Xoxoday Loyalife includes defined contractual provisions — covering financial penalties and exit rights — that are triggered in the event of a major security incident, giving your organisation clear recourse and protection.
Security Accountability Built Into the Contract
Xoxoday Loyalife treats security not just as a technical commitment but as a contractual one. Enterprise agreements include explicit provisions that govern what happens if a major security incident occurs — so your organisation is never left without defined remedies or a clear path forward. These provisions typically cover two distinct areas: financial penalties tied to breach severity and resolution timelines, and exit rights that allow your organisation to terminate the engagement without standard notice penalties if a qualifying incident takes place.What Constitutes a Major Security Incident
A major security incident is defined in the agreement and generally includes events such as confirmed unauthorised access to sensitive data, a breach affecting the integrity of the rewards or loyalty programme data, or a failure to notify your organisation within the contractually agreed disclosure window. Xoxoday Loyalife maintains ISO 27001 and SOC 2 Type II certifications, which establish the baseline security controls and response procedures that underpin these contractual commitments. An incident that constitutes a violation of these frameworks typically activates the relevant contractual clause automatically.How Penalties Are Structured
Penalties are typically calibrated against the severity of the incident and the response timeline. If Xoxoday Loyalife fails to contain, notify, or remediate within the agreed SLA windows — for example, if a P1 incident is not acknowledged within the defined critical-response window — financial credits or penalties apply to the next billing cycle. For organisations running Loyalife integrated with HRMS platforms such as Workday, SAP SuccessFactors, or Darwinbox, the scope of a qualifying incident may extend to data exchanged across those integrations, and the associated penalties reflect that broader data surface.Exit Rights on a Security Incident
If a major security incident occurs and remediation is deemed insufficient, your organisation holds the right to exit the contract without incurring standard early-termination fees. This exit right is time-bounded — it must typically be exercised within a defined window after the incident is confirmed and the remediation assessment is complete. This clause ensures that Xoxoday Loyalife has strong incentive to prevent incidents and respond decisively when they occur, rather than managing incidents passively post-disclosure.Before You Sign: What to Review
Enterprise procurement and IT security teams should request the specific incident-response SLA table and the corresponding penalty schedule during contract review. These are standard components of Xoxoday Loyalife enterprise agreements and are available for review prior to signature. Legal and security stakeholders at your organisation should validate that the definitions of “major security incident” and “qualifying exit event” align with your internal risk and compliance thresholds. Learn more: Xoxoday Loyalife Help Centre — SecuritySecurity Certifications & Compliance
Details on Xoxoday Loyalife’s ISO 27001 and SOC 2 Type II certifications and what they mean for your organisation.
Incident Response Process
How Xoxoday Loyalife detects, classifies, and responds to security incidents, including disclosure timelines and escalation paths.
Data Encryption Standards
Encryption at rest and in transit across Xoxoday Loyalife, including standards applied to HRMS integration data flows.
Data Residency & Sovereignty
How Xoxoday Loyalife handles data residency requirements for enterprise deployments across different geographies.