Empuls: Third-party Vendor Privacy and Security Requirements - Xoxoday

Empuls operates within ISO 27001 and SOC 2 Type II certified hosting environments, supports FOIP-aligned data privacy controls, and provides SAML 2.0 SSO with automated identity provisioning for institutional and enterprise deployments.

Empuls is built for organizations where third-party vendor assessments are mandatory before procurement. Whether the requirement comes from an internal IT governance team, a legal privacy office, or a regulatory framework like FOIP, Empuls provides the certifications, technical controls, and documentation needed to clear those reviews without back-and-forth. Certified, Cloud-Native Infrastructure Empuls is delivered as a fully managed, multi-tenant SaaS solution — no on-premise installation required. The hosting infrastructure operates within environments certified to ISO 27001 and SOC 2 Type II standards. Independent third-party vulnerability scans and penetration tests run on a regular cadence, and full reports are available for review by institutional IT security teams. This makes Empuls straightforward to assess against standard vendor security questionnaires and reduces the burden on internal procurement staff. Privacy Practices and Data Ownership Empuls maintains comprehensive privacy policies aligned with institutional data ownership requirements. Deploying organizations retain ownership of all employee data — Xoxoday Empuls does not retain, resell, or use that data for secondary purposes. Privacy documentation is available for review by privacy and information management offices at any stage of the vendor assessment process. For organizations already running HR operations on Workday or SAP SuccessFactors, Empuls integrates at the employee attribute level. Only the fields needed for the recognition program are synced; no shadow data stores are created outside the connected HR system. SSO, Identity Federation, and Provisioning Empuls supports Single Sign-On via SAML 2.0, OAuth 2.0, and OpenID Connect, enabling secure identity federation with existing institutional identity providers such as Microsoft Azure AD or Okta. Employees access Empuls through their existing credentials — no separate password management is required, and access governance stays within the institution’s control. For identity provisioning, Empuls offers three paths that cover most enterprise identity management architectures: auto-account creation via SAML attributes at first login, REST API integration with IDM systems, and automated SFTP-based directory uploads on a scheduled basis. Organizations can choose whichever method fits their existing workflows without custom development. Domain Control, SSL, and Operational Responsibility Empuls supports deployment under an organization’s own domain. The deploying institution retains ownership of DNS entries and SSL certificates issued by its preferred Certificate Authority — external-facing branding and certificate governance remain entirely within institutional IT’s remit. Xoxoday Empuls manages all application upgrades, security patches, and infrastructure maintenance under a 99.9% uptime SLA. All operational costs — maintenance, updates, and traffic — are covered under the subscription with no surge pricing. Where self-hosted components are needed, Empuls is compatible with AWS-based IaaS and Kubernetes environments. Employees can receive recognition notifications through Slack or Microsoft Teams without exposing underlying HR records to those platforms. Learn more: Empuls Help Centre — General

SSO and SAML 2.0 Integration

Configure Single Sign-On for Empuls using SAML 2.0, OAuth 2.0, or OpenID Connect with your existing identity provider.

Data Privacy and GDPR Compliance

Understand how Empuls handles employee data, data residency options, and compliance with GDPR and regional privacy frameworks.