For brokers + prop firms

The CRM your operations team will actually use.

KYC with in-house OCR + face-match + sanctions screening. Settlement workflows for deposits, withdrawals, and chargebacks. Lead scoring, churn prediction, and fraud anomaly detection. All API-first, multi-tenant, fully audit-logged.

Sign in to the adminRead the docs

What ships in the box

In-house KYC

OCR + MRZ parser + face-match (tfjs-node). 5 KYC tiers. Manual reviewer with image gallery, approve/reject/more-info, audit trail. Replaces Sumsub fees.

Sanctions screening

OFAC SDN + UK OFSI + EU consolidated lists synced nightly. 29,766 entities matched against trader names with dice-coefficient fuzzy match. PEP list scaffolded.

Settlement workflows

Approve, reject, settle with fee + net + proof-URL + reconcile flag. Bulk-approve up to 50. Reverse with commission flip on chargebacks. Partial wires.

Intelligence

Lead scoring (0-100, 6 weighted signals). Fraud anomaly detection (velocity, structuring, high-value, new-trader heuristics). Churn risk model with urgency scores.

Affiliates / IB

Multi-tier commission ledger. Sub-affiliate trees. Payout requests. Reversed-commission KPIs. Click-tracking pixel. Per-symbol breakdown.

Communications

Resend / Twilio / WhatsApp adapters. Tiptap email editor. 5-step campaign builder. Workflow event triggers. Daily digest.

Reporting

Funnel + cohort + revenue-breakdown + activity + SLA + position heatmap. CSV export on every queue. Read-only SQL sandbox for power users.

Enterprise

SAML/OIDC SSO scaffold. SIEM export forwarder. Multi-region data residency hooks. PII encryption. SOC 2 evidence runbook. Public status page + auto-changelog.

Built for ops

Cmd-K global search. Saved views per operator. Light/dark theme. Notifications bell. SLA tracking. Trader merge. View-as-trader impersonation. Idle-timeout autolock.

Built right

API-first. Multi-tenant. Audited.

  • • 173+ REST endpoints with full OpenAPI spec + SDKs (Python / PHP / Go / TypeScript)
  • • Postgres row-level security on every tenant-scoped table (40+ policies enforced at the DB)
  • • Argon2id passwords + WebAuthn passkeys + 2FA + login lockout
  • • Idempotent HTTP requests via Idempotency-Key header (24h replay window)
  • • Webhook subscriptions with HMAC signing + delivery retry + replay UI
  • • Per-tenant rate limits + usage quotas + billing

Observable

Production-grade reliability.

  • • /health/deep probes Postgres, Redis, MinIO, LumireOne, SMTP, Stripe
  • • Prometheus + Loki + Grafana stack ships in the box
  • • Daily pg_dump backup + nightly restore drill against scratch DB
  • • Sentry breadcrumbs across api / admin / portal / workers
  • • 16/16 Playwright e2e tests + 14/14 multi-tenant rehearsal
  • • k6 load test baseline: 280 req/s sustained, p95=13ms p99=23ms