Subprocessors & Service Providers
 
Operational transparency into the third parties that support our website and delivery model.
This page summarizes categories of third-party providers (“subprocessors” where applicable) used by Beacon Regulatory Services (BRS) LLC (“BRS LLC,” “we,” “us,” “our”). It complements the Privacy Policy and the Security Statement.
Effective date: December 17, 2025  • Providers, tooling, and configurations may change at any time, including without notice, as we optimize operations and controls.
 
 
On this page
 
 
  • What is a “subprocessor”?
    A subprocessor is a third party that processes personal data on behalf of BRS LLC to support website operations or service delivery (e.g., hosting, communications, onboarding, analytics, payments, scheduling). Whether a provider is a “subprocessor” depends on the engagement and data flows.
    Scope note
    Some providers support only public website operations, while others are used for active client engagements. The applicable agreements and configurations determine the in-scope data.
  • Vendor principles (risk-based oversight)
    BRS LLC applies a pragmatic, risk-based approach to selecting and overseeing vendors. Typical expectations include:
    • Security-by-design (encryption in transit; authentication controls; monitoring where available).
    • Least-privilege access and role-based permissions for systems used in delivery.
    • Data minimization and separation of public website vs. client engagement workflows.
    • Contract alignment (confidentiality, incident response expectations, and appropriate terms).
    • Operational continuity (availability, support responsiveness, and change control).
    Engagement-specific expectations may be addressed through an executed service agreement and, where applicable, a Data Processing Addendum (DPA).
  • Website providers (public site operations)
    The website uses the providers below to deliver core site functionality, manage cookie consent, measure visits (where enabled), and help protect the site from threats. Providers are subject to change at any time, including without notice.
    CategoryProviderPurposeData elements (typical)
    Hosting / Infrastructure IONOS Host and serve beaconfda.com; operational logging; availability IP address; browser/device; server logs (request metadata)
    Threat protection / monitoring IONOS Detect and mitigate security threats (e.g., abuse, suspicious traffic) IP address; request metadata; security event logs
    Consent management Cookiebot Capture and store cookie preference choices; consent logs Consent status; timestamp; device/browser identifiers
    Site analytics (where enabled) Google (Google Analytics) Measure site usage and performance to improve content and usability Usage data; pseudonymous identifiers; device/browser data
    Analytics and non-essential cookies are governed through consent choices (where required/appropriate). See the Cookie Policy and Cookie Declaration.
  • Service delivery providers (client engagements)
    Client engagements may use the providers below to support onboarding, communications, scheduling, and payment processing. Providers are subject to change at any time, including without notice, as BRS LLC optimizes delivery operations.
    CategoryProviderPurposeData elements (typical)
    Client onboarding / forms / workflow HoneyBook Engagement onboarding; intake questionnaires; workflow management; client messaging Name; email; company details; intake responses; engagement metadata
    Scheduling / reminders / meetings Microsoft Meeting coordination; calendar invites; reminders; video meetings (where used) Name; email; meeting metadata; calendar details
    Communications / file sharing Email and Microsoft Exchange engagement communications and documents Contact details; message content; files provided by users
    Payments Major card networks (e.g., Visa, Mastercard, etc.) Enable card payments via the payment workflow used for an engagement Transaction confirmations; limited payment metadata (card data handled by payment flow)
    Payment note
    BRS LLC does not request clients send full card numbers by email. Payment processing is executed through the relevant payment workflow interfaces and controls.
  • Data locations and cross-border processing (summary)
    Provider infrastructure may be geographically distributed. Depending on vendor configurations, support, and hosting architecture, information may be processed in the United States and other locations.
    Client requirements
    If you have data residency, export-control, or confidentiality requirements, raise them during onboarding so we can confirm feasible controls before execution.
  • Updates and change control
    BRS LLC may update this page periodically to reflect vendor or tooling changes. Providers, features, and configurations may change at any time, including without notice, as we improve operational effectiveness and security posture.
    • Website stack changes may occur to improve availability, performance, and security controls.
    • Delivery workflow changes may occur as we scale onboarding, communications, and payment operations.
    If you are an active client and require specific notice obligations, those expectations should be addressed contractually in the executed agreement and/or DPA.
  • Contact
    Questions about subprocessors, service providers, or engagement data flows:
    Beacon Regulatory Services (BRS) LLC
    9105 E 56th St, Ste J #2057, Indianapolis, IN 46216, United States
    Phone: +1 (317) 662-0910
    Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
    See also Legal & Privacy.
 
 
Talk to Beacon Regulatory Services (BRS) LLC
Need a clean, defensible approach to FDA registration, device listing, and U.S. Agent coverage? BRS LLC will align scope, timelines, and governance—without operational drag.
Fast support. Clear accountability. Audit-ready execution.
Contact Beacon Regulatory Services (BRS) LLC