If we have specific security and privacy settings requirements, would it be possible to incorporate that in Xoxoday's solutions?

You can reach out to a Xoxoday representative to check for specific requirements. We are compliant with a wide range of internationally recognized standards, and will be open to evaluating any specific requests.

Can we get a copy of Xoxoday's compliance certificates and reports?

Yes, you can reach out to a representative to request this information. However, the following resources may require an NDA on file: SOC 2 Compliance Report, Vulnerability Assessment and Penetration Test (VAPT) Summary, California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA) Report, Health Insurance Portability and Accountability Act (HIPAA) Report, GDPR Data Privacy Impact Assessment Report.

Security

Enterprise-grade security for the safety of your business

Xoxoday prioritizes robust security measures to ensure a safe and secure experience. Our solutions are designed to protect and scale your business operations efficiently while ensuring the privacy and security of your customer data.

Talk to security team

Trusted by over 5,000+ enterprises across the globe

Compliance

Our compliance certifications

Automation, analytics, and collaboration working together to drive results.

ISO 27001 ISMS

Our compliance with ISO 27001 affirms our commitment to securing information through a strong information security management system. Our processes help manage information security risks, protect data, and continuously improve security practices.

SOC 2 Type 1 & Type 2

The SOC 2 reports ensure that we have controls in place to process and manage data, affirming Xoxoday's high standards in managing data based on five trust service principles — security, availability, confidentiality, processing integrity, and privacy.

ISO 14001

The ISO 14001 certification underscores Xoxoday's dedication to environmental sustainability. We are committed to continuous improvement in our environmental performance, ensuring eco-friendly operations and practices.

GDPR

We conduct regular sensitization programs for our technology and operations to ensure adherence to all the key privacy principles: Accountability, Privacy by Design and Default, Data Minimization, and Subject Access Rights.

CCPA & CPRA

Our compliance with CCPA and CPRA ensures privacy of sensitive personal information (SPI) and personal information (PI) that are regulated separately to strengthen the rights of residents of California.

HIPAA

Xoxoday's compliance with HIPAA portrays our commitment to protecting sensitive health information. We employ robust safeguards while handling medical information, providing organizations with the necessary confidence in our systems.

Platform Security

Additional security features

Automation, analytics, and collaboration working together to drive results.

Regular Vulnerability Tests (VAPT)

Through regular comprehensive testing, we identify potential security vulnerabilities and mitigate them proactively, ensuring our platform remains resilient against evolving cyber threats.

Seamless Secure SSO

Streamline user access with our Single Sign-On (SSO) capability, enabling seamless authentication across multiple services and systems while enhancing security and user experience.

Enhanced 2FA

We employ robust authentication mechanisms paired with two-factor authentication (2FA), adding an extra layer of security to verify user identities and prevent unauthorized access.

Data Location Control

Our multi-region deployment capabilities ensure that your service remains robust and compliant across geographical locations, with data residing in the location of your choice.

Secure On-Premise Deployment

For enterprises requiring maximum data control, we offer on-premise deployment options for some of our products, aligning with their internal compliance and security policies.

Role-Based Access Controls

With RBAC, you can define and restrict system access based on individual roles within your organization, ensuring users see only what they need to perform their jobs.

Encrypted Connections

Our products use HTTPS with TLS/SSL protocols to create a secure, encrypted connection for all data transfers, safeguarding against interception and tampering.

Traceability with Audit Trails

Maintain detailed audit trails for all system and data interactions, which are crucial for compliance, monitoring, and security forensic analysis.

Secure Data Integration

Seamless integrations with your CRM, data warehouses, and data lakes via secure channels like SFTP, HTTPS, OAuth-Authorized REST APIs, and Site-to-Site VPN Tunnels.

Global compliance certifications

5,000+

Enterprises trust Xoxoday

Office locations worldwide

99.99%

Platform uptime SLA

Data Privacy

Global data privacy and compliance

Automation, analytics, and collaboration working together to drive results.

GDPR Compliance

Xoxoday's GDPR compliance program is built on key privacy principles: Accountability, Privacy by Design and Default, Data Minimization, and Subject Access Rights. We conduct regular sensitization programs for our technology and operations to ensure adherence to all the key principles. We are committed to providing secure products and services by implementing and adhering to prescribed compliance policies, both as a data controller and processor. Upholding the GDPR compliance is vital to our goal of providing reliable business solutions globally. Xoxoday guarantees the same high standards of privacy and security to all customers, regardless of their location.

CCPA & CPRA

The CPRA has modified, expanded, and clarified privacy rights for California residents, and it takes inspiration from the EU's GDPR policy in a variety of ways. CPRA creates a new category of sensitive personal information (SPI) that is regulated separately and stronger than personal information (PI). CPRA's purpose is to redefine and expand the California Consumer Privacy Act (CCPA) to strengthen the rights of residents of California. The certification provides consumers a greater opportunity to opt-out and requires deliberate data privacy management by businesses.

Security Standards

Internationally recognized security standards

Automation, analytics, and collaboration working together to drive results.

ISO 27001 ISMS (Information Security Management System)

Xoxoday is proud to be ISO 27001 certified, affirming our commitment to securing your information through globally recognized practices and a strong information security management system. The certification verifies that we have comprehensive systems in place to manage information security risks, protect data, and continuously improve security practices.

SOC 2 Type 1 & Type 2

The SOC 2 Type 1 and Type 2 affirm Xoxoday's high standards in managing data based on five trust service principles — security, availability, confidentiality, processing integrity, and privacy. These reports signify our capability to not only implement critical security policies but also demonstrate their effectiveness over time.

Specialized Compliance

Industry-specific certifications

Automation, analytics, and collaboration working together to drive results.

HIPAA — Health Information Protection

Xoxoday's compliance with HIPAA portrays our commitment to protecting sensitive health information. We ensure robust safeguards are in place to protect health data, providing healthcare entities and their customers with confidence in our secure handling of medical information.

VAPT — Vulnerability Assessment and Penetration Testing

Xoxoday's commitment to security is further evidenced by our rigorous VAPT efforts. Through comprehensive testing, we identify potential security vulnerabilities and mitigate them proactively, ensuring our platform remains resilient against evolving cyber threats.

ISO 14001 — Environmental Management System

Our ISO 14001 certification underscores Xoxoday's dedication to environmental sustainability. We are committed to continuous improvement in our environmental performance, ensuring eco-friendly operations and practices.

Resources

NDA resources

The following resources may require an NDA on file. Please reach out to your Xoxoday representative.

SOC 2 Compliance Report

Detailed report on our security controls, availability, and data processing integrity based on the five trust service principles.

VAPT Summary

Vulnerability Assessment and Penetration Test summary documenting our proactive security testing and remediation efforts.

CCPA / CPRA Report

California Consumer Privacy Act and California Privacy Rights Act compliance documentation for data privacy management.

HIPAA Report

Health Insurance Portability and Accountability Act compliance report covering our handling of sensitive health information.

GDPR Data Privacy Impact Assessment

Comprehensive assessment of our data processing activities and privacy impact under the General Data Protection Regulation.

FAQ

Frequently asked security and compliance questions

Yes, we offer enterprises the optional flexibility to decide where they want their data to be. In most cases, our infrastructure can accommodate special implementations as per the enterprise's requirements.

Global presence

Eight offices. Three regions. One platform

Local teams across Americas, EMEA, and APAC — close to customers, close to recipients, close to the regulators that make global payouts work.

8offices

3regions

175+countries

Americas

2 offices

San Francisco

USA

303 Twin Dolphin Drive FL 600 #80, Redwood City, CA 94065

New York

USA

12 East 49th Street, New York 10017

EMEA

3 offices

London

Tricor Suite, 4th Floor, 50 Mark Lane, London EC3R 7QR

Dubai

UAE

Unit #1410, Platinum Tower, Cluster 1, Jumeirah Lake Towers

Doha

Qatar

Workinton, 7th Floor, Al Gassar Tower #27, Fasht Lahadid #920

APAC

3 offices

Bangalore

India

AKR Infinity, 2nd Floor, Plot 113, Krishna Reddy Industrial Area, 7th Mile Hosur Road, Bengaluru 560068

Singapore

109 North Bridge Road, #05-12, Singapore 179097

Jakarta

Indonesia

Sopo Del Tower B, 22nd Floor, Jl. Mega Kuningan Barat III Lot 10