You own your data

Xero is an online accounting system which stores financial information about a company or individual (Organisation) as provided or entered by that company or individual. Xero will only store information that is entered by the Users of an Organisation, or automatically imported at a User’s instruction. The data entered, or imported on instruction, by the Users of an Organisation remains the property of the Organisation and Xero will not use nor make available for use any of this information without permission of the Organisation.

You control who has access to your data

The data entered, or imported on instruction, by the Users of an Organisation is stored securely in a database and is only accessible to the approved Users of the Organisation. The Administrator of the Organisation (Administrator) will have full control over who is invited to be a User. A user name and password is required in order to access an Organisation's information in Xero.

It is the User’s responsibility to keep their passwords safe. It is the Administrator’s responsibility to ensure that any Users that are invited to use the Organisation’s account have permission to view the Organisation’s information stored in the Xero account.

Xero, Xero’s staff and Xero’s partners do not have access to the User’s passwords and are therefore unable to access the Organisation’s account or data without receiving an invitation from the Administrator.

Xero monitors system usage

Xero has access to and may use aggregate information such as number of associated Users, number of transactions and billing information for the purpose of billing and monitoring server and software performance as well as for other internal purposes of Xero.

Xero will never access the details of any financial transaction entered and stored in the Xero system. Xero will never access system usage history for a specific identifiable user, except where granted permission by the User to assist with resolution of a system issue or error.

Xero staff can access non-identifying and aggregated usage information and transaction volumes in order to better understand how our customers are using Xero so we can improve the system design and where appropriate have the system prompt users with suggestions on ways to improve their own use of the system. All aggregated usage information is stored in a secure Xero data warehouse facility.

Your data is sent securely across the internet

Xero Servers have Thawte issued security certificates so all data transferred between the Users of an Organisation and the Xero Servers is encrypted. However, the internet is not in itself a secure environment. Users should only enter, or instruct the importation of, data to the database within a secure environment. This means that the User’s browser must support the encryption security used in connection with the Xero Servers.

Xero does not store your credit card details

If you choose to pay for Xero by Credit Card, your credit card details are not stored by Xero and cannot be accessed by Xero staff.

Your credit card details are encrypted and securely stored by Direct Payment Solution to enable Xero to automatically bill your credit card on a recurring basis.

Review Direct Payment Solution’s Privacy Policy

Xero will give you access to your data at any time

On request, Xero will provide the Administrator with a full export of the Organisation’s data in a common file format determined by Xero.

The Organisation’s data may be permanently deleted by Xero 90 days after the Organisation stops paying to use Xero, or at the Administrator’s request.

Your browser stores only enough information to keep you logged in

Xero uses temporary cookies to keep a session open after a User logs in. These cookies do not contain any information about the User or the Organisation and will automatically expire 45 minutes after the session is finished.

You can opt-out of any email communications

Xero sends billing information, product information, service updates and regular customer newsletters to registered Users via email.

Where appropriate email communication will contain clear and obvious instructions describing how the User can opt to be removed from the mailing list. Xero will immediately remove any User upon request.

You are responsible for checking the privacy policy of any third-party websites we link to

The Xero website may contain links to third-party websites. Xero takes no responsibility for the privacy practices or content of these websites.

This policy may be updated from time to time

Xero reserves the right to change this policy at any time and any amended policy will be posted on this website.

Please read our Terms of Use

All use of software available on this website is subject to Xero’s terms of use. In the event of a conflict or disagreement between this Privacy Policy and the Terms of Use, the Terms of Use will prevail.

Last updated: 27 September 2007