Trust Center

The promises we make and how we keep them.

Butterfly is built for verified college students, including 16- and 17-year-olds. This is the single page where you can see what we do and how to audit it.

Last updated May 5, 2026

The four pillars.

🛡️

Safety

How we keep students safer than the average social app — verification, moderation, controls, and what we tell parents and university IT.

Read the safety overview
🔐

Security

Encryption, authentication, infrastructure, vulnerability disclosure, and incident response. Written for the security-conscious.

Read the security overview
🔒

Privacy

What we collect, what we don't, what we share, what we sell (nothing). With CCPA, GDPR, and minor-protection sections in plain English.

Read the privacy policy
📜

Community

The six rules of being on Butterfly, how to report, what happens when someone breaks them, and how to appeal.

Read community guidelines

The commitments we make in writing.

These are not aspirational statements. They are promises that appear in our policies and the apps. If we ever break them, we tell users.

Every account is .edu verified.
One-time email magic-link. No exceptions, no shortcuts.
Real humans review reports.
Not just AI moderation. Reports involving minors are escalated.
Schools don't see your chats.
We have no data-sharing agreements with universities.
Delete your account in one tap.
Removed within 30 days. We send you a JSON export on request.
Notice within 72 hours of a breach.
If user data is exposed, we tell you and the regulators.
30 days notice on material policy changes.
You always have time to delete your account before changes that reduce your rights take effect.

Find the right page.

I'm a student
Day-to-day questions about your account, chats, blocking, reporting, and what we know about you.
Help center · Community guidelines
I'm a parent or guardian
What Butterfly is, what we can and can't see, and how to request your child's data be deleted.
Safety overview · legal@butterflyapp.co
I'm a professor
What Butterfly is, why it's not affiliated with your university, and what to do about academic integrity issues.
Safety → For professors
I'm university IT or student affairs
Integration questions (we don't need any), legal process, and security disclosures.
Safety overview · Security
I'm a security researcher
Vulnerability disclosure scope, safe harbor, and how to report. 90-day coordinated disclosure window.
Security → Disclosure
I'm law enforcement
Legal process for user data, retention practices, and what we require for compliance.
legal@butterflyapp.co

Compliance & certifications

  • CCPA / CPRA: compliant. See privacy → California section.
  • GDPR / UK GDPR: compliant for EU and UK users. See privacy → EU/UK section.
  • COPPA:we don't knowingly collect data from anyone under 13.
  • FERPA: Butterfly is independent of universities; we do not receive FERPA-covered education records.
  • SOC 2: targeting Type I in the next 12 months. Not currently audited.
  • App Store privacy nutrition label: reflects our actual data practices.

One contact for every category

All inboxes are monitored by a real person. We respond within the timelines listed below.

Trust & safetytrust@butterflyapp.coPrivacylegal@butterflyapp.coSecuritysecurity@butterflyapp.coLegallegal@butterflyapp.coAppealstrust@butterflyapp.coDMCAlegal@butterflyapp.co