Xoxoday Loyalife maintains active ISO 27001 and SOC 2 Type II compliance, giving HR and IT teams independently verified assurance that loyalty program data is handled to the highest enterprise security standards.
Compliance Certifications
Xoxoday Loyalife is certified under ISO 27001, the internationally recognised standard for information security management systems. It also holds SOC 2 Type II attestation, which validates that security controls operate effectively over a sustained audit period — not just at a single point in time. These certifications are renewed on a regular cadence and are available to enterprise customers upon request under NDA.What This Means for Your Organisation
When your HR team connects Xoxoday Loyalife to core systems such as Workday, SAP SuccessFactors, or Darwinbox, employee data flows through encrypted channels governed by the same security policies that underpin these certifications. Data in transit is protected with TLS 1.2 or higher; data at rest uses AES-256 encryption. Role-based access controls ensure that only authorised administrators can view or export participant records. For organisations operating under GDPR, PDPA, or similar data protection frameworks, Xoxoday Loyalife supports data residency configuration so that personal data remains within the geography your compliance team requires.Ongoing Security Posture
Compliance status is not static. Xoxoday Loyalife undergoes continuous vulnerability scanning, annual third-party penetration testing, and internal access reviews. Audit logs capture every administrative action within the platform — including points adjustments, redemption overrides, and configuration changes — giving your InfoSec team a complete trail for internal audits or regulatory review. For enterprises deploying Xoxoday Loyalife alongside collaboration tools such as Slack or Microsoft Teams for loyalty notifications, the same security framework governs those integration touchpoints. OAuth 2.0-based authorisation is used for all third-party connections, ensuring that credentials are never stored directly within Xoxoday Loyalife.Requesting Compliance Documentation
Enterprise customers can request the current ISO 27001 certificate, SOC 2 Type II report, and a completed security questionnaire through their dedicated Customer Success Manager. These documents are provided under mutual NDA and are typically delivered within two business days to support internal vendor risk assessment processes. Learn more: Xoxoday Loyalife Help Centre — GeneralData Security and Encryption
Understand how Xoxoday Loyalife protects data at rest and in transit across all loyalty program operations.
GDPR and Data Privacy Controls
Learn how Xoxoday Loyalife supports GDPR, PDPA, and regional data residency requirements.