Privacy Policy

At Butterflai, we prioritize your privacy and are committed to protecting your personal data. This Privacy Policy outlines the types of information we collect, how we use it, and the measures we take to ensure your data is secure. By using our services, you agree to the terms outlined in this policy.

Information We Collect

Personal Data

We collect personal data that you provide to us directly, such as your name, email address, phone number, and any other information you choose to provide when you contact us or use our services.

Usage Data

We automatically collect certain information about your interaction with our website and services. This may include your IP address, browser type, device information, and usage data such as the pages you visit and the actions you take on our website.

Data from Integrated Platforms

With your consent, we may collect and process data from your existing CRM, ERP, HR, ATS, and other systems. This data is used to provide our services and enhance your experience with Butterflai.

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Personalize your experience with our platform
  • Communicate with you, including responding to your inquiries and providing updates
  • Analyze usage patterns to improve our services
  • Ensure the security of our website and services

Data Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal data to outside parties without your consent, except as described in this policy. We may share your information with:

  • Service Providers: Third-party vendors who assist us in operating our website, conducting our business, or providing services to you, so long as those parties agree to keep this information confidential.
  • Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities.

Third-Party Service Providers

We rely on a limited number of trusted third-party providers to operate our services. Each of these providers acts as a data processor under a Data Processing Agreement (DPA) and is bound to process personal data only on our instructions and in line with the GDPR.

Intercom

We use Intercom, Inc. to operate our Help Center and to handle customer messaging and support conversations. Data shared with Intercom may include your name, email address, the content of your messages, and usage data related to your interactions with our Help Center or in-app messenger.

Intercom processes this data on our behalf under its Data Processing Agreement, available at https://www.intercom.com/legal/data-processing-agreement. Intercom also engages its own sub-processors, the current list of which is published at https://www.intercom.com/legal/subprocessors-list.

Where personal data is transferred outside the European Economic Area, such transfers are governed by the European Commission’s Standard Contractual Clauses (SCCs) and, where applicable, supplementary measures, to ensure an adequate level of protection for your personal data.

Microsoft Azure

We use Microsoft Ireland Operations Limited (Microsoft Azure) to host the Butterflai application and to store account data, OAuth tokens, and the data we retrieve from your connected integrations. Microsoft Azure processes this data on our behalf as a data processor.

Microsoft’s commitments are set out in the Microsoft Products and Services Data Protection Addendum, and Microsoft’s current sub-processor list is published at https://www.microsoft.com/licensing/docs/view/Microsoft-Sub-processor-list.

OpenAI

We use OpenAI, L.L.C. to generate the AI-powered insights presented inside your Butterflai workspace. When you request an AI insight, the relevant data (such as metrics retrieved from your connected integrations and the prompt that frames the request) is sent to the OpenAI API solely to generate that insight in your workspace.

OpenAI processes this data on our behalf as a data processor under its Data Processing Addendum. OpenAI’s current sub-processor list is published at https://openai.com/policies/sub-processor-list/. Under OpenAI’s API terms, data submitted to Butterflai through the OpenAI API is not used by OpenAI to train its models.

Because OpenAI is based in the United States, transfers of personal data to OpenAI take place outside the European Economic Area. Such transfers are governed by the European Commission’s Standard Contractual Clauses (SCCs) and, where applicable, supplementary measures, to ensure an adequate level of protection for your personal data.

Google User Data and Google API Services

Butterflai’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

When you connect a Google integration (such as Google Analytics, Google Ads, or Google Search Console) to your Butterflai workspace, we request read-only access to the specific data needed to power your dashboards, KPIs, and AI-generated insights. We do not create, modify, or delete data in your Google accounts.

Google user data obtained through these APIs is used solely to provide and improve the user-facing features of Butterflai. We do not use Google user data for advertising purposes, we do not sell it, and we do not allow humans to read it, except in the following limited cases permitted by Google’s Limited Use policy:

  • with your explicit consent (for example, when you request support and authorize us to access specific data to resolve your issue);
  • when necessary for security purposes, such as investigating abuse;
  • when required by applicable law; or
  • where the data has been aggregated and anonymized so that it can no longer be used to identify an individual user.

We do not transfer Google user data to third parties except as needed to provide or improve the service (for example, infrastructure providers acting as our processors under contractual data protection obligations), or as required by law.

Google OAuth scopes are requested only when you choose to connect the relevant integration. The scopes Butterflai may request from Google are:

  • Google Analytics (analytics.readonly): read-only access to the GA4 properties you select, so we can display reports and analytics in your workspace.
  • Google Ads (adwords): read-only use of Google Ads data you select, so we can display advertising performance metrics. We do not create, edit, or delete campaigns, ads, or any other Google Ads resources.
  • Google Search Console (webmasters.readonly): read-only access to the Search Console properties you select, so we can display search performance metrics.
  • Basic profile (userinfo.email, userinfo.profile): your email address and basic profile information, used to identify your account and to associate connected integrations with the correct user.

You can revoke Butterflai’s access to your Google account at any time from your Google Account permissions page at https://myaccount.google.com/permissions, or by disconnecting the integration inside Butterflai.

Data Security

We use encryption to protect your information. All data transmitted between your device, our applications, and the third-party services you connect (such as Google Analytics, Google Ads, and Google Search Console) is encrypted in transit using industry-standard TLS (HTTPS). Data we store on your behalf, including OAuth tokens and data retrieved from connected integrations, is encrypted at rest.

Security procedures are in place to protect the confidentiality of your data. Access to systems that process user data is restricted to authorized personnel who require it to operate, support, or maintain the service, and is governed by role-based access controls and authentication requirements. Administrative actions on production systems are logged.

We conduct regular security reviews of our infrastructure, application code, and access policies, and we apply security updates to our systems and dependencies on an ongoing basis. We also follow the principle of least privilege when granting internal access to systems that handle user data.

No method of transmission or storage is completely secure, but we work to protect your data using these measures and to continually improve them.

Data Retention and Deletion

We retain data obtained from connected integrations for as long as your account is active and the relevant integration remains connected, so that Butterflai can continue to provide dashboards, KPIs, and AI-generated insights based on that data.

When you disconnect an integration, we revoke the associated OAuth tokens and delete the data retrieved through that integration from our active production systems within 30 days. When you delete your Butterflai account, we delete the personal data and connected-integration data we hold about you within 30 days.

Residual copies of data may remain in encrypted backups for a limited period after deletion from production systems, in line with our backup rotation schedule, after which they are overwritten. We may also retain a limited amount of information for longer where required to comply with legal, accounting, tax, or security obligations, or to resolve disputes and enforce our agreements; in those cases the data is kept only for as long as necessary for those purposes.

You can request deletion of your data at any time by disconnecting the relevant integration, deleting your account, or contacting us at [email protected].

Your Data Protection Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: You have the right to request copies of your personal data.
  • Correction: You have the right to request that we correct any information you believe is inaccurate or incomplete.
  • Deletion: You have the right to request that we delete your personal data, under certain conditions.
  • Objection: You have the right to object to our processing of your personal data.
  • Restriction: You have the right to request that we restrict the processing of your personal data.

To exercise any of these rights, please contact us using the details provided in the “Contact Us” section below. You also have the right to lodge a complaint with a data protection supervisory authority. If you are based in Greece, the competent authority is the Hellenic Data Protection Authority (Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα), Kifissias 1-3, 11523 Athens, Greece, reachable at https://www.dpa.gr/. You may also contact the supervisory authority in the EU or EEA member state where you live or work.

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience. Cookies are small data files that are placed on your device to track how you use our site. You can control the use of cookies through your browser settings.

Types of Cookies We Use

  1. Essential Cookies
    • Purpose: These cookies are necessary for the basic functionality of our website. They enable essential features such as secure login and page navigation.
    • Examples: Session cookies, authentication cookies.
  2. Performance and Analytics Cookies
    • Purpose: These cookies collect information about how you use our website, such as the pages you visit and any errors you encounter. They help us understand and improve the performance of our site.
    • Examples: Google Analytics cookies, performance tracking cookies.
  3. Functionality Cookies
    • Purpose: These cookies remember choices you make, such as your language preferences or the region you are in, to provide a more personalized experience.
    • Examples: Language preference cookies, location cookies.
  4. Advertising and Targeting Cookies
    • Purpose: These cookies are used to deliver relevant advertisements to you and measure the effectiveness of our marketing campaigns. They track your browsing habits and help us understand your interests.
    • Examples: Ad targeting cookies, social media cookies.

Functions of Cookies

  • Session Management: Maintaining your session and keeping you logged in as you navigate through our site.
  • Personalization: Customizing content and user interfaces based on your preferences and past interactions.
  • Analytics: Gathering data on how our website is used to identify areas for improvement.
  • Marketing: Delivering targeted advertisements and measuring their effectiveness.

Consent for Cookies

We adhere to the regulations regarding user consent for cookies. When you visit our website for the first time, you will see a cookie banner informing you about our use of cookies and asking for your consent.

  1. Obtaining Consent
    • Explicit Consent: Before placing non-essential cookies on your device, we will obtain your explicit consent. This is done through the cookie banner that appears when you first visit our site.
    • Implied Consent: For essential cookies that are strictly necessary for the operation of our site, we do not require your explicit consent.
  2. Managing Consent
    • Cookie Preferences: You can manage your cookie preferences through the cookie settings available on our website. This allows you to accept or reject specific categories of cookies.
    • Browser Settings: You can also control cookies through your web browser settings, where you can block or delete cookies from any website.
  3. Withdrawing Consent
    • Changing Preferences: You can withdraw your consent at any time by changing your cookie preferences on our website.
    • Deleting Cookies: You can delete cookies stored on your device through your browser settings.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: [email protected]

Phone: +30 21 0577 0411

Address: 25is Martiou 83 Street, Peristeri 12132, Athens, Greece

This Privacy Policy was last updated on 11/06/2026