Skip to main content
Xoxoday maintains a fully documented and actively enforced cryptographic key management process that spans all lifecycle stages—generation, secure exchange, storage, access control, periodic vetting, and rotation—across databases, infrastructure, and web-facing services.
Xoxoday’s rewards and recognition platform handles sensitive employee and corporate data across integrations with enterprise systems like Workday, SAP SuccessFactors, and Darwinbox. A rigorous cryptographic key management framework ensures that data remains protected at every layer of the platform architecture.

Key Generation and Secure Exchange

Xoxoday generates cryptographic keys using industry-standard algorithms and distributes them through secure, authenticated channels. Key generation procedures are documented and repeatable, governed by internal security policy to eliminate ad hoc or uncontrolled practices that could introduce risk.

Encryption Standards in Use

All data at rest is protected using Advanced Encryption Standard (AES) 256-bit encryption—the same standard required under frameworks such as ISO 27001 and SOC 2 Type II. Data in transit is secured using Transport Layer Security (TLS), providing end-to-end protection for all communications between users, third-party integrations, and Xoxoday’s backend services.

Access Controls and Audit Logging

Access to cryptographic keys is governed by role-based access control (RBAC). Only authorized personnel and services with a documented business need can retrieve or use keys. Every key management operation—including access events, rotation, and revocation—is captured in tamper-evident audit logs, providing a full chain of custody for compliance reviews and forensic investigations.

Key Vetting and Scheduled Replacement

Xoxoday conducts periodic reviews to assess key strength, detect potential compromise, and enforce scheduled rotation. Keys are replaced according to a defined lifecycle schedule so that no single key remains in use beyond its authorized period. Emergency replacement procedures are also in place for scenarios involving suspected or confirmed exposure.

Coverage Across All System Components

The key management process applies uniformly to all system components: relational databases, application servers, cloud infrastructure, and web-facing APIs. Whether a reward is being redeemed through a Slack or Microsoft Teams integration or processed through a backend microservice, the same encryption standards and key controls are enforced consistently. This uniform, end-to-end approach ensures that Xoxoday’s cryptographic protections are not siloed to individual components but embedded across the full platform—giving enterprise security and compliance teams a reliable, auditable foundation to build on. Learn more: Xoxoday Help Centre — Data, Policy & Privacy

Data Encryption Standards

Learn how Xoxoday applies AES-256 and TLS encryption to protect data at rest and in transit across all platform components.

Security Compliance Certifications

Explore Xoxoday’s certifications including ISO 27001 and SOC 2 Type II, and how they govern security controls across the platform.