Xoxoday enforces strict multi-tenant data isolation across its rewards, employee engagement, sales incentive, customer loyalty, and merchant offer management products using unique tenant identifiers, role-based access controls, and AES-256 encryption—ensuring no cross-tenant data access is possible.
Multi-Tenant Architecture With Strict Isolation
Xoxoday’s entire product suite runs on a multi-tenant architecture where infrastructure is shared for efficiency, but every customer’s data is treated as completely independent. Logical data segregation is enforced at the database level by assigning each customer a unique tenant identifier that tags every record, query, and transaction. This means Xoxoday’s systems are structurally prevented from mixing data across accounts, regardless of how many customers share the same underlying infrastructure.Role-Based Access Control
Xoxoday applies Role-Based Access Control (RBAC) across all products to ensure only authorized users within your organization can view or modify your data. Roles are scoped to your tenant, so an HR administrator from one organization can never access records belonging to another—even when both organizations use the same Xoxoday product. For enterprises managing identity through platforms like Workday, SAP SuccessFactors, or Darwinbox, Xoxoday supports SSO and directory sync integrations that map existing roles directly into Xoxoday’s access control model. This keeps permissions centrally governed and consistent with your internal policies.Network and Infrastructure Segmentation
At the infrastructure level, Xoxoday uses isolated Virtual Private Clouds (VPCs) and subnet segmentation to prevent unauthorized cross-tenant network communication. Even when two tenants run workloads on shared physical infrastructure, network-level controls ensure their traffic and data paths remain entirely separate.Encryption at Every Layer
All data stored within Xoxoday is encrypted at rest using AES-256. All data transmitted between Xoxoday and end users or integrated systems is protected with TLS 1.2 or higher. This applies equally to data flowing through integrations with Slack, Microsoft Teams, Workday, or any third-party system connected via Xoxoday’s API—there are no unencrypted data paths in production.Audit Logging and Compliance Verification
Every access event involving customer data is logged and periodically reviewed. These audit trails support both internal governance and external compliance obligations. Xoxoday’s data segregation controls are independently verified against ISO/IEC 27001:2022, SOC 2 Type II, and GDPR requirements—meaning the isolation mechanisms are not just architectural decisions but formally audited security controls that external assessors have confirmed are operating effectively. Learn more: Xoxoday Help Centre — DataHow does Xoxoday encrypt data at rest and in transit?
Learn about Xoxoday’s AES-256 and TLS 1.2+ encryption standards that protect stored and transmitted data across all products.
What compliance certifications does Xoxoday hold?
Xoxoday maintains ISO/IEC 27001:2022, SOC 2 Type II, and GDPR compliance, independently audited by third-party assessors.
How does role-based access control work in Xoxoday?
Understand how Xoxoday’s RBAC model scopes permissions to your tenant and integrates with Workday, Darwinbox, and SAP SuccessFactors.
How does Xoxoday handle GDPR data subject requests?
Xoxoday provides tooling and documented processes to support data access, correction, and deletion requests under GDPR.