This Privacy Policy describes how Orbit Flow ("Orbit Flow", "we", "us", or "our") manages Personal Information in compliance with the Data Privacy Act of 2012 and its implementing rules ("DPA") when you use the Orbit Flow platform or interact with us.
By using our platform or submitting information to us, whether as a lender-client or as a party whose data is processed through our platform, you agree and consent to Orbit Flow collecting, using, and disclosing your Personal Information as described in this policy.
This policy supplements but does not replace any other consents you may have previously provided. We may update this policy from time to time to reflect changes in our practices or legal requirements. The current version will always be available on our website.
1. Personal Information We Collect
"Personal Information" refers to any information from which an individual's identity is apparent or can be reasonably ascertained, as defined under the DPA.
The types of Personal Information we collect depend on how you interact with Orbit Flow:
For Lender-Clients: company name, business registration details, contact person names and positions, business email addresses, phone numbers, and billing information.
For Borrower Data (uploaded by lenders): name, contact number, email address, loan details (amount, type, disbursement date, due date), payment history, days overdue, demographic information relevant to collection strategy (as provided by the lender), and communication records generated through the platform.
For Website Visitors: information collected automatically through cookies (see Section 5).
2. How We Collect Personal Information
We collect Personal Information in the following ways:
- When a lender-client registers for the Orbit Flow platform and submits company and account details.
- When a lender-client uploads borrower account data to the platform via CSV upload or API integration.
- When borrowers interact with communications sent through the platform (SMS, email, Viber, or voice).
- When borrowers use payment links or repayment interfaces provided through the platform.
- When you contact us via email or other support channels.
- When you browse our website (see Section 5 on cookies).
If you provide us with Personal Information relating to a third party, you represent that you have obtained the necessary consent to share that information with us.
You should ensure that all Personal Information submitted to us is complete, accurate, and correct. Incomplete or inaccurate information may affect our ability to provide our services.
3. How We Use Personal Information
We use Personal Information for the following purposes:
- To operate the Orbit Flow platform and deliver our debt recovery services to lender-clients.
- To analyze borrower profiles and determine optimal collection strategies using our AI engine.
- To send personalized collection communications to borrowers on behalf of lender-clients via SMS, email, Viber, or voice.
- To process and track borrower repayments through integrated payment channels (GCash, PayMongo, bank transfers).
- To generate recovery reports, dashboards, and analytics for lender-clients.
- To improve platform performance, collection strategies, and AI models through aggregated outcome analysis.
- To ensure compliance with applicable collection regulations, including SEC MC 18-2019, SB 1744, and the DPA.
- To detect and prevent fraud, abuse, or unauthorized use of the platform.
- To respond to inquiries and provide support.
- To comply with applicable laws, regulations, and lawful orders of regulatory authorities including the SEC, NPC, and BSP.
4. AI and Automated Decision-Making
Orbit Flow uses artificial intelligence to analyze borrower data and determine collection strategies, including the timing, channel, tone, and content of communications. These automated processes help optimize recovery outcomes for lender-clients.
In accordance with the DPA and NPC Advisory 2024-04, borrowers have the right to be informed that automated decision-making is being used and the right to request human review of any decision that significantly affects them.
Settlement offers or decisions with material financial impact are subject to human review by the lender-client's team before execution.
5. Cookies
When you visit our website, we may use cookies to recognize returning visitors and collect usage information such as browser type, operating system, IP address, pages viewed, and time spent on pages.
Cookies are small text files stored on your device. They are readable only by us and cannot access other data on your device.
You can disable cookies through your browser settings. However, doing so may limit your ability to use certain features of our website.
6. Disclosure of Personal Information
We take reasonable steps to protect Personal Information against unauthorized disclosure. Your Personal Information may be disclosed to:
- Orbit Flow employees and team members who require access to provide our services.
- Third-party service providers who support our operations, including SMS providers, payment processors, cloud hosting providers, and telecommunications services.
- Lender-clients, with respect to recovery outcomes and communication records for borrower accounts they have uploaded.
- Government regulators and law enforcement agencies as required by law, including the SEC, NPC, and BSP.
- Professional advisers such as auditors and legal counsel.
- Any party involved in a business transaction such as a merger, acquisition, or investment, to the extent necessary and permitted by law.
We only disclose Personal Information to the extent necessary, proportionate, and legally permitted.
7. Your Rights as a Data Subject
Under the DPA, you have the following rights:
- Right to Be Informed — to know how your data is collected, used, and shared.
- Right to Access — to request a copy of your personal data held by us.
- Right to Correction — to have inaccurate or outdated data corrected.
- Right to Object — to refuse processing of your data for certain purposes.
- Right to Erasure — to request deletion of your data, subject to legal or contractual obligations.
- Right to Data Portability — to request your data in a commonly used electronic format.
To exercise any of these rights, contact us at the details provided in Section 10.
8. Data Security
We implement reasonable security measures to protect Personal Information, including:
- Encryption of data during transmission and storage.
- Access controls limiting data access to authorized personnel only.
- Regular security assessments to identify and address vulnerabilities.
- An incident response plan to address potential data breaches promptly, including compliance with the NPC's 72-hour breach notification requirement.
- Data minimization — collecting only information necessary for the purposes described in this policy.
While we take reasonable precautions, we cannot guarantee absolute security of information transmitted via the internet.
9. Data Retention and Transfer
We retain Personal Information for as long as necessary to fulfill the purposes for which it was collected, in accordance with our data retention policies and applicable law.
If transfer of Personal Information outside the Philippines is necessary, we take reasonable steps to ensure it remains protected to a standard consistent with the DPA.
10. Contact Us
For questions about this Privacy Policy, to exercise your data subject rights, or to withdraw consent, contact us at:
Email: hello@orbitflow.ph
11. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites. Your use of third-party websites is governed by their own privacy policies.
12. Governing Law
This Privacy Policy is governed by the laws of the Republic of the Philippines.