Skip to main content
← RentClear

Privacy Policy

Effective date: 24 March 2026

1. Who we are

RentClear is operated by RentClear Ltd (company number 17112895) (“we”, “us”, “our”). We provide a web application that helps UK private landlords comply with Making Tax Digital for Income Tax (MTD ITSA) by tracking rental income and expenses and submitting quarterly updates to HMRC.

For data protection enquiries, contact us at security@rentclear.co.uk.

2. What personal data we collect

We collect and process the following categories of data:

  • Account data: your email address and password (stored securely via Supabase Auth).
  • HMRC identity data: your National Insurance number (NINO) and HMRC MTD subscription ID, retrieved when you connect your HMRC account.
  • HMRC authorisation tokens: OAuth access and refresh tokens that allow RentClear to submit data to HMRC on your behalf. These are stored encrypted and are never exposed to your browser.
  • Property data: the names, addresses, and property types of the rental properties you add to RentClear.
  • Transaction data: income and expense records you enter, including amounts, dates, categories, and any notes you add.
  • Submission history: records of quarterly updates submitted to HMRC, including the payload sent and the submission status.
  • Billing data: payment and subscription information handled by Stripe. RentClear does not store full card details.
  • Usage data: standard server logs including IP addresses, browser type, and pages visited, used for security monitoring and debugging.

3. Lawful basis for processing

We process your personal data on the basis of contractual necessity (Article 6(1)(b) UK GDPR). The processing described above is necessary to deliver the RentClear service you have signed up for. Without it, we cannot submit your quarterly updates to HMRC.

We also process data on the basis of legitimate interests (Article 6(1)(f) UK GDPR) for security monitoring and fraud prevention.

4. How we use your data

  • To authenticate you and give you access to your RentClear account.
  • To submit quarterly income and expense summaries to HMRC via the MTD Income Tax API on your behalf.
  • To display your property and transaction history to you.
  • To manage your subscription and process payments.
  • To monitor for security incidents and comply with legal obligations.

We do not sell your data. We do not use your data for advertising.

5. Who we share your data with

  • HMRC — we submit your quarterly income and expense totals to HMRC via their Making Tax Digital API. This is the core purpose of the service.
  • Supabase — our database and authentication provider, hosted on AWS infrastructure in the United Kingdom (London region).
  • Netlify— our hosting provider. Netlify operates a globally-distributed CDN. Your data passes through Netlify infrastructure which is certified under the EU-U.S. Data Privacy Framework and compliant with UK GDPR. Netlify's primary backing store is located in the United States; cross-border transfers are covered by Standard Contractual Clauses.
  • Stripe — our payment processor. Stripe handles payment card data under their own privacy policy.

We do not share your data with any other third parties without your explicit consent, except where required by law.

6. How long we keep your data

We retain your account, property, transaction, and submission data for as long as your account is active. HMRC requires taxpayers to keep records for at least 5 years after the 31 January submission deadline for the relevant tax year.

If you delete your account, we will permanently delete all personal data within 30 days, except where we are required by law to retain it.

7. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate data.
  • Erasure — request deletion of your account and all associated data.
  • Portability — export your data in a machine-readable format.
  • Restriction of processing in certain circumstances.
  • Object to processing based on legitimate interests.

To exercise any of these rights, email security@rentclear.co.uk. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Security

HMRC OAuth tokens are stored encrypted in our database and are never exposed to your browser. All data is transmitted over HTTPS. We apply access controls so that each user can only access their own data.

To report a security issue, email security@rentclear.co.uk.

9. Changes to this policy

We may update this policy from time to time. We will notify you by email of any material changes. The effective date at the top of this page shows when the policy was last updated.

10. Cookies

RentClear uses essential cookies only. We use a session cookie to keep you signed in to your account. We do not use advertising or tracking cookies.