Secure Rendering Defaults

Keep untrusted rendering safe by default and relax only the minimum behavior required for the use case.

Pattern

The secure rendering default stack

Secure defaults work because they layer small, predictable protections instead of relying on one big switch.

1Escape text

Treat text as text so markup is not executed accidentally.

2Strip unsafe tags and handlers

Remove markup behaviors that do not belong in trusted rendered output.

3Allow only needed URI schemes

Keep the protocol surface narrow by default.

4Enable external assets deliberately

Only relax the boundary when the workflow explicitly requires it.

5Surface warnings

Tell the operator what changed so security behavior remains visible.

The safest behavior should also be the easiest behavior to keep.

The safest Cuddler pattern is the simplest one: treat untrusted content as untrusted all the way through rendering.

Pattern

Escape text content.
Strip unsafe tags and event handlers.
Allow only the URI schemes the use case genuinely needs.
Permit external assets only when the workflow explicitly requires them.
Surface warnings so the user understands what changed.

Why It Matters

It protects the rendering surface from accidental script execution and unsafe links.
It makes the trust boundary obvious to authors and reviewers.
It keeps the default behavior useful without silently widening risk.

Use This When

documents are authored from mixed-trust sources
the output is shared beyond the immediate authoring team
you want a conservative baseline that does not require extra explanation

Cuddler.dev is owned and operated by IdeaTilt Inc.

Explore

Standards

Learn

Terms of Service

Welcome to Cuddler.dev. These terms describe the rules for using the Cuddler.dev website, including its documentation, schema artifacts, examples, embedded guidance, and related downloads.

Updated: March 21, 2026

Cuddler.dev is owned and operated by IdeaTilt Inc. If you enter into a commercial subscription, services engagement, or other contractual arrangement connected to Cuddler.dev, your contracting counterparty is IdeaTilt Inc.

1. Agreement Acceptance

By accessing or using Cuddler.dev, you agree to these terms on your own behalf and on behalf of any person or organization you represent. If you do not agree, do not use the site or any materials published through it.

2. Permitted Website Use

2.1 General Use

You may use this website only for lawful purposes and only if you can form a legally binding agreement under the laws that apply to you.

2.2 Linking to Cuddler.dev

You may link to public Cuddler.dev pages in a fair and non-misleading way. You may not frame the website, imply endorsement that does not exist, or present Cuddler.dev content as your own.

2.3 Copying or Distributing Content

Public standards, schema artifacts, examples, and related downloads that link to the Cuddler license page are licensed under CC BY 4.0. Branding, marks, and other materials that do not carry that notice remain restricted unless IdeaTilt Inc. gives permission separately.

2.4 Accounts and Restricted Services

If any portion of the service requires credentials or controlled access, you are responsible for maintaining the confidentiality of those credentials and for all activity performed using them.

3. Personal Information

3.1 Information Accuracy

Any information you submit to Cuddler.dev must be accurate, current, and complete.

3.2 Privacy Practices

IdeaTilt Inc. collects and uses personal information in accordance with the Cuddler.dev Privacy Policy. By using the site, you acknowledge those privacy practices.

4. Feedback and Submissions

If you send feedback, suggestions, or non-confidential materials to Cuddler.dev, you grant IdeaTilt Inc. a non-exclusive, worldwide, royalty-free right to review, use, and incorporate that feedback to improve the site, service, and related materials.

5. Changes to Terms

IdeaTilt Inc. may revise these terms from time to time. Continued use of Cuddler.dev after a posted revision constitutes acceptance of the updated terms.

6. Accuracy and Availability

We aim to keep Cuddler.dev accurate and available, but documentation, examples, schema files, embedded guidance, and other site materials may contain errors, omissions, or outdated information. We may correct, revise, remove, or replace material at any time without notice.

7. Intellectual Property

Cuddler, Cuddler.dev, and associated logos and branding are owned by or licensed to IdeaTilt Inc. Public standards, schema artifacts, examples, and related downloads that link to the Cuddler license page are licensed under CC BY 4.0, but that license does not extend to Cuddler trademarks, logos, or branding unless a page expressly says otherwise.

8. Disclaimer and Limitation of Liability

Cuddler.dev is provided on an “as is” and “as available” basis. To the fullest extent permitted by law, IdeaTilt Inc. disclaims warranties and will not be liable for indirect, incidental, special, consequential, or punitive damages arising from or related to your use of the site or reliance on its materials.

Questions about these terms may be sent to hello@cuddler.dev.

Privacy Policy

Updated: March 21, 2026

Cuddler.dev is operated by IdeaTilt Inc. This policy explains how IdeaTilt Inc. collects, uses, stores, and protects information when you visit Cuddler.dev, request information, download public materials, or otherwise interact with the site.

1. Information We Collect

Contact information you choose to provide, such as your name, email address, company name, or message contents.
Technical and usage information such as IP address, browser type, device information, referring pages, on-site activity, and approximate session timing.
Operational records associated with requests for documentation, schemas, examples, embedded guidance, or support interactions.

2. How We Use Information

To operate, secure, and improve Cuddler.dev and its published materials.
To respond to inquiries, support requests, and commercial discussions.
To measure site usage, investigate abuse, and maintain service reliability.
To satisfy legal, contractual, security, and record-keeping obligations.

3. Cookies and Similar Technologies

Cuddler.dev may use cookies, logs, or similar technologies to support core site operation, performance analysis, and security monitoring. You can manage cookies through your browser settings, though some site features may not function as intended if those controls are disabled.

4. Sharing of Information

IdeaTilt Inc. does not sell your personal information. We may share information with service providers, hosting or analytics vendors, legal advisers, or other parties when reasonably necessary to operate Cuddler.dev, protect the service, comply with law, or support a transaction or engagement handled by IdeaTilt Inc.

5. Retention and Security

We retain information only for as long as reasonably necessary for business, legal, security, and operational purposes. IdeaTilt Inc. uses administrative, technical, and organizational safeguards appropriate to the nature of the information and the services provided, but no method of transmission or storage is completely secure.

6. International Processing

Your information may be processed in jurisdictions where IdeaTilt Inc. or its service providers operate. By using Cuddler.dev, you understand that your information may be transferred to and processed in those locations.

7. Your Choices

You may request access to, correction of, or deletion of personal information, subject to applicable legal and contractual limits.
You may opt out of non-essential communications by following the unsubscribe instructions included with those messages or by contacting us directly.
You may contact us to ask questions about how your information is handled by IdeaTilt Inc.

8. Policy Updates

IdeaTilt Inc. may update this Privacy Policy from time to time. Any revised version will be posted on Cuddler.dev with the updated effective date.

Privacy questions may be sent to hello@cuddler.dev.

Compliance

Cuddler.dev is operated by IdeaTilt Inc. This page summarizes the governance, privacy, security, and operational controls that support the site and any related commercial engagements handled by IdeaTilt Inc.

Updated: March 21, 2026

1. Governance

IdeaTilt Inc. maintains contractual, administrative, and change-management controls for Cuddler.dev and related deliverables. Commercial commitments, customer communications, and service obligations associated with Cuddler.dev are administered through IdeaTilt Inc.

2. Security Practices

Access to administrative systems and publication workflows is limited to authorized personnel.
Changes to public artifacts, documentation, and site behavior are managed through controlled source and deployment workflows.
Reasonable monitoring, logging, and incident-response practices are used to detect and investigate operational or security issues.
Sensitive data is handled using least-privilege and need-to-know principles where applicable.

3. Privacy and Data Handling

Personal information is processed only for legitimate business, operational, legal, or support purposes.
Retention is limited to the period reasonably necessary for those purposes.
Third-party services are evaluated for operational fit and appropriate handling of information shared with them.

4. Documentation Integrity

Cuddler.dev publishes the Specification Root, versioned Document Role, the shared Artifact Specification, Artifact Definition artifacts, and examples. Guidance for assistants is embedded inside the published specification and schema files. IdeaTilt Inc. uses source-controlled publication workflows to preserve traceability between maintained source content and public site output.

5. Customer and Vendor Review Support

Where appropriate for an active engagement, IdeaTilt Inc. may respond to reasonable diligence questions concerning Cuddler.dev operations, privacy practices, or service controls, subject to confidentiality, scope, and legal constraints.

6. Questions

Compliance, security, or diligence questions may be sent to hello@cuddler.dev.

AI Safety Policy

Cuddler.dev is operated by IdeaTilt Inc. This policy explains how AI-assisted systems, generated outputs, and automation patterns associated with Cuddler.dev are expected to be used, reviewed, and constrained.

Updated: March 23, 2026

1. Purpose and Scope

Cuddler.dev publishes standards, examples, schema artifacts, embedded guidance, and implementation guidance intended to support safe and structured AI-assisted document generation. This policy applies to AI-generated or AI-assisted content, workflows, and integrations that IdeaTilt Inc. publishes through Cuddler.dev or uses to operate related services.

2. Human Accountability

AI systems may assist with drafting, transformation, classification, or rendering workflows, but people remain responsible for decisions, approvals, and public publication. IdeaTilt Inc. expects human review before relying on AI-generated outputs for legal, commercial, compliance, or operationally sensitive use cases.

3. Validation Before Use

Generated JSON and templates should be checked against the applicable schema, specification, or implementation contract before use.
Validation failures, version mismatches, or unsafe render conditions should block downstream publishing or rendering.
Examples and reusable artifacts should prefer deterministic, inspectable structures over opaque free-form output.

4. Safety Controls for Rendered Output

Untrusted content should remain subject to strict sanitization by default.
Scripts, unsafe embeds, event handlers, and non-whitelisted protocols should not be introduced through AI-generated templates or content.
Any relaxation of sanitization or external-asset controls should be deliberate, reviewable, and appropriate to the trust level of the content source.

5. Data Handling and Confidentiality

Artifact Documents are confidential by default unless explicitly designated otherwise. Users should not place confidential, regulated, or sensitive information into AI systems unless the applicable service, contract, and safeguards are appropriate for that information. Data shared with AI-assisted workflows should be limited to what is reasonably necessary for the task.

6. Prohibited or Restricted Uses

Do not use Cuddler.dev materials to misrepresent authorship, provenance, approvals, or compliance status.
Do not use AI-generated output from Cuddler.dev workflows as a substitute for legal, security, financial, or other professional advice without qualified review.
Do not use published schemas, examples, or embedded guidance to facilitate harmful, deceptive, abusive, or unlawful activity.

7. Monitoring, Correction, and Improvement

IdeaTilt Inc. may review feedback, investigate unsafe behavior, revise published materials, or remove content when accuracy, safety, or misuse concerns arise. Safety-related fixes may include prompt changes, schema changes, documentation changes, stricter validation, or tighter publication controls.

8. Questions and Incident Reporting

Questions about this policy, or reports of unsafe AI behavior associated with Cuddler.dev, may be sent to hello@cuddler.dev.