Privacy Policy - OFMALCHEMY (Melossom)

Privacy Policy

Effective Date: May 4, 2026 Last Updated: May 4, 2026

This Privacy Policy explains how OFMALCHEMY, trading as Melossom (“Melossom” “we,

” “us, ” or “our”), collects, uses, stores, shares, and protects information about you when you visit our websites, communicate with us, purchase our services, attend our webinars, opt in to our SMS or email programs, or otherwise interact with our business.

By using our services, you agree to the practices described below. If you do not agree, please do not use our

services.

1. Who We Are

OFMALCHEMY is registered in the United Kingdom and trades as Melossom.

Legal Name: OFMALCHEMY Trading Name: Melossom Companies House Registration Number:

16373692 Registered Address: 167-169 Great Portland Street, 5th Floor, London W1W 5PF, United Kingdom Contact Email: [email protected]

For any privacy-related question, request, or complaint, contact us at the email above. We are the data

controller for the personal information described in this policy.

2. Information We Collect

We collect the following categories of information:

Information you give us directly - Name, email address, phone number, billing address, country of residence - Payment details (processed by our payment partners, not stored on our servers) - Business information you submit on intake forms, applications, or sales calls - Communications you send us (email, SMS, chat, call recordings, support tickets) - Information you share during webinars, group calls, or coaching sessions

Information collected automatically - IP address, device type, browser type, operating system - Pages viewed, time on site, referral source, click behavior - Cookies and similar tracking technologies (see Section 8) - Ad attribution data (which ad you clicked, conversion events)

Information from third parties - Lead data from advertising platforms (Meta, Google, TikTok, YouTube) - Information from our CRM and partners involved in delivering our services - Public information from your social media profiles where relevant to a business engagement

We do not knowingly collect information from anyone under 18. Our services are intended for adults engaged in business activity.

3. How We Use Your Information

We use the information above to:

⏺ Deliver the services you purchased and provide ongoing client support

⏺ Process payments and manage billing

⏺ Communicate with you about your account, services, scheduling, and updates

⏺ Send marketing messages by email and SMS where you have opted in

⏺ Improve our services, content, and customer experience

⏺ Measure the performance of our advertising and marketing

⏺ Detect, prevent, and respond to fraud, abuse, or security issues

⏺ Comply with our legal obligations

Under UK and EU data protection law, we rely on the following lawful bases for processing your personal data: your consent (for marketing and non-essential cookies), performance of a contract with you (to deliver services you have purchased), our legitimate business interests (to run, improve, and protect our business), and compliance with legal obligations (such as accounting and tax law).

4. We Do Not Sell or Share Your Personal Data With Third Parties

We do not sell your personal data. We do not rent your personal data. We do not trade your personal data. We do not share, transfer, or disclose your personal data to any third party for that third party’s own purposes, including their own marketing, advertising, profiling, audience- building, or commercial use.

The only entities that receive your information are the service providers listed in Section 5. Those providers receive your data solely to perform specific services on our behalf under written contract, and they are contractually prohibited from using your data for their own purposes. They act as our processors, not as independent third parties.

This commitment covers all personal data we hold about you, including:

⏺ Your name, email address, phone number, billing details, and contact information

⏺ Your business information, payment history, and account records

⏺ Your communications with us (calls, emails, SMS, chat, support tickets, recordings)

⏺ Your SMS opt-in status and consent, which is never shared with any third party for any purpose unrelated to delivering our messages to you

⏺ Data collected automatically through cookies, pixels, and analytics tools

We will never sell your data to data brokers, list resellers, ad networks, or any other party. We do not participate in any cross-context behavioral advertising program that would constitute a “sale” or “share” of personal information under California law.

If we are ever required to disclose information by law (for example, in response to a valid subpoena, court order, or regulatory demand), we will disclose only what is strictly required and will notify you where lawful and practicable.

5. Service Providers Who Process Data on Our Behalf

We use the following categories of service providers. Each is contractually required to protect your data and use it only to support our services.

We may add or change providers as our business evolves. The list above describes the categories you should expect.

5. Service Providers Who Process Data on Our Behalf

We use the following categories of service providers. Each is contractually required to protect your data and use it only to support our services.

Category	Examples
Payment processing	Whop, Fanbasis, bank transfer providers, crypto processors
CRM & communications	GoHighLevel (GHL), Roezan (SMS), email service providers
Data, analytics & attribution	Hyros, Google Analytics, Meta Pixel, Airtable
Accounting & finance	Xero
Cloud hosting & infrastructure	Vercel, Google Workspace
Scheduling & calls	Calendar and video conferencing providers

We may add or change providers as our business evolves. The list above describes the categories you should expect.

6. SMS Program Privacy (Required Disclosure)

If you opt in to our SMS program, the following terms apply specifically to that program.

No third-party sharing of SMS opt-in data. We will not share your SMS opt-in or consent with any third party for any purpose unrelated to delivering our SMS messages to you. Your phone number and consent status are excluded from any marketing data we share with anyone.

What we share for delivery. We share your phone number and message data only with the carriers, SMS platforms, and infrastructure providers (such as Roezan) needed to deliver our messages.

Opt-in. You opt in by providing your number on a form, replying to a keyword, or otherwise giving express consent. SMS marketing under UK PECR and EU ePrivacy rules requires your prior, freely given consent, and we obtain that consent before sending you any marketing message.

Opt-out. You can opt out at any time by replying STOP to any message. Reply HELP for support. Standard message and data rates may apply.

Frequency. Message frequency varies based on the program and your engagement.

7. International Data Transfers

We are based in the United Kingdom. Our clients are located in the United Kingdom, European Union, United States, Canada, South America, Australia, and elsewhere. By using our services, you understand that your information may be transferred to and processed in countries other than your own.

When we transfer personal data outside the United Kingdom or the European Economic Area, we use appropriate safeguards required by UK GDPR and EU GDPR, including UK International Data Transfer Agreements, the UK Addendum to the EU Standard Contractual Clauses, EU Standard Contractual Clauses, and reliance on adequacy decisions where they apply.

8. Cookies and Tracking

We use cookies, pixels, and similar technologies to:

⏺ Keep our websites and platforms working

⏺ Remember your preferences

⏺ Measure traffic and ad performance

⏺ Attribute conversions through tools such as Hyros, Meta Pixel, and Google Analytics

Where required by law, we obtain your consent for non-essential cookies through a cookie banner. You can also control cookies through your browser settings. Disabling certain cookies may affect site functionality.

9. Your Rights

Depending on where you live, you may have the following rights:

For residents of the United Kingdom (UK GDPR and Data Protection Act 2018): - Be informed about how we use your data - Access the personal data we hold about you - Correct inaccurate data - Request erasure of your data - Restrict processing - Object to processing, including direct marketing - Data portability - Rights related to automated decision-making and profiling - Withdraw consent at any time - Lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk

For residents of the European Union and European Economic Area (EU GDPR): The same set of rights listed above applies under EU GDPR. You may lodge a complaint with your local data protection authority.

For residents of California (CCPA/CPRA): - Know what categories of personal information we collect - Request deletion of personal information - Opt out of any “sale” or “sharing” of personal information (we do not sell or share, but you can confirm this status) - Correct inaccurate personal information - Non- discrimination for exercising your rights

For residents of Canada (PIPEDA): - Access and correct your personal information - Withdraw consent for

processing - File a complaint with the Office of the Privacy Commissioner of Canada

For residents of Australia (Privacy Act): - Access and correct your personal information - Make a complaint to the Office of the Australian Information Commissioner

For everyone: - Unsubscribe from email marketing using the link in any email - Opt out of SMS by replying STOP - Contact us at [email protected] to request any of the above

We will respond within the timeframes required by applicable law. For UK GDPR requests, we will respond within one month.

10. Data Retention

We keep your personal information for as long as needed to provide our services, manage our client relationship with you, comply with our legal and tax obligations, and resolve disputes. Typical retention periods:

⏺ Active client records: for the duration of the relationship plus 6 years to comply with UK accounting and tax law

⏺ Marketing contacts: until you unsubscribe or request deletion

⏺ SMS opt-in data: until you reply STOP or otherwise withdraw consent

⏺ Website analytics: typically 14 to 26 months depending on the tool

When we no longer need your data, we delete or anonymize it

11. Data Security

We use administrative, technical, and physical safeguards designed to protect your information, including encryption in transit, access controls, and vendor diligence on our service providers. No system is perfectly secure, and we cannot guarantee absolute security. If a personal data breach affecting your rights occurs, we will notify the ICO within 72 hours where required, and we will notify you where the breach is likely to result in a high risk to your rights.

12. Children’s Privacy

Our services are for adults aged 18 and over. We do not knowingly collect information from children. If you believe a child has provided us with personal data, contact [email protected] and we will delete it.

13. Third-Party Links and Content

Our websites and communications may include links to third-party sites and tools. We are not responsible for their privacy practices. Review their policies before sharing information with them.

14. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last Updated” date at the top will reflect any changes. Material changes will be communicated through our website or by email where appropriate. Continued use of our services after changes are posted constitutes acceptance.

15. Contact Us

For privacy questions, requests, or complaints:

OFMALCHEMY (trading as Melossom) 167-169 Great Portland Street, 5th Floor, London W1W 5PF, United Kingdom Companies House Registration No. 16373692 Email: [email protected]

If you live in the United Kingdom and are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113.