Privacy Policy

Last updated: May 2026

Ophelia's Cocktail Companion is an internal operations tool operated by Slings & Arrows Consulting, LLC ("we", "our", or "us") for the bar and restaurant locations that have been granted access. This policy explains what information the tool holds, how it is used, and how to reach us with questions.

Who Uses Ophelia's Cocktail Companion

Access is restricted to staff and administrators at locations that have been issued credentials by an account administrator. The tool is not offered to the general public, and individual location records, recipes, and sales data are scoped to the location they belong to.

Information We Hold

  • Account information. Name, email address, and an authentication credential (hashed password or magic-link token digest) for each user.
  • Operational records. Recipes, ingredients, menus, employee shifts, daily sales reports, and tab transactions that staff enter while running the location.
  • Audit metadata. Records of who changed which entity, when, and what fields were affected (the application's "dossier" log).
  • Session and device data. Devise session cookies, an optional signed device cookie for kiosk authentication, and standard web logs (IP address, user agent, request path) used for security and debugging.
  • Payment integrations. Stripe handles gift-card checkout, and Square handles point-of-sale sales fetch. Card numbers and bank-account information are never stored by us — they are handled directly by those processors.

How We Use This Information

Information is used to operate the tool: to authenticate staff, track inventory and pricing, generate sales and tip reports, process gift-card and tab transactions, and surface audit history to administrators. We do not sell, rent, or share the information for marketing purposes.

Who Else Sees It

Operational data is shared only with the third-party processors we rely on to run the tool — currently Stripe (gift-card payments), Square (POS sales fetch), SendGrid (transactional email), and Anthropic (error analysis on captured exception summaries). Each is contractually responsible for safeguarding the data they receive on our behalf. We do not pass information to advertisers or data brokers.

How We Protect It

Sensitive credentials such as device tokens and API key secrets are encrypted at rest using Rails' Active Record Encryption. Magic-link tokens are stored as one-way SHA-256 digests rather than raw values. Traffic between your browser and our servers is encrypted in transit over HTTPS. Authentication endpoints are rate-limited to slow brute force attempts.

Retention and Deletion

Records are retained while the location they belong to remains active. To request deletion of your personal information, or to export the data we hold about you, contact us using the address below and we will respond within a reasonable period.

Cookies

The tool uses a Devise session cookie to keep you signed in, an optional signed cookie to identify a paired kiosk device, and short-lived Turbo cache cookies. We do not use third-party advertising or analytics cookies.

Changes to This Policy

We may update this policy as the tool evolves. The "Last updated" date at the top reflects the most recent revision. Continued use of the tool after a change constitutes acceptance of the revised policy.

Contact

Questions, deletion requests, or anything else privacy-related can be sent to hello@drinkophelia.com

2026, Slings & Arrows Consulting, LLC Code by Mindtonic Media Made within Asheville, NC