# Masking types

AgentLink provides a wide range of predefined **data masking types** categorized by regulatory frameworks.
Each type defines a specific pattern of information that will be automatically detected and masked in tool responses.

## GDPR — General data protection regulation

Covers personal identifiers of EU citizens.

| Example Fields | Description |
|  --- | --- |
| Email Address | Replaces local part of the email (e.g., `a***@example.com`). |
| Phone Number | Masks digits except for the country code (e.g., `+44 ******123`). |
| Passport / ID Number | Replaces all digits with `*`. |
| Address | Masks street names and house numbers. |
| Bank Number | Obscures all but the last four digits. |


## PHI — Protected health information (HIPAA)

Applies to health-related data used in regulated contexts.

| Example Fields | Description |
|  --- | --- |
| Medical License | Masks identifier fully. |
| Health Record ID | Partially masks unique record identifiers. |
| Insurance Number | Removes middle segment of the number. |
| Diagnosis Codes | Optionally replaces with “[REDACTED]”. |


## PCI DSS — Payment card industry

Applies to payment and credit card data.

| Example Fields | Description |
|  --- | --- |
| Credit Card Number | Masks all but the last four digits. |
| CVV / Security Code | Fully masked. |
| IBAN / Bank Account | Partially masked. |
| Cardholder Name | Replaced with generic placeholder. |


## CCPA — California consumer privacy act

Targets U.S. consumer personal data.

| Example Fields | Description |
|  --- | --- |
| SSN | Masks middle digits (e.g., `***-**-6789`). |
| Driver License | Fully masked. |
| Home Address | Replaces street name with `[REDACTED]`. |
| Tax ID | Masks all characters except the last two. |


## COPPA — Children's online privacy protection act

Used when child-related data is involved.

| Example Fields | Description |
|  --- | --- |
| Child Name | Replaced with “Child”. |
| Birth Date | Replaced with “01/01/YYYY”. |
| School Name | Masked entirely. |


## Masking behavior

- Masking occurs **before** any data is returned to AI agents.
- The original values are never stored or exposed in logs.
- When multiple policies apply to the same tool, masking is applied cumulatively.
- All matched values are replaced with deterministic redaction tokens in the form `REDACTED_<TYPE>`.
  - Examples: `REDACTED_EMAIL_ADDRESS`, `REDACTED_CREDIT_CARD`, `REDACTED_US_SSN`.


### Example response


```json
{
  "email": "REDACTED_EMAIL_ADDRESS",
  "creditCard": "REDACTED_CREDIT_CARD",
  "patientId": "REDACTED_PATIENT_IDENTIFIER"
}
```