Self-Host YouthCheckIn (Free Forever, MIT License)
Run it on your own hardware or server. Full source code. No restrictions.
YouthCheckIn is a free, open-source (FOSS), self-hosted youth check-in system built for Trail Life troops, scouting groups, churches, co-ops, and clubs. Many of these programs rely on volunteers, operate on tight budgets, and need a safe way to check kids in and out without paying for expensive commercial systems or giving sensitive family data to third-party services. By being fully self-hosted and open-source, YouthCheckIn lets you keep complete control over your data, run it on your own hardware or a VPS, and verify exactly how the system works.
Simple and streamlined for volunteers
Fast family lookup by phone number
QR-code checkout
Thermal label printing (optional)
Customize your branding
import families from CSV
Connect your calendar for automatic event population
Free & Open-source forever.
How It Works - Get Started in 5 Simple Steps
Step 1: Deploy in Minutes
$ docker pull mrcrunchybeans/youth-secure-checkin:latest
$ docker-compose up -dAccess at http://localhost:5000 and complete the 4-step setup wizard (organization details, colors, access code, event settings).
Step 2: Import Your Families
Upload a CSV with families and kids, or add them manually one at a time. Import from spreadsheets, membership systems, or registration forms.
Flexible column name matching
(phone, phone_number, mobile all work).
Step 3: Connect Your Calendar
Add your Google Calendar or Outlook iCal URL in the admin panel. Events automatically populate in the check-in dropdown. Or create events manually if you prefer.
Step 4: Start Checking In
Step 5: Secure Checkout
Display QR code on screen or print thermal labels. Parents enter code at pickup for secure checkout with automatic timestamps. Verify authorized adults can pick up each child.
Built With Modern, Reliable Technology
Tech Stack
Why Self-Hosting Matters
• Privacy First: No internet required (except for optional iCal import)
• All Data Local: Everything stored locally in SQLite database
• No Tracking: No phone-home, no analytics, no external dependencies
• Offline Capable: Works on local network without internet
System Requirements:
Minimum:
• 512 MB RAM
• 100 MB storage (plus data)
• Python 3.10+ (if not using Docker)
• Any modern web browser
Recommended:
• 1 GB RAM
• 1 GB storage
• Docker 20+ with Docker Compose
• Nginx reverse proxy for production
• Let's Encrypt SSL certificate (free)
Works Great On:
• Raspberry Pi 3 or newer
• Cheap VPS (DigitalOcean, Linode, Vultr - $5-10/month)
• Proxmox LXC containers
• Synology/QNAP NAS with Docker
• Home lab servers or Intel NUCs
• Cloud platforms (Heroku, Railway, Render, Fly.io)
Security Features:
• Password Security: PBKDF2-SHA256 hashing with automatic plaintext-to-hashed migration
• Rate Limiting: 5 attempts per minute per IP address prevents brute force attacks
• Account Lockout: 15-minute automatic lockout after 5 failed admin attempts
• Strong Password Requirements: 12+ characters, mixed case, numbers, special characters
• Database Encryption: Optional SQLCipher integration for AES-256 encryption at rest
• Field-Level Encryption: Sensitive data encrypted using Fernet for additional protection
• Zero-Trust Architecture: Every admin action logged and authenticated
• HTTP Security Headers:
- HSTS (1-year enforcement of HTTPS)
- Content Security Policy (CSP) preventing XSS attacks
- X-Frame-Options (prevents clickjacking)
- X-XSS-Protection (browser-level XSS protection)
- X-Content-Type-Options (prevents MIME-type sniffing)
Two Ways to Deploy
Option 1: Docker (Recommended)
# Create a directory and required folders
mkdir youth-checkin && cd youth-checkin
mkdir -p data uploads
# Download docker-compose.yml
curl -O https://raw.githubusercontent.com/mrcrunchybeans/youth-secure-checkin/master/docker-compose.yml
# Pull the latest image from Docker Hub
docker pull mrcrunchybeans/youth-secure-checkin:latest
# Create a .env file with encryption keys and settings
echo "SECRET_KEY=$(openssl rand -hex 32)" > .env
echo "DEVELOPER_PASSWORD=your-secure-password" >> .env
echo "DB_ENCRYPTION_KEY=$(openssl rand -hex 32)" >> .env
# Generate and add Field Encryption Key
python3 -c "from cryptography.fernet import Fernet; print('FIELD_ENCRYPTION_KEY=' + Fernet.generate_key().decode())" >> .env
# Start the application
docker compose up -d
# Access at http://localhost:5000
Advantages: One command deployment, automatic updates, isolated environment, works everywhere Docker runs.
Note: Use docker compose (with space), not docker-compose (with hyphen). The database and uploads are persisted in the data/ and uploads/ folders. Encryption keys are required for production deployments.
Option 2: Python (Direct Installation)
# Clone repository
git clone https://github.com/mrcrunchybeans/youth-secure-checkin.git
cd youth-secure-checkin
# Create virtual environment
python -m venv venv
Activate it:
- Linux/Mac:
source venv/bin/activate - Windows:
venv\Scripts\activate
# Install dependencies
pip install -r requirements.txt
# Configure environment
Create a file named .env in the project folder with:
SECRET_KEY=$(python -c "import secrets; print(secrets.token_hex(32))")
DEVELOPER_PASSWORD=your-secure-password
DB_ENCRYPTION_KEY=$(python -c "import secrets; print(secrets.token_hex(32))")
FIELD_ENCRYPTION_KEY=$(python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())")
Or manually generate keys:
# Generate SECRET_KEY
python -c "import secrets; print('SECRET_KEY=' + secrets.token_hex(32))"
# Generate DB_ENCRYPTION_KEY
python -c "import secrets; print('DB_ENCRYPTION_KEY=' + secrets.token_hex(32))"
# Generate FIELD_ENCRYPTION_KEY
python -c "from cryptography.fernet import Fernet; print('FIELD_ENCRYPTION_KEY=' + Fernet.generate_key().decode())"
# Run application
python app.py
Access at http://localhost:5000
Note: Requires Python 3.10 or higher. Encryption keys are required for production deployments
Free Forever - Really
Open Source (Self-Hosted)
$0/month - Always Free
This is 100% free and open-source software under the MIT License.
What you get:
All features, no limitations or paywalls Unlimited families, kids, and events Unlimited check-ins and devices Complete source code access Self-host anywhere (your choice of server) Modify and customize freely Use commercially without restrictions No attribution requiredWhat it costs:
No subscription fees ever
No per-user charges
No feature limits based on tier
No support contracts required
Your only costs:
• Server/hosting (can run on existing hardware you already own)
• Optional: Domain name (~$10/year)
• Optional: SSL certificate (free with Let's Encrypt)
Managed Hosting (Optional)
For organizations that want a hands-off, turnkey solution.
$10/month or $100/year
Includes:
• Fully hosted YouthCheckIn instance on our servers
• Custom youthcheckin.net subdomain name setup
• Unlimited events, kids, and devices
• Automatic software updates
• Daily backups with retention
• Zero maintenance required
• Email support (48-72 hour response time)
• 99.9% uptime SLA
Optional Support Package: +$5/month
• Priority email support (12-24 hour response)
• Onboarding call to help setup
• Help setting up rooms, events, families
• Assistance with data migration/import
• Troubleshooting and training support
Supporter Tier: $20/month
Same features—just a way for churches to support development and sponsor other ministries.
Want us to host it for you?
Purchase your hosting subscription today.
Why Organizations Trust YouthCheckin
Transparent
Open source code on GitHub. No hidden features, no tricks, no vendor lock-in. You can read every line of code and verify exactly what it does.
Simple
Check-in takes 10 seconds per family. Volunteers can be trained in minutes. Clean interface works on phones, tablets, and laptops. No complex configuration required.
Safe
Built carefully to help ensure the right person picks up the right child. Unique checkout codes, authorized adult tracking, timestamps for accountability.
💻 Self-Host Friendly
One-command Docker deployment. Runs effortlessly on Raspberry Pi 3+, NAS devices, VPS servers, or home lab environments. Python 3.10+ also supported.
Enterprise Security
PBKDF2-SHA256 password hashing, rate-limiting protection against brute force attacks, account lockout after failed attempts, HTTP security headers (HSTS, CSP, X-Frame-Options), and strong password requirements for admin access.
FAQs
Get Help & Contribute
Community Support:
• GitHub Issues: Bug reports and feature requests → github.com/mrcrunchybeans/youth-secure-checkin/issues
• GitHub Discussions: Questions and community help → github.com/mrcrunchybeans/youth-secure-checkin/discussions
• Documentation: Comprehensive guides and tutorials included in repo
• Live Demo: Try before you deploy → demo.youthcheckin.net
Contributing:
This is an open-source project. Contributions welcome!
• Report bugs and request features
• Submit pull requests with improvements
• Improve documentation
• Share your deployment stories
• Help other users in discussions
Documentation Included:
• README.md - Quick start and overview
• DOCKER.md - Complete containerized deployment guide
• DEPLOYMENT.md - Production server setup instructions
• SECURITY.md - Best practices and security hardening
• FAQ.md - Frequently asked questions answered
Ready to Take Control of Your Check-ins?
Read the docs, check the code, star the repo, fork it.
See it in action with pre-populated data. No account needed. No credit card. Just try it.
See it in action with pre-populated data. No account needed. No credit card. Just try it.
Want us to host it for you?
Purchase your hosting subscription today.