SmartTenant

Retention and deletion

Data Retention and Deletion Standard

The retention windows, lawful bases, and deletion workflows SmartTenant applies to your data.

Last updated: 14 May 2026

Legal owner

Smart Property Software Ltd

SmartTenant is a platform owned and operated by Smart Property Software Ltd.

Company number 17126256.

Contact: [email protected]

1. Retention principles

  • We keep personal data only as long as needed for the purpose we collected it for (UK GDPR Article 5(1)(e) storage limitation).
  • Where a legal obligation, defence-of-claim, or other Article 17(3) ground applies, we may retain a minimised record after you would otherwise have asked us to delete it.
  • When you close your account, we anonymise active-product PII at once and apply the schedule below to anything that has to stay for legal reasons.

2. Retention schedule

Data categoryDefault periodWhy we keep itLawful basis
Account profile (name, email, contact details)While the account is active; anonymised on closure unless legally heldOperate the service, authenticate sign-in, send platform notifications.UK GDPR Art 6(1)(b) contract.
Authentication sessionsAuto-purged after 90 days of inactivitySecurity monitoring and abandoned-session cleanup.UK GDPR Art 6(1)(f) legitimate interest (account security).
Audit log (every state-changing action)6 yearsAccountability principle, dispute investigation, regulator response.UK GDPR Art 5(2) accountability + Art 17(3)(e) defence of legal claims; aligned with Limitation Act 1980 s.5 (6-year contract limitation).
Tenancy agreements + related records6 years after tenancy endA tenancy is a contract; disrepair / arrears / deposit disputes can be raised within 6 years.Limitation Act 1980 s.5 (defence-of-claims) — UK GDPR Art 17(3)(e).
Rent payments and financial reconciliation recordsAt least 5 years after the 31 January filing deadline for the relevant tax yearLandlord self-assessment / property-business tax records required by HMRC.Legal obligation (Income Tax / Taxes Management Act) — UK GDPR Art 17(3)(b).
Right-to-Rent photographic ID (passport / BRP / licence)While tenancy is live + 1 year after tenancy end (minimum); compressed to audit thumbnail after that; full purge at 2 years post-tenancyMaintain the statutory excuse under the Right to Rent scheme.Legal obligation — Home Office Code of Practice on Right to Rent — UK GDPR Art 17(3)(b).
Right-to-Rent / applicant ID for declined or withdrawn applicantsPurged 30 days after the LOST decisionOriginal purpose (establishing a statutory excuse) never crystallised; storage-limitation principle requires prompt deletion.UK GDPR Art 5(1)(e) storage limitation.
EICR, EPC, Gas Safety, HMO licencesUntil superseded by the next inspection + 6 yearsStatutory compliance evidence (electrical / gas / energy / licensing) and Limitation-Act contract claims.Electrical Safety Standards Regulations 2020 + Limitation Act 1980 s.5.
Maintenance / repair logs and contractor messages6 years from job closureHabitability / Homes (Fitness for Human Habitation) Act claims.UK GDPR Art 17(3)(e) defence of claims; aligned with Limitation Act 1980 s.5.
Tenant ↔ landlord messages and contact log entriesAligned with the tenancy (6 years post-tenancy)Often constitute evidence in notice-service / disrepair disputes.UK GDPR Art 17(3)(e) defence of legal claims.
Error logs and outbound email delivery metadata2 yearsDiagnostics, deliverability investigation.UK GDPR Art 6(1)(f) legitimate interest.
Rent reminders sent6 yearsOften referenced when defending a possession / arrears claim.UK GDPR Art 17(3)(e) defence of claims.
Screening cases (third-party referencing)Cleared 2 years after the linked tenancy ends; provider's own retention applies separatelyOnce the tenancy is well past, the original purpose lapses; the screening provider remains a separate controller for their own records.UK GDPR Art 5(1)(e) storage limitation.
Password-reset / invite tokensSingle-use, expire within minutes or hours, never retained after useSecurity by design — no purpose to retain.UK GDPR Art 5(1)(c) data minimisation.

3. How deletion happens

  • Self-serve: from Settings → Your data you can download everything we hold about you and request account closure. Closure anonymises your profile in-place; legally-held records remain but no longer link to your identity.
  • Scheduled retention sweeps: a nightly job applies the cutoffs in the schedule above. For applicants whose application is marked LOST, photographic ID is purged 30 days after the decision.
  • Subject Access Requests: in addition to the self-serve export above, you can request the full record by email — we respond within one month (UK GDPR Article 12).

4. Security of stored data

  • All third-party API credentials, OAuth tokens, and payment secrets are stored encrypted at rest using AES-256-GCM with authenticated encryption (envelope format v1:<iv>:<authTag>:<ciphertext>).
  • Database connections require TLS; the public web app and API terminate TLS 1.3 at the edge.
  • Photographic ID images are held in a retention vault that compresses originals to audit thumbnails once the original purpose has lapsed, and purges thumbnails on the schedule above. Encryption-at-rest for the ID-image blob layer is a roadmap item — currently the blobs sit on access-controlled storage gated behind authenticated download URLs.

5. Questions

For anything not covered by self-serve, contact our DPO at [email protected]. You can also complain to the Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint.