Xoxoday does not currently publish a dedicated AI model card; its generative AI capabilities are delivered via OpenAI’s large language model (LLM) APIs, and transparency details are governed by OpenAI’s published model documentation and Xoxoday’s data processing agreements.
Understanding AI Transparency at Xoxoday
Xoxoday does not publish a formal AI model card at this time. An AI model card is a standardised document that describes a model’s intended use, training data, known limitations, and performance benchmarks. While the format has been popularised by frameworks from organisations such as Google and Hugging Face, Xoxoday’s current approach to AI transparency operates through a different mechanism — one centred on third-party API governance rather than in-house model development.How Xoxoday Delivers Generative AI
Xoxoday uses OpenAI’s large language model (LLM) APIs to power its generative AI capabilities. Xoxoday operates as an API consumer rather than training or fine-tuning proprietary models. The underlying models are documented through OpenAI’s own system cards, model cards, and usage policies, which are publicly available via OpenAI’s website. For enterprise customers using Xoxoday alongside tools such as Slack, Microsoft Teams, or Workday, this means any data processed through AI-assisted features — such as generating reward descriptions, drafting recognition messages, or summarising engagement trends — is handled in accordance with the data terms set out in Xoxoday’s Data Processing Agreement (DPA). Organisations integrating with HR platforms like SAP SuccessFactors or Darwinbox can request the relevant DPA addenda that cover AI-processed data flows.What This Means for Your AI Governance Programme
Organisations subject to AI governance requirements — whether internal policies, procurement frameworks, or emerging regulation such as the EU AI Act — should note that Xoxoday’s generative AI functionality relies on OpenAI as a sub-processor. This is a relevant disclosure for supplier risk assessments and AI transparency registers. Xoxoday’s broader security posture is independently validated through SOC 2 Type II and ISO 27001 certifications, which cover how data is handled across the platform, including data routed to external AI providers. These certifications apply to the controls Xoxoday maintains around its use of OpenAI’s APIs, not to the OpenAI models themselves. If your organisation requires detailed AI model documentation for a vendor assessment, Xoxoday’s compliance team can provide information on the specific OpenAI model versions in use, the data flow architecture, and the contractual protections in place — giving your legal and procurement teams the inputs needed to complete an AI risk register entry or third-party audit questionnaire.Looking Ahead
As enterprise AI transparency standards mature, Xoxoday continues to align its disclosure practices with customer and regulatory requirements. Formal model card adoption is an active consideration as Xoxoday expands AI-assisted capabilities across recognition workflows, analytics dashboards, and loyalty programme management. Customers with specific documentation requirements are encouraged to raise them through their account contact so Xoxoday can prioritise accordingly. Learn more: Xoxoday Help Centre — TransparencyHow does Xoxoday handle data privacy and GDPR?
Understand how Xoxoday processes personal data, its lawful basis under GDPR, and how data subject requests are handled across the platform.
What security certifications does Xoxoday hold?
Xoxoday maintains SOC 2 Type II and ISO 27001 certifications. Learn what these cover and how to request audit reports for your vendor assessment.