Cybersecurity	12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	Risk Management Strategy Cybersecurity risk management is an integral part of our overall enterprise risk management program. Our cybersecurity risk management program is designed to align our information management to best practices such as NIST, CIS, Mitre Attack etc. to guide and provide a solid and resilient framework for dealing with security threats and cybersecurity incidents, including threats and incidents associated with our internal and external resources. Our cybersecurity team is responsible for implementing, maintaining, and evaluating our physical, technical, and administrative security controls as part of the overall cybersecurity risk management program. These functions are primarily performed in-house; we currently engage third parties only for external penetration testing. Additionally, our cybersecurity team provides training to all employees annually. Cybersecurity controls are focused on the monitoring of workstations, servers and our network. Within the cybersecurity scenario, we rely on incident monitoring through detection controls implemented in the environment, such as content filter, behavior detection tool malicious software, Antivirus, Antispam, among others. Alerts are generated to notify the team to deal with these incidents. Furthermore, the company has a control to prevent data loss to ensure that confidential information is not lost, stolen, misused or leaked onto the web. There are internal and external Intrusion Tests at the network and application layers that are carried out at the minimum annually. Scans of internal networks are also carried out periodically and if any vulnerability is identified, they are treated and prioritized according to their criticality. We also have in place a written cybersecurity incident response protocol designed to allow us to respond promptly when an incident is detected. There are several other controls to ensure security against threats in digital media, including with respect to identity and access control, application security, privacy, encryption and masking, traceability, network segmentation and backup, and protecting against malicious software. We also address potential risks posed by the use of third party service providers, including by executing appropriate contractual requirements related to data and cyber security and monitoring of assurance reports established by external auditors of these suppliers when such reports are available. We have been subject to cybersecurity incidents in the past. On March 22, 2025, we became aware that an unauthorized third party gained access to a database, hosted by a third-party vendor, containing certain personal and financial information from our clients. We immediately activated our cybersecurity incident response protocol to investigate, contain, and remediate the incident. As of the date of this report, no client accounts, client funds or XP internal systems have been compromised. The systems and operations of the XP Group have not been affected. We have taken necessary measures to resolve the incident promptly and we have remediated the vulnerability that led to the initial unauthorized access. We have provided or will provide appropriate notifications to affected individuals as required. Regulators and competent authorities have already been notified of the incident as required. This incident has not had any material impact in our business strategy, results of operations, or financial condition, but there is no assurance that we will not experience additional negative impacts to this incident. For more information about these risks, see “Item 3. Key Information—D. Risk Factors." to learn about certain risks related to our business and industry, such as unauthorized disclosure, destruction or modification of data, through cyber security breaches, computer virus or otherwise, or interruption of our services may expose us to protracted and costly liability and litigation and damage our reputation.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	Cybersecurity risk management is an integral part of our overall enterprise risk management program. Our cybersecurity risk management program is designed to align our information management to best practices such as NIST, CIS, Mitre Attack etc. to guide and provide a solid and resilient framework for dealing with security threats and cybersecurity incidents, including threats and incidents associated with our internal and external resources. Our cybersecurity team is responsible for implementing, maintaining, and evaluating our physical, technical, and administrative security controls as part of the overall cybersecurity risk management program. These functions are primarily performed in-house; we currently engage third parties only for external penetration testing. Additionally, our cybersecurity team provides training to all employees annually.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Board of Directors Oversight [Text Block]	Governance Our board of directors has overall oversight responsibility for our risk management and is charged with overseeing our cybersecurity risk management program. The Risks, Credit and ESG committee is responsible for ensuring that management has processes in place designed to identify and assess the cybersecurity risks to which the company is exposed, to implement and maintain processes and programs to manage cybersecurity risks, and mitigate, remediate, and otherwise respond to cybersecurity incidents. Our cybersecurity programs are under the direction of our Chief Technology Officer (CTO), who receives reports from our cybersecurity team and monitors prevention, detection, mitigation, and remediation of cybersecurity incidents. Our CTO and dedicated staff are certified and experienced in information systems security with many years of experience. Management, including the CTO and our cybersecurity team, regularly updates the audit committee on the company's cybersecurity programs, material cybersecurity risks and mitigation strategies, and provide cybersecurity reports annually that cover, among other topics, third-party assessments of the company's cybersecurity program, developments in cybersecurity, and updates to the company's cybersecurity mitigation programs and strategies.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	board of directors
Cybersecurity Risk Role of Management [Text Block]	Our cybersecurity programs are under the direction of our Chief Technology Officer (CTO), who receives reports from our cybersecurity team and monitors prevention, detection, mitigation, and remediation of cybersecurity incidents. Our CTO and dedicated staff are certified and experienced in information systems security with many years of experience. Management, including the CTO and our cybersecurity team, regularly updates the audit committee on the company's cybersecurity programs, material cybersecurity risks and mitigation strategies, and provide cybersecurity reports annually that cover, among other topics, third-party assessments of the company's cybersecurity program, developments in cybersecurity, and updates to the company's cybersecurity mitigation programs and strategies.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	The Risks, Credit and ESG committee is responsible for ensuring that management has processes in place designed to identify and assess the cybersecurity risks to which the company is exposed, to implement and maintain processes and programs to manage cybersecurity risks, and mitigate, remediate, and otherwise respond to cybersecurity incidents.

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Risk Management Strategy

Cybersecurity risk management is an integral part of our overall enterprise risk management program. Our cybersecurity risk management program is designed to align our information management to best practices such as NIST, CIS, Mitre Attack etc. to guide and provide a solid and resilient framework for dealing with security threats and cybersecurity incidents, including threats and incidents associated with our internal and external resources. Our cybersecurity team is responsible for implementing, maintaining, and evaluating our physical, technical, and administrative security controls as part of the overall cybersecurity risk management program. These functions are primarily performed in-house; we currently engage third parties only for external penetration testing. Additionally, our cybersecurity team provides training to all employees annually.

Cybersecurity controls are focused on the monitoring of workstations, servers and our network. Within the cybersecurity scenario, we rely on incident monitoring through detection controls implemented in the environment, such as content filter, behavior detection tool malicious software, Antivirus, Antispam, among others. Alerts are generated to notify the team to deal with these incidents. Furthermore, the company has a control to prevent data loss to ensure that confidential information is not lost, stolen, misused or leaked onto the web. There are internal and external Intrusion Tests at the network and application layers that are carried out at the minimum annually. Scans of internal networks are also carried out periodically and if any vulnerability is identified, they are treated and prioritized according to their criticality. We also have in place a written cybersecurity incident response protocol designed to allow us to respond promptly when an incident is detected.

There are several other controls to ensure security against threats in digital media, including with respect to identity and access control, application security, privacy, encryption and masking, traceability, network segmentation and backup, and protecting against malicious software. We also address potential risks posed by the use of third party service providers, including by executing appropriate contractual requirements related to data and cyber security and monitoring of assurance reports established by external auditors of these suppliers when such reports are available.

We have been subject to cybersecurity incidents in the past. On March 22, 2025, we became aware that an unauthorized third party gained access to a database, hosted by a third-party vendor, containing certain personal and financial information from our clients. We immediately activated our cybersecurity incident response protocol to investigate, contain, and remediate the incident. As of the date of this report, no client accounts, client funds or XP internal systems have been compromised. The systems and operations of the XP Group have not been affected. We have taken necessary measures to resolve the incident promptly and we have remediated the vulnerability that led to the initial unauthorized access. We have provided or will provide appropriate notifications to affected individuals as required. Regulators and competent authorities have already been notified of the incident as required. This incident has not had any material impact in our business strategy, results of operations, or financial condition, but there is no assurance that we will not experience additional negative impacts to this incident.

For more information about these risks, see “Item 3. Key Information—D. Risk Factors." to learn about certain risks related to our business and industry, such as unauthorized disclosure, destruction or modification of data, through cyber security breaches, computer virus or otherwise, or interruption of our services may expose us to protracted and costly liability and litigation and damage our reputation.

Cybersecurity Risk Management Processes Integrated [Text Block]

Cybersecurity risk management is an integral part of our overall enterprise risk management program. Our cybersecurity risk management program is designed to align our information management to best practices such as NIST, CIS, Mitre Attack etc. to guide and provide a solid and resilient framework for dealing with security threats and cybersecurity incidents, including threats and incidents associated with our internal and external resources. Our cybersecurity team is responsible for implementing, maintaining, and evaluating our physical, technical, and administrative security controls as part of the overall cybersecurity risk management program. These functions are primarily performed in-house; we currently engage third parties only for external penetration testing. Additionally, our cybersecurity team provides training to all employees annually.

Cybersecurity Risk Board of Directors Oversight [Text Block]

Governance

Our board of directors has overall oversight responsibility for our risk management and is charged with overseeing our cybersecurity risk management program. The Risks, Credit and ESG committee is responsible for ensuring that management has processes in place designed to identify and assess the cybersecurity risks to which the company is exposed, to implement and maintain processes and programs to manage cybersecurity risks, and mitigate, remediate, and otherwise respond to cybersecurity incidents.

Our cybersecurity programs are under the direction of our Chief Technology Officer (CTO), who receives reports from our cybersecurity team and monitors prevention, detection, mitigation, and remediation of cybersecurity incidents. Our CTO and dedicated staff are certified and experienced in information systems security with many years of experience. Management, including the CTO and our cybersecurity team, regularly updates the audit committee on the company's cybersecurity programs, material cybersecurity risks and mitigation strategies, and provide cybersecurity reports annually that cover, among other topics, third-party assessments of the company's cybersecurity program, developments in cybersecurity, and updates to the company's cybersecurity mitigation programs and strategies.

Cybersecurity Risk Role of Management [Text Block]

Our cybersecurity programs are under the direction of our Chief Technology Officer (CTO), who receives reports from our cybersecurity team and monitors prevention, detection, mitigation, and remediation of cybersecurity incidents. Our CTO and dedicated staff are certified and experienced in information systems security with many years of experience. Management, including the CTO and our cybersecurity team, regularly updates the audit committee on the company's cybersecurity programs, material cybersecurity risks and mitigation strategies, and provide cybersecurity reports annually that cover, among other topics, third-party assessments of the company's cybersecurity program, developments in cybersecurity, and updates to the company's cybersecurity mitigation programs and strategies.