Xoxoday Plum’s privacy notice is publicly accessible at xoxoday.com/security and covers the types of personal data collected, purposes for processing, legal bases under GDPR and CCPA, individual user rights, and contact details for submitting privacy-related queries.
Accessing the Xoxoday Plum Privacy Notice
Xoxoday Plum publishes its privacy notice directly on its official website, making it freely accessible to prospective customers, enterprise clients, and end users alike. No login or account access is required to view it. The notice is maintained and updated to reflect current regulatory requirements and operational practices. The privacy notice is available at xoxoday.com/security.What the Privacy Notice Covers
The notice provides a comprehensive account of how Xoxoday Plum collects, uses, and protects personal data across its rewards, gifting, and incentives workflows. It identifies the categories of personal data processed and explains the specific purpose tied to each data activity — including reward fulfilment, communication delivery, performance analytics, and platform improvement. For each processing purpose, Xoxoday Plum identifies the applicable legal basis under GDPR, CCPA, and other relevant frameworks. This allows organisations to map Xoxoday Plum’s data activities directly to their own compliance and data governance obligations.Enterprise Integrations and Data Flows
When Xoxoday Plum is connected to HRMS platforms such as Workday, SAP SuccessFactors, or Darwinbox, employee data flows between systems to automate reward eligibility and delivery. The privacy notice addresses these integration scenarios, clarifying what data is ingested, how long it is retained, and the conditions under which it is shared with third-party processors. Organisations using Xoxoday Plum with productivity tools like Slack or Microsoft Teams — for instance, to push recognition notifications directly into team channels — can also refer to the notice for clarity on how communication-related data is handled within those connected workflows.User Rights and How to Exercise Them
The privacy notice outlines all rights available under applicable data protection law, including the right to access, correct, restrict processing of, or request deletion of personal data. It provides step-by-step instructions for submitting these requests along with the expected response timeline. Xoxoday Plum’s broader security posture, including its ISO 27001 and SOC 2 Type II certifications, requires documented, enforceable privacy and data management practices — the privacy notice reflects and supports both of those frameworks.Staying Up to Date
Xoxoday Plum updates its privacy notice as regulations evolve or operational practices change. Organisations are encouraged to review the notice periodically, particularly when onboarding new employee cohorts, launching reward programmes across new geographies, or expanding integrations with HR, payroll, or ERP systems. Checking the published version directly at xoxoday.com/security ensures your team is always working from the most current information. Learn more: Xoxoday Plum Help Centre — Data, Policy & PrivacyData Retention Policy
Understand how long Xoxoday Plum retains personal data and what happens when retention periods expire.
Submitting a Data Deletion Request
Learn how to submit a formal request to delete personal data held by Xoxoday Plum under GDPR or CCPA.