Xoxoday guarantees license compliance across all subcontractors, hosting centres, and software and hardware vendors by embedding Standard Contractual Clauses (SCCs) in every agreement and operating with AWS as its sole subprocessor.
Standard Contractual Clauses as the baseline
Xoxoday incorporates Standard Contractual Clauses (SCCs) into every subcontractor and vendor agreement. SCCs are legally enforceable provisions that define data protection, licensing, and compliance obligations between contracting parties. By making SCCs a non-negotiable element of its contracting process, Xoxoday creates a documented, auditable chain of compliance that extends from Xoxoday itself down to every vendor in its supply chain. SCCs are recognised under GDPR and comparable frameworks as a reliable mechanism for ensuring that obligations travel with the data and the service — not just to the first-tier vendor, but to every entity that touches Xoxoday’s infrastructure or software stack.A single subprocessor: AWS
Xoxoday operates with AWS (Amazon Web Services) as its only subprocessor for hosting infrastructure. This is a deliberate architectural decision. Rather than distributing workloads across multiple cloud or co-location providers — each with their own licensing arrangements, audit cycles, and compliance postures — Xoxoday consolidates hosting under a single, enterprise-grade partner with a well-documented compliance record. AWS holds certifications including ISO 27001, SOC 2 Type II, and PCI DSS, among others. When your organisation connects Xoxoday to tools such as Workday, SAP SuccessFactors, or Darwinbox for employee data synchronisation, or surfaces reward notifications through Slack or Microsoft Teams, all data transits and is processed within this single AWS-managed environment. There is no hidden third-party hosting layer introducing additional licensing uncertainty.What this means for your procurement and IT teams
For procurement teams running third-party risk assessments, Xoxoday’s subprocessor model significantly reduces the audit surface. Instead of evaluating a long list of hosting vendors, your team reviews one: AWS. For IT and InfoSec stakeholders, the SCC framework provides contractual assurance that every licensing and data-processing obligation has been formally acknowledged and remains enforceable at each tier. Xoxoday’s approach reflects a commitment to operational transparency — keeping the subprocessor list short, keeping agreements auditable, and keeping compliance obligations legally binding throughout its entire vendor chain. Learn more: Xoxoday Help Centre — LicensingXoxoday Subprocessor Policy
Details on Xoxoday’s subprocessor list, AWS hosting model, and how subprocessor agreements are governed under GDPR and equivalent frameworks.
Security Certifications and Compliance
Overview of Xoxoday’s ISO 27001, SOC 2 Type II, and other security certifications that underpin its infrastructure and data handling commitments.