The CRM (Customer Relationship Manager) plugin is a data integration layer that manages essential registration data tied to a Midaz account user—also referred to as the Holder, Owner, or Customer. In Midaz, this user is represented by the Entity.

This plugin does not belong to the ledger’s transactional domain. Instead, it enriches ledger accounts with business-relevant attributes without interfering with the ledger's logic or performance.

CRM is where user metadata lives. It's not about balances, transfers, or fees—it's about who's behind the account and what you need to know to operate your business.

Why use the CRM?

Midaz ledger accounts are generic by design, built to be transaction-first and domain-agnostic. The CRM plugin steps in to add meaning to those accounts, linking each one to detailed user profiles and business contexts.

Example use cases

• Banking (individuals and businesses)
  CRM stores identifiers like CPF or CNPJ, address, contact details, or account numbers, while Midaz handles the exact same transaction logic for either customer type.

• Supply chains (supplier, factory, retailer)
  CRM tracks metadata like supplier ID, warehouse location, or contractual info. This data doesn’t belong in the transaction, but it’s essential when deciding whether a transaction should be allowed.

📘

Note

CRM is a separate plugin. If you'd like to learn more or evaluate it for your use case, get in touch with our team.

Entities

CRM revolves around two core entities:

• Holder – The core entity in CRM, representing the persona associated with a ledger account on Midaz. It stores identity-related attributes and individual characteristics.
• Alias Account – Defines the business context associated with a Ledger Account in Midaz Ledger, including financial details such as bank account information.

In Figure 1, you can find an illustration of how the CRM entities are connected to Midaz.

Design principles

The CRM plugin is built for:

• Separation of concerns: Keeps user profile data out of transactional logic.
• System performance: No user-level orchestration inside Midaz core services.
• Integration flexibility: Each client can use CRM data to drive custom rules, without altering the ledger.

❗️

Important

CRM doesn’t validate ledger-level rules or compliance processes like KYC. It’s a neutral, persistent data layer designed for maximum interoperability.

API behavior

CRM is implemented as a standalone registry API. It provides persistence and structured access to non-transactional data linked to accounts on Midaz.

• It does not enforce validations such as user status, risk profile, or document verification.
• It is agnostic to the asset, ledger, or grouping logic used in Midaz accounts.
• It ensures consistent access to holder metadata without polluting the transactional layer.

Security & compliance

Lerian provides Midaz and its plugins as on-premise components—meaning you stay in control of your infrastructure, compliance policies, and user data lifecycle.

That said, we ensure security best practices by default:

• Data in transit is encrypted with industry-standard protocols.
• Data at rest is protected by encryption and fine-grained access controls.

We trust our clients to define and enforce their own policies around LGPD and other regional data protection regulations. CRM simply provides the structure.

Data deletion strategies

At Lerian, we treat data ownership seriously. That’s why the CRM plugin gives you full control over how information is removed, with two built-in options:

• Soft delete (default): The record stays in the database but is flagged as deleted. This is useful if you need to keep an audit trail or recover information later.
• Hard delete: If your internal policy requires complete removal, you can use a specific command to delete the data permanently—no recovery.

You're in charge. We don’t impose limits or assumptions on your data strategy. Each institution defines its own rules, and the plugin adapts securely and reliably.

Access control

Need to restrict who can access your CRM data? You can enable our Access Manager plugin to help you restrict who has access to the data.

Enabling Access Manager

To enable access control, first make sure Access Manager is installed. Then, open the .env file located in the root of the CRM folder using any text editor, and set the following environment variables:

# AUTH
PLUGIN_AUTH_ADDRESS=http://plugin-auth:4000
PLUGIN_AUTH_ENABLED=true

The CRM plugin will start enforcing access permissions based on your Auth setup.

⚠️

Attention

Access Manager is available as a part of the Enterprise model. If you'd like to learn more or evaluate it for your use case, get in touch with our team.