Xero Auto-Sent uses limited business and operational information needed to connect your ServiceM8 account, connect your Xero organization, identify the relevant invoice workflow, determine whether approved ServiceM8-sent invoices are still unsent in Xero, and support the operation of the add-on.
This can include business account identifiers, account display names, connection status, plan or usage information, and related timestamps used to operate, support, and monitor the add-on.
The add-on stores the connection credentials and related expiry information needed to maintain authorized access to ServiceM8 and Xero on your behalf. These credentials are treated as sensitive information, are encrypted at rest, and are protected as part of the add-on’s security controls.
To support the add-on’s purpose, we may store limited invoice-related and workflow-related information such as business-level invoice references, processing state, retry state, and timestamps needed to determine whether the add-on has completed the intended workflow and whether relevant Xero reminders or related automations can proceed as expected.
We may retain limited operational logs, error records, and support diagnostics to help identify failures, improve reliability, and respond to customer support requests. The goal is to keep support information useful without retaining unnecessary data.
Different categories of data are retained for different periods depending on their purpose. As a current baseline, support and operational event records are retained for around 30 days, completed workflow queue records are retained for around 30 days, and historical invoice-action records may be retained for up to 12 months. Short-lived connection state records are cleaned up more aggressively.
We apply security controls appropriate to the add-on’s purpose, including protection of sensitive connection information, encryption of stored connection tokens, minimization of exposed support data, and controls intended to reduce unauthorized access, misuse, or unnecessary disclosure.
Xero Auto-Sent depends on ServiceM8 and Xero, and may also rely on infrastructure and hosting providers used to operate the add-on. Information used by the add-on may therefore be processed in connection with those services to the extent necessary to provide the product.
Customers can disconnect Xero access to stop the add-on’s invoice-processing workflow. Customers can also request removal or reset of certain connection and operational data through the controls provided in the add-on or by contacting support, subject to any records we must keep for support, security, or legitimate business purposes. Disconnecting the add-on clears the local Xero connection used by Xero Auto-Sent, but customers may also need to remove the connected-app access separately inside Xero if they want that authorization removed there as well.
We may update this privacy policy to reflect security improvements, legal requirements, product changes, or clearer explanations of how the add-on operates. The current version published on this site is the version that applies.
For privacy questions or requests relating to Xero Auto-Sent, contact [email protected].
