Chunk documents without losing permissions
AutoChunk API returns chunks enriched with source URL, department, access level, and ACL metadata — so your retrieval layer always knows what each chunk is allowed to return and to whom.
No credit card required · SOC 2 Type II · REST API
- confidentialQ3-forecast.pdfchunk_014 · finance
- publicpricing.mdchunk_003 · marketing
- internalhandbook.docxchunk_027 · people
- restrictedmsa-acme.pdfchunk_041 · legal
- Pinecone
- Weaviate
- pgvector
- Chroma
The problem
Most chunking tools split text. They don't preserve who can see it.
Secure RAG starts at ingestion. If a chunk doesn't know its access level when it's created, no downstream filter can reliably protect it.
Restricted content leaks into responses
A finance doc surfaces in an HR assistant query. Without ACL metadata at the chunk level, your retrieval layer has no structural way to prevent it.
No audit trail
When an AI returns sensitive data, you can't trace which chunk it came from, which document, or which version of that document.
Role-based access is applied too late
Filtering at retrieval time is only safe if chunks carry the right metadata from ingestion. Bolting it on later leaves gaps.
Capabilities
Everything your RAG pipeline needs at the chunk level — built specifically for teams who can't afford to leak documents through their AI surface area.
Permission-aware chunking
Every chunk is tagged at creation with access_level: public | internal | restricted | confidential. No post-processing required.
Source lineage
Each chunk references its source_id, source_url, and ingestion timestamp. Full traceability from LLM response back to origin document.
Department ownership
Tag chunks with the owning department — finance, legal, HR, ops. Retrieval queries can filter by department without extra metadata joins.
Per-principal ACL support
Define allowed_roles, denied_roles, and user-level overrides. AutoChunk preserves ACL metadata through the embedding pipeline.
Embedding-ready output
Chunks are token-optimized and returned with suggested overlap, token count, and a boolean embedding_ready flag. Drop into OpenAI, Cohere, or any embeddings model.
Simple REST API
One endpoint. JSON in, structured chunks out. API key auth. Works with any vector DB: Pinecone, Weaviate, pgvector, Chroma.
How it works
Permissions flow through every layer of your stack. Every chunk carries the metadata your retrieval and authorization layers need — from ingestion to model output.
- 01
Source documents
PDFs, SOPs, transcripts, web pages, internal wikis
- 02
AutoChunk API
Splits, structures, and annotates every chunk
- 03
Chunk + metadata
source_id, department, access_level, acl{}
- 04
Vector database
Pinecone, Weaviate, pgvector, Chroma
- 05
Retrieval filter
Query scoped to user role + department
- 06
LLM / app
Only sees chunks the user is allowed to retrieve
Authorization decisions stay in your application layer. AutoChunk guarantees the metadata your retrieval filter needs is structurally present on every chunk.
One endpoint. Structured, permissioned chunks out.
A single REST endpoint accepts your document and returns chunks ready to drop into any embedding model and vector database.
POST /api/v1/chunk HTTP/1.1
Host: api.autochunk.ai
x-api-key: ak_live_••••••••••••
Content-Type: application/json
{
"source_id": "doc_hr_policy_2024",
"source_url": "https://internal.co/hr/policy-handbook.pdf",
"department": "hr",
"access_level": "internal",
"acl": {
"allowed_roles": ["hr-team", "manager"],
"denied_roles": ["contractor", "vendor"]
},
"content": "Employee onboarding policy effective January 2024...",
"chunk_size": 512,
"overlap": 64
}{
"source_id": "doc_hr_policy_2024",
"chunk_count": 12,
"total_tokens": 5840,
"chunks": [
{
"chunk_id": "chk_01jb3x7m",
"chunk_index": 0,
"chunk_text": "Employee onboarding policy effective January 2024...",
"token_count": 487,
"source_url": "https://internal.co/hr/policy-handbook.pdf",
"department": "hr",
"access_level": "internal",
"acl": {
"allowed_roles": ["hr-team", "manager"],
"denied_roles": ["contractor", "vendor"]
},
"embedding_ready": true,
"ingested_at": "2024-10-28T14:33:02Z"
}
]
}- OpenAI compatible
- Cohere compatible
- Works with Pinecone
- Works with Weaviate
- pgvector ready
Built for teams where document access actually matters
Finance & Accounting
Chunk financial SOPs, audit reports, and forecasts with restricted access levels. Ensure finance-only documents never appear in responses to non-finance roles.
Legal & Compliance
Ingest contracts, regulatory filings, and legal memos with confidential tagging. Full lineage ensures your legal team can audit every AI-assisted response.
HR & People Ops
Employee handbooks, compensation guides, and PIP documentation stay scoped to HR and management roles. Contractors and vendors are explicitly excluded.
Internal AI assistants
Build company-wide AI assistants that respect org structure. Engineering, product, and sales teams each see only what they're cleared for.
Secure RAG ingestion, at the API level
Start with our API. Add permissions, lineage, and department ownership to every chunk in minutes.
SOC 2 Type II · REST API · No vendor lock-in · Starts free