Meltwater MCP Security & Compliance
Meltwater MCP: Security and Trust Architecture
Meltwater MCP connects Meltwater intelligence to your team's AI assistants. Once your team signs in, your data and the tools that use it stay inside Meltwater's control.


Meltwater MCP: AI Security and Compliance
Overview
Meltwater MCP connects Meltwater media and social intelligence to the AI assistants your team already uses, such as Claude Enterprise and ChatGPT Enterprise. Your team asks questions in their assistant, and Meltwater returns trusted results with source citations. The reasoning happens in your assistant's model. The Meltwater data and the tools that retrieve it run inside Meltwater-controlled infrastructure.
What it does
- Retrieves and analyzes news and social coverage in real time
- Returns overviews of large volumes of media and social content, with citations
- Supports drafting work such as communications and social posts, grounded in Meltwater data
Technology and trust model
- Meltwater MCP exposes a defined set of tools that retrieve Meltwater intelligence on request
- Tool processing and data retrieval run inside Meltwater-controlled infrastructure
- The trust boundary is the sign-in: everything from authentication inward is governed by Meltwater's security and access controls
- Meltwater MCP is a delivery path that brings intelligence into your AI workflows. It does not export or replicate the Meltwater platform
Risk profile
- Positioned as a low-risk productivity tool under the EU AI Act
- Does not perform prohibited or high-risk functions such as biometric identification or credit scoring
User transparency
- Results carry source citations so users can verify against the original coverage
- Users are reminded to review AI outputs before publishing or acting on them
Data processed
- Meltwater user identity, confirmed through sign-in, to match the request to an existing Meltwater account
- The user's prompt or query text passed to a Meltwater tool
- Structured results returned from Meltwater's intelligence
- No sensitive personal data is required to use Meltwater MCP
Data use, retention, and deletion
- Data retrieved through the connector is used only to answer your query within that conversation
- Meltwater does not use customer data to train its models. Your AI assistant is governed by your own enterprise agreement with that provider
- Stored application data can be deleted at any time on request; you can export your own data at any time
- Retention is not configurable; encrypted backups are kept up to 6 months beyond contract expiration
Sensitive information
- Meltwater does not apply automated filtering of personal data
- Customers should redact sensitive or regulated data before entering it
Security measures
- Encrypted in transit (TLS 1.2+) and at rest (AES-256); personal data is also pseudonymized
- Access governed by least privilege, four-eyes review, and multi-factor authentication
- Secrets managed through a key management system; departing employee access removed within 24 hours
- Rate limiting plus continuous monitoring for anomalies and threats
Data residency and resilience
- Processed and stored in the EU (Ireland and Germany), on AWS and Microsoft Azure infrastructure
- Multi-region backups, at least daily; 24-hour recovery point objective, 72-hour recovery time objective
Permissions and authentication
- Connection is authorized through OAuth 2.0 using the customer's existing Meltwater login and single sign-on
- No API keys to issue or manage, and no long-lived shared secrets
- The credentials for your AI assistant are never shared with Meltwater
- Meltwater grants access only to the news and social intelligence the signed-in user is already entitled to
Access controls
- Access is managed through existing Meltwater seat management in app.meltwater.com
- Admins can grant, restrict, or revoke access by user at any time
Subprocessors and hosting
- All processing occurs within environments controlled by Meltwater and its named subprocessors
- Subprocessors are subject to onboarding and periodic review in accordance with Meltwater's Third Party Management policy
- Subprocessors are governed by standard contractual clauses and disclosed in the Meltwater Trust Center
Certifications
- ISO 42001: AI management systems
- ISO 27001: information security
- ISO 27701: data privacy
- SOC 2 Type 2. Encryption and data-protection controls are validated by ISO 27001 and SOC 2 Type 2 across processing environments
Frequently asked questions
Can access be controlled per user?
Yes. Access is managed through Meltwater seat management, by user, role, or team, and can be removed at any time.
Does all data stay in Meltwater-controlled environments?
Yes. Tool processing and data retrieval run inside Meltwater-controlled EU infrastructure. Results are returned to your AI assistant, which composes the answer.
Do customers own the outputs?
Yes. Customers retain full ownership of generated content. Meltwater claims no rights over it.
Is customer data used to train AI models?
Data retrieved through the connector is used only to answer your query within that conversation. Meltwater does not use customer data to train its models. Your AI assistant is governed by your own enterprise agreement with that provider.
Where is data processed and stored?
In the EU, in Ireland and Germany, on AWS and Microsoft Azure infrastructure.
What intelligence does Meltwater MCP cover?
Meltwater solutions span media, social, and consumer intelligence.


