CEOTXT®
Privacy Policy

Last Updated: December 25, 2025

This Privacy Policy explains how Rokter AS (“Rokter,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal data (also called personal information in some jurisdictions) when you use CEOTXT (the “Service”).

The Service includes our websites (marketing pages, landing pages, waitlist/application pages, content pages) and our web/mobile application.

If you do not agree with this Privacy Policy, please do not use the Service.

1) Who We Are and How to Contact Us

Controller: Rokter AS
Solbakken 2, 8516 Narvik, Norway

Contact (privacy requests): post@ceotxt.com

We may ask you for information to verify your identity before we act on a request.

2) Scope

This Privacy Policy applies to personal data we collect through the Service. It does not apply to third-party websites or services that may be linked from our Service or that you choose to connect to the Service. Those third parties have their own privacy practices.

3) Our Role: Controller vs. Processor

CEOTXT is used by individuals and organizations.

  • When we act as Controller: We act as a controller for personal data we process for our own purposes, such as operating the Service, billing, account management, security, marketing (where permitted), and running our websites and support.
  • When we act as Processor: If you use CEOTXT on behalf of an organization, that organization may be the controller of the data you submit (“Customer Content”), and we may process Customer Content on its behalf as a processor.

If you need a Data Processing Addendum (DPA), contact us.

4) Personal Data We Collect

We collect personal data from (A) you, (B) your use of the Service, and (C) third parties.


A) Information you provide

Account & contact information

  • Name, email address
  • Phone number (if SMS features are enabled)
  • Company/organization name and role/title (optional)
  • Authentication credentials (passwords are stored as hashed values where applicable)

Customer Content

  • Business metrics, targets, notes, and other content you enter into the Service
  • Service configuration and preferences (timing, reminders, reporting rules)

Information about others you provide

  • If you add recipients (for example, colleagues, board members, or investors), you may provide their contact details (such as phone numbers or email addresses) and may generate messages that include business information.

Billing information

  • Subscription plan, invoices/receipts, payment status
  • Limited billing identifiers needed to administer subscriptions
    (We do not store full payment card numbers. Payment details are processed by payment providers.)

Communications

  • Messages you send us (support, feedback, surveys) and related metadata

Marketing sign‑ups

  • Waitlist/application form details and newsletter sign‑ups
B) Information we collect automatically

Device and usage data

  • IP address, device type, operating system, browser type/language
  • Log data about actions taken in the Service, pages/screens viewed, timestamps, and referring URLs
  • Diagnostic data (crash logs, error reports, performance data)

Cookies and similar technologies

  • We use cookies and similar technologies as described in Section 9.

Approximate location

  • General location inferred from IP address (city/country), primarily for security, analytics, and localization.
C) Information from third parties

We may receive personal data from:

  • Payment providers (payment confirmation, subscription events, limited billing details)
  • Communication delivery providers (delivery status and messaging metadata; content and phone numbers are processed to deliver messages)
  • Analytics and marketing platforms (aggregated performance metrics, campaign measurements)
  • Referrals/invitations (if a user invites you)

We do not buy personal data from data brokers.

5) Sensitive Data

The Service is not intended to process sensitive personal data (such as health data, biometric identifiers, political opinions, religious beliefs, or children’s data). Please do not submit sensitive personal data into CEOTXT.

If you choose to include sensitive data in Customer Content, you are responsible for ensuring you have a lawful basis to do so.

6) How We Use Personal Data

We use personal data to:

Provide and operate the Service

  • Create and manage accounts
  • Deliver Service features (including summaries, reminders, and notifications you configure)
  • Store, display, and process Customer Content

Communicate with you

  • Service communications (verification, security notices, billing notices, changes to the Service)
  • Support and customer service communications

Improve, secure, and maintain the Service

  • Monitor performance and reliability
  • Debug and fix issues
  • Prevent fraud and misuse
  • Develop and improve features (including testing and measurement)

Billing and administration

  • Manage subscriptions, invoices, receipts, and account status

Marketing (where permitted)

  • Send updates and content about CEOTXT if you opt in, where required by law, or where permitted under a “soft opt‑in” for existing customers (with an opt‑out)

Legal and business purposes

  • Comply with legal obligations
  • Enforce agreements
  • Support corporate transactions (financing, acquisition, sale of assets) under confidentiality protections

We do not use personal data for automated decision‑making that produces legal or similarly significant effects.

7) Legal Bases (EEA/UK/Switzerland)

If you are in the EEA/UK/Switzerland, we rely on:

  • Contract: to provide the Service and fulfill our obligations to you.
  • Legitimate interests: to operate, secure, improve, and market the Service (where permitted), provided your rights do not override our interests.
  • Consent: for certain marketing communications and non‑essential cookies where required.
  • Legal obligation: to meet accounting, tax, and other legal requirements.

You can contact us to ask about the legal basis for specific processing.

8) When Providing Personal Data Is Required

Certain personal data is required to provide the Service:

  • Account creation and access requires basic identifiers (e.g., email).
  • SMS features require a phone number for intended recipients.
  • Paid subscriptions require billing details sufficient to process payments.

If you do not provide required information, we may not be able to provide the Service (or specific features) to you.

9) Cookies and Similar Technologies

We use cookies and similar technologies for:

  • Strictly necessary cookies (security, authentication, session management)
  • Preference cookies (remember settings)
  • Analytics cookies (understand usage and improve the Service)
  • Marketing measurement cookies (measure campaigns and communications)

Where required by law, we obtain consent for non‑essential cookies via a cookie banner or preference tool. You can also control cookies through your browser settings. Blocking essential cookies may prevent the Service from functioning correctly.

Do Not Track (DNT): There is no uniform standard; we rely on consent tools and applicable legal requirements.
Global Privacy Control (GPC) / Opt‑out signals: Where required, we honor recognized opt‑out preference signals for applicable processing.

10) How We Share Personal Data

We do not sell personal data.

We share personal data only as necessary:

A) Service providers (processors)

We use vetted service providers to operate the Service (e.g., hosting/infrastructure, storage, communication delivery, payment processing, analytics, customer support, security monitoring). They are contractually required to:

  • process personal data only on our instructions,
  • protect it,
  • and not use it for their own independent purposes.
B) Your organization and authorized users

If you use the Service for an organization, administrators may have access to certain account and Service information consistent with your organization’s settings.

C) Recipients you add

If you add recipients, we process their contact details to deliver the messages you configure.

D) Legal and safety

We may disclose information where we believe disclosure is required by law or necessary to protect rights, safety, or prevent fraud/abuse.

E) Business transfers

Personal data may be transferred in connection with a merger, financing, acquisition, reorganization, bankruptcy, or sale of assets. We will provide notice where required.

F) With your consent or at your direction

If you request an export or integration, we share information as you instruct.

G) Aggregated or de‑identified data

We may share aggregated or de‑identified information that cannot reasonably identify you.

Subprocessor information: You may contact us to request information about categories of subprocessors we use. For some customers, we may provide a subprocessor list under NDA.

11) Messaging to Recipients You Add

If you add recipients (for example, team members, board members, investors), you are responsible for ensuring you have the right and authority to provide their contact details and to send them messages through the Service, including providing any required notices and obtaining any required consent under applicable law.

Recipients may opt out of non-essential messages where available (for example, by following opt‑out instructions in the message or contacting us).

12) Data Hosting and International Transfers

We operate the Service primarily from Norway and generally store most Service data within the European Economic Area (EEA). However, we and our service providers may process personal data in other countries as needed to provide and secure the Service (for example, for communications delivery, billing, support, and analytics).

Where cross-border transfer rules apply, we use appropriate safeguards such as:

  • adequacy decisions (where available),
  • standard contractual clauses or equivalent contractual protections,
  • and other lawful mechanisms.

You may contact us to request additional information about our transfer safeguards.

13) Data Retention

We retain personal data only as long as necessary for the purposes described in this Privacy Policy, including:

  • Account data and Customer Content: retained while your account is active; deleted or anonymized after deletion requests, subject to technical constraints and backup cycles.
  • Billing and transaction records: retained as required by applicable accounting and tax laws.
  • Security and operational logs: retained for limited periods necessary to secure and operate the Service.
  • Marketing data: retained until you unsubscribe, with suppression records retained to honor opt‑outs.

Backups may retain copies of data for a limited period until they are rotated out.

14) Security

We use appropriate technical and organizational safeguards designed to protect personal data, including:

  • encryption in transit (HTTPS/TLS),
  • access controls and least‑privilege permissions,
  • logging and monitoring,
  • vulnerability management,
  • secure development practices,
  • and contractual safeguards with processors.

No system is 100% secure. If you believe your account has been compromised, contact us immediately.

15) Your Rights and Choices

Depending on your location, you may have rights to:

  • access, correct, or delete personal data,
  • obtain a copy of your data (portability),
  • object to certain processing (including direct marketing),
  • restrict processing,
  • withdraw consent (where processing is based on consent),
  • opt out of certain processing such as targeted advertising or certain profiling (where applicable),
  • and appeal a denied request (where required by law).

How to exercise your rights

Email post@ceotxt.com with your request. We will verify your identity and respond within the timeframes required by applicable law.

If you use CEOTXT through an organization, some requests may need to be handled through your organization (as controller of Customer Content).

Complaints (EEA/UK/Switzerland)

You may lodge a complaint with your local supervisory authority. If you are in Norway, you can also contact the Norwegian Data Protection Authority (Datatilsynet).

16) U.S. State Privacy Disclosures (including California)

This section provides additional disclosures for U.S. residents where required.

Categories of personal information we may collect

In the past 12 months, we may have collected:

  • Identifiers (name, email, phone number, IP address, account identifiers)
  • Commercial information (subscription status, invoices/receipts)
  • Internet or network activity (usage logs, device and browser data)
  • Approximate location (derived from IP address)
  • Professional or employment-related information (role/title, organization name, if provided)
  • Customer Content you submit (metrics, notes, and other text you enter)
Categories of sources
  • Directly from you
  • Automatically from your device/browser
  • From third parties such as payment and communication delivery providers (for service operation)
Purposes
  • Provide and secure the Service
  • Process payments and manage subscriptions
  • Customer support and communications
  • Analytics, improvement, and feature development
  • Fraud prevention and compliance
Categories of third parties to whom we disclose
  • Service providers (processors) supporting Service delivery and security
  • Your organization (if applicable) and authorized users
  • Recipients you add (for message delivery)
  • Legal authorities or parties in a business transfer, when applicable
Sale / sharing / targeted advertising

We do not sell personal information. If any processing is considered “sharing” for cross-context behavioral advertising under applicable law, you can use our cookie preference tools (and recognized opt-out signals where required) to opt out of applicable processing.

Authorized agents and appeals

Where applicable, you may use an authorized agent to submit requests, and you may appeal a denied request by contacting us and including “Privacy Appeal” in the subject line.

17) Children’s Privacy

The Service is intended for adults in a professional context and is not directed to children. We do not knowingly collect personal data from children under 13. If you believe a child has provided personal data to us, contact us and we will take appropriate steps.

18) Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version with a new “Last Updated” date. If changes are material, we will provide additional notice where required.

19) Contact Us

Email: post@ceotxt.com
Mail: Rokter AS (CEOTXT) – Privacy Team, Solbakken 2, 8516 Narvik, Norway

AboutArticlesContact
Encrypted · EU-hosted · GDPR‑aligned

© 2025 CEOTXT®. All rights reserved.
Rokter AS | Org.nr: 934 839 005 | Solbakken 2, 8516 Narvik, Norway | +47 481 27 341 | post@ceotxt.com | Security | Terms | Privacy llms.txt