Finbubu Privacy Policy

 

Last Updated On: March 24, 2026

INTRODUCTION

Finbubu Limited (“Finbubu”, “we”, “us”, or “our”), a company incorporated in Hong Kong Special Administrative Region, operates the Finbubu App as a technology platform through which Users may access financial products and services provided by licensed financial service partners (“Licensed Partners”). Finbubu itself does not provide banking, lending, deposit-taking, or other regulated financial services.

The current Licensed Partner whose services are made available through the App is:

Rural Bank of Kibawe (Bukidnon), Inc. (“the Bank”), a rural bank duly licensed and supervised by the Bangko Sentral ng Pilipinas (BSP), with Certificate of Authority No. B1016 and Company Registration No. 91025, providing deposit-taking, credit line products, and related banking services through the App.

Each Licensed Partner is an independent legal entity. Finbubu’s role is limited to operating the technology platform and facilitating Users’ access to the Licensed Partners' services. Each Licensed Partner maintains its own separate privacy and data protection obligations in respect of the financial products it provides, governed by the terms applicable to those products.

Finbubu and the Bank are committed to protecting the privacy of Users. This Privacy Policy governs Finbubu’s collection, use, and processing of personal data in connection with the App platform. Where the Bank processes personal data in connection with its regulated financial products, such processing is additionally governed by the Bank’s own privacy notices  https://finbubu.com/privacy-notice as required by BSP regulations.

This Privacy Policy is part of our commitment to respect and protect every personal data and information belonging to users (as hereinafter defined) of Finbubu . We are committed to the protection of any and all personal data which may be provided by users or visitors to Finbubu . This Privacy Policy has been prepared in accordance and in compliance with the laws of the Republic of the Philippines, including Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012, and its Implementing Rules and Regulations (hereinafter referred to as the “Data Privacy Act”). This Privacy Policy sets out the policies in relation to any and all types of Personal Data (as defined below), including sensitive personal information. In this Privacy Policy, “Personal Data” means any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual, as defined under the Data Privacy Act. Personal Data may be provided by individual users of Finbubu  (“you”, the “User” or “Users”) for the collection, use and disclosure by us.

All Personal Data which relate to Users shall be handled in the manner set out in this Privacy Policy. We only collect information where it is necessary for us to do so and we will only collect information if it is relevant in our dealings with Users. We will only keep User’s Personal Data for as long as we are either required by law or as is relevant for the purposes for which the information was collected.

You may visit Finbubu and browse without having to provide Personal Data. During visits to Finbubu, you may choose to remain anonymous and at no time can the Company identify you unless you have a Finbubu Account and log in with a username and password.

The scope of this Privacy Policy is limited to information collected or received by us through your use of Finbubu and the specific financial products offered by our respective subsidiaries mentioned above. We are not responsible for the actions of third parties or companies outside of our Group, the contents of their facilities, the use of information you provide to them, the information they provide to you or any products or services they may offer. Any link to those sites does not constitute our partnership with, sponsorship or endorsement of, or affiliation with, those parties or companies or their brands.

Finbubu is intended for users aged 18 years or older. We do not knowingly collect minors’ Personal Data. If such data is discovered, it will be deleted immediately.

• Parental Responsibility: Parents should contact us if they find their child has used Finbubu without consent.
• Age Verification: We may request proof of age to prevent minor usage.

Before checking the box and clicking the “Accept” box, please read this Privacy Policy carefully to understand our policies and practices regarding your Personal Data gathered on Finbubu and how we will treat it. By clicking the box, you affirm that you have read our Privacy Policy and consent to our policies and practices. If you do not agree to the Privacy Policy, please stop the registration process immediately.

You hereby acknowledge that you have read and understood the Privacy Policy and agree and consent to the collection, use, storage, processing , and sharing of the Personal Data agreed herein. 

 

1. Why do we collect and process your data ( including but not limited to Personal Data)?

1. To confirm your identity (Know-Your-Customer or KYC Information);

Before using our financial services, we need to know who you are, as required by law. We also need to keep track of transactions and report any suspicious activities to financial regulators. This is because of rules against hiding the real source of money that may have been obtained illegally (money laundering).

2. For the creation of your user account in Finbubu App;
3. To enable Finbubu App features and functionalities;
4. To verify your identity and/or other information you provided to us;
5. To assess your eligibility to use our financial services;
6. To manage risk and prevent potential fraud and crime;
7. To manage and maintain your accounts/facilities with us;
8. To send you information about Finbubu, including news about product updates, events, and other promotional materials, but only if you agree to receive such communications. Finbubu will not share any personally identifiable information with third parties for marketing purposes without your consent; 
9. To provide customer service or support and to resolve issues and complaints;
10. For data analysis, data profiling and other legitimate interests, which will help us understand your needs and to help us improve our services. 

 

2. The types of data that we collect and process:

1. ID Data. To confirm and verify your identity , prevent fraud and assess your eligibility to use our financial services, when you apply for our services, and when you register an account on our mobile applications and online platforms, you may be asked to provide us with personally identifiable information, such as your ID number, full name, gender, date of birth, birthplace, phone number, e-mail address, residential address, family details, educational background and identity verification materials such as ID photos, selfies, or government-issued documents.
2. Device Data. To ensure security, fraud detection, and service optimization, we collect: device model, operating system version, IP address, WiFi status , Android ID, approximate location (collected with user consent) .

We collect and process your Android ID strictly for the following purposes:

Account Security & Authentication: To bind your account to your trusted device, ensuring that login attempts originate from you.

Fraud Prevention: To detect anomalous activities, prevent unauthorized access (account takeovers), and identify potentially malicious devices interacting with our platform.

Regulatory Compliance: To support our robust risk management framework and comply with the stringent Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations mandated by the relevant financial authorities in the Philippines.

Data Protection Commitment:

Your Android ID is encrypted in transit and securely stored. We explicitly do not use your Android ID for advertising, marketing, profiling, or tracking your activity across third-party applications.

3. Transaction Data. To verify your identity , prevent fraud and assess your eligibility to use our financial services , we need data to process your transactions: Bank account or card details for loan disbursement and repayment, loan application information and any other financial, transaction, or payment records of the User.
4. Interaction Data. We collect and process data from your interactions with us , including text, chat, email, call, web form, and your participation in surveys, promos and raffles.
5. Additional Data and Permissions:

• To verify your identity and conduct anti-fraud recognition, this permission request is reasonable and necessary to realize the function of our App. We just use it to the purpose directly relating to our business and/or product. If we tend to use such information for other purposes in future, we will obtain your permission once again. We will request your consent to obtain camera permissions, and enable you to take ID photos, shoot your face video, and/or click and upload photos of your documents and other necessary documents during the loan application process. You can disable this permission anytime through the app or your phone’s settings.
• Location Permission. We may collect approximate location to verify your location and current address, ensure serviceability, and to identify unusual activity to prevent fraud. We do not collect location data when the app is in the background. You can disable location permission anytime through the app or your phone’s settings.
• Photo Access. To verify your identity and conduct anti-fraud recognition, this access is reasonable and necessary to realize the function of our App. We request access to specific photos you choose to upload through your device's file picker and just use them to the purpose directly relating to our business and/or product. We only access the exact photos you manually select and never scan your full photo library. If we tend to use your photos for other purposes in future, we will request your consent once again. In addition, we guarantee that we will never share your photos with any third party unless your consent or required by law. To delete uploaded photos, you can contact us through the contact details provided by us.
• Emergency Contact Information

We only collect the emergency contact information filled in by users, and don't collect contact permission information.

Collection Content: We are committed to ensuring the security of your account, therefore, we require you to provide relevant information about emergency contacts, including their names, phone numbers, and their relationship with you.

Collection Purpose: In cases where your account faces security risks or involves violations, we may not be able to contact you directly. To effectively address these situations, we will use the emergency contact information you provide to ensure timely communication with you or your emergency contacts, in order to obtain or convey necessary information, thereby safeguarding the security and compliance of the account.

Information Transmission and Protection: Given the sensitivity of contact information, we employ strict security measures to protect this information. All contact data will be encrypted and then uploaded to our member server via HTTPS protocol at  https://finbubu.com , ensuring complete protection during transmission and mitigating potential threats.

Contact Information Deletion: Once you have completed all orders and decided to close your account, upon confirmation of all transactions being completed, we will proceed immediately. This includes deleting all personal information associated with your account, including emergency contact information. We are committed to protecting your privacy and ensuring the complete deletion of your personal information when it is no longer needed, in order to safeguard your rights and privacy.

Sharing: We will not share emergency contact information with third parties except as required by applicable law or regulation, or as necessary to protect the security of your account.

6. Cookies and Other Information on a User’s Machine 

We may employ cookies and other similar and applicable technologies. Cookies are small text files that are saved on your device when you visit a website. Think of them like little notes that help the website remember information about your visit, which helps us understand how you use our site, and in turn allow us to make the website better and more useful for you. 

No personal data is tracked or stored by the cookies we use. They are designed to collect information in a way that does not directly identify anyone, even when cross-referenced with any other data we may hold. We utilize cookies to gather traffic and behavioral data in aggregate form, which means that information is compiled to provide an overview of general usage patterns and web traffic by site visitors. 

We may also use third party website analytic tools that employ cookies to collect certain information (no personal data) concerning your use of our websites, such as referring web site addresses, page views and browser types, for the same purposes cited above. 

 

In addition, according to relevant laws, regulations and national standards, we may process your relevant Personal Data without your authorization and consent in the following situations:

-Necessary for the Personal Data processor to perform legal obligations or legal duties;

-Necessary to enter into and perform a contract to which you are a party;

-Necessary to respond to public health emergencies, or to protect the life, health and property safety of natural persons in emergencies;

-To deal with the personal information that you have disclosed by yourself or others that have been legally disclosed within a reasonable scope according to law; and/or

- Other circumstances stipulated by laws and administrative regulations.

 

3. When do we collect Personal Data

 We may collect Personal Data when:

The user does one or more of the following:

1. uses Finbubu;
2. creates or registers an account;
3. makes a request/call/inquiry;
4. submits documentation/information;
5. applies for a loan or other financial product;
6. inquire/review/browse products and services available in Finbubu;
7. pays using a bank, a payment gateway, a payment provider, or through other payment partners/channels;
8. fails to perform any of his/her obligations under any financial product/service; or
9. uses any other feature or products and services of Finbubu and those provided by its Licensed Partners or service providers, whether available now or as may be developed and made available in the future.

 

4. With whom do we share your data?

We will never share, rent, or sell your Personal Data to third parties outside Finbubu  except in special circumstances where you have given your consent, and as described in this Policy. The User hereby acknowledges and agrees,that we may be required to disclose your information to our agents, subsidiaries, affiliates, partners, and other third-party agencies as part of business operations and the provision of our products and services for the purposes indicated under “Why do we collect and process your data”. This means we might share your information with:

• Our subsidiaries and affiliates.
• Our partner companies, organizations, or agencies, including their subcontractors or prospective business partners that act as our service providers, contractors, professional advisers that help us provide our products and services. For example, messaging services provided by Infobip for text messages and online messengers for chat allow us to communicate with you.
• Our Financial service partners like payment and remittance platforms, e-wallets, and banks, which allow transfers of funds and payments.
• Law enforcement agencies, insurers, government and regulatory authorities, or any other organizations to which Finbubu, or any Affiliate or third-party service provider, is obligated to make disclosure under the requirements of any applicable law, regulation, or commercial arrangement.
• Our security partners who provide us with information and services to protect against fraud and abuse. For example, information about security threats can help us notify you if we think your account has been compromised (at which point we can help you take steps to protect your account).
• Other companies to whom you have given consent to share your information.

 

5. How do we protect your Data and Until when will we keep your data?

The data will be transmitted encrypted and stored on cloud servers located in the Philippines. We ensure that we will use safe and reliable measures and technical skills to protect the safety of your data. Our staff is trained and required to follow privacy principles in every data processing activity.

We will retain your personal data as long as your account remains open. If you close your account, we and/or our Licensed Partners must continue to store your account and transaction data for a minimum of five (5) years, or such longer period as may be required by applicable law (including BSP regulations applicable to the Bank), from the date that your account is closed.

When the period expires, we will delete personal data. We may continue to store data in an anonymized form.

We may keep your Personal Data for a longer period if we need to comply with a legal obligation or if we need to defend the rights of us or a third party.

We will do our best to ensure the security of any information you send to us, but please understand that due to technical limitations and various malicious means that may exist in the Internet industry, it is impossible to always guarantee 100% security of information. In order to prevent security incidents, we will formulate emergency plans for network security incidents and promptly deal with security risks such as system vulnerabilities, computer viruses, network attacks, and network intrusions. If a personal information security incident unfortunately occurs, we will promptly inform you of the basic situation and possible impact of the security incident, the measures we have taken and/or will take to deal with it, strive to minimize the loss, and report to the relevant government authorities in accordance with the law.

In the event of a personal data breach that is likely to give rise to a real risk of serious harm to data subjects, we will notify the National Privacy Commission (NPC) within seventy-two (72) hours of our becoming aware of such breach, and will notify affected Users without undue delay, in accordance with the Data Privacy Act and NPC Circular No. 16-03.

 

6. What are your rights as a data subject?

1. Right to be informed. You must be given details, in clear and plain language, about how your data is collected and used, where your data may be transferred or shared, if automated processing will be done, and what your data subject rights are.
2. Right to access. You may ask for a copy of the personal data that we hold about you, as well as details on how it has been processed and who may have received copies of it.
3. Right to correction. You may ask us to correct any personal data about you that is not accurate. We may ask you to provide supporting evidence for the request.
4. Right to object. You may ask us to stop processing your data if our basis for doing so is your consent or our legitimate interest, and no other basis can apply.
5. Right to erasure or blocking. You may ask us to erase your personal data if it is inaccurate, or the collection or processing was unlawful, or your rights were violated, or if we no longer need it for the purpose for which it was collected, and no other basis can apply. You may request the deletion of your account here https://finbubu.com/del.
6. Right to data portability. If we are processing your data based on your consent or to fulfill a contract with you, you may ask us to give you a copy of your data in a structured, common, and machine-readable format, or to have it transmitted to another data controller.
7. Right to damages. You have a right to receive damages if your privacy rights were violated or you were injured by inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data.
8. Right to file a complaint. You have a right to file a complaint with Government authorities related to protecting personal privacy. If you feel that your personal data has been misused, maliciously disclosed, or improperly disposed of, or that any of your data privacy rights have been violated.

 

7. Changes on our Privacy Policy

This Privacy Policy may be updated from time to time and shall continue to remain in effect unless otherwise amended. If this Privacy Policy is changed, those changes will be posted on the Finbubu Website and/or Finbubu Application. The change will be effective when posted. Users availing Finbubu services and/or visitors to Finbubu are advised to check the Finbubu website and/or Finbubu Application on a regular basis to remain aware of the policies and practices of how information is collected and used. Continuing to use and access our services means you accept the revisions to the Privacy Policy. If you disagree with the revised Policy, you may discontinue use and request account deletion.

The foregoing consents and authorizations shall continue for the duration of, and shall survive the termination of, any product agreement(s) entered into by the User with Finbubu or any Licensed Partner through the App, and any other transactions, dealings, or accounts the User may have with or avail from Finbubu or the Bank, to the extent permitted by applicable law.

 

8. Contact Information

In order to facilitate you to contact us, we provide the following contact information:

E-mail Address: developer@finbubu.com

Contact Address: A22, RM A, 10/F, Prince Industrial Building, 706 Prince Edward Road East, San Po Kong, Kowloon, Hong Kong

 

ACCEPTANCE

The User confirms having read and understood and agrees to the entire Privacy Policy constituting of above clauses. You acknowledge that the Privacy Policy and the other documents have been explained to you in the language you understand. This Privacy Policy is available on the App and it is your responsibility to check for any updates and amendments. Such published amendments to the Privacy Policy shall bind you should you continue to access or use your Account or any of our products and/or services after the effective date of such amendments.