Permission-aware retrieval for AI

Gate your AI's
access to knowledge

The security middleware between AI agents and your organizational data. Policy enforcement, identity-based access control, and full auditability for every retrieval.

Secure your first RAG pipeline — freeRead the docs

Your AI agents bypass every access control you built

You invested in SSO, IAM, ACLs, and RBAC for every system in your organization. Then you deployed RAG — and created a new access surface that bypasses all of it. Vector databases retrieve by semantic similarity, not authorization. When your AI copilot is asked about compensation data, it returns the most relevant chunks, not the most appropriately authorized ones. This is the RAG authorization gap.

Security that works with your stack

Gateco sits between your AI agents and vector databases — enforcing policies at retrieval time without changing your existing architecture.

Deny-by-Default Retrieval

Your AI agents can only access data they're explicitly authorized for. No policy match, no data — eliminating the #1 cause of RAG data leakage.

9 Vector DB Connectors

Plug into your existing vector infrastructure in minutes. No migration, no vendor lock-in — security layers on top of databases you already use.

Semantic Readiness (L0-L4)

See exactly where each connector stands on the path to full policy enforcement. A clear, actionable roadmap instead of vague security posture scores.

Classification Suggestions

Stop manually labeling thousands of resources. Gateco scans and suggests classifications — you review and approve, turning weeks of work into minutes.

Full Audit Trail

Answer "who accessed what through AI, and when?" instantly. Every retrieval decision recorded with the exact policy logic — audit-ready from day one.

SDK + CLI

Add permission-aware retrieval in 5 lines of code. Python and TypeScript SDKs, CLI for operations, Access Simulator to dry-run policies before they go live.

Multi-Mode Search

Four retrieval modes — semantic similarity, keyword relevance, hybrid fusion, and deterministic grep — so every query finds the right lens.

Identity Provider Sync

Connect Okta, Azure Entra ID, AWS IAM, or GCP Cloud Identity. Principals, groups, and departments sync automatically — so policies reference real identities, not static lists.

Policy Templates

Seven ready-made templates for common patterns — group RBAC, department access, classification ceilings, deny-sensitive. Pick a template, fill in your values, deploy a draft in seconds.

Grounded Answers

Ask a natural language question and get an answer synthesized only from policy-allowed chunks — with citations. Denied content never reaches the LLM context.

Access Simulator

Dry-run policy evaluation or run a live preview against real data. See exactly what each principal would be allowed or denied before activating policies in production.

SCIM Provisioning

Enterprise inbound SCIM v2 for real-time user and group provisioning. Your IDP pushes changes to Gateco as they happen — no sync delay, no stale principals.

MCP Server

Give AI coding assistants like Claude and Cursor permission-aware retrieval via the Model Context Protocol. Six tools, markdown output, zero denied-content leakage.

Works with your stack

Connect your vector databases and identity providers in minutes

Vector Databases

pgvectorT1
SupabaseT1
NeonT1
PineconeT1
QdrantT1
Weaviate
Milvus
Chroma
OpenSearch

Identity Providers

OktaPro+
Azure Entra IDPro+
AWS IAMPro+
GCP Cloud IdentityPro+
View all integrations

Three steps to secure retrieval

No infrastructure changes required. Connect, configure, and enforce — your AI agents keep working, now with permission boundaries.

Connect

Point Gateco at your vector DB

Step 1

Define Policies

Set who can access what data

Step 2

Secure Retrieval

Every query is permission-checked

Step 3

Integrate in minutes

Python and TypeScript SDKs make permission-aware retrieval a one-liner. The CLI handles everything else.

View SDK docsPython SDKTypeScript SDK
from gateco import GatecoClient

client = GatecoClient(api_key="gk_...")

# Permission-aware retrieval
results = client.retrieve(
    connector_id="conn_abc",
    query_vector=embedding,
    identity="user@company.com",
    top_k=10,
)
# Only returns vectors the user
# is authorized to access

Trusted by engineering teams

Teams building AI products use Gateco to ship with confidence — knowing their retrieval pipelines enforce the right access boundaries.

Alex Rivera

Alex Rivera

CTO, DataForge AI

Gateco solved our biggest compliance concern overnight. We went from zero visibility to a full audit trail covering 50K+ monthly retrievals — in under a week.

Sarah Kim

Sarah Kim

Head of Engineering, NovaBridge

The deny-by-default approach caught 340 unauthorized retrieval attempts in the first month that metadata filters missed. No more worrying about data leakage in RAG.

Marcus Chen

Marcus Chen

VP of Security, Cloudshift

Plugging into Pinecone took 20 minutes. Within a day, L3 readiness across all production indexes. The readiness levels give us a clear path to full chunk-level enforcement.

Elena Rodriguez

Elena Rodriguez

Lead Developer, Synthwave Labs

Five lines of Python and our retrieval pipeline is permission-aware. Classification suggestions saved us two weeks of manual labeling across 12K resources.

James Okonkwo

James Okonkwo

Security Architect, TrustLayer

We evaluated three solutions for AI access governance. Gateco was the only one that didn't try to replace our vector DB. Six months in, zero policy violations across 200K+ monthly queries.

Alex Rivera

Alex Rivera

CTO, DataForge AI

Gateco solved our biggest compliance concern overnight. We went from zero visibility to a full audit trail covering 50K+ monthly retrievals — in under a week.

Sarah Kim

Sarah Kim

Head of Engineering, NovaBridge

The deny-by-default approach caught 340 unauthorized retrieval attempts in the first month that metadata filters missed. No more worrying about data leakage in RAG.

Marcus Chen

Marcus Chen

VP of Security, Cloudshift

Plugging into Pinecone took 20 minutes. Within a day, L3 readiness across all production indexes. The readiness levels give us a clear path to full chunk-level enforcement.

Elena Rodriguez

Elena Rodriguez

Lead Developer, Synthwave Labs

Five lines of Python and our retrieval pipeline is permission-aware. Classification suggestions saved us two weeks of manual labeling across 12K resources.

James Okonkwo

James Okonkwo

Security Architect, TrustLayer

We evaluated three solutions for AI access governance. Gateco was the only one that didn't try to replace our vector DB. Six months in, zero policy violations across 200K+ monthly queries.

Alex Rivera

Alex Rivera

CTO, DataForge AI

Gateco solved our biggest compliance concern overnight. We went from zero visibility to a full audit trail covering 50K+ monthly retrievals — in under a week.

Sarah Kim

Sarah Kim

Head of Engineering, NovaBridge

The deny-by-default approach caught 340 unauthorized retrieval attempts in the first month that metadata filters missed. No more worrying about data leakage in RAG.

Marcus Chen

Marcus Chen

VP of Security, Cloudshift

Plugging into Pinecone took 20 minutes. Within a day, L3 readiness across all production indexes. The readiness levels give us a clear path to full chunk-level enforcement.

Elena Rodriguez

Elena Rodriguez

Lead Developer, Synthwave Labs

Five lines of Python and our retrieval pipeline is permission-aware. Classification suggestions saved us two weeks of manual labeling across 12K resources.

James Okonkwo

James Okonkwo

Security Architect, TrustLayer

We evaluated three solutions for AI access governance. Gateco was the only one that didn't try to replace our vector DB. Six months in, zero policy violations across 200K+ monthly queries.

Alex Rivera

Alex Rivera

CTO, DataForge AI

Gateco solved our biggest compliance concern overnight. We went from zero visibility to a full audit trail covering 50K+ monthly retrievals — in under a week.

Sarah Kim

Sarah Kim

Head of Engineering, NovaBridge

The deny-by-default approach caught 340 unauthorized retrieval attempts in the first month that metadata filters missed. No more worrying about data leakage in RAG.

Marcus Chen

Marcus Chen

VP of Security, Cloudshift

Plugging into Pinecone took 20 minutes. Within a day, L3 readiness across all production indexes. The readiness levels give us a clear path to full chunk-level enforcement.

Elena Rodriguez

Elena Rodriguez

Lead Developer, Synthwave Labs

Five lines of Python and our retrieval pipeline is permission-aware. Classification suggestions saved us two weeks of manual labeling across 12K resources.

James Okonkwo

James Okonkwo

Security Architect, TrustLayer

We evaluated three solutions for AI access governance. Gateco was the only one that didn't try to replace our vector DB. Six months in, zero policy violations across 200K+ monthly queries.

Simple, transparent pricing

Start free, scale as your AI retrieval needs grow.

Free

$0

per month

  • 1 connector
  • 100 retrievals/mo
  • RBAC policies
  • Community support
Most popular

Pro

$89

per month

  • 5 connectors
  • 10,000 retrievals/mo
  • ABAC policies + Policy Studio
  • Grounded Answers
  • Priority support

Enterprise

$599

per month

  • Unlimited everything
  • SSO & SCIM
  • SIEM integration
  • Private Data Plane
View full pricing details

Start securing your AI retrieval today

Free tier available. No credit card required. Connect your first vector DB in under 5 minutes.

Start for freeTalk to sales