All posts
June 22, 20264 min read

What LGPD Means for MCP

How can you prove that your MCP service complies with LGPD requirements? LGPD, Brazil’s General Data Protection Law, obliges organizations to keep a detailed record of every personal data interaction. Auditors expect evidence that shows who accessed which data, when the access occurred, and that any sensitive fields were protected or redacted. The law also requires organizations to grant access on a need‑to‑know basis, enforce data minimization, and document and approve any deviation from polic

Free White Paper

LGPD (Brazil): The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Coleman Nye

How can you prove that your MCP service complies with LGPD requirements?

LGPD, Brazil’s General Data Protection Law, obliges organizations to keep a detailed record of every personal data interaction. Auditors expect evidence that shows who accessed which data, when the access occurred, and that any sensitive fields were protected or redacted. The law also requires organizations to grant access on a need‑to‑know basis, enforce data minimization, and document and approve any deviation from policy.

MCP (Model‑Control‑Proxy) servers expose programmable endpoints that AI agents or automated services call to run code, retrieve results, or store artifacts. Because MCP often handles personally identifiable information (PII) on behalf of downstream applications, it becomes a focal point for LGPD compliance. Teams typically secure MCP with strong identities and least‑privilege IAM roles, but the request still travels directly to the MCP process. In that flow there is no built‑in audit of each command, no automatic redaction of sensitive fields, and no checkpoint for human approval before a risky operation proceeds.

Why the data path matters for LGPD evidence

The missing piece is a control surface that sits on the data path between the caller and the MCP server. Without a gateway, the only logs available are those the MCP application emits, which the code itself often makes optional or coarse. If attackers compromise the MCP process, they can alter or delete those logs, breaking the audit trail that LGPD requires.

Placing a Layer 7 gateway in the data path gives the gateway a dedicated place to inspect, record, and govern every request and response.

How hoop.dev provides continuous LGPD evidence

hoop.dev is an open‑source identity‑aware proxy that sits between identities and infrastructure. When a user, service account, or AI agent authenticates via OIDC or SAML, hoop.dev validates the token, extracts group membership, and then forwards the request to the MCP server. Because the gateway sits in the data path, it can apply three enforcement outcomes that directly satisfy LGPD audit requirements:

  • Session recording. hoop.dev records every MCP interaction, capturing the exact request payload, the response, the authenticated identity, and a timestamp. These immutable session logs provide the essential evidence of who accessed what data and when.
  • Inline data masking. hoop.dev redacts sensitive fields identified in policy (for example, national ID numbers or credit‑card digits) in real‑time before the response leaves the gateway. This demonstrates data minimization and protects PII even if the downstream MCP service logs the full payload.
  • Just‑in‑time approval. For high‑risk commands, hoop.dev can pause the request and route it to a designated approver. The approval decision, together with the identity of the approver and the time of approval, stores alongside the session record, proving that risky operations received explicit authorization.

Because hoop.dev holds the credentials for the MCP connection, the calling identity never sees the secret. This separation prevents credential leakage from tampering with the audit trail.

Continue reading? Get the full guide.

LGPD (Brazil): Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

Mapping LGPD controls to hoop.dev capabilities

LGPD’s technical and organizational measures translate into concrete hoop.dev features:

  • Access control logs. The recorded sessions let you export a tamper‑evident log for audit.
  • Data minimization. Inline masking guarantees that only the necessary data is exposed to the client, satisfying the principle of least exposure.
  • Purpose limitation. Just‑in‑time approval workflows allow organizations to enforce that a request matches an approved purpose before it reaches MCP.
  • Accountability. By tying every action to an authenticated identity and storing the decision chain, hoop.dev creates the accountability trail that LGPD regulators expect.

These outcomes exist only because hoop.dev sits in the data path. If you remove the gateway, the MCP service alone cannot guarantee immutable logs, real‑time masking, or enforced approvals.

Getting started with hoop.dev and MCP

To embed hoop.dev in front of your MCP deployment, follow the high‑level steps below. Detailed instructions are available in the getting started guide and the feature documentation:

  1. Deploy the hoop.dev gateway using the provided Docker Compose file or your preferred orchestration platform.
  2. Configure OIDC or SAML authentication so that users and agents obtain tokens from your identity provider.
  3. Register the MCP endpoint as a connection in hoop.dev, supplying the service credentials that the gateway will use.
  4. Define masking policies for any PII fields that must be redacted from responses.
  5. Enable just‑in‑time approval for commands that modify or export sensitive data.
  6. Start routing traffic through the gateway by pointing your client or AI agent to the hoop.dev endpoint.

Once the gateway is in place, you can capture, mask, and, when required, gate every MCP interaction with an approver. You can retain those records for the period mandated by LGPD and you can supply them to auditors without additional tooling.

FAQ

Do I need to change my MCP code to use hoop.dev?

No. hoop.dev works at the protocol layer, so existing clients can connect to the gateway using the same commands they would use against MCP directly. The gateway handles authentication, masking, and recording transparently.

How long are the session logs retained?

You configure retention on the gateway side. Align the retention period with LGPD’s requirement to keep records for the duration needed to demonstrate compliance, typically several years.

Can hoop.dev integrate with my existing identity provider?

Yes. hoop.dev supports OIDC and SAML providers such as Okta, Azure AD, Google Workspace, and others. The gateway validates the token and extracts group membership to drive access decisions.

By placing hoop.dev in front of MCP, organizations gain a continuously updating evidence store that satisfies LGPD’s audit and data‑protection mandates without rewriting their applications.

Explore the open‑source repository on GitHub to see the implementation details and contribute.

Open source

Save the open-source gateway for agent data access

Hoop is MIT-licensed infrastructure for controlling how AI agents reach production data. Star hoophq/hoop so you can inspect it, deploy it, or share it when your team starts governing agent access.

Star and save the repo →More posts
Ask AI about this topic
ClaudeChatGPTGrokGeminiPerplexityCopilot