Xoxoday stores all customer data — including backups — in secure AWS, Oracle, or Azure data centers selected to match each client’s regional data residency preferences and applicable compliance requirements.
Data Residency and Storage Location
Xoxoday gives organizations direct control over where their data lives. Customer data, including all backups, is stored in the data center region that aligns with the client’s geographic and regulatory requirements. A company operating in the European Union, for example, can ensure its rewards and recognition data never leaves EU infrastructure — satisfying both internal IT policy and GDPR obligations. This residency flexibility matters most for enterprise customers integrating Xoxoday with HR systems like Workday, SAP SuccessFactors, or Darwinbox, where employee data flows across platforms and residency accountability must be maintained end to end.Encryption Standards
Xoxoday encrypts all data at rest using AES-256 and all data in transit using TLS 1.3+. These standards are consistent with what ISO 27001 mandates and what SOC 2 Type II auditors expect. Encryption applies uniformly across all modules — whether data is flowing through an API-connected Slack or MS Teams integration, or sitting in long-term storage.Access Controls and Authentication
Access to customer data within Xoxoday is governed by strict role-based access control (RBAC) paired with enforced multi-factor authentication (MFA). Only authorized personnel with a verified business need can access sensitive records. Every access event is logged, creating a clear and auditable chain of accountability.Backup and Disaster Recovery
Xoxoday runs automated daily backups under predefined retention policies and disaster recovery protocols. These backups follow the same residency rules as primary data, so compliance is never compromised during a recovery event. Retention schedules align with industry-specific regulatory requirements and can be configured to meet client SLAs.Compliance Posture and Ongoing Monitoring
Xoxoday’s infrastructure is built to support GDPR and other applicable data protection frameworks. Continuous monitoring, regular third-party security audits, and comprehensive logging enable proactive threat detection and rapid incident response. Security policies are reviewed on a recurring basis to track evolving regulatory standards and ensure customer data stays protected and private. Learn more: Xoxoday Help Centre — Data ResidencyHow does Xoxoday handle GDPR compliance?
Learn how Xoxoday meets GDPR requirements for data processing, consent management, and data subject rights.
What security certifications does Xoxoday hold?
Explore Xoxoday’s ISO 27001, SOC 2 Type II, and other compliance certifications that validate its security posture.