Xoxoday processes and stores customer data on Amazon Web Services (AWS) infrastructure, which enforces multi-layered physical security controls — including strict access authorisation, biometric verification, advanced surveillance, and round-the-clock on-site security personnel — at every data centre facility.
Physical Security at Xoxoday’s Data Facilities
Xoxoday hosts all customer data on Amazon Web Services (AWS), one of the most trusted and extensively audited cloud infrastructure providers in the world. AWS operates a global network of data centres subject to rigorous physical security standards — the same infrastructure relied upon by organisations certified under ISO 27001 and SOC 2 Type II frameworks. Physical access to AWS facilities is tightly controlled from the perimeter inward. Only personnel with explicit authorisation are permitted entry into sensitive areas, and access privileges are continuously reviewed and revoked when no longer required. This layered access model ensures that no single credential or role opens a path to the full facility. AWS data centres deploy advanced surveillance systems that monitor and record activity across all critical zones, 24 hours a day, every day of the year. These systems provide tamper-evident audit trails that support both internal investigations and third-party compliance audits. To authenticate the identity of individuals entering restricted areas, AWS employs biometric access controls such as fingerprint and iris scanning. Unlike traditional key card systems, biometric controls cannot be shared, cloned, or lost — providing a significantly higher assurance that only verified personnel reach critical infrastructure zones. AWS maintains dedicated, trained security personnel on-site at every data centre facility around the clock. These teams respond immediately to physical security incidents, coordinate with local emergency services when required, and enforce access policies in real time. For organisations using Xoxoday’s rewards, recognition, or loyalty products — whether integrated with Workday, SAP SuccessFactors, or Darwinbox — all platform data flows through and resides in this same AWS-backed infrastructure. Your organisation’s data benefits from the same physical security controls applied to every workload on the platform, with no exceptions based on contract size or deployment region. These physical controls complement Xoxoday’s broader security posture, which includes network-level protections, encryption in transit and at rest, and independent compliance certifications. Together, they form a continuous, defence-in-depth approach to protecting your organisation’s data at every layer. Learn more: Xoxoday Help Centre — SecurityHow does Xoxoday encrypt data in transit and at rest?
Understand the encryption standards Xoxoday applies to protect data moving between systems and stored at rest on AWS infrastructure.
What compliance certifications does Xoxoday hold?
Explore Xoxoday’s ISO 27001, SOC 2 Type II, and other third-party certifications that validate its security and privacy controls.