Trusted Financing CRM

Trusted Financing is a Canadian lender. I built their internal CRM from scratch — the admin side, the borrower side, every workflow in between.

The live site is at trustedfinancing.ca.

What it does

The CRM handles the full loan lifecycle — intake, issuance, repayment tracking, and reporting. Loan officers get a structured pipeline view of every application, with borrower profiles, document attachments, and commission calculations built in. Borrowers get their own dashboard for offers, bank connections, ledger views, and uploads.

Two tenants, one codebase

Multi-tenant routing keyed off the host. The admin subdomain routes admins, the user subdomain routes borrowers, the root keeps the public landing and auth flows. Middleware rewrites incoming requests to the right tenant prefix internally so URLs stay clean and the same component tree serves both surfaces with role-aware data.

Loan issuance

Admins issue loans through a dialog-driven flow: search the user, pick the lender — presets or custom — set amount, rate, term, origination fee, and prepayment penalty. The loan record carries through every status it touches, with an audit log entry on every change.

Offers and segmentation

Admins broadcast offers to all users or filter by business profile — industry, revenue, years operating, desired product type. Each offer carries its own status: available, accepted, rejected, expired, revoked. The targeting filters live in the same admin UI as the broadcast control, so you can see who an offer goes to before you send it.

Bank connections

Borrowers link bank accounts through a third-party connection API. The flow handles MFA: a 203 response from the provider triggers a reconnect card on the user side instead of a hard error. Webhooks come back signed; signatures get verified before any state moves. A six-hour polling sweep catches accounts where the webhook didn't fire. Transaction imports go to an approval queue, so a user reviews them before they hit the ledger.

Transaction intelligence

Imported transactions get auto-categorized off keyword and account-type rules, with a manual override available in the ledger view. Income detection runs on the categorized stream. Duplicate prevention keys off transaction signatures so re-imports don't double-book the books.

RBAC and audit

Three roles — admin, user, employee — with a permission matrix on every mutation. Invite system with resend and revoke. Audit log tracks every state change with timestamp, actor, and action. The audit page is filterable and paginated so a compliance review doesn't turn into a CSV grep.

Onboarding

A ten-step wizard for borrower onboarding: profile, KYC, bank connection, business preferences. Each step persists independently, so a half-completed wizard resumes where the user left off without re-entering anything.

Scope

Around 120 commits across five months. Counting the two tenant surfaces, the onboarding wizard, the audit log, and the integration shims, the codebase clears 550,000 lines. Twenty-four distinct user-facing pages — admin, borrower, public, and auth. Every spec, schema, and component mine.