Breaking News - ARC Link is here >
Request a demo

Xero API Privacy Policy

For InstallerPro 1 – A Xero Integrated Application

Last Updated: 12th January 2026

1. Who We Are

This Privacy Policy explains how B2B Portals Ltd, a company registered in England and Wales (Company No. 08847474) (“we”, “us”, “our”) collects, uses and protects personal data when you use InstallerPro1 (the “Application”).

The Application is available via the Xero App Marketplace and integrates with Xero using its API.


For the purposes of UK data protection law, we act as:

  • Data Processor when processing accounting or business data on your behalf.
  • Data Controller for our own operational, billing, support and security purposes.

2. Relationship with Xero

The Application integrates with Xero Limited via the Xero API.


When you authorise the Application:

  • You grant API access to specific accounting data.
  • Data is transferred securely from Xero to our systems.
  • Your use of Xero remains subject to Xero’s own Privacy Policy and Terms.

We are an independent software provider and are not responsible for Xero’s data handling practices.

3. Personal Data We Collect

We may collect and process the following categories of data:

A. Data Retrieved from Xero (as Processor)

Depending on permissions granted, this may include:

  • Contact names
  • Business names
  • Invoice details
  • Payment information
  • Transaction records
  • Account codes
  • Tax/VAT information
  • Financial reporting data

We only access the minimum data necessary for the Application’s functionality.

B. Account & Subscription Information (as Controller)

  • Name
  • Email address
  • Job title
  • Business details
  • Billing information
  • Subscription records
  • IP address
  • Log data

C. Technical & Usage Data

  • Device information
  • Browser type
  • Usage metrics
  • API access logs
  • Error reports

4. Lawful Basis for Processing

Under UK GDPR, we rely on:

  • Contract – to provide the Application and fulfil subscription services.
  • Legitimate Interests – to maintain security, improve services, prevent fraud.
  • Legal Obligation – to comply with tax and regulatory requirements.
  • Consent – where required (e.g., marketing communications).

You are responsible for ensuring you have lawful authority to share accounting data with us.

5. How We Use Personal Data

We only use limited personal data provided by users to:

  • Provide and operate the Application
  • Synchronise accounting data with Xero
  • Maintain system security
  • Provide customer support
  • Process payments and subscriptions
  • Improve performance and features
  • Comply with legal obligations

We do not process any client data you may enter within our system. We do not sell personal data.

6. Data Sharing

We may share limited data with:

  • Cloud hosting providers
  • Payment processors
  • Professional advisers (legal, accounting)
  • Regulators where legally required

All processors are subject to contractual confidentiality and security obligations.

We do not share personal data with third parties for advertising purposes.

7. International Transfers

We do not transfer data outside the UK with the limited exception of failsafe data back up in case of national cyber-attack. Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, such as:

  • UK International Data Transfer Agreement (IDTA)
  • Adequacy decisions
  • Standard Contractual Clauses

8. Data Retention

We retain personal data:

  • For the duration of your subscription
  • For up to 6 years where required for accounting or legal purposes
  • In accordance with statutory limitation periods

Upon termination:

  • API access is revoked
  • Data is deleted or anonymised in accordance with our retention schedule

9. Security Measures

We implement appropriate technical and organisational measures including:

  • Encrypted API connections (HTTPS/TLS)
  • Role-based access controls
  • Secure cloud infrastructure
  • Regular security updates
  • Monitoring and logging
  • Access restriction policies

No internet-based system is entirely secure, but we take reasonable steps to protect data.

10. Your Rights

Under UK GDPR, individuals have the right to:

  • Access their personal data
  • Request correction
  • Request erasure (where applicable)
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent (where applicable)

Requests should be sent to: phil.joslin@b2bportals.co.uk

Where we act as Data Processor, you should contact your organisation (the Data Controller) in the first instance.

11. Cookies & Tracking

If the Application uses cookies or tracking technologies, these are used for:

  • Authentication
  • Security
  • Performance monitoring

We do not use behavioural advertising cookies.

12. Marketing Communications

We may send service-related communications necessary for operation.

Marketing communications will only be sent:

  • Where you have opted in, or
  • Where permitted under PECR (soft opt-in for existing customers)

You may unsubscribe at any time.

13. Children’s Data

The Application is intended for business use and not directed at persons under 18. We do not knowingly collect children’s personal data.

14. Complaints

If you are concerned about our data handling, you may contact us first.

You also have the right to lodge a complaint with:
Information Commissioner’s Office

15. Changes to This Policy

We may update this Privacy Policy from time to time.

Material changes will be notified via email or within the Application.

Continued use constitutes acceptance of updates.

  • Your misuse of the Application
  • Breach of this Agreement
  • Unlawful processing of personal data
  • Incorrect accounting practices conducted by you

16. Contact Details

Data Protection Contact:

Philip M Joslin
Email: phil.joslin@b2bportals.co.uk

InstallerPro Logo
Request A Demo
Facebook Linkedin