This article aims to examine the legal protection for customers in the implementation of online-based money loans or known as online loans (pinjol). The research method used is a doctrinal approach where the author will examine legal norms related to customer protection according to the Banking Law, and a number of Financial Services Authority (OJK) regulations related to pinjol. The results of this study conclude that there are several phenomena that occur in the implementation of pinjol that do not get legal protection for customers, namely: First, the determination of interest that does not refer to the interest rate provisions of Bank Indonesia, second, the maximum interest setting on online loans in fintech companies is 0.4 percent per day but the amount of real interest is not regulated in the agreement. Third, Financial Services Authority Regulation No.77/POJK.01/2016 on Information Technology-Based Money Lending and Borrowing Services OJK Regulation No.77 of 2016 is the basis for the implementation of Peer to Peer Lending business activities or online lending and borrowing which is one of the types of fintech, including the protection of customer personal data. Customer personal data collected by fintech providers must be kept confidential in accordance with applicable privacy provisions.