Can a lending app access my phone contacts?
Last updated: 2026-07-10 ยท Educational content; not legal advice.
Short answer
No โ an online lending app may not harvest and use your entire phone contact list. SEC Memorandum Circular 18 (2019) makes it an unfair debt-collection practice to contact anyone in a borrower's phone other than a person named as a co-maker or guarantor, and RA 10173 (Data Privacy Act) requires that any data an app collects be limited to what is necessary for a declared, legitimate purpose โ a whole-contact-list upload for a solo loan fails that proportionality test. The National Privacy Commission has ordered lending apps to stop scraping contacts and to delete the data. LabanPH helps you file the SEC and NPC complaints that trigger those orders.
Primary sources
Frequently asked
But I clicked 'Allow' on the permission โ did I consent?
A blanket in-app 'Allow' is not valid consent under RA 10173 if the access is not necessary and proportional to the loan. Consent must be freely given, specific, and informed; harvesting every contact to pressure you later is excessive processing the NPC has repeatedly struck down.
The app already copied my contacts. What now?
Send a written demand to delete the data and screenshot the app's permission screen, then file with the NPC (RA 10173) and the SEC (MC 18). The NPC can order deletion and impose fines; the SEC can suspend the lender's Certificate of Authority.
Can they legally call the people they copied?
No. SEC MC 18 permits contacting only a person you named as a co-maker or guarantor. Calling or messaging your other contacts about your debt is an unfair collection practice and, separately, an unauthorized disclosure of personal data.
Take action
Got a similar problem?
File a complaint and we'll pre-fill BSP, SEC, DTI, and small-claims letters for you.
Interest caps, licensing, and how to complain about online lending apps in the Philippines.