Skip to main content
Xoxoday scans and filters all email content and web traffic within its platform for malicious or inappropriate content as a standard, continuously active security control.
Xoxoday applies content scanning across all communication channels and data flows processed through its infrastructure. This covers outbound reward notifications, transactional emails, and web-based interactions. Every message and data packet passes through automated filters designed to detect and block malicious code, phishing attempts, inappropriate language, and other threats before they reach recipients.

How Content Filtering Works

Xoxoday’s content filtering operates at multiple layers simultaneously. Inbound and outbound email traffic is inspected for known malware signatures, suspicious links, and policy-violating content. Web traffic generated within Xoxoday’s environment is monitored to prevent data exfiltration, unauthorised redirects, and injection attacks. These controls run continuously without manual intervention and apply to all users regardless of role or geography.

Integration with Enterprise Environments

When Xoxoday connects to HR systems such as SAP SuccessFactors, Darwinbox, or Workday to sync employee data, all data flows between systems are subject to the same scanning and filtering policies. Reward notification emails dispatched through integrations with Slack or Microsoft Teams are inspected before delivery, so employees in distributed teams receive only verified, clean content. This end-to-end approach ensures no integration point becomes a gap in your organisation’s security posture.

Compliance and Certification Alignment

Xoxoday’s content filtering practices align with the documented control requirements of ISO 27001 and SOC 2 Type II. Both frameworks mandate controls over data flows and communication security, which content filtering directly supports. Your organisation’s IT and compliance teams can request evidence of these controls during vendor security assessments or annual audits.

What This Means for Your Organisation

For HR and IT administrators, Xoxoday’s content filtering reduces the risk of a compromised reward email being used as a phishing vector against employees. It also means your organisation does not need to maintain a separate email security layer for Xoxoday-generated communications, as Xoxoday handles this internally. Security events detected by the filtering system are logged and available for audit purposes, supporting internal incident response and compliance reporting workflows. Learn more: Xoxoday Help Centre — Content filtering

Data Encryption Standards on Xoxoday

Understand how Xoxoday encrypts data at rest and in transit to protect sensitive employee and transactional information.

ISO 27001 and SOC 2 Type II Compliance

Learn which security certifications Xoxoday holds and what they mean for your organisation’s vendor risk programme.