Skip to main content

Privacy Policy

Last updated: December 2025

Overview

XO Report ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our Excel add-in and related services.

Information We Collect

Account Information

When you use XO Report, we collect:

  • Your email address (from Xero OAuth authentication)
  • Your Xero organization name(s) and ID(s)
  • Subscription and billing information

Xero Data Access

XO Report connects to Xero using OAuth 2.0. We access your Xero data only to provide the functionality you request (pulling data into Excel). We do not store your Xero data on our servers beyond temporary caching to improve performance.

We access the following Xero data based on your usage:

  • Chart of Accounts
  • Contacts (customers and suppliers)
  • Invoices and Bills
  • Payments and Credit Notes
  • Financial Reports (P&L, Balance Sheet, etc.)
  • Tracking Categories
  • Tax Rates and Currencies

Usage Data

We collect anonymous usage data to improve our service:

  • Which features you use
  • Error logs (for troubleshooting)
  • Performance metrics

How We Use Your Information

We use your information to:

  • Provide the XO Report service
  • Process your subscription and payments
  • Send important service updates
  • Provide customer support
  • Improve our product

Data Security

We implement industry-standard security measures to protect your data:

  • All data is transmitted using TLS encryption
  • OAuth tokens are stored securely and never shared
  • We use Supabase for secure data storage with row-level security
  • We do not store your Xero password

Data Retention

We retain your account information for as long as your account is active. Xero data is cached temporarily (typically 5-60 minutes) and automatically purged. You can request deletion of your data at any time.

Third-Party Services

We use the following third-party services:

  • Xero: Accounting data provider (subject to Xero's privacy policy)
  • Stripe: Payment processing (subject to Stripe's privacy policy)
  • Supabase: Database and authentication
  • Microsoft: Excel add-in platform

Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Disconnect your Xero account at any time
  • Export your data

Cookies

Our website uses essential cookies only for authentication and session management. We do not use advertising or tracking cookies.

Children's Privacy

XO Report is not intended for use by children under 16. We do not knowingly collect information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes via email or through our service.

Contact Us

If you have questions about this Privacy Policy, please contact us.