Trust Protocol

Privacy by design.

At Mellent, we believe your financial data is a fundamental component of your identity. Our infrastructure is built to protect that identity with institutional rigour, ensuring complete transparency and absolute isolation.

Last Updated: April 2026

Summary for Humans

We follow the strictest data rules in the world. Whether you are in London or Lagos, your data is protected by UK/EU GDPR and NDPR standards. We act as a "Processor" for your employer and a "Controller" for your personal Pulse account.

1. Compliance Framework

Mellent Ltd ("Mellent", "we", "us") operates a global financial operating system. We are committed to processing data in accordance with:

  • The UK General Data Protection Regulation (UK GDPR)
  • The EU General Data Protection Regulation (EU GDPR)
  • The Nigeria Data Protection Regulation (NDPR)

Mellent as a Data Controller: We are the controller for the information collected via the Mellent Pulse platform and for individual professional accounts.

Mellent as a Data Processor: We act as a processor for the payroll and workforce data provided by our corporate clients via the Mellent Flow and Vantage platforms.

Summary for Humans

We only process your data if we have a valid legal reason, such as fulfilling our contract with you or your employer, or because you have explicitly authorised us to do so.

2. Legal Basis for Processing

We rely on the following legal bases for the processing of personal data:

  • Contractual Necessity: Processing workforce data via Mellent Flow is essential for the performance of our contract with corporate clients to execute payroll disbursements and statutory filings.
  • Legitimate Interests: We process anonymised data via Mellent Vantage to provide industry benchmarking and attrition signals, which are vital for enhancing organisational resilience.
  • Explicit Consent: We only link bank accounts, categorise spending, and provide personalised wealth coaching via Mellent Pulse with your explicit, affirmative consent.

Summary for Humans

The "Privacy Vault" is our promise: Your employer can see your payslip, but they can never see your personal savings, spending habits, or external bank links in Pulse.

3. The Privacy Vault Guarantee

Our architecture utilises strict Logical Data Isolation. Personal financial data shared within the Mellent Pulse ecosystem is subject to our "Employer-Blind" protocol:

  • Employers have zero visibility into your linked bank accounts or transaction history.
  • Personal wealth coaching and "Prosperity Forecasts" are delivered via an encrypted node inaccessible to corporate administrators.
  • Your "Portable Professional Identity" travels with you; if you change employers, your historical personal data remains under your sole control.

Summary for Humans

Payroll records are kept for 7 years to satisfy the taxman. Your personal Pulse data is deleted the moment you ask us to, honouring your right to be forgotten.

4. Data Retention Schedule

We adhere to strict data minimisation and retention protocols:

  • Statutory Payroll Data: Records relating to payroll, tax, and social security contributions are retained for a minimum of 6 to 7 years to meet HMRC (UK) and regional statutory requirements.
  • Personal Pulse Data: Personal data within the Pulse ecosystem is retained only whilst your account is active. Upon request for deletion, personal data is purged within 30 days, subject to statutory payroll retention overrides.
  • Anonymised Aggregates: Aggregated, non-identifiable data used for "The Intelligence Moat" may be retained indefinitely for trend analysis.

Summary for Humans

Your data moves securely between our regional offices. We use "Standard Contractual Clauses" to ensure a London-level standard of protection even when data is processed in our African nodes.

5. International Data Transfers

As a borderless workforce platform, Mellent processes data across multiple jurisdictions. We ensure a standardised level of protection regardless of location:

  • Transfers from the UK/EU to our African regional nodes are governed by Standard Contractual Clauses (SCCs) as approved by the European Commission and the UK ICO.
  • All data remains encrypted at rest (AES-256) and in transit (TLS 1.3).

Summary for Humans

We use trusted partners like cloud providers and bank aggregators to make Mellent work. We only use partners who meet our institutional security standards.

6. Sub-Processor Disclosure

To provide our global services, we engage third-party sub-processors including:

  • Infrastructure: Google Cloud Platform (GCP) for secure data hosting across UK/EU and African regions.
  • Financial Connectivity: Open Banking aggregators and APIs for Pulse bank-account linking and verification.
  • Regulatory Authorities: Direct nodes for real-time reporting to statutory tax bodies (e.g., HMRC, PenCom).

Summary for Humans

You are in control. You can see your data, fix it, move it to another service, or ask us to delete your personal Pulse account at any time.

7. Your Statutory Rights

Under global data protection laws, you have the following rights:

  • Access & Rectification: The right to request a copy of your data and correct any inaccuracies.
  • Data Portability: The right to export your financial identity from Pulse to another platform.
  • The Right to be Forgotten: The right to request deletion of your personal Pulse data (subject to statutory payroll retention requirements).

To exercise any of these rights, please contact our Data Protection Officer at privacy@mellent.com.

Institutional Rigour by Default

Mellent Ltd. NDPR Licensed DPCO: Mellent African Nodes.