FAQs

Q. What is the Camp Greenbrier mission statement?
A. It is the mission of Camp Greenbrier to provide campers with a safe, positive environment where they can have fun, gain independence, improve their self-confidence, and learn to live unselfishly with others.
Q. How long has Camp Greenbrier been in existence?
A. Since 1898. Camp Greenbrier is the oldest, privately owned, summer camp in the United States.
Q. How old are the campers?
A. The campers in the boys camp range in age from 7 to 15 years old. Participants in the Leadership Academy are 16 to 17 years old or have completed the 10th grade.
Q. How many campers are there in each session?
A. There are 130 campers in each session.
Q. What is the ratio of counselors to campers?
A. Generally, there is a counselor in each tent with three campers. In a few cases, there may be four campers in a tent with a counselor. Also, some fifteen year old campers may be in an honor tent, without a counselor.
Q. Tell me about the counselors.
A. Most of the counselors are college students. Many of them grew up as campers at Greenbrier. The rest have been referred by friends of Greenbrier, or are international staff who have come to Camp through a long-running cultural exchange program. The counselors go through an intensive week long orientation prior to the arrival of the campers.
Q. What are the medical accommodations?
A. A doctor or a registered nurse is on site in our Infirmary 24 hours a day to care for campers and staff. The local physician’s office is 1/4 mile from camp, emergency services are 2 miles away, and the local hospital is 13 miles from camp. It is your responsibility to provide medical insurance for your camper. We do not provide accident insurance or prescription medicines. In the event there is a need for either, the local hospital or drug store will bill you for services, which your own medical insurance may cover. Our medical staff handles routine treatments and the giving of daily medication. A camper health form will be sent to families in mid-April. A doctor’s physical is not required but each camper’s vaccination record will be needed.
Q. What are the bathroom and shower facilities like?
A. Modern plumbing with stalls for showers and toilets.
Q. How structured is the camper's day?
A. Each week, campers get to choose their own activities for that week’s morning classes. During the afternoons, campers can choose a trip out of camp, participate in team sports, or make other individual activity choices. The evening activities are selected according to the campers’ ages and interests.
Q. What happens when it rains?
A. Basically, campers and counselors go on with their regular activities. In case of a thunder storm, all campers wait out the storm in a nearby building.
Q. Please tell us about the Awards Ceremony.
A. At the end of each term, there is an Awards Ceremony for all of the campers. Campers can receive Honor Roll Cards, trophies, and/or the Order of the Star. Campers earn points by demonstrating learned skills, showing improvement, and having a good attitude. Campers who earn 10 points in an activity, earn that activity’s Honor Roll. Campers who receive 100 or more points during a term are awarded the Order of the Star. Trophies are also given out for each activity. Trophies can be awarded to the camper who excels the most, or to the camper who is the most enthusiastic, or to the most improved.
Q. How do campers get to and from camp?
A. Campers can come to camp by car, flight to Greenbrier Valley Airport in Lewisburg, WV, or flight to Dulles International Airport, outside of Washington, DC. The Amtrak train may also provide transportation to Alderson, WV. The train station is two miles from camp (check for age minimums for passengers). There is a $135.00 fee for the Dulles pick-up – this includes pick up from the airport, a place to stay near the airport for the night, meals, and transportation to camp the next day. There is a $100.00 fee for transportation to Dulles for flights home from camp. Remember, campers who are traveling to camp through Dulles International Airport should arrive the day before the opening day of the session they are attending. And for travel home via Dulles, campers’ flights should depart after 3:30 p.m. on the last day of the camper’s session, allowing us time to get them to the airport and through security. Travel instructions will be sent to each family in mid-April.
Q. What about camper spending money?
A. Each camper has spending money for the camp store. Minor items such as stamps, envelopes, snacks and drinks, tennis balls, toothpaste, batteries, etc., can be purchased. Each camper must have a minimum of $125.00 in his camp store account. Any boy’s account money not used will be returned to the camper on the day he departs from camp. Boys may not have cash in their possession while at camp.
Q. What is carried in the camp store?
A. Our Camp Store has a great selection of high quality baseball caps, t-shirts, shorts, and sweatshirts, which are suitable for your child to wear at home and at school. Post cards, ping pong paddles, camp stickers, flashlights, water bottles, and other items can also be purchased in the Camp Store. An order form for hats, t-shirts, shorts, and sweatshirts will be sent to parents in mid-April, along with the other pre-camp forms.
Q. How is camper laundry taken care of?
A. The camp fee covers the cost of laundry. Unlimited laundry is done for every camper once a week.
Q. What happens when a camper has his birthday while at camp?
A. Each camper receives a cake and a “Happy Birthday” song from the entire camp on his birthday. Parents are welcome to send birthday packages ahead of time, to be opened on the camper’s birthday. Please mark these birthday packages on the outside “Birthday, to be opened on ……” with the date clearly indicated.
Q. What should a camper bring to camp?
A. Most campers will wear a t-shirt and shorts most of the time. We urge each camper to have at least one official Greenbrier t-shirt for special occasions. For more details, select “Families” on the menu bar and then select “Forms” to find the “What to Bring” list. This form will also be sent to all families in mid-April. Families should tape this list to the inside of the camper’s trunk lid for easy reference.
Q. What not to bring?
A. Cell phones, or any device which is capable of playing a video, or any device which can connect to the internet, may not be brought to camp. Campers should also refrain from bringing expensive items like watches, cameras, etc., because they can be easily broken or lost and they are not necessary for a happy camping experience. Campers are also not permitted to have money with them while at camp. Weapons of any kind, including pocket knives, are not permitted. Additionally, campers may not have or use alcohol, tobacco products, vaping products, or non-prescription drugs while they are at camp.
Q. What luggage should a camper bring to Camp?
A. The general practice for each camper is to bring a trunk or footlocker for clothing and small articles, and a duffel bag for bedding and large bulky items. There are no size restrictions for the trunks / footlockers.
Q. May campers have visitors during their stay at camp?
A. We do not allow visiting because we have found it is not in any of the campers’ best interests. Visitors may cause homesickness where none previously existed, even in a camper who merely sees another camper’s parents visiting. We do, however, want you to meet our staff and see our facilities, so we suggest you either bring your camper to camp or pick him up at the end of his stay. Please understand that our position on visiting is for the well-being of all of the children.
Q. Should we send packages to our son while he is at camp?
A. Please do not send food, candy, or gum. In a supervised situation, the campers are able to get snacks and goodies from our camp store. If food, candy, or gum is received, it will be discarded. Please make sure all family members (grandparents, etc.) are familiar with these guidelines. We suggest, in lieu of food, candy, and gum: postcards, comic books, yesterday’s sports page or comic strips, paperback books, games for Rest Hour, etc. We recommend not sending more than one package every three or four days.
Q. How do I communicate with my camper while he is at camp?
A. Feel free to write letters to your camper while he is at camp. We recommend not sending letters or packages more than once every three or four days. Constant communication from home makes it harder for campers to gain the true independence camp is uniquely situated to instill in a camper. Campers are not permitted to use the camp phone to receive or place calls, except in the case of an emergency. A telephone call will often create homesickness where none previously existed.
Q. What is the timing for signing up and returning forms like the health form to camp?
A. Campers can sign up at any time after October 1. In mid-April, additional forms including a health form will be sent to all camp families. The health form and the other forms will need to be returned to camp by May 15.
Q. What is camp's Privacy Policy with respect to how it handles campers' and their families' personal information?
A. At Camp Greenbrier, we are committed to maintaining strong privacy protections for our camper families. We will collect personal information about your family when you visit us in person, write to us via regular mail, talk with us on the telephone, email us, and when you visit our website. The information we will collect includes addresses, telephone numbers, email addresses, and medical information about campers in attendance. This information will be used to provide the best camp experience possible; to establish and maintain camper accounts and billing records; to contact you about our camp sessions and other special events; to provide appropriate medical care as it is warranted; and to monitor website statistics. Your personal information will not be shared with anyone outside of Camp Greenbrier, except medical persons when deemed appropriate by our medical staff or the Camp Director, for the care of a camper in attendance.
Q. What is your Credit Card, Debit Card, and Bank Account Security Policy?
A. Camp Greenbrier uses Stripe, a payment processing company, which uses best-in-class security practices to maintain the highest levels of security. Please see the following from Stripe regarding their protocols: 

PCI-certified

A PCI-certified auditor evaluated Stripe and certified us to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. This audit includes both Stripe’s Card Data Vault (CDV) and the secure software development of our integration code.

We provide our users with features to automate some aspects of PCI compliance.

  • We analyze the user’s integration method and dynamically inform them of which PCI validation form to use.
  • If a user integrates with Stripe Elements, Checkout, Terminal SDKs, or our mobile libraries, we provide assistance in completing their PCI validation form (Self-Assessment Questionnaire A) in the Dashboard.
  • We publish a PCI Compliance Guide to help educate our users about PCI compliance and how Stripe can help.

System and Organization Controls (SOC) reports

Stripe’s systems, processes, and controls are regularly audited as part of our SOC 1 and SOC 2 compliance programs. SOC 1 and SOC 2 Type II reports are produced annually and can be provided upon request.

The Auditing Standards Board of the American Institute of Certified Public Accountants’ (AICPA) Trust Service Criteria (TSC) developed the SOC 3 report. Stripe’s SOC 3 is a public report of internal controls over security, availability, and confidentiality. View our recent SOC 3 report.

EMVCo standard for card terminals

Stripe Terminal is certified to the EMVCo Level 1 and 2 standards of EMV® Specifications for card and terminal security and interoperability. Terminal is also certified to the PCI Payment Application Data Security Standard (PA-DSS)—the global security standard that aims to prevent payment applications developed for third parties from storing prohibited secure data.

NIST Cybersecurity Framework

Stripe’s suite of information security policies and their overarching design are aligned with the NIST Cybersecurity Framework. Our security practices meet the standards of our enterprise customers who must provide secure products like on-demand cloud computing and storage platforms (for example, DigitalOcean and Slack).

Privacy and data protection

Stripe’s privacy practices comply with CBPR and PRP systems as evidenced by the CBPR and PRP certifications Stripe has obtained. To view the status of our certifications, please click here (CBPR) and here (PRP). Stripe also complies with the U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce. To view our certifications, please see here.

We continuously implement evolving privacy and data protection processes, procedures, and best practices under all applicable privacy and data protection regimes. For more information, see the following resources:

Stripe product securement

Security is one of Stripe’s guiding principles for all our product design and infrastructure decisions. We offer a range of features to help our users better protect their Stripe data.

Sensitive action authentication

The Stripe Dashboard supports several forms of multi-factor authentication (MFA) including: SMStime-based one-time password algorithm (TOTP), and universal 2nd factor (U2F). We also support single sign-on through Security Assertion Markup Language (SAML) 2.0, allowing customers to mandate sign-in requirements, configure access control, and instantly onboard team members through Just-in-Time account provisioning.

Support requests from users must be authenticated by sending the request from the Dashboard (after login) or by verifying account access before a support response is proffered. By requiring authentication, we minimize the risk of providing any information to non-authorized people.

Access restriction and auditing

From the Dashboard, users can assign different detailed roles to enable least-privilege access for their employees, and create restricted access keys to reduce the security and reliability risk of API key exposure.

Users can also view audit logs of important account changes and activity in their security history. These audit logs contain records of sensitive account activity, like logging in or changing bank account information. We monitor logins and note:

  • If they’re from the same or usual devices
  • If they’re from consistent IP addresses
  • Failed attempts

Users can export historical information from the logs. For time-sensitive activities, such as logins from unknown IPs and devices, we send automatic notifications so that logs don’t need to be reviewed manually.

HTTPS and HSTS for secure connections

We mandate the use of HTTPS for all services using TLS (SSL), including our public website and the Dashboard. We regularly audit the details of our implementation, including the certificates we serve, the certificate authorities we use, and the ciphers we support. We use HSTS to make sure that browsers interact with Stripe only over HTTPS. Stripe is also on the HSTS preloaded lists for all modern major browsers.

All server-to-sever communication is encrypted using mutual transport layer security (mTLS) and Stripe has dedicated PGP keys for users to encrypt communications with Stripe, or verify signed messages they receive from Stripe. Our systems automatically block requests made using older, less secure versions of TLS, requiring use of at least TLS 1.2.

The stripe.com domain, including the Dashboard and API subdomains, are on the top domains list for Chrome, providing extra protection against homoglyph attacks. This makes it harder to create fake pages that look like stripe.com in Chrome (for example, strípe.com), which renders as punycode (xn–strpe-1sa.com), in turn making it harder for Stripe credentials to be phished.

Proactive internet monitoring

We proactively scan the internet for our merchants’ API keys. If we find a compromised key, we take appropriate action, advising the user to roll their API key. We use the GitHub Token Scanner to alert us when a user’s API keys have been leaked on GitHub. If we find external phishing pages that might catch our users, we work proactively with our vendors to take those down and report them to Google Safe Browsing.

Infrastructure safeguards

Our security teams test our infrastructure regularly by scanning for vulnerabilities and conducting penetration tests and red team exercises. We hire industry-leading security companies to perform third-party scans of our systems, and we immediately address their findings. Our servers are frequently and automatically replaced to maintain server health and discard stale connections or resources. Server operating systems are upgraded well in advance of their security end of life (EOL) date.

Dedicated card technology

Stripe encrypts sensitive data both in transit and at rest. Stripe’s infrastructure for storing, decrypting, and transmitting primary account numbers (PANs), such as credit card numbers, runs in a separate hosting infrastructure, and doesn’t share any credentials with the rest of our services. A dedicated team manages our CDV in an isolated Amazon Web Services (AWS) environment that’s separate from the rest of Stripe’s infrastructure. Access to this separate environment is restricted to a small number of specially trained engineers and access is reviewed quarterly.

All card numbers are encrypted at rest with AES-256. Decryption keys are stored on separate machines. We tokenize PANs internally, isolating raw numbers from the rest of our infrastructure. None of Stripe’s internal servers and daemons can obtain plain text card numbers but can request that cards are sent to a service provider on a static allowlist. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in a separate hosting environment, and doesn’t share any credentials with Stripe’s primary services including our API and website. It’s not just PANs that are tokenized this way; we treat other sensitive data, like bank account information, in a similar way.

© Camp Greenbrier, All Rights Reserved 2024