Privacy Policy — Butterfly Security for Okta
Chrome Extension
Last updated: April 2, 2026
1. Introduction
This Privacy Policy describes how the “Butterfly Security for Okta” Chrome extension (“the Extension”), published by Butterfly Security (“we”, “us”, or “our”), collects, uses, stores, and protects information when you install and use the Extension.
The Extension enables Okta administrators to create local configuration snapshots of their Okta tenant for backup, change management, and disaster recovery purposes. We are committed to transparency about our data practices and to protecting the information entrusted to us.
2. Information We Collect
2.1 Okta Configuration Snapshots (User-Initiated Only)
When you explicitly initiate a snapshot, the Extension reads Okta resource configuration data from the Okta admin console page you are viewing. This may include:
- User profiles (names, email addresses, statuses, roles)
- Group definitions and group membership mappings
- Application assignments, SSO configurations, and provisioning settings
- Authentication policies, sign-on policies, and MFA enrollment rules
- Authorization server settings, custom claims, and scopes
- Network zones, trusted origins, and API tokens metadata
No data is collected automatically. The Extension only reads Okta configuration data when you explicitly click the snapshot button. You retain full control over what is captured and when.
2.2 Extension Preferences
The Extension stores your local preferences using the Chrome Storage API, such as:
- Snapshot naming preferences
- UI settings (side panel state, display options)
- Butterfly Security feature preferences (for example, AI guidance state)
2.3 What We Do NOT Collect
The Extension does not collect, transmit, or process:
- Personal browsing history or activity outside Okta domains
- Keystrokes, form inputs, or credentials (passwords, API keys, or secrets)
- Analytics or usage telemetry
- Tracking cookies or advertising identifiers
- Browser or device fingerprinting data
- Data from any website other than your Okta admin console
3. How Data Is Stored
3.1 Local Storage (Default)
By default, all snapshot data is stored locally in your browser using IndexedDB and the Chrome Storage API. This data:
- Never leaves your device unless you explicitly use a Butterfly Security feature that sends it
- Is accessible only to the Extension within your browser profile
- Is protected by your operating system's user account controls
- Persists until you manually delete it or uninstall the Extension
3.2 Optional Butterfly Security Features
When you use Butterfly AI or related Butterfly Security dashboard workflows, the Extension sends only the data needed for that action, such as your question, limited page context, and conversation history. Snapshot data itself remains stored locally in your browser by default.
3.3 AI Guidance (Butterfly Security)
When you use the AI advisor, the Extension sends your question, limited page context, and conversation history to Butterfly Security to generate a response. If the remote service is unavailable, the Extension falls back to a local knowledge base.
4. How We Use Your Information
Information captured by the Extension is used solely for the following purposes:
- Storing and displaying Okta configuration snapshots locally for your review
- Enabling comparison between snapshots to identify configuration changes
- Providing backup and restore readiness for Okta configurations
- Providing AI guidance responses and Butterfly Security dashboard workflows when you choose to use them
We do not use your data for advertising, profiling, data mining, or any purpose unrelated to the Extension's stated functionality.
5. Chrome Permissions Justification
The Extension requests the following Chrome permissions, each for a specific and necessary purpose:
scripting
Allows the Extension to inject content scripts into Okta admin pages to read configuration data, render the extension UI, and execute user-initiated admin actions in the current tab.
tabs
Used to detect when you are on an Okta admin page so the Extension can activate its functionality. The Extension checks the tab URL to determine whether to show the snapshot controls. No browsing history is recorded or transmitted.
sidePanel
Enables the Extension's side panel interface, which provides a persistent view for managing snapshots, viewing snapshot history, and comparing configurations without leaving the Okta admin console.
storage
Provides access to the Chrome Storage API to persist your Extension preferences and settings (such as display options and Butterfly Security feature state) across browser sessions. Snapshot data itself is stored in IndexedDB for better performance with large datasets.
host_permissions (Okta domains and Butterfly Security)
The Extension requests access to the following Okta domains and Butterfly Security endpoints:
*.okta.com— Production Okta tenants*.okta-emea.com— EMEA Okta tenants*.oktapreview.com— Okta preview/sandbox environments*.trexcloud.com— Okta custom domain tenantsbutterflysecurity.org— Optional AI guidance and dashboard workflows
These permissions are required so the Extension can inject content scripts, read configuration data from your Okta admin console, and reach Butterfly Security only for the features you choose to use. The Extension does not request access to any other websites.
6. Third-Party Data Sharing
We do not sell, rent, trade, or share your snapshot data with any third party. Snapshot data is not transmitted externally by default. When you use the AI advisor, your question, limited page context, and conversation history are sent to Butterfly Security to generate a response.
We may disclose data if required by law or in response to valid legal process, such as a court order or subpoena.
7. Data Retention
7.1 Local Snapshots
Locally stored snapshots persist in your browser until you manually delete them through the Extension interface or uninstall the Extension. Clearing your browser data (specifically IndexedDB and extension storage) will also remove snapshot data.
7.2 Butterfly Security Requests
If you use Butterfly AI or related dashboard workflows, the data associated with those requests is handled according to our main privacy policy and service terms. The Extension itself does not upload local snapshots by default.
8. Your Rights and Controls
You have the right to:
- View your data: All snapshots are viewable directly in the Extension's side panel
- Delete local snapshots: Remove any or all locally stored snapshots at any time from the Extension interface
- Export your data: Download snapshots in standard JSON format for portability
- Control AI requests: The Extension only sends AI request data when you open the assistant and submit a prompt
- Uninstall: Removing the Extension from Chrome deletes all locally stored data, including snapshots and preferences
9. Security
We take the security of your data seriously:
- The Extension operates under Chrome's Manifest V3 security model, which enforces strict content security policies and limits Extension capabilities
- Content scripts are scoped exclusively to Okta domains and cannot access data on other websites
- The Extension does not execute remote code or load external scripts
- Any Butterfly Security requests use HTTPS with TLS 1.3
- Butterfly Security account-authenticated features use OAuth 2.0; no passwords are stored by the Extension
For more information about our security practices, see our Security page.
10. Children's Privacy
The Extension is an enterprise tool intended for use by IT administrators. It is not directed at individuals under 18 years of age, and we do not knowingly collect personal information from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes, we will update the “Last updated” date at the top of this page. Material changes will be communicated through the Extension's update notes in the Chrome Web Store. Your continued use of the Extension after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions or concerns about this Privacy Policy or the Extension's data practices, please contact us at:
- Email: support@butterflysecurity.org
- Website: butterflysecurity.org
This privacy policy applies specifically to the Butterfly Security Chrome extension. For the Butterfly Security web application privacy policy, please see our main Privacy Policy.