A POPIA-compliant CRM,
built for South African businesses.
The Protection of Personal Information Act (POPIA) governs how South African businesses handle customer data. Allsorts CRM was designed with that responsibility in mind from day one β not bolted on afterwards.
Data isolation by design
Every organization's contacts, deals, and tasks are scoped behind a single tenant guard on every database query β no customer data is ever visible across accounts.
Learn more βEncrypted credentials at rest
Passwords are hashed with bcrypt. If you connect your own SMTP server to send email, that password is encrypted with AES-256-GCM β never stored or transmitted in plain text.
Learn more βYou control what's collected
The CRM only stores what you enter β contacts, companies, deal details, and task notes. There's no hidden tracking of your customers' data beyond what your team logs.
Learn more βAccess control
Role-based permissions (Owner, Admin, Member) mean only the right people in your organization can invite teammates or change billing and integration settings.
Learn more βSession and account security
Optional two-factor authentication (TOTP, the same standard as Google Authenticator) with one-time backup codes, plus automatic account lockout after repeated failed login attempts.
Learn more βA full audit trail
Every note, stage change, and completed task is logged to a per-record activity timeline your team can review β nothing happens silently.
Learn more βHow this is actually implemented
Rather than describe compliance in marketing language alone, here is specifically what happens under the hood:
- βEvery database query for contacts, deals, tasks, and documents is scoped by organization ID at a single, central checkpoint β there is no code path that can accidentally return another organization's data.
- βUser passwords are hashed with bcrypt (industry-standard, one-way β we cannot see or recover your password). Your own SMTP credentials, if you connect one, are encrypted with AES-256-GCM, a reversible cipher only used because the server genuinely needs the plaintext to send email on your behalf.
- βRepeated failed login attempts trigger an automatic, temporary account lockout β a standard defense against password-guessing attacks.
- βTwo-factor authentication is available to every user at no extra cost, not reserved for a higher plan.
Important note
Allsorts CRM helps you handle customer data responsibly, but POPIA compliance for your business also depends on how your team uses the system β what you collect, your privacy notices, and your own internal processes. We recommend reviewing your specific obligations with a qualified advisor. See our Privacy Policy for the full detail on what we collect and why.
Allsorts CRM is built by Allsorts Web Designers, the same East London-based team behind QR Code Pro, South Africa's POPIA-conscious dynamic QR code platform. See our pricing or explore solutions for real estate, consultants, and construction businesses.