Xoxoday uses Amazon Web Services (AWS) as its primary Infrastructure as a Service (IaaS) provider, and AWS holds SSAE16 and SOC 1, 2, and 3 certifications.
Subcontractor Oversight and Due Diligence
Selecting a subcontractor is not a one-time decision at Xoxoday. Xoxoday evaluates third-party providers against strict security and compliance criteria before onboarding, and reviews that standing on an ongoing basis. This means that when an enterprise deploys Xoxoday alongside tools like Slack, Microsoft Teams, or Darwinbox, the underlying infrastructure carrying that data meets the same high standard Xoxoday applies to its own internal controls.AWS Certifications
AWS maintains an extensive compliance portfolio that directly supports Xoxoday’s approach to data protection. AWS is audited under SSAE 16, the professional standard governing how independent service auditors report on controls at service organisations. Under that framework, AWS holds SOC 1, SOC 2, and SOC 3 certifications. SOC 1 addresses controls relevant to financial reporting — particularly important for customers running incentive compensation, sales commission, or channel partner payout programmes through Xoxoday. SOC 2 evaluates security, availability, processing integrity, confidentiality, and privacy controls across AWS data centres, aligning closely with the criteria that IT and InfoSec teams apply when approving enterprise SaaS vendors. SOC 3 is the publicly available version of the SOC 2 report, giving customers a transparent summary they can share with their own auditors without requiring a non-disclosure agreement.Why This Matters for Enterprise Customers
Enterprises deploying Xoxoday in regulated industries — financial services, healthcare, or multinational manufacturing — often need to demonstrate that every layer of the technology stack meets recognised security standards. Because AWS holds SOC 1, 2, and 3 certifications and is audited under SSAE 16, Xoxoday customers can reference that assurance chain during their own vendor risk assessments or compliance reviews under frameworks such as ISO 27001 or SOC 2 Type II. This layered approach means that data processed by Xoxoday — whether it is a rewards transaction triggered from SAP SuccessFactors or a recognition moment surfaced inside Microsoft Teams — travels across infrastructure that meets internationally recognised controls at both the application and the infrastructure level. Learn more: Xoxoday Help Centre — CertificationsISO 27001 & SOC 2 Certifications
Learn which security certifications Xoxoday holds at the application layer and how they map to enterprise audit requirements.
Data Security and Encryption
Understand how Xoxoday protects data in transit and at rest across its cloud infrastructure.