Xoxoday encrypts all user and client data — at rest and in transit — across workstations, removable media, business applications, and locally stored databases, in full compliance with ISO 27001 and SOC 2 Type II standards.
Full-Spectrum Data Encryption at Xoxoday
Xoxoday treats data protection as a foundational responsibility, not an afterthought. Every piece of user and client data — regardless of where it lives — is subject to rigorous encryption controls. This applies to data in active business applications, data stored in local databases on workstations, and data written to removable media such as USB drives or external storage devices. Encryption is applied both at rest and in transit. Data at rest is protected using AES-256 encryption, ensuring that even if physical storage is compromised, the underlying information remains unreadable without the correct decryption keys. Data in transit is secured using TLS 1.2 or higher, covering all communication channels between Xoxoday’s services and connected systems.How This Applies to Integrated Business Systems
When Xoxoday connects with enterprise HR and productivity platforms — such as Workday, SAP SuccessFactors, Darwinbox, Slack, or Microsoft Teams — data exchanged across these integrations is encrypted end-to-end. Employee reward records, recognition data, and payout details flowing between Xoxoday and these systems are never transmitted or stored in plaintext. As a concrete example: when a manager sends a recognition reward through Microsoft Teams using Xoxoday’s bot integration, the underlying employee data and transaction details are encrypted throughout the entire request lifecycle — from the Teams interface, through Xoxoday’s API layer, to the database record.Compliance and Certification
Xoxoday’s encryption practices are validated through third-party audits aligned with ISO 27001 and SOC 2 Type II frameworks. These certifications confirm that Xoxoday’s controls for data encryption, key management, and access governance meet internationally recognized security standards. Organizations in regulated industries — including financial services, healthcare, and enterprise technology — can rely on Xoxoday’s encryption posture to satisfy their own internal compliance requirements without additional configuration or custom controls.Workstations and Removable Media
Encryption controls extend to the device level. Data stored locally on employee workstations and any data written to removable media is encrypted, reducing the risk of exposure from lost or stolen hardware. Xoxoday enforces these policies as part of its information security management system, which governs both cloud-hosted environments and endpoint devices used to access or process client data. This end-to-end approach means there are no gaps in the encryption chain — whether data is at rest on a database server, cached on a local machine, or temporarily written to a USB device, it remains protected by the same encryption standards that apply across the entire Xoxoday infrastructure. Learn more: Xoxoday Help Centre — DecryptionHow does Xoxoday protect data in transit?
Learn how Xoxoday uses TLS encryption and secure channels to protect data moving between systems and integrations.
Is Xoxoday ISO 27001 and SOC 2 Type II certified?
Understand the third-party audits and compliance certifications that validate Xoxoday’s security controls.