Think Beyond Practice LLC | Last Updated: June 1, 2026
Overview
This page lists the third-party service providers ("Subprocessors") that Think Beyond Practice LLC engages to help operate the Platform. Some Subprocessors process Member account information, payment data, or other personal information. A subset of Subprocessors process Protected Health Information (PHI) on behalf of Members under Business Associate Agreements (BAAs).
This list is reviewed regularly and updated when Subprocessors are added or removed. Material changes will be communicated to Members through the Platform or by email in accordance with our Privacy Policy.
If you have questions about a specific Subprocessor or our diligence process, contact privacy@thinkbeyondpractice.com.
Subprocessors With Executed Business Associate Agreements
These Subprocessors have executed Business Associate Agreements with Think Beyond Practice and may process Protected Health Information in the course of providing services.
[Note for Michael: Add additional rows as BAAs are executed. Until a BAA is executed and you have documented confirmation, do not list a subprocessor here.]
Subprocessors Pending BAA Execution
These Subprocessors are integrated into the Platform but their BAA status is in the process of being confirmed or executed. Members should be aware that PHI is not intentionally routed through these services until BAAs are in place.
[Note for Michael: Once BAAs are confirmed, move these entries to the section above. Until then, do not route PHI through any service in this section.]
Subprocessors Not Used for PHI
These Subprocessors process Member account information, payment data, or other operational data. They are not used for PHI-containing communications or PHI processing in the ordinary course of operations.
Infrastructure and Foundational Services
These services support the operation of Think Beyond Practice but are not designed to access or process Member or patient data directly in the ordinary course of operations.
Email Architecture
Think Beyond Practice maintains separate email infrastructure for different communication types, designed to route PHI-containing communications only through services with executed Business Associate Agreements:
Google Workspace is used for human-composed email through Member-facing inboxes (support, legal, privacy, etc.). PHI may flow through these channels and is covered by the Google Workspace BAA.
AWS SES is used for application-driven transactional email that may contain PHI (such as patient-facing assessment delivery links, letter generator outputs, and clinical workflow notifications). PHI flowing through AWS SES is covered by the AWS BAA.
Resend is used exclusively for non-PHI communications (member broadcasts, forum digests, account confirmations, password resets, marketing emails). PHI is not routed through Resend by design; the Platform's email-routing logic is designed to direct any communication containing PHI to BAA-covered services only.
This architectural separation is designed to ensure that PHI-containing communications are processed only by BAA-covered services. Members who identify any communication that appears to contain PHI delivered through a non-BAA channel should report it to privacy@thinkbeyondpractice.com.
Diligence and Review Process
Before engaging any Subprocessor that may process Member data or PHI, Think Beyond Practice performs reasonable diligence including:
Review of the Subprocessor's privacy and security practices
Verification of compliance certifications where applicable (SOC 2, HIPAA attestations, etc.)
Execution of a Business Associate Agreement for any Subprocessor that processes PHI
Review of the Subprocessor's data handling practices for alignment with our Privacy Policy commitments
We periodically review existing Subprocessors to confirm continued compliance and may discontinue use of a Subprocessor that does not meet our standards.
Notification of Changes
Material changes to this Subprocessor list will be communicated to Members through one or more of the following channels:
Update to the "Last Updated" date at the top of this page
Email notification to Members where the change materially affects how PHI is processed
Platform announcement for changes affecting Platform functionality
Members may review this page at any time at https://thinkbeyondpractice.com/subprocessors.
Member Acknowledgment of Subprocessors
By using the Platform and accepting our Terms of Service, Privacy Policy, and Business Associate Agreement, Members acknowledge and consent to the engagement of these Subprocessors for the operation of the Platform. Members who object to a specific Subprocessor may contact privacy@thinkbeyondpractice.com to discuss alternatives or, if no acceptable alternative is available, terminate their subscription.
Contact
For questions about this Subprocessor list:
Think Beyond Practice LLC 9631 N Nevada St, Suite 209 Spokane, WA 99218
privacy@thinkbeyondpractice.com