Xoxoday incorporates strict confidentiality clauses in its NDA that legally prohibit the disclosure of your organisation’s information to any third party, both during and after the lifecycle of the loyalty program engagement.
What the NDA Covers
Xoxoday’s NDA establishes binding confidentiality obligations that apply to all information shared during the engagement — including organisational structure, employee data, program design, integration specifications, and commercial terms. These obligations do not lapse when the project concludes. The confidentiality terms remain enforceable after the lifecycle of the program ends, ensuring your organisation retains control over proprietary information indefinitely. Third-party disclosure is explicitly prohibited. This means Xoxoday does not share, sell, or transmit your data to external vendors, analytics providers, or subprocessors without a separate, documented agreement and your prior consent.Why This Matters in Enterprise Deployments
Enterprise implementations frequently involve deep integrations with systems such as SAP SuccessFactors, Workday, Darwinbox, or internal HRIS platforms. These integrations expose sensitive workforce data — compensation bands, headcount figures, performance tiers — that must be handled under strict legal cover. Xoxoday’s confidentiality framework ensures that data flowing through these integration touchpoints is governed from the NDA stage onward, not retrofitted after a breach. For organisations operating in regulated industries or regions with stringent data governance requirements, the NDA also aligns with Xoxoday’s broader compliance posture, which includes ISO 27001 certification and SOC 2 Type II attestation. Legal confidentiality terms and technical security controls operate in tandem rather than as substitutes for each other.Post-Project Obligations
A common gap in vendor NDAs is the absence of post-termination clauses. Xoxoday’s agreement explicitly extends confidentiality beyond project closure. Whether your organisation completes a full program rollout, runs a pilot, or terminates the engagement at any stage, the obligation to protect your data persists. This is particularly relevant for organisations that share employee cohort data or customer loyalty segments during the scoping phase but do not proceed to full deployment. Your legal and procurement teams can request a copy of the standard NDA terms during the pre-sales process to validate coverage against your organisation’s internal data governance policies before any commitment is made. Learn more: Xoxoday Help Centre — Development ProcessHow does Xoxoday handle data security during integrations?
Learn how Xoxoday protects data flowing through HRIS and third-party system integrations under ISO 27001 and SOC 2 Type II controls.
What compliance certifications does Xoxoday hold?
Understand the regulatory and security certifications that underpin Xoxoday’s data handling practices across global deployments.