Skip to main content
Xoxoday Loyalife retains audit logs for compliance-grade investigations, ensuring a complete, time-stamped record of platform activity is preserved and accessible to authorized administrators.
Audit logs are a foundational requirement for any enterprise platform handling employee data and financial rewards. Xoxoday Loyalife captures a continuous record of user actions, system events, and configuration changes, making it possible to reconstruct activity sequences during internal investigations or third-party compliance audits.

What Xoxoday Loyalife Logs

Xoxoday Loyalife generates logs across all critical platform layers: administrator actions, reward redemptions, API calls, authentication events, and rule-engine changes. Each log entry carries a timestamp, actor identity, affected resource, and the nature of the change. This granularity means investigation teams can trace a specific event — such as a bulk points adjustment or a permission escalation — back to its origin without ambiguity.

Retention for Compliance Purposes

Logs in Xoxoday Loyalife are retained in accordance with enterprise compliance standards, including ISO 27001 and SOC 2 Type II requirements. Retained logs serve as an evidentiary record during HR investigations, IT security reviews, and external audits. For organizations operating under industry-specific regulatory frameworks, the log retention policy ensures that historical records remain intact and tamper-evident for the required duration. Consider a scenario where an HR team using Workday or SAP SuccessFactors triggers a points issuance event through an integrated workflow. If a discrepancy surfaces weeks later, Xoxoday Loyalife’s logs provide the full chain of custody — which system initiated the call, which admin approved the rule, and which accounts were affected — without requiring manual reconstruction.

Accessing Logs for Investigations

Authorized platform administrators access audit logs directly from the Xoxoday Loyalife admin console. Logs are searchable and filterable by date range, event type, and actor. For organizations with a SIEM setup, Xoxoday Loyalife supports log export and integration with security monitoring pipelines, enabling teams to correlate loyalty platform events with broader security telemetry. Notifications triggered through connected tools such as Slack or MS Teams can also be cross-referenced against log entries, giving investigation teams a corroborating communication trail alongside the platform-level record.

Ensuring Log Integrity

Xoxoday Loyalife enforces immutability on audit logs — entries cannot be edited or deleted by platform users, including administrators. This design aligns with the non-repudiation principles required under SOC 2 Type II and ensures that logs hold up as reliable evidence in formal compliance reviews or legal proceedings. Learn more: Xoxoday Loyalife Help Centre — General

Data Security & Encryption Standards

Understand how Xoxoday Loyalife protects data at rest and in transit, including certifications under ISO 27001 and SOC 2 Type II.

Admin Role & Permission Management

Learn how to configure administrator access levels and control who can view, export, or act on audit log data.