Scope
Written scope before access
Customer domain, Okta orgs, environments, access roles, safety boundaries, acceptance criteria, and success evidence are recorded before production work starts.
Enterprise – guided request
Enterprise Okta backup that closes your security review
SLA in writing. MSA, DPA, and BAA on request. SAML SSO and SCIM shipped. Custom retention, named support, and a quote scoped to your actual identity footprint – not a per-seat surprise at renewal. Start with a guided request and trust artifacts now. No person is required to begin the enterprise path.
What you get
Everything in Business, plus the contract terms, controls, and support level that close a real security review.
99.95% uptime SLA with service credits
Written into the MSA. Monthly availability measured against the public /health endpoint and the backup-run API. Credits apply automatically against the next invoice.
MSA + DPA + BAA on request
Master Services Agreement, Data Processing Addendum, and Business Associate Agreement (HIPAA) available before signature. We sign yours or use ours.
SAML SSO (SP and IdP-initiated) + SCIM 2.0
Full federation into the Butterfly admin console. SP-initiated and IdP-initiated flows supported. SCIM 2.0 just-in-time provisioning and deprovisioning are live in production today.
Multi-tenant team isolation
Per-team Postgres row-level security, per-team backup encryption keys, per-team audit log. MSPs managing 10+ client orgs get a separate tenant per client with no cross-tenant data access.
Priority support with named contact
Named technical account contact. 4-hour response on Sev-1 issues, 1 business day on Sev-2. Slack Connect channel available on request. Escalation path direct to the founder.
Custom audit-log retention beyond 365 days
Default is 365 days. Enterprise contracts can extend retention to 3, 5, or 7 years to match SOX, HIPAA, or sector-specific record-keeping requirements. Logs are export-ready as JSON or CSV.
Customer-managed encryption keys (BYOK)
Q4 2026 roadmapBring your own AWS KMS or GCP KMS key for backup-at-rest encryption. Revoke the key, revoke our access. On the Q4 2026 roadmap.
Customer-owned R2/S3 backup storage
Q4 2026 roadmapBackups written to a Cloudflare R2 or AWS S3 bucket you own and control. You hold the data; we hold the index. On the Q4 2026 roadmap.
SOC 2 Type 1 attestation is targeted for Q3 2026; SOC 2 Type 2 is in progress as the evidence-collection track and has not issued. Until attestation issues, the auditable evidence is at /trust (controls, subprocessors, in-flight audit status) plus the live pre-fill at /trust/questionnaire.
Enterprise service standard
Productized delivery with audit-ready proof.
Butterfly should feel like a specialist recovery partner: scoped work, controlled access, dry-run proof, and handoff artifacts that IT, security, procurement, and audit teams can all read.
Validate
Dry-run before mutation
Backups, diffs, restore previews, SSO/SCIM lifecycle checks, and Workflows recovery steps are validated before any customer-approved production change.
Evidence
Artifacts are the deliverable
Handoffs include backup IDs, restore-preview IDs, screenshots, API responses, audit logs, report files, open risks, and a completion checklist.
Operate
Runbook and escalation path
Every services motion ends with owners, escalation paths, operating runbooks, next-review cadence, and the proof needed for audit or incident review.
Who we sell to
Butterfly Enterprise is built for organizations whose business stops when identity stops – and whose procurement process needs more than Stripe checkout to clear it. Start with a guided request; formal terms follow the submitted scope when needed. Regulated finance teams (SOX, GLBA, MAS, FCA). Healthcare and life-sciences orgs that need a HIPAA BAA on file before any vendor touches PHI-adjacent metadata. Defense-adjacent and federal contractors that map controls to NIST 800-53 Rev. 5. Managed service providers running 10+ client Okta orgs who need per-tenant isolation, per-tenant invoicing, and a partner-tier contract.
If your security questionnaire runs more than 50 questions, or your legal team needs to redline an MSA before signature, you're in the right place. The self-serve Business plan is faster – Enterprise is for everyone else.
Security review pre-fill
We maintain a pre-filled answer set for the common Vanta / Drata / SecurityScorecard / SIG Lite questionnaires. Most enterprise teams paste it straight into their procurement portal and move on.
Request the live questionnaire bundle:
How quoting works
Four steps from guided request to a tenant you can hand to your compliance team.
- Step 1
Discovery request
Submit scope, identity footprint, compliance constraints, SSO/SCIM needs, MSP model, and timeline. You can open the Trust Center and questionnaire immediately.
- Step 2
Scope and price
Within one week of discovery we send a fixed-fee quote with the MSA, DPA, BAA (if needed), and our current Trust Center evidence pack. SOC 2 Type 1 attestation is targeted for Q3 2026 – happy to share controls + auditor in flight today.
- Step 3
MSA + SOW signed
DocuSign or Ironclad. We work from your paper or ours. Net-30 invoicing standard; annual prepay discount available.
- Step 4
Provisioned in 24h
Tenant stood up within one business day of signature. SSO and SCIM configured with your IT team in a single working session. First backup runs the same day.
Ready to scope a quote?
Submit the request. You will have the trust artifacts immediately, and the submitted context becomes the scope record for contracting when formal terms are needed.