Xoxoday Plum shares stored customer profile attributes—including tier/segment tokens, location preferences, and offer interaction history—in raw format with your organisation via secure APIs and data feeds, in full compliance with applicable data protection and data-minimisation requirements.
Customer Profile Data Sharing in Raw Format
Xoxoday Plum stores only the minimum customer profile attributes required for offer eligibility and operational purposes. These typically include tier or segment tokens, location preferences, and offer interaction history—nothing beyond what is necessary to deliver accurate, personalised rewards and incentives. When your organisation requires direct access to this data, Xoxoday Plum provides it in raw, untransformed format through secure, authenticated APIs or structured data feeds. The transfer uses industry-standard protocols—REST or SFTP-based—ensuring data is encrypted in transit and governed by strict access controls aligned with ISO 27001 and SOC 2 Type II frameworks. Data minimisation by design Xoxoday Plum applies data-minimisation principles at every layer of the platform. Only attributes that are operationally essential are retained on the Xoxoday Plum side. When raw data is shared outbound, the dataset is already scoped to what your organisation has defined as necessary, reducing exposure and simplifying compliance review. For example, when a rewards programme is integrated with an HR system such as SAP SuccessFactors or Darwinbox, employee tier or segment information flows into Xoxoday Plum solely to determine eligibility for specific reward catalogues. That same tier token—along with any recorded offer preferences—can be exported back to your organisation in raw format for analytics, auditing, or downstream personalisation workflows. Secure API and data feed delivery Xoxoday Plum delivers raw profile data via secure API endpoints that require authenticated access tokens and enforce role-based permissions. Data feeds can be scheduled or triggered on demand, depending on your organisation’s integration architecture. All outbound transfers comply with the data protection standards specified by your organisation, including any applicable regional privacy regulations. Audit logs of every data export are maintained within Xoxoday Plum’s admin console, giving your compliance and IT teams full visibility into what data was shared, when, and through which channel. This makes it straightforward to satisfy internal audits or regulatory enquiries without manual data retrieval. Keeping your data governance complete Because Xoxoday Plum limits retained profile attributes to operational essentials and exposes them only through controlled, auditable channels, your organisation retains full governance over how member data is used downstream. The raw-format export capability ensures no transformation or enrichment occurs on the Xoxoday Plum side before the data reaches your systems—what is stored is exactly what is delivered. Learn more: [Xoxoday Plum Help Centre — General](Data Security & Compliance on Xoxoday Plum
Understand how Xoxoday Plum handles data encryption, access controls, and compliance certifications including ISO 27001 and SOC 2 Type II.
API Integration & Data Feeds
Learn how Xoxoday Plum connects with enterprise systems via REST APIs, SFTP feeds, and pre-built integrations with SAP SuccessFactors, Darwinbox, and more.