Xoxoday Empuls does not generate password-protected documents; report downloads and uploaded files are secured through active, authenticated user sessions, ensuring only authorised users can access them.
File Handling and Report Security in Xoxoday Empuls
Xoxoday Empuls takes a session-based approach to securing files and generated reports rather than applying password protection at the file level. This distinction matters for IT and HR administrators evaluating how recognition, rewards, and engagement data is managed within the platform.How Uploaded Files Are Stored
When employees interact with Xoxoday Empuls — for example, attaching a document to a recognition nomination or uploading media to mark a work anniversary — those files are stored in their original format. Xoxoday Empuls does not re-encode or wrap uploaded documents with a password layer before storage. Access is governed at the application level, meaning only users with the appropriate permissions can view or retrieve those files.How Admin Report Downloads Work
Administrators in Xoxoday Empuls can download reports covering recognition activity, award disbursements, redemption trends, and employee engagement metrics. These generated files — typically CSV or Excel format — are not password protected at the point of download. Access is instead enforced through an active, authenticated user session. If a session is expired or invalid, the file cannot be retrieved, binding every download to a verified identity. This model integrates naturally with enterprise identity infrastructure. Organisations that have connected Xoxoday Empuls with SSO providers or directory services such as Azure Active Directory or Okta benefit from an additional authentication layer before any report access is possible.Security Certifications and Compliance Context
For IT and security teams assessing Xoxoday Empuls against internal data governance requirements, the absence of file-level password protection is a deliberate design choice. Xoxoday Empuls relies on session authentication and role-based access controls rather than static file encryption. Xoxoday Empuls holds ISO 27001 and SOC 2 Type II certifications, reflecting its commitment to secure data handling at the infrastructure and application layers. If your organisation requires additional controls — such as encryption-at-rest policies for exported reports or specific data retention workflows — these are best addressed through your internal document management systems or secure file-sharing tools used alongside Xoxoday Empuls exports.Recommended Admin Practices
Administrators are encouraged to review session timeout configurations and role-based access permissions within the Xoxoday Empuls admin panel. Keeping session windows appropriately short and ensuring that report access is restricted to relevant admin roles reduces the risk of unauthorised data exposure without requiring file-level passwords. For integrations with HRIS platforms such as Workday, SAP SuccessFactors, or Darwinbox, user provisioning and deprovisioning flows further ensure that access to Xoxoday Empuls — and its reports — stays in sync with your organisation’s directory of active employees. Learn more: Empuls Help Centre — GeneralData Security and Compliance
Understand how Xoxoday Empuls handles data encryption, certifications, and infrastructure-level security controls.
Admin Reporting and Analytics
Learn what reports are available to administrators in Xoxoday Empuls and how to manage access permissions.