πŸ‡ΏπŸ‡¦ South African data protectionπŸ›‘οΈ POPIA Compliant

A POPIA-compliant CRM, built for South African businesses.

The Protection of Personal Information Act (POPIA) governs how South African businesses handle customer data. Allsorts CRM was designed with that responsibility in mind from day one β€” not bolted on afterwards.

crm.allsortswebdesigners.co.za/settings
Each organization's data isolated behind an encrypted tenant boundary

Data isolation by design

Every organization's contacts, deals, and tasks are scoped behind a single tenant guard on every database query β€” no customer data is ever visible across accounts.

Learn more β†’

Encrypted credentials at rest

Passwords are hashed with bcrypt. If you connect your own SMTP server to send email, that password is encrypted with AES-256-GCM β€” never stored or transmitted in plain text.

Learn more β†’

You control what's collected

The CRM only stores what you enter β€” contacts, companies, deal details, and task notes. There's no hidden tracking of your customers' data beyond what your team logs.

Learn more β†’

Access control

Role-based permissions (Owner, Admin, Member) mean only the right people in your organization can invite teammates or change billing and integration settings.

Learn more β†’

Session and account security

Optional two-factor authentication (TOTP, the same standard as Google Authenticator) with one-time backup codes, plus automatic account lockout after repeated failed login attempts.

Learn more β†’

A full audit trail

Every note, stage change, and completed task is logged to a per-record activity timeline your team can review β€” nothing happens silently.

Learn more β†’

How this is actually implemented

Rather than describe compliance in marketing language alone, here is specifically what happens under the hood:

  • βœ“Every database query for contacts, deals, tasks, and documents is scoped by organization ID at a single, central checkpoint β€” there is no code path that can accidentally return another organization's data.
  • βœ“User passwords are hashed with bcrypt (industry-standard, one-way β€” we cannot see or recover your password). Your own SMTP credentials, if you connect one, are encrypted with AES-256-GCM, a reversible cipher only used because the server genuinely needs the plaintext to send email on your behalf.
  • βœ“Repeated failed login attempts trigger an automatic, temporary account lockout β€” a standard defense against password-guessing attacks.
  • βœ“Two-factor authentication is available to every user at no extra cost, not reserved for a higher plan.

Important note

Allsorts CRM helps you handle customer data responsibly, but POPIA compliance for your business also depends on how your team uses the system β€” what you collect, your privacy notices, and your own internal processes. We recommend reviewing your specific obligations with a qualified advisor. See our Privacy Policy for the full detail on what we collect and why.

Allsorts CRM is built by Allsorts Web Designers, the same East London-based team behind QR Code Pro, South Africa's POPIA-conscious dynamic QR code platform. See our pricing or explore solutions for real estate, consultants, and construction businesses.

POPIA Compliant CRM Software South Africa | Allsorts CRM