DIWAN
The register of every relationship.
Launch briefing · 2026 · diwan-crm.com
Your customers deserve more than a CRM.
A.D. 638 · from Córdoba to the Indus
The world's first CRM was built 1,400 years ago.
Early caliphates managed the web of human relationships holding their empire together with one institution: the Diwan. The register, the council, the ledger of every person, every obligation, every promise made and kept.
The problem
Today's CRMs store contacts. They miss context.
- They log transactions but forget trust.
- They track pipelines but lose the person.
- They fragment what was meant to be one record.
- And they live in somebody else's cloud, in a region the vendor chose.
An enterprise is only as strong as its register.
Yet most enterprises cannot confidently name where their register lives.
The question nobody answers clearly
Where, exactly, does your customer record live?
- In a region you did not choose.
- Under keys you do not hold.
- Governed by a DPA, not by your operators.
- Visible to a vendor's support staff when you least expect.
- Portable on paper, immovable in practice.
This is a problem every regulated enterprise has quietly accepted. We stopped accepting it.
The customer record should come home.
Not rented. Not hosted by a vendor. Owned.
Introducing
Diwan.
An intelligent customer relationship platform. The sovereign register of every interaction, commitment, and promise. Deployed into your infrastructure.
The thesis
Sovereign by deployment, not by contract.
Not a slot you rent in a vendor's multi-tenant cloud. A platform that ships to you, runs in your infrastructure, and keeps your customer register in the region you chose, under the keys you hold.
What makes Diwan different
Four convictions. One register.
Unified register
One record across sales, service, marketing, omnichannel. Truth cannot be distributed.
Metadata-native
Objects, fields, layouts, workflows are data. Tenants configure — they do not fork.
Private deployment
Ships into your cloud, your region, your keys. The register stays home.
Audit-grade sovereignty
Row-level tenant isolation. Hash-chained audit. Field-level encryption. Regulators first, not last.
The deployment model
Your infrastructure. Our platform.
Diwan ships as audited Helm charts, signed container images, and Terraform modules. Deployed into the environment you choose. We operate the upgrade pipeline. You operate the data.
Your cloud
AWS, Azure, GCP, sovereign regional clouds. Your accounts. Your networks. Your IAM.
Your region
Records never leave the country you chose. PDPA, GDPR, NDMO, PDPL, DFSA — answered by design.
Your keys
Field-level encryption anchored to KMS keys you own. The vendor cannot read what you do not share.
The platform surface
One codebase. The full customer register.
Industry packs
Domain-native, not generic.
Banking
Trust, safekeeping. Financial accounts, households, KYC, relationship managers, referrals.
Insurance
Fidelity, promise. Policies, coverages, claims, FNOL, underwriting, renewals.
Telco
Connectivity. Subscribers, service lines, devices, tickets, MACD orders. TM Forum-aligned.
Retail
Hospitality. Loyalty, stores, POS, clienteling, returns.
The landscape, honestly
We are not trying to be the next Salesforce.
The CRM market is mature and crowded. Salesforce, Microsoft Dynamics, Oracle, Freshworks, Zoho, HubSpot, SugarCRM — each has scale, reference customers, and a partner ecosystem we cannot replicate on day one. We are not asking you to replace your CRM with ours.
We are asking a narrower question: where the existing market does not fit, can a privately-deployed register serve you better? For a subset of enterprises — regulated, sovereignty-sensitive, or simply tired of renting their customer record — the answer is yes.
Our bets
Six design principles we are unwilling to compromise.
Private first
Single-tenant instances, deployed into the customer's infrastructure. Public multi-tenant SaaS is available from many vendors; none are us.
Metadata before code
Every object, field, layout, and workflow is declarative. Customizations survive upgrades. The platform bends.
Auditable by default
Hash-chained audit log, row-level isolation, append-only mutations. The register proves itself without asking.
Open-stack, not proprietary
Postgres, Keycloak, Temporal, OpenSearch, Kafka. Hireable skills. Replaceable components.
TypeScript-native
One language across platform, SDK, and extensions. No Apex. No proprietary runtime.
Regional, not imported
Workflows, packs, and locales built for APAC and MENA — not retrofitted from a US template.
Where we fit
The workloads we are built for.
We are a good fit when
- Data residency or sovereignty is non-negotiable.
- Regulators require an auditable on-premise or in-region deployment.
- The existing CRM is a cost or customization ceiling, not a feature ceiling.
- The team can run, or is willing to run, a modern Kubernetes workload.
- The organization wants to own the platform long-term, not rent it indefinitely.
We are honest about when we are not
- If you need a 10-user team to be live next Tuesday, SaaS CRMs are faster.
- If your industry needs a massive third-party app marketplace, we don't have one yet.
- If you need deep Marketing Cloud-grade journey orchestration today, ours is maturing.
- If you will not run your own infrastructure, we are not your platform.
How we compare, carefully
Not a feature race. A deployment choice.
| Dimension | Public multi-tenant SaaS (Salesforce, Dynamics, etc.) |
Lightweight SaaS (Freshworks, Zoho, HubSpot) |
DIY / legacy suite | Diwan |
|---|---|---|---|---|
| Time to first value | Weeks | Days | Quarters | Weeks (pilot), months (production) |
| Feature breadth | Broad | Focused | Custom | Focused on the register |
| Data residency + customer-held keys | Contractual | Limited | Yes | Yes — by deployment |
| Single-tenant private deployment | Rare / priced high | No | Yes | Default |
| Metadata-native customization | Yes (mature) | Limited | Manual | Yes (day-one) |
| TypeScript / open-stack | Proprietary | Mixed | Any | Yes |
| Ecosystem + marketplace maturity | Extensive | Moderate | None | Early |
| Regulatory packs for APAC + MENA | Available via partners | Minimal | Custom | Built-in |
Directional, not exhaustive. Every deployment varies. Individual customer requirements outweigh any single column in this table.
What we are and are not
We are a new platform. We say so plainly.
What Diwan is today
- A working platform: sales, service, marketing, omnichannel, analytics, integration, studio.
- Four industry packs — banking, insurance, telco, retail — as installable metadata.
- A private-deployment model with audit, RLS, and customer-held encryption primitives.
- A small, dedicated team, accepting a small number of design partners.
What we are not yet
- A household name — we are asking to earn that, one customer at a time.
- An App Exchange with 5,000 integrations — we are selecting a short list that matters.
- A fit for every enterprise — we will tell you quickly if we are not.
- Cheap. Deploying sovereignty costs more than renting it. We think it is worth it.
Architecture
Modern monolith. Microservice-ready.
One Node.js / NestJS core. Strict bounded contexts. CQRS where it adds value. Outbox pattern for eventual consistency.
Postgres 16 for the register (with row-level security). OpenSearch for full-text. Temporal for journeys. Redis for cache. MinIO or your S3 for blobs. Keycloak for identity.
Deployed as Helm charts into your Kubernetes. Any bounded context can be extracted into its own service without rewrites. Grows with the customer; stays single-deployment if that fits the ops team.
↓
API Gateway (Traefik)
↓
NestJS · bounded contexts
├─ Identity + Tenancy
├─ Metadata Engine
├─ Sales · Service · Marketing · Omnichannel
├─ Audit · Feature Flags · Integration
└─ Platform (provisioning)
↓
Postgres · Redis · OpenSearch · Kafka · Temporal · Keycloak · KMS
Security + sovereignty
Built for the auditor from day one.
Isolation
Row-level security across tenants, enforced in Postgres. Private single-tenant deployment is the default; multi-tenant mode is an opt-in for internal subsidiaries.
Auditability
Hash-chained, append-only audit log. Tamper-evident. Every mutation traceable. Every correlation id preserved across services.
Residency + keys
Data residency is chosen at deployment time. Field-level encryption uses customer-held KMS keys. GDPR, PDPA, PDPL, NDMO, DFSA primitives baked in.
Status
A register already kept.
Today
- Metadata-native CRUD across 14+ standard objects.
- Sales, service, marketing, omnichannel, analytics, integration modules.
- Four vertical packs as installable metadata.
- Drag-drop layout editor; platform-admin tenant provisioning.
- Hash-chained audit, RLS isolation, OIDC auth, OpenTelemetry observability.
- 158 end-to-end smoke checks + unit tests, green.
Next six months
- Design-partner deployments with 2–3 enterprises across banking, insurance, telco.
- Reference Helm charts + Terraform modules for AWS, Azure, and GCP.
- Customer-managed KMS integration end-to-end.
- AI-assist layer: summarization, suggested replies, intent routing.
- Developer portal and signed SDKs.
- SOC 2 Type I readiness.
Who we are for
Enterprises for whom the register matters.
- Banks with $1B+ AUM that must answer residency questions from their regulator.
- Insurers managing 100k+ policies across life, health, and general lines.
- Telcos with 1M+ subscribers and mixed consumer + enterprise books.
- Regional retailers with 50+ stores and an existing loyalty programme.
- Any enterprise that cannot confidently name where its customer record lives today.
The offer
Design-partner programme, 2026.
We are selecting a small number of enterprises — one per vertical, per region — to shape Diwan's first production year.
- Direct line to the engineering team.
- Joint roadmap. Priority for your industry needs.
- Preferred commercial terms, locked for three years.
- Public customer story — at your discretion.
- Your deployment, your infrastructure, your keys.