Legal & Regulatory

Compliance & Regulation

Next Opay is built on a foundation of regulatory compliance and responsible financial practice — so you can collect payments with confidence.

Company Registration

Next Opay is a trading name of Next Oasis Group Ltd, a private limited company incorporated and registered in England and Wales.

Legal Name

Next Oasis Group Ltd

Companies House Number

14976174

Jurisdiction

England and Wales

Registered Office

15 Rockstone Place, Southampton, SO15 2EP

Payment Processing

All payments processed through the Next Opay platform are handled exclusively by Stripe, which is authorised by the Financial Conduct Authority (FCA) as an Electronic Money Institution (EMI) under the Electronic Money Regulations 2011.

Stripe's FCA reference number can be verified on the FCA Register. Next Opay acts as a platform connecting organisations to Stripe Connect — we do not hold, store or process card data, and we do not hold customer funds.

Next Opay operates as a Stripe Connect platform. Connected organisations are subject to Stripe's own terms and may be subject to Stripe's identity verification requirements.

Data Protection

Next Oasis Group Ltd is registered with the Information Commissioner's Office (ICO) as a data controller. We are fully compliant with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Privacy by design — data minimisation principles applied throughout the platform
Data encrypted at rest (AES-256) and in transit (TLS 1.3)
Purpose limitation — data collected only for specified, explicit and legitimate purposes
Individual rights upheld — access, rectification, erasure and portability on request

Anti-Money Laundering

Next Opay maintains an Anti-Money Laundering (AML) policy in accordance with the Proceeds of Crime Act 2002 and the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.

Transaction Monitoring

Automated checks applied to transactions based on configured thresholds. Unusual patterns are flagged for review.

Large Transaction Flags

Transactions above defined thresholds are automatically flagged and may require enhanced due diligence.

Suspicious Activity Reporting

We are required by law to report suspicious activity to the National Crime Agency (NCA) where applicable.

PCI DSS Compliance

Next Opay maintains PCI DSS (Payment Card Industry Data Security Standard) compliance through our exclusive use of Stripe's hosted payment pages and Stripe Connect embedded components.

Card data never passes through our systems. When a customer enters payment details, that data goes directly to Stripe's PCI DSS Level 1 certified infrastructure — our servers are never in scope for card data.

This architecture means our PCI DSS scope is minimal, reducing risk for you and your customers while maintaining full compliance with card scheme requirements.

Complaints

Formal Complaints Process

We take all complaints seriously and aim to resolve them fairly and promptly. If you have a complaint about the Next Opay platform or our services:

Submit your complaint in writing to compliance@nextopay.co.uk
Include your organisation name, account details, and a clear description of your concern
We will acknowledge receipt within 1 business day
We aim to provide a full response and resolution within 5 business days
If you are unsatisfied with our response, you may escalate to the relevant regulatory body

Complaints email: compliance@nextopay.co.uk

Ready to Transform Your
Payment Collections?

Join businesses using Next Opay to collect payments the smart way.