Security & Data Residency

Last updated: January 23, 2026

‍Publisher: CEOTXT® (Rokter AS)

‍Contact: security@ceotxt.com

‍

‍

CEOTXT is designed for companies that require operational clarity and disciplined execution. That requires secure and reliable data handling.

This page outlines how data is stored, transmitted, and protected within CEOTXT.

For legal terms, see:

Terms of Service · Privacy Policy
‍

‍

‍

1. At a Glance

• Primary data residency: European Economic Area (EEA)
• Encrypted application traffic (HTTPS/TLS)
• Passwords stored as hashed values
• Customer data is never sold
• SMS delivery optional
• DPA available on request

‍

‍

2. Data Residency

‍

Core CEOTXT application data is hosted within the EEA.

Certain service components (e.g., payment processing and message delivery) may involve international data transfer depending on configuration and recipient location.

Where cross-border processing occurs, appropriate legal safeguards are applied in accordance with applicable regulations.

For subprocessor documentation or procurement review, contact security@ceotxt.com.

‍

‍

‍

3. Data We Store

‍

CEOTXT stores only what is required to operate the service.

Typical data includes:

• Account information (name, email, organization name)
• Reporting recipients (email and/or phone number provided by you)
• Customer Content (business metrics, targets, reporting rules)
• Operational logs (security and system integrity monitoring)

CEOTXT does not store:

• Full payment card details (handled by payment providers)
• Government ID numbers
• Special category personal data

Customers are responsible for not submitting sensitive personal data not required for the Service.

‍

‍

‍

4. Communications Delivery (SMS & Email)

‍

CEOTXT can deliver weekly reports via SMS or email if enabled.

Important:

• SMS is not end-to-end encrypted.
• Standard email is not end-to-end encrypted.

Message delivery may involve telecom carriers, email servers, and recipient systems outside CEOTXT’s direct control.

If stricter security controls are required:

• SMS can be disabled
• Reports remain accessible inside the secure web application

‍

‍

‍

5. Security Controls

CEOTXT applies standard modern security practices including:

Encryption

• HTTPS/TLS for application traffic
• Hashed credential storage
• Encrypted provider connections where supported

Access Control

• Least-privilege internal access
• Strong authentication for administrative access

Monitoring

• System monitoring for reliability and anomalous behavior
• Logging for incident response and abuse prevention

Development

• Dependency updates and security patching
• Controlled deployment practices

Customer data is logically separated to prevent cross-account access.

‍

‍

‍

6. Backups & Recovery

Backups are maintained for business continuity.

• Stored securely
• Retained for limited periods
• Used for recovery purposes only

Deleted data may remain in backups until retention cycles complete.

‍

‍

‍

7. Customer Controls

Customers can:

• Manage notification preferences
• Enable or disable SMS delivery
• Add or remove recipients
• Export data (where available)
• Request account deletion (subject to legal retention requirements)

For data requests, contact security@ceotxt.com.

‍

‍

‍

8. Compliance & Procurement

For enterprise or procurement requirements, CEOTXT can provide:

• Data Processing Addendum (DPA)
• Security questionnaire responses
• Subprocessor overview

Requests can be directed to security@ceotxt.com.

‍

‍

‍

9. Reporting Security Issues

Security concerns should be reported to security@ceotxt.com with:

• Description
• Reproduction steps (if applicable)
• Supporting materials

Please allow responsible disclosure prior to public reporting.

‍

‍

‍

10. Company Information

‍

Rokter AS (CEOTXT)

Solbakken 2

8516 Narvik

Norway