--- title: "Secure Messages for Perfex CRM" date: 2026-03-06 author: "Jeroen Moolenschot" --- # Secure Messages for Perfex CRM **Version:** 1.0.0 **Author:** Cloudmill **Support:** [support@cloudmill.nl](mailto:support@cloudmill.nl) --- ## 1. Introduction **Secure Message**is a high-security extension for Perfex CRM that allows you to safely share sensitive information such as passwords, login credentials, API keys, or private notes. Unlike traditional messaging systems, this module uses **Zero-Knowledge AES-256 encryption**. All encryption happens **directly in the user's browser**, which means the server never receives or stores the original plaintext message. Only an encrypted version of the message is stored in the database, ensuring that sensitive data remains protected at all times. This approach significantly reduces the risk of data leaks or unauthorized access. --- ## 2. Installation Follow these steps to install the module in Perfex CRM. ### Step 1 – Download Download the module ZIP file from CodeCanyon. ### Step 2 – Upload the Module Log in to your **Perfex CRM Admin Panel** and navigate to: `Setup → Modules ` Click **Upload Module** and select: `secure_messages.zip ` ### Step 3 – Activate the Module After uploading, click **Activate** to enable the module. ### Step 4 – Configure Permissions Navigate to: `Setup → Staff → Permissions ` Enable the **Secure Messages** permission for the staff members who should be allowed to create and manage secure messages. --- ## 3. Data Destruction & Security The module is designed to ensure that sensitive information does **not remain stored longer than necessary**. Two independent mechanisms ensure automatic data removal. ### Burn-After-Reading When the **Burn-After-Reading** option is enabled: 1. The recipient opens the secure message. 2. The message is decrypted locally in the browser. 3. Once the message is opened, the encrypted record is **immediately deleted from the database**. This ensures that the message can **only be viewed once**. --- ### Automated Expiration via Cronjob Messages that are not configured for burn-after-reading are automatically removed using the **Perfex CRM Cronjob system**. The system performs the following actions: 1. The module stores an **expiration timestamp** when the message is created. 2. The **Perfex Cronjob runs**. 3. During each Cronjob execution, the module scans the database for expired messages. 4. Any message whose expiration time has passed is **permanently deleted** from the database. ### Cronjob Requirement Your **Perfex CRM Cronjob must be configured correctly** on the server. This ensures that expired secure messages are removed automatically and the database remains clean. --- ## 4. How the Encryption Works The module follows a **Zero-Knowledge security model**, meaning the server never has access to the decryption key. The process works as follows: ### Step 1 – Client-Side Encryption When a user creates a secure message, JavaScript encrypts the message using **AES-256 encryption** directly in the browser. ### Step 2 – Server Storage Only the **encrypted message blob** is sent to the server and stored in the database. The **decryption key is never stored on the server**. ### Step 3 – Secure Link The decryption key is embedded in the **URL fragment**, for example: ``` https://example.com/secure-message/abc123#decryptionkey ``` Everything after the `#` symbol is **never transmitted to the server** and only exists in the recipient's browser. ### Step 4 – Decryption When the recipient opens the link: 1. The browser extracts the key from the URL fragment. 2. The encrypted message is fetched from the server. 3. The browser decrypts the message locally. ### Step 5 – Cleanup When the message is read or when it expires, the encrypted data is **permanently removed from the database**. --- ## 5. Configuration You can configure the module defaults via: `Secure Messages → Settings ` Available configuration options include: ### Default Expiration Set the default lifetime for messages. Available options: - 1 day - 3 days - 7 days - 30 days - Never expire ### Default Self-Destruction Define the default behavior for new messages: - **Burn After Reading** - **Time-based Expiration** ### Cronjob Integration No additional configuration is required. The module automatically hooks into the **Perfex CRM Cronjob system** using the `after_cron_run` action to perform cleanup tasks. --- ## 6. Changelog ### Version 1.0.0 – March 2026 Initial release. Features include: - Client-side **AES-256 encryption** - **Zero-Knowledge architecture** - **Burn-after-reading** secure messages - **Automatic Cronjob cleanup** for expired messages - Support for **20+ languages**, including: - Brazilian Portuguese - Bulgarian - Canadian French - Catalan - Chinese - Czech - Dutch - English - Finnish - French - German - Greek - Indonesia - Italian - Japanese - Norwegian - Persian - Polish - Portuguese - Romanian - Russian - Slovak - Spanish - Swedish - Turkish - Ukrainian - Vietnamese --- ## 7. Support If you encounter any issues or need help with installation, configuration, or usage, please contact: **[support@cloudmill.nl](mailto:support@cloudmill.nl)**