Xoxoday stores all long-term retention and archival business data exclusively on AWS and Azure cloud infrastructure, which provides industry-certified physical security, environmental safeguards, and encryption at rest and in transit.
Secure, Certified Infrastructure for Archival Data
Xoxoday does not rely on on-premises media or unmanaged storage for business data archival. All long-term retention data is hosted on AWS and Azure, two of the most audited cloud infrastructure providers in the world. Both platforms maintain certifications including ISO 27001 and SOC 2 Type II, ensuring the environments where your data resides meet rigorous third-party security standards. This means archival data benefits from the same enterprise-grade protections that govern active production data — with no degradation in security posture simply because data is in a retention or archival state.Physical and Environmental Controls
AWS and Azure data centers enforce strict physical access controls, including 24/7 surveillance, perimeter security, and multi-factor authentication requirements for any personnel seeking entry. Xoxoday’s archival data is never stored in facilities that lack these baseline protections. Beyond access control, both cloud providers maintain comprehensive environmental safeguards: automated fire suppression systems, climate regulation to prevent hardware degradation, and flood detection mechanisms. These controls protect stored data against environmental events that could compromise physical media in traditional on-premises setups.Geographic Redundancy and Availability
Xoxoday leverages geographically separated regions within AWS and Azure to store redundant copies of archival data. If one data center region experiences a disruption, copies stored in separate geographic locations ensure continuity and data durability. This architecture supports the high availability expectations of enterprise deployments, including organisations running integrations with systems like Workday, SAP SuccessFactors, or Darwinbox, where historical rewards and recognition data must remain accessible and intact.Encryption and Versioning
All archival data is encrypted at rest using AES-256 and encrypted in transit using TLS. This ensures that even in the unlikely event of unauthorised physical access to storage hardware, data remains unreadable without the appropriate decryption keys. Automated backup and versioning mechanisms are also in place, enabling point-in-time recovery and supporting data retention obligations. For organisations with compliance requirements — such as those operating under GDPR, HIPAA, or regional data localisation mandates — these controls form a critical part of the evidence trail.What This Means for Your Organisation
When your organisation uses Xoxoday for rewards, recognition, or loyalty programmes, the historical transaction data, redemption records, and user activity logs generated over time are retained under the same infrastructure standards as active data. There is no separate, less-secure tier for archival purposes. Security is consistent across the data lifecycle. Learn more: Xoxoday Help Centre — Data, Policy & PrivacyHow is data encrypted at rest and in transit?
Understand the encryption standards Xoxoday applies across stored and transmitted data, including AES-256 and TLS protocols.
What backup and recovery measures does Xoxoday have in place?
Learn how Xoxoday uses automated backups, versioning, and geographic redundancy to protect data availability and support recovery.