// Trust & Security Report

    Meltwater Group (regional contracting entities, e.g. Meltwater News US Inc., Meltwater N.V./Netherlands B.V. for EU) logo

    Meltwater Group (regional contracting entities, e.g. Meltwater News US Inc., Meltwater N.V./Netherlands B.V. for EU)

    Meltwater is a media, social, and consumer intelligence platform (Media Intelligence, Social Listening, AI Visibility Tracking, Media Relations) plus the Klear influencer marketing product and a developer API; AI features are embedded across the core platform for summarization and insight generation.

    Certifications held

    7

    Maturity

    Enterprise

    Trains on your data

    Unknown

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    Meltwater Achieves SOC 2 Type II Certification, Reinforcing Commitment to Data Security and Trust. Published January 8, 2026.

    Verify on trust.meltwater.com
    ISO 27001:2022
    HELD

    Compliance: SOC 2, ISO 27001:2022, ISO 27701, ISO/IEC 42001:2023, GDPR, CCPA COMPLIANT, UK Cyber Essentials

    Verify on trust.meltwater.com
    ISO 27701 (privacy information management)
    HELD

    Building upon our ISO 27001 and 27701 certifications, this new standard demonstrates our proactive approach to AI management and risk mitigation.

    Verify on trust.meltwater.com
    ISO/IEC 42001:2023 (AI management system)
    HELD

    Meltwater, a global leader in media, social and consumer intelligence, is proud to announce that the company is the first in its industry to receive ISO 42001 certification for responsible development and use of AI systems.

    Verify on trust.meltwater.com
    GDPR (compliance posture, not a certification)
    HELD

    You as a data subject have many possibilities to impact how your personal information is being processed. Meltwater the Netherlands B.V. is the main EU establishment for data protection purposes; Standard Contractual Clauses are used for transfers outside the EEA.

    Verify on meltwater.com
    CCPA (self-attested compliance)
    HELD

    CCPA COMPLIANT (listed under Compliance on the Trust Center)

    Verify on trust.meltwater.com
    UK Cyber Essentials
    HELD

    UK Cyber Essentials (listed under Compliance and Certifications on the Trust Center)

    Verify on trust.meltwater.com
    > Show 4 unconfirmed / not-held certifications
    HIPAA
    NOT CONFIRMED

    No public evidence. HIPAA is not listed anywhere on the Trust Center's Compliance/Certifications section, and no HIPAA claim appears on Meltwater's marketing pages. Meltwater's product is media/social intelligence, not a healthcare service, so HIPAA is likely out of scope rather than an omission.

    source: trust.meltwater.com
    PCI DSS
    NOT CONFIRMED

    No public evidence. Not listed on the Trust Center; payment processing appears to be handled by Stripe (listed as a subprocessor), not certified directly by Meltwater.

    source: trust.meltwater.com
    FedRAMP
    NOT CONFIRMED

    No public evidence of FedRAMP authorization on the Trust Center or elsewhere on meltwater.com.

    source: trust.meltwater.com
    CSA STAR
    NOT CONFIRMED

    No public evidence on Meltwater's own domain. Not listed in the Trust Center's Compliance or Certifications sections.

    source: trust.meltwater.com

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Offered

    Data region

    Global; EU establishment is Meltwater the Netherlands B.V. (Dutch DPA as competent authority). 40+ subprocessors span US, EU/Ireland, APAC, Australia, and other regions; cross-border transfers use SCCs, the EU-US Data Privacy Framework, or BCRs.

    Meltwater's product terms bar CUSTOMERS from using Meltwater API or CSV-export content to train their own AI models ('Customer shall not use any content obtained, related or derived through any Meltwater API to train, fine-tune, ground or develop any artificial intelligence systems') -- this protects Meltwater's own data/IP and is not a statement about whether Meltwater itself trains models on customer data. Separately, the DPA states: 'Meltwater may process personal data related to the customer as a data controller outside of the scope of this DPA, for example for customer management purposes, and use personal data in anonymised format for product development purposes.' This leaves open whether 'product development' includes AI/ML model training. OpenAI is listed as a US-based subprocessor. No explicit opt-out for AI-feature data use was found on the vendor's own domain (an opt-out does exist for creators/influencers in the Klear database at klear.com/opt-out, a different data flow).

    // Security controls

    Independent security certifications

    SOC 2 Type II, ISO 27001:2022, ISO 27701, ISO/IEC 42001:2023 (AI management), UK Cyber Essentials

    trust.meltwater.com

    Security program governance

    Formal Information Security program overseen by a Director of Engineering, Infrastructure & Security, the CTO, and an appointed Data Protection Officer; DevSecOps model with a dedicated multi-person security team.

    trust.meltwater.com

    Incident reporting

    Dedicated reporting channel: security@meltwater.com

    trust.meltwater.com

    Cross-border data transfer safeguards

    Standard Contractual Clauses (SCCs), EU-US Data Privacy Framework (DPF) participation, and Binding Corporate Rules (BCR) depending on subprocessor location

    meltwater.com

    Data minimization (login data)

    Meltwater stores the first name, last name, work email address, work phone number, and IP address of the machine used to log into Meltwater's platform of those Customers' users who log into our system.

    trust.meltwater.com

    Compliance resource library

    Trust Center provides self-service access to SOC 2 Type 2 Report, SOC 2 Type 2 Management Representation Letter, ISO certificates, CAIQ, HECVAT, TOMs, and DPA documents (request access required).

    trust.meltwater.com

    // Products & data scope

    Meltwater Media Intelligence / Social Listening (core platform)Media & social monitoring, analytics, reporting

    data: Media coverage, social conversations, brand/competitor mentions across ~1B+ documents/day

    Core SaaS product; the certifications listed on the Trust Center are stated at the company/platform level and are the most defensible basis for listing certs against this product.

    Meltwater AI features (in-platform)Generative AI summarization, competitive intelligence, executive reporting

    data: Aggregated media/social content plus customer inputs to AI features (treated as User Submissions under the Agreement)

    Covered by ISO/IEC 42001:2023 AI management certification per the vendor's press release. Whether customer inputs are used for model training beyond 'anonymised product development purposes' is not explicitly disclosed on the vendor's own domain.

    Meltwater API / Developer PlatformProgrammatic access to media/social data

    data: Same underlying media/social content, delivered via API

    Product-specific terms contractually bar customers (not Meltwater) from using API or CSV-export output to train their own AI/ML models.

    Klear (influencer marketing intelligence)Influencer/creator discovery and campaign management

    data: Creator and influencer social profiles

    Has its own opt-out mechanism (klear.com/opt-out) distinct from the main platform's privacy controls, suggesting a separate data pipeline; unclear from public evidence whether Klear is in-scope for the same SOC 2/ISO audits as the core platform.

    // What to watch

    • Whether Meltwater itself trains AI/ML models on customer data is not explicitly confirmed or denied on the vendor's own domain; the DPA's 'anonymised format for product development purposes' clause is ambiguous and the product terms only address restrictions on customers, not Meltwater's own training practices. Recommend follow-up with the vendor before making an affirmative no-training claim in the listing.
    • GDPR and CCPA are listed on the Trust Center as compliance postures/self-attestations, not third-party-audited certifications like SOC 2 or ISO -- list them as 'compliance frameworks addressed' rather than 'certifications held' to avoid over-stating rigor.
    • Klear (influencer marketing) has a separate opt-out flow from the core platform, suggesting it may sit on different infrastructure; scope of SOC 2/ISO audits across all sub-products (Klear specifically) was not independently confirmed from public evidence.
    • Meltwater's corporate legal-entity structure changed after its 2023 take-private transaction (former public entity Meltwater N.V. became inactive); contracts are signed with regional entities (e.g., Meltwater News US Inc., Meltwater (UK) Limited). This does not affect the certifications above (issued to the operating group and surfaced on the shared Trust Center) but should be noted for procurement/legal diligence.

    // At a glance

    Pricing model

    Enterprise, quote-based annual contracts; no public self-serve pricing

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Meltwater Group (regional contracting entities, e.g. Meltwater News US Inc., Meltwater N.V./Netherlands B.V. for EU)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.meltwater.com

    > Browse all vendor trust reports