← Back to work

Client Project · Data Systems

Making a Sales Team's CRM Data Trustworthy — Safely

For Dr. Hotellato Zrt., a Hungarian hotel-supply distributor: rebuilt a duplicate-ridden CRM into clean, deduplicated, invoice-matched data a sales team can actually act on — with bank-grade safety: dry-run by default, rollback snapshots, independent per-batch verification, and a human sign-off gate before any live write.

12 → 1

Worst-case duplicate cluster merged, losslessly

4-layer

Match engine reconciling CRM and invoicing

Dry-run first

Every write previewed and human-approved

0 lost

records — verified on every batch, now live

What this means for you

Letting software touch live customer data should scare you — it scares me, which is why this is built the way it is: nothing writes until a person approves it, everything can be rolled back, and every batch is independently verified.

The Problem

A sales team is only as good as the data it works from — and Dr. Hotellato Zrt.'s CRM was full of duplicate records, the same customer entered several times over. On top of that, the CRM and the separate invoicing system disagreed about who was who, so no one could fully trust either.

The obvious fix — "just merge the duplicates" — is also the dangerous one. Get a merge wrong on live customer data and you don't get an error message; you get a silently corrupted database and a sales team that trusts it even less. So it had never been done properly.

The Solution

A disciplined data-remediation system, not a one-off script. It diagnoses why the duplicates exist, consolidates them in a way that provably can't lose data, reconciles the CRM against the invoicing system, and puts a human in the loop for anything ambiguous — all behind a dry-run-by-default safety model where nothing touches the live database until a person signs off.

01

Diagnose Duplicates

02

Lossless Consolidation

03

CRM ↔ Invoicing Match

04

Human Review Tool

05

Dry-Run Preview

06

Human-Gated Write

What It Did

Diagnosed the cause, then merged losslessly

The vast majority of duplicates traced to plain human re-entry, with a smaller share left behind by an earlier automation's bug — knowing the cause shaped the fix. A live test first proved that contacts sit at the company level, so a merge can never orphan a person. The approach was piloted on the worst case (a 12-record duplicate cluster collapsed to one) and scaled to completion with independent verification on every batch — zero failures.

It caught its own mistake — and reversed it

Mid-rollout, one batch ran the wrong merge strategy. The system's own verification caught it, the change was fully reversed, and the batch was redone correctly. This is the point most people gloss over: real data work isn't "never makes a mistake," it's "catches the mistake and can undo it." That's the difference between a tool you can trust with live customer data and one you can't.

A review tool built for the person using it

Matching the CRM against the invoicing system needed a human to confirm the hard cases — so the review tool was designed around how a non-technical reviewer actually recognizes a match: by hotel name and contact, not by record IDs or match scores. It was rebuilt several times until it fit the way the reviewer thinks, not the way the database is shaped.

An independent audit caught a silent failure before go-live

Before anything went live, an automated audit — dozens of independent review passes, 68 findings — surfaced a critical one: the pipeline's "apply" step was silently doing nothing. A reviewed, approved export would have written zero changes because of a single field-name mismatch, and nobody would have known. It was found and fixed, then re-verified end to end. That's the failure that quietly wastes a week of a team's work — caught by design.

The Safety Model

Every layer of this system assumes it might be wrong: it runs as a dry-run by default, keeps rollback snapshots, verifies each batch independently, and requires an explicit human approval before a single live write. It's now live — running against the production CRM — and getting there safely is the whole story: live customer data got cleaned without anyone ever having to wonder what quietly broke.

For a business owner, that's the whole point. This is how you let software clean your most important data without ever having to wonder what it quietly broke.

The Result

  • A repeatable, verified process for deduplicating live customer data without losing a record — now running live against the production CRM
  • CRM and invoicing data reconciled through a 4-layer matching engine with a human review layer
  • A review tool a non-technical team member can actually run
  • A dry-run, rollback, human-gated safety model — nothing touches live data unapproved

How It Was Built

Layer Approach
Deduplication Cause-diagnosed merge — native record consolidation that cannot orphan a contact
Matching 4-layer engine reconciling the CRM against the invoicing system (deterministic + weighted-name + review)
Review Web tool built around how a non-technical reviewer recognizes a match (name + contact, not IDs)
Safety Dry-run default, rollback snapshots, per-batch independent verification, human-approval gate before any live write

I take on 3 new clients per month.

The businesses that move first win. Let's find where you're leaving 20+ hours a week on the table.

Book Your Free Audit

Capped at 3 new clients per month — the audit call is how you claim a slot