Privacy Policy
Last updated: March 2026
Who we are
Butterfly Effect is a creative agency registered in England and Wales. Our registered address is:
Butterfly Effect
86-90 Paul Street
London
EC2A 4NE
United Kingdom
We are the data controller for the personal information we collect through this website and our services. This policy explains what data we collect, why we collect it, how we use it, and your rights in relation to it. It applies to UK users and is governed by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
What personal data we collect
Depending on how you interact with us, we may collect:
- Identity information — name, job title, company name
- Contact information — email address, phone number, postal address
- Professional information — portfolio URL, publication or outlet name
- Communication content — messages you send us via our contact forms
- Marketing preferences — whether you have consented to receive communications from us
- Technical data — IP address, browser type, device information, pages visited
- Social media handles — where provided voluntarily
We do not knowingly collect personal data from children under 16. Our website is not directed at children.
How we collect your data
We collect personal data when you:
- Complete a contact form on our website (new business, careers, press enquiries)
- Sign up for the Free Smoke newsletter
- Register for or attend a Catalyst event
- Correspond with us by email or other means
- Interact with our social media channels
We may also receive data about you from third parties such as LinkedIn or referral partners, where permitted.
Our legal basis for processing
We process your personal data on the following legal bases:
- Consent: Where you have actively opted in, for example, subscribing to the Free Smoke newsletter or agreeing to receive marketing communications.
- Legitimate interests: Where we have a genuine business reason to process your data, such as responding to a business enquiry, and our interests are not overridden by your rights.
- Contract: Where processing is necessary to fulfil a contract with you or to take steps at your request before entering into one.
- Legal obligation: Where we are required to process data to comply with the law.
How we use your data
We use your personal data to:
- Respond to your enquiries and manage our relationship with you
- Send you marketing communications you have consented to receive
- Manage event invitations and registrations for Catalyst
- Improve our website, services, and user experience
- Prevent fraud and ensure the security of our systems
- Comply with legal and regulatory obligations
Who we share your data with
We do not sell your personal data. We share data only where necessary with trusted third-party service providers who process data on our behalf, including:
Website visitors & marketing contacts
- Google LLC — website analytics, infrastructure, and cloud services (Google Cloud / Firebase). Data processed under EU-US Data Privacy Framework adequacy.
- HubSpot Inc — CRM and marketing platform (data stored in the USA under EU-US Data Privacy Framework adequacy)
- Vercel Inc — website hosting and edge delivery
Job applicants
- Greenhouse Software Inc — applicant tracking system used to manage recruitment processes. Application data, CVs, and assessment information are processed on our behalf.
- Deel Inc — employment and contractor management platform used to process employment contracts, onboarding documentation, and payroll-related information for successful candidates.
Client engagements
- Asana Inc — project management platform used to coordinate deliverables, timelines, and client-facing tasks. Client contact names and project information may be stored.
- Anthropic PBC — AI assistant platform used to support research, content development, and internal workflow automation. Client briefs or project details may be processed in anonymised or summarised form.
All processors are contractually required to process your data only on our instructions, implement appropriate security measures, and comply with applicable data protection law. Where data is transferred outside the UK, we rely on EU-US Data Privacy Framework adequacy decisions, Standard Contractual Clauses (SCCs), or equivalent safeguards.
Job applicant data
If you apply for a role with Butterfly Effect, we collect and process personal data in connection with your application. This includes your name, contact details, CV, cover letter, assessment results, and any other information you provide during the recruitment process.
This data is processed via Greenhouse (our applicant tracking system) and, for successful candidates, via Deel (our employment and contractor management platform). We process this data on the legal basis of taking steps prior to entering into a contract with you, and our legitimate interest in evaluating candidates.
Unsuccessful applicant data is retained for up to 12 months following the conclusion of the recruitment process, after which it is securely deleted unless you consent to being considered for future roles.
Client Data Processing Addendum (DPA)
Where Butterfly Effect processes personal data on behalf of a client in the course of providing creative, marketing, or strategic services, the following terms apply as a Data Processing Addendum to our service agreement:
Scope and roles
The client is the data controller. Butterfly Effect acts as a data processor, processing personal data solely on the client’s documented instructions and for the purposes of delivering the agreed services.
Sub-processors
We use the following sub-processors in the delivery of client services. By engaging Butterfly Effect, the client authorises the use of these sub-processors:
- Asana Inc (USA) — project management and task coordination
- Anthropic PBC (USA) — AI-assisted research, content development, and workflow support
- Google LLC (USA) — cloud infrastructure, analytics, and productivity tools
- HubSpot Inc (USA) — CRM and communications
- Vercel Inc (USA) — website hosting and delivery
We will inform clients of any intended changes to sub-processors, giving reasonable opportunity to object.
Security measures
Butterfly Effect implements appropriate technical and organisational measures to protect client personal data, including encryption in transit and at rest, access controls, staff confidentiality obligations, and regular security reviews.
International transfers
Where client personal data is transferred outside the UK, we ensure appropriate safeguards are in place, including EU-US Data Privacy Framework adequacy, Standard Contractual Clauses (SCCs), or binding corporate rules as applicable to each sub-processor.
Data subject requests
We will promptly notify the client of any data subject requests we receive in relation to client personal data and assist the client in fulfilling those requests in accordance with UK GDPR.
Data return and deletion
Upon termination of services, Butterfly Effect will, at the client’s election, return or securely delete all client personal data within 30 days, except where retention is required by law.
Audit rights
Clients may request reasonable evidence of our compliance with this DPA. We will make available relevant information and allow for audits, subject to reasonable notice and confidentiality obligations.
How long we keep your data
We retain personal data only for as long as necessary for the purpose it was collected, or as required by law. Specifically:
- Contact enquiries — up to 3 years from last interaction
- Newsletter subscribers — until you unsubscribe or request deletion
- Event registrants — up to 2 years from the event date
- Job applicants (unsuccessful) — up to 12 months from application decision
- Client project data — for the duration of the engagement plus 12 months, unless otherwise agreed
- Financial and contractual records — up to 7 years as required by UK law
Your rights
Under UK GDPR you have the following rights in relation to your personal data:
- The right to access — request a copy of the data we hold about you
- The right to rectification — ask us to correct inaccurate or incomplete data
- The right to erasure — ask us to delete your data in certain circumstances
- The right to restrict processing — ask us to limit how we use your data
- The right to data portability — receive your data in a structured, machine-readable format
- The right to object — object to processing based on legitimate interests or for direct marketing
- Rights related to automated decision-making — not be subject to solely automated decisions that significantly affect you
To exercise any of these rights, contact us at ops@butterflyeffect.xyz. We will respond within one month.
You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner’s Office (ICO), at ico.org.uk.
Cookies
We use cookies and similar technologies to operate our website and understand how it is used. For full details, see our Cookie Policy.
Changes to this policy
We may update this policy from time to time. The most recent version will always be available on this page, with the date of last update shown at the top. We will notify you of material changes where we have your contact details.
Contact us
For any questions about this policy or how we handle your data:
Butterfly Effect
86-90 Paul Street, London, EC2A 4NE
ops@butterflyeffect.xyz
Questions about this? We are happy to talk it through.
Get in touch