Q: What support is provided if the cooperation with Xoxoday ends?
Xoxoday is committed to ensuring a smooth, secure, and fully transparent service transition if cooperation ends. The team will provide complete data access, support with migration, and ensure GDPR-compliant data handling including data erasure if requested.
Xoxoday will also offer documentation, detailed process handovers, and collaborative transition planning to ensure business continuity and minimal disruption during handoff to another provider or internal solution.
Q: What is the process for data retrieval and transfer to a new vendor?
What formats are supported, how often can data be accessed, and is there a cost?
Xoxoday ensures clients have full access to their data at all times. Data is available in CSV format for easy manual download or API retrieval. Clients can export data as often as needed, at no additional cost. Upon contract termination, clients may download all data and transfer it to a new vendor. There is also an option to erase data from Xoxoday systems permanently — this irreversible operation ensures complete data deletion.
Q: Does the SLA agreement include an exit clause, and how is data handled during offboarding, including deletion from HA and DR sites?
Yes, the SLA agreement includes a well-defined exit clause. During offboarding, Xoxoday ensures secure extraction and transfer of all client data, followed by permanent deletion across active, high-availability, and disaster recovery environments, ensuring full compliance and data sanitization.
Q: Is there a possibility of transferring a copy of the database to our own data center at predetermined intervals?
Yes, this is feasible and can be discussed further with the Xoxoday team based on your organization’s data policies and hosting preferences.
Q: At the completion of a contract, how does Xoxoday handle institutional data, and can the client extract a full or partial backup before deletion?
We ensure you have full control over your data before it is removed from our systems. The offboarding process follows three steps:
Step 1: Export (The Grace Period) For 30 days after your contract ends, your account remains in a "read-only" state. During this time, you can request a full export of your data (Transactions, User Profiles, Redemption History).
Formats available: CSV, JSON.
Delivery: Secure SFTP or Encrypted Download.
Step 2: Verification Our technical team works with you to verify that the exported data is complete and accurate. You can choose to export everything or select specific datasets (e.g., only financial transaction logs).
Step 3: Secure Deletion Once the 30-day window closes, Xoxoday initiates a permanent wipe of all your institutional data from our production servers and disaster recovery backups. This action is irreversible and complies with ISO 27001 secure disposal standards.
Data Management
Q: Does the environment provide for dedicated single-tenant capabilities? If not, describe how your solution or environment separates data from different customers?
We operate our solution in a secure multi-tenant environment. Customer data is logically and physically segregated using client-specific encryption keys and access controls. Each tenant’s data is uniquely encrypted at rest and in transit, ensuring that no customer can access another’s data. Role-based access and strict authentication protocols are in place to reinforce logical separation.
Q: Do current backups include all OS software, utilities, security software, application software, and data files necessary for recovery?
Yes. We perform automated, encrypted backups that are replicated to a geographically distinct location (off-site) to ensure business continuity.
Backup Scope:
Full Recovery: Backups include all OS configurations, application binaries, security settings, and critical databases required for a "bare metal" recovery.
Frequency: Automated daily backups with transaction log retention for point-in-time recovery.
Storage: Backups are stored in Geographically Redundant Storage (GRS) locations (e.g., a different AWS/Azure region) to protect against regional disasters.
Testing: We conduct semi-annual Disaster Recovery (DR) drills to verify data integrity and Recovery Time Objectives (RTO).
Q: Is data backup maintained by Xoxoday during or after development?
Yes, Xoxoday ensures data backup as part of its standard practice in delivering secure, scalable software.