Xoxoday Plum processes confidential business data — including employee PII, transaction and redemption history, and financial identifiers — secured by end-to-end encryption, Role-Based Access Control, and compliance with GDPR and internationally recognised security frameworks.
What Data Xoxoday Plum Handles
Xoxoday Plum processes three primary categories of confidential data. Employee and customer personally identifiable information — including names, email addresses, and contact details — is used to identify recipients and deliver rewards accurately. Transaction and redemption history is maintained to give your HR and finance teams a clear audit trail of all reward activity. Financial identifiers tied to payouts and prepaid card distributions are handled to ensure accurate, traceable monetary transfers. When your organisation connects Xoxoday Plum to HRIS platforms such as Workday, SAP SuccessFactors, or Darwinbox, employee data flows securely between systems via encrypted API integrations. No data is exposed or cached in transit during these syncs.Enterprise-Grade Security Controls
Xoxoday Plum encrypts all data at rest and in transit using industry-standard protocols. Access to sensitive data is governed by Role-Based Access Control (RBAC), ensuring that only authorised personnel within your organisation can view or act on specific data sets. Every API integration generates detailed audit logs, giving your IT and compliance teams full visibility into data access events. These controls are built into the platform’s architecture by default — not offered as optional add-ons.Compliance and Regulatory Standards
Xoxoday Plum adheres to GDPR and applicable local data privacy laws relevant to your operating region. The platform is audited against internationally recognised frameworks including ISO 27001 and SOC 2 Type II, providing independent verification that its security controls meet rigorous, externally validated standards. Regular third-party security audits are conducted to identify vulnerabilities, validate existing controls, and ensure the platform remains compliant as regulations evolve.Ongoing Risk Mitigation
Security on Xoxoday Plum is an ongoing programme, not a one-time certification. Automated monitoring, access reviews, and vulnerability assessments run continuously to detect and mitigate risks before they can impact your organisation. Your employee data, reward transactions, and financial records remain protected throughout the full lifecycle of platform use. Learn more: [Xoxoday Plum Help Centre — Security Requirement](Data Privacy and GDPR Compliance
Understand how Xoxoday Plum handles GDPR obligations, data residency requirements, and privacy rights for employee and customer data across regions.
Role-Based Access Control
Learn how Xoxoday Plum uses RBAC to restrict data access by user role, ensuring only authorised administrators can view sensitive reward and financial records.