Enterprise-grade security for the safety of your business

Xoxoday prioritizes robust security measures to ensure a safe and secure experience. Our solutions are designed to protect and scale your business operations efficiently while ensuring the privacy and security of your customer data.

Trusted by over 5000+ enterprises across the globe

Our compliance certifications

ISO 27001 ISMS

Information Security  Management System

Our compliance with ISO 27001 affirms our commitment to securing information through a strong information security management system. Our processes help manage information security risks, protect data, and continuously improve security practices.

SOC 2

SOC 2 Type 1 &  SOC 2 Type 2

The SOC 2 reports ensure that we have controls in place to process and manage data, affirming Xoxoday's high standards in managing data based on five "trust service principles"—security, availability, confidentiality, processing integrity, and privacy.

ISO 14001

Environmental  Management System

The ISO 14001 certification underscores Xoxoday's dedication to environmental sustainability. We are committed to continuous improvement in our environmental performance, ensuring eco-friendly operations and practices.

GDPR

General Data  Protection Regulation

We conduct regular sensitization programs for our technology and operations to ensure adherence to all the key privacy principles: Accountability, Privacy by Design and Default, Data Minimization, and Subject Access Rights.

CCPA & CPRA

California Consumer Privacy Act & California Privacy Rights Act

Our compliance with CCPA and CPRA ensures privacy of sensitive personal information (SPI) and personal information (PI) that are regulated separately to strengthen the rights of residents of California.

HIPAA

Health Insurance Portability and Accountability Act

Xoxoday's compliance with HIPAA portrays our commitment to protecting sensitive health information. We employ robust safeguards while handling medical information, providing organizations with the necessary confidence in our systems.

Additional security features

Regular Vulnerability Tests (VAPT)

Through regular comprehensive testing, we identify potential security vulnerabilities and mitigate them proactively, ensuring our platform remains resilient against evolving cyber threats.

Seamless Secure SSO

Streamline user access with our Single Sign-On (SSO) capability, enabling seamless authentication across multiple services and systems while enhancing security and user experience.

Enhanced 2FA

We employ robust authentication mechanisms paired with two-factor authentication (2FA), adding an extra layer of security to verify user identities and prevent unauthorized access.

Data Location Control

Our multi-region deployment capabilities ensure that your service remains robust and compliant across geographical locations, with data residing in the location of your choice.

Secure On-Premise Deployment

For enterprises requiring maximum data control, we offer on-premise deployment options for some of our products, aligning with their internal compliance and security policies.

Role-Based Access Controls

With RBAC, you can define and restrict system access based on individual roles within your organization, ensuring users see only what they need to perform their jobs.

Encrypted Connections

Our products uses HTTPS with TLS/SSL protocols to create a secure, encrypted connection for all data transfers, safeguarding against interception and tampering.

Traceability with Audit Trails

Maintain detailed audit trails for all system and data interactions, which are crucial for compliance, monitoring, and security forensic analysis.

Secure Data Integration

Seamless integrations with your CRM, data warehouses, and data lakes via secure channels like SFTP, HTTPS, OAuth-Authorized REST APIs, and Site-to-Site VPN Tunnels.

Frequently asked  security and compliance questions

1. Where is my data stored? Can I choose where my account and data will be located?

2. If we have specific security and privacy settings requirements, would it be possible to incorporate that in Xoxoday's solutions?

3. Can we get a copy of Xoxoday's compliance certificates and reports?

Global Data Privacy and Compliance

General Data Protection Regulation

Giift’s GDPR compliance program is built on key privacy principles: Accountability, Privacy by Design and Default, Data Minimization, and Subject Access Rights.  

We conduct regular sensitization programs for our technology and operations to ensure adherence to all the key principles mentioned.   

We are committed to providing secure products and services by implementing and adhering to prescribed compliance policies, both as a data controller and processor.  

Upholding the GDPR compliance is vital to our goal of providing reliable business solutions globally. In support of this, Giift guarantees the same high standards of privacy and security to all customers, regardless of their location.

California Consumer Privacy Act &  California Privacy Rights Act

The CPRA has modified, expanded, and clarified privacy rights for California residents, and it takes inspiration from the EU’s GDPR policy in a variety of ways.  

CPRA creates a new category of sensitive personal information (SPI) that is regulated separately and stronger than personal information (PI).   

CPRA's purpose is to redefine and expand the California Consumer Privacy Act (CCPA) to strengthen the rights of residents of California.  

The certification provides consumers a greater opportunity to opt-out and requires deliberate data privacy management by businesses.

Health Information Protection

HIPAA

Health Insurance Portability and Accountability Act

Giift’s compliance with HIPAA portrays our commitment to protecting sensitive health information. We ensure robust safeguards are in place to protect health data, providing healthcare entities and their customers with confidence in our secure handling of medical information.

Internationally Recognized Security Standards

ISO 27001 ISMS (Information Security Management System)

Giift is proud to be ISO 27001 certified, affirming our commitment to securing your information through globally recognized practices and a strong information security management system.  The certification verifies that we have comprehensive systems in place to manage information security risks, protect data, and continuously improve security practices.

SOC 2 Type 1 & Type 2

The SOC 2 Type 1 and Type 2 affirm Giift’s high standards in managing data based on five "trust service principles"— security, availability, confidentiality, processing integrity, and privacy.   These reports signify our capability to not only implement critical security policies but also demonstrate their effectiveness over time.

Security Testing and Evaluation

VAPT

Vulnerability Assessment and Penetration Testing

Giift's commitment to security is further evidenced by our rigorous VAPT efforts. Through comprehensive testing, we identify potential security vulnerabilities and mitigate them proactively, ensuring our platform remains resilient against evolving cyber threats.

Commitment to Environmental Sustainability

ISO 14001

Environmental Management System

Our ISO 14001 certification underscores Giift’s dedication to environmental sustainability. We are committed to continuous improvement in our environmental performance, ensuring eco-friendly operations and practices.

NDA-Ressourcen

The following resources may require an NDA on file. Please reach out to your Giift representative.

SOC 2-Konformitätsbericht

VAPT Summary

CCPA / CPRA Report

HIPAA Report

GDPR Data Privacy Impact Assessment Report