What cloud security controls does Xoxoday Loyalife use?

​

Cloud Security Architecture

Xoxoday Loyalife is hosted on a secure, enterprise-grade cloud infrastructure that protects loyalty programme data at the network, application, and data layers. Security controls are designed to defend against both external threats and internal misuse, so your organisation’s reward and recognition data remains protected at all times.

​

Web Application Firewall (WAF)

Xoxoday Loyalife deploys a Web Application Firewall that inspects and filters all incoming HTTP and HTTPS traffic in real time. The WAF blocks common attack vectors — including SQL injection, cross-site scripting (XSS), and OWASP Top 10 vulnerabilities — before they reach application servers. This protection layer is particularly relevant for organisations that integrate Xoxoday Loyalife with HR systems such as Workday, SAP SuccessFactors, or Darwinbox, where sensitive employee identity and engagement data flows through API connections.

​

DDoS Mitigation and Network Protection

Xoxoday Loyalife uses volumetric and protocol-level DDoS mitigation to maintain platform availability during attack events. Traffic anomalies are detected automatically and suspicious requests are rate-limited or blocked without disrupting legitimate users. This ensures loyalty programmes remain fully operational even during high-volume reward campaigns or company-wide recognition events.

​

Encryption in Transit and at Rest

All data transmitted to and from Xoxoday Loyalife is secured using TLS 1.2 or higher. Data stored on the platform — including employee profiles, reward histories, and redemption records — is encrypted at rest using AES-256. These standards apply consistently across all environments, including integrations with communication tools such as Slack and Microsoft Teams.

​

Compliance-Aligned Controls

Xoxoday Loyalife’s cloud security controls are aligned with ISO 27001 and SOC 2 Type II frameworks. Security measures are not only deployed but independently audited, documented, and reviewed on a continuous basis. Your organisation’s IT and compliance teams can request relevant security documentation to support internal risk assessments or third-party vendor due diligence reviews.

​

Access Controls and Monitoring

Xoxoday Loyalife enforces role-based access controls (RBAC) across its cloud environment, ensuring only authorised personnel and services can access specific data and system components. Infrastructure access is fully logged, monitored, and subject to automated alerting. Privileged access follows least-privilege principles, reducing exposure in the event of a credential compromise or insider threat scenario. Learn more: Xoxoday Loyalife Help Centre — Security