TippaMe Privacy Policy

Updated June 2026

1. Introduction

This Privacy Policy ("Policy") explains how Tippame (PTY) Ltd ("TippaMe", "We", or "Us") collects, stores, uses, and discloses your personal information when you use the TippaMe digital gratuity platform, including our website at tippame.com and the TippaMe Service Professional App.

TippaMe is a digital gratuity platform for verified hospitality and service industry professionals. We do not operate as a bank, remittance provider, or peer-to-peer money transfer service. All payment processing is conducted through accredited, PCI DSS compliant payment service providers.

By using our platform or registering as a Service Professional, you agree to the collection and use of your information in accordance with this Policy.

This Policy is governed by the Protection of Personal Information Act (POPIA) No. 4 of 2013, the Electronic Communications and Transactions Act (ECTA) No. 25 of 2002, and other applicable South African legislation.

2. Who This Policy Applies To

• Service Professionals — verified hospitality and service industry professionals who register on TippaMe to receive digital gratuities.
• Customers — individuals who scan a TippaMe QR code or NFC card and submit a gratuity payment.
• Visitors — anyone who visits the TippaMe website or platform.

3. How We Collect Information

3.1 Information you provide directly

• Registration for a TippaMe Service Professional account
• Profile updates, identity verification, or banking detail submission
• Contact with our support team
• Submission of a gratuity payment as a customer

3.2 Information collected automatically

• IP address and device information
• Login timestamps and access logs
• Browser type and operating system
• Pages visited and actions taken on the platform
• Approximate device location at the time of payment or settlement request, where location permission is granted by your device (for fraud prevention purposes only)

4. Types of Information We Collect

4.1 Service Professional information

• Full legal name, email address, and phone number
• Profile photo (displayed on your gratuity profile page)
• South African ID number (for KYC/FICA compliance)
• Verified bank account details (for settlement processing)
• Service role and industry type
• Login history and device information
• Two-factor authentication credentials

4.2 Customer information

• Email address (optional — provided for transaction receipt purposes only)
• Transaction amount and timestamp
• IP address (for fraud detection and security monitoring)
• Payment card details — not stored by TippaMe; handled solely by our PCI DSS compliant payment processing provider

4a. Location Information

TippaMe may collect your device's approximate location in the following specific circumstances:

• Customers — your approximate location may be captured at the moment a gratuity payment is submitted.
• Service Professionals — your approximate location may be captured at the moment you submit a settlement disbursement request.

Location data is used solely for fraud prevention and transaction security — to identify anomalous payment patterns, detect account compromise, and protect the integrity of settlement disbursements. Location data is never used for advertising, profiling, or marketing, and is never sold or shared with any third party except where required by law or fraud investigation. Location data is retained for 12 months and then deleted.

Location access is entirely optional. If your device does not grant location permission, or if location cannot be determined, the platform will continue to function normally. No features are restricted or degraded based on whether location data is available.

5. How We Use Your Personal Information

• Provide and operate the TippaMe digital gratuity platform
• Process gratuity payments and Service Professional settlement disbursements
• Verify identity and comply with KYC and AML obligations
• Detect, prevent, and investigate fraud, financial crime, and security incidents
• Send transactional communications (payment receipts, account verification, password resets)
• Respond to support queries and provide customer service
• Comply with legal and regulatory obligations including POPIA and FICA
• Improve and develop our platform and services
• Generate anonymised aggregate reports for business analysis
• Use approximate device location data solely to detect and prevent fraud, identify anomalous payment patterns, and protect the integrity of settlement disbursements — only where location permission has been granted

6. Disclosure of Personal Information

We do not sell your personal information. We may share your information with trusted third parties only as necessary to operate the platform:

• Payment processing providers — to process gratuity transactions and disburse settlements to Service Professional bank accounts
• Identity and bank verification services — to comply with KYC/FICA requirements
• Email service providers — to send transactional emails
• Cloud infrastructure providers — to host and operate the platform
• Law enforcement, regulators, or financial institutions — where required by law, court order, fraud investigation, or AML/FICA obligations

All third-party service providers are contractually bound to handle your information securely and in accordance with POPIA.

7. Payment Processing

TippaMe uses accredited, PCI DSS compliant payment service providers to process all card and EFT transactions and to disburse settlement payments to Service Professional bank accounts. Your payment card details are never stored on TippaMe servers. All payment data is handled directly by our payment processing providers in a secure, compliant environment.

8. Data Retention

• Service Professional account data — retained for the duration of the account plus 5 years after closure
• Transaction and settlement records — retained for 5 years in compliance with FICA
• Customer gratuity data — retained for 12 months
• Support communications — retained for 3 years
• KYC and identity verification records — retained as required by applicable law

9. Security

• Encrypted data transmission (HTTPS/TLS)
• Encrypted storage of sensitive data
• Two-factor authentication (2FA) available for all Service Professional accounts
• Role-based access controls and audit logging
• Regular security reviews and offsite encrypted backups
• Automated intrusion detection and threat monitoring
• Continuous transaction monitoring for fraud and suspicious activity

10. Cookies

TippaMe uses minimal session-based cookies strictly necessary for the operation of the platform (such as authentication tokens). We do not use advertising cookies or third-party tracking cookies. We do not sell or share browsing data with advertisers.

11. Your Rights Under POPIA

• Access — request a copy of the personal information we hold about you
• Correction — request that inaccurate or incomplete information be corrected
• Deletion — request deletion of your personal information, subject to legal retention obligations
• Objection — object to the processing of your information in certain circumstances
• Complaint — lodge a complaint with the Information Regulator of South Africa

To exercise any of these rights, please contact us at support@tippame.com.

12. Information Officer

In accordance with POPIA, TippaMe has appointed an Information Officer responsible for ensuring compliance with data protection obligations. Contact details will be published upon completion of our CIPC registration.

13. Children's Privacy

TippaMe is not intended for use by persons under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided personal information to TippaMe, please contact us immediately at support@tippame.com.

14. Cross-Border Data Transfers

Your information may be processed on servers located outside South Africa. Where this occurs, we ensure that adequate data protection measures are in place in accordance with POPIA requirements for cross-border transfers.

15. Contact Us

Tippame (PTY) Ltd
Email: support@tippame.com
Website: tippame.com

You also have the right to lodge a complaint with the Information Regulator of South Africa:
Website: www.justice.gov.za/inforeg
Email: inforeg@justice.gov.za