Xoxoday Loyalife reserves the right to update its compliance terms and will communicate material policy changes to account administrators in advance of those changes taking effect.
Why the Platform Retains This Right
Enterprise loyalty programs handle sensitive employee data, reward transactions, and third-party integrations across multiple jurisdictions. Regulatory frameworks such as GDPR, ISO 27001, and SOC 2 Type II are not static — they receive periodic updates that require corresponding changes in how Xoxoday Loyalife processes and stores data. Retaining the right to update compliance terms ensures Xoxoday Loyalife can act swiftly when a new regulatory mandate or security standard takes effect. This also protects customers. When a new version of SOC 2 Type II controls is published or a regional data residency law changes, Xoxoday Loyalife updates its internal policies and, where relevant, the terms that govern customer data processing. Customers benefit from a platform that proactively absorbs compliance changes rather than placing that burden entirely on their internal teams.How Xoxoday Loyalife Handles Notifications
When a material change is made to compliance terms, Xoxoday Loyalife will notify the designated account administrator before the change takes effect. Notifications are delivered through the admin dashboard and, where applicable, via email to the registered administrator address. For integrations with HR systems such as Workday, SAP SuccessFactors, or Darwinbox, Xoxoday Loyalife will document any changes that affect data flows between systems so that IT and compliance teams can review and update their own records accordingly. Non-material changes — such as clarifications to existing language or updates that reduce obligations on the customer — may be published without advance notice, though they will always be reflected in the current version of the policy documents available in the admin portal.What This Means for Enterprise Customers
Organizations using Xoxoday Loyalife for employee recognition, channel incentives, or long-term loyalty programs should designate a compliance owner within their team who monitors policy update notifications. This individual should have access to the Xoxoday Loyalife admin console and be enrolled to receive platform communications. For organizations operating in highly regulated industries or those running Xoxoday Loyalife alongside collaboration tools such as Slack or Microsoft Teams, it is good practice to include policy update reviews as part of your standard quarterly compliance calendar. Xoxoday Loyalife’s compliance documentation is versioned, making it straightforward to identify exactly what changed between policy iterations. Continued use of Xoxoday Loyalife after a notified policy update takes effect constitutes acceptance of the revised terms. Learn more: Xoxoday Loyalife Help Centre — GeneralData Privacy and GDPR Compliance
Understand how Xoxoday Loyalife handles personal data, consent, and cross-border data transfers under GDPR and equivalent frameworks.
Security Certifications and Standards
Learn which security certifications Xoxoday Loyalife holds, including ISO 27001 and SOC 2 Type II, and what they mean for your organization.