Security and Data Residency

Last updated: January 23, 2026

Publisher: CEOTXT® (Rokter AS)

Contact: post@ceotxt.com

CEOTXT is built for founders and leadership teams who want clarity without chaos. That only works if you can trust how we handle data. This page explains, in plain language, how we protect your information and where it is stored.


This page is informational and not legal advice. Our legal documents are:

Terms of ServicePrivacy PolicyEditorial Policy

1. At a glance
  • EU/EEA data residency (primary): Core CEOTXT application data is hosted in the European Economic Area (EEA).
  • Encryption (app traffic): We use HTTPS/TLS to encrypt traffic between your device and CEOTXT.
  • SMS and email delivery: Standard SMS and email are not end-to-end encrypted. Once messages leave CEOTXT, delivery travels through external networks and systems that CEOTXT does not control.
  • Customer controls: You can disable SMS reports (and other outbound delivery options where available) and rely on more secure access methods when needed.
  • No selling of data: We don’t sell personal data. We use data to provide and improve the Service.

2. How CEOTXT is built (high level)

CEOTXT runs on modern, reputable infrastructure and delivery services (for example: cloud hosting, workflow automation, and message delivery networks). We choose providers to support reliability, security, and compliance needs.

Our infrastructure may evolve over time as we improve the product, add features, or change vendors. When we use third parties to process data on our behalf, we share only what’s needed to run the Service and we put appropriate contractual safeguards in place.

If you’re doing procurement or diligence and need a current subprocessor overview, contact us at post@ceotxt.com.

3. What data CEOTXT stores

CEOTXT typically stores:

  • Account data: name, email address, login identifiers, organization name (if provided)
  • Recipient data (if you add recipients): phone numbers and/or emails you provide for sending summaries
  • Customer Content: business metrics, notes, targets, and reporting rules you enter
  • Operational data: basic logs needed for security, abuse prevention, and troubleshooting (e.g., sign-in events, error logs)

What we do NOT store:

  • Full payment card numbers (payment details are handled by payment providers)
  • Government ID numbers (not required)
  • Sensitive categories of personal data by design (please don’t submit it)

4. Data residency: where your data lives

Core CEOTXT application data
Our primary systems that store core CEOTXT application data are hosted within the EEA.

When data may be processed outside the EEA
Some parts of the Service rely on third-party providers to function globally (for example, payments and communications delivery). Depending on your location, recipients’ locations, and your configuration, limited data may be processed outside the EEA.

When cross-border processing is required, we use appropriate safeguards consistent with applicable law (for example, contractual protections and other lawful transfer mechanisms).

If you’re doing procurement or diligence and need specifics, contact us at post@ceotxt.com.

5. Communications delivery (SMS and email)


CEOTXT can send summaries through delivery channels you enable (such as SMS and email). These channels require transmitting certain information to deliver messages, such as:

  • Recipient identifier (phone number or email address)
  • Message content (your summary text)
  • Delivery metadata (delivery status, timestamps)

Important: SMS and email security limitations

  • SMS is not end-to-end encrypted.
  • Standard email is not end-to-end encrypted.

Even if parts of the delivery path use encryption, once a message leaves CEOTXT it may pass through telecom carriers, delivery partners, mail servers, spam filters, recipient devices, and device backups. CEOTXT cannot control or guarantee the security measures applied by external networks, intermediaries, or recipient systems.

Recommendations
- Do not include highly sensitive information in SMS or email summaries if your organization requires strict confidentiality guarantees.
- Use CEOTXT through the app (over HTTPS/TLS) for more controlled access to reporting and history.

Your options
- You can disable SMS reports (and other outbound delivery options where available) at any time in your settings and use more secure access methods instead.

6. How we protect your data


Security is a moving target. We focus on practical controls that reduce real risk.

Encryption

  • In transit (app traffic): We use HTTPS/TLS to encrypt traffic between your device and CEOTXT.
  • Credentials: Passwords (where applicable) are stored as hashed values, not plaintext.
  • Provider connections: Where supported, we use encrypted connections when transmitting data to service providers.

Access control

  • We apply least-privilege access: only people who need access to operate/support the Service get it.
  • Administrative access is protected with strong authentication and access controls.

Monitoring and logging

  • We monitor systems for reliability and unusual activity.
  • We keep logs needed to investigate incidents and prevent abuse.

Secure development & updates

  • We patch and update dependencies and infrastructure as needed.
  • We review changes before deployment and prioritize fixing security issues.

Data separation

  • Customer Content is logically separated within our systems to prevent accidental cross-access.

7. Backups and disaster recovery


We maintain backups to protect against accidental deletion and system failure.

  • Backups are stored securely and retained for limited periods.
  • Backups are used for recovery, not for day-to-day operations.
  • Deleted data may persist in backups until backups rotate out.

8. Your controls


Depending on your plan and current features, you may be able to:

  • Update account settings and notification preferences
  • Enable/disable SMS reports (and other outbound delivery options where available)
  • Add/remove recipients
  • Export your data (where available)
  • Request account deletion (subject to legal retention requirements)

If you need help with data export, deletion, or access, email post@ceotxt.com.

9. Compliance and documentation for procurement


For organizations that require formal documentation, we can provide:

  • Data Processing Addendum (DPA) (on request)
  • Security questionnaires (reasonable scope)
  • A subprocessor overview (and a detailed list where required / appropriate)

10. Reporting security issues


If you believe you’ve found a security issue, please email post@ceotxt.com with:

  • a clear description
  • steps to reproduce (if applicable)
  • screenshots/logs (if safe to share)

Please do not publicly disclose vulnerabilities before we’ve had a chance to investigate and resolve them.

11. Contact

Rokter AS (CEOTXT)
Solbakken 2, 8516 Narvik, Norway
Email: post@ceotxt.com

FAQAboutArticlesContact
Encrypted · EU-hosted · GDPR‑aligned

© 2025 CEOTXT®. All rights reserved.
Rokter AS | Org.nr: 934 839 005 | Solbakken 2, 8516 Narvik, Norway | +47 481 27 341 | post@ceotxt.com | Security | Terms | Privacy llms.txt