PLink Loan

This Privacy Policy shall take effect from Mar 02, 2026.

At Cashpedia Lending, Inc. (“the Company,” “we,” “us,” or “PLink Loan”), we protect your personal information in full compliance with applicable laws and regulations, notably the Philippines’ Data Privacy Act of 2012 (Republic Act No. 10173). Information submitted through our official mobile application, website, credit services, or other financial products is handled lawfully, safeguarded with appropriate security measures, and used only for legitimate business purposes.

Operating Company Information

Company Name: Cashpedia Lending, Inc.

SEC Registration No. CS201906528

Certificate of Authority No. 2945

Email: zaimenellabiste@cashpedialending.com

Address: Marajo Tower North Penthouse Unit, 26th Street corner 4th Avenue, Fort Bonifacio, Taguig, Metro Manila, 1634 Philippines

Authorized Company Information

Company Name: MAKATI LOAN, INC.

SEC Registration No. CS 201917209

Certificate of Authority No. 3130

Email: florenceiligan@makatiloanlnc.com

Address: 4th Floor Marvin Plaza Building 2153 Don Chino Roces Avenue, Bray. Pio Del Pilar Makati, Metro Manila, 1230 Philippines

Where This Applies

This Policy applies to all individuals who interact with our services, including:

Visitors to our websites and other digital platforms
Users of our mobile applications
Loan applicants and existing borrowers
Individuals who participate in any financial services offered by the Company

We protect your personal data consistently, whether you engage with us online, in person, or through other channels.

What We Collect

For the provision of services and regulatory compliance, Cashpedia Lending, Inc. collects and processes personal data in accordance with the Data Privacy Act of 2012 (RA 10173) and its implementing rules. We use this data to offer customized financial products and to maintain appropriate technical and organizational security measures. The specific categories of personal data and their corresponding purposes are set forth below:

1.Identification Data

To establish your identity, prevent fraud, and meet our legal and regulatory obligations (including applicable AML/KYC requirements), we collect the following identification data. This information underpins our customer due‑diligence and service delivery processes:

(1)Full Name

We record your full legal name exactly as it appears on official identification to: create and maintain your account; generate contracts, receipts, and statements; enable accurate reporting and audits; reconcile transactions across internal systems; avoid duplicate accounts; and support fraud investigations and sanctions/PEP screening. Where necessary, we may also retain former or alternate legal names you disclose for identity matching and regulatory reporting.

(2)Government‑issued identification details

We collect the type, number, issuing authority, and expiration date of your valid government‑issued ID (e.g., passport, driver’s license, UMID), and, where permitted or required, a copy or image of the ID and machine‑readable zone. This enables robust identity verification, document authenticity checks, AML/KYC compliance, and sanctions/PEP screening. Sensitive elements shown on IDs may be masked in our systems where feasible. We do not collect or store biometric templates unless required by law or expressly permitted; any liveness or similarity checks, if used, are limited to verification and handled with heightened safeguards.

(3)Date of birth, age, and, where allowed by law, gender

We use your date of birth and age to confirm you meet age‑of‑majority and product‑eligibility thresholds, prevent identity theft and account misuse by minors, and ensure accurate tax and regulatory reporting. Where legally permitted and relevant, we may also record gender for identity resolution (e.g., matching across credit bureaus) and to comply with regulatory disclosures. These fields help us reduce false positives in fraud screening and maintain accurate customer records.

(4)Marital Status and Educational Background

We collect marital status and education information to better understand your financial profile for creditworthiness assessments, affordability analysis, and suitability of product recommendations. This helps us calibrate risk controls and propose terms aligned with your circumstances. Provision of this information may be optional in certain jurisdictions; where collected, it is not used for unlawful discrimination and may be aggregated for portfolio‑level risk analytics.

(5)Current residential address

Your up‑to‑date residential address allows us to verify that you are within our serviceable geography, complete mandatory KYC address verification (which may include validation against trusted databases or submission of proof of address), and ensure accurate delivery of notices, statements, and legally required communications. Address history and updates may be retained to meet recordkeeping obligations and to assist in fraud detection (e.g., detecting suspicious address changes).

(6)Emergency contacts (minimum of two)

We collect the full names, phone numbers, and relationship to you for at least two emergency contacts. These contacts are used strictly for identity verification and fraud‑risk controls consistent with our business purposes—for example, to confirm activity when we detect potential account takeover or conflicting identity information. We do not use emergency contacts for marketing. When reaching out, we limit disclosures to what is necessary for verification and do not reveal your account details. You should ensure you have informed these contacts that their information may be provided to us for the stated purposes.

2.Financial Data

To ensure that we engage in responsible lending practices while conducting thorough credit assessments, we collect the following financial details:

(1)Bank Account or E-Wallet Details

We use your bank or e‑wallet details (account holder name, account/wallet number or ID, and bank/branch or wallet provider) to disburse loans, process repayments, and verify transactions. Your data is safeguarded with industry‑standard encryption and strict access controls.

(2)Employment Details

Your employment details—such as company, position, time in role, and monthly income—are used to assess financial stability, verify employment, and determine repayment capacity and loan eligibility.

3.Device and Technical Data

To enhance the security of our platform, improve the quality of our services, and prevent fraudulent activities, we collect the following technical data:

(1)Device Details

We gather specific information about your device, including the device model, operating system version, unique device identifiers, and battery status (charging condition and battery level) to optimize application performance, ensure compatibility, and identify potential security threats.

(2)Network Details

We collect network-related data such as your IP address, connection type (Wi-Fi or mobile data), and service provider to detect suspicious activities, block fraudulent transactions, and optimize our service delivery based on network conditions.

4.Access Permissions and Data Processing

To enhance your user experience while maintaining the highest level of security, our app may request certain device permissions. Below is a comprehensive explanation of each permission’s purpose and our stringent usage policies:

(1)Device Information

In order to secure your account and prevent fraudulent or duplicate accounts, we gather certain technical details about your device, including its model, OS version, and unique identifiers. This data is used exclusively for identity verification and fraud prevention, and it is handled securely in line with relevant privacy regulations.

(2)Camera and Photo Gallery

When uploading identification documents or proof of income, you may be asked to grant access to your camera or photo gallery. This access is used strictly to capture or select the required documents and is not for browsing or collecting unrelated media. All images are used exclusively for verification purposes and are not stored permanently.

(3)Calendar

We request access to your calendar to integrate seamlessly with your device’s calendar features. No calendar events or personal data will be collected, stored, or shared.

(4)Biometric Data (Face Recognition)

With your consent, we may request a live face capture to validate your identity, reducing the risk of impersonation. We do not use biometric data for marketing or profiling; it is restricted to identity checks and dispute handling and is protected by encryption and other safeguards.

How We Use Your Information

We process personal data only for legitimate, specific business needs and in line with data‑protection principles.

(1)Underwriting and Account Servicing

We evaluate eligibility, perform risk assessments, make approval or rejection decisions, issue loan agreements, and administer disbursement, repayment schedules, collections, account updates, and related servicing activities.

(2)Identity and Credit Verification

We verify identity and assess repayment capacity using official ID records, biometrics where permitted (e.g., facial images for liveness and match), and historical financial behavior-supporting prudent, responsible lending decisions.

(3)Regulatory Compliance

We process and retain records as required under Philippine law and supervisory guidance, including obligations from the Securities and Exchange Commission (SEC), the Bangko Sentral ng Pilipinas (BSP), and the Data Privacy Act of 2012.

(4)Customer Communications and Support

We use your contact details to deliver service notices, transaction confirmations, repayment reminders, risk or policy updates, and to respond to inquiries, complaints, and after sales support in a timely manner.

(5)Service Quality and Product Enhancement

We analyze aggregated app usage, performance metrics, and user feedback to remediate defects, improve stability, and design features that better address customer needs and market conditions.

(6)Fraud Prevention and Security Monitoring

We monitor behaviors and signals to detect anomalies, validate legitimacy, mitigate unauthorized access, and protect users and systems from fraud, abuse, and other unlawful activities.

(7)Business Intelligence and Internal Governance

We rely on aggregated and anonymized data for internal reporting, performance tracking, service optimization, policy testing, and quality assurance, consistent with corporate governance standards.

We implement administrative, technical, and physical safeguards (e.g., access controls, encryption, audit logs) and retain information only as long as necessary for the stated purposes or as required by law.

About Our Third-Party SDKs

To enable core functions, improve usability, and maintain stability and security, our app integrates certain third‑party Software Development Kits (SDKs). Before any SDK is added, we assess the provider’s data practices, security measures, and contractual safeguards to ensure compliance with applicable laws and platform rules.

Where required, SDKs are initialized only after you grant consent. Any data collected through these SDKs is limited to the stated purposes, processed under appropriate legal bases (e.g., consent or essential service provision), and handled in accordance with our Privacy Policy and the SDK providers’ policies. You can withdraw consent or change preferences at any time via in‑app settings; doing so will disable non‑essential SDKs. We review our SDK inventory periodically and will update this disclosure if changes occur.

(1)AppsFlyer

Purpose: Analytics and attribution to measure install sources, campaign performance, in‑app events, app stability, and anti‑fraud signals.
Data categories: Advertising/device identifiers, install referrer, IP address, device and app information (model, OS/app version, language, time zone), configured in‑app events (e.g., install, open, registration, purchases or key actions), ad interactions (impressions/clicks), coarse location derived from IP, timestamps. No personal content is collected.
Legal basis: Your consent where required for marketing/analytics; otherwise processing that is necessary for service operation and security.
Controls: Non‑essential analytics/attribution initialize only after consent. You can withdraw consent anytime in app Settings. You can also reset or limit your device’s advertising identifier and restrict tracking via device settings.
Security and sharing: Data is encrypted in transit and used only for measurement, analytics, and fraud prevention. We prohibit any use for independent advertising profiles.
Retention: Retained only as long as needed for the stated purposes; event‑level data is kept for a limited period before being aggregated or anonymized.
International transfers: Data may be processed in multiple countries with appropriate safeguards.

(2)Dyna.AI

Purpose: Identity verification with face matching and liveness detection to secure account access and complete loan onboarding; fraud prevention and, where applicable, KYC/AML compliance.
Data categories: Real‑time facial images or short video you capture; derived facial embeddings/templates for matching; liveness/anti‑spoof signals; official ID images and extracted fields you submit; verification outputs and scores (similarity, liveness result, pass/decline status); device and network metadata (device model, OS, IP address, timestamps); audit logs. Biometric data is not used for advertising or unrelated profiling.
Legal basis: Your consent where required; processing necessary to perform a contract (account/loan onboarding); compliance with legal obligations (e.g., KYC/AML); and our legitimate interests in preventing fraud and protecting users.
Controls and choices: You may decline facial verification, but certain services (e.g., account opening or loan disbursement) may be unavailable. Where consent is used, you may withdraw it at any time in app settings; withdrawal does not affect processing already carried out. You may request access, correction, deletion, or restriction of your verification data, and object to processing where applicable. Alternative verification methods may be offered subject to risk and regulatory requirements.
Security and sharing: Data is encrypted in transit and at rest, access is strictly role‑based, and processing is limited to verification and fraud prevention. We do not sell or rent biometric data. Where vendors/sub‑processors assist verification, they are bound by confidentiality and data protection obligations and may not use the data for their own purposes.
Retention: Kept only as long as necessary for the stated purposes and legal/regulatory requirements. Live images and templates are retained for the minimum period needed to complete verification and compliance checks, then deleted or irreversibly anonymized [e.g., within X days/months unless a longer period is required by law or for dispute handling].
International transfers: Data may be processed in multiple countries with appropriate safeguards and access controls. We ensure protections consistent with applicable data protection laws.
Children: This service is not intended for children below the minimum age for financial services under applicable law. We do not knowingly collect biometric data from such individuals.

Our Legal Reasons to Process Your Data

We process your personal data in line with applicable laws, including the Data Privacy Act of 2012 of the Republic of the Philippines and its Implementing Rules and Regulations (IRR). Depending on the context, we rely on one or more of the following legal grounds:

(1)Your Consent

We obtain your explicit, informed consent before accessing certain device permissions (e.g., camera, location) or collecting sensitive information (such as government ID images). You may withdraw your consent at any time via in app settings or your device's permission controls. Withdrawal does not affect the lawfulness of processing already carried out but may limit access to certain features.

(2)Contractual Necessity

We process your data as needed to enter into and perform our agreement with you-such as reviewing your loan application, assessing eligibility, verifying identity, disbursing funds, providing customer support, and managing repayments and related account communications.

(3)Legal and Regulatory Compliance

We process data to meet legal obligations and regulatory requirements set by competent authorities, including the Securities and Exchange Commission (SEC) and Bangko Sentral ng Pilipinas (BSP). This covers, for example, anti money laundering (AML) and know your customer (KYC) checks, sanctions screening, tax and accounting/audit duties, record retention, regulatory reporting, and responding to lawful requests.

(4)Legitimate Business Interests

We may process your information to operate, secure, and improve our services-for example to detect and prevent fraud and abuse, maintain information security, ensure service reliability and performance, conduct product analytics and improvements, and protect our rights. We perform a balancing test and implement safeguards to ensure these interests do not override your rights and freedoms. Where applicable, you have the right to object to such processing.

If we intend to use your data for a new purpose that is incompatible with the original one, we will seek your consent or identify another applicable legal basis and notify you as required.

How We Share Your Information

We share personal data only as necessary for the purposes described in this Policy, under appropriate confidentiality, contractual, and security safeguards, and in compliance with applicable laws (including the Data Privacy Act of 2012 of the Republic of the Philippines and its IRR). Depending on the context, recipients may include:

(1)Affiliates and Service Providers (Processors)

We share data with our affiliates and authorized vendors that help deliver and support our services-for example cloud hosting and storage, payment processing and payouts, identity/KYC verification, customer support platforms, IT and security providers, and data analytics tools. We conduct due diligence and bind these parties through written data processing agreements that: limit use to our documented instructions; require appropriate technical and organizational measures; restrict onward disclosures; and allow oversight.

(2)Government, Regulators, and Law Enforcement

Where required by law, we disclose information to competent authorities such as courts, law enforcement, the Securities and Exchange Commission (SEC), Bangko Sentral ng Pilipinas (BSP), and the National Privacy Commission (NPC). Disclosures occur only in response to lawful requests, court orders, regulatory reporting, or other legal obligations (including AML/CFT requirements), and we limit the information to what is necessary.

(3)Credit Bureaus and Financial Partners

For lending-related purposes, we share relevant data with accredited credit bureaus, scoring agencies, remittance and payment partners, and financial institutions to assess creditworthiness, manage risk, process disbursements and repayments, and prevent fraud-supporting responsible lending and regulatory compliance.

(4)Legal, Tax, and Compliance Advisors

We may provide necessary information to external counsel, auditors, and compliance consultants to protect our legal rights, conduct audits, resolve disputes, ensure accurate accounting/tax reporting, and meet regulatory obligations.

(5)Trusted Business Partners

We may collaborate with vetted partners for fraud prevention, risk analytics, security monitoring, and service performance analytics. These partners are contractually obligated to protect your data and use it only for approved purposes and for no longer than necessary.

(6)Corporate Transactions

In connection with mergers, acquisitions, restructurings, financing, or the sale/transfer of all or part of our business, your information may be shared under confidentiality with prospective or actual counterparties and their advisors. If ownership or control changes, we will take steps required by law and, where applicable, notify you.

(7)With Your Consent or at Your Direction

We will share information with third parties when you ask us to-such as when linking an e wallet or bank account, using a third party identity provider, or participating in co branded features. We will obtain your consent where required.

We do not sell or rent your personal information. We also do not allow third parties to use your data for their own independent marketing purposes without your consent. We share the minimum data necessary for the stated purpose, apply access controls and encryption where appropriate, monitor vendor compliance, and require timely deletion or return of data after processing ends.

Data Retention Policy

We retain personal information only as long as needed to fulfill this Privacy Policy’s purposes and meet legal or regulatory obligations. Retention depends on data type, purpose, legal/contractual limits, and security or fraud‑prevention needs.

(1)While Your Account Is Active

We store data to deliver services, maintain accurate records, and provide support and security.

(2)After Account Closure

We retain only what is necessary to settle outstanding loans/transactions, handle inquiries and disputes, prevent fraud, and perform compliance and analytics (preferably using anonymized data).

(3)Regulatory Requirements

Certain records must be kept for periods required by financial, AML/CFT, tax, and other laws. Where specific durations apply, we follow them and extend retention for legal holds or proceedings.

(4)Secure Disposal

When retention ends or data is no longer needed, we securely delete, anonymize, or destroy it, including scheduled purging of backups; processors must also delete or return data when processing ends.

(5)Exceptions and Holds

We may retain data longer to comply with legal holds, resolve disputes or chargebacks, and protect users, the public, or system security. Anonymized/aggregated data may be kept for analytics.

(6)Your Choices

We honor eligible deletion or anonymization requests subject to legal or contractual retention obligations and will explain if a request cannot be fulfilled.

How We Keep Your Data Safe

We protect the confidentiality, integrity, and availability of your data across its lifecycle using industry‑leading technical controls and rigorous management practices.
Encryption: TLS/HTTPS for data in transit and AES‑256 for data at rest, with additional encryption layers for sensitive data (e.g., ID documents, bank accounts).
Access control: Least‑privilege permissions for employees and vendors, enforced with multi‑factor authentication and audited access.
Security operations: Continuous threat monitoring, routine vulnerability scanning, regular third‑party security audits, and penetration testing; development follows a Secure Development Lifecycle with strict logical data isolation between accounts.
Incident response: In line with the Data Privacy Act of 2012, we maintain a breach response plan to issue timely alerts, notify affected users and the National Privacy Commission, contain risks, and conduct root‑cause analysis.
Continuous improvement: We track emerging threats and allocate at least 15% of the annual IT budget to ongoing security enhancements.

If you have any questions, comments, or requests regarding this Privacy Policy, please contact us.

Company Name: Cashpedia Lending, Inc.

SEC Registration No. CS201906528

Certificate of Authority No. 2945

Email: zaimenellabiste@cashpedialending.com

Address: Marajo Tower North Penthouse Unit, 26th Street corner 4th Avenue, Fort Bonifacio, Taguig, Metro Manila, 1634 Philippines