Cashaya is operated by G.A. OROBIA LENDING CORP. (SEC Registration Number: CS201911568, Certificate of Authority No. 3035). At Cashaya (“we,” “our,” or “us”), we place strong importance on protecting your personal information in line with international frameworks such as the GDPR, CCPA, and Google Play privacy standards. This Privacy Policy explains how we collect, use, secure, and disclose your information when you interact with our digital lending platform
A. Data You Provide
During registration and loan application, we may request and process the following details:
- Full name, gender, date of birth
- Government-issued ID details and photos
- Contact information: mobile number, email, and residential address
- Employment and financial information, including occupation, salary range, and banking or e-wallet accounts
- Emergency contact details (names, phone numbers, relationship)
- Other supporting information such as education or religion, if required by regulations
Purposes of use include:
- Confirming your identity and cross-checking data with trusted third parties
- Fraud and risk detection, prevention of misuse, and account protection
- Building credit models and improving eligibility assessments
- Sending service-related messages, offers, or policy updates (with opt-out options)
- Resolving complaints and supporting customer service inquiries
- Complying with applicable legal and regulatory obligations
B. Data from External Sources
With your permission, we may gather information from third parties such as credit bureaus or identity verification services. These inputs help us evaluate your creditworthiness and reduce fraudulent behavior. All transfers are secured by encrypted HTTPS connections. Cashaya does not share your data with external parties without your prior authorization.
All information exchanged through Cashaya is safeguarded using 128-bit SSL encryption and stored securely on protected servers. Data is transmitted only via encrypted HTTPS connections: (https://check.cashaya.net/). Regular audits and security reviews are conducted to maintain compliance and reduce risks.
For Know Your Customer (KYC) procedures, we request permission to use your device camera exclusively to capture ID images and live photos. We never access or collect existing pictures or videos from your gallery. Refusal of this permission may limit our ability to verify your identity.
We may request up to five emergency contacts to assist with verification and risk evaluation. When using auto-fill from your contact list, only the entries you select are transmitted. We do not collect your full contact book. All provided information is encrypted and securely stored.
With consent, Cashaya may send push notifications for reminders, updates, and transaction alerts. This setting is optional and adjustable within your device's notification preferences.
To provide more accurate offers and detect unusual usage, we may, upon your consent, collect metadata such as application names and package identifiers from your installed apps. This is conducted in accordance with data protection principles.
We may collect limited location details (GPS coordinates, timestamps, or network area) to validate account activity and reinforce platform security. Suspicious access from unusual locations may trigger additional verification steps.
- ACCESS_WIFI_STATE: Used to analyze Wi-Fi details and detect risky or unusual connections.
- ACCESS_NETWORK_STATE: Collects connection type and IP information for service stability and fraud prevention.
- AD_ID: Your Google Advertising ID may be used to evaluate campaign performance. You can opt out in device ad settings.
We collect and process data strictly for lawful and necessary purposes, including:
- Processing loan applications
- Conducting KYC and eligibility checks
- Fraud monitoring and system security
- Meeting legal and compliance requirements (e.g., AML, anti-fraud regulations)
- Providing customer support and service enhancements
- Delivering updates or marketing materials (with opt-out option)
We employ multiple protective measures such as:
- End-to-end encryption of all sensitive data
- Role-based access limited to authorized staff
- Secure handling procedures and staff training
- Periodic audits and compliance reviews
Under the Philippine Data Privacy Act of 2012 (RA 10173), you are entitled to:
- Be informed of how your data is collected and used
- Access, update, or correct your information
- Withdraw consent or object to processing
- Request blocking or deletion of your data
- Data portability rights
- File complaints with the National Privacy Commission (NPC) for violations
By using our services, you confirm that you have read and understood this Privacy Policy. This policy, along with our Terms of Service, defines your relationship with Cashaya regarding personal data.
If you have questions, concerns, or requests regarding your information, please reach out to our Data Protection Officer at:
- Email: cs@cashaya.net
- Official Website: www.cashaya.net
We may revise this Privacy Policy periodically. Substantial changes will be communicated through email or in-app notices. Continued use of our app signifies your agreement with the updated terms.
If you request account deletion, we will remove your personal data from our active systems unless retention is legally required.
- Irreversibility: Once deleted, accounts and data cannot be restored.
- Retention: Only minimal data required by law (e.g., audit purposes) will be retained.
For deletion requests, please contact our Data Protection Officer at the email provided above.