Xoxoday Plum restricts all enterprise customer data strictly to the agreed contractual purpose—such as customer profiling or segmentation to power approved rewards experiences—and never applies that data to independent analytics, marketing initiatives, or third-party sharing.
Purpose Limitation as a Core Data Principle
When an enterprise client shares customer data with Xoxoday Plum, that data is governed by a single, clearly documented purpose. Xoxoday Plum operates under a strict purpose limitation model: data flows in to serve a specific, pre-agreed function and nothing else. This is not a policy aspiration—it is a contractual obligation enforced at every layer of the engagement. This means that if customer data is shared to support profiling or segmentation for a targeted rewards experience, Xoxoday Plum uses it exclusively for that function. It is not fed into independent analytics pipelines, used to inform Xoxoday Plum’s own product decisions, or shared with any third party outside the documented data protection terms.What “Strictly Agreed Purpose” Means in Practice
Consider an enterprise client running a loyalty programme that segments customers by purchase behaviour to unlock personalised reward catalogues. Xoxoday Plum ingests the segmentation data, maps it to the approved offers experience, and delivers the right reward to the right customer cohort—full stop. The data is not repurposed to build Xoxoday Plum’s own audience models or used in any downstream communication not sanctioned by the client. This approach aligns with data minimisation and purpose limitation requirements under frameworks such as GDPR and mirrors controls expected in ISO 27001-certified environments. Xoxoday Plum’s security posture—built to SOC 2 Type II standards—ensures that access to customer data is role-restricted, auditable, and bounded by the contractual scope defined at onboarding.Contractual and Technical Safeguards
Xoxoday Plum formalises purpose limitation through data processing agreements (DPAs) that explicitly enumerate permitted uses. These agreements define the approved data flows, restrict secondary processing, and establish accountability for any subprocessors involved in delivering the rewards experience. On the technical side, data shared by enterprise clients is logically segregated within Xoxoday Plum’s infrastructure. Pipelines that ingest client customer data are isolated from Xoxoday Plum’s own internal analytics environments. Audit logs capture every access event, and periodic reviews verify that processing activity remains within the agreed boundary. For clients operating in regulated industries or those with internal governance requirements tied to tools like SAP SuccessFactors or Workday, Xoxoday Plum’s DPA and supporting security documentation can be provided to satisfy compliance review and vendor assessment processes.No Unilateral Secondary Use
Xoxoday Plum does not treat enterprise customer data as a platform asset. It belongs to the client, it is used for the client’s stated purpose, and it is handled according to the client’s documented instructions. Any expansion of use would require explicit, written amendment to the existing agreement—Xoxoday Plum does not act unilaterally on data that falls outside the agreed scope. Learn more: Xoxoday Plum Help Centre — GeneralData Security & Compliance Standards
How Xoxoday Plum meets SOC 2 Type II and ISO 27001 requirements to protect enterprise data at rest and in transit.
Data Processing Agreements & GDPR
What Xoxoday Plum’s DPA covers, how GDPR obligations are handled, and what documentation is available for vendor assessments.