Skip to main content
Xoxoday is fully compatible with enterprise and institutional cybersecurity policies, incorporating TLS and AES-256 encryption, SAML 2.0-based Single Sign-On, multi-factor authentication, and role-based access controls, all documented in a formal Information Security Policy available upon request.
Xoxoday is built to align with institutional and enterprise cybersecurity frameworks from the ground up. Whether your organisation follows a custom internal security policy or adheres to globally recognised standards such as ISO 27001 or SOC 2 Type II, Xoxoday’s architecture is designed to meet those requirements without compromise.

Encryption and Data Protection

All data transmitted through Xoxoday is protected using TLS 1.2/1.3 encryption in transit and AES-256 encryption at rest. This ensures that sensitive employee and rewards data remains protected at every stage of the data lifecycle — from entry to storage to retrieval. Xoxoday does not store unencrypted personally identifiable information at any layer of its infrastructure.

Authentication and Access Controls

Xoxoday supports Single Sign-On via SAML 2.0 and OAuth 2.0, enabling seamless integration with your organisation’s existing identity provider. Multi-factor authentication is supported across all user roles. Role-based access controls ensure that each user can only access data and functions relevant to their responsibilities. For organisations using Microsoft Azure Active Directory or Okta, Xoxoday connects directly through standard identity federation protocols — no custom middleware required.

Integrations with Enterprise Security Ecosystems

Xoxoday integrates with HR platforms including Workday, SAP SuccessFactors, and Darwinbox. These integrations inherit your existing access governance frameworks, meaning user provisioning and deprovisioning flows respect the identity and security rules already enforced in your environment. Collaboration channels through Slack and Microsoft Teams also operate within the permission boundaries configured by your IT administrators, so reward notifications and engagement flows never bypass existing controls.

Regulatory Compliance and Audit Documentation

Xoxoday maintains compliance with GDPR and applicable regional data protection regulations. For organisations undergoing internal audits or third-party vendor assessments, Xoxoday provides a detailed Information Security Policy document outlining controls, procedures, and accountability structures. This document is purpose-built to satisfy standard vendor security questionnaires and risk review processes.

Working with Your Security Teams

Xoxoday’s security and compliance team works directly with your organisation’s IT and information security stakeholders. This includes completing vendor security questionnaires, participating in risk assessments, and providing evidence of controls for audit purposes. For enterprise deployments, a dedicated implementation review ensures Xoxoday’s configuration aligns with your cybersecurity posture before go-live — not after. Learn more: Xoxoday Help Centre — Data, Policy & Privacy

Data Encryption Standards

How Xoxoday encrypts data in transit and at rest using TLS and AES-256, and what that means for your organisation’s data protection requirements.

Access Controls and Single Sign-On

Xoxoday’s support for SAML 2.0 SSO, MFA, and role-based access controls, including integrations with Azure AD and Okta.