Trust & Security

Our commitment to you

Friends of Ryan, Inc. is an IRS-recognized 501(c)(3) nonprofit organization.
We take the trust that donors, alumni, and families place in us seriously.
This page is our public accounting of how we protect your data, where your
donations go, and how to reach us if something seems wrong.

How we protect your data

We maintain these controls year-round:

  • HTTPS site-wide with HTTP Strict Transport Security —
    every page is encrypted in transit.
  • Two-factor authentication on administrative accounts
    — no one can log in with just a password.
  • Web application firewall + malware scanning
    Wordfence monitors suspicious traffic and blocks known bad actors.
  • Activity audit logging — every administrative action
    (login, role change, content update) is recorded.
  • IP-based login rate limiting — 5 failed attempts
    triggers a 15-minute block.
  • Daily encrypted backups with a 14-day rolling window +
    host-level weekly backups for 30 days.
  • Independent security policy review on an annual schedule.

How we handle credit card data

We never see your credit card number. All payment processing
is handled by Stripe, a PCI DSS Level 1 certified payment processor. When you
donate or buy a ticket, your browser redirects to Stripe’s own secure checkout
page; we only receive a transaction confirmation afterward.

This makes Friends of Ryan eligible for the simplified PCI SAQ-A compliance
category — the lowest-risk merchant profile.

Where your donation goes

Every donation to Friends of Ryan supports the programs, events, and community
initiatives that connect Archbishop Ryan alumni across generations. We publish
our financials in accordance with IRS nonprofit filing requirements (Form 990
is publicly available on request or via ProPublica’s Nonprofit Explorer).

Donations are tax-deductible to the fullest extent allowed by law. For
donations of $250 or more, we provide a written acknowledgment satisfying IRS
Publication 1771 requirements.

Privacy & data requests

Read our complete Privacy Policy to understand
what we collect, how long we keep it, and what your rights are.

To request access to, correction of, or deletion of your personal data, email
FriendsofRyan.Team@gmail.com
with the subject line “Data Request.” We will respond within 30 days.

Reporting a security issue

If you are a security researcher or have found a vulnerability, please review
our disclosure policy at
/.well-known/security.txt. The short version:

  • Email
    FriendsofRyan.Team@gmail.com
  • Please allow up to 72 hours for an initial response.
  • We do not operate a paid bug bounty program, but we are genuinely grateful
    for responsible disclosure.

In case of an incident

If we ever detect a data breach or security incident that affects you, we will
contact you directly via email and post a notice here. Pennsylvania and New
Jersey law requires us to notify affected residents and state authorities
within 72 hours of discovery for incidents affecting 500 or more people. We
will follow that standard regardless of the number affected.

Questions

Not sure where something fits? Email us at
FriendsofRyan.Team@gmail.com. We are a small team and real people read every message.

Last updated: April 23, 2026. Annual review.