Security and privacy

Prepaidly runs over HTTPS. Authentication uses signed sessions stored client-side with guard rails such as idle timeout. Sign back in after long breaks. Xero tokens and secrets stay on the server, not inside the page bundle.

Schedule data and journals are scoped by tenant so one organisation does not surface inside another during normal use. Admin-only areas (Billings, Users) rely on roles resolved after you open an entity. Double-check the avatar role label if you are unsure.

Apply your own policies for who may connect Xero, who may post journals, and when to use demo companies. Remove Prepaidly access for people who leave the business and revoke OAuth grants in Xero when a laptop is lost.