# WarmAI assets host — security & contact policy
# Published per RFC 9116 (https://www.rfc-editor.org/rfc/rfc9116.html)
# This file lives at: https://assets.warmai.uk/.well-known/security.txt

Contact: mailto:support@getwarmai.com
Expires: 2027-04-28T00:00:00Z
Preferred-Languages: en
Canonical: https://assets.warmai.uk/.well-known/security.txt
Policy: https://getwarmai.com/tracker

# About this domain
# -----------------
# assets.warmai.uk hosts first-party tracking scripts (warm.js, warm-pro.js)
# operated by Warm AI Ltd. The scripts are loaded by paying customers on
# their own websites for visitor analytics and identification purposes.
#
# Operator:        Warm AI Ltd, United Kingdom
# Reg. office:     107 Highfield Lane, Oving, Chichester, PO20 2NN, UK
# ICO reg:         ZC135250
# Hosting:         Cloudflare R2 (bucket: warmai-assets)
# In operation:    Since 2026-04-28, owner-controlled throughout
# Public source:   https://github.com/Nudge-AI-UK/warmai-tracker (safe variant)
# Privacy policy:  https://getwarmai.com/tracker
# Customer site:   https://www.getwarmai.com
#
# We comply with GDPR, PECR, ePrivacy, CCPA, and Google's content policies.
# The default warm.js variant uses sessionStorage only — no cookies, no
# fingerprinting, no form scraping, no TLD probing — and honours Do Not
# Track and Global Privacy Control. The warm-pro.js variant (advanced
# features) is gated on customer-side CMP consent AND honours DNT/GPC.
#
# If you have identified a security issue with assets.warmai.uk or its
# scripts, please email support@getwarmai.com. We respond within
# 48 hours during UK business days.