· crm · 3 min read · Save it 👉

An Insurance Specific CRM

In the works, an insurance CRM dedicated to brokers facilitating all insurance requirements.

In the works, an insurance CRM dedicated to brokers facilitating all insurance requirements.

Insurance Dedicated CRM: The Next Generation Fix for the Insurance World

I have quietly been working on a comprehensive, open-source insurance CRM platform featuring enterprise-grade encryption, PWA capabilities, and AI-powered insights. You can manage leads, clients, quotes, policies, documents, tasks, payments and claims all in one secure, powerful system.

Advanced Features for Modern Insurance Brokerages

  • End-to-End Encryption AES-256-CBC encryption protects passwords, notes, and sensitive client data at rest and in transit.

  • Real-Time Notifications Integrated management notifications with priority-based alerts and task reminders.

  • AI-Powered Insights Intelligent document analysis, automated insights, and recommendations to optimise business performance.

  • Multi-Team Architecture Secure team-based data isolation with granular role-based access controls and audit logging.

  • Offline-First PWA Work seamlessly offline with service worker caching, background sync, and installable app experience.

  • Comprehensive Audit Trail Complete change tracking and audit logging for compliance, security, and business intelligence.

The Technology Stack

Built with modern, proven technologies for reliability and maintainability.

Frontend Technologies

  • React 18 with TypeScript for component-based UI
  • Vite for fast build tooling and development
  • TanStack Query for efficient server state management
  • Tailwind CSS for utility-first styling
  • PWA Support with offline capabilities

Backend Technologies

  • Express.js with TypeScript for the API server
  • PostgreSQL for robust data persistence
  • Drizzle ORM for type-safe database operations
  • Passport.js for authentication strategies
  • Comprehensive APIs with full validation

This project is a work in progress, with many more things on the horizon before it is considered in terms of a launch (and if it even gets that far!). There is a demo environment at https://demo.jordan-mitchell.co.uk - after you sign up, I will approve (this is done daily or every couple of days, so please be patient). You can leave feedback and if this gathers some interest, I will look to officially launch once I have tidied up the remaining imperfections.

This application has been very much an ongoing build, which started a few years back when I had my own insurance brokerage so, most factors were based on real-life niggles / frustrations. To say that this application is thorough and incredibly extensive is an understatement.

Some of the features, are as follows;

Database Architecture

  • Team Isolation: Every entity includes teamId for complete data separation
  • Audit Trails: Comprehensive logging with createdBy, updatedBy, and timestamps
  • UUID Primary Keys: gen_random_uuid() for all entity identifiers
  • Soft Deletes: isActive flags maintain data integrity
  • Drizzle ORM: Type-safe database operations with schema validation

API Architecture

  • RESTful Design: Consistent resource-based URL patterns
  • Zod Validation: Runtime type checking for all inputs
  • Middleware Stack: Authentication, authorisation, and security layers
  • Error Handling: Comprehensive error responses with proper HTTP codes
  • Rate Limiting: Built-in protection against abuse and DoS attacks

Frontend Architecture

  • Component-Based: Reusable React components with TypeScript
  • State Management: TanStack Query for server state, Context for client state
  • PWA Features: Offline support, push notifications, and app-like experience
  • Optimised Performance: Code splitting, lazy loading, and intelligent caching
  • Modern Tooling: Vite for fast builds, ESLint for code quality

Security Implementation

  • Session-Based Auth: Secure server-side session management
  • RBAC System: Role-based access control with team permissions
  • AES-256-GCM Encryption: Automatic encryption/decryption of sensitive fields
  • Transparent Decryption: Seamless decryption in application layer
  • Searchable Hashes: Hash storage for encrypted field searching
  • Security Headers: Helmet.js for CSP, XSS protection, and more
  • Input Sanitisation: DOMPurify and validation at every layer
  • Audit Logging: Comprehensive security event tracking

Have a play… I will when I approve add you to your own team - let me know what you think and please, leave feedback for anything you think would be good to add.

Thank you! You can reach me on my email here, should you have any questions (it’s intentionally a forwarding address to avoid bots!).

P.S. I haven’t thought of a name yet for the application so, should you have any ideas - I’m all ears!!

Share:
Back to Blog