Skip to main content

Security

Last updated: February 2026

Overview

XO Report is built for finance professionals who handle sensitive data every day. We take security seriously and design every part of our system with data protection in mind. For details on what data we collect and how we use it, see our Privacy Policy.

Xero Connection

XO Report connects to Xero using OAuth 2.0, the industry-standard authorization protocol. This means:

  • We never see or store your Xero password
  • You authorize specific permissions through Xero's own consent screen
  • You can revoke access at any time from your Xero account settings
  • Access tokens are stored securely and refreshed automatically

Data Handling

Your Xero financial data is not stored on our servers. When you use an XO Report function in Excel, data flows directly from Xero through our processing layer to your spreadsheet.

  • No permanent storage of your Xero financial data
  • Temporary caching only (minutes, not days) to improve performance
  • All data transmitted over HTTPS with TLS encryption
  • Cached data is automatically purged

Payment Security

All payment processing is handled by Stripe, a PCI Level 1 certified payment processor — the highest level of certification in the payments industry.

  • We never see or store your credit card numbers
  • All payment data is handled entirely by Stripe
  • Stripe is PCI DSS Level 1 compliant

Infrastructure

  • All connections use HTTPS with TLS encryption
  • Website hosted on Vercel with enterprise-grade security
  • Backend services run on Supabase with row-level security
  • Automated monitoring for availability and errors

Your Rights

Under GDPR and similar data protection laws, you have the right to access, correct, or delete your personal data at any time. You can also disconnect your Xero account to revoke all access. For full details, see our Privacy Policy and Terms of Service.

Questions

If you have questions about our security practices, contact us or email support@xo-report.com.