PRIVACY POLICY

Last updated November 20, 2025

This Privacy Notice for YouthCheckIn ("we," "us," or "our"), describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:

  • Visit our website at https://youthcheckin.net or any website of ours that links to this Privacy Notice
  • Use our self-hosted open-source check-in software (downloaded from GitHub)
  • Subscribe to our managed hosting service for a fully-hosted YouthCheckIn instance
  • Engage with us in other related ways, including any sales, marketing, or events
Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at privacy@youthcheckin.net.

SUMMARY OF KEY POINTS

This summary provides key points from our Privacy Notice, but you can find out more details about any of these topics by using our table of contents below.

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use.
Do we process sensitive personal information? We may process information about children/youth (names, ages, guardian information, emergency contacts, allergies, and special needs) when you use our check-in system. This information is only used to provide the check-in service you requested.
Self-hosted vs. Managed Hosting: If you self-host YouthCheckIn using our open-source software, all data stays on YOUR server and we do not collect, access, or process any of your organization's data. This privacy policy primarily applies to users of our managed hosting service.
Do we collect information from third parties? We do not collect any information from third parties except payment processing via Stripe (which handles all payment card data).
How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.
With whom do we share personal information? We share information only with essential service providers: Stripe (payment processing), our hosting infrastructure provider, and email service provider (for support communications).
How do we keep your information safe? We have organizational and technical processes in place to protect your personal information, including encryption, daily backups, and secure access controls.
What are your rights? Depending on where you are located, you may have certain rights including the right to access, correct, or delete your personal information. You can export all your data at any time from the admin panel.

TABLE OF CONTENTS

  • 1. WHAT INFORMATION DO WE COLLECT?
  • 2. HOW DO WE PROCESS YOUR INFORMATION?
  • 3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?
  • 4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
  • 5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
  • 6. HOW LONG DO WE KEEP YOUR INFORMATION?
  • 7. HOW DO WE KEEP YOUR INFORMATION SAFE?
  • 8. DO WE COLLECT INFORMATION FROM MINORS?
  • 9. WHAT ARE YOUR PRIVACY RIGHTS?
  • 10. SELF-HOSTED VS. MANAGED HOSTING
  • 11. CONTROLS FOR DO-NOT-TRACK FEATURES
  • 12. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
  • 13. DO WE MAKE UPDATES TO THIS NOTICE?
  • 14. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
  • 15. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us when using our Services.

For Managed Hosting Customers: When you subscribe to our managed hosting service, we collect:

  • Account Information: Organization name, primary contact name, email address, phone number
  • Billing Information: Processed securely by Stripe (we do not store payment card data)
  • Check-in System Data: All data you enter into your YouthCheckIn instance, including:
    • Family information (names, phone numbers, addresses, emergency contacts)
    • Youth/child information (names, ages, allergies, special needs notes, authorized pickup adults)
    • Event information (event names, dates, descriptions)
    • Check-in/checkout records (timestamps, attendee names, pickup codes)
    • User-uploaded content (logos, images)

For Website Visitors: When you visit our website, we may collect:

  • Email address (if you contact us or sign up for updates)
  • Basic analytics data via Google Analytics (see Section 5)

Payment Data

We use Stripe to process payments for our managed hosting service. All payment card data is handled and stored exclusively by Stripe—we never see or store your full payment card information. You may find Stripe's privacy notice here: https://stripe.com/privacy.

Google API

If you choose to connect your Google Calendar for automatic event imports, our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only access calendar event information (event titles, dates, descriptions) that you explicitly authorize.

Sensitive Information

When you use YouthCheckIn for check-in services, you may enter information about children/youth including names, ages, medical conditions, allergies, and special needs. This information is considered sensitive and is processed solely to provide the check-in and safety services you requested. We treat all youth data with the highest level of security and confidentiality.

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.

We process your personal information for the following purposes:

  • To provide the check-in service: Store and retrieve family, youth, and event information to enable secure check-in and checkout
  • To administer your account: Manage your managed hosting subscription, billing, and support requests
  • To communicate with you: Send service updates, support responses, and important notices about your account
  • To ensure security: Detect and prevent unauthorized access, maintain data backups, and protect against fraud
  • To improve our services: Analyze anonymized usage patterns to improve features and reliability
  • To comply with legal obligations: Respond to legal requests and enforce our terms of service

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?

In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason to do so under applicable law.

If you are located in the EU or UK: We rely on the following legal bases:

  • Consent: You have given us permission to use your personal information (e.g., when you sign up for our service)
  • Performance of a Contract: Processing is necessary to fulfill our service agreement with you
  • Legitimate Interests: We have legitimate business interests in providing secure check-in services, preventing fraud, and improving our services
  • Legal Obligations: We must process your information to comply with applicable laws
  • Vital Interests: Processing is necessary to protect the safety of children/youth in your care

If you are located in Canada: We may process your information with your express or implied consent, or as otherwise permitted by Canadian privacy law.

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We share information only with essential service providers necessary to deliver our Services.

We may share your personal information with:

  • Stripe: Payment processing for managed hosting subscriptions (they have their own privacy policy)
  • Hosting Infrastructure Provider: Our cloud hosting provider who stores your data on secure servers (under strict data processing agreements)
  • Email Service Provider: For sending transactional emails and support communications
  • Law Enforcement/Legal Authorities: Only if legally required by valid court order or subpoena

We do NOT:

  • Sell your personal information to third parties
  • Share your data with advertisers or marketing companies
  • Use your data for purposes other than providing the Services you requested

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We use minimal cookies for essential functionality and optional analytics.

Essential Cookies: YouthCheckIn uses session cookies to maintain your login state and remember your preferences. These are necessary for the service to function.

Analytics: We use Google Analytics on our marketing website (youthcheckin.net) to understand how visitors use our site. You can opt out of Google Analytics tracking by visiting: https://tools.google.com/dlpage/gaoptout

For Hosted Instances: Your individual YouthCheckIn instance (e.g., yourorganization.youthcheckin.net) does not use any third-party analytics or tracking technologies. Only essential session cookies are used.

6. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as your account is active, plus a reasonable period for backups and legal compliance.

Active Accounts: While your managed hosting subscription is active, we retain all data you enter into your YouthCheckIn instance.

After Cancellation:

  • Upon cancellation, we provide you 30 days to export all your data
  • After 30 days, we permanently delete your instance and all associated data
  • Backup copies are retained for 90 days for disaster recovery purposes, then permanently deleted
  • Billing records are retained for 7 years for tax and legal compliance

Data Export: You can export all your data at any time from your admin panel in CSV and JSON formats.

7. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We implement strong security measures to protect your information.

Technical Measures:

  • All data transmitted over HTTPS with TLS 1.3 encryption
  • Database encryption at rest
  • Password hashing using PBKDF2-SHA256
  • Automatic daily backups stored in separate secure locations
  • Regular security updates and patching
  • Multi-factor authentication available for admin accounts

Organizational Measures:

  • Limited access to customer data (only authorized personnel for support purposes)
  • Background checks for employees with data access
  • Security incident response procedures
  • Regular security audits and vulnerability assessments

Important Disclaimer: Despite our safeguards, no electronic transmission or storage is 100% secure. While we do our best to protect your information, transmission to and from our Services is at your own risk. You should only access the Services within a secure environment.

8. DO WE COLLECT INFORMATION FROM MINORS?

In Short: Our service is designed for youth organizations to track children/youth, but we require adult users to operate the system.

Important Distinction:

  • System Users (Account Holders): Must be 18+ years old. These are the administrators, staff, and volunteers operating the check-in system.
  • Youth/Children Data: The system stores information ABOUT minors (as entered by adult users) for the purpose of check-in and safety tracking. This is the intended function of the service.

Parental Consent: By using YouthCheckIn, you represent that:

  • You are at least 18 years old or have parental/guardian permission to use the service
  • You have proper authority from parents/guardians to store and manage information about the children/youth in your program
  • Parents/guardians of children in your program have consented to their children's participation and data collection

COPPA Compliance: YouthCheckIn is designed for use by youth organizations (not marketed directly to children). Organizations using our service are responsible for obtaining appropriate parental consent as required by COPPA and similar laws.

9. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: Depending on your location, you have rights including access, correction, deletion, and portability of your personal information.

Your Rights May Include:

  • Right to Access: Request a copy of the personal information we hold about you
  • Right to Correction: Request correction of inaccurate or incomplete information
  • Right to Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Right to Data Portability: Receive your data in a structured, machine-readable format (CSV/JSON export available in admin panel)
  • Right to Restrict Processing: Request that we limit how we process your information
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw your consent to processing at any time

How to Exercise Your Rights:

  • Export your data directly from the admin panel (available 24/7)
  • Email us at privacy@youthcheckin.net
  • Contact us using the details in Section 14

Response Time: We will respond to your request within 30 days (or as required by applicable law).

10. SELF-HOSTED VS. MANAGED HOSTING

This is an important distinction for privacy:

Self-Hosted (Open-Source Download)

If you download YouthCheckIn from GitHub and host it on your own server:

  • We do NOT collect, access, or process any of your data
  • All data stays on YOUR server under YOUR control
  • You are the data controller and responsible for compliance with privacy laws
  • This Privacy Policy does NOT apply to your self-hosted instance
  • You should create your own privacy policy for your users/families

Managed Hosting (Paid Service)

If you subscribe to our managed hosting service:

  • We host your YouthCheckIn instance on our secure servers
  • We are the data processor; you are the data controller
  • This Privacy Policy applies to how we handle your data
  • We process data only as instructed by you (to provide the check-in service)
  • You retain ownership of all your data
  • You can export and delete your data at any time

11. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers include a Do-Not-Track ("DNT") feature. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.

California law requires us to disclose how we respond to DNT signals. Because there currently is not an industry or legal standard, we do not respond to them at this time.

12. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: If you are a resident of certain US states, you have specific privacy rights under state law.

State Privacy Laws: Residents of California, Colorado, Connecticut, Virginia, and other states with comprehensive privacy laws have additional rights including:

  • Right to know what personal information is collected
  • Right to access your personal information
  • Right to correct inaccuracies
  • Right to delete your personal information
  • Right to opt out of "sales" or "sharing" (Note: We do not sell or share personal information)
  • Right to non-discrimination for exercising your rights

How to Exercise Your Rights: Email us at privacy@youthcheckin.net or use the contact information in Section 14.

Authorized Agents: You may designate an authorized agent to make requests on your behalf. The agent must provide proof of authorization.

California "Shine The Light" Law: California residents may request information about personal information disclosed to third parties for direct marketing purposes. Since we do not disclose personal information for direct marketing, this does not apply.

13. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Last updated" date at the top. If we make material changes, we will notify you by:

  • Posting a prominent notice on our website
  • Sending an email to the primary contact on your account
  • Displaying a notification in your YouthCheckIn admin panel

We encourage you to review this Privacy Notice periodically.

14. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may contact us at:

Email: privacy@youthcheckin.net
Support: support@youthcheckin.net
Website: https://youthcheckin.net

YouthCheckIn
625 N 2nd Street
La Crescent, MN 55947

15. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

In Short: You have full control over your data at all times.

For Managed Hosting Customers:

  • Review & Update: Log into your YouthCheckIn admin panel to view, edit, or update any information
  • Export: Use the built-in export feature to download all your data in CSV or JSON format (available 24/7)
  • Delete Specific Data: Delete individual families, events, or check-in records from the admin panel
  • Delete Everything: Cancel your subscription and request complete data deletion by emailing privacy@youthcheckin.net

To submit a formal data subject access request, email us at: privacy@youthcheckin.net

We will respond to your request within 30 days.

This privacy policy was last updated on November 20, 2025.