Nexora Product Guide
What it is, why teams choose it, RBAC, multitenancy, CRM, pricing, and roadmap
Version 2.0 · June 2026 · https://bullwhip.in
1. What is Nexora?
Nexora is a cloud-native Enterprise Management System (EMS) for growing companies.
It unifies people operations (HR, attendance, leaves, payroll), work management (projects, tasks, sprints, timesheets),
sales operations (CRM), and internal collaboration (chat, helpdesk, announcements) in one secure, multi-tenant SaaS platform.
Each organisation gets an isolated workspace (tenant) with its own employees, departments, projects,
policies, and billing plan. Users sign in once and access only the modules and data their role allows.
Modules live in production today:
- HR and employee lifecycle — directory, org chart, invite-based onboarding, departments
- Attendance — clock in/out, breaks, shifts, corrections, supplementary time, work-mode
- Leave management — types, balances, multi-stage approval (Manager then HR)
- Payroll — salary structures, pay runs, payslips (STARTER plan and above)
- Projects — Kanban, sprints, tasks, time logs, analytics, comments, attachments
- Timesheets — weekly submission and manager approval
- Team Monitor — manager roster, productivity, approval queues
- CRM — lead pipeline, product catalogue, enrolment orders, payment transactions, activities, role dashboards
- Helpdesk, expenses, documents, assets, announcements, chat (real-time), notifications
- Recruitment ATS, onboarding, training, performance reviews, goals, surveys, calendar (API live)
- Admin — billing via Razorpay, audit logs, RBAC permissions, platform super-admin panel
2. Why Nexora?
- One platform, one source of truth — stop syncing HRIS, spreadsheets, and separate PM tools.
- Role-aware by design — five roles (Super Admin, Admin, HR, Manager, Employee) with granular permissions and route guards; per-user overrides on top of the role matrix.
- CRM built in — sales teams manage leads, enrolments, and revenue without leaving Nexora.
- Built for India-first teams — INR pricing, Razorpay checkout, Indore-based support.
- Fast time-to-value — free tier for up to 10 employees; invite-based onboarding; dashboard loads in a single API round-trip.
- Manager-centric workflows — Team Command Center, approval queues, and project oversight without HR bottlenecks.
- Modern stack — Next.js web app, NestJS API, PostgreSQL (Supabase), Prisma, real-time WebSockets for attendance, chat, and notifications.
3. Roles and working features
Permissions use the pattern resource:action (e.g. leaves:approve). The UI and API both enforce access.
3.1 Role summary
| Role | Scope | Primary capabilities |
|---|
| SUPER_ADMIN | Platform | All tenants, platform stats, cross-org admin; also operates within own tenant. |
| ADMIN | Organisation | Full org settings, billing, permissions, audit logs, employees, all modules. |
| HR | Organisation (people) | Employees, departments, shifts, holidays, payroll runs, leave pipeline, recruitment, HR analytics dashboard, full CRM access. |
| MANAGER | Team / projects | Direct reports and project peers; approvals (leave, attendance, timesheets); Team Monitor; full project boards; CRM create/read/update. |
| EMPLOYEE | Self | Own attendance, leaves, timesheets, assigned projects, helpdesk, chat; CRM leads assigned to them. |
3.2 Feature access by role
| Module | Employee | Manager | HR | Admin |
|---|
| Dashboard | Personal KPIs, 14-day attendance chart | Team Command Center, team charts | HR analytics, workforce snapshot | Org command center; platform panel (Super Admin) |
| Attendance clock in/out | Yes | Yes + team view | Yes + org reports | Yes + auto clock-out |
| Leave apply / approve | Apply | First-level approve | Final HR approval | Full pipeline |
| Projects / Kanban / time logs | Assigned work | Create, assign, approve time | Read org projects | Full |
| Timesheets | Submit | Approve | View | View |
| Team Monitor | — | Roster, productivity, filters | — | Org approvals queue |
| Payroll | Own payslip | Read team | Run payroll | Full (plan-gated) |
| CRM — Leads | Own assigned leads only | All team leads; create, update, enrol | All org leads; full access | Full |
| CRM — Products | Read only | Read only | Create, update, deactivate | Full |
| CRM — Orders, Transactions, Activities | Create on own leads | Create and view | Full | Full |
| Recruitment | — | Read | Full ATS | Full (plan-gated: PRO+) |
| Billing / plan upgrade | — | — | — | Razorpay checkout |
| Audit logs | — | — | — | Read (export on Enterprise) |
| Permission overrides | — | — | — | Custom per-user policies |
4. CRM module
The CRM is embedded directly in Nexora at /crm and shares all platform infrastructure — authentication,
multi-tenancy, RBAC, notifications, and Prisma. No separate login or app is required.
4.1 Lead pipeline workflow
- Lead Capture — Sales reps create single leads or bulk-import from CSV/XLSX. Contact is upserted by phone number.
- Lead Assignment — Defaults to the creating rep; can be reassigned at creation or later.
- Qualification and Follow-ups — Reps log calls, emails, WhatsApp messages, meetings, notes. Follow-up count increments automatically.
- Status stages — New > Contacted > Qualified > Proposal > Negotiation > Won / Lost / Junk.
- Enrolment (Conversion) — On agreement, rep fills the enrolment form: product, date, initial transaction amount, payment mode, optional proof link.
- Orders — Each enrolment creates an order. A single contact can be enrolled in multiple products.
- Transactions — Payments recorded per order with partial payment tracking and due amount calculation.
- Customers — Contacts with at least one enrolment appear in the Customers tab.
4.2 Role-scoped visibility
| Role | Lead visibility | Dashboard view |
|---|
| Employee | Leads assigned to them only | Sales rep — own pipeline KPIs |
| Manager | All leads in tenant | Manager — team pipeline, revenue, rep breakdown |
| HR / Admin / Super Admin | All leads in tenant | Manager-level dashboard |
5. How multitenancy works
- Tenant record — each company is a
Tenant row (name, slug, plan, country, currency, storage quota).
- User binding — every user belongs to exactly one
tenantId; JWT auth includes tenant and role on each request.
- Data isolation — Prisma queries scope by
tenantId on all business tables (attendance, projects, leaves, CRM, etc.).
- Slug — tenants are addressed by URL-safe slug for branding; optional custom domain field on the model.
- Plan enforcement —
PLAN_LIMITS in @nexora/shared caps users, projects, departments, and feature flags per plan tier.
- Super Admin — platform operators use a separate platform context to list all organisations via the admin center.
Row-level security is application-enforced (NestJS services + Prisma filters), not PostgreSQL RLS. Always pass tenantId from the authenticated user, never from client input alone.
6. Pricing (INR, per user)
| Plan | Plan key | Monthly | Yearly (approx.) | Key limits |
|---|
| Free | FREE | 0 | 0 | 10 users, 3 depts, 3 projects; no payroll or recruitment |
| Starter | STARTER | 199/user | 1,910/user | 50 users, 25 projects, payroll |
| Pro | PRO | 499/user | 4,790/user | 500 users, unlimited projects, recruitment, custom roles, PRO features |
| Enterprise | ENTERPRISE | Contact sales | Contact sales | Unlimited scale, SSO/SAML, audit export, dedicated CSM, white-label |
Checkout is handled through Razorpay after registration. Razorpay API keys must be configured in the environment for payment to be enabled.
7. Future scope
The following are planned for upcoming releases. See the full documentation at /docs (Section 16) for architecture and delivery timelines.
- Mobile app (iOS and Android) — Expo React Native; scaffold committed, GPS attendance and push notifications in development.
- AI Chatbot (Phase 3) — role-aware natural language queries across HR, projects, and CRM data; streamed responses; strict tenant isolation via server-side tool calls.
- Telephony / CRM v2 (Phase 4) — click-to-call, inbound routing, call logs, and recordings via Twilio or Exotel.
- HR Recruitment System v2 (Phase 5) — offer letter generation, structured interview scoring, pipeline analytics, candidate portal.
- Navigation completion (Phase 6) — Goals/OKR UI restoration; sidebar links for Onboarding, Training, Calendar, Surveys, and Reviews.
- Enterprise features (Phase 7) — SSO/SAML 2.0, white-label branding per tenant, public REST API keys, dedicated CSM.
8. Known gaps and improvement areas
- Schema migrations — move from
db push to versioned migrations for safer production deployments.
- PostgreSQL RLS — optional second layer of tenant isolation for compliance-heavy customers.
- Dashboard caching — further cache manager insights for large organisations (500+ users).
- Import wizards — CSV employee and project importers on admin onboarding flow.
- Observability — OpenTelemetry traces across API and web for SLA reporting.
- Documentation sync — keep product guide and in-app screenshots current with each release.
Nexora · Vected Technologies · hello@bullwhip.in · +91-9993006892