Features
Everything that makes up Gateco's permission-aware retrieval layer: search modes, answer synthesis, identity provisioning, encryption, and authorization models.
Four search modes. One policy enforcement point.
Vector similarity, BM25 keyword ranking, RRF hybrid fusion, and regex grep, all routed through one deny-by-default policy engine with a unified audit trail.
Learn more →Answers from allowed chunks only. Never from denied ones.
Grounded Answers retrieves policy-filtered chunks, passes them to an LLM, and returns a cited answer. Denied content never enters the model context.
Learn more →Your IdP provisions. Gateco enforces.
SCIM v2 inbound provisioning syncs user and group lifecycle from any SCIM-compliant identity provider into Gateco, so access changes take effect in seconds.
Learn more →Your credentials never leave your KMS context.
Connector credentials and LLM keys are encrypted with AES-256-GCM envelope encryption. Your AWS KMS key wraps each org's data key, enforcing tenant isolation.
Learn more →When in doubt, deny.
Gateco denies retrieval whenever a policy evaluation cannot complete: a timeout, a misconfigured condition, a missing dependency. Every decision is logged.
Learn more →Policies that know who owns what.
ReBAC policies check direct relationships between principals and resources: owner, assignee, project member. One condition, no role explosion. Team and above.
Learn more →Claude Desktop and Cursor, connected to your secured knowledge base.
The Gateco MCP server gives Claude, Cursor, and any MCP host policy-enforced access to your vector databases through six tools. Denied content never surfaces.
Learn more →Test a policy against a real user before it goes live.
Dry-run a principal against your policies, or run a real retrieval and see results split into allowed and denied, with reasons. Validate before production.
Learn more →Every retrieval, logged with the decision and the reason.
Gateco writes an audit record for every retrieval and policy decision: principal, resource, outcome, mode, timestamp. 50+ event types, exportable to JSON.
Learn more →Govern the data you already embedded.
Adding Gateco to a store that already holds data? Retroactive registration finds unmanaged vectors and brings them under policy without re-ingestion.
Learn more →Three ways to give the policy engine the metadata it needs.
Policies decide against resource metadata like classification and sensitivity. Gateco resolves it via a configurable hierarchy: sidecar, inline, or SQL view.
Learn more →Not sure which features you need? Talk to the team or compare plans.