Xero is committed to protecting your personal information. This Privacy Policy outlines how Xero collects, uses, shares, and safeguards your personal data when you engage with its websites, apps, and services.
Scope of the Policy
This policy applies to personal data collected through Xero’s platforms and tools, including its websites, applications, and customer services. It does not cover the data that Xero subscribers upload about their own customers, suppliers, or staff. In such cases, subscribers are considered data controllers, and Xero acts strictly as a data processor.
Types of Personal Information Collected
Xero may collect the following categories of data:
Identity & Contact Data: Name, email, phone number, mailing address, or social media handles.
Account Data: Login credentials, user profile details, and subscription preferences.
Payment Data: Bank account details, truncated credit/debit card info, billing address, and transaction history.
Communication Data: Customer service interactions, chat transcripts, email history, and call recordings (with consent).
Marketing & Advertising Data: Communication preferences, interests, responses to campaigns, and engagement metrics.
Device Data: IP address, browser type, device model, operating system, location, and unique device identifiers.
Service Usage Data: Interaction history, login times, visited pages, clicks, and third-party integration usage.
Uploaded Content: Photos, videos, or audio files shared on Xero platforms or social media accounts.
Sensitive Information: In specific cases, information such as health data or union membership details (if voluntarily provided).
How Personal Data Is Collected
Xero gathers information in the following ways:
Directly from Users – When creating an account, contacting support, or filling out forms.
Automatically – Through cookies, tags, and tracking pixels embedded in websites and services.
From Third Parties – Including service providers, marketing partners, and integration tools.
How Xero Uses Personal Data
Xero uses collected information to:
Deliver, operate, and improve its services.
Provide customer support and respond to inquiries.
Ensure account security and detect fraud.
Send service-related updates and marketing communications.
Conduct internal analytics and reporting.
Manage subscriptions and billing processes.
Fulfill legal obligations and enforce terms of use.
Data Sharing Practices
Xero may share your information with trusted third-party service providers who help operate the platform, such as hosting companies, payment processors, marketing vendors, and analytics tools. Xero ensures these third parties meet strict data protection standards.
International Data Transfers
As a global company, Xero may transfer your data across borders. These transfers are conducted in compliance with applicable data protection laws and include safeguards like standard contractual clauses.
Data Security
Xero prioritizes security and implements robust measures such as:
Encryption protocols
Access controls
Regular audits
Secure data storage systems
These steps help ensure the confidentiality and integrity of user data.
Data Retention
Xero retains personal data only as long as necessary to fulfill its purposes, meet legal requirements, or resolve disputes. Once retention periods expire, data is securely deleted or anonymized.
Your Data Rights
As a user, you may have the right to:
Access your personal data
Correct inaccuracies
Request deletion
Object to certain processing activities
Restrict data use
Withdraw consent
Xero provides clear instructions for exercising these rights within its services.