Terms of Service

1. Acceptance of Terms

By accessing or using Butterfly Security ("the Service"), you agree to be bound by these Terms of Service. If you do not agree to these terms, please do not use the Service.

2. Description of Service

Butterfly Security provides backup and disaster recovery services for identity infrastructure, currently marketed for Okta, Okta Workflows, and Auth0. The Service allows you to create backups of supported configuration data, including users, groups, applications, policies, workflow assets, and related resources.

2A. Beta Service & Best-Effort Support

By using the Service during the beta period, you acknowledge and agree that:

• The Service is in active development and may contain bugs, incomplete features, or undergo significant changes without notice
• Support is best-effort only — there are no guaranteed response times, uptime commitments, or service level agreements (SLAs)
• No production guarantees — the Service is not warranted for production use. While production environments may be connected, doing so is entirely at your own risk
• Backup completeness is not guaranteed — backups may be partial, delayed, or fail due to provider rate limits, API changes, network conditions, or other factors outside our control
• Data retention during beta — we make reasonable efforts to retain your backup data, but cannot guarantee long-term retention or availability during the beta period
• Features may change or be removed — any feature available during beta may be modified, deprecated, or removed at any time
• Regional coverage is limited — not all identity provider regions have been fully tested. Coverage is expanding toward general availability

The beta period will end when the Service transitions to general availability, at which point updated terms will apply. Continued use after general availability constitutes acceptance of the updated terms.

3. Environment Types

3.1 Sandbox/Preview Environments (Recommended for Initial Testing)

We recommend initial testing with sandbox and preview environments, including:

• Okta Preview organizations (*.oktapreview.com) and Developer orgs (*.trexcloud.com)
• Okta Workflows environments associated with non-production Okta orgs
• Auth0 development tenants

3.2 Production Environment Usage

By connecting a production environment, you acknowledge and agree that:

• You assume all risk for any data loss, service disruption, security incidents, or other damages arising from use of the Service with your production environment
• Restore operations are irreversible and may modify, overwrite, or corrupt your production identity provider configuration
• Butterfly Security disclaims all liability for any direct, indirect, incidental, consequential, or punitive damages resulting from production use, regardless of cause
• No warranty of fitness is provided for production use; the Service is provided "as is" without any guarantee of reliability, availability, or accuracy for production environments
• You have the authority to connect the production environment and accept these risks on behalf of your organization
• You have tested the Service in a non-production environment and understand its behavior before using it with production systems

3A. Workflows and Automation Platforms

The Service supports backup and restore of Okta Workflows automations. Additional terms apply:

• Cross-org restore: Workflows may be restored to a different Okta Workflows organization than the source. You are responsible for ensuring compatibility and proper configuration in the target environment.
• Connection credentials: API keys, OAuth tokens, and other credentials used by Workflow connections are NOT backed up. You must re-authenticate all connections after restoration.
• Connector Builder projects: Custom connector code and configurations are backed up, but authentication configurations must be reconfigured in the target environment.
• Production Workflows: Restoring Workflows to a production environment is subject to all production environment terms in Section 3.2.

4. Disclaimer of Warranties

We do not warrant that:

• The Service will meet your specific requirements
• The Service will be uninterrupted, timely, secure, or error-free
• Backups will be complete, accurate, or restorable
• Any errors in the Service will be corrected

5. Limitation of Liability

This includes, but is not limited to, damages arising from:

• Inability to use the Service or access backups
• Unauthorized access to or alteration of your data
• Data loss, corruption, or incomplete backups
• Failed restoration attempts
• Service interruptions or downtime
• Any impact to your identity provider environment, whether production or non-production

Our total liability to you for any claims arising from your use of the Service shall not exceed the amount you paid for the Service in the twelve (12) months preceding the claim.

6. Your Responsibilities

You agree to:

• Maintain the security of your account credentials and OAuth keys
• Use appropriate OAuth scopes and API permissions with the minimum required access
• Verify backups independently before relying on them for disaster recovery
• Test restoration procedures in non-production environments before applying to production
• Not use the Service for any unlawful purpose
• Comply with your identity provider's terms of service and acceptable use policies

7. Data Handling

By using the Service, you grant us permission to access your identity provider environment via the API credentials you provide, solely for the purpose of creating backups. We store:

• Your account information (email, OAuth provider ID)
• Encrypted API credentials (encrypted with AES-256 at rest)
• Backup files (stored encrypted in Cloudflare R2)

See our Privacy Policy and Security page for more details.

Enterprise customers may request a Data Processing Agreement (DPA) by contacting contact@butterflysecurity.org.

8. Free Trial and Paid Plans

The Service offers a free plan, a 30-day free trial, and paid plans with feature, connection, and retention limits described on the site and in current product documentation. We reserve the right to modify pricing and plan features at any time with reasonable notice.

9. Termination

You may terminate your account at any time by deleting your data from the Settings page in your dashboard. We reserve the right to suspend or terminate your access to the Service at any time for any reason, including violation of these Terms.

10. Changes to Terms

We may modify these Terms at any time. We will notify users of material changes by updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the modified Terms.

10A. Governing Law and Dispute Resolution

These Terms are governed by the laws of the State of Delaware, United States, without regard to conflict of law principles. Any disputes arising under these Terms shall be resolved in the state or federal courts located in Delaware.

Before initiating formal proceedings, both parties agree to attempt good-faith resolution through written communication for at least 30 days. Written notice of a dispute should be sent to contact@butterflysecurity.org.

11. Third-Party Services

Butterfly Security is not affiliated with or endorsed by Okta, Inc. or Auth0. All trademarks belong to their respective owners. The Service integrates with third-party services including Okta, Okta Workflows, Auth0, and supporting infrastructure providers described in our Privacy Policy, and your use of those services is subject to their respective terms.

With your consent, we use Google Analytics to collect anonymized website usage data. Google's use of this data is governed by the Google Privacy Policy. You may opt out of analytics cookies at any time via the cookie consent banner.

12. Contact

If you have questions about these Terms, please contact us at contact@butterflysecurity.org.