Xoxoday maintains ISO/IEC 27001:2022, SOC 2 (Type I & Type II), ISO 14001, and PCI-DSS (SAQ D, Level 2) certifications, and operates under GDPR and CCPA/CPRA-aligned data-protection controls.
Xoxoday’s Security and Compliance Certifications
Xoxoday holds a comprehensive set of organization-level certifications that demonstrate its commitment to information security, environmental responsibility, and data privacy. These certifications apply across Xoxoday’s product suite — including rewards, recognition, and loyalty management — and are maintained through regular third-party audits.Information Security: ISO/IEC 27001:2022
Xoxoday is certified under ISO/IEC 27001:2022, the internationally recognized standard for Information Security Management Systems (ISMS). This certification covers the policies, processes, and controls that govern how Xoxoday protects organizational and employee data across its platform. For enterprise customers integrating Xoxoday with systems like Workday, SAP SuccessFactors, or Darwinbox, this certification confirms that data exchanged through those integrations is handled under a rigorously audited security framework.SOC 2 Type I & Type II
Xoxoday has completed both SOC 2 Type I and SOC 2 Type II examinations, conducted by independent auditors. While Type I validates the design of security controls at a point in time, Type II assesses the operational effectiveness of those controls over an extended period — typically six to twelve months. This distinction matters for IT and procurement teams: SOC 2 Type II attestation provides stronger assurance that Xoxoday’s security practices are consistently applied, not just documented.Environmental Management: ISO 14001
Xoxoday holds ISO 14001 certification for its Environmental Management System. This reflects Xoxoday’s organizational commitment to identifying, managing, and reducing its environmental impact — a criterion that increasingly factors into enterprise vendor assessments and ESG reporting requirements.PCI-DSS Compliance for Loyalty Management
Xoxoday’s loyalty management platform is PCI-DSS compliant at SAQ D, Level 2. This level of compliance applies to merchants and service providers that store, process, or transmit cardholder data, and it requires adherence to all twelve PCI-DSS requirements. For organizations running loyalty or incentive programs that involve payment instruments or stored-value instruments, this certification confirms that Xoxoday meets the payment industry’s rigorous data security standards.GDPR and CCPA/CPRA Data-Protection Controls
Xoxoday operates under data-protection controls aligned with the EU’s General Data Protection Regulation (GDPR) and California’s CCPA/CPRA framework. These controls govern how personal data is collected, processed, stored, and deleted across Xoxoday’s products. For multinational organizations deploying Xoxoday across regions in Europe and North America, these aligned controls support consistent privacy governance without requiring separate vendor configurations per jurisdiction. Learn more: Xoxoday Help Centre — GeneralHow does Xoxoday handle data privacy?
Learn how Xoxoday’s GDPR and CCPA/CPRA-aligned controls protect employee and customer personal data across its platform.
What HRMS integrations does Xoxoday support?
Explore Xoxoday’s native integrations with Workday, SAP SuccessFactors, Darwinbox, and other leading HRMS platforms.