A three-part platform. Browser extension and headless scrapers gather data from the source. A report layer turns it into briefs. A secure data room releases those briefs to people who have signed for them, watermarked and audited end to end.
Useful data is scattered across the web. Listings, public records, county portals, corporate registries, mapping APIs, niche directories. Pulling it once is easy. Pulling it on a schedule, normalizing it, scoring it and turning it into something a decision-maker can act on is where most operators give up and hand the work to a vendor that charges per seat and quietly retains the data.
This platform owns the whole chain. The extension and the scrapers feed a local database. The report layer composes that database into briefs and dashboards. The data room releases those briefs only to people who have signed for them, with their identity stamped across every page they open. Same engine, different shape. Swap the scraper targets, swap the report templates, swap the room's branding and the platform works for any domain that runs on private diligence.
A browser extension scrapes the surfaces a human would visit. Headless scrapers hit the structured sources behind them, with respectful rate-limiting, exponential backoff and per-source watermarks. The combined data lands in a local database, gets scored and ranked by the report layer and is exported as a brief, a ledger or a live dashboard. That output is deposited into the data room, where access is gated, identity is watermarked and every view is logged.
The browser extension runs in Chrome and Firefox under Manifest v3, built with TypeScript and esbuild. It reads the page in front of the user, extracts the structured fields hidden in the markup and injects live calculated metrics back into the layout so a human can make a call without leaving the site. A user-defined profile drives the math, so the same extension shifts behavior when the criteria change.
The headless scrapers cover the structured sources the extension cannot reach. Government APIs, assessor portals, corporate registries, public records, niche directories. Each scraper handles rate limits, exponential backoff, session warm-ups and token-bearing forms specific to its target. New sources are a module, not a rebuild.
The report layer reads from the local database and writes finished deliverables. Standalone HTML briefs with embedded maps and charts. PDF ledgers ready for upload. Live dashboards that re-render when the underlying data changes. Templates are domain-specific and the operator owns them, so the same scrape can produce different briefs for different audiences. A report is composed once, exported to the data room and tracked by the same audit trail that watches everything else.
A server-rendered PHP application backed by PostgreSQL on the operator's own server. Role-based access with per-project expiration windows. Every viewer signs a mutual non-disclosure and non-circumvention agreement before any document opens, and every page they see is watermarked with their identity, IP and timestamp. Anti-capture hardening blocks right-click, copy, screen recording and dev tools. A forensic log runs in parallel to the database audit trail so the two can be reconciled if either is touched.
Three runtimes, each picked for the work it does best. TypeScript and esbuild for the extension. Python with tenacity and BeautifulSoup for the scrapers. PHP with PostgreSQL for the data room. All three layers self-hosted, all three exchanging files and data through the operator's own filesystem and database.
A secure data room is a controlled environment for releasing sensitive documents to a defined set of viewers. Middle Mann's implementation runs on the operator's own server with role-based access, signed non-disclosure and non-circumvention agreements gating every viewer, per-view identity watermarks stamped across every page, anti-capture hardening and a forensic audit log that records every view.
Those are hosted SaaS platforms sitting between you and your documents. They see every file, every viewer and every access event. Middle Mann's data room runs on your own server with PostgreSQL storage under your control. Access lists, signed agreements, watermarks and audit logs all belong to you. No third party can subpoena your document history because no third party has it.
The browser extension is the front-of-pipeline data collector. It runs in Chrome and Firefox under Manifest v3, reads structured fields from any page the user visits, injects live calculated metrics back into the layout and feeds the extracted data into the local database. A user-defined profile drives the math so the same extension shifts behavior when the criteria change.
REST APIs, government portals, assessor databases, corporate registries, public records, niche directories and any structured source behind a session or a token. Each scraper handles rate limiting, exponential backoff, session warm-ups and per-source provenance. New sources are a module, not a rebuild. Written in Python with BeautifulSoup4 and tenacity for retry logic.
Every page rendered in the data room is stamped with the viewer's identity, IP address and timestamp in three independently-rotated overlays. The stamps are baked into the delivered document, not a browser overlay, so any screenshot or screen recording carries the viewer's identity forward. Combined with the anti-capture layer (blocked right-click, blocked copy, dev tools detection, PrintScreen guards), it makes leaks traceable back to a specific viewer.
The extension is TypeScript with Manifest v3 built via esbuild. Scrapers are Python with BeautifulSoup4 and tenacity. The database is PostgreSQL. The data room and report layer are PHP with Leaflet for interactive maps and ApexCharts for visualizations. All components run on the operator's own server behind Nginx with Let's Encrypt TLS.
Operators whose business depends on private diligence: real-estate investors, M&A advisors, private-equity firms, investigators, brokers and any workflow that combines public data collection with controlled release to a defined counterparty. Same engine, different shape. Swap the scraper targets, swap the report templates, swap the data room's branding and the platform works for any domain.
Data goes in at one end. Briefs come out the other. Every step of the chain runs on the operator's own server, every document is released on the operator's own terms and every view is logged with enough detail to find a leak if one ever happens. What's shown here is one example. The next build mines whatever the next operator needs and publishes whatever briefs that work calls for. Same engine. Different shape. Owned.