Terang: Financial Truth in Your Pocket

Exposing hidden loan fees and illegal pinjol with a single screenshot.

Comment

The Problem We Couldn't Ignore

Indonesia has a pinjol problem. As of 2026, OJK registers 94 licensed P2P lending companies — but thousands of illegal operators flood WhatsApp, Instagram, and app stores every day. Victims lose savings, get harassed, and have personal data weaponized against them.

At the same time, BNPL has quietly become the default payment method for millions of Indonesians. What looks like "cicilan ringan Rp 150rb/bulan" often hides an effective annual interest rate of 35–45%. Most people never do the math.

We built Terang because the information asymmetry is brutal — lenders know exactly what they're charging, and borrowers have no tool to verify it in the moment that matters most.

What Terang Does

Upload a screenshot. That's it.

Terang uses OCR to extract text from any financial screenshot, then:

  1. Classifies the document — is this a pinjol offer, a BNPL checkout, or both?
  2. Verifies pinjol offers against the official OJK P2P registry (94 companies, per 2 April 2026)
  3. Calculates the real cost of BNPL installments, exposing hidden fees in plain Rupiah
  4. Delivers a verdict through Kak Terang — a warm, trustworthy persona who speaks casual Bahasa Indonesia

The output is a shareable verdict card. One tap sends it to WhatsApp, so users can warn their contacts about the same offer.

The Architecture

The routing logic is the heart of Terang:

$$\text{Screenshot} \xrightarrow{\text{OCR}} \text{Raw Text} \xrightarrow{\text{Router LLM}} \begin{cases} \text{PINJOL} \ \text{BNPL} \ \text{BOTH} \ \text{UNKNOWN} \end{cases}$$

BNPL Math:

$$\text{Biaya Siluman} = (\text{Cicilan} \times \text{Tenor}) - \text{Harga Asli}$$

$$\text{Bunga Flat} = \frac{\text{Biaya Siluman}}{\text{Harga Asli} \times \text{Tenor}} \times 12 \times 100\%$$

We built three safeguards into the system:

  • Prompt injection defense — the router explicitly instructs the LLM to treat OCR text as data only, ignoring any instructions embedded in the screenshot
  • BNPL whitelist priority — legitimate multifinance companies (Kredivo, SPayLater, etc.) are checked before the P2P registry, preventing false BAHAYA verdicts
  • Graceful degradation — every failure state has a specific, helpful response rather than a generic error

The Data Foundation

Terang is grounded in three layers of official OJK data:

  • 94 licensed P2P lenders from the OJK LPBBTI directory, per 2 April 2026
  • 13 licensed BNPL providers from OJK's multifinance and banking registries, cross-referenced against POJK 32/2025
  • POJK 32 Tahun 2025 — Indonesia's first formal BNPL regulation, enacted 15 December 2025, legally requiring providers to disclose total installment costs transparently

When Terang catches a hidden fee, it's not just helpful — it's enforcing a right that Indonesian consumers now legally have.

Privacy & Security by Design

Terang was built with privacy as a core principle:

  • No data retention — screenshots are processed in real-time and never stored
  • No user accounts — zero personal data collected
  • No financial data storage — extracted numbers are used only for the immediate calculation
  • Prompt injection defense — LLM treats OCR text as data only, protecting against malicious screenshots
  • Rate limiting — maximum 10 requests per IP per hour
  • File validation — only image files under 10MB accepted
  • Static regulatory data — OJK database is embedded, not queried live, eliminating API dependency risks

What We Learned

The hardest problems weren't technical. The hard problem was understanding what "registered with OJK" actually means — and why Kredivo isn't on the P2P list even though it's completely legal.

Indonesia's financial regulation spans three license types: P2P lending, multifinance, and banking. A tool that only checks one registry would flag legitimate BNPL providers as dangerous. Getting this right required reading actual regulations, not just APIs.

Challenges We Faced

The Kredivo problem — Kredivo offers both personal loans AND installments but is licensed as multifinance, not P2P. Our initial architecture falsely flagged it as illegal. The fix required a separate whitelist with priority routing.

No official BNPL registry — unlike P2P lending, there is no single OJK directory for BNPL providers. POJK 32/2025 was only enacted in December 2025 and the regulatory infrastructure is still being built. We manually compiled the whitelist from multiple OJK registry sources.

OCR ambiguity — real-world screenshots have emojis, weird formatting, and partial text. We built explicit legibility checks and graceful fallbacks for every failure mode.

Keeping it human — every verdict is written as advice from a trusted person, not a legal disclaimer from a compliance system. Kak Terang exists specifically for this.

Impact

Terang is built for the moment that matters: when someone is about to tap "Pinjam Sekarang" or "Bayar dengan SPaylater" and has 30 seconds to decide if this is safe.

The WhatsApp share button is not a feature — it's the product. Pinjol scams spread through WhatsApp. The antidote should spread the same way.

"POJK 32/2025 requires BNPL providers to disclose the true cost of installments to consumers. Terang enforces this right — in your pocket, in seconds."

Built With

  • baidu-ernie-llm
  • css3
  • html2canvas
  • html5
  • javascript
  • lpbbt-directory
  • manifest.json
  • medo
  • ocr-plugin
  • ojk-open-data
  • p2p-registry
  • pojk-32-tahun-2025-regulatory
  • pwa
  • service-worker
  • supabase-edge-functions-(deno)
Share this project:

Updates