Our operating commitments

Most marketing sites describe themselves in marketing copy. We'd rather describe ourselves in the rules we hold ourselves to. This page is the prospect-facing distillation of the operating rules we follow — verifiable, not aspirational.

The full internal version lives in our public source repository if you want to read it in detail. This page summarizes the parts that affect you.

What this page covers (and doesn't)

This page describes our commitments for data this marketing site collects from you — primarily lead-form submissions and basic browser interactions. It does NOT describe how AIM Engines (the application, at app.aimengines.com when it ships) handles your data inside the product.

When you sign up for AIM Engines and start using its workbenches, you'll be handing us a different category of data — content you create, conversations you have, customer or community data you bring in, billing details, the work product of your team. That data has its own operating commitments, which the AIM Engines application will publish on its own site before the application accepts any user data in production. The commitments will follow the same posture you see here — minimum data collection, single authoritative store per tenant, no third-party CRM, no shared session, full data-deletion rights, no sale or sharing with third parties — but the technical specifics will be appropriate to a multi-tenant application rather than a marketing site, and AIM Engines will be the authoritative source for what it promises about your application data.

Until AIM Engines launches with that document published, treat the application as not-yet-accepting your data. The marketing site you're reading is a separate boundary from the application; commitments on this page apply only to this boundary.

How we treat your data

• One destination for lead-form submissions. Everything you submit through our contact form goes to a single store we control. No third-party CRM. No marketing automation platform. No data broker. No "we promise we won't share it" — we built the plumbing so there's nowhere else for it to go.
• The minimum data we need. Our contact form asks for what's necessary for the next step of the conversation. We don't ask for your company size, role, headcount, or budget until you tell us they're relevant.
• Explicit, unambiguous opt-in. If we ask for permission to send you marketing communications, the checkbox is unchecked by default. No pre-checked consent. No dark patterns.
• Global Privacy Control honored. If your browser sends a GPC signal, the marketing-communications opt-in is automatically disabled regardless of what the form says.
• Encrypted in transit. Every form submission goes over TLS to a single endpoint. No exceptions.
• One cookie, no tracking. We set exactly one cookie: a non-tracking preference cookie that remembers your light or dark mode choice. We do not set analytics cookies, advertising cookies, session cookies, or third-party cookies of any kind. No cookie banner is required because we have no tracking to consent to.
• You can ask us to delete it. Email us and we will delete your information. No process, no friction.

How the site is hosted

• On infrastructure we operate. This is not a SaaS-hosted marketing site running on someone else's stack. The site runs on hardware we control, in a process isolated from anything else we run. If you're an enterprise security reviewer, this is the part that matters: there is no third-party platform between you and us.
• Behind Cloudflare. All public traffic to the site goes through Cloudflare's edge — DDoS protection, web application firewall, bot management distinguishing legitimate AI crawlers from malicious traffic, and rate limiting per route.
• No direct exposure. Our origin server does not expose any public-facing port. The connection from Cloudflare to our origin is established outbound from our side and encrypted end-to-end. Even if Cloudflare misroutes traffic, there's nothing at our origin to misroute it to.
• Isolated per site. Each marketing site we operate runs in its own isolated process. A compromise in one site cannot reach another site, our application's infrastructure, or any of our internal services.

How we treat AI agents and crawlers

• Every public page is available as raw markdown. Append .md to any content URL (for example, /about.md) and you get the underlying markdown content directly. This is for AI agents that prefer structured text over rendered HTML.
• We publish llms.txt and llms-full.txt. These are emerging standards for sites that want to help AI agents find and consume content efficiently. Both are at the site's root.
• We allow legitimate AI crawlers (ClaudeBot, GPTBot, PerplexityBot, and others) in our robots.txt. We publish Content-Signal directives declaring how our content may be used (search, retrieval, training).
• Structured data on every content page. Schema.org JSON-LD describes each page so AI agents and search engines can understand it without parsing HTML.

This is a deliberate posture. We think the open web should remain machine-readable, and we'd rather be useful to AI agents than blocking them.

What we don't do

• We don't run third-party analytics. No Google Analytics. No Mixpanel. No segment-and-pipe-to-twenty-vendors.
• We don't run advertising pixels. No Facebook Pixel. No LinkedIn Insight. No Google Ads conversion tracking.
• We don't share your data with data brokers, marketing partners, or third-party analytics platforms.
• We don't accept user-generated content. No public comments, no public forums, no public submission forms beyond the contact form.
• We don't share authenticated session with our application. Cookies on this marketing site do not cross to our application's subdomain, and vice versa.
• We don't break URLs. If a page moves, we redirect from the old URL. If a page is removed, we keep the redirect long enough that AI agents and search engines find the new home.

How this is enforced

Our internal operating rules — the full version, with implementation specifics — live in our source repository as a committed document, alongside the code that runs this site. The repository is public. Both are linked from this site's About page.

Changes to our operating rules flow through a documented amendment process with traceability to either a new architectural decision, an evolution of the web standards we follow, or a learning from live operation that justifies the change. Amendments without traceability are rejected.

If something here seems wrong, or you notice we're doing something we said we wouldn't, tell us and we'll fix it.

What we don't promise

We don't promise that nothing will ever go wrong. We promise that when something does go wrong, we will find out, we will tell you if it affected your data, and we will fix the underlying cause — not just the symptom. Boring and trustworthy beats interesting and opaque.