"Permission sync that actually works, finally."
Northvale Capital manages $14B in assets across public equity, credit, and private markets. Their analysts spend hours pulling information from earnings reports, investor decks, and internal research. They built an in-house RAG system that worked fine until the SEC started asking questions about permission controls.
Northvale's engineering team had built a RAG system on Pinecone and GPT-4 that worked well for the first 50 analysts. By the time it reached 200 users, the permission layer was a mess. Different desks had different access to the same underlying data, and the application-layer filtering couldn't keep up.
The incident that forced a rebuild was a near-miss: a junior analyst retrieved a document that should have been restricted to the credit desk. Nothing was leaked externally, but the audit committee demanded an immediate review.
"We had a production system that we couldn't prove was safe. That's not a system, that's a liability."
The compliance team had one requirement: cross-desk data isolation had to be architectural, not a filter that could be bypassed. Embedix uses PostgreSQL row-level security plus tenant-scoped vector collections. Developers literally cannot write a query that returns another desk's data.
This was the decision that closed the deal. It moved permission enforcement from 'a feature we trust' to 'a property of the database.'
The team migrated 800,000 documents from Pinecone to Embedix over six weeks. The document parsing pipeline absorbed messy earnings reports and scanned deal memos without the usual cleanup step. Analysts noticed the retrieval quality went up, not down.
Northvale now runs Embedix across 340 analysts and seven desks, with full audit logs exported daily to their GRC system.