Privacy Policy | CEOTXT KPI Ownership Platform

Last Updated: March 11, 2026

‍

This Privacy Policy explains how Rokter AS (“Rokter,” “we,” “us,” or “our”) handles personal data in connection with CEOTXT (the “Service”).

CEOTXT includes our website, web application, SMS and email delivery, and related support, billing, and account services.

We use personal data to run CEOTXT, deliver the reports and notifications you configure, process payments, support customers, keep the Service secure, and improve it.

We do not sell personal data.

If you use CEOTXT through a company or if a company adds you as a recipient, that company is usually responsible for the data it puts into CEOTXT, and we usually process that data on its behalf.

For privacy questions or requests, contact post@ceotxt.com.

‍

1. Who We Are

Rokter AS

Org. no. 934 839 005

Solbakken 2

8516 Narvik

Norway

Privacy requests: post@ceotxt.com

Support: support@ceotxt.com

Security: security@ceotxt.com

Phone: +47 481 27 341

We may ask for information to verify your identity before we act on a privacy request.

‍

2. How This Policy Applies

This Privacy Policy applies when we process personal data in connection with CEOTXT, including when you:

visit our website,
create an account,
install or use the Service,
purchase a subscription,
contact us for support, billing, security, or commercial reasons,
sign up to receive product updates or other communications from us, or
receive CEOTXT messages because a customer added you as a recipient.

This Privacy Policy does not apply to third-party websites, services, or tools that you access through links or integrations. Those third parties have their own terms and privacy policies.

‍

3. Our Role: When We Are Controller and When We Process for a Customer

When Rokter is the controller

We act as a controller for personal data we use for our own purposes, including:

operating our website,
creating and managing accounts,
billing and subscription administration,
customer support,
service security and abuse prevention,
communicating with customers and prospects,
improving the Service, and
meeting legal and regulatory obligations.

When a CEOTXT customer is the controller

If you use CEOTXT on behalf of a company, or if a CEOTXT customer adds other people to receive summaries, alerts, or reports, that customer is usually the controller of the personal data entered into the Service, and Rokter usually acts as a processor on that customer’s behalf.

That typically includes personal data contained in:

KPI ownership and reporting,
notes, comments, and status updates,
recipient contact details,
message content,
scheduling and notification settings, and
other Customer Content submitted to the Service.

If you are using CEOTXT through an organization, or were added as a recipient by one, requests about that data may need to be handled by that organization first.

If you need a Data Processing Addendum (DPA), contact us at post@ceotxt.com.

‍

4. Personal Data We Collect

We collect personal data from you directly, from your use of the Service, and from certain third parties.

A. Data you provide directly

Account and contact data, such as:

name,
work email address,
phone number,
company or organization name,
role or title,
login or authentication data.

Billing and subscription data, such as:

billing contact details,
subscription plan,
invoices and receipts,
payment status,
limited billing identifiers needed to manage subscriptions.

We do not store full payment card details ourselves. Payments are handled by payment providers.

Service data and Customer Content, such as:

KPI names, ownership, values, targets, and status,
notes, comments, explanations, and operational updates,
recipients you add,
message timing and reporting rules,
settings, preferences, and configuration choices.

Communications, such as:

support requests,
feedback,
survey responses,
sales or partnership inquiries,
other messages you send us.

Marketing preferences, such as whether you want to receive newsletters, product updates, or similar communications from us.

B. Data we collect automatically

Usage and log data, such as:

IP address,
timestamps,
pages or screens viewed,
actions taken in the Service,
referring URLs,
browser and app activity,
diagnostic and performance information.

Device and technical data, such as:

device type,
operating system,
browser type,
language settings,
approximate location inferred from IP address.

Cookies and similar technologies, as described in Section 8.

C. Data we receive from third parties

We may receive personal data from:

payment providers,
communications delivery providers,
authentication providers,
analytics providers,
referral or invitation flows,
service providers that help us operate, secure, and support CEOTXT.

We do not buy personal data from data brokers.

‍

5. Sensitive Data

CEOTXT is not designed for special category or highly sensitive personal data, such as health data, biometric data, religious beliefs, political opinions, or children’s data.

Please do not upload sensitive personal data into the Service unless you have a clear legal basis to do so and have determined that CEOTXT is appropriate for that use.

‍

6. How We Use Personal Data

We use personal data to:

provide, operate, and support the Service,
create and manage accounts and organizations,
deliver summaries, reminders, reports, alerts, and other messages you configure,
authenticate users and secure accounts,
process subscriptions, billing, invoices, and receipts,
respond to support, security, sales, and partnership inquiries,
monitor reliability, troubleshoot issues, and prevent abuse or fraud,
analyze usage and improve the Service,
communicate service-related notices, including security and billing notices,
send product updates or marketing communications where permitted by law,
comply with legal obligations,
enforce our agreements, and
support financing, acquisition, reorganization, or other business transactions subject to appropriate safeguards.

We may also create and use aggregated or de-identified information that does not reasonably identify an individual in order to operate, analyze, secure, benchmark, and improve the Service.

‍

7. Legal Bases for Processing

If the GDPR or similar laws apply, we rely on one or more of the following legal bases:

Contract: where processing is needed to provide the Service, manage your subscription, or respond to your requests before entering into a contract.
Legitimate interests: where needed to operate, secure, support, improve, and market the Service in a proportionate way.
Consent: where required, for example for certain marketing communications and non-essential cookies or similar technologies.
Legal obligation: where we need to comply with accounting, tax, security, or other legal requirements.

Where a CEOTXT customer uses the Service as controller, that customer is responsible for choosing the legal basis for the personal data it submits to the Service.

‍

8. Cookies and Similar Technologies

We use cookies and similar technologies for purposes such as:

security,
authentication and session management,
remembering preferences,
measuring performance and usage,
understanding how our website and Service are used,
improving our marketing and communications.

Where required by law, we ask for consent before using non-essential cookies or similar technologies.

You can change or withdraw your choices through our cookie settings tool, where available, or through your browser settings. Please note that blocking strictly necessary cookies may affect how the website or Service functions.

‍

9. If You Add Recipients or Someone Adds You

CEOTXT allows customers to add other people to receive summaries, alerts, or reports, such as colleagues, board members, investors, advisors, or other stakeholders.

If you add recipients

If you add recipients to CEOTXT, you are responsible for making sure you have the right to provide their contact details and to send them messages through the Service, including where applicable any required notices, permissions, or legal basis.

We process recipient contact details, delivery information, and relevant message content in order to send the communications you configure.

If you were added by a CEOTXT customer

If you receive a message from CEOTXT because someone added you as a recipient, we may process your name, email address, phone number, company, role, delivery status, and the message content needed to deliver that communication.

In that situation, the organization that added you is usually the controller of that personal data, and Rokter usually processes it on that organization’s behalf.

If you want to exercise rights related to why you were added, the content of a message, or ongoing communications, you should usually contact the organization that added you first. You may also contact us and we will direct your request where appropriate.

Where opt-out options are available for non-essential messages, you may use those options.

‍

10. How We Share Personal Data

We do not sell personal data.

We share personal data only where needed to operate the Service or where required by law, including with:

service providers and processors that help us with hosting, infrastructure, communications delivery, billing, analytics, authentication, support, and security,
your organization and its authorized users or administrators, where relevant to the account or Service configuration,
recipients you or your organization add, where necessary to send summaries, alerts, or reports,
professional advisers, such as lawyers, auditors, and accountants, subject to confidentiality obligations,
authorities or other third parties, where required by law or where necessary to protect rights, safety, security, or the Service,
parties to a corporate transaction, such as a merger, acquisition, financing, reorganization, or asset sale, subject to appropriate confidentiality and data protection safeguards,
other parties at your direction or with your consent, for example if you request an export or integration.

We may also share aggregated or de-identified information that does not reasonably identify any person.

Customers may request our current subprocessor information by contacting post@ceotxt.com.

‍

11. International Transfers

We generally host most Service data within the EEA.

Some of our service providers may process personal data outside the EEA, UK, or Switzerland. Where that happens, we use appropriate legal safeguards, such as:

adequacy decisions,
Standard Contractual Clauses, or
other lawful transfer mechanisms and supplementary measures where required.

You can contact us if you want more information about the safeguards we use for relevant transfers.

‍

12. Data Retention

We retain personal data only for as long as needed for the purposes described in this Privacy Policy, including to provide the Service, meet legal obligations, resolve disputes, enforce agreements, and maintain security.

Examples include:

account and Service data: usually for as long as the account remains active and for a limited period after closure or deletion, including to allow export, support legitimate business records, handle disputes, and rotate backups;
billing and transaction records: for as long as required by applicable accounting and tax laws;
security, audit, and operational logs: for limited periods appropriate to security, troubleshooting, and abuse prevention;
marketing data: until you unsubscribe, withdraw consent where relevant, or we no longer need it for the relevant purpose. We may keep limited suppression records to make sure we respect your opt-out.

Where we no longer need personal data, we delete it, anonymize it, or securely isolate it, subject to backup cycles and legal retention requirements.

‍

13. Security

We use appropriate technical and organizational measures designed to protect personal data, taking into account the nature of the data and the risks involved.

These measures may include:

encryption in transit,
access controls,
least-privilege permissions,
logging and monitoring,
backup and recovery measures,
vendor review and contractual safeguards,
security and incident-response processes.

No system is completely secure. If you believe your account or data has been compromised, contact security@ceotxt.com immediately.

‍

14. Your Rights and Choices

Depending on where you live and the role we have for the relevant data, you may have rights to:

access your personal data,
correct inaccurate data,
delete personal data,
restrict processing,
object to certain processing,
receive a copy of certain data in a portable format,
withdraw consent where processing is based on consent,
opt out of marketing communications,
complain to a supervisory authority.

You can exercise privacy rights by contacting post@ceotxt.com.

We may ask for information to verify your identity before we act on a request.

If we process personal data on behalf of a CEOTXT customer, we may need to direct your request to that customer or ask them to handle it first.

If you are in Norway, you can also complain to Datatilsynet. If you are elsewhere, you can complain to your local data protection authority where applicable.

‍

15. Third-Party Services and Links

The Service may contain links to third-party websites or may allow you to connect third-party services.

Those third parties operate under their own terms and privacy policies. We are not responsible for their privacy practices.

‍

16. Children’s Privacy

CEOTXT is intended for adults in a professional or business context and is not directed to children.

We do not knowingly collect personal data from children in connection with the Service. If you believe a child has provided personal data to us, contact us and we will take appropriate steps.

‍

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

If we make material changes, we will post the updated version, update the “Last Updated” date, and may provide additional notice through the Service or by email where appropriate.

‍

18. Contact Us