## Security and compliance

Agen for SaaS is designed with security and compliance at every layer. Every AI agent interaction passes through a multi-layered governance pipeline that enforces authentication, authorization, policy evaluation, data protection, and full audit logging.

### Security architecture

The Agen for SaaS MCP Gateway enforces the following security layers on every request:

| Layer | Purpose |
|  --- | --- |
| **Authentication** | Every request must include a valid identity token. Supports Frontegg and any OIDC-compliant provider. |
| **Access control** | JWT-based role and permission checks ensure only authorized users can invoke specific tools. |
| **Policies** | Conditional rules evaluate request context and enforce deny, step-up, or approval actions. |
| **Approval flows** | Human-in-the-loop review for sensitive operations with multi-step, multi-channel notifications. |
| **Data protection** | Automatic masking of PII, PHI, PCI, and other sensitive data types in tool responses. |
| **Hooks** | Custom JavaScript code for additional validation, transformation, and enforcement logic. |
| **Monitoring** | Full audit trail of every interaction, policy decision, and approval event. |


### Compliance coverage

Agen for SaaS helps you meet requirements for:

| Framework | How Agen for SaaS helps |
|  --- | --- |
| **SOC 2** | Full audit logging of all AI agent actions, policy enforcement, and approval workflows. |
| **GDPR** | Data protection policies with GDPR-specific masking types. Conditional targeting for EU data subjects. |
| **HIPAA** | PHI masking with 39 predefined health data types. Access control and approval flows for health data tools. |
| **PCI DSS** | Payment card data masking. Tool-level access restrictions for payment endpoints. |
| **CCPA** | California-specific data type masking and conditional enforcement. |


### Related topics

- [Security model](/agen-for-saas/security-compliance/security-model)
- [Best practices](/agen-for-saas/security-compliance/best-practices)
- [Compliance](/agen-for-saas/security-compliance/compliance)
- [Data protection](/agen-for-saas/data-protection/overview)
- [Access control](/agen-for-saas/access-control/overview)