Now supporting WooCommerce and eBay, with Amazon coming soon. Book a demo
Log inBook a demo
Built for accounting data

Security and tenant isolation by design

ClearCommerce connects sensitive ecommerce and accounting systems, so credentials, company boundaries and auditability are treated as product foundations.

Encrypted credentials

Store API credentials, marketplace tokens and Xero refresh tokens are encrypted at rest. Xero passwords are never requested or stored.

OAuth 2.0 for Xero

Xero authorisation happens through Xero OAuth 2.0, with organisation selection and token refresh handled through the authorised connection.

Company isolation

Stores, connections, profiles, mappings, jobs and exports are tied to the owning company so one tenant cannot access another tenant’s data.

Operational safety

Protect the accounting workflow as well as the login

Security includes preventing accidental double-posting, keeping secrets out of logs and recording the result of background work.

  • Idempotent import and export jobs
  • Stored source and Xero references
  • Audit logs for sensitive platform actions
  • Environment variables for deployment secrets
  • Error logging without exposing credentials
ClearCommerce automation readiness and safety controls

Current security approach

Authentication: user accounts authenticate to the ClearCommerce application. Company membership controls which workspace data a user may access.

Connected services: Xero uses OAuth 2.0. Sales-channel credentials and OAuth tokens are stored for connector access and should use the minimum permissions required for each integration.

Data handling: source ecommerce data is kept separate from the accounting configuration and exported record. This makes the treatment reviewable without rewriting the original order.

Infrastructure: application services run behind HTTPS, with application secrets supplied through the deployment environment rather than committed to source code.

Roadmap: role-based permissions, GDPR data export/deletion controls and stronger operational observability are planned as the product and customer base grow.

Security questions can be sent to info@clearcommerce.co.uk. Please do not send live API keys or passwords by email.