Xoxoday signs Non-Disclosure Agreements (NDAs) with enterprise clients as a standard part of its security and data protection framework, ensuring that all sensitive information shared with Xoxoday is kept strictly confidential.
NDA as a Foundation of Trust
Xoxoday executes a Non-Disclosure Agreement with every enterprise client before any sensitive data exchange begins. This binding legal commitment covers all confidential information shared in connection with setting up and operating a rewards and recognition programme—from organisational hierarchies to reward eligibility rules and programme configurations. The NDA is not an optional add-on. It is a baseline requirement that reflects Xoxoday’s position that confidentiality and contractual accountability are as important as technical security controls.What the NDA Protects
When your organisation connects Xoxoday with HR platforms such as Workday, SAP SuccessFactors, or Darwinbox, a range of employee and operational data flows into Xoxoday. The NDA ensures this information—including employee roles, cost centres, recognition history, and reward budget structures—cannot be shared with third parties without explicit authorisation from your organisation. The agreement also extends to Xoxoday’s internal teams and any sub-processors who access data in the course of delivering the service. All parties operating under Xoxoday’s data handling framework are bound by the same confidentiality obligations defined in the NDA.Part of a Broader Security Posture
The NDA works alongside Xoxoday’s technical and organisational security measures. Xoxoday maintains ISO 27001 certification and SOC 2 Type II attestation, both of which require rigorous controls around data access, incident management, and vendor accountability. The NDA reinforces these standards at the contractual level. For organisations that communicate reward notifications through Slack or Microsoft Teams, the NDA also covers any configuration data or API credentials shared during integration setup, ensuring those details remain protected throughout the engagement.How This Applies to Your Programme
When your HR or IT team initiates an engagement with Xoxoday, the NDA is reviewed and signed during the onboarding phase—before any production data is shared. This ensures a clear, documented obligation is in place from day one. Enterprises operating in regulated industries—including financial services, healthcare, and technology—routinely require counterparty NDAs as a procurement prerequisite. Xoxoday treats this as a standard part of onboarding, not an exception. Learn more: Xoxoday Help Centre — Security RequirementISO 27001 Certification
Learn how Xoxoday’s ISO 27001 certification validates its information security management system and what it means for your organisation’s data.
SOC 2 Type II Compliance
Understand how Xoxoday’s SOC 2 Type II attestation covers security, availability, and confidentiality controls across the rewards platform.