Privacy Policy
Last updated: June 2026
HumbleSuite (operated by PoiseOps Consulting LLC) is an all-in-one platform for small businesses, including businesses in healthcare. We take your privacy seriously. This policy explains what data we collect, why, and what we do with it, in plain English.
What data we collect
- •Account information: your name, email address, and password (hashed with bcrypt, never stored in plain text).
- •Business data: anything you enter into HumbleSuite: clients, invoices, jobs, inventory, employees, documents, and more. This is your data, and it may include personal information about the people you serve.
- •Usage analytics: basic metrics like which modules you use and how often, so we can improve the platform. We do not track you across other websites.
Protected health information (HIPAA)
When a healthcare customer uses HumbleSuite to handle protected health information (PHI), HumbleSuite acts as a Business Associate under HIPAA. In that role we handle PHI only to provide the service, under a Business Associate Agreement (BAA) with that customer, and we apply administrative, physical, and technical safeguards designed to meet the HIPAA Security Rule. Our cloud infrastructure runs on Amazon Web Services under a signed AWS BAA. We do not use or disclose PHI for our own purposes, and we never sell it.
If you are a healthcare provider evaluating HumbleSuite, contact us to request a BAA and our security documentation.
How we use your data
Your data is used for one purpose: to provide and improve HumbleSuite for you.
- •To run your business modules (CRM, invoicing, scheduling, etc.)
- •To send you important account notifications (billing, security)
- •To improve performance and fix bugs
We never sell your data. Not to advertisers, not to data brokers, not to anyone. Period.
Data storage and security
Your data is stored on Amazon Web Services in the United States (Oregon region) under a signed Business Associate Agreement. The database (Amazon RDS for PostgreSQL) and file storage (Amazon S3) run in a private network that is not publicly accessible.
- •Encryption: data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
- •Authentication: passwords are hashed with bcrypt, and two-factor authentication is supported and can be required.
- •Access controls: role-based permissions, strict separation between businesses so no account can see another's data, and logging of access to sensitive records.
Third-party services
We use a small number of trusted services and share only the minimum data required for each to function:
- •Amazon Web Services: hosting, database, file storage, and AI features, all under a signed Business Associate Agreement.
- •Stripe: payment processing. We never see or store your full card number.
- •Email delivery: transactional email (verification, receipts, notifications). We are completing migration to Amazon SES under our AWS BAA and minimize personal information in email content.
Your rights
You have full control over your data. At any time, you can:
- •Access: view all data we have about you and your business.
- •Export: download your business data.
- •Delete: permanently remove your account and associated data.
We honor these access, export, and deletion rights for all users regardless of location. For PHI, requests from individuals are handled through the healthcare customer (the covered entity) we serve, as required by HIPAA. To exercise your rights, visit your account settings or contact us.
Cookies
We use minimal, functional cookies only. These are required for authentication (keeping you logged in) and basic session management. We do not use advertising cookies, tracking cookies, or any third-party cookie-based analytics. There is nothing to opt out of because we are not tracking you.
Contact
If you have any questions about this privacy policy, your data, or to request a BAA, reach out to us at contact@humblesuite.com.
See also: Terms of Service