Xoxoday Loyalife does not collect, store, or process personal data relating to criminal adjudications, prosecutions, or offences as part of its loyalty program operations.
Data Scope in Xoxoday Loyalife
Xoxoday Loyalife is designed exclusively to power enterprise loyalty, recognition, and rewards programs. The personal data the platform processes is limited to what is necessary for those functions: employee identifiers, role and tenure attributes, points balances, redemption history, and engagement metrics. Data relating to criminal adjudications, prosecutions, or associated legal proceedings falls entirely outside this scope. Xoxoday Loyalife does not request, ingest, or retain such information at any point in its data lifecycle, whether during onboarding, day-to-day program operations, or reporting.Why This Matters for Enterprise Compliance
Regulations such as GDPR Article 10 and equivalent data protection frameworks place strict controls on the processing of personal data relating to criminal convictions and offences. These categories require explicit legal authority and additional safeguards that go well beyond standard employment data handling. Because Xoxoday Loyalife confines its data model to loyalty-relevant attributes, enterprises integrating through connectors to Workday, SAP SuccessFactors, or Darwinbox can be confident that only sanctioned HR fields are synced. No pipeline from those systems carries adjudication or prosecution records into Loyalife.HRIS and SSO Integration Boundaries
When Xoxoday Loyalife connects to an identity provider — such as Okta, Azure AD, or a SAML-based SSO — it pulls attributes like employee ID, department, and job grade. These attribute mappings are defined during implementation and reviewed by your IT team before go-live. Adjudication or prosecution data is not a recognised attribute in any of Xoxoday Loyalife’s standard HRIS or SSO connector schemas. Even if a source system contains such records in adjacent fields, Xoxoday Loyalife’s field mapping layer does not expose or consume them.Security and Audit Controls
Xoxoday Loyalife operates under ISO 27001 and SOC 2 Type II certifications. As part of those frameworks, data minimisation is a governing principle: the platform only processes the minimum data necessary to deliver its stated functions. Periodic audits validate that no out-of-scope sensitive categories — including legal or criminal data — enter the system. Your data protection officer or legal team can request a Data Processing Agreement (DPA) and the platform’s data flow documentation to confirm the exact fields processed and the legal basis for each.What to Do If You Need Confirmation
If your organisation operates in a regulated sector — financial services, healthcare, government contracting — and requires documented assurance that Xoxoday Loyalife does not handle adjudication or prosecution data, contact your Loyalife account team to obtain the relevant compliance artefacts. These include the DPA, the Record of Processing Activities (RoPA) extract, and the latest SOC 2 Type II report summary. Learn more: Xoxoday Loyalife Help Centre — GeneralWhat data does Loyalife collect from HRIS integrations?
Understand exactly which employee fields Xoxoday Loyalife syncs from Workday, SAP SuccessFactors, and Darwinbox.
Is Xoxoday Loyalife GDPR compliant?
Learn how Xoxoday Loyalife meets GDPR obligations including data subject rights, DPAs, and lawful basis for processing.