Run your channel-partner program with zero PII leakage.
Every builder we've met runs the same playbook: sales-head WhatsApps a fresh lead roster to fifteen channel partners every morning, three of them forward it to two more sub-brokers each, by Wednesday the same buyer is being called by nine different agents and your brand sits on the wrong end of a complaint. SaudaFlow ends that.
Push every lead to one partner as a sealed envelope — sealed using X25519 against the partner's public key, so the lead opens on their device and nowhere else. Watch the resulting site visits, calls and bids land on your dashboard in real time. GST-correct commission tranches accrue the moment a deal advances from token to agreement to possession — no month-end reconciliation spreadsheet, no disputed broker invoices, no “but I sent that client first” arguments at 11pm. The CRM Indian builders use to keep their channel program honest, fast and auditable.
Three things every builder ops head loses sleep over.
We've sat in the war rooms at Powai, Worli and Whitefield project sales offices. The same three problems show up in every conversation.
You can't see what brokers are doing with your leads.
The lead leaves your CRM as a CSV attached to a WhatsApp message. Forty-eight hours later you have no idea whether it was called, ignored, double-sold, or forwarded to a sub-broker in another city. Your sales-head asks for an MIS by Friday and the only honest answer is “let me check with the partners”. That call takes three days. By then the buyer has been re-pitched by a competitor.
GST-correct commission accruals are a spreadsheet nightmare.
Token paid, 30% accrues. Agreement registered, another 40%. Possession handed over, the final 30% — minus TDS, plus GST, against the partner's GSTIN, with place-of-supply logic if the partner is inter-state. Your finance team rebuilds this in Excel every month. Two columns get mis-pasted, a partner is paid twice, a refund clawback drags into the next quarter and your auditor flags it. Every. Single. Month.
Site-visit check-in happens in WhatsApp groups that vanish next month.
The broker brings a buyer to Powai, takes a selfie at the sample flat, forwards it to the “Powai Sales — Phase 2” group. Three months later that buyer disputes attribution. The group has 256 members, you can't search inside it, and the original message is buried under 4,000 newer ones. No audit trail. No defensible record. RERA complaint shows up and your only evidence is a screenshot a junior took.
Five primitives. One coherent channel-partner machine.
Not a feature list. Not a dashboard. A chain of cryptographically-linked actions that turns chaotic broker management into a deterministic pipeline.
Push leads to brokers as sealed envelopes
Every lead share is sealed with X25519 against the recipient broker's public key. Only their device — with the passphrase only they know — can decrypt. No proxy server in the middle has the plaintext. No SaudaFlow employee can open it. No other broker on your panel can see it.
- Single click to share with one or multiple partners (tier-based rules)
- Auto-expire shares after N days if no action
- Revoke at any time — historical access cut off in 1.2 seconds
Watch the audit log in real time
Broker called. Site visit scheduled. Token quoted. Bid placed. Counter-offered. Every event lands on your developer dashboard within 2 seconds of the broker recording it on their device — even though you can't read the PII underneath.
Tranche-based commission accrual
The moment a deal advances from Token to Agreement to Possession, the commission tranche accrues automatically — at the rate negotiated for that partner tier, against that project, net of TDS, plus GST.
GST-correct invoices with the partner's GSTIN
When a tranche is approved for payout, SaudaFlow generates the partner's invoice against their GSTIN — with place-of-supply, HSN/SAC code, TDS certificate reference, and GST bifurcation all pre-filled. Your CFO downloads a ZIP at month-end and uploads to Tally / Zoho Books unchanged.
- Place-of-supply auto-resolved (inter-state vs intra-state)
- HSN 997212 (real estate brokerage) pre-coded
- Auto-attach TDS 194H certificate when downloaded
Encryption by construction — HQ can't read your leads even if subpoenaed
Your tenant master key is derived from a passphrase only your team knows (scrypt-hardened). Every lead name, every phone, every email is encrypted with a per-record DEK before it touches our database. SaudaFlow staff have zero technical capability to read tenant plaintext. Not policy. Not promise. Math.
Four screens your sales and finance teams will live in.
Projects + Inventory matrix
Tower × floor × unit, status-colored. Available, blocked, sold, under-token, registered. Click a unit to see who's shown it, who's bid, who's held the token.
Inquiries Kanban
Drag a lead from New to Qualified to Site-Visit to Token. One click to push to a partner — drag the card onto their avatar in the right rail.
Commissions ledger
Per-partner tranches, approval workflows, GST invoices. CFO-signoff with a dual-approval flow above ₹5L.
Site visits
Week + month calendar. Drag-to-reschedule, conflict detection, geo-fenced checkin from the broker app. Photo evidence stamped to the visit record.
From boutique Bandra infill to DLF-scale township.
The same primitive — sealed lead share — works at every scale because the model is just “one builder, N partners, M projects, K tranches”. We just turned the dial on multi-tenancy and indexing.
50K+ units, 1000+ brokers, multi-city
- Tower-floor-unit matrix scales to 100K units per project without paginating
- Multi-region channel manager hierarchy (region → city → cluster → partner)
- Cross-project pipeline rollups, board-grade exports for monthly review
- SSO, SCIM provisioning, dedicated tenant key custody (HSM-backed)
Marathon-class, Pune-based, 5-15 projects
- Channel partner tiers (Platinum / Gold / Silver) with auto-rule routing
- GMV scoreboards, monthly winners, quota tracking against project booking targets
- Tiered commission rates (1.5% Silver → 2.25% Gold → 3% Platinum) auto-applied
- Partner of the Month emails generated and sent via WhatsApp template
Single project, Bandra-Worli infill
- 5-20 hand-picked channel partners, white-glove relationship
- HNI buyer profile capture — UHNW flag, source-of-funds note (encrypted)
- Curated, low-volume — only 60-90 leads / month, but each one matters
- Custom inventory layouts (duplex, garden flat, penthouse — non-grid)
Your leads. Your keys.
We literally can't read your data.
Every PII field is encrypted client-side before it touches our servers. The key that unlocks it is derived from a passphrase only your team knows. We at SaudaFlow HQ — and even a hostile insider — have zero cryptographic capability to read your tenant's plaintext. That's not a policy or a promise. It's a guarantee enforced by the same math that secures Signal and 1Password.
// Every ciphertext is bound to its tenant,
// its record id, and its field name.
// Cross-tenant or cross-field swaps fail.
export function buildAAD(
tenantId: string,
kind: 'lead' | 'visit',
id: string,
field: string,
): Uint8Array {
return utf8(
`${tenantId}|${kind}|${id}|${field}`
);
}
// Example AAD for a lead name field:
// `t_4f2a|lead|ld_8c91|name`
await xchacha20poly1305.seal(
dek, nonce, plaintext,
buildAAD(tid, 'lead', leadId, 'name'),
);Bound AAD is the difference between “encryption that hides bytes” and “encryption that's actually safe”. A stolen lead row can't be replayed as another tenant's data. A field can't be swapped with another field of the same length. The math refuses to decrypt.
One tier. No upsell ladder.
The same price every builder pays. The same features every builder gets. Discounts come on annual billing, not on whether you negotiated well.
Per-seat, per-month
What builders tell us, off the record.
These are paraphrased from real conversations with ops heads, BD VPs and channel sales leads. Names are placeholders until launch customers go on the record.
In Pune the broker network is everyone's second-cousin. The day a lead leaks to a competitor I lose a ₹2 Cr ticket. The sealed envelope model just makes that impossible — I can't over-share even if I want to.
My BD team in Mumbai used to fight with finance every month over who got credited for which booking. With tranche-based accrual, the math is right the first time. Token paid, 30% locked. No arguments.
Bengaluru runs on speed. The 2-second sync from broker checkin to my dashboard is the only thing that lets me run Saturday open-house weekends without losing track. The DPDP audit trail is the bonus, not the headline.
Questions every builder asks us.
If yours isn't here, write to builders@saudaflow.in — Mowgli answers within the working day.
How does the lead-sharing primitive actually work?
How does the lead-sharing primitive actually work?
Can my CFO export GST data without giving the encryption keys to anyone?
Can my CFO export GST data without giving the encryption keys to anyone?
What if a broker leaves my panel — can I revoke their access to historical leads?
What if a broker leaves my panel — can I revoke their access to historical leads?
share records are tombstoned, our API refuses to serve them, and their app receives a forced wipe of the local encrypted lead cache on next sync (typically within 1.2 seconds of revocation). They retain the cryptographic capability to decrypt anything they already exported offline — that's a property of all end-to-end encryption — but any new deal claim against those leads is auto-blocked, and your audit log captures the revocation event with timestamp + actor.How does this play with my Razorpay / Stripe payouts?
How does this play with my Razorpay / Stripe payouts?
What’s the minimum onboarding time?
What’s the minimum onboarding time?
Start your developer trial.
14 days. Every feature. No credit card. Bring your first three projects, your top ten brokers, and a real lead pipeline. If you don't see ROI in week one, you owe us nothing and you take your encrypted bundle with you.