Privacy Policy

Effective date: 27 August 2025 · Last updated: 28 April 2026

1. Introduction

Welcome to Pocket CEO, an AI automation agency specialising in business automation, API integrations, and communications technology. We operate worldwide and are fully compliant with USA A2P 10DLC regulations, the European Union's GDPR, and data privacy laws in Hong Kong, the UK, Australia, New Zealand, and Singapore. This Privacy Policy outlines how we protect your data and comply with regulatory requirements for both SMS and email communications.

2. Information We Collect

We collect personal information you provide voluntarily, such as your name, email, phone number (including for SMS communications), payment details, and interaction data via website forms, email sign-ups, SMS opt-ins, and other channels. We also collect technical data such as cookies and IP addresses to enhance your experience.

3. How We Use Your Information

Your data is used primarily to:

• Deliver our automation and communication services
• Provide marketing and transactional communications via SMS and email
• Process orders and payments securely
• Comply with legal and regulatory obligations
• Improve our website, products, and services through analysis

4. A2P 10DLC Compliance for SMS Messaging

As required by U.S. mobile carriers and The Campaign Registry (TCR), we adhere strictly to A2P 10DLC regulations by:

• Brand and Campaign Registration. Pocket CEO is registered with TCR using accurate business information, including our legal company name, tax ID, and verifiable address. Specific messaging campaigns are registered detailing the type of messages sent (e.g., customer engagement, notifications, promotions).
• Explicit Opt-In. We obtain your clear, documented consent before sending any SMS messages. This initial opt-in ensures you knowingly agree to receive messages from us.
• Message Content Compliance. Every SMS message includes our brand name and clear instructions on how to get help (HELP keyword) or opt out (STOP or UNSUBSCRIBE). For example: "Pocket CEO: Your appointment reminder. Reply HELP for help or STOP to unsubscribe."
• No Sharing or Selling Numbers. We never sell, rent, or share your phone number with third parties or affiliates for marketing or promotional purposes. Customer mobile data is only used per your consent within our business operations.
• Opt-Out Handling. If you reply with STOP or UNSUBSCRIBE to any SMS, we immediately cease all messaging to your number, respecting your choice without delay. Standard carrier messaging rates may apply unless prepaid plans are in place.
• Message Transparency. Opt-in and privacy policy disclosures are clearly linked on all sign-up points and within messaging where feasible.
• No Public URL Shorteners. All URLs in messages use branded or full URLs to protect user security and satisfy carrier anti-fraud policies.
• Message Frequency. Message frequency may vary depending on the campaign you opt into. Estimates are disclosed at sign-up. Message and data rates may apply.
• Carrier Liability Disclaimer. Carriers are not liable for delayed or undelivered messages.
• Re-Subscription. If you wish to re-subscribe after opting out, sign up again as you did the first time.

Mobile data, third-party sharing statement. No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Information sharing with subcontractors in support services, such as customer service, is permitted. All other use case categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

5. Email Communication Compliance

In compliance with anti-spam and privacy laws (CAN-SPAM, GDPR, etc.), we:

• Obtain explicit consent before sending marketing emails.
• Include clear unsubscribe options in every email to allow opt-out.
• Provide accurate sender identification and contact information.
• Do not share or sell email addresses without explicit permission.

6. Legal Basis for Data Processing

Where applicable (e.g., GDPR), we process your data based on your explicit consent, contractual necessity, compliance with legal obligations, or our legitimate interests aligned with your expectations. For data subjects in the EEA, UK, and Switzerland, data-processor responsibilities are governed by an Auftragsverarbeitungsvertrag (Article 28 GDPR DPA), available on request to vr@gopocketceo.com.

7. Data Security and Retention

We employ industry-standard security measures such as encryption in transit and at rest, role-based access controls, audit logging, and least-privilege principles to protect your information from unauthorised use. Personal data is retained only as long as necessary for the purposes outlined here or to meet legal requirements.

8. Your Rights

Depending on where you live, you may have the right to access, correct, delete, object to, restrict, or request the portability of your personal data. You may also withdraw your consent at any time, without affecting the lawfulness of processing already carried out. Contact us at vr@gopocketceo.com to exercise these rights.

9. Hong Kong PDPO, Personal Information Collection Statement

For Hong Kong data subjects, this section serves as our Personal Information Collection Statement under Data Protection Principle 1 of the Personal Data (Privacy) Ordinance (Cap. 486):

• Purpose of collection. To deliver the services described in Section 3 above.
• Classes of recipients. Pocket CEO staff; trusted third-party processors listed in our sub-processor schedule (e.g., Anthropic, OpenAI, GoHighLevel, Twilio/Bandwidth carriers, Stripe, Vercel); regulators where legally compelled.
• Whether supply is voluntary or obligatory. Voluntary, but withholding required information may prevent us from providing services.
• Right of access and correction. Sections 18 and 22 of the Ordinance entitle you to request access to and correction of your personal data held by us. Submit requests to vr@gopocketceo.com.
• Direct-marketing consent. Where Part 6A of the Ordinance applies, we obtain separate explicit consent before using your personal data for direct marketing.

10. International Data Transfers

We may transfer your personal data internationally, ensuring legal safeguards such as Standard Contractual Clauses or adequacy decisions under GDPR, the UK Data Protection Act, and relevant Asia-Pacific data privacy laws.

11. Cookies and Tracking

Our website uses cookies and similar technologies to improve usability and analytics, implementing consent banners where legally required. You can disable non-essential cookies via your browser settings.

12. Third-Party Disclosure

We share necessary data only with trusted service providers who assist us in operations (e.g., messaging platforms, payment processors, AI model providers). These providers are obligated to comply with applicable data privacy laws and do not use your data for independent marketing.

13. Insurance Industry Notice

Pocket CEO is not licensed under the Hong Kong Insurance Ordinance (Cap. 41) and is not authorised by the Hong Kong Insurance Authority to carry on any regulated activity. We provide software, automation, and marketing-technology services only. We do not negotiate, arrange, or advise on contracts of insurance, nor do we invite or induce any person to enter into a contract of insurance. All regulated activities remain the sole responsibility of the licensed insurance intermediary using our tools.

14. Changes to this Privacy Policy

We will update this Privacy Policy as needed to reflect legal changes or improved practices, notifying users via website updates. Material changes will be highlighted at the top of this page for at least 30 days.

15. Contact

For questions or to exercise your privacy rights, contact:

• Email: vr@gopocketceo.com
• Address: Pocket CEO, 2/F, Tower 1, Tern Centre, 237 Queen's Road Central, Sheung Wan, Hong Kong

See also: Terms & Conditions · Impressum (Germany)