CManager
Regulator-grade. Encrypted end to end. Tamper-evident.
An offline-first, fully-encrypted case-management desktop app for UK law firms, engineered to Solicitors Regulation Authority standard.
Electron · React · SQLCipher (AES-256)
Personal-injury and RTA firms handle some of the most sensitive data there is, under some of the strictest duties there are. Encryption at rest, tamper-evident records and enforceable data-subject rights aren't features here — they're the price of admission.
CManager is a desktop application built to that bar: a 56-table domain (schema v13) wrapped in whole-database encryption, multi-factor auth, a tamper-evident audit trail, and the money-handling and GDPR machinery a UK firm actually needs. It passed its schema and security backtests before release.
Animated architecture breakdown — nodes and data paths resolve in sequence.
Encryption & key management
The entire database is encrypted with SQLCipher (AES-256) — not select columns, the whole file. The key lives in the operating system's keystore and is never written to disk or embedded in the application. This matters: the most common way encryption fails isn't a broken cipher, it's key management, and hand-rolled or field-by-field encryption is exactly where those mistakes live.
The tamper-evident audit log
Regulatory trust demands that history can't be quietly rewritten. Every audit entry includes a hash of the previous entry, forming a hash chain: you cannot alter or delete a record without breaking every link that follows it. The log doesn't just record what happened — it makes tampering detectable.
GDPR & data-subject rights
The app implements DSAR redaction against GDPR Articles 15, 17 and 20 — access, erasure and portability — so a firm can actually honour a data-subject request rather than promising to.
Money & reconciliation
It handles the parts a legal practice lives on: PDF invoice and letter generation, a client/office money split, and bank reconciliation — the accounting boundaries the SRA cares about, built in rather than bolted on.
Packaging & integrity
Distribution is via an electron-builder NSIS installer, SHA-256 signed, with encrypted backups — so the thing users install is as verifiable as the data it protects.
Proof. 34/34 schema tests and 30/30 auth / IDOR security backtests passing before release.