LoginStart free trial
Why backup Xero

Xero doesn't restore your data — and that's not a bug.

Read Xero's own terms: their liability for lost or corrupted data is limited to 'taking reasonable steps' to recover from their own backups. Recovery is your responsibility. Here's how that obligation breaks down, and what to do about it.

From Xero's Terms of Use

"If your data is lost or corrupted, our liability is limited to taking reasonable steps to try to recover the data from our own available backups."

Translation: if their backup is incomplete, stale, or unavailable — you're on your own.

Risks & threats

Four ways your Xero data can disappear, and what each one costs you.

1

Ransomware & hacked accounts

Compromised Xero credentials let attackers delete or modify records. Xero won't roll back the damage — they'll restore from their own backup if available, but transactions you posted in the meantime are gone. Independent backups lock attackers out of the recovery loop.

2

Departing staff and access mistakes

A bookkeeper exits, an admin reassigns roles, an automation is misconfigured — and historical data is overwritten or deleted. Xero's recovery isn't designed for human error at the customer-account level.

3

Corruption during sync or import

Bank feeds drop. Reconciliations re-run. Bulk imports overlap. Each of these creates the kind of silent data drift that's invisible until you try to close the month. A point-in-time snapshot lets you compare and revert.

4

Provider outages and account changes

Xero outages happen, billing disputes happen, subscriptions get cancelled. None of these are 'data loss' events — but in each one, the practical effect is the same: you can't reach your records when you need them.

Cyber insurance

Insurers want three independent data sources. Xero gives you two.

Most accounting-firm cyber policies require three sources: the live system, a provider-managed backup, and an independent third-party backup. Xero counts as one provider — they hold both your live data and their internal backup. The third source is on you.

Source 1 — Live Xero

Your active organization. Anything that corrupts the live record corrupts this source.

Source 2 — Xero internal

Xero's own backups, subject to their terms and their access. You don't control them.

Source 3 — Independent

WOW Backup. In your region, in your audit trail, restorable on demand.

Compliance

Data residency and retention rules are your problem, not Xero's.

Each jurisdiction has its own rules for where accounting data must live and how long it must be retained. Xero stores data globally, in regions of their choosing. WOW lets you pin your backup to the country your regulator expects.

Australia

Privacy Act 1988, ATO retention obligations (5 years for most records), CA ANZ professional standards.

Canada

PIPEDA, CPA Canada Rule 208, CRA's 6-year retention rule on business records.

United States

AICPA professional standards, IRS retention requirements, CCPA where applicable.

Why not just export

Manual CSV exports look free. They're not.

Manual exports

· Done sporadically — usually after something goes wrong

· No attachments — receipts and bills are not included

· Partial coverage — only the data tables you remember to export

· No audit log of who downloaded what, when

· No way to actually restore — CSVs are not a Xero org

· Storage location is wherever someone saved the file

WOW automated backup

· Daily snapshot at 12:00 AM local — no human in the loop

· Attachments included — every receipt, every bill

· Full API coverage — every entity Xero exposes

· Audit trail — every download timestamped to a user

· Real restore — our team rebuilds your org from the backup

· Region-locked AWS storage matched to your jurisdiction

FAQ

Frequently Asked Questions

Common questions about the risks of not backing up your Xero data.

Xero maintains its own internal backups, but their Terms of Use limit liability to "taking reasonable steps" to recover from those backups. That means if their backup is incomplete, stale, or unavailable, recovery is your responsibility. An independent backup like WOW gives you a copy you actually control.
When you cancel Xero, your access to the live organisation ends. Xero typically provides a limited window to export data, but if you haven't kept an independent backup, you may lose access to historical transactions, attachments, and reconciliations permanently.
Yes. If an attacker gains access to your Xero credentials, they can delete contacts, invoices, or entire data sets. Xero does not guarantee restoration of data deleted or modified by an authorised (or compromised) user. An independent backup taken before the incident is your only reliable recovery option.
No. Manual CSV exports are partial (they miss attachments, audit logs, and linked data), sporadic (relying on someone to remember), and not directly restorable into a Xero organisation. WOW takes a full API-level snapshot nightly and can rebuild a Xero org from that snapshot — something a CSV folder cannot do.
Most accounting-firm cyber policies require three independent data sources: the live system, a provider-managed backup, and a third-party independent backup. Xero counts as one provider — they hold both your live data and their internal backup. WOW is the third-party independent source your insurer expects.

Still have questions?

Our team replies within a few hours during business days.

Explore more about Xero backup

Xero backup overview

The full Xero pillar — features, security, FAQ.

Read more

Restore to a new org

How we actually restore your data, not just CSV-dump it.

Read more

Multi-client dashboard

Every Xero org under one login. Built for firms.

Read more

Protect your Xero data — and your firm's obligations.

Free trial includes one month per organization and one Restore coupon. Start in 60 seconds via Xero OAuth.

Connect XeroBook a Demo