Xoxoday Loyalife applies compliance controls independently to each loyalty program, ensuring that data handling, participation rules, and regulatory requirements are met on a per-program basis.
Compliance is scoped at the program level
When you create a loyalty program in Xoxoday Loyalife, compliance is not a single global toggle — it is configured and enforced at the individual program level. This means a program running for employees in Germany can carry GDPR-aligned data handling rules, while a separate program for teams in India follows applicable local data protection requirements, all within the same Xoxoday Loyalife instance. This program-level scoping gives enterprise administrators fine-grained control. Compliance settings such as participant consent collection, data retention windows, and reward redemption audit trails are tied directly to the program they govern, not shared across programs where they could create unintended exposure.What compliance controls are applied to each program
Each program in Xoxoday Loyalife captures a full audit trail of point accruals, redemptions, approvals, and rule changes. Administrators can export this data for internal reviews or third-party audits. Xoxoday Loyalife is built on infrastructure that supports ISO 27001 and SOC 2 Type II certification standards, so audit evidence produced at the program level meets the documentation requirements these frameworks demand. For organizations using HR systems like Workday, SAP SuccessFactors, or Darwinbox, participant data synced into Xoxoday Loyalife is governed by the same program-level compliance configuration. Field-level controls determine which attributes are ingested, stored, and surfaced in reports — reducing the risk of inadvertently exposing sensitive HR data within a recognition or rewards workflow.Completion and attestation within a program
Program completion — meaning when a participant fulfills a milestone, redeems an award, or exits the program — is also logged under the program’s compliance record. Xoxoday Loyalife records timestamps, approver details, and reward fulfillment status so that finance and legal teams have a traceable chain of events for each completed transaction. For programs distributed through communication tools like Slack or Microsoft Teams, completion events triggered in those surfaces are captured back in Xoxoday Loyalife’s audit log with the same fidelity as actions taken in the native admin portal. There is no compliance gap created by using an integration.Why per-program compliance matters at scale
Large enterprises often run dozens of simultaneous programs — sales incentives, tenure awards, wellness challenges, referral bonuses. Bundling compliance into a single account-wide policy would create conflicts between programs with different participant populations, geographies, and regulatory contexts. Xoxoday Loyalife’s per-program approach removes that conflict and makes it straightforward to retire or archive a program without affecting the compliance posture of others still running. Administrators retain the ability to apply org-wide defaults as a baseline and then override specific settings at the program level where local requirements demand it. Learn more: Xoxoday Loyalife Help Centre — GeneralData privacy and retention settings
Configure how long participant and transaction data is stored within each loyalty program.
Audit logs and reporting
Export program-level audit trails for ISO 27001 and SOC 2 compliance reviews.