How does Loyalife handle secure deletion of customer data? - Xoxoday

Xoxoday Loyalife performs secure, compliance-aligned deletion of customer data upon account termination or verified deletion requests, leaving no recoverable residual records across its systems.

When an enterprise offboards from Xoxoday Loyalife or submits a formal data deletion request, the platform initiates a structured data purge process. This covers all personally identifiable information (PII) tied to program participants, reward histories, and account configurations stored within the Loyalife environment. Secure deletion in Xoxoday Loyalife is not a single-step action — it cascades across live databases, backup stores, and cached layers within a defined retention window. This ensures data is not simply marked as inactive but is cryptographically overwritten or permanently removed from storage, depending on the medium. What data is covered Customer data subject to secure deletion includes participant profiles, points balances, redemption histories, behavioral event logs, and any custom attributes ingested through HRIS integrations such as Workday, SAP SuccessFactors, or Darwinbox. Notification data pushed through connected channels like Slack or MS Teams is also included in the deletion scope where technically feasible under those platforms’ own data retention policies. Xoxoday Loyalife’s approach to data lifecycle management aligns with the requirements of ISO 27001 and SOC 2 Type II frameworks, both of which mandate documented procedures for data disposal. Enterprises operating under GDPR, CCPA, or similar regional regulations can rely on Xoxoday Loyalife’s deletion workflows to satisfy the “right to erasure” obligations imposed on data controllers. How the process is triggered Deletion can be initiated through two primary paths: a contract-end offboarding flow managed by the Xoxoday Loyalife customer success team, or a formal written deletion request submitted by the enterprise’s designated data protection officer. Once verified, Xoxoday Loyalife acknowledges the request and provides a confirmation of deletion upon completion, which enterprises can retain for audit purposes. For organisations running loyalty programs across multiple geographies, Xoxoday Loyalife ensures that deletion is executed consistently across all regional data residency zones where participant data may have been stored. Retention periods before deletion Xoxoday Loyalife maintains a standard post-termination retention window for operational and legal compliance purposes before final deletion is executed. The specific window is documented in the Data Processing Agreement (DPA) provided to enterprise customers at onboarding. This window accounts for scenarios such as billing disputes or regulatory holds that may require temporary data preservation. After the retention window closes, no customer data persists within Xoxoday Loyalife’s infrastructure in any recoverable form. Learn more: Xoxoday Loyalife Help Centre — General

Data Residency and Storage Locations

Understand where Xoxoday Loyalife stores participant data and how regional data residency options work for enterprise deployments.

GDPR and Data Subject Rights

Learn how Xoxoday Loyalife supports GDPR compliance, including handling right-to-access and right-to-erasure requests from program participants.