Most tools put their safety story in the terms of service. We put ours in database constraints and code paths that cannot be configured away.
These are architectural properties of the product. No plan, setting, or admin permission changes them.
Publishing requires an explicit approval recorded on that specific post, and the publish code re-verifies it at send time. There is no auto-post mode โ not hidden, not enterprise-only. It does not exist.
Only you can approve or publish to your personal accounts. The database schema cannot express a role that grants someone else that power โ the table linking roles to accounts simply has no path to personal identities.
Company pages use role-based approval (Drafter / Approver / Page-admin). Every approval, publish, role change, and account connection writes an audit record.
Official OAuth APIs only. No cookie-based authentication, no browser automation, no feed scraping, disclosed bot identity on Reddit. If a platform doesn't sanction an action, Avatorial hands it to you instead of doing it behind your back.
You connect LinkedIn and Reddit through the platforms' own consent screens. Avatorial never sees or asks for a platform password, and never reuses your browser session.
Platform tokens are stored in Google Secret Manager, referenced โ never stored โ by our database. Disconnecting an account destroys the secret.
Revoke Avatorial's access from LinkedIn or Reddit settings and it's over โ publishing stops immediately; approval checks fail closed.
All infrastructure runs on Google Cloud in the EU (Belgium, europe-west1): application, database, media storage, AI processing via Vertex AI in-region.
Your writing history is used only to build your own voice profile. It is never used to train shared or third-party models, and never shown to other customers.
Nextarp B.V. (Rotterdam, NL) is the processor; you remain controller of your content. Export and deletion on request; DPA available on Business and Enterprise plans. Sub-processors: Google Cloud (hosting, AI), Stripe (payments), Microsoft Entra ID (sign-in).
Every query is automatically scoped to your organisation at the data-access layer โ isolation is injected by the platform, not remembered by each developer.
Authentication via Microsoft Entra ID (OpenID Connect). No passwords stored. Roles live in the application and are never derived from directory groups.
Per-IP rate limiting, cross-origin request rejection, signature-verified payment webhooks, encrypted transport everywhere, structured audit logging.
Security questions or disclosures: info@nextarp.com
Read the invariants, then test them on your own account โ free for 14 days.
Start free trial โ