Safe Messages for Perfex CRM — Zero-Data encrypted hyperlink sharing
Generate encrypted, self-destructing hyperlinks for passwords, credentials, API keys and confidential notes — instantly inside Perfex CRM. The server by no means sees the plaintext. Ever.
Necessary: That is an add-on module for Perfex CRM. A sound Perfex CRM license is required. Perfex CRM is offered individually at CodeCanyon.
The issue this solves
Each time you ship a credential by way of electronic mail, WhatsApp or Slack, you create a everlasting, searchable file of that secret. Safe Messages eliminates that danger by giving your staff a devoted, encrypted channel inside Perfex CRM.
Zero-Data Structure
Most “safe sharing” instruments encrypt information on the server — which implies the service supplier technically has entry to your secrets and techniques. Safe Messages makes use of a basically totally different strategy: all encryption and decryption occurs within the browser utilizing AES-256.
The encryption key’s appended to the hyperlink as a URL fragment (the half after #). Fragments are by no means despatched to the server in HTTP requests. Your database shops solely ciphertext. Even with full database entry, the content material is unreadable with out the important thing — and the important thing lives solely within the shared URL.
The way it works
- Compose your message — Paste your delicate content material (passwords, API keys, credentials). Add an inside reference label on your personal bookkeeping.
- Configure safety — Select an expiry window (1, 3, 7 or 30 days — or by no means). Allow burn-after-reading. Optionally require a password earlier than decryption.
- Share the hyperlink — Copy and ship the URL. As soon as the recipient reads the message, it’s completely deleted. The hyperlink in your chat historical past turns into a useless finish.
Options
- Zero-Data AES-256 encryption — Encryption key’s solely within the URL hash, by no means saved on the server
- Burn-after-reading mode — Content material is deleted from the database instantly after the primary view
- Time-bound expiry (1 / 3 / 7 / 30 days / by no means) — Automated cleanup by way of Perfex cron integration
- Non-obligatory password gate — bcrypt-verified password examine earlier than decryption begins
- Firm branding on public view — Show your emblem as a substitute of the default icon
- Admin overview with DataTable — All energetic hyperlinks in a single sortable, filterable desk with one-click delete
- International defaults in Settings panel — Set default expiry, burn mode and password on your entire staff
- Perfex native position permissions — View, create and delete capabilities per employees position
- Inner reference / label discipline — On your personal administration, clearly disclosed within the UI
- Search engine optimisation-safe public view — Public pages carry
noindex, nofollow, noarchivemeta tags - 32-character random hyperlink identifier — Not guessable, not sequential
- 22+ included languages — Full translation information for admin and public views
- No exterior SaaS dependency — Runs totally by yourself server
- Clear set up / uninstall — Single-table schema (
tbl_secure_messages), clear uninstall removes all information
Who makes use of this
- Net companies and IT service suppliers — Share internet hosting credentials and server entry with purchasers securely
- Accounting and finance companies — Ship credentials with out leaving a paper path in electronic mail
- Software program growth groups — Distribute API keys and setting secrets and techniques with out polluting Slack historical past
- Authorized and compliance groups — Share entry information with counterparties in a manner that routinely expires
- Healthcare and HR departments — Transmit delicate private information in a GDPR-conscious manner
Incessantly requested questions
Can the server administrator learn the encrypted messages?
No. The encryption key’s solely within the URL fragment (#). HTTP purchasers by no means ship the fragment to the server, so the bottom line is by no means transmitted or saved. The database incorporates solely AES-256 ciphertext — unreadable with out the URL.
What occurs if the recipient opens the hyperlink however doesn’t click on “Present Message”?
Nothing. The message is just destroyed when the recipient actively clicks the button. Merely opening the URL doesn’t set off deletion — so unintended hyperlink previews from messaging apps is not going to prematurely destroy the content material.
Can I get better a message after it has been burned or expired?
No. Deletion is everlasting. As a result of the important thing was by no means saved server-side, there isn’t a restoration path. That is by design.
Does this work with Perfex multi-staff setups?
Sure. Makes use of Perfex’s native capabilities system. View, create and delete permissions are assignable per position independently.
Is that this GDPR-compliant for sharing private information?
The module considerably reduces information publicity dangers as a result of plaintext is rarely saved and messages self-destruct. GDPR compliance is determined by your broader information processing context — seek the advice of your authorized advisor on your particular scenario.
Technical necessities
- Perfex CRM: 2.3.2 or greater
- PHP: 7.4 or greater (bcrypt help required)
- MySQL: 5.7+ / MariaDB 10.3+
- Browser: Any trendy browser with ES6+ help (Chrome, Firefox, Safari, Edge)
- Exterior dependency: CryptoJS 4.1.1 (loaded from Cloudflare CDN)
- Cron job: Perfex cron have to be energetic for automated expiry cleanup
This module makes use of just one new database desk and doesn’t modify any present Perfex tables or core information.
Changelog
v1.1.0 (07-04-2026)
- Add PHPDoc feedback throughout Safe Messages module for improved code readability and maintainability
- Don’t load property from CDN
- All JavaScript ought to be written with “use strict” mode on.
- No inline scripts or types except dynamic.
v1.0.0 — Preliminary launch (01-04-2026)
Full Zero-Data AES-256 encryption, burn-after-reading, time-bound expiry, elective bcrypt password gate, firm emblem help, admin DataTable overview, world settings, Perfex role-based permissions, automated cron cleanup, 22+ language information, clear set up and uninstall scripts.
