Support and security

Send context, not credentials.

For connection help, privacy requests or security reports, contact Atlas Flow at support@atlas-flow.com.

Support channel: email · Pilot service level: no guaranteed response SLA

Do not email passwords, MFA codes, OAuth tokens, authorisation codes, cookies, tenant identifiers, bank details, full invoices, contact lists or accounting payloads. Redact screenshots and logs before sending them.

What to include

Connection troubleshooting

Authorisation did not finish

Return to the Connections screen and start a fresh Xero authorisation. OAuth state and PKCE transactions expire and cannot be replayed. Do not send the callback URL because it may contain a one-time authorisation code.

The expected organisation is missing

Cancel the selection. Confirm in Xero that the signed-in user is authorised for the intended organisation and repeat authorisation. Agent Atlas requires you to explicitly select the organisation and never silently uses the first result.

Reconnect required

A revoked, expired or invalid rotating refresh credential can move the connection to a safe reconnect state. Review the notice and authorise again. Do not attempt to copy or manually repair encrypted credential files.

A read tool failed

Record the tool name and safe status code, then try once more after the indicated rate-limit period if applicable. Verify the source information directly in Xero before relying on an incomplete response.

Disconnecting

Use the two-step Disconnect Xero control. It attempts remote Xero connection deletion or token revocation, encrypted local credential deletion and removal of the managed Xero MCP configuration entry. Review the separately reported remote and local results. You can also revoke the app in Xero’s connected-app settings.

If remote revocation fails but local deletion succeeds, revoke the app directly in Xero. If local deletion fails, stop using the connector and contact support with the safe status only.

Privacy requests

To request access, correction or deletion of information held by Atlas Flow, email support@atlas-flow.com with the subject “Privacy request”. Describe the relevant relationship and request without including credentials or accounting records. Identity or authority may need to be verified before action is taken.

Security reports

Use the subject “Security report” for suspected credential exposure, unauthorised organisation access, unexpected write capability or sensitive information in logs. Disconnect and revoke Xero access promptly if continued access may create risk. Do not publicly disclose live credentials or customer accounting information.

Before connecting a real organisation

The first live acceptance run must use a Xero Demo Company. A real organisation should be considered only after read-only scopes, explicit selection, tool outputs, refresh behavior, restart persistence and disconnect cleanup have passed review. Invoices, contacts, payments, banking, journals, and settings cannot be changed in the pilot.

Support limitations

Agent Atlas is an early pilot. Atlas Flow does not currently promise a response deadline, continuous availability or emergency accounting support. For urgent Xero account security issues, use Xero’s own support and connected-app controls. For urgent accounting, tax, legal or financial matters, contact an appropriately qualified professional.