Nobarra publishes on your behalf, so we hold ourselves to a simple standard: minimal access, strong encryption, instant revocation, and zero sharing. Here is exactly how it works.
To publish on your behalf, you connect your own X, Telegram, and Discord accounts per project. Nobarra uses that access for exactly one thing: scheduling and publishing the content you approved, as you, at the time you chose. Nothing is ever posted without a campaign or post you created and approved, and you can always skip auto-posting entirely - copy any asset and publish it yourself.
We ask for the narrowest access each platform allows for posting: a bot token you create for your Telegram channel, a webhook or bot for your Discord server, and API access for your X account. Nobarra does not request permission to read your private messages, manage your followers, or change your account settings.
Credentials are encrypted with AES-256-GCM before they are stored, and decrypted only server-side at the moment a scheduled post is published. They are never stored in plaintext, never sent to the browser, and never included in logs or analytics. All traffic between your browser, Nobarra, and the platforms runs over TLS.
Where a platform supports OAuth-based authorization, Nobarra uses it so you grant scoped access without sharing long-lived secrets. Where a platform's publishing API requires credentials instead, those credentials are encrypted as described above and used only on your behalf.
Every connection can be disconnected in one click from your project's Connections page, which deletes the stored credential immediately. You can also revoke access from the platform side at any time - regenerate the token or revoke the app, and Nobarra's access ends instantly. Deleting a project deletes its connections with it.
Your credentials, audience data, and campaign content are yours. Nobarra does not sell, rent, or share them with third parties, and no other Nobarra user or project can access them. Access is scoped per project and per account.
Application data lives in a managed Postgres database with row-level access control, so each workspace only ever sees its own data. Payments are processed by our payment providers - Nobarra never stores your card details. We keep the data we hold to what the product needs to work, and you can request deletion of your account and its data at any time via [email protected].
Questions about security, or something to report? Write to [email protected] and we'll respond quickly.