Lendra Cash — Privacy Policy

Last Updated: May 2026

Preamble

Lendra Cash (hereinafter referred to as "we," "us," or "the Product") is a loan service product provided by LENDORA LENDING CORP., a company incorporated and operating under the laws of the Philippines. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our services, in compliance with the Philippines Data Privacy Act of 2012 (Republic Act No. 10173) and the rules and regulations of the National Privacy Commission.

We highly value the personal information and privacy protection of our users. This Privacy Policy is intended to help you understand how we handle your data so that you can make informed decisions.

If you have any questions, comments, or suggestions regarding this Privacy Policy, you may contact us at: lendoramark@lendora-lending.com. We will respond to your requests as soon as possible.

1. Information Controllers and Contact Information

1.1 Operating Company

Product Name: Lendra Cash

Company Name: LENDORA LENDING CORP.

Company Registration No.: CS201916340

Certificate of Authority No.: 3101

Registered Address: 23rd Floor, Summit One Tower, 530 Shaw Boulevard, Brgy. Highway Hills, Mandaluyong, Metro Manila, 1550 Philippines

Contact Email: lendoramark@lendora-lending.com

1.2 Contact Information

If you have any questions, comments, suggestions, or complaints regarding this Privacy Policy or our data practices, please contact us:

Email: lendoramark@lendora-lending.com

We will respond to your requests as soon as possible within the legally prescribed timeframe.

2. Personal Information We Collect

In order to provide you with safe, convenient, and efficient loan application and review services, we may collect the following categories of personal information from you. We only collect information that is necessary for the purposes described in this Policy.

2.1 Basic Identity Information

When you apply for a loan, we may collect the following basic identity information:

Full Name: Used to verify the borrower's identity and distinguish between different users.
Date of Birth: Used to verify age and determine whether the user has reached the legally prescribed age for borrowing.
Gender: Used for completeness of the loan application form and credit assessment purposes.
Marital Status: Used as a reference for credit assessment and loan decision-making.

2.2 Identity Verification Information

To ensure the authenticity and security of your identity, we may collect the following identity verification information:

Government-Issued ID Information: Including ID card numbers, passport numbers, or other government-issued identification document numbers for identity verification.
ID Card Photos: Photographs of the front and back of your government-issued ID for manual review and verification.
Facial Biometric Information: Facial recognition technology is used to confirm that the operator matches the identity on the submitted ID document, preventing impersonation and fraud.

2.3 Contact Information

We collect the following contact information to communicate with you about your loan application and account:

Mobile Number: Used for account registration, login verification, loan application notifications, and customer service communication.
Email Address: Used to receive loan-related notifications, bills, and important account alerts.

2.4 Financial-Related Information

The following financial information is collected to assess your repayment capacity and determine loan eligibility:

Monthly or Annual Income: Used to assess your repayment capacity and determine appropriate loan amounts.
Employer Information: Including employer name, job title, and years of employment for income verification and credit assessment.
Bank Account Information: Used for loan disbursement and repayment processing. Your bank account details are encrypted during transmission and storage.

2.5 Device and Usage Information

To ensure account security and optimize service quality, we may automatically collect the following device and usage information:

Device Information: Including device model, operating system version, device unique identifier (IMEI/Android ID), and app version. This information is used to ensure app compatibility and account security.
Network Information: Including IP address, network type (WiFi/Mobile Data), and network operator information. Used to assess network environment and prevent fraudulent activities.

2.6 Camera and Photo Album Permissions

We will request camera and photo album permissions in the following specific scenarios:

Camera Permission Use Cases:

Uploading ID Document Photos: You need to photograph the front and back of your government-issued ID to complete the identity verification process.
Facial Recognition Verification: During the identity verification step, you need to take a real-time photo or video for facial biometric comparison with your submitted ID.

Photo Album Permission Use Cases:

Uploading Supporting Documents: You may select existing photos from your album as supporting materials for your loan application.

The above permissions are only invoked when the relevant business function is triggered. We will not access your camera or photo album without your explicit authorization.

2.7 Biometric Permissions

We use facial biometric technology to verify your identity. This involves:

Facial Feature Extraction: We extract facial features from the photos or videos you provide for comparison purposes. This data is used solely for identity verification and is processed by our secure facial recognition system (Dyna.Ai SDK).
Liveness Detection: During facial verification, we may perform liveness detection to ensure the face being verified is from a real-time capture and not a spoofing attempt (e.g., photos or videos).

Your biometric data is encrypted and stored securely. We do not share your biometric data with any third parties for marketing or other purposes.

2.8 Network Access Permission

We request network access permission for the following purposes:

Communicating with backend servers to upload loan application materials and receive review results.
Retrieving real-time loan status updates and account information.
Sending repayment reminders and account security notifications.
Updating application versions to ensure you have the latest features and security patches.

3. How We Use the Information We Collect

3.1 Providing Core Loan Services

Processing your loan application, conducting credit assessment and risk control evaluation.
Verifying your identity information and preventing impersonation and fraud.
Evaluating your repayment capacity and intent and making loan approval decisions.
Disbursing loan funds to your designated bank account.
Processing repayments and handling overdue collections.

3.2 Account Security and Risk Control

Detecting and preventing abnormal logins, account takeovers, and fraudulent activities.
Comprehensively assessing transaction risks through device information, IP addresses, and other factors to ensure account security.
Facial recognition technology used to confirm that the operator matches the identity documents submitted.
Security incident investigation and emergency response.

3.3 Service Optimization and User Experience Improvement

Analyzing user behavioral data to optimize product features and operational processes.
Personalizing the display of loan amounts, interest rates, and other available options based on your credit profile.
Sending notifications and reminders related to loan services.

3.4 Legal and Regulatory Compliance

Complying with Bangko Sentral ng Pilipinas (BSP) regulations on Anti-Money Laundering (AML) and Know Your Customer (KYC) requirements.
Cooperating with lawful information requests from government agencies and regulatory authorities.
Used for dispute resolution and preservation of evidence in legal proceedings.

4. Third-Party SDK Disclosures

4.1 Dyna.Ai SDK

We use the Dyna.Ai SDK to provide facial recognition and identity verification services. The Dyna.Ai SDK enables us to perform real-time facial biometric verification, liveness detection, and identity document scanning as part of our Know Your Customer (KYC) process.

SDK Provider: Dyna.Ai

Data Processing Purpose: Identity verification, fraud prevention, and KYC compliance

Types of Data Collected:

Facial biometric data (facial features extracted from photos/video)
ID document images (front and back)
Liveness detection data
Device information required for SDK operation

Data Processing and Storage:

Facial biometric data processed by Dyna.Ai is encrypted during transmission. The facial template (mathematical representation of facial features) is stored securely on our servers. Dyna.Ai processes the data in accordance with its own privacy policy and applicable data protection laws. We have a data processing agreement with Dyna.Ai to ensure your data is handled responsibly. We do not share your personal data with Dyna.Ai beyond what is necessary for identity verification services.

5. Information Transmission and Encryption Protection

5.1 Transmission Encryption

TLS/SSL Encrypted Transmission: All data transmitted between your device and our servers is encrypted using industry-standard TLS/SSL protocols, preventing data from being intercepted or tampered with during transmission.
Full-Site HTTPS Encryption: All network communications of our app are protected by HTTPS encryption.
Independent Encryption for Sensitive Data: Highly sensitive data such as ID numbers, bank account numbers, and facial biometric data undergoes an additional layer of encryption before transmission.

5.2 Storage Encryption

Server-Side Encryption: Sensitive information stored in server databases is encrypted using AES-256 encryption standards.
Key Management: Encryption keys are stored separately from encrypted data and managed by authorized personnel only.

5.3 Access Control

We strictly control access to user data. Our employees' access to user data follows the Principle of Least Privilege. All data access activities are logged and subject to regular audits. Access to highly sensitive data requires multi-level approval.

6. Data Retention Periods

6.1 Retention Principles

We retain your personal information only for as long as it is necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. The specific retention period for each type of personal information is determined based on the following principles:

6.2 Specific Retention Periods

Account Information (Name, Contact Details): Retained for the duration of your account relationship and for 5 years after account closure, as required by Philippine BSP regulations.
Identity Verification Data (ID Photos, Biometric Data): Retained for 5 years from the date of submission, or until you withdraw consent and close your account, whichever is earlier.
Financial Information (Income, Bank Account): Retained for 5 years after loan closure in compliance with BSP record-keeping requirements.
Device and Usage Information: Anonymized data may be retained for up to 3 years for service improvement purposes.
Customer Service Records: Retained for 3 years from the date of the interaction.

6.3 Handling After Retention Period Expires

When the retention period expires, we will either delete or anonymize your personal information in accordance with our data disposal procedures. If immediate deletion is not technically feasible, we will take appropriate security measures to prevent further processing, including restricting access to the stored data until deletion can be completed.

7. Your Rights and Choices

As a user, you have certain rights regarding your personal information under the Philippines Data Privacy Act of 2012. We are committed to respecting and protecting these rights.

7.1 Right of Access

You have the right to request access to: what personal information we have collected about you, how this information is being used, and who the recipients of this information are (except where prohibited by law).

7.2 Right to Rectification

You have the right to request the correction of inaccurate personal information we hold about you. You can modify certain account information directly through the app, or contact us for assistance.

7.3 Right to Erasure

You have the right to request the deletion of your personal information when: we are using your information beyond the purposes described in this Policy; the legal basis for our collection no longer exists; you withdraw consent (withdrawal does not affect prior lawful processing); or you believe your information is being processed unlawfully.

7.4 Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal information in certain circumstances, such as when you are contesting the accuracy of the data.

7.5 Right to Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format, and to transmit that information to another data controller where technically feasible.

7.6 Right to Object

You have the right to object to the processing of your personal information based on our legitimate interests. We will stop such processing unless we have compelling legitimate grounds that override your rights.

7.7 How to Exercise Your Rights

To exercise any of the above rights, please contact us at: lendoramark@lendora-lending.com. We will verify your identity before processing your request and respond within the timeframe prescribed by the National Privacy Commission.

8. Statement on Protection of Minors

8.1 Age Restriction

Lendra Cash does not provide loan services to individuals under the age of 18. Our services are exclusively available to adults who meet the minimum age requirement for borrowing as prescribed by Philippine law. If you are under 18 years of age, you are not eligible to use our services and should not attempt to register an account.

8.2 We Do Not Collect Information from Minors

We do not knowingly collect personal information from individuals under 18 years of age. If we become aware that we have collected personal information from a minor without verified parental consent, we will take immediate steps to delete such information. If you believe we may have collected information from a minor, please contact us at lendoramark@lendora-lending.com.

8.3 Notice to Parents and Guardians

We encourage parents and guardians to monitor their children's online activities and to instruct their children never to disclose personal information on any online platform, including Lendra Cash. If you are a parent or guardian and believe your child may have provided personal information to us, please contact us immediately at lendoramark@lendora-lending.com.

9. Policy Updates and Modifications

We may update this Privacy Policy from time to time to reflect changes in our services, data processing practices, or applicable laws and regulations.

9.1 How We Notify You of Updates

In-App Announcements: We will publish the updated Privacy Policy within the app. Please review the updated Policy carefully.
Version Update Notices: When there are material changes, we will notify you through the app or via email before the changes take effect.
Effective Date: Updated Privacy Policies take effect upon the date of publication unless otherwise specified.

9.2 Impact on You

We will not reduce your rights under this Privacy Policy without your explicit consent. Your continued use of the app after the changes take effect constitutes your acceptance of the updated Policy.

10. Other Important Provisions

10.1 Third-Party Websites and Services

This Privacy Policy does not apply to third-party websites, mobile applications, or service providers not owned or controlled by us. Please note that these third-party services may have their own privacy policies. We recommend that you review the privacy policies of any third-party services before providing your personal information.

10.2 Cross-Border Data Transfer

Should it be necessary to transfer your personal information outside of the Philippines (for example, to cloud servers or service providers located abroad), we will ensure that such transfers comply with the requirements of the Data Privacy Act of 2012, including ensuring that the recipient provides an adequate level of data protection.

10.3 Security Incident Notifications

In the event of a personal data breach, we will promptly notify affected users and take remedial measures in accordance with the requirements of the National Privacy Commission. We will notify you via in-app notification or email as soon as practicable.

11. Contact Us