Effective March 14, 2019
We have updated our October 25, 2018 privacy policy to list our German entity as our legal representative entity in the EU and to add the contact information for our new office in Sydney, Australia.
This Cloudflare Privacy Policy (“Policy”) outlines the information that Cloudflare, Inc. (“Cloudflare”, “we”, “us” or “our”) gathers, how we use that information, and the options you have to access, correct, or delete such information.
Our mission to help build a better Internet is rooted in the importance we place on establishing trust with our Customers, Website Visitors, and the Internet community globally. To earn and maintain that trust, we commit to communicating transparently, providing security, and protecting the privacy of data on our systems.
We keep your personal information personal and private. We will not sell, rent, share, or otherwise disclose your personal information to anyone except as necessary to provide our services or as otherwise described in this Policy without first providing you with notice and the opportunity to consent.
This Policy applies to Cloudflare’s collection, use, and disclosure of the information of the following categories of individuals:
This Policy does not apply to our Customers’ websites, which may have their own terms and privacy policies. Our Customers are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, including those relating to the collection of personal information in connection with the use of our Services by End Users with whom our Customers interact.
Cloudflare’s Websites and Services are not intended for, nor designed to attract, individuals under the age of eighteen. Cloudflare does not knowingly collect personally identifiable information from any person under the age of eighteen.
Attendees:
Website Visitors:
Customers:
Resolver Users:
End Users:
Legal Basis for Processing (EEA only):
If you are an individual from the European Economic Area (EEA), please note that our legal basis for collecting and using your personal information will depend on the personal information collected and the specific context in which we collect it. We normally will collect personal information from you only where: (a) we have your consent to do so, (b) where we need your personal information to perform a contract with you (e.g. to deliver the Cloudflare Services you have requested), or (c) where the processing is in our legitimate interests. Please note that in most cases, if you do not provide the requested information, Cloudflare will not be able to provide the requested service to you.
In some cases, we may also have a legal obligation to collect personal information from you, or may otherwise need the personal information to protect your vital interests or those of another person.
Where we rely on your consent to process your personal data, you have the right to withdraw or decline consent at any time. Where we rely on our legitimate interests to process your personal data, you have the right to object.
If you have any questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us at privacyquestions@cloudflare.com.
Cloudflare only processes personal information in a way that is compatible with and relevant for the purpose for which it was collected or authorized. As a general matter, for all categories of data we collect except Resolver User data, we may use the information we collect (including personal information, to the extent applicable) to:
Resolver Users. We use information we collect from Resolver Users to operate and improve the Cloudflare Resolver, such as to assist us in our debugging efforts if an issue arises. We will not combine the information collected from DNS queries with any other Cloudflare or third party data in any way that can be used to identify individual end users. Learn more.
Information from Third Party Services. We may combine information we collect as described above with personal information we obtain from third parties. For example, we may combine information entered on a Cloudflare sales submission form with information we receive from a third-party sales intelligence platform vendor to enhance our ability to market our Services to Customers or potential Customers.
We work with other companies who help us run our business (“Service Providers”). These companies provide services to help us deliver customer support, process credit card payments, manage and contact our existing Customers as well as sales leads, provide marketing support, and otherwise operate and improve our Services. These Service Providers may only process personal information pursuant to our instructions and in compliance both with this Privacy Policy and other applicable confidentiality and security measures and regulations, including our obligations under the EU-US and Swiss-US Privacy Shield frameworks described in Section 6, below.
Specifically, we do not permit our Service Providers to use any personal information we share with them for their own marketing purposes or for any other purpose than in connection with the services they provide to us.
In addition to sharing with Service Providers as described above, we may also share your information with others in the following circumstances:
Learn more about information sharing specific to the 1.1.1.1 Resolver.
We do not sell, rent, or share personal information with third parties for their direct marketing purposes, including as defined under California Civil Code Sec. 1798.83.
Cloudflare may aggregate data we acquire about our Customers and their End Users, including the Log Data described above. For example, we may assemble data to determine how Web crawlers index the Internet and whether they are engaged in malicious activity or to compile web traffic reports and statistics. Non-personally identifiable, aggregated data may be shared with third parties.
Cloudflare is a U.S.-based, global company. We primarily store your information in the United States and the European Economic Area (the “EEA”). To facilitate our global operations, we may transfer and access such information from around the world, including from other countries in which the Cloudflare Group has operations for the purposes described in this Policy.
Whenever Cloudflare shares personal information originating in the EEA or Switzerland with a Cloudflare entity outside the EEA or Switzerland, it will do so on the basis of the EU standard contractual clauses or the Privacy Shield Frameworks detailed in this section.
If you are accessing or using our Websites or Services or otherwise providing information to us, you are agreeing to the transfer of your personal information to the United States and other jurisdictions in which we operate.
Cloudflare is certified under both the EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EEA and Switzerland to the United States, respectively. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. For more information on the EU-U.S. Privacy Shield or Swiss-U.S. Privacy Shield, please visit the U.S. Department of Commerce’s Privacy Shield website at: https://www.privacyshield.gov/welcome.
Attendees, Website Visitors, and Customers: You have the right to access, correct, update, export, or delete your personal information. You may email us at SAR@cloudflare.com with any such subject access requests (“SAR”), and we will respond within thirty (30) days. Customers also can access, correct, export, or update their Account Information by editing their profile or organization record at cloudflare.com.
Resolver Users: We do not retain any personally identifiable information about Resolver Users that would be subject to the data subject rights described above.
End Users: Cloudflare has no direct relationship with End Users. Even where “Cloudflare” may be indicated as the authoritative name server for a domain, unless Cloudflare is the owner of that domain, we have no control over a domain’s content. Accordingly, we rely upon our Customers to comply with the underlying legal requirements for subject access requests. If an End User requests that we access, correct, update, or delete their information, or no longer wishes to be contacted by one of our Customers that use our Services, we will direct that End User to contact the Customer website(s) with which they interacted directly. Our Customers are solely responsible for ensuring compliance with all applicable laws and regulations with respect to their website users.
For any SAR, we will need to verify a requestor is inquiring about their own information before we can assist. Where a SAR may implicate the personal data of another individual, we must balance the request against the risk of violating another person’s privacy rights. We will comply with SARs to the extent required by applicable law or the US-Swiss or US-EU Privacy Shield. In the EU, you also have the right to lodge a complaint with a supervisory authority.
You may manage your receipt of commercial communications by clicking on the “unsubscribe” link located on the bottom of such emails, through your account settings if you have a Cloudflare account, or you may send a request to unsubscribe@cloudflare.com
We take all reasonable steps to protect information we receive from you from loss, misuse or unauthorized access, disclosure, alteration, and/or destruction. We have put in place appropriate physical, technical, and administrative measures to safeguard and secure your information, and we make use of privacy-enhancing technologies such as encryption. If you have any questions about the security of your personal information, you can contact us at privacyquestions@cloudflare.com.
If you purchase a domain name from Cloudflare’s registrar service, ICANN (The Internet Corporation for Assigned Names and Numbers) and the relevant registry operators overseeing the domain’s top-level domain require us to collect registrant data for the purposes of domain registration and via the WHOIS protocol. We may also be required to share this public data with ICANN, the relevant registry operators and other such providers with whom we contract in order to provide our domain name services, and additionally upon the legitimate request of third parties. Registrant data may include the domain name, registrant name and other contact information, and domain name server information. Learn more.
If we make changes to this Policy that we believe materially impact the privacy of your personal data, we will promptly provide notice of any such changes (and, where necessary, obtain consent), as well as post the updated Policy on this website noting the effective date of any changes.
We may assign or transfer this Policy, as well as information covered by this Policy, in the event of a merger, sale, change in control, or reorganization of all or part of our business.
Non-English translations of this Policy are provided for convenience only. In the event of any ambiguity or conflict between translations, the English version is authoritative and controls.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Cloudflare Germany GmbH is our European Union representative pursuant to Article 27 of the EU General Data Protection Regulation.
Cloudflare, Inc.
101 Townsend St.
San Francisco, CA 94107
Attention: Data Protection Officer
privacyquestions@cloudflare.com
Cloudflare, Ltd.
2nd Floor
25 Lavington Street
London
SE1 0NZ
Attention: Data Protection Officer
privacyquestions@cloudflare.com
Cloudflare Germany GmbH
Rosental 7
80331 München
Attention: Data Protection Officer
privacyquestions@cloudflare.com
Cloudflare, Pte., Ltd.
182 Cecil Street, #35-01
Frasers Tower, Singapore 069547
Attention: Data Protection Officer
privacyquestions@cloudflare.com
Cloudflare Australia Pty Ltd.
333 George St., 5th Floor
Sydney, NSW 2000
Attention: Data Protection Officer
privacyquestions@cloudflare.com