Xoxoday’s SLA agreement includes a well-defined exit clause that governs secure data extraction, transfer, and permanent deletion across active, high-availability (HA), and disaster recovery (DR) environments upon contract termination.
Exit Clause in the Xoxoday SLA
Xoxoday’s Service Level Agreement contains a clearly defined exit clause that outlines the rights and responsibilities of both parties at the end of a contract. This clause ensures your organisation retains full control over its data and is not locked into Xoxoday beyond the agreed engagement period. The exit clause specifies timelines, data handover procedures, and the obligations Xoxoday fulfils during offboarding. It is designed to give IT, legal, and procurement teams the assurance they need when evaluating long-term vendor commitments.Secure Data Extraction and Transfer
When your organisation initiates offboarding, Xoxoday coordinates a structured data extraction process. All client data — including reward histories, user records, and programme configurations — is securely compiled and transferred to the designated party in a format agreed upon in advance. This process is governed by the same security controls applied during active service, including encryption in transit and strict access controls. For organisations using integrations with HRMS platforms such as Workday, SAP SuccessFactors, or Darwinbox, associated data flows are also cleanly disconnected and documented before handover.Permanent Deletion Across All Environments
Once the data transfer is confirmed, Xoxoday proceeds with permanent deletion across all environments. This covers the primary active environment, high-availability (HA) replicas that maintain uptime during live operations, and disaster recovery (DR) sites maintained for business continuity purposes. Data sanitisation at this stage is not limited to logical deletion. Xoxoday ensures data is purged from storage in a manner consistent with industry standards for permanent removal, leaving no residual data in any backup or redundant system.Compliance and Audit Readiness
Xoxoday’s offboarding procedures align with its certifications under ISO 27001 and SOC 2 Type II. Both frameworks require documented, auditable processes for data lifecycle management, including end-of-contract deletion. Your organisation receives written confirmation of deletion upon request, supporting your own compliance reporting and regulatory audit obligations. As a practical example: an enterprise using Xoxoday for employee recognition that transitions to a new solution can expect a formal offboarding workflow, signed-off deletion confirmation, and documentation suitable for an internal security audit or a data protection authority review.What to Expect During Offboarding
The exit process begins with a formal notice period as defined in the SLA. Xoxoday coordinates directly with your IT and data governance teams to schedule extraction, validate completeness, and execute deletion across all environments. Every step is tracked and documented end-to-end. This structured approach ensures your organisation meets its own data retention and deletion obligations under applicable regulations — without needing to independently verify removal across distributed infrastructure. Learn more: Xoxoday Help Centre — Data, security and policyHow does Xoxoday handle data encryption at rest and in transit?
Learn how Xoxoday protects client data using encryption standards across all storage and transmission layers.
What are Xoxoday's data retention and deletion policies?
Understand how long Xoxoday retains client data and the processes governing scheduled and on-request deletion.