Does Xoxoday Plum Process FERPA-Related Data? - Xoxoday

Xoxoday Plum supports FERPA-compliant data handling for education-sector rewards and survey use cases, applying role-based access controls, AES-256 encryption, and comprehensive audit logging to protect student and faculty records.

FERPA (Family Educational Rights and Privacy Act) governs how educational institutions in the United States collect, store, and share student records. When Xoxoday Plum is deployed in the education sector — for student engagement programmes, faculty recognition, or survey-linked incentives — it treats any associated educational data as sensitive personal information subject to strict access and handling controls. Role-Based Access Controls Xoxoday Plum enforces role-based access controls (RBAC) that restrict visibility into education records to authorised personnel only. Administrators can configure granular permission sets so that programme managers see only the data relevant to their role, and no student or faculty record is exposed beyond its intended scope. This approach maps directly to FERPA’s principle of legitimate educational interest, ensuring data is accessible only where there is a clear operational need. Encryption at Every Layer All FERPA-related data processed through Xoxoday Plum is encrypted at rest using AES-256 and in transit using TLS 1.2 or higher. Whether a survey response is submitted through a browser or an integrated HR system, the data remains protected end to end. This encryption standard is consistent with Xoxoday Plum’s SOC 2 Type II attested and ISO 27001 certified security posture, giving education teams a verifiable baseline of technical assurance. Education-Sector Use Cases Xoxoday Plum supports a range of education-sector workflows where FERPA-sensitive data may be involved. Institutions running point-based incentive programmes tied to academic milestones need student identifiers handled with care — Xoxoday Plum processes these without exposing records to unauthorised parties. For institutional research and feedback initiatives, survey responses are stored in a way that keeps identifiable student data segregated and access-controlled. HR teams at universities using integrations with Workday or SAP SuccessFactors can also trigger faculty and staff recognition workflows while keeping personnel data within compliant boundaries. Auditability and Accountability Xoxoday Plum maintains detailed audit logs of data access and processing events. This supports institutional accountability requirements and gives compliance teams a verifiable record of who accessed what data and when. Audit trails are reviewable by authorised administrators without requiring direct access to underlying personal data, which keeps oversight clean and separation of duties intact. For education organisations evaluating Xoxoday Plum, the technical and operational controls in place are designed to support FERPA compliance alongside other applicable data privacy frameworks in your jurisdiction. Learn more: Xoxoday Plum Help Centre — Data, Policy & Privacy

How Does Xoxoday Plum Encrypt Data at Rest and in Transit?

Details on AES-256 encryption at rest and TLS 1.2+ in transit across all data processed by Xoxoday Plum.

Is Xoxoday Plum SOC 2 Type II Certified?

Learn about Xoxoday Plum’s SOC 2 Type II attestation and what it means for your organisation’s compliance posture.