Privacy by design.
At Mellent, we believe your financial data is a fundamental component of your identity. Our infrastructure is built to protect that identity with institutional rigour, ensuring complete transparency and absolute isolation.
Last Updated: April 2026
Summary for Humans
We follow the strictest data rules in the world. Whether you are in London or Lagos, your data is protected by UK/EU GDPR and NDPR standards. We act as a "Processor" for your employer and a "Controller" for your personal Pulse account.
1. Compliance Framework
Mellent Ltd ("Mellent", "we", "us") operates a global financial operating system. We are committed to processing data in accordance with:
- The UK General Data Protection Regulation (UK GDPR)
- The EU General Data Protection Regulation (EU GDPR)
- The Nigeria Data Protection Regulation (NDPR)
Mellent as a Data Controller: We are the controller for the information collected via the Mellent Pulse platform and for individual professional accounts.
Mellent as a Data Processor: We act as a processor for the payroll and workforce data provided by our corporate clients via the Mellent Flow and Vantage platforms.
Summary for Humans
We only process your data if we have a valid legal reason, such as fulfilling our contract with you or your employer, or because you have explicitly authorised us to do so.
2. Legal Basis for Processing
We rely on the following legal bases for the processing of personal data:
- Contractual Necessity: Processing workforce data via Mellent Flow is essential for the performance of our contract with corporate clients to execute payroll disbursements and statutory filings.
- Legitimate Interests: We process anonymised data via Mellent Vantage to provide industry benchmarking and attrition signals, which are vital for enhancing organisational resilience.
- Explicit Consent: We only link bank accounts, categorise spending, and provide personalised wealth coaching via Mellent Pulse with your explicit, affirmative consent.
Summary for Humans
The "Privacy Vault" is our promise: Your employer can see your payslip, but they can never see your personal savings, spending habits, or external bank links in Pulse.
3. The Privacy Vault Guarantee
Our architecture utilises strict Logical Data Isolation. Personal financial data shared within the Mellent Pulse ecosystem is subject to our "Employer-Blind" protocol:
- Employers have zero visibility into your linked bank accounts or transaction history.
- Personal wealth coaching and "Prosperity Forecasts" are delivered via an encrypted node inaccessible to corporate administrators.
- Your "Portable Professional Identity" travels with you; if you change employers, your historical personal data remains under your sole control.
Summary for Humans
Payroll records are kept for 7 years to satisfy the taxman. Your personal Pulse data is deleted the moment you ask us to, honouring your right to be forgotten.
4. Data Retention Schedule
We adhere to strict data minimisation and retention protocols:
- Statutory Payroll Data: Records relating to payroll, tax, and social security contributions are retained for a minimum of 6 to 7 years to meet HMRC (UK) and regional statutory requirements.
- Personal Pulse Data: Personal data within the Pulse ecosystem is retained only whilst your account is active. Upon request for deletion, personal data is purged within 30 days, subject to statutory payroll retention overrides.
- Anonymised Aggregates: Aggregated, non-identifiable data used for "The Intelligence Moat" may be retained indefinitely for trend analysis.
Summary for Humans
Your data moves securely between our regional offices. We use "Standard Contractual Clauses" to ensure a London-level standard of protection even when data is processed in our African nodes.
5. International Data Transfers
As a borderless workforce platform, Mellent processes data across multiple jurisdictions. We ensure a standardised level of protection regardless of location:
- Transfers from the UK/EU to our African regional nodes are governed by Standard Contractual Clauses (SCCs) as approved by the European Commission and the UK ICO.
- All data remains encrypted at rest (AES-256) and in transit (TLS 1.3).
Summary for Humans
We use trusted partners like cloud providers and bank aggregators to make Mellent work. We only use partners who meet our institutional security standards.
6. Sub-Processor Disclosure
To provide our global services, we engage third-party sub-processors including:
- Infrastructure: Google Cloud Platform (GCP) for secure data hosting across UK/EU and African regions.
- Financial Connectivity: Open Banking aggregators and APIs for Pulse bank-account linking and verification.
- Regulatory Authorities: Direct nodes for real-time reporting to statutory tax bodies (e.g., HMRC, PenCom).
Summary for Humans
You are in control. You can see your data, fix it, move it to another service, or ask us to delete your personal Pulse account at any time.
7. Your Statutory Rights
Under global data protection laws, you have the following rights:
- Access & Rectification: The right to request a copy of your data and correct any inaccuracies.
- Data Portability: The right to export your financial identity from Pulse to another platform.
- The Right to be Forgotten: The right to request deletion of your personal Pulse data (subject to statutory payroll retention requirements).
To exercise any of these rights, please contact our Data Protection Officer at privacy@mellent.com.
Institutional Rigour by Default
Mellent Ltd. NDPR Licensed DPCO: Mellent African Nodes.