Secure Messages for Perfex CRM

Generate encrypted, self-destructing links for passwords, credentials, API keys and confidential notes — directly inside Perfex CRM. The server never sees the plaintext. Ever.
Important: This is an add-on module for Perfex CRM. A valid Perfex CRM license is required. Perfex CRM is sold separately at CodeCanyon.
The problem this solves
Every time you send a credential through email, WhatsApp or Slack, you create a permanent, searchable record of that secret. Secure Messages eliminates that risk by giving your team a dedicated, encrypted channel inside Perfex CRM.
Zero-Knowledge Architecture
Most “secure sharing” tools encrypt data on the server — which means the service provider technically has access to your secrets. Secure Messages uses a fundamentally different approach: all encryption and decryption happens in the browser using AES-256.
The encryption key is appended to the link as a URL fragment (the part after #). Fragments are never sent to the server in HTTP requests. Your database stores only ciphertext. Even with full database access, the content is unreadable without the key — and the key lives only in the shared URL.
How it works
Compose your message — Paste your sensitive content (passwords, API keys, credentials). Add an internal reference label for your own bookkeeping.
Configure protection — Choose an expiry window (1, 3, 7 or 30 days — or never). Enable burn-after-reading. Optionally require a password before decryption.
Share the link — Copy and send the URL. Once the recipient reads the message, it is permanently deleted. The link in your chat history becomes a dead end.
Features
Zero-Knowledge AES-256 encryption — Encryption key is only in the URL hash, never stored on the server
Burn-after-reading mode — Content is deleted from the database immediately after the first view
Time-bound expiry (1 / 3 / 7 / 30 days / never) — Automatic cleanup via Perfex cron integration
Optional password gate — bcrypt-verified password check before decryption starts
Company branding on public view — Display your logo instead of the default icon
Admin overview with DataTable — All active links in one sortable, filterable table with one-click delete
Global defaults in Settings panel — Set default expiry, burn mode and password for your whole team
Perfex native role permissions — View, create and delete capabilities per staff role
Internal reference / label field — For your own administration, clearly disclosed in the UI
SEO-safe public view — Public pages carry noindex, nofollow, noarchive meta tags
32-character random link identifier — Not guessable, not sequential
22+ included languages — Full translation files for admin and public views
No external SaaS dependency — Runs entirely on your own server
Clean install / uninstall — Single-table schema (tbl_secure_messages), clean uninstall removes all data
Who uses this
Web agencies and IT service providers — Share hosting credentials and server access with clients securely
Accounting and finance firms — Deliver credentials without leaving a paper trail in email
Software development teams — Distribute API keys and environment secrets without polluting Slack history
Legal and compliance teams — Share access data with counterparties in a way that automatically expires
Healthcare and HR departments — Transmit sensitive personal data in a GDPR-conscious way