Xoxoday Plum supports compliant issuance of physical and digital gift cards across global markets, backed by SOC 2 Type II attestation and ISO 27001 certification, with built-in controls for tax reporting and data residency.
Gift card compliance on Xoxoday Plum
Xoxoday Plum treats compliance as a foundational layer, not an afterthought. Whether your program distributes physical gift cards to field sales teams or digital codes to remote employees via Slack or MS Teams, the same compliance controls apply end to end. Physical gift cards are managed through a vetted fulfillment network that adheres to regional consumer protection laws and anti-money-laundering (AML) guidelines. Inventory, dispatch, and redemption data are logged for audit purposes, giving procurement and finance teams a clean paper trail. Digital gift cards are delivered through encrypted channels. Codes are single-use, expiry-controlled, and tied to recipient identity where regulations require it. This matters especially in jurisdictions where unrestricted digital vouchers are treated as taxable fringe benefits.Data security and certifications
Xoxoday Plum is certified to ISO 27001 and has completed SOC 2 Type II audits, which cover the systems that store, process, and transmit gift card data. These certifications give IT and InfoSec stakeholders documented assurance before procurement sign-off. For organizations running HR workflows through Workday, SAP SuccessFactors, or Darwinbox, Xoxoday Plum’s integrations respect data minimization principles — only the fields needed for reward delivery are exchanged, and no sensitive payroll data passes through the rewards layer.Tax and reporting controls
Xoxoday Plum includes configurable tax treatment settings at the program level. Admins can flag reward types as taxable or non-taxable based on local rules, set value thresholds that trigger reporting, and export redemption data in formats compatible with most payroll and ERP systems. For example, a company running a quarterly sales incentive in the US can configure Xoxoday Plum to automatically flag gift card values above the IRS de minimis threshold, making year-end 1099 reconciliation straightforward for the finance team.GDPR and regional data privacy
Xoxoday Plum supports data residency preferences and applies GDPR-aligned data handling for programs operating across the EU. Recipient data collected during gift card delivery is retained only for the period needed to fulfil and audit the transaction, after which it is subject to automated purging policies that administrators can review in the compliance settings panel. Procurement, legal, and IT teams conducting vendor due diligence can request Xoxoday Plum’s security documentation — including audit reports and data processing agreements — through the official help centre. Learn more: Xoxoday Plum Help Centre — GeneralHow does Xoxoday Plum handle GDPR and data privacy?
Understand data residency options, consent flows, and automated purging policies for global reward programs.
What security certifications does Xoxoday Plum hold?
Details on ISO 27001, SOC 2 Type II, and how to request security documentation for vendor assessments.