Statement on SMS Read Permission

Credit Kaagapay uses the READ_SMS permission to provide credit assessment services. With your explicit consent, we analyze SMS messages received from financial institutions and service providers (such as banks, payment platforms, and e-wallets) to evaluate your financial activity.

Data we collect from eligible SMS: sender identifier, message content, and timestamp.

Eligible SMS: Messages from public financial service providers containing transaction notifications, payment confirmations and e-wallet alerts.

What we NEVER access: We strictly do not access personal conversations from individual mobile numbers, One-Time Passwords (OTPs), or any verification codes.

Purpose: To assess income and spending patterns for credit limit determination and fraud prevention.

Storage: Data is encrypted and transmitted to https://service.creditkaagapay.com. We do not share SMS data with third parties without your explicit consent.

User control: This permission is strictly optional and independent of your credit report or loan application. You may decline during the authorization process or revoke permission at any time through Settings > Applications > Credit Kaagapay > Permissions on your device.

 

PRIVACY POLICY OF CREDIT KAAGAPAY

I. INTRODUCTION
Kaagapay Platform Inc.(together with its affiliates, if any, during the course of providing Services hereof, “Credit Kaagapay”, “our”, “us”, or “we”) and its various official partners (“Partners”) are committed to protect and respect your rights to your personal data, in compliance with Republic Act No. 10173 or “the Data Privacy Act of 2012”; related rules, regulations, and issuances of the National Privacy Commission (“NPC”); and with the adoption of constantly changing commercially acceptable standards for data protection and with the adoption of globally recognized best practices for data protection (collectively, the “Law”).
Please read this Privacy Policy to know the “whys”, “whats”, “whens”, “hows”, and “who’s/’re”, among others, of our policy for our data protection.

By expressly providing your consent to our Privacy Policy and our Terms and Conditions, or by accessing, benefitting from, or using, our Services through our official mobile application (“App”) available on Google Play Store, Apple App Store, and other similar platforms and other services including but not limited to recording credit, generate credit score and credit reports, etc. (collectively the "Credit Kaagapay Service"), you hereby acknowledge that you have read, understood, and agree to the terms of our Privacy Policy, Terms and Conditions, and any other documents that are referred in this Privacy Policy. You agree to having your data collected, corrected, transferred, stored, retrieved, used, retained, shared, deconstructed, and/or destroyed in the manner disclosed in this Privacy Policy and our Terms and Conditions. This Privacy Policy applies to all people and entities accessing our Platforms.

This Privacy Policy (together with our Terms and Conditions and any other documents referred herein) explains our policy regarding the collection, use, retention, disclosure and transfer of your information by Credit Kaagapay. This Policy forms part and parcel of the Terms and Conditions for the Credit Kaagapay Services. Capitalized terms which have been used here but are undefined shall have the same meaning as attributed to them in the Terms and Conditions. Users (as defined hereinafter) are requested to read this Policy in conjunction with the Terms and Conditions.

We respect the privacy of the users of the Credit Kaagapay Services (“Users” or “you”) and are committed to reasonably protect it in all respects. The information about the User as collected by us are: (a) information supplied by Users; and (b) information automatically tracked while using a mobile device having Credit Kaagapay Services enabled.

By accessing the Site, App or otherwise using the Credit Kaagapay Services, or by clicking on the tick box, you consent to this Policy’s terms on the collection, storage, and use of the Personal Information (including any changes thereto as provided by you or automatically tracked) for any of the Credit Kaagapay Services that we offer.

If you do not agree to be bound by all the current and updated terms of this Privacy Policy and Terms and Conditions, please exit and uninstall from your devices our Platforms and do not access, use, and/or receive benefit from any of our Platforms and our Services.

We may, at any time and at our sole discretion, amend, and update this Privacy Policy. You are strongly suggested and responsible for, among others, regularly reviewing this Privacy Policy.

II. DEFINITIONS

“SERVICE” means the Platforms operated by Credit Kaagapay.

“PERSONAL DATA” or “PERSONAL INFORMATION” means any personal information and/or sensitive personal information and/or privileged information as defined under the Law, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained, or when put together with other information would directly and certainly identify an individual.

“USAGE DATA” is data collected automatically either generated by the use of Service or from Service infrastructure itself (for example, the duration of a page visit).

“DATA CONTROLLER” means a natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your data.

 

“DATA SUBJECT” is any living individual whose Personal Data is being processed pursuant to this Privacy Statement.

“USER” is the individual using our Service via our Platforms. The User corresponds to the Data Subject whose Personal Data is protected by the Law.

III. WHAT DATA WE COLLECT

Depending on your User type, we collect several different types of Personal Data for various purposes to provide and continuously improve our Service to you, ensuring an optimal user experience.

You provide us with personally identifiable information such as your name, email address, and physical address through various media and/or forms, such as original, notarized, and/or stamped documents in print or copies in accessible, legible, and electronic format, as may be necessary. Other Personal Data that we do not expressly require of you but which you willingly provide to us are collected as well. The information we collect depends on the features, functionalities, products, and Services that you request through our Platforms. Such information, which may or may not include personally identifiable information, includes but are not limited to the following:

 

1. Name (First Name, Middle Name, and Last Name);
2. Personal photographs;
3. Gender;
4. Age;
5. Nationality or Citizenship
6. Address Details;
7. Birthdate;
8. Place of Birth;
9. Marital Status;
10.        Education Level;
11.        Email address;
12.        Home Address;
13.        Facebook Account;
14.        Work Details;
15.        Business Name;
16.        Business Category;
17.        Bank Information;
18.        Mobile Number;
19.        First and Second Contact Information (voluntarily selected and submitted by you through the application interface; Credit Kaagapay does not request the READ_CONTACTS permission and does not access your device's address book);
20.        Financial information (income, employment details such as payslips and BIR forms) 
21.        Device information;
22.        Log Data;
23.        Computer Internet Protocol address (“I.P.”) address;
24.        Valid government-issued identification cards (“IDs”) and details therein;
25.        Mobile Device Data (Model, Location, Application Usage, Frequency), this is essential for service functionality, security, fraud prevention, and service improvement. With respect to installed application information, Credit Kaagapay no longer requests the QUERY_ALL_PACKAGES permission within the application interface. However, with your explicit consent, Credit Kaagapay may collect and analyze non-sensitive application identifiers for the purposes of fraud prevention and cybersecurity risk assessment, as described in the Statement on Installed Application Information below.
26.        SMS receiving records — After your explicit authorization, Credit Kaagapay will collect and analyze designated financial transaction SMS messages on your device (specifically transaction-related SMS from financial service providers), including sender identifier, message content, and timestamp, analyzed solely for credit evaluation, to determine appropriate credit limits, and to assess your financial capability. We strictly do not access personal conversations from individual mobile numbers, One-Time Passwords (OTPs), or any verification codes. This permission is strictly optional and independent of your credit report or loan application.

The Personal Information provided by the Users is essential for the provision and enhancement of the Credit Kaagapay Services, with the aim of providing an optimal user experience. As part of our ongoing efforts to improve the Services, we may occasionally request additional Personal Information from Users, beyond what has been previously mentioned, through the Application and/or Site, subject to the User’s explicit consent. Rest assured that we do not disclose this data to any third-party, except as outlined within the provisions of this Policy or when required by law. We reserve the right to verify the information and documents provided by Users using reliable sources. Users authorize Credit Kaagapay and any financial partners and/or third-party service provider to process Know Your Customer (KYC) Documents and determine their eligibility for our services and for fulfilling legal and regulatory compliance requirements, subject to Credit Kaagapay’s Privacy Policy and Terms. The permission granted by Users for financial partners and/or third-party service providers to access KYC Documents is governed by the privacy policies of such financial partners and/or third-party service providers. The personal information collected during the KYC process is used solely for legal and regulatory compliance purposes, such as anti-money laundering (AML) and counter-terrorism financing (CTF). Credit Kaagapay maintains the confidentiality and privacy of Users' information and only shares it with authorized parties such as its financial partners and third-party service providers, with the User's explicit consent or as required by law or competent governmental authorities. Any such sharing is conducted under strict contractual agreements that obligate these parties to protect your data in accordance with this Privacy Policy and the Data Privacy Act of 2012. Credit Kaagapay is dedicated to safeguarding Users' personal data in accordance with relevant data protection laws and regulations.

We reserve the right to utilize your Personal Data for the purpose of communicating marketing materials, promotional content, and other information that may be deemed relevant and of interest to you through websites, newsletters, SMS, social media and other suitable platforms. However, you maintain the option to unsubscribe from receiving any or all of these communications by following the provided unsubscribe link.

Any Personal Information that you provide shall not be deemed as personal information if such information does not meet the definition of personal information under Republic Act No. 10173 or the Data Privacy Act of 2012. Moreover, it is important to emphasize that any reviews, comments, messages, blogs or similar content posted, uploaded, conveyed, or communicated by Users on the public sections of the Site or an application store (such as the App Store or Play Store) shall be deemed as publicly published content by your own choice. As published content, such information becomes accessible to others and is no longer subject to the same privacy expectations as data provided privately to Credit Kaagapay.
 
Upon registering with the Services, it is probable that we may periodically contact you to request updates or revisions to your Information. This is intended to ensure the accuracy and currency of your provided details, for the proper provision of our Services and for compliance with regulatory requirements. It is essential that you provide us with your updated information upon request or at your own discretion when necessary to be informed with the latest and material information related to your usage of our Service. Credit Kaagapay shall not be held liable for not contacting you timely due to your failure to provide your updated information hereof.

IV. INFORMATION AUTOMATICALLY TRACKED WHILE USING THE APP OR SITE

Usage Data
We may also collect information that your browser sends whenever you visit our Service or when you access our Service by or through a mobile device (“Usage Data”). This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), the pages of our Service that you visit and other diagnostic data.

When you access our Service with a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, unique device identifiers and other diagnostic data.

To monitor and analyze user behavior on the App/Site, as well as to continually improve our services, we employ various tools such as Google Analytics, Firebase and other similar platforms. These tools provide valuable insights into user interactions and enable us to optimize our offerings.

Valuable Feedback
Your feedback improves our community and our Services. You consent to the collection of Personal Data whenever you transact with our customer service and support personnel. Such information collected includes but is not limited to your full name, email address, mobile number, orders made, and account numbers. Please tell us what we can do to improve our Services.

V. WHAT WE DO NOT COLLECT
We do not collect more than what is necessary for the specific, legitimate purposes outlined in this Privacy Policy.

The only Personal Data, if any, that we collect comes from you. We collect only the minimum amount and kind of information necessary for our Services, our Partners’ products, and to comply with our legal and regulatory obligations.

 

With respect to SMS data, Credit Kaagapay strictly does not collect, access, or process: (a) personal conversations or messages from individual mobile phone numbers; (b) One-Time Passwords (OTPs) or any verification codes; or (c) any SMS content unrelated to financial transactions from recognized financial service providers. The SMS filtering process is conducted on-device prior to any data transmission, ensuring that only eligible financial transaction SMS are collected and uploaded.

VI. LINK TO FINANCIAL PARTNERS AND THIRD-PARTY SITES/AD-SERVERS
The Site may contain links to other websites such as advertisers, blogs, content sponsorships, vendor services, social networks, and more. While we strive to select reputable and reliable partners and ensure our own practices align with data protection standards, it is important to exercise caution that these websites operate under their own distinct privacy statements and practices, which are beyond our control. To further protect yourself, we strongly recommend reviewing the privacy policies of these third-party websites before providing any personal information. When you navigate away from our Site (which can be determined by checking the URL in your browser’s address bar), any information you consent to provide to these external sites is subject to the Privacy Policy of the respective website operator. We cannot provide any representation or warranty regarding how your information is stored or used on financial partners and third-party servers, and we are unable to take any responsibility in any form for any violation of your information conducted by such financial partners and third-party servers.

VII. WHOM WE SHARE THE DATA WITH
The Information (including Personal Information) collected may be shared with our affiliates, financial partners, and group companies to the extent required for our internal business and/or administrative purposes and/or general corporate operations and to any third-party service providers, including marketing partners, and the User hereby consents to the same. When sharing with third-party service providers, including marketing partners, for their direct marketing purposes, such sharing will only occur with your explicit, separate consent. We will take reasonable steps to ensure that these third-party service providers are obligated to protect your personal information and are also subject to appropriate confidentiality/non-disclosure obligations and they comply with the applicable provisions of the data protection laws. These entities, with whom we share the Information, may market to you as a result of such sharing unless you explicitly opt-out.

The User consents that we may have access to your location and device information and we may request you to provide your PAN, Know-Your-Customer (KYC) details, and biometric data to check your eligibility, to enhance your experience and provide you access to the services being offered by us, our affiliates, financial partners, or other third-party service providers (including lenders). Your consent to access location and device information is specifically for fraud prevention, credit scoring, and to ensure service functionality and eligibility. Biometric data might be collected and processed, with the explicit consent of the User and in compliance with Section 12 of the Data Privacy Act of 2012, and NPC Circular No. 2022-02, only for User verification using facial recognition and liveliness detection mechanism, strictly for identity confirmation, fraud prevention, and compliance with legal and regulatory KYC requirements.

Further, the User also consents to share Personal Information, including Sensitive Personal information, when it is requested or required by law or by any court or governmental agency or authority to disclose, for the purpose of verification of identity, or for the prevention, detection, investigation including cyber incidents, or for prosecution and punishment of offenses. These disclosures are made in good faith and belief that such disclosure is reasonably necessary for enforcing the Terms and Conditions or for complying with the applicable laws and regulations. No Personal Information of an individual User such as name, contact number, email address, card details, etc. would be shared with any other User and/or unauthorized third-party unless explicitly approved by the concerned individual User himself/herself.

By using the Credit Kaagapay Services and providing Personal Information to us, Users agree and consent to the disclosure, transfer, storage, and processing of the Personal Information, including the Sensitive Personal Information, by us in the Philippines and/or in other countries to its affiliates, financial partners, group companies, and third parties. While our primary motive is to protect the disclosure of Personal Information (except in accordance with the provisions of this Policy) of Users, Users may note that countries where their Personal Information may be stored, may not have data protection laws similar to the countries where they are located.

In our data sharing activities, the following shall be observed:
 

• The amount of information that shall be collected and processed is defined and limited to what is necessary for the stated purposes.
• The information shall be provided only to the authorized recipients to date.
• We may withhold or order to cease processing or sharing of data at any time if we deem that such processing or disclosure is contrary to Law or adversarial to our interests.
• We may share anonymized or aggregated information internally and with third parties for any purpose. Such information will not identify you individually.

 
We may disclose Personal Data that we collect, or you provide for any of the following activities:
 
Disclosure for Law Enforcement. Under certain circumstances, we may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities.
Business Transaction. If we or our subsidiaries are involved in a merger, acquisition, or asset sale, your Personal Data may be transferred.

Other cases. We may disclose your information also:

• 3.1 to our subsidiaries and affiliates;
• 3.2 to financial partners;
• 3.3 to lending license partners for the purpose of evaluating loan applications, granting loans, collection of loans and closure of loans;
• 3.4 to contractors, service providers, and other third parties we use to support our business;
• 3.5 to card issuance and processing partners;
• 3.6 to fulfill the purpose(s) for which you provide it;
• 3.8 for any other purpose disclosed by us when you provide the information;
• 3.9 with your consent in any other cases;
• 3.10 if disclosure is necessary or appropriate to protect the rights, property, or safety of Credit Kaagapay and our Users.

 

We may also share your Personal Information in the event of a business transfer, such as a merger, acquisition, or sale of our assets. In such cases, we will notify you before your Personal Information becomes subject to a different privacy policy.

VIII. INFORMATION STORAGE AND BACKUP
Periodically, we perform data backups of User information on our cloud-based database. This practice serves the purpose of ensuring that Users can recover their data in the event of data loss or unavailability on their mobile devices, such as device malfunction, loss, or when transitioning to a new device.

We shall retain User's Personal Information in our records for a period of [5] years after the termination of services or last interaction with the User, whichever is later, unless a longer retention period is required by law, or for our legal and regulatory obligations (e.g., anti-money laundering laws, tax laws), to resolve disputes, enforce our agreements or for other legitimate business purposes. However, once the provision of company Services is no longer applicable or pertinent to a specific User, we shall expunge all Personal Information associated with that particular User from our records in a manner that prevents further processing, unauthorized access, or disclosure, in accordance with applicable data protection laws and our internal data retention policy.

IX. INFORMATION SECURITY
We implement reasonable and appropriate organizational, physical, and technical security measures to safeguard against unauthorized access, alteration, disclosure, or destruction of data, including accidental or intentional manipulation, and loss from unauthorized parties. These measures encompass internal assessments of our data collection, storage, processing practices, along with security protocols and employee training on data privacy and security. We employ suitable encryption and physical security measures to protect against unauthorized access to systems where personal data is stored. All Personal Information collected on the Credit Kaagapay platform is securely stored within controlled databases. Access to these servers is password-protected and strictly limited.

 

Our security measures undergo regular reviews and updates to align with technological advancements. While we take all reasonable steps to ensure the security of Personal Information, it is important to understand that no transmission of data over the internet or any other public network can be guaranteed to be 100% secure.

We strive to comply with applicable data protection laws to safeguard User privacy and Personal Information. We have implemented physical, electronic, and procedural safeguards that align with the laws of specific jurisdictions to protect User Personal Information. By accepting the terms of this Policy, you acknowledge that the standards and practices we have in place are reasonable and adequate for the protection of your personal information.

In the event of a breach of security, confidentiality, or integrity resulting in the unauthorized access or disclosure of your unencrypted electronically stored Personal Information, we will promptly notify you via email or any other feasible means without undue delay, to the extent consistent with the legitimate needs of law enforcement. We will also notify the National Privacy Commission (NPC) within the period prescribed by law following the discovery of the breach, in accordance with the Data Privacy Act of 2012 and NPC Circular No. 16-03 (Personal Data Breach Management). We will take all necessary measures to investigate and remediate the breach, and restore the reasonable integrity of the data system.

X. PURPOSE OF DATA PROCESSING
We will only collect and process Personal Information about you when we have a lawful basis to do so. The primary purpose of collecting your information, including Personal Information, is to provide you with personalized access to Credit Kaagapay and its various features, as well as for other lawful purposes as deemed necessary. It is important to note that if you choose not to provide consent for the collection of your Personal Information where consent is required by law for a specific purpose, or if the information is essential for contract performance, it is possible that we may be unable to fulfill our contractual obligations to you. By "perform the contract," we are referring to the Terms and Conditions that govern your use of the Credit Kaagapay Service. Consequently, your access to certain features of the Credit Kaagapay Service may be restricted or we may be unable to provide you with the Credit Kaagapay Service in its entirety.

For example, we use your information where we need the Personal Information to perform the contract with you (for example, to provide the Platform or our services to you) so as to:
 

• (a) Register you on our Platform;
• (b) Provide you with customer or technical support including addressing support queries related to, but not limited to, payment processing, or to diagnose any problems with our servers etc.;
• (c) Send you transactional emails/SMS or to provide you with information and updates directly related to your use of the Credit Kaagapay Service, direct marketing, online and offline advertising and other materials regarding products, services and other offers from time to time in connection with the Credit Kaagapay Service or its parent, subsidiary and affiliated companies ("Platform Entities") and its joint ventures;
• (d) Determine your geographic location, to provide you localized content including advertisements, personalized recommendations, allow you to continue watching/ using previous content at another time, and to determine your Internet service provider to troubleshoot a technical issue, and help us quickly and efficiently respond to inquiries and requests;
• (e) To provide you with a personalized service and experience; we do this by linking some or all of your Personal Information such as transactions done with Credit Kaagapay with your activity on our Platform across all your devices and associating and storing this information with a unique platform generated identifier that is generated for each user (guest as well as registered user). When a guest user subsequently registers and creates an account, the information and data relating to such user's past activities gets added to and associated to the registered account;
• (f) Research, analyze and understand our audience and what content and advertising they may view, watch or otherwise engage with, in order to improve our service (including our user interface experiences and security features); evaluate your eligibility for certain types of offers, products or services and market such products or services to you; to perform analytics and conduct customer research, including general market research or surveying our customers' needs and opinions on specific issues, generating sales and traffic patterns, and to analyze advertising effectiveness, both on an anonymous basis (e.g., by aggregating data) or on an individual basis (if legally permissible), in combination with other information collected from tracking technologies and aggregate it with information collected from other Users using our Platform, to attempt to provide you with the Services and a better experience on the Platform. For example, one of the ways we use this information is to count the number of times an advert or other content is viewed because this might be the metric by which our advertisers pay us. This information is compiled and analyzed on an aggregated basis;
• (g) Analyze and measure how effective our advertising is by determining which media sources should be paid for delivering a desired action e.g. users who install our application or subscribe (also known as 'attribution'), so that we pay for demonstrated value and don't overspend.

We will use your Personal Information with your explicit consent as follows:

 

• (a) When you agree to share your precise location based on GPS data, we will combine this information with other Personal Information that you provide to us on the Credit Kaagapay Service to provide personalized content and advertisements with better accuracy basis your geographic location e.g. you may see more regional content recommendations or advertisements for local establishments, when you share your precise location based on GPS data;
• (b) When you agree to share information pertaining to the applications frequently used by you on your device, we will combine this information with other information that you provide to us on the Credit Kaagapay Service, to display advertisements that are more relevant to your interest areas.
• (c) When you agree to share installed application information, Credit Kaagapay may collect and analyze non-sensitive application identifiers solely for the purposes of fraud prevention, cybersecurity risk assessment, and credit evaluation, as described in the Statement on Installed Application Information contained in this Privacy Policy. This information is not used for advertising or marketing purposes.
• (d) When you agree to grant READ_SMS permission, Credit Kaagapay will collect and analyze designated financial transaction SMS messages on your device — such as bank notifications, payment confirmations, and e-wallet alerts — to evaluate your income and spending patterns for credit assessment. We access only transaction notifications from public financial service providers (identified by their registered sender names or short codes). We strictly do not access personal conversations, messages from individual mobile numbers, or One-Time Passwords (OTPs). This analysis helps us determine a credit limit that matches your actual financial situation, especially for users with limited formal banking history. The collected data is encrypted and transmitted to https://service.creditkaagapay.com. We do not share SMS data with third parties without your explicit consent. This permission is strictly optional and independent of your credit report or loan application.

XI. YOUR DATA PRIVACY RIGHTS
Under the Law, you are entitled to the following data privacy rights:

1. the right to be informed whether your Personal Data shall be, are being, or have been processed;
2. the right to object to the processing of your Personal Data. However, this right is not absolute and may be denied if the processing is required by law, necessary for the performance of a contract, or for a legitimate purpose as determined by the National Privacy Commission;
3. the right to reasonably access your Personal Data;
4. the right to dispute the inaccuracy or error in your Personal Data and have us correct it immediately and accordingly;
5. the right to suspend, withdraw, or order the blocking, removal or destruction of your Personal Data from our records when it is no longer necessary for the purpose for which it was collected, or if the processing is unlawful. This right is also not absolute and may be denied if the processing is required by law or necessary for the performance of a contract;
6. the right to file a complaint with the NPC for any violation of your data privacy rights;
7. the right to be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of your Personal Data not in accordance with this Policy;
8. the right to data portability of your Personal Data.

In respecting your data privacy rights, you may opt to tell us:

 

1. not to share your information with our subsidiaries, affiliates, financial partners, or with other companies that we have business with provided that such information is not critical nor required by applicable laws and regulations in maintaining the Services that you have availed with us;
2. to provide you with information that we currently have about you subject to restrictions applied to us as a company operating in the Philippines by certain laws and regulations;
3. to update your Personal Data; and
4. about your other concerns relating to how we collect, use, share, protect or dispose of your information.
5. to opt-out of personalized ads

XII. ACCESSING AND UPDATING PERSONAL INFORMATION

To exercise your right to erasure or to request deletion of your account and associated personal data, you may: (a) navigate to Settings > Accounts & Security > Delete Account within the Credit Kaagapay App to initiate an account deletion request; or (b) contact our Data Protection Officer at the details provided below. Upon receipt of a valid request, Credit Kaagapay will process your request within fifteen (15) working days, subject to applicable legal retention requirements as described in Section VIII of this Privacy Policy. Please note that account deletion is irreversible and will result in the termination of all active services.

 

To exercise your rights regarding access, correction, or deletion of the Personal Information you have provided, you may contact us via email:

 

Data Protection Officer

Roson, Trisha Cassandra C. - Data Protection Officer - Kaagapay Platform Inc.

4/F King's Court 1 BLDG., 2129 Chino Roces AVE., Pio Del Pilar, Makati, Makati City, Metro Manila

Email address: compliance@creditkaagapay.com

Please include relevant details and specific instructions regarding your request to facilitate the efficient handling of your inquiry or request. We may request certain Personal Information from you, including government-issued identification documents, for the limited purpose of validating your identity and good faith standing as a Data Subject to make the query or request. Once your identity is validated, we will delete the information so collected, unless we hold a lawful basis to further process this information. 

When Users utilize the Site (including any sub-sites) or the App, we diligently strive to fulfill Users' requests for access to their Personal Information, provided such requests are made in good faith. Furthermore, we are committed to rectifying any identified inaccuracies or deficiencies in Personal Information or Sensitive Personal Information to the extent feasible, unless retention of such information is required by law or for legitimate business purposes. 

To facilitate the processing of access, correction, or removal requests, we kindly ask individual Users to authenticate themselves and specify the particular Personal Information they wish to access, correct, or remove. We reserve the right to decline requests that are unreasonably repetitive or systematic, entail disproportionate technical effort, compromise the privacy of others, or prove to be impractical in nature, or if access to such information is otherwise unnecessary. 

Regarding the provision of Personal Information access and correction, we undertake this service free of charge, except in cases where doing so would require a disproportionate effort.

Please note that due to the nature of certain services, deleted Personal Information may persist in residual copies for a certain period of time before being completely eradicated from our active servers. It is possible that remnants of such information may also endure in our backup systems.

XIII. YOUR PART IN PROTECTING YOUR DATA

The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

You agree that you too play a part in ensuring your personal data and the data of others are protected. By accessing our Platforms and/or using our Services, you declare, represent, and warrant that:

• You have been notified of the existence of, you have read, and you understand our Privacy Notice, this Privacy Policy, and our Terms and Conditions;
• You absolutely agree with our Privacy Notice, Privacy Policy, and Terms and Conditions, and all of its contents such as but not limited to your representations and warranties, your agreement with and related waivers concerning our and our Partners’ limitation of liabilities, and assumption of certain responsibilities in exercise of your data privacy rights;
• By accessing, benefitting from, using, and/or giving consent to our varied platforms, whether in print or via our online software systems, directly or indirectly, such as the latest official build of our Website and the latest versions of our official mobile application and/or through our Services, you agree to be bound to our Privacy Policy and Terms and Conditions. You agree to having your data collected, corrected, transferred, stored, retrieved, used, retained, shared, deconstructed, and/or destroyed in the manner disclosed in this Privacy Policy, and our Terms and Conditions;
• You will keep yourself updated with any changes in our Privacy Policy, and Terms and Conditions, and your continued use of our Platforms and/or Services indicate your agreement with any additions, changes, subtractions, or modifications thereto;
• You represent and warrant that all information you provide to us is accurate, complete, up-to-date, given in good faith, lawful, and true. You acknowledge that any false or misleading information provided by you may result in immediate termination of your account and services, and you shall be liable for any losses or damages incurred by Credit Kaagapay as a result of such false or misleading information.
• During account creation, information entered therein is true and correct to the best of your personal knowledge, and is not false, fabricated, misleading, for the purpose of any illegal activity, ill-will, nor information of persons, whether natural or juridical, other than yourself;
• During account creation, should you enter information in representation of another person, whether natural or juridical, you warrant that you have obtained his/her/their consent and/or authorization, as the case may be, and such was willingly given, without duress, force, intimidation, or violence, and not through strategy or stealth;
• At the time of account creation and thereafter, all copies of certifications, licenses, permits, and various government and non-government issuances that you submit or upload to our database, whether in print or electronic format, are issued by the pertinent authorities acting within their proper lawful jurisdiction, genuine, unaltered, and valid; and not in any way altered through digital software, not physically tampered with prior to scanning into electronic format, not issued by a government or non-government authority outside of its proper jurisdiction, not fabricated, false, or a spurious copy, and not created, issued, or a product of/pursuant to any illegal activities, schemes, or methods;
• Should there be any genuinely suspicious activity and/or legitimately objectionable features in our Platforms, instead of continuing the use of our Platforms and/or using our Services, you will alert or report us within twenty-four (24) hours from occurrence of said suspicious activity or encounter of the objectionable feature rather than proceeding with orders or continue use of our Platforms/Services. You agree that your failure to alert us and/or continued access and/or use of our Platform and/or Services within said time period of said suspicious activity and/or objectionable features constitutes as your absolute waiver of any causes of action, claim, damages, and/or liability, of whatever nature, arising from such activity, incident, feature, and/or occurrence, and as against Credit Kaagapay, its Board of Directors, officers, and/or employees; and/or its Partners;
• Should there be sufficient proof of a breach of your data privacy rights, as required under the Law, you will immediately inform us so that we could attempt to provide you with a proper response and/or reasonable redress within reasonable time from our receipt of our complete correspondence of your concern, compliant, or grievance;
• You access and/or use our Platforms and/or Services in accordance with law, public order, public policy, morals, or good customs, and without any ill intent or malice against us, other users, and merchants;
• By submitting the required Personal Data to us, you consent to such collection, disclosure and use thereof. You hereby expressly waive and unconditionally release us from any and all liability, claims, causes of action, or damages, of whatever nature, arising from our legitimate use of the submitted Personal Data;
• You agree, warrant, and represent that you will absolutely assume all of your liabilities, roles, and responsibilities as a distinct, independent, and separate Data Controller of Personal Data of your own data subjects, as may be applicable and/or necessary. You therefore irrevocably hold Credit Kaagapay, its Board of Directors, corporate officers, and/or employees and its Partners harmless from any cause of action, damages, and/or liability arising from, incidental to, or simultaneous with any data privacy law breaches insofar as its own capacity as Data Controller and/or its own set of data subjects.

XIV. REVOCATION OF CONSENT

A User can revoke his consent to the processing of his Personal Information at any time with effect for the future. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose Personal Information where such collection, use, and disclosure without consent is permitted or required under applicable laws (e.g., other lawful criteria exist for the processing of personal information).

XV. DISCLAIMER

In case any Personal Information is shared by you with us, which is not requested by us during registration, (whether mandatorily or optionally), we will not be liable for any information security breach or disclosure in relation to such information. If you have any questions regarding this Policy or the protection of your personal information, please contact our data protection officer.

XVI. REASONABLE TIME FOR OUR RESPONSE AND LAWFUL INTERRUPTION THEREOF BY FORCE MAJEURE.

You agree with our terms for a response within a reasonable time; lawful interruption thereof; and force majeure in relation to the exercise of your data privacy rights. We aim to respond to your concerns within 15 working days, in line with the recommendations of the National Privacy Commission.

We shall exert our best efforts to address your concerns, complaints, or grievances, and these shall be examined with care, and professionalism, and within reasonable time from our receipt of your complete correspondence with us.

Such reasonable time depends on the circumstances of said concern, complaint, or grievance, and shall be deemed lawfully interrupted by certain events beyond the control of any party herein such as but not limited to: acts of God such as natural calamities, typhoons, tornado, volcanic eruption; acts of political instability such as revolution, civil war, insurrection, civil disobedience, riot, terrorism, economic sabotage; the threat of spread of mandatorily reportable communicable and infectious diseases, government declaration of public health emergency measures such as national and/or local quarantines and/or other management/employee restrictions; acts of authorities whether lawful or unlawful; prolonged suspension or unavailability of public transportation, telecommunication, and electric utilities; and other force majeure events (“Force Majeure Event”).

XVII. SERVICE PROVIDERS
We may employ third-party companies and individuals (“Service Providers”) to facilitate our Service, provide Service on our behalf, perform Service-related services or assist us in analyzing how our Service is used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
XVIII. ANALYTICS
We may use third-party Service Providers to monitor and analyze the use of our Service.

XIX. CI/CD TOOLS
We may use third-party Service Providers to automate the development process of our Service.

XX. BEHAVIORAL MARKETING
We may use remarketing services to advertise on third-party websites to you after you visited our Service. We and our third-party vendors use cookies to inform, optimize and serve ads based on your past visits to our Service.

XXI. LINKS TO OTHER SITES
Our Service may contain links to other sites that are not operated by us. If you click a third-party link, you will be directed to that third-party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

XXII. QUESTIONS/GRIEVANCE REDRESSAL
In the event you have any inquiries or grievances relating to the processing of Personal Information provided by you, you may contact:

Data Protection Officer - Kaagapay Platform Inc.

4/F King's Court 1 BLDG., 2129 Chino Roces AVE., Pio Del Pilar, Makati, Makati City, Metro Manila

Email address: compliance@creditkaagapay.com

 

XXIII. STATEMENT ON CONTACT INFORMATION COLLECTION

To accurately evaluate your personal credit and to identify and contact character references or guarantors for your loan or credit application, Credit Kaagapay provides an in-app mechanism for you to manually select and submit one or more personal references or emergency contacts.

Credit Kaagapay does NOT request the READ_CONTACTS permission and does not access, read, or retrieve your device's address book or full contact list. Only the specific contact information (name and phone number) that you voluntarily select and provide through the application interface will be collected, transmitted using HTTPS encryption, and stored on our servers.

Your selected contact information will only be stored and used for credit evaluation and for identifying and contacting character references or guarantors. Credit Kaagapay will NOT access or collect any contact data from your device beyond what you explicitly choose to submit. Your selected contacts will NOT be shared or sent to third parties under any circumstances except as otherwise explicitly consented to by you within this Privacy Policy (e.g., for data sharing with financial partners or for specific outsourced collection efforts where relevant and separately authorized).

You may choose not to provide contact references. However, please be aware that providing emergency contacts is often essential for verifying your creditworthiness and for account security. Without such information, you may not be able to use certain Credit Kaagapay services, such as applying for a credit report or accessing loan recommendations.

If you wish to revoke historical authorizations and erase all your personal information, please contact compliance@creditkaagapay.com. We will process your application within fifteen (15) working days.

 

XXIV. STATEMENT ON INSTALLED APPLICATION INFORMATION

Note: As of early 2025, the QUERY_ALL_PACKAGES permission has been removed from the Credit Kaagapay App's runtime permission requests. The following statement is retained for transparency purposes to describe how Credit Kaagapay may process installed application information with your consent as provided through this Privacy Policy, and to ensure continuity of disclosure for users who previously granted this permission.

Credit Kaagapay may compare the installed applications on your device with a list of suspected malware or suspicious applications to detect whether your financial transaction or credit application environment is safe. Credit Kaagapay will upload and analyze only the NON-SENSITIVE application identifiers matched in the above process (including package name, first installation time, and last update time) to protect against cybersecurity risks. Credit Kaagapay does not have access to any private content within other applications. Unmatched applications will not be visible to Credit Kaagapay to protect your privacy. In this way, Credit Kaagapay can warn you of the risk of privacy leakage before you enter sensitive information such as your password or ID number.

We strongly recommend that you agree to this authorization to ensure the security of your financial transactions and enable access to our full range of services. If you choose not to authorize this permission after fully understanding its purpose and implications, you may not be able to use certain Credit Kaagapay features, as this information is critical for our risk assessment, fraud prevention, and the secure provision of our services.

After your explicit authorization, Credit Kaagapay will encrypt and upload the above information to https://service.creditkaagapay.com securely. This data will not be shared or sold to third parties in any form without your explicit consent.

 

XXV. STATEMENT ON SMS READ PERMISSION

Credit Kaagapay reads financial transaction SMS on your device — such as bank notifications, payment confirmations, and e-wallet alerts — to analyze your income and spending patterns for credit assessment.

What we access: Transaction notifications from public financial service providers — such as banks, payment services, and e-wallets (identified by their registered sender names or short codes) — containing details such as sender name, transaction amount, merchant name, and date.

What we NEVER access: Personal conversations, messages from individual phone numbers, or one-time passwords (OTPs).

Why it matters: This analysis helps us determine a credit limit that matches your actual financial situation, especially for users with limited formal banking history.

Your data is encrypted and stored on https://service.creditkaagapay.com. We never share SMS data with third parties without your explicit consent.

This permission is strictly optional and independent of your credit report or loan application. You may decline during the authorization process by tapping "Skip", or revoke permission at any time through Settings > Applications > Credit Kaagapay > Permissions on your device.

Credit Kaagapay is committed to transparent and responsible management of the SMS permission you grant us. We will only access your SMS data for the specific, legitimate purposes outlined in this Privacy Policy. Once the specific purpose for which the SMS permission was granted has been fulfilled, and where there are no other applicable lawful criteria requiring continuous access, the Credit Kaagapay App will prompt you through appropriate in-app notices to inform you that access to the SMS permission may be revoked, and guide you on how to turn it off through your device settings.

XXVI. UPDATES/CHANGES
This Privacy Policy is effective as of the date of its last modification and will remain in effect unless its provisions are changed in the future. Such a modified version will be in effect immediately after posting on this page dedicated to the Privacy Policy.

Credit Kaagapay reserves the right at any time to amend, change, add, or modify this Privacy Policy by posting the new/updated version, without prior notice to the users of the Credit Kaagapay App, and to add new or additional terms or conditions on use of the Services. For any material changes to how we collect, use, or share your Personal Data, we will provide you with prior notification through appropriate channels, such as email or in-app notifications. You will also be requested to indicate your explicit consent to the updated Policy before you access the Credit Kaagapay App and its Services. You are strongly recommended to regularly review and read this Policy, as well as any updated Policy before you indicate your consent.

 

Your continued access or use of the Credit Kaagapay App after the updated Policy is posted, confirms your acceptance and consent to be bound by the updated Policy.

XXVII. MISCELLANEOUS

1. These Terms shall be governed by and construed in accordance with the laws of the Republic of the Philippines. Any dispute arising out of or in connection with these Terms, including any question regarding its existence, validity or termination, shall be referred to and finally resolved by arbitration in Makati City in accordance with the Arbitration Rules of the Philippine Dispute Resolution Center, Inc. (PDRCI) for the time being in force, which rules are deemed to be incorporated by reference in this clause.
2. The Terms set forth herein shall remain effective and shall remain binding upon you, even following any discontinuation of use of the Credit Kaagapay App, to the extent permitted by law.
3. You agree to indemnify, defend, and hold Credit Kaagapay, its affiliates, financial partners, shareholders, directors, employees, agents, service providers, suppliers, subcontractors, successors, and assigns, harmless from and against any and all claims, demands, actions, causes of action, damages, costs, and expenses, including reasonable attorney's fees and other expenses of litigation, penalties, fines, damages, and losses, made by any third-party due to or arising out of your breach of the Terms stated herein and the documents they incorporate by reference, or by your violation of any law or the rights of a third-party.
4. Credit Kaagapay may subcontract any part or parts of the Services it provides to you at any time.
5. Credit Kaagapay may assign or novate any part or parts of its rights under these Terms without your consent.
6. Collecting any personally identifiable information from the Credit Kaagapay App, including the use of communication systems provided on the Credit Kaagapay App for any commercial solicitation purposes is not allowed. Distribution or publication of vouchers or codes, solicitation for any reason whatsoever to any users of the Credit Kaagapay App and hacking or scraping the Credit Kaagapay App are prohibited acts, which will be dealt with accordingly to the fullest extent available under the law.
7. The Terms together with the Privacy Policy (and the respective amendments), and any undertaking you executed in relation thereto, shall constitute the entire agreement between you and Credit Kaagapay. In the event of any conflict between these Terms and any other term or provision on the Credit Kaagapay App, these Terms shall prevail.
8. If any of the Terms shall be deemed invalid, illegal, or unenforceable, such term or condition shall be deemed not written and the remainder shall continue to be valid and in force.
9. No delay or failure on the part of Credit Kaagapay to enforce its rights or remedies under these Terms shall constitute a waiver on its part of such rights or remedies unless such waiver is set forth and confirmed in writing by its duly authorized representatives.
10.        We may use artificial intelligence, machine learning, and other automated processing technologies to process your Personal Data for purposes including but not limited to credit scoring, fraud detection, and service improvement. Such processing shall be subject to appropriate safeguards and you maintain the right to object to such processing.

 

Date Updated: [March, 2026]