Effective Date: [December 18, 2025] Company Name: LOANHARBOR LENDING CORPORATION SEC Registration Number: CS201642206 Authorization Certificate Number: 1990 Company Address: 114 GUMAMELA , SUNRISE SUBD. , CAVITE, REGION IV-A (CALABARZON) Company Email: proposal@loanharborlendingco.com 1. Introduction Welcome to Harbor Peso (“we,” “our,” or “us”). We value your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, process, store, protect, and share your information when you use our Android mobile loan application (“the App”). By downloading, accessing, or using the App, you acknowledge that you have read, understood, and agreed to this Privacy Policy. If you do not agree, please discontinue use of the App immediately. 2. Scope of This Policy This Privacy Policy applies exclusively to: • Android mobile devices • Users located in the Philippines • Loan and financial services provided through the Harbor Peso Android application 3. Information We Collect We collect information strictly necessary to: • Verify your identity • Assess creditworthiness • Provide loan services • Prevent fraud and abuse • Comply with Philippine laws and regulations • Improve app performance and user experience 3.1 Personal Information Information you voluntarily provide during registration and loan application, including: • Full name • Date of birth • Gender • Nationality • Current and permanent address • Mobile phone number • Email address • Government-issued ID details • ID photos and selfie for identity verification • Employment information (employer, income, job category) • Financial information (bank account or e-wallet details) 3.2 Device & Technical Information (Android) Collected automatically to ensure system security, prevent fraud, and maintain service stability: • Device model, brand, Android OS version • App version, system language, time zone • IP address and network connection information • Crash reports and diagnostic data Note: We do not collect IMEI, SIM serial numbers, MAC addresses, or any data prohibited by Google Play policies. 3.3 Approximate Location Information With your explicit permission, we may collect approximate location data to: • Prevent fraudulent activity • Verify regional service eligibility • Assist in credit risk assessment You may disable location permissions at any time through your Android device settings. 3.4 Emergency Contact Information With your explicit consent, the App may collect emergency contact information that you voluntarily provide, solely for the following purposes: • Supporting user identity verification • Assisting in credit risk evaluation • Preventing fraud and identity misuse Safeguards • Emergency contact information is not used for marketing or promotional purposes • Emergency contact data is not sold, rented, or shared with third parties for advertising • All emergency contact information is securely stored and processed in encrypted form • Access to emergency contact data is strictly limited to authorized personnel for lawful purposes only 3.5 SMS Information 3.5.1 Purpose of SMS Access With your explicit and informed consent, the App may request access to SMS messages strictly limited to financial-related messages on your Android device, solely for the following purposes: • Detection of abnormal or fraudulent financial activity • Improving accuracy of credit risk assessment related to loan services 3.5.2 Scope and Limitation of SMS Access The App only accesses SMS messages that are clearly financial in nature, such as messages containing: • Loan-related notifications • Repayment confirmations or reminders The App explicitly does NOT: • Read personal or social messages • Read messages unrelated to financial services • Monitor or collect private communications • Access SMS for advertising, marketing, or profiling unrelated to lending • Upload the full SMS inbox to servers Access is restricted to the minimum necessary data required for the above purposes. 3.5.3 Data Processing Method • SMS data is processed automatically and selectively, based on financial keywords or verified senders • Only relevant message fragments (e.g., verification codes or transaction indicators) may be temporarily processed • SMS content is not continuously monitored Any accessed data is: • Used only for the stated financial verification purposes • Not permanently stored unless required by applicable laws • Protected through encryption and strict access control 3.5.4 User Consent and Control • SMS permission is requested only after a clear, standalone in-app disclosure explaining that access is limited to financial SMS only • Granting this permission is voluntary • You may revoke SMS access at any time through Android system settings 3.6 Camera Access 3.6.1 Purpose of Camera Access With your explicit consent, the App may request access to your device’s camera for the following strictly limited purposes: • Capturing photos of government-issued identification documents • Taking selfies or live facial images for identity verification (KYC) • Supporting liveness detection and anti-fraud verification • Uploading documents required for loan application and approval The camera is only activated when you initiate an action that requires photo capture. The App does not record video, audio, or capture images in the background. 3.6.2 Scope and Data Minimization Access to camera and gallery is strictly limited: • Only images explicitly selected or captured by you are accessed • No continuous or background access is performed • No automatic collection of photos or files • No access to unrelated personal media content Collected images are used only for loan-related verification purposes and are not repurposed for advertising or non-financial profiling. 3.6.3 Storage, Protection, and Retention • Uploaded images are transmitted via encrypted channels (TLS/HTTPS) • Stored securely using industry-standard encryption • Access is restricted to authorized personnel and verified systems • Images are retained only as long as necessary to: - Complete verification - Fulfill legal and regulatory obligations • After the retention period, images are securely deleted or anonymized 3.6.4 User Control and Consent • Camera permissions are requested only when required for specific features • You may deny or revoke permissions at any time via Android system settings • Denying these permissions may limit access to certain features (e.g., loan application), but will not block basic app usage 3.7 Calendar Access With your explicit consent, the App may request access to your device’s calendar for the following strictly limited purposes: • Creating and managing repayment reminder events • Assisting in loan schedule tracking and timely notifications • Supporting repayment compliance and user convenience The App will only add or read calendar events related to your loan repayment dates and reminders. No unrelated calendar events will be accessed, modified, or collected. Safeguards • Calendar access is used solely for repayment reminder services and not for marketing, advertising, or any other purposes • No calendar data is shared with third parties except as required for loan-related services or by law • All accessed calendar information is processed securely and not permanently stored beyond what is necessary for reminder functionality • Access is limited to the minimum required data and strictly controlled User Consent and Control • Calendar permission is requested only when you choose to enable repayment reminders • Granting this permission is entirely voluntary • You may revoke calendar access at any time through your Android device settings, which will disable reminder features but will not affect other app functions 3.8 Installed Apps Information 3.8.1 Purpose of Access With your explicit consent, the App may access information about installed financial-related applications only to support: - Fraud prevention and abnormal behavior detection - Credit risk assessment related to loan services 3.8.2 Scope and Limitation The App only reads app package information of finance-related apps (such as banking, e-wallet, or lending apps). The App explicitly does NOT: • Access non-financial apps • Collect app usage behavior or content • Use this data for advertising or marketing • Upload a full list of installed apps beyond what is necessary 3.8.3 Security and Data Protection • App data is processed securely with strict access control • Information is not shared with third parties for non-loan purposes • Data is retained only as required for risk evaluation or legal compliance 3.8.4 User Consent and Control • Permission is requested only after clear, standalone disclosure • Granting access is voluntary • You may revoke this permission at any time via Android system settings 4. How We Use Your Information 4.1 Loan Services • Account registration and user onboarding • Credit evaluation and loan approval • Loan disbursement • Repayment reminders and account notifications • Customer service support 4.2 Risk Control & Fraud Prevention • Identity authentication • Abnormal behavior detection • Device consistency checks • Prevention of fake or duplicate accounts • Protection against identity theft 4.3 Service Optimization • App performance analysis • Feature improvement • Operational analytics 4.4 Legal & Regulatory Compliance • Know-Your-Customer (KYC) requirements • Anti-Money Laundering (AML) compliance • Responding to lawful government or regulatory requests 5. How We Share Your Information We do not sell your personal data. We only share information under the following circumstances: 5.1 Service Providers & Partners We may share data with trusted partners, including: • Banks and payment processors • Identity verification providers • Credit scoring and fraud prevention partners • Cloud service and data storage providers • Analytics and technical service providers All partners are contractually obligated to protect your data and use it only for authorized purposes. 5.2 Legal Requirements We may disclose information if required by: • Court orders • Subpoenas • Law enforcement agencies • Government or regulatory authorities 5.3 Corporate Transactions In the event of: • Merger • Acquisition • Asset transfer Your data may be transferred securely as part of the business transition, subject to continued protection. 6. Data Storage & Retention 6.1 Storage Your data is stored: • On secure cloud servers • Within encrypted systems • Accessible only to authorized personnel 6.2 Retention We retain your data: • While your account remains active • As required by applicable laws after account closure • Typically for 3–5 years to meet financial and regulatory obligations After the retention period, data is securely deleted or anonymized. 7. Data Security Measures We implement industry-standard safeguards, including: • Encrypted data transmission (TLS) • Encrypted storage (AES) • Role-based access control • Continuous security monitoring • Regular internal security reviews While no system is completely secure, we take reasonable measures to protect your data. 8. Your Rights Under Philippine law and applicable data protection regulations, you have the right to: • Access your personal information • Correct inaccurate or outdated data • Request deletion • Withdraw consent • Request data portability • Object to certain processing activities • Close your account To exercise your rights, contact us at: 📧 proposal@loanharborlendingco.com 📞 +63 0945645378 9. Children’s Privacy Our services are intended only for adults. We do not knowingly collect data from individuals under 18 years old. If such data is identified, it will be promptly deleted. 10. Changes to This Privacy Policy We may update this Privacy Policy due to: • Legal or regulatory changes • Technical updates • Service modifications Significant changes will be communicated via the App or official channels. 11. Contact Information For privacy-related inquiries or concerns: LOANHARBOR LENDING CORPORATION 📍114 GUMAMELA , SUNRISE SUBD. , CAVITE, REGION IV-A (CALABARZON) 📧 proposal@loanharborlendingco.com 📞 +63 09456453787