchange Commission (SEC) and Bangko Sentral ng Pilipinas (BSP). This also includes compliance with anti-money laundering (AML), tax, and auditing regulations.

(4)Legitimate Business Interests

In some cases, we may use your information to improve our services, detect and prevent fraud, enhance platform security, or optimize system performance. We always ensure that such processing does not override your rights or compromise your privacy.

How We Share Your Information

To support our business operations, comply with legal obligations, and provide our services, we may share your personal information with trusted third parties under strict confidentiality and security measures. Such sharing is always conducted in compliance with applicable laws and limited to necessary purposes. The recipients may include:

(1)Affiliates and Service Providers

We may share your data with our affiliated entities or authorized service providers who assist in delivering our services. These partners include payment processors, cloud storage providers, customer support platforms, IT service vendors, and data analytics firms. All third parties are contractually required to handle your information securely and only for the purposes we specify.

(2)Government and Regulatory Bodies

Where legally mandated, we may disclose your information to government agencies such as the Securities and Exchange Commission (SEC), Bangko Sentral ng Pilipinas (BSP), or other Philippine regulatory authorities. This may occur in response to court orders, legal requests, or regulatory compliance requirements.

(3)Credit Bureaus and Financial Partners

For lending-related services, we may share relevant data with accredited credit bureaus, scoring agencies, or financial institutions to assess creditworthiness, manage risk, and prevent fraud. This supports responsible lending practices and regulatory compliance.

(4)Legal and Compliance Advisors

To safeguard our legal rights and ensure regulatory adherence, we may provide necessary information to legal counsel, auditors, or compliance consultants. This assists in audits, dispute resolution, and fulfilling legal obligations.

(5)Trusted Business Partners

We may collaborate with authorized third parties for functions such as fraud prevention, risk analysis, or performance analytics. These partners are bound by strict agreements to protect your data and use it only for approved purposes.

We do not sell or rent your personal information. All third-party data sharing is subject to stringent safeguards to ensure confidentiality and security.

Data Retention Periods

We maintain your personal information only for the duration required to achieve the purposes described in this Privacy Policy, while adhering to legal obligations and industry standards. Our retention practices are guided by the following principles:

(1)Active User Retention

Your personal data will be stored while your account remains active or while you continue utilizing our services. This enables us to:

• Provide uninterrupted service delivery
• Maintain accurate account records
• Offer ongoing customer support

(2)Post-Usage Retention

Following account closure or service discontinuation, we may preserve specific data for essential business functions including:

• Processing outstanding loan obligations
• Investigating and resolving disputes
• Addressing user inquiries
• Fraud detection and prevention
• Internal compliance audits and analytical purposes

(3)Regulatory Retention Requirements

Certain records must be preserved for legally defined periods under:

• Financial sector regulations (SEC/BSP requirements)
• Tax compliance obligations
• Other governmental mandates

We implement systematic data disposal procedures to securely erase, anonymize, or destroy information when:

• The retention period expires
• The data is no longer necessary for its original purpose

All disposal actions comply with:

•  Our internal data governance policies
• Applicable data protection legislation
• Industry best practices

Our Commitment to Data Security

We prioritize the security of user data above all else, implementing industry-leading technical solutions and rigorous management systems to establish comprehensive protection measures that safeguard the confidentiality, integrity, and availability of your personal information throughout its entire lifecycle.

We employ military-grade encryption technologies to secure data during transmission and storage, including HTTPS secure transmission protocols and AES-256 encryption standards, with particular emphasis on dual-layer encryption protection for sensitive information such as ID documents and bank accounts. All system access adheres to the principle of least privilege, strictly controlling access for both internal personnel and third-party service providers through dynamic authentication mechanisms like multi-factor authentication.

We have established a trinity security mechanism encompassing threat monitoring, penetration testing, and emergency response: professional teams conduct daily vulnerability scans, quarterly in-depth security audits by internationally certified agencies, and simulated hacker attacks to test defense systems. The development process strictly follows Secure Development Lifecycle (SDL) standards, ensuring absolute isolation between different accounts through data logical isolation technology.

In compliance with the Data Privacy Act of 2012, we have developed a comprehensive data breach response plan. In the event of a security incident, we will activate a tiered early warning mechanism within the statutory time limit, immediately notify affected users and report to the National Privacy Commission, while taking all necessary measures to contain risks and trace the source.

We continuously monitor global cybersecurity trends, allocating no less than 15% of our annual IT budget to security system upgrades, ensuring our protective capabilities always stay ahead of emerging threats.

Contact Us

If you have questions about this policy or need to exercise your data rights, please contact us.

Company Name: Cashpedia Lending, Inc.

SEC Registration No. CS201906528

Certificate of Authority No. 2945

Email: zaimenellabiste@cashpedialending.com

Address: Marajo Tower North Penthouse Unit, 26th Street corner 4th Avenue, Fort Bonifacio, Taguig, Metro Manila, 1634 Philippines