๐Ÿ”’ Official APIs only. Your session is never automated, your feed never scraped.
โ— Trust & security

Constraints, not promises.

Most tools put their safety story in the terms of service. We put ours in database constraints and code paths that cannot be configured away.

The four invariants

These are architectural properties of the product. No plan, setting, or admin permission changes them.

1 ยท Human sign-off

Publishing requires an explicit approval recorded on that specific post, and the publish code re-verifies it at send time. There is no auto-post mode โ€” not hidden, not enterprise-only. It does not exist.

2 ยท Personal sovereignty

Only you can approve or publish to your personal accounts. The database schema cannot express a role that grants someone else that power โ€” the table linking roles to accounts simply has no path to personal identities.

3 ยท Delegation with audit

Company pages use role-based approval (Drafter / Approver / Page-admin). Every approval, publish, role change, and account connection writes an audit record.

4 ยท No platform tricks

Official OAuth APIs only. No cookie-based authentication, no browser automation, no feed scraping, disclosed bot identity on Reddit. If a platform doesn't sanction an action, Avatorial hands it to you instead of doing it behind your back.

Your accounts

OAuth, not passwords

You connect LinkedIn and Reddit through the platforms' own consent screens. Avatorial never sees or asks for a platform password, and never reuses your browser session.

Tokens in a vault

Platform tokens are stored in Google Secret Manager, referenced โ€” never stored โ€” by our database. Disconnecting an account destroys the secret.

Revocable any time

Revoke Avatorial's access from LinkedIn or Reddit settings and it's over โ€” publishing stops immediately; approval checks fail closed.

Your data

EU-hosted

All infrastructure runs on Google Cloud in the EU (Belgium, europe-west1): application, database, media storage, AI processing via Vertex AI in-region.

Your corpus is yours

Your writing history is used only to build your own voice profile. It is never used to train shared or third-party models, and never shown to other customers.

GDPR posture

Nextarp B.V. (Rotterdam, NL) is the processor; you remain controller of your content. Export and deletion on request; DPA available on Business and Enterprise plans. Sub-processors: Google Cloud (hosting, AI), Stripe (payments), Microsoft Entra ID (sign-in).

Application security

Tenant isolation

Every query is automatically scoped to your organisation at the data-access layer โ€” isolation is injected by the platform, not remembered by each developer.

Enterprise sign-in

Authentication via Microsoft Entra ID (OpenID Connect). No passwords stored. Roles live in the application and are never derived from directory groups.

Hardened surface

Per-IP rate limiting, cross-origin request rejection, signature-verified payment webhooks, encrypted transport everywhere, structured audit logging.

Security questions or disclosures: info@nextarp.com

Trust is the product

Read the invariants, then test them on your own account โ€” free for 14 days.

Start free trial โ†’