Production · Multi-tenant · Mobile-first

Guest flow,
intelligently
orchestrated.

qaira is a production-grade walk-in management system — built from a real problem, deployed on real infrastructure, serving real guests.

Live System ↗ Read the story
Origin

Built from a real problem.

My friend and hairdresser works without appointments. For years, the system was simple: you walk in, he sees you, he remembers the order. Then you wait — somewhere, somehow — and hope to be back in time.

I built wait2go, a first version that digitised exactly this: walk in, register once, leave, get an SMS when you're up. No app. No account. Just a phone number.

qaira is the next iteration — rebuilt from scratch, production-ready, multi-tenant, with a prediction engine, a full notification system, and the kind of infrastructure quality I'd expect from professional software.

A running system. With a pinch of magic, and a lot of coffee.

3
Async services
E2E
Encrypted delivery
100%
Tenant-isolated
Live
qaira.de
Features

Every detail considered.

Built around the guest experience — the moments that matter, the details that make the difference.

01
Frictionless Check-In
Guests join in seconds — via QR code, link, or walk-in. SMS verification, no app, no account. Works on any phone, any browser, immediately.
02
Auto-Call & Timed Notifications
Guests leave freely and get called back at precisely the right moment. Confirmation, reminder, and call-up — orchestrated so nothing falls through the cracks.
03
Intelligent Wait-Time Prediction
A per-shop adaptive model that learns from real visit patterns. Guests get honest estimates — building trust rather than frustration.
04
Guest Memory & Relationship
Returning guests are recognised instantly. Visit history, preferences, and context surface at check-in — turning anonymous visitors into familiar faces.
05
Mobile-First UX
Designed from the ground up for the phone. Every screen, every transition, every interaction is considered — premium micro-interactions that feel native, not like a web form.
06
Social Queue
Guests can share their queue status and invite others to join. Shops become a shared experience — not just a place you wait alone.
07
Walk-In & Advance Booking
Supports both spontaneous walk-ins and scheduled slots — with a smart waitlist that keeps the queue flowing fairly when demand spikes.
08
Shop Dashboard & Benchmarking
Real-time queue overview for shop staff. Analytics and aggregated KPI comparisons against similar businesses — without exposing individual shop data.
Architecture

Designed for reliability.

A full production stack — reverse proxy, application server, task queue, cache, database, and a custom SMS gateway — each component chosen deliberately and configured properly.

Client — Mobile-first browser UI, no app required
Nginx — SSL termination · static assets · security headers
Gunicorn — Application server · production configuration
Django — Multi-tenant SaaS · HTMX · prediction engine
├──────────────────────┐
PostgreSQL — Primary data store
Redis — Cache · task broker
Celery Worker — Async SMS · emails
Celery Beat — Scheduled tasks
SMS Gateway — Self-hosted · cryptographically authenticated
GSM Modem — Direct carrier delivery · no third-party dependency
Backend
Django
Python · HTMX · custom data layer
Task Queue
Celery + Redis
Worker · scheduler · reliable async dispatch
Database
PostgreSQL
Encrypted daily backups · tested recovery procedure
Reverse Proxy
Nginx + Certbot
SSL · security headers · static serving
SMS Gateway
Custom SMS Gateway
Flask API · self-hosted · dedicated hardware · signed requests
CI/CD
GitHub Actions
Automated test and deploy pipeline
Infrastructure

Production, not staging.

Every service configured for real-world operation — monitoring, backups, automated deployments, and a custom SMS stack that runs on its own dedicated hardware.

Hetzner VPS
European VPS · hardened SSH · automated security updates
Online
SSL / TLS
Encrypted connections · always active
Active
CI/CD Pipeline
Automated testing & deployment · zero-downtime rollout
Active
DB Backups
Daily encrypted backups · tested restore procedure · retention policy
Daily
Monitoring
Uptime monitoring · health endpoints · error tracking
Active
SMS Gateway
Dedicated embedded hardware · watchdog · daily backup
Online
Gateway Architecture
Fully self-hosted API on dedicated embedded hardware with a GSM modem. Flat-rate carrier — no per-SMS cost, no third-party dependency.
Authentication
Asymmetric cryptographic authentication. Private key held exclusively on the application server. Every request to the gateway is individually signed and verified.
Reliability
Hardware watchdog active. Health endpoint with signal quality monitoring. qaira polls the gateway continuously and alerts on degradation or recovery.
Privacy
All data processed on EU infrastructure. Phone numbers never leave the DACH region. PII is excluded from all log outputs.
Architecture & Security

Designed with intent.

Security and architectural rigour were first-class concerns from day one — not retrofitted. The system was designed with clear trust boundaries, then formally audited across authentication, data isolation, PII handling, and communication security.

Architecture & Design
Asynchronous by Design
The request cycle is kept lean. Notifications, emails, and background tasks are handled by a dedicated task queue — decoupled from user-facing operations and resilient to transient failures.
Event-Driven Dispatch
Outbound communications are triggered by application state transitions, not scheduled polling. Ensures notifications are sent at precisely the right moment — no race conditions, no duplicates.
Multi-Tenant Architecture
Each shop's data is scoped at the model layer — enforced consistently across views, search, analytics, and file handling.
Self-Owned Messaging Layer
SMS delivery runs on self-hosted hardware with a dedicated carrier connection. No third-party API dependency — full control over delivery, cost, and reliability.
Adaptive Prediction Model
Wait-time estimation is per-shop and data-driven — not a global average. The model accounts for real-world variability and improves as visit data accumulates.
Concurrency-Safe Queue
Simultaneous queue operations are handled without conflicts. Slot claiming and waitlist management are designed to behave correctly under concurrent access.
Security, Privacy & Audit
Authentication Hardening
Login flows include layered protection against automated and repeated access attempts. Token verification is designed to resist known classes of attacks on authentication systems.
Zero-Trust Input Model
All user-supplied content is treated as untrusted — validated and sanitised before use in any outbound communication or storage operation, regardless of origin.
PII Containment
Guest data is processed exclusively on EU infrastructure. Personal data is structurally excluded from operational logs — not redacted after the fact, but never written in the first place.
Cryptographic Gateway Trust
The SMS gateway only accepts requests from the application server, verified via asymmetric cryptography. The communication channel between services is authenticated end-to-end.
Two-Factor Authentication
Sensitive actions are protected by a second verification step via SMS. Access to personal data and account changes requires explicit confirmation beyond the initial login.
Structured Security Review
A systematic review was conducted across authentication, authorisation, session management, injection vectors, PII handling, and inter-service communication — before launch.