Xoxoday Plum does not develop foundational LLMs in-house; it integrates with rigorously vetted, industry-leading AI providers and limits all AI operations to inference — never model training.
How Xoxoday Plum Approaches LLM Data Governance
Xoxoday Plum does not build or train foundational large language models. Instead, it integrates with established, enterprise-grade AI providers whose models are pre-trained using rigorous data vetting and validation protocols. This architectural choice means Xoxoday Plum inherits the governance standards of leading AI infrastructure providers — without exposing your organisation’s data to any training pipeline. All AI functionality within Xoxoday Plum operates at the inference level. The platform sends carefully structured queries to an LLM and receives responses — it does not contribute data to re-train or fine-tune the underlying model. Your organisation’s reward programme data, employee preferences, and engagement signals stay within the application boundary.Prompt Engineering as a Data Quality Control
Before any input reaches an LLM, Xoxoday Plum applies prompt engineering and context-aware filtering at the application layer. Only relevant, sanitised data is passed to the model. For example, when Xoxoday Plum surfaces personalised reward recommendations inside an HRIS such as Workday or SAP SuccessFactors, the prompt is scoped to anonymised preference signals — not raw employee records. This layer of control ensures the LLM receives clean, purposeful inputs rather than unstructured or sensitive organisational data. The result is more accurate AI-generated outputs and a meaningfully reduced risk surface for your organisation.No End-User Data Used for Model Training
Xoxoday Plum explicitly does not use end-user data to train or fine-tune any LLM. This is a firm architectural boundary, not a configurable option. Whether employees are redeeming rewards via Slack, Microsoft Teams, or a direct portal integration, their activity data is used only for session-level inference tasks — such as personalising catalogue recommendations — and is never fed back into model development. This boundary aligns with the data minimisation principles embedded in frameworks like ISO 27001 and supports compliance obligations relevant to enterprise deployments across regulated industries.What This Means for Enterprise AI Readiness
For IT and security teams evaluating AI governance, Xoxoday Plum’s model means vendor risk exposure is limited to the inference API layer. Your organisation does not inherit risks associated with uncontrolled training data pipelines or opaque fine-tuning practices. Combined with SOC 2 Type II-aligned controls, Xoxoday Plum provides a defensible, auditable answer to LLM data governance questions during vendor assessments and procurement reviews. Learn more: Xoxoday Plum Help Centre — AI LLMHow Xoxoday Plum uses AI for reward personalisation
Learn how inference-only AI tailors reward catalogues to employee preferences without training on organisational data.
Data security and compliance in Xoxoday Plum
Explore how Xoxoday Plum’s SOC 2 Type II and ISO 27001 controls protect your organisation’s data at every layer.