PJF Loan PRIVACY POLICY

Effective Date: Feb 02, 2026

1. Introduction, Legal Basis, and Scope of Application

PJF LENDING INC. (hereinafter referred to as “PJF Loan,” “we,” “us,” or “the Company”) is a company duly established and operating under the laws of the Republic of the Philippines. It is responsible for the daily operation, technical support, and service management of the mobile application “PJF Loan.”
PJF Loan is a digital platform designed to facilitate loan applications and related services.

JUST SMILE LENDING CORPORATION is a duly registered and licensed lending institution in the Republic of the Philippines that holds a valid authority to engage in lending activities. It acts as the authorized lending company and compliance-responsible entity for the PJF Loan application and assumes the corresponding legal and regulatory responsibilities for all loan-related services conducted through the application.

Both PJF LENDING INC. and JUST SMILE LENDING CORPORATION strictly comply with all applicable laws, regulations, and regulatory requirements of the Republic of the Philippines, including but not limited to Republic Act No. 10173 (the Data Privacy Act of 2012), its Implementing Rules and Regulations, and the relevant rules, guidelines, advisories, and issuances of the National Privacy Commission (NPC), the Securities and Exchange Commission (SEC), and other competent regulatory authorities.

This Privacy Policy is intended to explain how PJF LENDING INC. and JUST SMILE LENDING CORPORATION lawfully, fairly, and transparently collect, use, process, store, share, and protect users’ personal data and sensitive personal information when users download, register for, access, or use the PJF Loan application and its related digital platforms and services (collectively referred to as the “Platform”).

This Privacy Policy applies to all of the following circumstances:

Personal information voluntarily submitted by users directly through the Platform;

Information automatically collected or generated by the system during users’ use of the Platform; and

Information lawfully obtained from third-party service providers, subject to valid authorization and compliance with applicable laws.

By downloading, registering for, accessing, or otherwise using the Platform, you acknowledge that you have fully read, understood, and agreed to all terms of this Privacy Policy and voluntarily authorize the relevant companies to collect, process, store, and disclose your personal data in accordance with this Policy. If you do not agree to any provision of this Privacy Policy, you should immediately discontinue use of the Platform and related services.

Company Information Disclosure

Application Name

PJF Loan

Operating Company

Company Name: PJF LENDING INC.
(Responsible for the daily operation of the application, technical support, and user services)

Authorized and Licensed Lending Company

Company Name: JUST SMILE LENDING CORPORATION
Company Registration No.: CS202011342
Certificate of Authority No.: 3379
(A duly licensed lending company legally authorized to engage in lending activities and responsible for regulatory compliance related to loan services)

2. Categories of Information We Collect

We collect only such personal data as is reasonably necessary for the performance of our services, compliance with legal and regulatory obligations, risk management, and the protection of our legitimate business interests.

2.1 Identity and Core Personal Information

For purposes of identity verification, regulatory compliance, and fraud prevention, we may collect and process the following information:

Full legal name exactly as it appears on a valid government-issued identification document

Date of birth for age verification and eligibility determination

Gender and nationality, where required for regulatory reporting

Type, number, issuing authority, and expiration date of government-issued identification (including but not limited to UMID, passport, or driver’s license)

High-quality and legible images of the front and back of the submitted identification documents

Such information is used strictly for lawful verification purposes and is processed in accordance with data minimization principles.

2.2 Contact Details and Residential Address Information

To enable communication, verification, and service delivery, we may collect:

Current and complete residential address

Supplemental address descriptors, including street name, house or unit number, barangay, city, and province

Active mobile phone number registered under the user’s name

Valid and accessible email address used for service notifications and correspondence

2.3 Personal Background and Demographic Information

Where reasonably necessary, we may request:

Marital status

Highest educational attainment

This information may assist in internal risk profiling and service optimization but is not used as a sole determining factor in any decision-making process.

2.4 Employment, Occupation, and Income Information

To evaluate repayment capacity and financial stability, we may collect:

Current employment or business status

Employer or business name, industry, and address

Job title, role description, or nature of business

Length of employment or operational history

Salary or income disbursement schedule

2.5 Financial Background Information

We may collect limited financial indicators, including:

Existence and number of active credit cards

Declared monthly income range

Ownership status of assets or property

Current financial obligations, where voluntarily disclosed

2.6 Emergency Contact Information

For contingency and verification purposes, users may be required to provide:

Full name of at least one emergency contact

Relationship between the user and the emergency contact

Emergency contact information is used strictly for verification and risk mitigation purposes.

3. Device Permissions and Data Access

To ensure proper functionality, security, and compliance, the PJF Loan application may request access to certain device features.

3.1 Location Information

Purpose:

Detection and prevention of fraudulent activity

Verification of service eligibility based on geographic criteria

Compliance with regulatory and risk control requirements

The application collects approximate location information only, such as coarse geographic area or general location derived from network-based signals, and does not require continuous precise GPS tracking. Location data is processed in a limited, proportionate, and purpose-specific manner solely for legitimate business, compliance, and security purposes.

3.2 Calendar Access

Purpose of Use

With the user’s prior knowledge and explicit consent, the PJF Loan application may request access to the device’s calendar solely for reminder-related purposes, including:

Creating optional loan repayment reminders for upcoming due dates;

Adding loan-related reminders or repayment schedules that the user voluntarily chooses to save to their calendar;

Assisting users in better managing their repayment timelines.

Calendar access is not required for loan application, approval, or use of the core services of the Platform.

3.3 Camera & Media Access

Purpose of Use:

With your explicit authorization, we may request access to your device’s camera and media storage features strictly for legitimate and necessary business purposes, including but not limited to the following:

To conduct identity verification procedures in order to confirm that the applicant is a real and lawful user, and to prevent identity theft, impersonation, or other fraudulent activities;

To capture or upload images of valid, government-issued identification documents as part of customer due diligence, identity authentication, and regulatory compliance requirements;

To allow the submission of required supporting documents related to service eligibility, risk assessment, and application processing;

To assist in verification processes or customer support inquiries where visual confirmation is necessary to resolve issues or complete service requests.

Processing Principles:

All images, photos, or media files obtained through camera access or selected from your device are collected and used solely for the specific purposes stated above and will not be used for any unrelated activities;

We do not activate or access your device’s camera without your prior knowledge and explicit consent, and no image or media content is captured in the background;

Reasonable administrative, technical, and physical security measures are implemented to protect image data during transmission and storage, preventing unauthorized access, disclosure, alteration, or misuse;

Image and media data are retained only for the minimum period necessary to fulfill business, legal, and regulatory obligations, after which such data will be securely deleted, anonymized, or otherwise disposed of in accordance with applicable laws;

You may exercise your rights under applicable data protection laws to access, correct, or request deletion of your personal data collected through camera and media access, subject to legal retention requirements.

3.4 Device and Technical Information

Collected Data Includes:

Device model and operating system version

Network carrier and technical identifiers

Encrypted device identifiers

This information supports system security, fraud prevention, and technical troubleshooting.

3.5 Network Connectivity Information

We may collect limited network-related data, such as connection type and signal quality, solely for service optimization purposes. We do not collect WiFi passwords or monitor specific network names.

3.6 IDFA (Identifier for Advertisers) Collection and Use

With your explicit consent, the PJF Loan application may collect the IDFA (Identifier for Advertisers) from your device solely for analytics, advertising measurement, and service improvement purposes. This includes measuring app installations and user engagement from marketing campaigns, delivering relevant non-intrusive advertisements within the application, and improving user experience by analyzing aggregated app usage data. The IDFA is used only in an anonymized or aggregated form and cannot be linked to personally identifiable information. It is not used for credit assessment, loan approval, or risk profiling. Users may opt out of targeted advertising or reset their IDFA at any time via their device settings, and choosing to opt out does not affect the ability to use the PJF Loan application or access its services. All processing of IDFA data is conducted in accordance with applicable laws and Apple App Store privacy requirements.

3.7 Advertising & Analytics Identifiers

Purpose of Use:

With your explicit consent and in accordance with applicable laws and platform requirements, we may process advertising and analytics identifiers for legitimate operational and analytical purposes, including but not limited to the following:

To perform data analytics, attribution measurement, and statistical analysis related to app installation, usage behavior, and feature engagement;

To evaluate the effectiveness of marketing campaigns and promotional activities through aggregated and anonymized performance metrics;

To manage advertisement delivery frequency, reduce repetitive content, and improve the relevance of in-app promotional information;

To support internal product optimization, user experience improvement, and service performance

3.8 Facial Recognition Data

Purpose:

Identity verification and applicant authentication

Prevention of impersonation and fraudulent activity

Compliance with security and verification requirements

Facial recognition technology may be used during the verification process solely to confirm that the applicant matches the submitted identification documents and is physically present at the time of application. Facial data is processed only for this limited purpose, is not used for unrelated profiling or advertising, and is retained only for the minimum period necessary under applicable legal and regulatory requirements.

4. Purposes of Processing Personal Data

We process personal data for legitimate, specific, and lawful purposes, including but not limited to:

Evaluation of applications and eligibility

Credit risk analysis and repayment capacity assessment

Fraud detection, prevention, and investigation

Compliance with legal, regulatory, and reporting obligations

Improvement of application performance and service quality

Customer support, dispute resolution, and communication

Marketing and analytics activities, where consent has been obtained

5. Disclosure and Sharing of Information

We do not sell personal data. Information may be disclosed only under strictly controlled circumstances, including sharing with authorized service providers, regulatory authorities, or in connection with lawful business transfers.

6. Data Storage, Retention, and Security Measures

To ensure the security, confidentiality, and integrity of users’ personal data, we implement multiple layers of administrative, technical, and physical safeguards throughout the data storage, processing, and access lifecycle. These measures include, but are not limited to, the following:

Data Storage and Encryption:

All personal information, government-issued ID images, financial data, and transaction records submitted by users are transmitted over secure, encrypted channels (e.g., HTTPS/SSL);

Server-stored data is encrypted at rest using industry-standard encryption protocols to prevent unauthorized access and data breaches;

Access to databases and storage systems is strictly controlled and limited to authorized personnel within the scope of their duties.

Access Control and Permissions Management:

Employee access rights adhere to the “least privilege” principle, ensuring that staff can only access data necessary for their work responsibilities;

All access activities are logged for auditing purposes, allowing traceability and post-event review;

Periodic internal training and security reviews are conducted to maintain staff awareness and compliance with data protection protocols.

Physical and Environmental Security:

Data centers meet national and international security standards and are equipped with fire protection, intrusion prevention, and environmental monitoring systems;

Only authorized personnel are permitted to access data center facilities, with all entries authenticated and recorded.

Data Backup and Disaster Recovery:

Critical data is regularly backed up and stored in secure, controlled secondary systems;

A comprehensive disaster recovery plan is in place to ensure rapid service restoration and data integrity in the event of system failures or unforeseen incidents.

Data Retention and Secure Disposal:

Personal data is retained only for the minimum period necessary to fulfill the stated business purposes, comply with applicable laws, or meet regulatory requirements;

Once the retention period expires or the business relationship ends, data is securely deleted, anonymized, or otherwise disposed of in accordance with applicable regulations;

Deletion or anonymization processes follow strict protocols to ensure that data cannot be recovered.

Ongoing Monitoring and Improvement:

System security and data access activities are continuously monitored to detect anomalies or unauthorized activity;

Regular security risk assessments and compliance audits are conducted, and security measures are updated based on evolving laws, regulations, and industry best practices.

Through these measures, we are committed to safeguarding users’ personal data to the greatest extent possible, preventing unauthorized access, disclosure, loss, or misuse, and ensuring the confidentiality, integrity, and availability of all information processed by our services.

7. Third-Party Software Development Kits (SDKs)

Our application integrates third-party SDKs such as AppsFlyer, Advance.AI, and Firebase strictly for analytics, identity verification, and performance monitoring purposes. All SDKs are subject to due diligence and contractual data protection obligations.

8. Data Retention Periods

Personal data is retained only for as long as necessary to fulfill the purposes outlined in this policy or as required by applicable laws.

9. Data Subject Rights

Users may exercise their rights to access, correction, deletion, objection, and data portability in accordance with the Data Privacy Act of 2012.

10. Account Deletion

Account deletion requests may be submitted through in-app functions or customer support, subject to identity verification.

11. Children’s Privacy

Our services are intended exclusively for individuals aged 18 years or older. We do not knowingly collect data from minors.

12. Amendments to This Policy

We reserve the right to amend this Privacy Policy as necessary. Material changes will be communicated through appropriate channels.

13. Contact Information

Phone Number: 09606043826

Address：303 Unsang Street Barangay Dirita-Baloguen, Iba, Zambales, 2201 Philippines

14. User Acknowledgment and Consent

By continuing to use the PJF Loan application, you confirm your understanding of and agreement to this Privacy Policy and consent to the lawful processing of your personal data.