Xoxoday Plum stores all customer data on Amazon Web Services (AWS) infrastructure, with primary data centers in the United States and optional regional hosting in Singapore or the European Union for enterprise clients with data residency requirements.
Data Hosting Infrastructure
Xoxoday Plum runs entirely on Amazon Web Services (AWS), one of the world’s most trusted cloud platforms. Primary customer data — including reward catalogues, incentive records, and payout transaction data — is hosted in AWS data centers located within the United States. This gives organisations a reliable, highly regulated environment backed by AWS’s physical and administrative security controls.High Availability and Disaster Recovery
Xoxoday Plum leverages AWS’s geographically distributed infrastructure to maintain high availability and business continuity. The architecture supports automatic failover and disaster recovery, meaning that reward programs, incentive workflows, and payout operations remain accessible even in the event of a regional disruption. Organisations running always-on recognition programs — for example, continuous peer-to-peer awards triggered through MS Teams — can rely on this resilience without managing it themselves.Compliance Certifications: ISO 27001 and SOC 2 Type II
All hosting infrastructure meets ISO 27001 and SOC 2 Type II compliance standards. These certifications require rigorous, independently audited controls covering physical security, logical access management, and data lifecycle protection. Organisations can request these compliance reports to satisfy internal IT security reviews or vendor due-diligence processes required by their procurement teams.Encryption in Transit and at Rest
Xoxoday Plum applies two layers of encryption to protect customer data. Data in transit is secured with TLS 1.2, covering all communications between users, connected HRIS platforms such as Workday, SAP SuccessFactors, and Darwinbox, and the Xoxoday Plum application layer. Data at rest is protected with AES-256 encryption, the same standard used by financial institutions globally.Regional Hosting for Enterprise Clients
For enterprise organisations with data residency obligations, Xoxoday Plum supports hosting in additional jurisdictions including Singapore and the European Union. This is particularly relevant for organisations subject to GDPR in Europe or data localisation regulations in the Asia-Pacific region. Regional hosting configuration is scoped to your organisation’s specific compliance requirements and is available as part of enterprise onboarding.What This Means for Your Organisation
Regardless of where your workforce is located — whether your teams are based in Europe, Southeast Asia, or North America — Xoxoday Plum applies the same infrastructure controls to all customer data. The combination of AWS-backed redundancy, ISO 27001 certification, SOC 2 Type II attestation, and end-to-end encryption means your organisation’s rewards and incentive data is protected at every layer of the stack. Learn more: [Xoxoday Plum Help Centre — Data](How does Xoxoday Plum encrypt customer data?
Learn how Xoxoday Plum uses TLS 1.2 and AES-256 encryption to secure data in transit and at rest across all integrations and user interactions.
What compliance certifications does Xoxoday Plum hold?
Explore Xoxoday Plum’s ISO 27001 and SOC 2 Type II certifications and what they mean for your organisation’s vendor security requirements.