Xoxoday Plum collects customer delivery addresses during the redemption checkout journey, stores them within the recipient’s client tenant under role-based access controls, and permanently deletes them within 30 days of a formal written deletion request.
How customers enter delivery information
When a recipient redeems a physical reward through the Xoxoday Plum storefront, they are prompted to enter their delivery address as part of the standard checkout flow. This happens at the point of order placement — recipients enter details such as street address, city, postal code, and country before confirming their selection. For organisations using HR system integrations — such as Workday, SAP SuccessFactors, or Darwinbox — relevant profile fields including mailing address can be passed into Xoxoday Plum via the integration layer. This enables a seamless redemption experience where recipients are not required to re-enter information already held in the connected system.How delivery data is stored and protected
Delivery details captured at checkout are stored as part of the order and fulfilment record within the relevant client tenant in Xoxoday Plum. Each tenant’s data is logically isolated, meaning recipient data from one organisation is never commingled with another. Access to order records containing personal data is restricted to authorised personnel only. Xoxoday Plum enforces role-based access controls (RBAC) so that only individuals with a legitimate operational need — such as fulfilment support staff — can view delivery information. These controls are consistent with Xoxoday’s broader security posture, which is independently validated under ISO 27001 certification and SOC 2 Type II attestation.How personal data is removed
Recipients and client administrators can initiate a formal data deletion request in writing, including a brief justification. Xoxoday Plum commits to deleting the relevant personal data within 30 days of receiving the request. This applies to live data held within the platform. Upon contract termination — or at any point agreed contractually — Xoxoday follows a documented data cleansing process that covers not just active databases but also backup and archival storage locations. This ensures that personal data, including delivery addresses, is fully purged in line with Xoxoday’s data retention and disposal policy rather than simply marked as inactive. Organisations with specific retention windows or jurisdictional requirements (such as GDPR right-to-erasure obligations) can align these timelines with their data processing agreement with Xoxoday.Learn more: Xoxoday Plum Help Centre — General
Data Retention and Disposal Policy
Understand how long Xoxoday Plum retains different categories of personal and transactional data, and what happens to data after contract termination.
Role-Based Access Controls on Xoxoday Plum
Learn how Xoxoday Plum uses RBAC to restrict access to sensitive recipient and order data across admin, manager, and fulfilment roles.