LoveCode
Security & privacy

Built for the clinical standard.

PHI is not a feature. It's the foundation. Here's exactly what we protect, how — and what we do not claim.

BAA available

Business Associate Agreement available for production deployments. Contact us to begin the BAA process.

Role isolation

Each partner’s data is isolated at the API layer. Partners cannot see each other’s records or your clinical notes.

AI transparency

AI drafts are labeled, attributed, and deny-by-default without clinician attestation.

Clinician-in-the-loop

AI drafts are never auto-filed. Safety alerts never auto-dispatch. Every clinical action requires your explicit sign-off.

Encrypted storage

Data encrypted in transit and at rest.

Audit trail

Every AI output, note signing, consent action, and safety record is timestamped and attributed.

The BAA process

Production deployment that handles Protected Health Information (PHI) requires a signed Business Associate Agreement between your practice and the platform operator, plus an isolated production environment. Pre-production and demo environments contain synthetic data only and must not be used with real patient information. Contact us to begin the BAA process.

What we do not claim

  • LoveCode is not a HIPAA-certified product. HIPAA compliance is an operational posture, not a certification.
  • We do not claim SOC 2 certification unless and until it is received.
  • We do not publish uptime SLAs without a real measurement.
  • We make no claims of clinical outcomes, recovery rates, or FDA clearance. LoveCode is not a medical device.
LoveCode is a clinical documentation and support platform. It is not a licensed mental health provider, does not provide therapy or clinical advice, and is not a substitute for the judgment of a licensed clinician. It is not affiliated with or endorsed by The Gottman Institute, Inc.