Skip to main content

How does Mayday keep your information secure?

Written by Griff

Our customers entrust us to keep their data secure, and we take this seriously. We're an official Xero app which means we've passed through all of their security processes and additionally this page gives an overview of the security practices we follow at Mayday.

Hosting

Our service runs entirely on the Amazon Web Services (AWS) platform, which allows us to ensure the application is secure, reliable, and scalable. Mayday uses AWS's London region, so all data storage and processing occurs within the UK. AWS are certified and compliant with thousands of global compliance programs. See the AWS security page for more information.

Encryption

All data is encrypted at rest using AES-256 when stored in Mayday's servers, and all data is encrypted in transit using at least TLS 1.2. All our web traffic, both in your browser and to our servers, is protected by SSL.

API Security Audits

We undergo regular audits by Xero to ensure that our platform meets the standards of security required of an approved application provider.

User Accounts

Users can only log in to Mayday via Xero, which requires two-factor authentication to complete.

You can invite other users to collaborate with you in Mayday. This is done using the email address that user logs in to Xero with, and so will be subject to the same two-factor authentication requirements.

Data

Your data is owned by you. We fetch the data required to run Mayday's systems from your accounting platform and store that on our databases. The data remains on AWS servers and within AWS security zones at all times. All data is backed-up regularly and stored securely within AWS.

We collect the following data from your accounting system:

  • User name and email address, for any users invited to the Mayday platform

  • Chart of Accounts

  • Tracking Categories (for Xero)

  • Tax Rates

  • Contacts: including business name, contact email, business number, tax identifier, and bank details. We securely store bank details using a one-way encryption.

  • Invoices, Bills, and Credit Notes, plus Payments applied to them

  • Journals

  • Bank Transactions

Through Mayday, users are able to post adjustments back to the accounting system. We never push data back to the accounting system without a user's action. The data we can post back are:

  • Accounts

  • Contacts

  • Tracking Categories

  • Invoices, Bills

  • Journals

  • Credit Notes

  • Payments

When you cancel your subscription and your final billing period is complete, all data will be deleted.

Some of our staff have limited access to your data in order to provide support. The data is only accessible via secure login with two-factor authentication via Xero. Your data is never shared with any third parties.

Your credit card and billing info is transmitted and stored securely with our third part billing provider, Paddle.

BRAG (Bank Reconciliation Across the Group)

BRAG is an extension for your browser that streamlines your bank reconciliation process for multi-entities. Here's some information about how we keep it secure:

  • Secure authentication:

    • To enable BRAG, it must be installed, and connected to Mayday’s API by visiting the connect page in Mayday’s app

    • Using BRAG requires you to be signed in to Mayday, signing into Mayday creates a session

    • BRAG uses the same session as Mayday

    • So, when the Mayday session expires and you need to login again, the same also applies to the BRAG extension

  • Strict scope of access: BRAG is strictly configured to run only on Xero’s bank reconciliation page. It cannot and will not read or access data from any other web page you visit

  • How data flows: When you click the Mayday tab on a Xero bank transaction, BRAG sends only that specific transaction's details to Mayday’s servers via a secure API connection

  • Secure processing: When you complete a reconciliation using BRAG, the request is sent securely to Mayday's servers. From there, Mayday’s servers make appropriate calls to Xero's API to create the necessary invoices, bills, or payments. The connection to the Xero API is the same secure connection which Mayday uses for other features in the Mayday product

Privacy

Your privacy and the integrity of your data is important to us. For more information on privacy see our Privacy Policy.


If you’d like any more information, here are our Terms and Conditions and if you have any further questions about information security please contact us at support@getmayday.com.

Did this answer your question?