Built for the clinical standard.
PHI is not a feature. It's the foundation. Here's exactly what we protect, how — and what we do not claim.
BAA available
Business Associate Agreement available for production deployments. Contact us to begin the BAA process.
Role isolation
Each partner’s data is isolated at the API layer. Partners cannot see each other’s records or your clinical notes.
AI transparency
AI drafts are labeled, attributed, and deny-by-default without clinician attestation.
Clinician-in-the-loop
AI drafts are never auto-filed. Safety alerts never auto-dispatch. Every clinical action requires your explicit sign-off.
Encrypted storage
Data encrypted in transit and at rest.
Audit trail
Every AI output, note signing, consent action, and safety record is timestamped and attributed.
The BAA process
Production deployment that handles Protected Health Information (PHI) requires a signed Business Associate Agreement between your practice and the platform operator, plus an isolated production environment. Pre-production and demo environments contain synthetic data only and must not be used with real patient information. Contact us to begin the BAA process.
What we do not claim
- LoveCode is not a HIPAA-certified product. HIPAA compliance is an operational posture, not a certification.
- We do not claim SOC 2 certification unless and until it is received.
- We do not publish uptime SLAs without a real measurement.
- We make no claims of clinical outcomes, recovery rates, or FDA clearance. LoveCode is not a medical device.