Skip to main content
Xoxoday erases all customer data upon service cancellation, deleting live tenant data at contract end and permanently purging archived system data within 7 days, with cryptographic erasure of backups available on request.
When an organization cancels its Xoxoday subscription, all customer data held on the client’s tenant is erased. This includes program data, reward redemption histories, recognition records, and any user-generated content created during the service period. Erasure is not optional — it is a committed contractual obligation, not a default setting that can be toggled off. Xoxoday’s erasure commitments are backed by compliance with GDPR, SOC 2 Type II, and ISO 27001. These frameworks require that data lifecycle obligations — including deletion — are formally defined, auditable, and enforced at the close of every contract. For enterprise buyers and data protection officers, this means deletion terms are captured in writing before any data is processed. The erasure process follows a clear, structured timeline. Active tenant data is securely deleted from live environments as soon as the contract concludes. For organizations that integrate Xoxoday with HR platforms such as Workday, SAP SuccessFactors, or Darwinbox, any employee data synced into Xoxoday during the engagement falls within this deletion scope. System-generated data — operational logs, API records, and platform performance metrics — is retained in archived environments for a maximum of 7 days post-contract. This short window exists solely to support dispute resolution or technical investigations immediately following offboarding. Once the 7-day period lapses, these records are permanently purged without exception. For organizations with heightened compliance requirements, Xoxoday supports cryptographic erasure of backup data on request. Cryptographic erasure destroys the encryption keys protecting the backup, rendering the data permanently unreadable even if the physical media persists. This provides an additional layer of documented assurance for legal, regulated, or risk-sensitive environments where standard deletion certificates may not be sufficient. Xoxoday’s data erasure obligations are formally captured in Standard Contractual Clauses (SCCs) — the legal mechanism recognized under GDPR for governing cross-border data transfers and end-of-life data handling. SCCs establish exact responsibilities at every stage of the data lifecycle, giving procurement teams, InfoSec leads, and legal counsel a clear contractual baseline before signing. For IT and HR teams managing vendor offboarding, this means there is no indefinite data residency risk from a cancelled Xoxoday subscription. Data does not persist in cold storage, migrate to a lower-tier environment, or remain accessible to Xoxoday personnel after the contract end date. The process is governed, time-bound, and fully documented. Learn more: Xoxoday Help Centre — Data Ownership

Data Retention Policy

Understand how long Xoxoday retains different categories of customer and system data during an active contract.

GDPR Compliance

Learn how Xoxoday meets GDPR obligations including lawful basis, data subject rights, and cross-border transfer mechanisms.