## Masking types

Agen for SaaS provides predefined data masking types organized by regulatory compliance framework. When creating a data protection policy, you select which categories of sensitive data to detect and mask in tool responses.

### Data type categories

Data types are grouped into compliance categories. Each category contains multiple specific data types that Agen for SaaS can detect and mask automatically.

#### PHI — Protected Health Information

39 predefined types covering health-related identifiers required for HIPAA compliance. Includes:

| Data type | Description |
|  --- | --- |
| Au Medicare | Australian Medicare numbers |
| Canada Health Service Number | Canadian health service identifiers |
| Canada Personal Health Id Number Phin | Canadian personal health IDs |
| Canada Social Insurance Number | Canadian social insurance numbers |
| Dutch Bank Account Number | Dutch banking identifiers |
| Email Address | Email addresses in any format |
| Germany Drivers License Number | German driver's license numbers |
| Germany Id Number | German national ID numbers |
| Germany Passport Number | German passport numbers |


And 30 additional types covering international health identifiers, insurance numbers, and medical record numbers.

Each category has a **Select all** option to quickly apply all data types in that category.

#### GDPR — General Data Protection Regulation

Data types regulated under EU GDPR, including names, addresses, national IDs, and other personally identifiable information relevant to EU data subjects.

#### PII — Personally Identifiable Information

General personally identifiable information types including social security numbers, driver's license numbers, passport numbers, and financial account numbers.

#### PCI DSS — Payment Card Industry

Payment card data types including credit card numbers, CVV codes, and cardholder names.

#### CCPA — California Consumer Privacy Act

Data types specific to California residents' privacy rights.

#### COPPA — Children's Online Privacy Protection Act

Data types related to children's personal information.

### How masking works

When a data protection policy is active and its targeting conditions match:

1. Agen for SaaS scans the tool response for patterns matching the selected data types.
2. Detected sensitive data is replaced with masked values (e.g., `***-**-1234` for SSN, `****@****.com` for email).
3. The masked response is returned to the AI agent.


The original unmasked data is never exposed to the AI agent or the AI platform.

### Combining categories

You can select data types from multiple categories in a single policy. For example, a policy might combine GDPR and PHI types to cover both EU privacy and health data requirements.

Use the **Select all** option within each category to quickly enable all types, or individually select specific types for more targeted protection.

### Related topics

- [Data protection overview](/agen-for-saas/data-protection/overview)
- [Conditional expressions](/agen-for-saas/policies/conditional-expressions)