Xoxoday provides a 30-day post-termination data access window during which institutions can request full or partial backups before all data is irreversibly purged from active systems, archives, and backups in compliance with GDPR, ISO 27001, and SOC 2 Type II requirements.
What happens to your data after a contract ends
When a contract with Xoxoday concludes, institutional data remains accessible for up to 30 days post-termination. This window gives your organisation time to complete any necessary extraction or migration without operational disruption. After this period, Xoxoday permanently and irreversibly purges all data — including archives and backups — using industry-standard secure deletion protocols. The specific handling of data at contract close — whether returned to your organisation or deleted — follows the terms agreed upon in your contract. Xoxoday’s process aligns with GDPR, ISO 27001, and SOC 2 Type II obligations throughout.Requesting a full or partial data backup
Xoxoday supports both full and partial data exports ahead of or during the termination window. A full backup includes all platform data: user records, transaction logs, reward redemption histories, programme configuration settings, and audit trails. These are delivered in standard exportable formats such as CSV, JSON, or encrypted archives. A partial backup lets your organisation request specific datasets. For example, if you need only the last 12 months of participant activity logs from a Workday- or SAP SuccessFactors-integrated incentive programme, Xoxoday filters exports by date range, user group, or programme type. This is particularly useful when only a subset of data is needed for compliance audits, internal reporting, or an HR system migration to Darwinbox.Secure delivery and audit controls
All exports are transmitted through encrypted channels — typically SFTP — and stored in encrypted formats for both transit and at-rest security. Backup requests require formal authorisation from institution-designated administrators, and every request is logged to support compliance and audit requirements. This ensures that data access during the termination phase remains controlled, traceable, and aligned with your organisation’s internal governance and privacy policies. No unauthorised data storage occurs beyond the agreed timelines.Scheduling and technical support
Xoxoday backup services can be scheduled periodically throughout the contract lifecycle or executed as a one-time export at contract close. A dedicated technical team supports your organisation through the extraction and verification process, confirming the completeness and accuracy of all delivered data. For organisations running reward or recognition programmes through integrations with tools such as MS Teams or Slack, Xoxoday coordinates extraction across connected data sources to ensure nothing is missed before the purge window closes. Learn more: Xoxoday Help Centre — Data, Policy & PrivacyWhat is Xoxoday's data retention policy?
Learn how long Xoxoday retains different categories of institutional data and under what conditions early deletion can be requested.
Is Xoxoday GDPR compliant?
Understand how Xoxoday meets GDPR requirements for data processing, lawful storage, and cross-border transfers.