About

BII Portfolio Intelligence is an autonomous external monitoring platform built for Bertelsmann India Investments.

LG

Lars Godoy

Builder of this platform · based in Munich, Germany.

I'm currently experimenting and learning with AI tools. This dashboard is a weekend project: I designed and built BII Portfolio Intelligence end-to-end — the passive collectors, the analysis pipeline, the institutional-minimalism dashboard, the per-company report generator, and the autonomous Hostinger deployment.

Before this I worked in private equity and at Siemens. Ready for the next step.

ResumeLinkedIn

Why this is legal

The collection layer accesses only public data: SSL certificates published in transparency logs, DNS records anyone can resolve, HTTP responses any browser receives, Wikipedia article histories, app-store listings, news indexed by GDELT, and public Greenhouse / Lever job boards. No active scanning, no port probes, no exploit checks. The bar for India's IT Act §43 / §66 is "unauthorized access"; reading what a server publicly returns to an HTTP GET does not meet it.

The DPDP Act 2023 governs personal data processing. This platform processes none. It looks at companies, not customers — no user names, no emails, no behavioural data.

Commercial precedent is well-established. BitSight (~$1B), SecurityScorecard (~$1B), Black Kite, and Riskonnect all sell exactly this class of passive third-party monitoring to enterprise buyers worldwide, including in India. This dashboard is a weekend learning project rather than a commercial product, but it operates on the same legal footing.

Access

Access is only for Bertelsmann Investments. The dashboard is private. The Cloudflare Tunnel URL is shared only with BII; basic auth gates the public address. Not for external publication, sale, or onward distribution.

What this platform does

Fifteen passive collectors continuously assess each portfolio company across four value dimensions: IT security (TLS, DNS, headers, subdomains, CVEs, breach exposure, Shodan), market signals (web vitals, app reception, news, tech stack, SEO + AI search findability), strategic events (hiring, funding, narrative momentum), and competitive heat. An LLM pipeline triages, scores, enriches, and writes a partner-grade executive summary per company. Every IT-risk finding includes a remediation path: which application is involved, where to find it, and how to fix it.

What it does not do

No active scanning. No port probes. No exploit checks. No authenticated tests. Authenticated penetration testing requires per-portco written authorisation and is roadmapped for Phase 2 if any portco opts in.