Security & Data Residency
Security and data residency for CEOTXT’s KPI ownership system: encryption, access controls, EU hosting, retention policies, and DPA availability.
Last updated: January 23, 2026
Publisher: CEOTXT® (Rokter AS)
Contact: security@ceotxt.com
CEOTXT is designed for companies that require operational clarity and disciplined execution. That requires secure and reliable data handling.
This page outlines how data is stored, transmitted, and protected within CEOTXT.
For legal terms, see:
Terms of Service · Privacy Policy
- Primary data residency: European Economic Area (EEA)
- Encrypted application traffic (HTTPS/TLS)
- Passwords stored as hashed values
- Customer data is never sold
- SMS delivery optional
- DPA available on request
Core CEOTXT application data is hosted within the EEA.
Certain service components (e.g., payment processing and message delivery) may involve international data transfer depending on configuration and recipient location.
Where cross-border processing occurs, appropriate legal safeguards are applied in accordance with applicable regulations.
For subprocessor documentation or procurement review, contact security@ceotxt.com.
CEOTXT stores only what is required to operate the service.
Typical data includes:
- Account information (name, email, organization name)
- Reporting recipients (email and/or phone number provided by you)
- Customer Content (business metrics, targets, reporting rules)
- Operational logs (security and system integrity monitoring)
CEOTXT does not store:
- Full payment card details (handled by payment providers)
- Government ID numbers
- Special category personal data
Customers are responsible for not submitting sensitive personal data not required for the Service.
CEOTXT can deliver weekly reports via SMS or email if enabled.
Important:
- SMS is not end-to-end encrypted.
- Standard email is not end-to-end encrypted.
Message delivery may involve telecom carriers, email servers, and recipient systems outside CEOTXT’s direct control.
If stricter security controls are required:
- SMS can be disabled
- Reports remain accessible inside the secure web application
CEOTXT applies standard modern security practices including:
Encryption
- HTTPS/TLS for application traffic
- Hashed credential storage
- Encrypted provider connections where supported
Access Control
- Least-privilege internal access
- Strong authentication for administrative access
Monitoring
- System monitoring for reliability and anomalous behavior
- Logging for incident response and abuse prevention
Development
- Dependency updates and security patching
- Controlled deployment practices
Customer data is logically separated to prevent cross-account access.
Backups are maintained for business continuity.
- Stored securely
- Retained for limited periods
- Used for recovery purposes only
Deleted data may remain in backups until retention cycles complete.
Customers can:
- Manage notification preferences
- Enable or disable SMS delivery
- Add or remove recipients
- Export data (where available)
- Request account deletion (subject to legal retention requirements)
For data requests, contact security@ceotxt.com.
For enterprise or procurement requirements, CEOTXT can provide:
- Data Processing Addendum (DPA)
- Security questionnaire responses
- Subprocessor overview
Requests can be directed to security@ceotxt.com.
Security concerns should be reported to security@ceotxt.com with:
- Description
- Reproduction steps (if applicable)
- Supporting materials
Please allow responsible disclosure prior to public reporting.
Rokter AS (CEOTXT)
Solbakken 2
8516 Narvik
Norway