All posts

Xero Client Portal: Document Storage Guide

18 June 2026 · Priory Books and Tax
Xero Client Portal: Document Storage Guide

Xero Client Portal: Document Storage Guide

If you run a business in Australia, your filing system should do 3 things: keep records for the right number of years, make documents easy to find, and limit access to payroll and tax files.

I’d sum the guide up like this: set one folder structure, use one file naming rule, and review the archive at month end, quarter end, and year end. That covers the main record groups in a Xero-linked portal: invoices, bills, BAS and IAS papers, tax returns, payroll records, asset files, year-end packs, and permanent business records.

A few points matter straight away:

  • ATO record-keeping rules matter: many tax and GST records must be kept for at least 5 years
  • Payroll records usually need 7 years
  • Asset and CGT records often need to stay longer, based on sale or last claim dates
  • Xero and the portal do different jobs: Xero links files to transactions, while the portal holds broader business and compliance records
  • Poor naming slows search: a file like Scan_001.pdf tells you nothing
  • Access should be role-based: not every staff member should see payroll, TFN, or internal tax files
  • 2FA and encrypted storage are baseline security steps

I’d use a simple setup: Entity → Financial Year → Record Type → Period, then name files with the date, party name, document type, and amount or period. For example, a supplier bill, BAS statement, payroll summary, and tax return should each follow one clear naming pattern so you can spot them fast during BAS, EOFY, or an ATO review.

This gives you a filing system that stays tidy, searchable, and in line with Australian record rules.

Xero Filing System Explained | Organise Your Documents in Xero

Xero

Set up a folder structure that matches your business records

Xero Client Portal Folder Structure for Australian Businesses

Xero Client Portal Folder Structure for Australian Businesses

A clear folder structure makes life easier. You, your bookkeeper, and your tax agent should all be able to find the right file without digging around. The simplest setup is this: entity → financial year → record type → period.

Start with one folder for each entity, then place one FY folder under it.

Start with one client folder and financial-year subfolders

Create one top-level folder for each entity you run. If you have a sole trader, company, or trust, each one should have its own folder.

Under each entity, add a subfolder for each Australian financial year. Label them in the local format: FY 2025–26, FY 2024–25, and so on. That keeps each lodgement period separate and stops records from different years getting mixed together.

Add core subfolders for BAS, tax, invoices, payroll and finance

Inside each FY folder, keep the subfolders lean and consistent. A practical layout looks like this:

Subfolder What goes in it
GST/BAS Q1–Q4 subfolders with BAS worksheets, GST detail reports, bank reconciliations
Invoices and Bills Sales invoices and supplier bills
Tax Records Tax returns, ATO notices, depreciation schedules
Payroll and super Single Touch Payroll (STP) reports, payslips, superannuation payment confirmations
Assets and capital gains Purchase and sale contracts, improvement costs
Year-end pack Final bank reconciliations, trial balance, debtor/creditor listings, asset register
Permanent records Trust deeds, company constitution, long-term loan agreements, ATO correspondence

General tax and GST records must be kept for at least five years from the date of lodgement, payroll and employment records for seven years, and asset, depreciation and CGT records for five years after the asset is disposed of or the last claim is made.

The Permanent records folder should sit outside the FY folders. Those documents don’t reset each year, so keeping them separate saves confusion later.

Once this structure is locked in, search and access control get much easier. It also helps new staff or advisers get up to speed fast, because the layout stays the same wherever they look.

Mirror the same hierarchy in Xero Files so staff and advisers use the same structure.

Why consistent folder rules matter for client uploads

The Priory Books and Tax uses a secure client portal to collect documents in one consistent structure for BAS, payroll and year-end work.

That kind of consistency matters more than people think. If one client uploads payslips into payroll, another drops them into tax, and a third emails them separately, work slows down fast.

Once the folder tree is set, apply the same logic to file names and uploads.

Name files clearly and upload them to the right place

Once your folder tree is locked in, file naming becomes the next checkpoint. This is what helps each document line up with the right Xero entry at a glance. A good file name should show the entity, the period, and the document type without making anyone dig for context.

Use a standard file naming format

A simple format that works well is: YYYY-MM-DD_Supplier-or-Client_Document-Type_Amount-AUD.

That gives you the date first, then who the document relates to, then the document itself, and finally the amount in AUD. Clean, easy to scan, and hard to mix up.

Some document types need one extra detail to make them easier to track:

Document Type Example File Name
Supplier bill 2026-06-18_SupplierName_INV-999_550-AUD.pdf
Client invoice 2026-06-18_ClientName_INV-001_1200-AUD.pdf
BAS statement 2026-Q4_BAS-Statement_BusinessName.pdf
Payroll report 2026-06-15_Payroll-Summary_PPE-2026-06-14.pdf
Tax return FY2026_Income-Tax-Return_Final.pdf

For bills, add the supplier invoice number. For BAS, use the quarter label. For tax files, use the FY label. For payroll, include the pay period end date.

How to upload files step by step

The upload part is pretty quick once the file is clean and ready. Scan paper records to PDF, or export reports you’ve already run in Xero. The ATO accepts electronic images as long as they are clear, accurate copies of the original.

Then do this:

  1. Log in to the client portal securely.
  2. Open the correct entity folder, then the right FY subfolder and document-type folder.
  3. Drag and drop the file, or use bulk upload if you have several at once.

Xero also gives each file library its own email address. So if a supplier emails you an invoice, you can forward it straight to that address and it will land in Xero Files automatically, ready to be linked to the matching transaction.

How uploaded files support Xero bookkeeping

When you attach each source document to its Xero transaction, you create a clear audit trail. That makes it easier for your bookkeeper to check amounts and GST during reconciliation. The same files can also help if the ATO reviews your records or a lender asks for backup documents.

Consistent naming and the right upload location also make search and access control much faster in the next stage.

Find documents fast and control who can see them

Once files are uploaded, the next job is simple: find them fast and make sure the right people can access them.

Search by name, folder, date, file type and tags

Xero-linked portals let you search by name, folder, date, file type, or tag.

Method Best For Best Use Limitations
Search bar Finding a specific file when you know its name or number Fastest method if naming is consistent Fails if the file name is vague (e.g., Scan_001)
Folder navigation Browsing all documents for a specific FY or document type Gives you clear context and structure Can be slow if folders are nested too deeply
Filters and tags Isolating a category across multiple years (e.g., all BAS files) Great for bulk retrieval by type or date Only works well if tags are applied consistently at upload

If your filing setup is tidy, retrieval becomes a lot less painful. A search bar is usually the fastest option, but only if file names make sense. Folder navigation helps when you want to see the full picture for a given FY or document group. Tags and filters are handy when you need to pull a set of files across years, like every BAS document in one go.

After retrieval is sorted, the next step is to lock down access to payroll and tax files.

Set permissions for owners, staff and advisers

Use role-based access so owners, staff, and advisers only see the folders and actions they need. That means not everyone should have the same view or editing rights.

Sensitive folders, such as payroll or internal workpapers, should be limited to authorised users. It’s also smart to review access every quarter so permissions stay current as your team changes.

Security basics for tax and payroll records

Payroll and TFN records need tighter controls than general bookkeeping files. The baseline steps are straightforward: enable two-factor authentication (2FA) for every user and use encrypted storage.

At The Priory Books and Tax, portal access is limited to authorised users to protect TFN and payroll data.

Keep your document archive tidy, compliant and useful over time

Once filing and access are sorted, the last step is keeping the archive current. A portal only stays useful if someone looks after it. Leave it alone for too long and folders start to clog up with duplicate files, vague names and old documents no one should be using. Regular upkeep helps keep month-end, BAS and EOFY records easy to find when you need them again.

Review folders at month end, quarter end and year end

The simplest way to stay on top of this is to link clean-ups to work you already do. After monthly bookkeeping, check that transactions have supporting documents attached. After each BAS quarter, make sure BAS papers, activity statements and related correspondence sit in the right financial year folder. At year end, confirm the prior FY is complete before opening the new one. This ensures you have everything ready for your small business tax return. Keep digital copies that are clear and complete.

Avoid duplicates and mark the latest version clearly

Duplicate files chew up time and make version history messy. Before you upload anything, check whether the file is already there. If you're working through more than one draft, like a revised payroll summary or an amended BAS, label each version clearly with names such as v1, v2 or Final.

Good versus poor storage habits at a glance

The same habits matter whether you're filing one invoice or a full year-end pack.

Habit Good Practice Poor Practice
Folder structure Organised by financial year and document type All files in one miscellaneous folder
File naming Consistent format, e.g. YYYY-MM-DD_Type_Vendor Vague defaults like Scan_001.pdf or Document1
Version control Clear labels: v1, v2 or Final Multiple copies with no indication of which is current
Maintenance Monthly filing checks and quarterly folder audits Only filing during year end or an audit
Access Role-based permissions for authorised staff and advisers Unrestricted access or a single shared login

FAQs

How long should I keep each record type?

To comply with the ATO, keep accurate records for at least five years from the date of lodgement. Those records need to clearly show income, expenses, and GST details.

If you're a registered tax practitioner, the rule is a bit different. Keep records for at least five years after the tax agent service is complete. Once that period ends, decide whether to return, destroy, or de-identify the documents in line with privacy laws and your record-keeping arrangements.

What’s the best folder structure for my portal?

Use a steady folder structure built around entity, financial year, and tax category. A simple setup looks like this: Entity Name > 2025–26 > GST-BAS by quarter, Payroll-Super, and Year-End.

If your Xero file library only gives you one folder level, use clear prefixes to group folders alphabetically and make them easier to find. For example:

  • A – Bank
  • C – Customers
  • S – Suppliers

Who should have access to payroll and tax files?

Access to sensitive payroll and tax files should be limited to authorised people who need them for specific tasks, such as your accountant, bookkeeper or designated team members.

With Xero’s customisable access levels and secure client portal, each user only sees or manages the documents tied to their role, which helps prevent unauthorised access.

Related Blog Posts