legal document
Processor List
Last updated: 2026-05-30
Version: 1.0
Scope: pulsar-grc.pl and pulsar-grc.com as landing pages only.
1. Scope
This list covers providers that may process data in connection with the Pulsar GRC landing page, contact forms, security, optional analytics and technical website operation.
It does not cover the future Pulsar GRC application, customer tenants, user accounts, organization documents, risk registers, audits, CAPA records or data processed under separate B2B agreements.
2. Providers
| Provider | Role | Data categories | Use condition |
|---|---|---|---|
| Vercel Inc. | page hosting, serverless functions, technical logs and Vercel Web Analytics | technical logs, HTTP request data, form-function runtime, aggregated traffic statistics | landing-page infrastructure; Vercel Web Analytics as aggregated website analytics |
| Cloudflare, Inc. | Turnstile and form protection against spam and bots | verification token, IP address, request data, device and browser signals | when Turnstile is enabled |
| Resend / Plus Five Five, Inc. | e-mail delivery for contact forms and Brillnet-owned contact-list handling | full name, e-mail address, organization name, subject, message content, subscription source, consent or unsubscribe status, technical delivery metadata | when the user submits a form or subscribes to Brillnet-owned communication |
| Google Ireland Ltd. / Google LLC | Google Analytics 4 | cookie identifiers, page events, device data | only after analytics consent and where GA4 is configured |
3. Transfers outside the European Economic Area
Providers may use infrastructure or subprocessors outside the European Economic Area. Resend / Plus Five Five, Inc. is a US-based provider. Data transfers should rely on GDPR-compliant mechanisms, including a data processing agreement, Standard Contractual Clauses, the EU-US Data Privacy Framework or other appropriate safeguards.
4. Deliberately excluded items
The Pulsar GRC landing page should not list services that are not used by the page itself, in particular payment processors, application login, the application database, customer tenants, risk registers, audits, CAPA records or organization documents.
If any of those services is actually added to the landing page, this list should be updated before deployment.