Pulling the latest…
Pulling the latest…
This is a short, honest privacy note. Alongside Events is built and operated by Roman Kucheryavyy and Anna Kucheryava under Alongside Coffee, based in Auburn, Washington, USA, alongside our mobile coffee bar of the same name. We don’t run ad networks. We don’t sell data. We try to collect as little as we need.
From coffee cart operators: name, email, business name, phone (private — never shown to guests or couples), city + state, billing information (handled by Stripe — we never see full card numbers), your cart’s logo and photo if uploaded, your event settings (menus, modifier groups, palette choices, operating mode), and your client list if you choose to use the Studio CRM.
From wedding couples / event hosts: only what they submit via their customization link — their chosen colors, fonts, welcome message, story, drink-brief questionnaire answers, and any photos they upload through the couple surface. No account required, no email collected unless they opt to share one.
From wedding guests: first name, last name, and (if the guest opts in via QR ordering) a phone number for the “your drink is ready” SMS. Walk-up orders taken at the cart deliberately collect NO phone number — the field is absent from every walk-up surface, so SMS only runs against guest-supplied, guest-consented numbers from QR ordering. Phone numbers are stored for the duration of the event (so the SMS can fire) and salted + SHA-256 hashed for any longer retention. The raw phone number is removed from the platform after the event concludes; the hash is retained for fraud / abuse review for up to 30 days. Reviews, photos, and short notes are collected only if the guest chooses to submit them.
Payment information from guests (we do not process guest payments), location data beyond the venue you typed yourself, browsing history from other sites, contacts, or anything beyond what’s required to make the product work. We don’t embed third-party trackers or ad tags.
To deliver the service: show the menu to guests, route orders to the barista queue, send ready notifications, render the recap microsite, support your account, and power the analytics + CRM views on Studio. We do not share your data with third parties except the infrastructure providers required to run the service — each bound by their own data processing agreements (see below).
If a guest opts in when ordering — via an unchecked consent box; we don’t pre-tick — we send a single transactional “your drink is ready” text when their order flips to ready. The text identifies Alongside as the sender, includes a tracking link, the couple’s name, and STOP / HELP keyword instructions. STOP removes the guest’s number from the event’s SMS list immediately.
Twilio is the SMS delivery processor; they see the message content + recipient number to deliver. They don’t use this for their own marketing. We do not send marketing SMS to guests — only the order-ready notification they consented to.
Phone numbers collected for SMS notifications are never shared, sold, or licensed to third parties or affiliates for their marketing purposes. The only entity that processes the number is Twilio (our carrier-of-record SMS provider), strictly to deliver the single transactional ready alert the guest opted in to.
Guest photo uploads go straight to a private storage bucket — nothing appears publicly until the operator approves it. The upload form requires the guest to affirm consent of everyone in the photo (with explicit guardian language for minors) before submission can proceed. Approved photos + notes are rendered on the recap microsite at an unguessable token-gated URL. Couples can download the full photo pack as a zip from the recap.
Couples can report individual photos directly from the recap; reported photos are pulled from the public surface immediately and returned to the operator’s moderation queue for review.
Per-event photo upload caps protect operators from spam-uploads: 10 entries per order and 500 total per event (5 / 25 on demo events).
Review intelligence (free tier): when a guest writes a short review after their drink, the platform uses Anthropic’s Claude model to tag the comment against a fixed set of quality flags (“bitter shot,” “over-milked,” “slow wait”). Tags surface as live quality banners in barista mode. The original comment is stored on the event’s reviews tab and is never shared across operators.
AI signature drinks (paid tier): when the couple fills in the drink-brief questionnaire, the platform sends their answers + your cart’s menu inventory to Claude to propose four drink suggestions. We apply a content-safety post-check on the model output that substitutes a generic placeholder for any name/description containing forbidden terms. Output is rate-limited per event (5-second cooldown, 200-call lifetime cap) to bound AI spend on any single token.
Anthropic processes these requests transiently to return the response and does not train models on our API traffic per their commercial data terms.
The menu surfaces allergen tags per drink + per modifier (milk, tree-nuts, wheat, etc.) so guests with allergies can see at a glance what each drink contains. Allergen tags are operator-supplied; the platform displays them but doesn’t verify them. Guests with serious allergies should always confirm with the barista before ordering.
Operator logos, cart photos, menu items, palette choices, and every event’s orders / reviews / photos / notes are scoped to the operator account via row-level security. Other operators cannot see or query your data. When you delete an event from its Controls tab, all event-scoped data is removed from the database and storage bucket; operator-level brand assets persist on your account until you remove them from Settings.
To enforce our “first event free” promise fairly, we deduplicate operator accounts at signup + profile-save time against (a) email, (b) phone, and (c) normalized business name. If we find an existing operator who’s already used their free event with one of these matching keys, the new account’s first event is treated as paid rather than free. We don’t share your contact info with any other operator, and the dedup check uses indexed lookups, not raw scans.
Supabase stores the operational database and private photo bucket. Vercel serves the app + handles request logs. Stripe handles payments + webhooks. Twilio delivers SMS. Anthropic powers review tagging + couple signature drinks. Resend sends transactional email (refund requests, demo bookings, waitlist).
Each provider is bound by their own DPA.
You can export, delete, or request a copy of your data at any time by emailing support@alongsidecoffee.com. We’ll respond within seven days.
For guest data: guests can request their stored contact + order records be removed by contacting the operator, who can remove the order (and its retained hash) from the event. Guests in California (CCPA) and the EU/UK (GDPR) have additional rights including right to know, right to delete, right to data portability, and right to non-discrimination — exercise these by emailing support and we’ll route the request to the appropriate operator and process within the regulatory window.
Alongside Events is not intended for children under 13. Photos of minors at events are moderated through the guest-consent gate at upload + operator approval before appearing on the recap.
Operators can request a refund of any paid event from the event’s Controls tab; that emails Roman directly. Most refunds process within one business day and your plan_tier flips back to free automatically once Stripe confirms the refund. Account deletion removes operator contact info, brand assets, all events, and all child records (orders, reviews, photos, etc.). Database backups may retain deleted records for up to 30 days for disaster-recovery purposes, after which they’re purged.
We’ll update this page when things change. Material changes will be announced in-product. The “updated” date at the top reflects the most recent edit.
Questions? Email us at support@alongsidecoffee.com.