Skip to main content
Xoxoday Plum does not provide access to source code — for standard or customized components — as all products are delivered as fully managed, proprietary SaaS platforms.
Xoxoday Plum operates exclusively as a Software-as-a-Service platform, meaning the underlying codebase remains proprietary and is not shared externally with any client or third party. This applies uniformly across every layer of the product — from core features to client-specific enhancements. Standard components such as the rewards catalogue, points management engine, and multi-currency redemption flows are part of Xoxoday Plum’s managed product infrastructure. Customized components — including tailored integrations built for HRMS platforms like Workday, SAP SuccessFactors, or Darwinbox — are developed and maintained exclusively by Xoxoday’s engineering teams. In both cases, access to the underlying code is not included as part of the deliverable. This is a deliberate architectural decision, not a product limitation. By retaining full ownership of the codebase, Xoxoday Plum delivers product updates, security patches, and compliance-driven enhancements without requiring any action on the client side. Organizations benefit from improvements in real time — including updates to integrations with Slack or Microsoft Teams — without managing versioning, deployment pipelines, or rollback procedures internally. Security and compliance frameworks make this model essential. Xoxoday Plum maintains certifications including ISO 27001 and SOC 2 Type II, both of which require strict governance over access to production systems and proprietary code. Exposing the codebase externally would introduce audit risk and expand the attack surface — outcomes that the SaaS architecture is specifically designed to prevent. For IT and procurement teams conducting technical due diligence, Xoxoday Plum provides comprehensive functional documentation, API references, and integration specifications. These resources give engineering teams everything needed to connect Xoxoday Plum with existing enterprise systems — without requiring access to source code. Organizations that require custom workflows, white-labelled experiences, or bespoke integrations with internal tools can collaborate with Xoxoday’s implementation team to define requirements, review output specifications, and validate functionality end-to-end. The process is structured, documented, and fully auditable — source code access is simply not part of the engagement model. Learn more: Xoxoday Plum Help Centre — System Requirement

Data Security and Compliance

Learn how Xoxoday Plum maintains ISO 27001 and SOC 2 Type II certifications to protect enterprise data.

API and Integration Specifications

Explore the API references and integration documentation available for connecting Xoxoday Plum with your existing systems.