Security

Your clients' financial data
is not something we take lightly.

You're trusting us with your clients' books. Here's exactly how we protect that trust , no vague promises, no marketing language, just the specifics.

How we protect your data

Six layers of protection

Read-only access

We never create, edit, or delete anything in your client's Xero organisation. Ever. Minimum OAuth scopes only, accounts, invoices, bills, journals, contacts, bank transactions.

  • No transactions can be created or modified
  • No bank feeds altered, no contacts modified
  • A breach could read data, but never alter client books

UK data residency

All client financial data is stored and processed in London, UK. The data flow is simple: Xero API → UK servers (encrypted) → your browser over TLS 1.3. No data crosses UK borders.

Encryption everywhere

TLS 1.3 in transit. AES-256 at rest. OAuth tokens encrypted with KMS, keys stored separately, never in application code or logs.

Full audit trail

Every action logged with user ID, timestamp, tenant ID, and action type. Every sync, every calculation, every login. Nothing happens silently. Your clients can see who accessed what, and when.

Accountant controls

You decide who sees what. Firm admin manages team members. Team members see only assigned clients. Client portal (optional) is read-only. All permission changes are audit-logged.

Compliance & registration

Registered with the ICO under reference C1930726 (Rooby Software Ltd). UK GDPR compliant, DPA available on request. Sub-processor list maintained. Data deleted within 30 days of account closure.

Full transparency

Exactly what we access in Xero

If you wouldn't grant it, we wouldn't ask for it.

Xero Scope What We Read Why
accounting.reports.read Profit & Loss, Balance Sheet CT forecast calculation
accounting.journals.read Journal entries Adjustments (depreciation, entertaining)
accounting.transactions.read Invoices, bills, bank transactions VAT calculation, revenue tracking
accounting.contacts.read Customer & supplier records CIS status, reverse charge eligibility
accounting.settings.read Organisation details, chart of accounts Period end dates, account categorisation

No write scopes. No payroll access. No settings modification. Read-only, always.

Security questions

Common questions

What happens if Rooby is breached?

Because we have read-only access, an attacker could not modify your clients' Xero data. Financial data stored in Rooby is encrypted at rest. OAuth tokens are encrypted with separate KMS keys. We would notify affected users within 72 hours per GDPR requirements and revoke all active sessions immediately.

Can I revoke Rooby's access to Xero?

Yes, instantly. Either disconnect the client in Rooby, or revoke access from Xero's Connected Apps settings. Both methods immediately invalidate the OAuth tokens. Rooby retains existing snapshots but can no longer pull new data.

Do you have penetration testing or SOC 2?

We conduct regular security reviews and dependency audits. SOC 2 certification is on our roadmap as we scale. Email us at hello@rooby.co.uk to discuss our security posture in detail.

Where can I get a Data Processing Agreement?

Email hello@rooby.co.uk and we'll send one over the same day. We also maintain a sub-processor list updated whenever we add or change a third-party service provider.

Still have concerns?

Talk to us before you connect.

We're happy to walk through our security posture in detail, architecture, access controls, data flows, whatever you need to feel confident. No pressure.

Email Us →

Or see the product walkthrough →

Ready to connect your first client?

14-day free trial. No credit card. Read-only Xero access. Cancel any time.

Start Your Free Trial →

No credit card required