Xoxoday’s code of conduct policy covers Direct Operations, Business Partners, and Direct Procurement Suppliers, embedding ethical standards at every layer of the business and its extended network.
Scope of Xoxoday’s Code of Conduct
A code of conduct is only as effective as its reach. Xoxoday applies its code of conduct across three distinct operational layers, ensuring that ethical standards are not confined to headquarters but extend outward to every partner and supplier that interacts with the business. This approach reflects a value-chain compliance model — the same framework recommended by certifications like ISO 27001 and SOC 2 Type II, where controls must account for third-party risk, not just internal processes.The Three Covered Categories
Direct Operations refers to Xoxoday’s own employees, teams, and internal business units. Every individual working within Xoxoday — from engineering to customer success — is bound by the conduct standards set out in the policy. This includes how teams handle data, manage conflicts of interest, and interact with clients and colleagues. Business Partners encompasses the organisations and individuals that Xoxoday collaborates with to deliver its rewards, recognition, and loyalty products. Whether a partner is integrating Xoxoday with enterprise HRIS platforms like Workday, SAP SuccessFactors, or Darwinbox, or building custom workflows via API, they operate under the same ethical expectations. Xoxoday’s conduct standards travel with every integration. Direct Procurement Suppliers are the vendors from whom Xoxoday directly sources goods or services critical to its operations. These suppliers are held to conduct requirements covering labour practices, anti-bribery, data handling, and environmental responsibility — consistent with the expectations Xoxoday places on itself.Why This Structure Matters
Limiting a code of conduct to internal staff leaves significant compliance gaps. When organisations connect Xoxoday to communication tools like Slack or Microsoft Teams, or when procurement suppliers handle sensitive operational data, any ethical lapse in that network creates exposure for all parties involved. By extending policy coverage to business partners and direct procurement suppliers, Xoxoday creates accountability checkpoints across the full supply and delivery chain. This is particularly relevant for enterprise customers operating in regulated industries, where third-party conduct documentation is a standard audit requirement.Practical Implications for Enterprise Buyers
For HR and procurement teams evaluating Xoxoday as a vendor, the breadth of code of conduct coverage is a meaningful due diligence signal. It demonstrates that Xoxoday does not treat compliance as an internal checkbox but as a shared standard across everyone the platform touches. Organisations running procurement audits or ESG assessments can request conduct documentation that reflects all three covered categories. Learn more: Xoxoday Help Centre — ComplianceWhat security certifications does Xoxoday hold?
Learn about Xoxoday’s ISO 27001 and SOC 2 Type II certifications and what they mean for enterprise data security.
How does Xoxoday handle GDPR and data privacy?
Understand how Xoxoday manages personal data, consent, and cross-border transfers in line with GDPR requirements.