Skip to main content

Privacy Policy

Effective 20 April 2026 · Last reviewed 20 April 2026

Who we are

Wealthfluency is the advisory practice of Mbah Consultancy ("we", "us", "our"), trading as Wealthfluency.

Controller details: Mbah Consultancy, Hertfordshire, England, EN5 2UT — contact@wealthfluency.com

What this Policy covers

This Policy covers personal data collected through our website, booking pages, email and newsletter communications, social-media contact, client onboarding, service delivery, dashboard and reporting work, and invoicing and payment administration.

Our data protection standard

Wealthfluency serves clients globally. To ensure consistent, transparent and high-standard data protection for everyone, regardless of location, we apply UK GDPR standards and principles to all clients and website visitors worldwide.

This means you receive the same level of data protection whether you are in the UK, the European Union, North America, South America, or anywhere else. We do not vary our standards by jurisdiction — we apply our highest standard globally.

The personal data we collect

We may collect: your name, email address, phone number, company details, billing details, booking and appointment information, intake-form responses, communications history, advisory notes, files and figures you share with us during service delivery, website usage data, cookie preferences, and payment and transaction information. If you engage us for dashboard or reporting work, we may also process business data you or your team provide from finance, sales, marketing, operations or similar systems.

When you visit our website, we also automatically collect certain log data that your browser sends to us. This may include your IP address, browser type and version, the pages you visit on our site, the time and date of your visit, and the time spent on those pages.

How we use personal data and our lawful bases

We use personal data to respond to enquiries, assess fit, arrange calls, provide our services, build or support dashboards and reports, send confirmations and reminders, process payments, keep business records, secure and improve our website, and send marketing.

Depending on the context, our lawful basis will usually be one or more of the following:

When we act as processor for client data

If we handle personal data inside your business systems, files, dashboards or reports solely on your behalf and under your instructions, you remain the controller for that data and we act as your processor for that work. Our client agreement sets out the details of that arrangement.

Booking, scheduling and client communications

We use Acuity Scheduling to manage bookings, confirmations, reminders, rescheduling, cancellations and intake forms. If you book with us, your booking data is processed through that service and through our internal client-administration workflow.

Payments

We use Stripe as our payment processor. Payment card details are entered directly into the Stripe-provided payment interface and are not transmitted through ordinary contact forms or email. We receive the payment and billing information we need for administration, invoicing, support, refunds and record-keeping.

Marketing, newsletter and social-media outreach

We may send newsletters, insights, invitations and service updates by email or direct message.

We apply a consent-first approach to all marketing communications globally. This means we will ask for your consent before sending marketing emails or messages, regardless of where you are located. This standard (derived from CASL and GDPR) is the highest protection available and ensures that all our clients and subscribers have explicitly chosen to hear from us.

Every marketing message we send will:

If you ask us not to send marketing, we will honour that request immediately and keep a suppression record to respect your choice.

Direct messages sent through social-media platforms are treated as marketing communications and require prior consent.

SMS and text message communications

We may, in the future, offer the option to receive SMS or MMS text messages from us — for example, appointment reminders, service updates, or marketing communications. If we introduce SMS communications, we will only send messages where you have given prior express consent. You can opt out at any time by replying STOP to any message. We will apply the same consent-first standard globally for SMS as we do for email.

Cookies and similar technologies

We use cookies and similar technologies to run and secure our website and, where configured, to understand website performance and improve the service. Some cookies are strictly necessary for the site to function. Others require your consent before use.

You can manage your cookie preferences through the consent controls on our website.

Who we share personal data with

We may share personal data, where necessary, with:

If you contact us through a social-media platform, that platform will also process your personal data in line with its own terms and privacy policy.

Links to other websites

Our website may contain links to third-party websites. If you click a link to an external site, you will be directed to that site. These external sites are not operated by us and we have no control over their content, privacy practices or policies. We strongly encourage you to review the privacy policy of any third-party site you visit. We accept no responsibility for third-party sites or services.

International transfers

Our clients and website visitors are located in countries around the world. Personal data may be transferred, stored or processed internationally as part of service delivery, which may involve service providers in different jurisdictions.

We ensure that any international transfer of personal data complies with UK GDPR standards, which requires:

This standard applies to all international transfers regardless of the recipient country.

How long we keep personal data

We keep personal data only for as long as necessary for the purpose for which it was collected, including legal, accounting, complaint-handling and record-keeping obligations. Our working retention periods are as follows:

Data typeRetention period
Enquiries not taken forward12 months
Booking records18 months
Client engagement and financial records7 years after the engagement ends
Marketing subscription dataUntil unsubscribe or withdrawal of consent
Suppression recordsAs long as needed to honour the opt-out

Your rights

We apply UK GDPR rights to all clients and website visitors globally. This means you have the following rights regardless of where you are located:

You have an absolute right to object to your personal data being used for direct marketing at any time.

To exercise any of these rights, contact us at contact@wealthfluency.com. We may need to verify your identity before acting on a request.

Complaints

If you have a concern about how we handle your personal data, please contact us first at contact@wealthfluency.com and we will do our best to resolve it.

You may also lodge a complaint with the Information Commissioner's Office (ICO), the UK data protection authority — Website: ico.org.uk · Helpline: 0303 123 1113.

If you are located in a country with a local data protection authority and prefer to contact them, we can help you identify the appropriate contact.

Children's data

Our services are designed for adult founders, CEOs and business owners. They are not directed to children under 18. If we become aware that we have collected personal data from a child, we will delete it promptly.

Security

We use appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage.

Changes to this Policy

We may update this Policy from time to time. When we do, we will update the effective date at the top of this page. We encourage you to review this Policy periodically.