Skip to main content
1 Validate data Start from the correct Data Schema before rendering logic enters the picture.
→
2 Validate template Check the Template Schema separately so the render contract is explicit.
→
3 Render with strict sanitization Escape text, strip unsafe tags, and treat relaxed behavior as exceptional.
→
4 Allow only what is needed Keep URI schemes and external-asset behavior as narrow as the use case allows.
→
5 Review warnings and trace Use warnings and trace output to understand what changed and why.
Strict by default keeps the trust boundary visible and predictable.
When the content is not fully trusted, treat sanitization as part of the rendering contract, not as an optional cleanup step.
Recommended Sequence Validate the data first with the correct Data Schema. Validate the template second with the matching Template Schema. Render with strict sanitization as the default. Allow only the external asset behavior you actually need. Review warnings and trace output when content is removed or transformed. Safety Checklist Escape all text nodes. Remove script-like and embed-like tags that do not belong in the rendered output. Strip event handlers and unsafe URI schemes. Treat relaxed rendering as an explicit decision, not a default. When To Relax Only relax sanitization when the content source is trusted, the output contract is explicit, and the surrounding product design still makes the trust boundary obvious to the user.
Next
Allow External Assets Safely
Close Terms of Service Welcome to Cuddler.dev. These terms describe the rules for using the Cuddler.dev website, including its documentation, schema artifacts, examples, embedded guidance, and related downloads.
Updated: March 21, 2026
Cuddler.dev is owned and operated by IdeaTilt Inc. If you enter into a commercial subscription, services engagement, or other contractual arrangement connected to Cuddler.dev, your contracting counterparty is IdeaTilt Inc.
1. Agreement Acceptance By accessing or using Cuddler.dev, you agree to these terms on your own behalf and on behalf of any person or organization you represent. If you do not agree, do not use the site or any materials published through it.
2. Permitted Website Use 2.1 General Use You may use this website only for lawful purposes and only if you can form a legally binding agreement under the laws that apply to you.
2.2 Linking to Cuddler.dev You may link to public Cuddler.dev pages in a fair and non-misleading way. You may not frame the website, imply endorsement that does not exist, or present Cuddler.dev content as your own.
2.3 Copying or Distributing Content Unless a page or artifact expressly states otherwise, you may not copy, resell, scrape at scale, mirror, or redistribute protected site content, branding, or bundled materials without permission from IdeaTilt Inc.
2.4 Accounts and Restricted Services If any portion of the service requires credentials or controlled access, you are responsible for maintaining the confidentiality of those credentials and for all activity performed using them.
3. Personal Information 3.1 Information Accuracy Any information you submit to Cuddler.dev must be accurate, current, and complete.
3.2 Privacy Practices IdeaTilt Inc. collects and uses personal information in accordance with the Cuddler.dev Privacy Policy. By using the site, you acknowledge those privacy practices.
4. Feedback and Submissions If you send feedback, suggestions, or non-confidential materials to Cuddler.dev, you grant IdeaTilt Inc. a non-exclusive, worldwide, royalty-free right to review, use, and incorporate that feedback to improve the site, service, and related materials.
5. Changes to Terms IdeaTilt Inc. may revise these terms from time to time. Continued use of Cuddler.dev after a posted revision constitutes acceptance of the updated terms.
6. Accuracy and Availability We aim to keep Cuddler.dev accurate and available, but documentation, examples, schema files, embedded guidance, and other site materials may contain errors, omissions, or outdated information. We may correct, revise, remove, or replace material at any time without notice.
7. Intellectual Property Cuddler, Cuddler.dev, and associated logos, branding, and site materials are owned by or licensed to IdeaTilt Inc. Except where rights are expressly granted, no license is given to use those marks or materials.
8. Disclaimer and Limitation of Liability Cuddler.dev is provided on an “as is” and “as available” basis. To the fullest extent permitted by law, IdeaTilt Inc. disclaims warranties and will not be liable for indirect, incidental, special, consequential, or punitive damages arising from or related to your use of the site or reliance on its materials.
Questions about these terms may be sent to hello@cuddler.dev .
Close Privacy Policy Updated: March 21, 2026
Cuddler.dev is operated by IdeaTilt Inc. This policy explains how IdeaTilt Inc. collects, uses, stores, and protects information when you visit Cuddler.dev, request information, download public materials, or otherwise interact with the site.
1. Information We Collect Contact information you choose to provide, such as your name, email address, company name, or message contents. Technical and usage information such as IP address, browser type, device information, referring pages, on-site activity, and approximate session timing. Operational records associated with requests for documentation, schemas, examples, embedded guidance, or support interactions. 2. How We Use Information To operate, secure, and improve Cuddler.dev and its published materials. To respond to inquiries, support requests, and commercial discussions. To measure site usage, investigate abuse, and maintain service reliability. To satisfy legal, contractual, security, and record-keeping obligations. 3. Cookies and Similar Technologies Cuddler.dev may use cookies, logs, or similar technologies to support core site operation, performance analysis, and security monitoring. You can manage cookies through your browser settings, though some site features may not function as intended if those controls are disabled.
4. Sharing of Information IdeaTilt Inc. does not sell your personal information. We may share information with service providers, hosting or analytics vendors, legal advisers, or other parties when reasonably necessary to operate Cuddler.dev, protect the service, comply with law, or support a transaction or engagement handled by IdeaTilt Inc.
5. Retention and Security We retain information only for as long as reasonably necessary for business, legal, security, and operational purposes. IdeaTilt Inc. uses administrative, technical, and organizational safeguards appropriate to the nature of the information and the services provided, but no method of transmission or storage is completely secure.
6. International Processing Your information may be processed in jurisdictions where IdeaTilt Inc. or its service providers operate. By using Cuddler.dev, you understand that your information may be transferred to and processed in those locations.
7. Your Choices You may request access to, correction of, or deletion of personal information, subject to applicable legal and contractual limits. You may opt out of non-essential communications by following the unsubscribe instructions included with those messages or by contacting us directly. You may contact us to ask questions about how your information is handled by IdeaTilt Inc. 8. Policy Updates IdeaTilt Inc. may update this Privacy Policy from time to time. Any revised version will be posted on Cuddler.dev with the updated effective date.
Privacy questions may be sent to hello@cuddler.dev .
Close Compliance Cuddler.dev is operated by IdeaTilt Inc. This page summarizes the governance, privacy, security, and operational controls that support the site and any related commercial engagements handled by IdeaTilt Inc.
Updated: March 21, 2026
1. Governance IdeaTilt Inc. maintains contractual, administrative, and change-management controls for Cuddler.dev and related deliverables. Commercial commitments, customer communications, and service obligations associated with Cuddler.dev are administered through IdeaTilt Inc.
2. Security Practices Access to administrative systems and publication workflows is limited to authorized personnel. Changes to public artifacts, documentation, and site behavior are managed through controlled source and deployment workflows. Reasonable monitoring, logging, and incident-response practices are used to detect and investigate operational or security issues. Sensitive data is handled using least-privilege and need-to-know principles where applicable. 3. Privacy and Data Handling Personal information is processed only for legitimate business, operational, legal, or support purposes. Retention is limited to the period reasonably necessary for those purposes. Third-party services are evaluated for operational fit and appropriate handling of information shared with them. 4. Documentation Integrity Cuddler.dev publishes the Specification Root, versioned Domain Specification, the shared Artifact Specification, Artifact Definition artifacts, and examples. Guidance for assistants is embedded inside the published specification and schema files. IdeaTilt Inc. uses source-controlled publication workflows to preserve traceability between maintained source content and public site output.
5. Customer and Vendor Review Support Where appropriate for an active engagement, IdeaTilt Inc. may respond to reasonable diligence questions concerning Cuddler.dev operations, privacy practices, or service controls, subject to confidentiality, scope, and legal constraints.
6. Questions Compliance, security, or diligence questions may be sent to hello@cuddler.dev .
Close AI Safety Policy Cuddler.dev is operated by IdeaTilt Inc. This policy explains how AI-assisted systems, generated outputs, and automation patterns associated with Cuddler.dev are expected to be used, reviewed, and constrained.
Updated: March 23, 2026
1. Purpose and Scope Cuddler.dev publishes standards, examples, schema artifacts, embedded guidance, and implementation guidance intended to support safe and structured AI-assisted document generation. This policy applies to AI-generated or AI-assisted content, workflows, and integrations that IdeaTilt Inc. publishes through Cuddler.dev or uses to operate related services.
2. Human Accountability AI systems may assist with drafting, transformation, classification, or rendering workflows, but people remain responsible for decisions, approvals, and public publication. IdeaTilt Inc. expects human review before relying on AI-generated outputs for legal, commercial, compliance, or operationally sensitive use cases.
3. Validation Before Use Generated JSON and templates should be checked against the applicable schema, specification, or implementation contract before use. Validation failures, version mismatches, or unsafe render conditions should block downstream publishing or rendering. Examples and reusable artifacts should prefer deterministic, inspectable structures over opaque free-form output. 4. Safety Controls for Rendered Output Untrusted content should remain subject to strict sanitization by default. Scripts, unsafe embeds, event handlers, and non-whitelisted protocols should not be introduced through AI-generated templates or content. Any relaxation of sanitization or external-asset controls should be deliberate, reviewable, and appropriate to the trust level of the content source. 5. Data Handling and Confidentiality Artifact Documents are confidential by default unless explicitly designated otherwise. Users should not place confidential, regulated, or sensitive information into AI systems unless the applicable service, contract, and safeguards are appropriate for that information. Data shared with AI-assisted workflows should be limited to what is reasonably necessary for the task.
6. Prohibited or Restricted Uses Do not use Cuddler.dev materials to misrepresent authorship, provenance, approvals, or compliance status. Do not use AI-generated output from Cuddler.dev workflows as a substitute for legal, security, financial, or other professional advice without qualified review. Do not use published schemas, examples, or embedded guidance to facilitate harmful, deceptive, abusive, or unlawful activity. 7. Monitoring, Correction, and Improvement IdeaTilt Inc. may review feedback, investigate unsafe behavior, revise published materials, or remove content when accuracy, safety, or misuse concerns arise. Safety-related fixes may include prompt changes, schema changes, documentation changes, stricter validation, or tighter publication controls.
8. Questions and Incident Reporting Questions about this policy, or reports of unsafe AI behavior associated with Cuddler.dev, may be sent to hello@cuddler.dev .
