Xoxoday is hosted on Amazon Web Services (AWS), which holds SOC 1, SOC 2, SOC 3, ISO 27001, ISO 27017, ISO 27018, and SSAE16 certifications, meaning every organisation that deploys Xoxoday operates within a rigorously audited, enterprise-grade cloud compliance framework.
Cloud Infrastructure Built on Certified Foundations
Xoxoday uses Amazon Web Services (AWS) as its cloud service provider. AWS maintains one of the most comprehensive third-party certification portfolios in the industry, covering security, privacy, and operational integrity. Because Xoxoday’s infrastructure runs on AWS, every organisation using Xoxoday — whether for employee rewards, channel loyalty programmes, or B2B incentives — inherits these compliance controls without additional configuration or vendor negotiation.SOC 1, SOC 2, and SOC 3
AWS holds all three SOC certifications. SOC 1 covers internal controls relevant to financial reporting. SOC 2 — the benchmark most IT and procurement teams require from SaaS vendors — validates security, availability, processing integrity, confidentiality, and privacy practices. SOC 3 provides a publicly available summary of the same audit. For enterprise organisations integrating Xoxoday with HR platforms such as SAP SuccessFactors, Workday, or Darwinbox, SOC 2 Type II assurance is frequently a mandatory vendor requirement. Xoxoday satisfies this through its AWS deployment, which means your security review can reference independently verified AWS audit reports rather than relying on self-attestation.ISO 27001, ISO 27017, and ISO 27018
ISO 27001 is the globally recognised standard for information security management systems. AWS extends this with ISO 27017, which applies security controls specifically to cloud service environments, and ISO 27018, which governs the protection of personally identifiable information in public cloud infrastructure. All three certifications apply to Xoxoday’s operating environment. This matters practically when your organisation processes sensitive employee data — such as milestone records, performance-linked reward eligibility, or loyalty transaction histories — through Xoxoday. That data is handled within an environment audited against internationally accepted privacy and security standards.SSAE16
AWS is also SSAE16-audited, a standard that verifies the adequacy of controls at service organisations. This is particularly relevant for organisations in financial services or those with strict internal audit and vendor risk management programmes.What This Means for Enterprise Procurement
When your IT, legal, or procurement teams evaluate Xoxoday, the AWS certification stack significantly reduces due-diligence overhead. Rather than reviewing a proprietary in-house security posture, your team can reference AWS’s published compliance documentation directly. Integrations with workplace tools such as MS Teams or Slack for reward notifications, or with HRIS platforms for eligibility data, occur within this same certified cloud boundary. For detailed audit reports and FAQs, refer to the official AWS compliance documentation: AWS SOC FAQs and AWS ISO Certifications. Learn more: Xoxoday Help Centre — CertificationsData Security at Xoxoday
Understand how Xoxoday protects data at rest and in transit, including encryption standards and access control practices across all platform operations.
GDPR and Privacy Compliance
Learn how Xoxoday handles personal data in line with global privacy regulations, including GDPR requirements for organisations operating across multiple regions.