SmartTenant

HMRC integration

HMRC Integration Terms of Use

These terms govern your use of the SmartTenant integration with HM Revenue & Customs' Making Tax Digital APIs. They sit alongside our general Terms of Use and Privacy Notice and apply whenever you connect a SmartTenant account to HMRC.

Last updated: 28 May 2026

Legal owner

Smart Property Software Ltd

SmartTenant is a platform owned and operated by Smart Property Software Ltd.

Company number 17126256.

Contact: [email protected]

1. Who provides this integration

The SmartTenant platform and its HMRC integration are operated by Smart Property Software Ltd, a company registered in England and Wales under company number 17126256. For all questions about this integration, contact [email protected].

2. What the integration does

SmartTenant is recognised by HMRC as third-party software for Making Tax Digital (MTD). When you connect your SmartTenant account to HMRC, the platform can read from and submit to the following HMRC APIs on your behalf:

  • MTD Income Tax Self Assessment (ITSA)— retrieving your obligation periods and submitting quarterly UK property income updates for individual landlords.

The integration is for UK property income only. SmartTenant does not currently support MTD for VAT, self-employment or foreign property income, the end-of-year / Final Declaration step, or acting on behalf of an agent, and it does not access PAYE, Corporation Tax, or any other HMRC service that is not listed above. For income sources we do not support, use HMRC’s guidance on compatible software.

3. How you authorise access

Authorisation is granted using HMRC’s OAuth 2.0 flow. When you start the connection from SmartTenant, you are redirected to a GOV.UK domain controlled by HMRC, where you sign in with your own Government Gateway credentials and consent to the specific scopes listed above.

SmartTenant never sees your Government Gateway user ID or password. HMRC returns an access token and a refresh token to SmartTenant, which together represent the permission you granted. HMRC grants this authorisation for a maximum of 18 months from the date you consent; after that period you will be prompted to re-authorise.

4. Data we store and for how long

  • OAuth tokens. The access token and refresh token issued by HMRC are stored encrypted at rest. They are used solely to call the MTD APIs on your behalf and are rotated when HMRC issues new tokens.
  • Obligation and submission cache. We cache the obligation periods, submitted figures, HMRC correlation IDs, and HMRC response bodies for each call we make. This forms the audit trail HMRC requires of MTD software vendors and lets you see your submission history inside SmartTenant.
  • Fraud prevention headers. Where HMRC requires it, we collect and forward the standard MTD fraud prevention headers (device, browser, public IP, user timezone, and screen characteristics) at the point of submission. These are sent to HMRC with each call and retained alongside the submission record for audit.
  • HMRC user passwords. We never store your Government Gateway password or one-time access codes. These are handled exclusively by HMRC.

Submission and audit records are retained for at least six years from the end of the relevant tax year, in line with HMRC’s record-keeping requirements for MTD software. Encrypted OAuth tokens are deleted when you disconnect the integration or when the 18-month grant expires, whichever is sooner.

5. Your responsibilities

  • You confirm you are the taxpayer for the HMRC account you connect and are authorised to submit your own returns. SmartTenant is for individuals filing their own UK property income and does not support acting as an authorised agent for another taxpayer.
  • You are responsible for reviewing every figure shown in SmartTenant before you confirm a submission to HMRC. SmartTenant displays a summary screen for this purpose.
  • You agree to keep your SmartTenant credentials secure, since they control access to the HMRC connection.
  • You agree to comply with HMRC’s own terms of use for the MTD APIs and with the HMRC Fraud Prevention Policy when you use the integration.

6. Revoking access

You can revoke SmartTenant’s access at any time. Either:

  • Open Settings → Integrations → HMRC inside SmartTenant and select Disconnect. This immediately deletes the encrypted tokens from our systems; or
  • Sign in to your HMRC online account on GOV.UK and use the “manage who can access your information” screen to withdraw consent at HMRC’s end. SmartTenant’s tokens will then stop working at the next call.

Submission and audit records that we are required to retain for HMRC record-keeping purposes are kept after disconnection but are not used for any other purpose.

7. Availability and accuracy

The integration depends on the availability of HMRC’s MTD APIs. SmartTenant is not responsible for HMRC outages, scheduled downtime, or rate-limiting applied by HMRC. We will surface HMRC error responses (including correlation IDs) so you can raise them with HMRC if required.

SmartTenant takes reasonable care to transmit the figures you confirm without modification, but the final responsibility for the accuracy of any return submitted to HMRC rests with you as the taxpayer.

8. Compliance framework

SmartTenant operates the HMRC integration in accordance with the UK General Data Protection Regulation, the Data Protection Act 2018, and the HMRC Fraud Prevention Policy for MTD software. Personal data processed through the integration is covered by the SmartTenant Privacy Notice.

9. Changes

We may update these terms when HMRC API scopes change, when retention periods are revised, or when our security controls evolve. The “Last updated” date at the top of this page reflects the most recent revision. Material changes will be notified inside the SmartTenant app before they take effect.

10. Contact

Questions, complaints, or access requests related to the HMRC integration should be sent to [email protected].