Compliance & Governance

POPIA-aligned. Bank-sponsored operating model. Audit-ready reporting.

Last updated: 21 May 2026

PASA-approved · Verify ↗Bank-sponsored TPPP modelPOPIA-alignedPCI-DSS payment processingAudit trailsKYC verified recipients

No-Cash is built to operate responsibly within South Africa's payments ecosystem — giving businesses, recipients, and partners confidence that every cashless tip is handled with appropriate controls.

This page explains how we approach compliance, security, privacy, and dispute handling as a digital tipping and micropayments platform.

What No-Cash Is (and What It Is Not)

No-Cash is a cashless digital tipping platform that enables customers to tip frontline workers via QR code payments — no app download required. We facilitate payment flows and provide reporting that supports transparent outcomes for workers and businesses.

No-Cash is not a bank or financial advice provider. We do not hold deposits, provide credit, or act as a trustee, escrow provider, payroll provider, insurer, or fiduciary.

Who regulates No-Cash?

No-Cash operates as a bank-sponsored Third Party Payment Provider (TPPP) in line with PASA and SARB requirements. In practice, this means:

A sponsoring bank supports our operating model for third-party payment services.
No-Cash implements controls appropriate to cashless tipping and micropayments risk profiles.
We maintain records, reporting, and audit trails appropriate to the service.

How a No-Cash tip flows

Scan QR

Pay online

Instant confirmation

Settlement / payout

Reporting

How is your money protected?

No-Cash is designed so that every tip has a clear digital trail from initiation to settlement.

Typical flow

Customer scans a No-Cash QR code.
Customer completes an online payment using supported payment rails.
The recipient receives confirmation — for example, an instant notification.
Funds are settled to the recipient using the selected payout method, subject to verification and controls.

Auditability and reporting

We maintain transaction records and reporting suitable for businesses that require visibility — for example, statements, exports, and reconciliation support.
Where employer dashboards are enabled, businesses can view activity and generate reports to support internal controls and dispute resolution.

No-Cash may delay settlement or place a transaction under review for fraud risk, verification gaps, abnormal activity patterns, or required compliance checks.

KYC, Identity Verification & Recipient Onboarding

We apply KYC and verification controls appropriate to the service and payout methods used. Typical verification includes:

Identity verification (SA ID or equivalent acceptable documentation)
Contact verification (mobile number)
Payout details verification (bank account where relevant)
Ongoing verification where risk signals warrant additional checks

These controls exist to reduce impersonation and payout diversion, protect customers from misdirection and fraud, and support businesses requiring clean operational governance.

Our approach is risk-based. Higher-risk scenarios may require enhanced verification, additional documentation, or delayed settlement.

AML and Fraud Prevention

Cashless tipping is low-value and high-frequency. Our controls are practical, automated where possible, and escalation-based when needed. Our approach includes:

Monitoring for suspicious or abnormal patterns — velocity, geographic anomalies, repeat high-value attempts.
Restricting or pausing settlement where risk is detected.
Investigating reported issues and taking corrective action.
Maintaining evidence trails for dispute handling and platform integrity.

No-Cash reserves the right to decline transactions, suspend or limit accounts, delay payouts pending verification, and request additional information to meet compliance expectations.

What data does No-Cash collect?

No-Cash is committed to POPIA-aligned processing of personal information.

Data Minimisation

We collect only data needed for accounts, recipient verification, payment processing, settlement, reporting, support, and compliance obligations.

Purpose Limitation

We process personal information for clear operational purposes — payments, verification, reporting, and support. We do not sell personal information.

Access Controls

Access is restricted based on role and operational need. Internal access is logged and controlled.

Retention

We retain data for service provision, legal and regulatory obligations, and dispute resolution. Data is securely deleted or anonymised thereafter.

Data Subject Rights

Users may request access, correction, or deletion of their personal information, subject to applicable legal retention obligations.

Payment Security

Card security: Payments are processed through a PCI-DSS certified payment processor. No-Cash does not store full card numbers, CVV values, or sensitive authentication data (SAD).

Platform security: We use secure transport (HTTPS) and standard security practices to protect data in transit and reduce unauthorised access risk.

What we store

Account details (name, contact, verification status)
Transaction references and settlement records
Support and dispute logs where relevant

What we do not store

Full card numbers
CVV or CVC values
Sensitive authentication data (SAD)

Disputes, Refunds & Chargebacks

We handle disputes and payment issues seriously because they directly impact customer trust, business confidence, and recipient livelihoods.

If a customer reports an issue

We investigate using transaction logs and platform records.
Where appropriate, we guide customers through the correct dispute or refund channel.
We may request supporting information to resolve disputes fairly.

If a business reports an issue

We support reconciliation and reporting exports.
We investigate operational concerns — for example, incorrect QR assignment, staff changes, or admin configuration.

If we detect fraud

We may block or reverse settlement.
We may suspend accounts.
We may cooperate with payment partners where required to resolve the matter.

Business Continuity

No-Cash is designed so the platform can be operated responsibly even during operational disruption.

Our commitments include:

Maintaining access to core transaction records for reconciliation and dispute handling.
Preserving audit trails needed for operational continuity.
Providing clear support channels for businesses and recipients.

Operational continuity principles:

Tips and payments follow controlled settlement processes.
We prioritise resolution of pending items — payout exceptions, verification backlogs, disputes.
We follow prescribed escalation routes where required by law or partner obligations.

Compliance Checklist

A summary of No-Cash's compliance commitments across key operational areas.

KYC & Recipient Verification

Risk-based identity checks before payouts. Enhanced verification applied for higher-risk scenarios including additional documentation and delayed settlement.

AML & Fraud Monitoring

Pattern monitoring and escalation reviews with controlled settlement when risk is detected. Evidence trails maintained for dispute handling.

POPIA & Privacy Controls

Data minimisation, role-based access controls, retention policies, and data subject rights in line with POPIA requirements.

Disputes & Support

Documented processes for customer and business queries, refund requests, and chargeback support via transaction logs and platform records.

Continuity & Records

Audit trails preserved for operational continuity. Prescribed escalation routes followed for pending items and dispute resolution.

Legal Documents & Policies

Our full legal documentation is available below. These documents form part of our compliance and governance framework.

How we collect, use, and protect your personal information.

The rules and conditions governing your use of No-Cash.

Contact & Compliance Queries

For business partners, investors, auditors, or regulators who need further information — or for support requests and data rights queries:

support@nocashteam.com queries@nocashteam.com Contact form