Built for builders.
Encrypted by construction.
Every builder we've met runs the same playbook: sales-head WhatsApps a fresh lead roster to fifteen channel partners every morning, three of them forward it to two more sub-brokers each, by Wednesday the same buyer is being called by nine different agents and your brand sits on the wrong end of a complaint. SaudaFlow ends that.
Push every lead to one partner as a sealed envelope — sealed using X25519 against the partner's public key, so the lead opens on their device and nowhere else. Watch the resulting site visits, calls and bids land on your dashboard in real time. VAT-correct commission tranches accrue the moment a deal advances from token to agreement to possession — no month-end reconciliation spreadsheet, no disputed broker invoices, no “but I sent that client first” arguments at 11pm. The CRM Gulf and Indian builders use to keep their channel program honest, fast and auditable.
Three things every builder ops head loses sleep over.
We've sat in the war rooms at Dubai Marina, Business Bay and Yas Island project sales offices. The same three problems show up in every conversation.
You can't see what brokers are doing with your leads.
The lead leaves your CRM as a CSV attached to a WhatsApp message. Forty-eight hours later you have no idea whether it was called, ignored, double-sold, or forwarded to a sub-broker in another city. Your sales-head asks for an MIS by Friday and the only honest answer is “let me check with the partners”. That call takes three days. By then the buyer has been re-pitched by a competitor.
VAT-correct commission accruals are a spreadsheet nightmare.
Token paid, 30% accrues. Agreement registered, another 40%. Possession handed over, the final 30% — minus TDS, plus VAT, against the partner's FTA, with place-of-supply logic if the partner is inter-state. Your finance team rebuilds this in Excel every month. Two columns get mis-pasted, a partner is paid twice, a refund clawback drags into the next quarter and your auditor flags it. Every. Single. Month.
Site-visit check-in happens in WhatsApp groups that vanish next month.
The broker brings a buyer to Dubai Marina, takes a selfie at the sample flat, forwards it to the “Dubai Marina Sales — Phase 2” group. Three months later that buyer disputes attribution. The group has 256 members, you can't search inside it, and the original message is buried under 4,000 newer ones. No audit trail. No defensible record. DLD complaint shows up and your only evidence is a screenshot a junior took.
Five primitives. One coherent channel-partner machine.
Not a feature list. Not a dashboard. A chain of cryptographically-linked actions that turns chaotic broker management into a deterministic pipeline.
Push leads to brokers as sealed envelopes
Every lead share is sealed with X25519 against the recipient broker's public key. Only their device — with the passphrase only they know — can decrypt. No proxy server in the middle has the plaintext. No SaudaFlow employee can open it. No other broker on your panel can see it.
- Single click to share with one or multiple partners (tier-based rules)
- Auto-expire shares after N days if no action
- Revoke at any time — historical access cut off in 1.2 seconds
Watch the audit log in real time
Broker called. Site visit scheduled. Token quoted. Bid placed. Counter-offered. Every event lands on your developer dashboard within 2 seconds of the broker recording it on their device — even though you can't read the PII underneath.
Tranche-based commission accrual
The moment a deal advances from Token to Agreement to Possession, the commission tranche accrues automatically — at the rate negotiated for that partner tier, against that project, net of TDS, plus VAT.
VAT / TRN-correct invoices with the partner's FTA
When a tranche is approved for payout, SaudaFlow generates the partner's invoice against their FTA — with place-of-supply, HSN/SAC code, TDS certificate reference, and VAT bifurcation all pre-filled. Your CFO downloads a ZIP at month-end and uploads to Tally / Zoho Books unchanged.
- Place-of-supply auto-resolved (inter-state vs intra-state)
- HSN 997212 (real estate brokerage) pre-coded
- Auto-attach TDS 194H certificate when downloaded
Encryption by construction — HQ can't read your leads even if subpoenaed
Your tenant master key is derived from a passphrase only your team knows (scrypt-hardened). Every lead name, every phone, every email is encrypted with a per-record DEK before it touches our database. SaudaFlow staff have zero technical capability to read tenant plaintext. Not policy. Not promise. Math.
Four screens your sales and finance teams will live in.
Projects + Inventory matrix
Tower × floor × unit, status-colored. Available, blocked, sold, under-token, registered. Click a unit to see who's shown it, who's bid, who's held the token.
Inquiries Kanban
Drag a lead from New to Qualified to Site-Visit to Token. One click to push to a partner — drag the card onto their avatar in the right rail.
Commissions ledger
Per-partner tranches, approval workflows, VAT / TRN invoices. CFO-signoff with a dual-approval flow above AED 25k.
Site visits
Week + month calendar. Drag-to-reschedule, conflict detection, geo-fenced checkin from the broker app. Photo evidence stamped to the visit record.
Boutique to mega-developer.
The same primitive — sealed lead share — works at every scale because the model is just “one builder, N partners, M projects, K tranches”. We just turned the dial on multi-tenancy and indexing.
50K+ units, 1000+ brokers, multi-city
- Tower-floor-unit matrix scales to 100K units per project without paginating
- Multi-region channel manager hierarchy (region → city → cluster → partner)
- Cross-project pipeline rollups, board-grade exports for monthly review
- SSO, SCIM provisioning, dedicated tenant key custody (HSM-backed)
5-15 projects, 50-200 brokers
- Channel partner tiers (Platinum / Gold / Silver) with auto-rule routing
- GMV scoreboards, monthly winners, quota tracking against project booking targets
- Tiered commission rates (1.5% Silver → 2.25% Gold → 3% Platinum) auto-applied
- Partner of the Month emails generated and sent via WhatsApp template
Single tower, Palm / DIFC infill
- 5-20 hand-picked channel partners, white-glove relationship
- HNI buyer profile capture — UHNW flag, source-of-funds note (encrypted)
- Curated, low-volume — only 60-90 leads / month, but each one matters
- Custom inventory layouts (duplex, garden flat, penthouse — non-grid)
Your leads. Your keys.
We literally can't read your data.
Every PII field is encrypted client-side before it touches our servers. The key that unlocks it is derived from a passphrase only your team knows. We at SaudaFlow HQ — and even a hostile insider — have zero cryptographic capability to read your tenant's plaintext. That's not a policy or a promise. It's a guarantee enforced by the same math that secures Signal and 1Password.
// Every ciphertext is bound to its tenant,
// its record id, and its field name.
// Cross-tenant or cross-field swaps fail.
export function buildAAD(
tenantId: string,
kind: 'lead' | 'visit',
id: string,
field: string,
): Uint8Array {
return utf8(
`${tenantId}|${kind}|${id}|${field}`
);
}
// Example AAD for a lead name field:
// `t_4f2a|lead|ld_8c91|name`
await xchacha20poly1305.seal(
dek, nonce, plaintext,
buildAAD(tid, 'lead', leadId, 'name'),
);Bound AAD is the difference between “encryption that hides bytes” and “encryption that's actually safe”. A stolen lead row can't be replayed as another tenant's data. A field can't be swapped with another field of the same length. The math refuses to decrypt.
One tier. No upsell ladder.
The same price every builder pays. The same features every builder gets. Discounts come on annual billing, not on whether you negotiated well.
Per-seat, per-month
What builders tell us, off the record.
These are paraphrased from real conversations with ops heads, BD VPs and channel sales leads. Names are placeholders until launch customers go on the record.
We run six towers across Dubai Marina and Business Bay. The minute a lead leaves my CRM as a CSV, I lose accountability. SaudaFlow keeps the lead encrypted end-to-end — I can revoke a broker tomorrow and they lose access instantly.
My finance lead used to spend 11 hours a month reconciling broker commissions across Excel sheets. The tranche ledger means we close commissions on the 1st of the month, not the 20th.
The thing that sold me was being able to read the AAD pattern in their public whitepaper and verify with my own crypto consultant. Most CRMs say “encrypted at rest”. SaudaFlow shows their math.
Questions every builder asks us.
If yours isn't here, write to builders@saudaflow.in — Mowgli answers within the working day.
How does the lead-sharing primitive actually work?
How does the lead-sharing primitive actually work?
Can my CFO export VAT / TRN data without giving the encryption keys to anyone?
Can my CFO export VAT / TRN data without giving the encryption keys to anyone?
What if a broker leaves my panel — can I revoke their access to historical leads?
What if a broker leaves my panel — can I revoke their access to historical leads?
share records are tombstoned, our API refuses to serve them, and their app receives a forced wipe of the local encrypted lead cache on next sync (typically within 1.2 seconds of revocation). They retain the cryptographic capability to decrypt anything they already exported offline — that's a property of all end-to-end encryption — but any new deal claim against those leads is auto-blocked, and your audit log captures the revocation event with timestamp + actor.How does this play with my Razorpay / Stripe payouts?
How does this play with my Razorpay / Stripe payouts?
What’s the minimum onboarding time?
What’s the minimum onboarding time?
Start your developer trial.
14 days. Every feature. No credit card. Bring your first three projects, your top ten brokers, and a real lead pipeline. If you don't see ROI in week one, you owe us nothing and you take your encrypted bundle with you.