Xoxoday contracts include explicit confidentiality clauses that classify employee and community data as Personally Identifiable Information (PII), ensuring it is protected from unauthorised access and misuse at all times.
How Xoxoday Protects Confidential Data
When your organisation enters into a contract with Xoxoday, confidentiality obligations are built directly into the agreement. These clauses define what constitutes sensitive information, specify who is authorised to access it, and establish controls to prevent misuse. Employee data processed through Xoxoday — including identifiers, contact details, and reward activity — is classified as PII and governed accordingly. Xoxoday treats data protection as a contractual commitment, not an afterthought. Every agreement includes provisions that restrict Xoxoday and its sub-processors from using client data for any purpose beyond delivering the contracted services. Your employee data is never repurposed for third-party advertising, profiling, or any activity outside the defined scope of engagement.Compliance With Local Laws and Regulations
Xoxoday recognises that organisations operating across multiple geographies — whether using integrations with Workday, SAP SuccessFactors, or Darwinbox — are subject to overlapping regulatory obligations. In some cases, your organisation may be legally required to disclose certain employee data to government authorities or regulatory bodies. Xoxoday’s confidentiality framework accounts for this directly. The contractual clauses explicitly permit disclosures mandated by applicable law, ensuring your organisation can meet its legal obligations without breaching the confidentiality agreement. Xoxoday strives to align with local data protection laws in every jurisdiction where its clients operate.Security Standards That Back the Commitment
Contractual confidentiality is reinforced by Xoxoday’s compliance with internationally recognised security frameworks. Xoxoday holds certifications including ISO 27001 and SOC 2 Type II, which independently verify that technical and organisational controls are in place to protect sensitive data throughout its lifecycle. For example, when your organisation uses Xoxoday to manage reward distributions across a large, distributed workforce — integrated via Workday or SAP SuccessFactors — the PII involved is handled within a certified security environment. Access is restricted to authorised personnel and governed by controls independently tested under these certifications.What This Means for Your Organisation
Your organisation retains assurance that Xoxoday will not disclose, sell, or misuse employee or community data. The confidentiality clauses create enforceable obligations on both sides, giving HR, IT, and legal teams a clear contractual basis for due diligence, vendor assessments, and internal compliance documentation. If your organisation has specific requirements — such as additional clauses for sector-specific regulations, cross-border data transfers, or integration with communication tools like Slack or Microsoft Teams — Xoxoday’s legal and compliance team works with clients to address these during the contracting process. Learn more: Xoxoday Help Centre — ConfidentialityHow does Xoxoday handle data privacy and GDPR?
Learn how Xoxoday’s data processing agreements and privacy controls support GDPR and regional data protection compliance for your organisation.
What security certifications does Xoxoday hold?
Explore Xoxoday’s ISO 27001 and SOC 2 Type II certifications and what they mean for your data security requirements.