How Meerkat processes, stores, and protects your data. Last updated February 24, 2026.
Summary: Meerkat processes content in real time to detect threats and verify accuracy. We store trust scores and metadata in the audit trail. We do not store raw content. We do not share data with third parties.
When your agent calls the Meerkat API, the following data is transmitted for processing:
| Endpoint | Data sent | Purpose |
|---|---|---|
| /v1/shield | Content your agent is about to process (emails, web pages, documents, SKILL.md files) | Scan for prompt injection, jailbreaks, data exfiltration, credential harvesting, and social engineering |
| /v1/verify | AI-generated output, source context (ground truth), and optional user input | Verify output accuracy against source material using NLI, numerical verification, and claim extraction |
| /v1/audit/:id | Audit event ID only | Retrieve previously logged verification results |
| /v1/register | Email address | Create an API key and developer account |
Trust scores, check results (pass/fail/score per check), status (PASS/FLAG), severity, remediation actions, session IDs, timestamps, domain, and API key identifier.
This is the data visible when you call /v1/audit/:id or view the governance dashboard.
The actual text sent to /v1/shield and /v1/verify is processed in memory and discarded after the response is returned. Meerkat does not persist the content of emails, documents, AI outputs, or source context.
The reference material you send for verification is used only during the real-time check. It is not retained, indexed, or used for any other purpose.
When Meerkat detects an error, the specific correction details (e.g., "found 500mg, expected 50mg") are stored as part of the audit trail for the retention period. These are derived values, not raw content.
| Field | Example | Contains raw content? |
|---|---|---|
| audit_id | aud_a1b2c3d4 | No |
| session_id | ses_x9y8z7 | No |
| timestamp | 2026-02-24T09:15:00Z | No |
| status | FLAG | No |
| trust_score | 72 | No |
| domain | healthcare | No |
| check scores | numerical: 0.5, claims: 0.8 | No |
| check flags | ["critical_dose_mismatch"] | No |
| corrections | found: "500mg", expected: "50mg" | |
| suggested_action | REQUEST_HUMAN_REVIEW | No |
| Plan | Audit retention |
|---|---|
| Starter (free) | 7 days |
| Professional | 90 days |
| Enterprise | 365 days (configurable) |
After the retention period, audit trail data is permanently deleted. There is no raw content to delete because it is never stored.
All Meerkat services run on Microsoft Azure Container Apps. Data does not leave the hosting region during processing.
All API communication is encrypted in transit via TLS 1.2+. Audit trail data is encrypted at rest using Azure-managed encryption keys.
Audit data is stored in PostgreSQL with pgvector extensions, hosted on Azure with automated backups and point-in-time recovery.
Each customer's audit data is isolated by API key. No cross-tenant access is possible. Enterprise plans support dedicated infrastructure.
Meerkat does not share, sell, or transfer your data to any third party. The content sent to the API is processed entirely within Meerkat's infrastructure. No external LLM providers (OpenAI, Anthropic, Google) see the content sent to /v1/shield or /v1/verify. All ML models (NLI, numerical verification, preference detection) run locally within Meerkat's containers.
You control which content is sent to Meerkat through your agent's configuration. You can scope verification to specific content types, domains, or workflows.
Call /v1/verify without a context field to run in observation mode. Only preference detection runs. No content comparison is performed. Useful for monitoring without sending source material.
Contact support@meerkatplatform.com to request immediate deletion of all audit data associated with your API key.
Questions about data handling? Email privacy@meerkatplatform.com