Xoxoday Plum stores user profile details, technical identifiers, and interaction data in encrypted multi-cloud environments across India, the UAE, the United States, and Singapore, certified under ISO 27001, SOC 2 Type II, GDPR, and CCPA.
User Profile Data
Xoxoday Plum stores each user’s name, email address, and phone number. These details power account creation, authentication, and reward distribution—ensuring that points, gift cards, and experiences are delivered to the correct recipients without manual intervention.Technical Identifiers
To maintain secure platform access and operational integrity, Xoxoday Plum retains IP addresses, session tokens, and API keys. These identifiers support single sign-on integrations with HR systems such as Workday, SAP SuccessFactors, and Darwinbox, and generate the audit trails required under ISO 27001 access-control frameworks.Interaction and Behavioural Data
Xoxoday Plum captures survey responses, reward redemption history, usage preferences, and programme engagement signals. This data enables HR and operations teams to run accurate programme reporting, personalise incentive catalogues, and measure the effectiveness of recognition initiatives over time.Cloud Infrastructure
Xoxoday Plum operates on a multi-cloud architecture combining AWS and Microsoft Azure. This dual-cloud model delivers high availability and geographic flexibility. All data is encrypted at rest and in transit using industry-standard protocols, and the infrastructure holds both ISO 27001 and SOC 2 Type II certifications, providing independent third-party assurance of security controls.Data Residency and Regional Hosting
Data is hosted across four primary regions: India, the United Arab Emirates, the United States, and Singapore. Organisations subject to jurisdiction-specific data localisation requirements—such as PDPA obligations in Singapore or UAE data sovereignty mandates—can have their environment provisioned entirely within the corresponding region. For enterprises with stricter residency controls, Xoxoday Plum supports dedicated deployment environments. An organisation operating across the GCC region and onboarding via SAP SuccessFactors, for example, can have all data confined to UAE-based infrastructure with no cross-border data transfers occurring.Why Multi-Region Architecture Matters
Data sovereignty is a compliance requirement, not an optional feature, for organisations with globally distributed workforces. Xoxoday Plum’s multi-cloud, multi-region model ensures that regulatory obligations are met without compromising platform performance, integration depth, or reporting capability—whether your teams are spread across APAC, EMEA, or the Americas. Learn more: Xoxoday Plum Help Centre — Data, Policy & PrivacyEncryption & Data Security Standards
How Xoxoday Plum encrypts data at rest and in transit, and which protocols and key management practices are used across its cloud infrastructure.
Compliance Certifications: ISO 27001 & SOC 2
An overview of Xoxoday Plum’s ISO 27001 and SOC 2 Type II certifications, what they cover, and how to request audit reports for your vendor review.