Supplemental Terms

Last Updated September 19, 2022

The following Supplemental Terms (“Terms”), are an integral part of any agreement governing the use and access to Cloudflare's Service(s) (collectively, the “General Terms”). Unless defined below, all capitalized terms will have the definitions given to such terms in the General Terms. For Enterprise customers, all references to “you” and “your” in the Terms below refer to the Customer named in the applicable Order Form or Insertion Order, or other ordering document.

Please click on any of the following links to navigate to the Supplemental Terms applicable to your Cloudflare Services.

• Units of Measurement

• Always Online™ Beta

• Bot Management

• Bring Your Own IP (“BYOIP”)

• Carbon Impact Report

• China Service

• Cloudflare Developer Platform (Cloudflare Workers; Cloudflare Pages; Workers KV; Durable Objects; and R2)

• Cloudflare Network Interconnect

• Cloudflare Spectrum

• Cloudflare Stream and Images

• Cloudflare Zero Trust

• Crawler Hints

• CSAM Scanning Tool

• Data Localization Suite (Cloudflare’s Regional Services, Geo Key Manager, and Keyless SSL)

• Email Routing

• Geographic Distribution of Data Usage

• Magic Transit®

• Mobile SDK Service

• Project Pangea

• Registrar Services

• Security Center

• Security Operations Center Service (SOC Service)

• SSL for SaaS

• Web3 Gateways

• Zaraz
  
  

Units of Measurement

The following definitions apply to quantities referenced in orders and invoices for Cloudflare Services. Unless explicitly stated otherwise in the applicable Order Form or Insertion Order(s), the defined terms below have the same meaning regardless of whether such terms are capitalized or uncapitalized.

“Business domain” is any domain entitled to a Business subscription level of protection, products, and support (as defined at cloudflare.com/plans/), exclusive of any add-on or usage-based features for which you may be charged separately.

“Concurrent connections” is the maximum number of clients concurrently connected to Cloudflare’s servers at any one time.

“Custom hostname” is any hostname that you send to Cloudflare’s custom hostname endpoint. A custom hostname can be a domain at any level (including but not limited to second- and third-level domains). For billing purposes, foo.com, foo.co.uk, www.foo.com, x.foo.com would be considered four separate custom hostnames. Cloudflare will invoice you for any custom hostname that has been active during the billing month, regardless of the duration of the activity during such month.

“Custom SSL certificate” is an SSL certificate that is provided by you for use with the Service. Unless otherwise mutually agreed to in writing, you may only use SNI certificates.

“Dedicated SSL certificate” is an SSL certificate that is provided and managed by Cloudflare on your behalf for use with the Service.

“Domain” is a publicly registrable domain (e.g., example.com) along with its child subdomains (e.g., help.example.com) that is configured individually in the Cloudflare dashboard and assigned its own unique zone ID through the Cloudflare Service dashboard. If you require a subdomain to be managed separately from its parent domain, such subdomain must have its own zone ID and will be counted as a separate domain.

“Enterprise primary domain” is any domain receiving Cloudflare’s Enterprise Services that utilizes more than 50 Gigabytes (GB) of data transfer per month.

“Enterprise secondary domain” is any domain receiving Enterprise Services that utilizes 50 GB or less of data transfer per month, including all DNS-only domains.

“Images Delivered” means Images Stored that are delivered to an end user at any time during the applicable billing period.

“Images Stored” means images stored in Cloudflare Images at any time during the applicable billing period.

“Operation” is a Request that may make changes to or retrieve information about resources.

“Origin” is any server that communicates with Cloudflare’s edge, and that hosts any content or data, or that runs one or more programs to intercept and process incoming internet requests.

“Pro domain” is a domain entitled to a Pro subscription level of protection, products, and support (as defined at cloudflare.com/plans/), exclusive of any add-on or usage-based features for which you may be charged separately.

“Read/Write/List/Delete” are defined as follows for the purposes of Cloudflare Workers KV: a “Read” is a Request where a single value for a given key is read; a “Write” is a Request where a single key/value pair is written; a “List” is a Request where a list of keys within a given namespace is returned; and a “Delete” is a Request where a single key/value pair is removed.

"Request" is a single HTTP/S request that is received by Cloudflare’s edge. For the Cloudflare Developer Platform, a Request is a single HTTP/S request that is received by Cloudflare’s edge and hits a Worker.

“Seat” means an employee, agent, contractor, or other third party, in each case, authorized by you to use a Cloudflare Service, as applicable.

“Uncached Image” is an image that is not cached on any Cloudflare server.

“Storage” or "Stored" is defined for billing purposes as the average hourly amount of data stored in gigabytes (GB) or other units set forth in an Order during a single monthly billing period.

“Zone” is an instance configured in the Cloudflare Services dashboard which has a unique zone id assigned to it. In general, a zone would be associated with a single registrable domain and would include all of that domain’s child subdomains unless one or more of the child subdomains requires a different performance or security setting, in which case each child subdomain could either be assigned its own zone id or be grouped together with other child subdomains that share the same performance or security settings under a single zone id.

Always Online™ Beta

1. Always Online Beta is a Service that serves a limited copy of the portions of your Zone (as defined in the Supplemental Terms Units of Measurements) that are available from the Internet Archive’s Wayback Machine in case your server goes offline. You can learn more about the Internet Archive here.

2. By enabling Always Online Beta on your Zone, you authorize Cloudflare to share your Zone’s hostname and frequently-visited URLs with the Internet Archive, and to serve a limited copy of your Zone from the Internet Archive’s Wayback Machine when Cloudflare determines your origin server is unavailable by forwarding portions of client requests to your Zone to the Internet Archive to retrieve and serve requested content from the Internet Archive (e.g., requested URL, Accept request-header field).

3. The Internet Archive is an independent entity and is not endorsed or sponsored by Cloudflare. You understand and agree that Cloudflare has no control over and is not responsible for the data shared with the Internet Archive, the content provided by the Internet Archive, whether and what portion of your content the Internet Archive chooses to archive, how often the Internet Archive updates your archived content, and/or whether the Internet Archive will take down any of your content upon request. You can learn more about the Internet Archive’s Terms of Use, Privacy Policy, and Copyright Policy here.

4. You understand that Always Online Beta is made available to you on an “as is” and “as available” basis. Always Online Beta is not covered by Cloudflare customer support and does not have an SLA. Cloudflare reserves the right to modify or discontinue Always Online Beta at any time without notice to you.

5. IN NO EVENT WILL CLOUDFLARE BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATING TO YOUR ACCESS TO OR USE OF, OR YOUR INABILITY TO ACCESS OR USE, ALWAYS ONLINE BETA, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), STATUTE, OR ANY OTHER LEGAL THEORY, WHETHER OR NOT CLOUDFLARE HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE.

Bot Management

Customer will not be billed for any requests that Cloudflare reasonably determines were generated by bad bots (e.g., requests with a low cf.bot_management.score that are not included in Cloudflare’s or Customer’s list of allowed bots).

Bring Your Own IP (“BYOIP”)

In order to use the BYOIP Service, Customer must provide Cloudflare with a letter of authorization signed by an authorized representative of Customer sufficient to permit Cloudflare to announce the Customer’s IP addresses. Customer shall maintain accurate whois information for its IP addresses at all times. Customer represents and warrants that the Customer has obtained all rights, licenses, consents, and permissions necessary to convey the rights set forth in the letter of authorization. In the event that the Customer is not the legal owner of the IP addresses, Customer must also supply a letter of authorization from the legal owner, authorizing Cloudflare to announce the IP addresses. Cloudflare may stop advertising IP addresses without any liability to Customer if the legal owner of such IP addresses withdraws its authorization. In such a circumstance, Cloudflare will use reasonable efforts to provide Customer with advanced notice.

The IP addresses that the Customer brings to Cloudflare must be used solely in connection with the Customer’s domains that are receiving Cloudflare's Enterprise Services.

Carbon Impact Report

Information related to your Cloudflare account’s carbon usage is provided solely for informational purposes. You can learn more about Cloudflare's methodology for calculating this number in the Carbon Impact Report accessible in the Cloudflare Service dashboard. The information provided is not warranted to be error free and contains both original Cloudflare data and estimates, subject to update, correction and revision.

China Service

Cloudflare’s China Service is operated by its Chinese partner JD Cloud (the “China Service Partner”). Customer acknowledges that as part of the China Service the China Service Partner will process a portion of Customer's data in mainland China, and as a result such Customer data may be subject to Chinese law, including China’s Cybersecurity Law. By using Cloudflare’s China Service, Customer acknowledges and agrees that: (i) it will be solely responsible for obtaining and maintaining a valid Internet Content Provider (ICP) license (the “ICP License”) throughout the Term, as required by the Chinese Ministry of Industry and Information Technology, (ii) Cloudflare will not be liable for Customer’s inability to obtain or maintain such an ICP License, (iii) in the absence of such an ICP License, Cloudflare or its China Service Partner may refuse to provide the China Service to Customer without liability, and (iv) Cloudflare may share ICP License information, as well as Customer address and contact information with the China Service Partner. Notwithstanding any provision of the Agreement to the contrary, the China Service is provided to Customer “AS-IS,” with all faults, and without warranty, obligation, or service level of any kind, and unless otherwise explicitly agreed to in writing, any custom security requirements that have been negotiated between Customer and Cloudflare will not apply to the China Service. Cloudflare and its China Service Partner reserve the right to terminate or suspend Customer’s right to use or access the Service in China, at any time and without liability, in response to Chinese law, rule, regulation, or court order; provided, that (i) Cloudflare provides notice to Customer of such termination or suspension as soon as reasonably practicable, and (ii) Cloudflare works to promptly route Customer’s traffic to the next nearest data center(s) outside of China. Termination or suspension of the China Service will have no effect upon any other Services provided to Customer under the Agreement, which will remain in full force and effect. Customer’s use of the China Service is subject to Chinese law including laws governing the dissemination of certain types of content.

Cloudflare Developer Platform (Cloudflare Workers; Cloudflare Pages; Workers KV; Durable Objects; Cloudflare Queues; and R2)

1. The Cloudflare Developer Platform consists of the following Services: (i) Cloudflare Workers, a Service that permits developers to deploy and run encapsulated versions of their proprietary software source code (each a “Workers Script”) on Cloudflare’s edge servers; (ii) Cloudflare Pages, a JAMstack platform for frontend developers to collaborate and deploy websites; (iii) Cloudflare Queues, a managed message queuing service; and (iv) Workers KV, Durable Objects, and R2, storage offerings used to serve HTML and non-HTML content.

2. Cloudflare may, with or without notice to you and without liability of any kind, temporarily limit your storage and/or the number of requests you can make or receive using the Developer Platform for any reason (in its sole reasonable discretion), including without limitation, if processing such requests would put an undue burden on the Cloudflare network, adversely impact the Service, or otherwise threaten the integrity of Cloudflare’s networks.

3. You acknowledge that you are solely responsible for your Customer Content, including (i) the performance and functioning of Customer Content with the Services and any reference libraries that Cloudflare may provide from time to time; and (ii) maintaining licenses and adhering to the license terms of any third-party software that may be incorporated into your Customer Content.

4. As between you and Cloudflare, you will provide all support of any type requested by Cloudflare or your End Users related to your Customer Content and Internet Properties, and be responsible for any warranty, liability or obligation to any End User or any third party that arises in connection with their use of your Customer Content or Internet Properties.

5. You represent and warrant that (i) your Customer Content and Internet Properties associated with your use of the Developer Platform are free from and do not disseminate any viruses, adware, spyware, worms, crypto-mining software or other malicious code; (ii) you will not use the Services to engage in any volumetric attacks or in any other activities to intentionally harm another party’s rights; and (iii) you will use the Services in accordance with all associated developer documentation.

6. You understand and agree that Cloudflare is constantly enhancing its Services and we may enhance our Services in a way that is competitive with your Customer Content and associated Internet Properties, or other products, services, or ideas that you have, regardless of whether you have shared them with us. Although Cloudflare affirms that you retain intellectual property rights in the source code to your Customer Content, you acknowledge that Cloudflare has the right to make, use, develop, acquire, license, market, promote, or distribute products, software, or technologies that perform the same or similar functions as, or otherwise compete with, any of your Customer Content and associated Internet Properties as well as other products, software, or technologies that you may develop, produce, market, or distribute now or in the future.

7. The creation of Developer Platform accounts/projects using subdomains that include deceptive or offensive terms or names of other businesses, organizations, or individuals is prohibited. If Cloudflare determines that you are engaging in this activity it may suspend or terminate your account and/or project(s) immediately. The use of the Services for phishing schemes is prohibited.

8. Cloudflare may change Cloudflare Workers/Pages subdomain names for any or no reason. Cloudflare will attempt to provide you with at least one week prior notice for such change, unless the change is due to your violation of the terms governing your use of Cloudflare Workers and Cloudflare Pages.

9. Unlike most Cloudflare products, the Developer Platform can be used to host content. Content stored on the Developer Platform (whether in conjunction with a Cloudflare storage offering or not) that we determine in our sole judgment to be illegal, harmful, or in violation of Section 5 of the Cloudflare Developer Platforms Supplemental Terms may be blocked or removed, and use of the Developer Platform for storage of such illegal or harmful content may result in suspension or termination of Cloudflare Services. While we generally try to provide notice of such action, we reserve the right to take action without notice as appropriate. For these purposes, illegal or harmful content includes but is not limited to: (a) content containing, promoting, or facilitating child sexual abuse material or human trafficking; (b) content that infringes on another person’s intellectual property rights or is otherwise unlawful; (c) content that discloses sensitive personal information, incites or exploits violence, or is intended to defraud the public; and (d) content that seeks to distribute malware, facilitate phishing, or otherwise constitutes technical abuse.

10. Subject to Section 9 above, you may be permitted to access the Customer Content you uploaded to the Developer Platform for up to thirty (30) days following the expiration or termination of your trial or subscription. You understand that Cloudflare has no obligation to retain the Customer Content you upload to the Developer Platform following the expiration or termination of your trial or subscription.

Cloudflare Network Interconnect

By connecting your infrastructure to the Cloudflare network via a private network interconnection (physical or virtual) or over an Internet Exchange, you understand and agree that Cloudflare has no responsibility for the performance or reliability of your interconnection, and that all requests for interconnection support should be submitted to the applicable colocation service provider. You shall ensure that at all times your infrastructure has multiple connections to the public Internet that are unrelated and not dependent on your interconnection to the Cloudflare network.

IN NO EVENT WILL CLOUDFLARE BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATING TO YOUR INABILITY TO ACCESS OR USE CLOUDFLARE NETWORK INTERCONNECT, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), STATUTE, OR ANY OTHER LEGAL THEORY, WHETHER OR NOT CLOUDFLARE HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE.

Cloudflare Spectrum

Any limits on data transfer related to non-HTTP/S products (e.g., Cloudflare Spectrum) will be separate from and in addition to any other data transfer caps related to HTTP/S traffic that Customer has under the Agreement. Cloudflare will determine Customer’s Spectrum traffic for the billing period by calculating the sum of both the ingress and egress traffic to and from Customer's internet clients as measured by Cloudflare during each billing period.

Cloudflare Stream and Images

1. Cloudflare is not required to retain and may delete, without notice to you, any of your content in Cloudflare Stream and Cloudflare Images following the expiration or termination of your trial or subscription.

2. Videos hosted or encoded by Cloudflare Stream must be served using Cloudflare Stream. The use of third-party content delivery networks to deliver videos hosted or encoded by Cloudflare Stream is not permitted, and such activity may result in suspension or termination of your Cloudflare Stream Services.

3. Unlike most Cloudflare products, Cloudflare Stream and Cloudflare Images can be used to host or stream content. Content stored or streamed on Cloudflare Stream and Cloudflare Images that we determine in our sole judgment to be illegal or harmful may be blocked or removed, and use of Cloudflare Services for storage or streaming of such illegal or harmful content may result in suspension or termination of Cloudflare Services. While we generally try to provide notice of such action, we reserve the right to take action without notice as appropriate. For these purposes, illegal or harmful content includes but is not limited to: (a) content containing, promoting, or facilitating child sexual abuse material (CSAM) or human trafficking; (b) content that infringes on another person’s intellectual property rights or is otherwise unlawful; (c) content that discloses sensitive personal information, incites or exploits violence, or is intended to defraud the public; and (d) content that seeks to distribute malware, facilitate phishing, or otherwise constitutes technical abuse.

Cloudflare Zero Trust

1. Overview

Cloudflare Zero Trust is a suite of cloud-based security solutions made available by Cloudflare to its Customers for use by their authorized End Users. Depending on the Cloudflare Zero Trust Services you have purchased and enabled, Cloudflare Zero Trust may include Cloudflare’s zero trust access solution for your applications (Cloudflare Access), Cloudflare’s secure web gateway and DNS filtering solution (Cloudflare Gateway), Cloudflare’s remote browser isolation solution, Cloudflare’s email protection solution (Area 1 Security), Cloudflare’s cloud access security broker (CASB) solution, and Cloudflare’s data loss prevention solution.

2. Seats

2.1 Cloudflare Zero Trust is made available on a Seat licensing basis, unless a different unit of measurement is specified on your Order Form. You may substitute an existing End User that occupies a Seat with a new End User in the event of the existing End User's termination or reassignment to another job function, without incurring an additional Fee.

2.2 You shall not resell Cloudflare Zero Trust to any third parties (e.g., in an ASP, managed security services, outsourcing, time-sharing or service bureau relationship) unless expressly permitted by Cloudflare in writing. Your violation of the foregoing shall be considered a material breach of the Agreement and subject to immediate termination of your account.

2.3 Cloudflare Gateway is subject to an Average Monthly DNS Queries limit of 5,000 DNS queries per Seat per day. “Average Monthly DNS Queries” means the number of DNS queries by your total Seats in a month divided by the number of days in such a month and further divided by the number of licensed Seats. For example, if you purchased licenses for 1,000 Seats and your Seats submitted a total of 30,000,000 DNS queries in the prior 30-day calendar month, your Average Monthly DNS Queries would be 1,000 (calculated as follows: (30,000,000 / 30) / 1,000 = 1,000). Cloudflare may continuously monitor your usage of Cloudflare Gateway on a monthly basis to determine your Average Monthly DNS Queries. If Cloudflare determines that your Average Monthly DNS Queries has exceeded 5,000 DNS queries per Seat per day, Cloudflare reserves the right to require you to purchase additional licenses as required. In the event you purchase the Service in the middle of a month, the Average Monthly DNS Queries calculation for that month shall be based on the number of days that you were subscribed for the Service in that month.

3. Cloudflare Gateway Content

By accessing or using the Service you may receive access to Cloudflare-provided threat intelligence and domain categorization data (“Cloudflare Gateway Content”). You may only use the Cloudflare Gateway Content in connection with the Service. You agree not to provide the Cloudflare Gateway Content to any third parties. If you feel that a website has been incorrectly categorized, you may submit a report here.

4. Area 1 Security

For the purpose of Area 1 Security services, Customer Content includes electronic communications and the content of and attachments associated with such electronic communications that you or your End Users transmit to or through the Services (“Email Content”). You hereby instruct Cloudflare to detect and block Email Content transmitted to or through the Service that may be used for phishing, spam, malware distribution, and other suspicious or malicious activity, and to collect and use Email Content and other data associated with such activities (e.g., metadata, email header information, origin and nature of malware) (collectively, “Detection Data”) to provide and improve the Services. You understand and agree that Cloudflare may freely store, use, and share with third parties for threat intelligence purposes Detection Data that does not identify you or any of your End Users.

5. Telemetric Data

Cloudflare processes telemetry data to deliver, enhance, improve, customize, support, and/or analyze Cloudflare Zero Trust and may otherwise freely use telemetry data that does not identify you or any of your End Users. You may have the ability to configure Cloudflare Zero Trust to limit the telemetry data collected, but in some cases, you can only opt out of the telemetry data collection by uninstalling or disabling Cloudflare Zero Trust. Telemetry data includes data that Cloudflare Zero Trust generates in connection with your use of Cloudflare Zero Trust, such as, threat intelligence data (e.g., suspicious URLs, metadata, malware); and information about the devices connected to a network and the types of software or applications installed on a network or an endpoint (e.g., client-type, operating system).

6. Customer Responsibilities

You acknowledge and agree that you are responsible for: (i) all activity of your End Users and your End Users’ compliance with this Agreement; (ii) complying with all relevant third-party terms of service and applicable laws and/or regulations in using the Service, including, but not limited to, providing clear and conspicuous notice to all End Users that you may monitor their Internet activities through Cloudflare Zero Trust; (iii) forwarding your End Users’ DNS queries, web traffic and/or internal traffic, as applicable, to Cloudflare via valid forwarding mechanisms described in the Cloudflare documentation (e.g., the WARP Client, GRE tunnels); and (iv) configuring and maintaining your third-party identity provider for use in connection with Cloudflare Zero Trust.

The creation of Cloudflare Access authentication subdomains that include deceptive or offensive terms or names of other businesses, organizations, or individuals is prohibited. If Cloudflare determines that you are engaging in this activity it may suspend or terminate your account and/or project(s) immediately. The use of the Services for phishing schemes is prohibited.

7. CASB

You authorize and instruct Cloudflare to scan, analyze, retrieve information from, or otherwise access and use your third-party applications and services that you have integrated with Cloudflare’s CASB solution, including the accounts, settings, data, and other materials available therein, to provide the Services.

You represent and warrant that (i) your use of Cloudflare’s CASB solution shall at all times comply with any relevant third-party terms of service or other agreements; and (ii) you and each of your End Users are authorized to provide Cloudflare with the requisite access to your third-party applications and services, including the accounts, settings, data, and other materials available therein.

8. Disclaimer

CLOUDFLARE DOES NOT REPRESENT OR WARRANT THAT CLOUDFLARE ZERO TRUST WILL (I) GUARANTEE ABSOLUTE SECURITY DUE TO THE CONTINUAL DEVELOPMENT OF NEW TECHNIQUES FOR INTRUDING UPON AND ATTACKING FILES, NETWORKS AND ENDPOINTS; OR (II) PROTECT ALL YOUR AND YOUR END USERS’ FILES, DEVICES, NETWORK, OR ENDPOINTS FROM ALL MALICIOUS CODE, DATA EXFILTRATION, OR OTHER ATTACKS.

Crawler Hints

1. By enabling Crawler Hints on your Zone, you authorize and instruct Cloudflare to share your websites’ hostnames and URL paths with third-party search engines (collectively, the “Crawler Hints Partners”).

2. You understand that Crawler Hints is made available to you on an “as is” and “as available” basis. Crawler Hints is not covered by Cloudflare customer support and does not have an SLA. Cloudflare reserves the right to modify or discontinue Crawler Hints at any time without notice to you.

3. IN NO EVENT WILL CLOUDFLARE BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATING TO YOUR ACCESS TO OR USE OF, OR YOUR INABILITY TO ACCESS OR USE CRAWLER HINTS, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), STATUTE, OR ANY OTHER LEGAL THEORY, WHETHER OR NOT CLOUDFLARE HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE.

CSAM Scanning Tool

1. Acknowledgement of Relevant Legal Requirements
   
   In connection with your obligation to comply with all laws and regulations applicable to your use of Cloudflare Services as set out in the General Terms, you acknowledge that the content of the data you identify using the CSAM Scanning Tool may be subject to specific legal requirements which may include, but are not limited to, laws requiring the reporting of any facts or circumstances from which you obtain actual knowledge of an apparent violation of laws relating to Child Sexual Abuse Material (CSAM) to the National Center for Missing and Exploited Children (NCMEC) and/or a government agency in your jurisdiction. Any information that Cloudflare provides to you regarding the use of the CSAM Scanning Tool is not intended as legal advice and is not a substitute for the advice of your own legal counsel.

2. Purpose limitation, Your instructions to Audit and report to NCMEC
   
   The purpose of the CSAM Scanning Tool is to prevent the spread of child sexual abuse content, and to support investigations targeted to stopping the distribution and possession of child sexual abuse content (“Purpose”). You may use the CSAM Scanning Tool solely for the Purpose, and you must not use it for any other purposes. To achieve the Purpose, it is important for you and Cloudflare to work together to maintain the integrity of the service.
   
   Accordingly:

   
   (a) You hereby authorize Cloudflare to take steps to monitor and audit your usage of the CSAM Scanning Tool to help ensure that the service is used solely for the Purpose, and otherwise in accordance with these terms.
   
   (b) You hereby authorize Cloudflare to provide reports to NCMEC on your behalf on the images you upload on the CSAM Scanning Tool that match the signatures of known CSAM images. You hereby instruct Cloudflare to use your NCMEC CyberTipline credentials and the email address you have specified for the CSAM Scanning Tool to submit these reports on your behalf. You understand that such reports do not relieve you of any legal requirements that might arise from your use of the CSAM Scanning Tool, including, but not limited to, any applicable preservation obligations and obligations that may be applicable in your local jurisdiction.
   
   (c) You hereby authorize Cloudflare to block images that the CSAM Scanning Tool matches to signatures of known CSAM images.

3. Details for the CSAM Scanning Tool
   
   This applicable service details are as follows:
   
   (a) In order to use the CSAM Scanning Tool, you must provide Cloudflare with your NCMEC CyberTipline credentials and you will be required to verify the email address you have provided.
   
   (b) The CSAM Scanning Tool is provided free of charge. Accordingly, Cloudflare will have no liability for any harm or damage arising out of or in connection with your use of the CSAM Scanning Tool.
   
   (c) Cloudflare reserves the right to modify or discontinue offering the CSAM Scanning Tool at any time (including, without limitation, by limiting or discontinuing certain features of the CSAM Scanning Tool) without notice to you.
   
   (d) Cloudflare may limit or throttle your CSAM Scanning Tool transactions at any time, with or without notice.
   
   (e) Cloudflare may terminate all Cloudflare Services provided to you if we determine that you have failed to timely remove CSAM, or we suspect you are attempting to abuse the CSAM Scanning Tool.

4. Internal Use Only
   
   You will use the CSAM Scanning Tool solely for your internal use. You may not use the CSAM Scanning Tool to provide a managed service solution.

5. No Support or SLA
   
   The CSAM Scanning Tool is not covered by customer support and does not have an SLA.

6. Limitation of Liability
   
   IN NO EVENT WILL CLOUDFLARE BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATING TO YOUR ACCESS TO OR USE OF, OR YOUR INABILITY TO ACCESS OR USE, THE CSAM SCANNING TOOL, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), STATUTE, OR ANY OTHER LEGAL THEORY, WHETHER OR NOT CLOUDFLARE HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE.

Data Localization Suite (Cloudflare’s Regional Services, Geo Key Manager, and Keyless SSL)

1. Overview
   
   Cloudflare Customers that purchase the Data Localization Suite will be entitled to Cloudflare’s Regional Services, Geo Key Manager, and Keyless SSL Services for Customer Zones that are on Cloudflare’s Enterprise plan for the sole use of Data Localization suite.

2. Pricing
   
   By purchasing Cloudflare’s Data Localization Suite, you agree to pay Cloudflare an additional fee equal to thirty percent (30%) of the monthly Fees (“Localization Suite Fee”) for any Services identified on the Data Localization Suite list (each such Service, a “Covered Service”). The Localization Suite Fee will apply to all Covered Services, regardless of whether such Covered Services are invoiced on a fixed fee or variable basis. The Localization Suite Fee will apply to all future, as well as all previously quoted, pricing including any volume discounts extended to you by Cloudflare. For the avoidance of doubt, the Data Localization Suite does not provide you with an entitlement to a Covered Service, which must be purchased separately.

3. Regional Services
   
   As a Data Localization Suite customer, you may configure Regional Services for your Enterprise primary domain and your Enterprise secondary domain(s). If you have enabled Regional Services for your Domain(s), Cloudflare will terminate TLS and apply application layer services to Customer Content for HTTPS traffic transmitted between End Users and the origin web server(s) for such a Domain only in Cloudflare data centers located in the geographic region you have selected. The geographic regions available for the Regional Service are listed on the Data Localization Suite support page.

4. Compliance
   
   Customer is solely responsible for ensuring that its use of the Data Localization Suite is compliant with all applicable laws and regulations as well as any and all privacy policies, agreements or other obligations Customer may maintain or enter into.

Email Routing

1. Cloudflare Email Routing is a Service that permits users to forward inbound emails to a specified email account inbox (the “Receiving Account”). By using Cloudflare Email Routing, you represent and warrant that you (i) lawfully own or control the Receiving Account and associated domain or are otherwise authorized to use the Service to forward emails to the Receiving Account and (ii) will comply with the restrictions set forth herein. Any breach of the foregoing representations and warranties may result in the immediate suspension or termination of your Service.
   

2. You may not use Cloudflare Email Routing to directly or indirectly engage in or otherwise promote illegal or abusive activities, including without limitation: (i) sending any form of unsolicited or otherwise unauthorized email in violation of the CAN-SPAM Act or other anti-spam laws; (ii) subscribing email addresses to any mailing list without the verifiable consent of the email address owner; (iii) unauthorized attempts to gain access to an email account or third-party service; or (iv) transmission or distribution of any viruses, worms, time bombs, Trojan horses, and other malicious code, files, scripts, software agents and programs (“Malicious Code”).
   

3. By using Cloudflare Email Routing, you acknowledge and agree that (i) Cloudflare is under no obligation to provide customer support, and does not have an SLA, for Cloudflare Email Routing; (ii) limitations imposed by third-party filtering services or policies of the Receiving Account may result in the failed or delayed delivery of legitimate email; and (iii) Cloudflare reserves the right to modify or discontinue Cloudflare Email Routing at any time.
   

4. CLOUDFLARE EMAIL ROUTING IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. CLOUDFLARE DOES NOT REPRESENT OR WARRANT THAT CLOUDFLARE EMAIL ROUTING WILL GUARANTEE THE DELIVERY OF ANY EMAILS OR PROVIDE PROTECTION FROM MALICIOUS CODE OR PHISHING ATTEMPTS.
   

5. IN NO EVENT WILL CLOUDFLARE BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATING TO YOUR ACCESS TO OR USE OF, OR YOUR INABILITY TO ACCESS OR USE, THE CLOUDFLARE EMAIL ROUTING SERVICE, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), STATUTE, OR ANY OTHER LEGAL THEORY, WHETHER OR NOT CLOUDFLARE HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE.

Geographic Distribution of Data Usage

If no regional data usage limitations are set forth in Customer’s Order Form or Insertion Order, as applicable, then the geographic distribution of Customer’s data usage must not exceed in any billing period (i) 25% in the Tier II region or (ii) 8% in the Tier III region, as such regions are defined below.

In general, (i) the Tier I region includes North America and Europe; (ii) the Tier II region includes China, India, South America, Middle East, Africa, and elsewhere in Asia (except for Korea and Taiwan); and the Tier III region includes Taiwan, Korea, Australia, and New Zealand.

If regional data usage limitations are specified in Customer’s Order Form or Insertion Order, then the geographic distribution of Customer’s data usage must not exceed for any region in any billing period the sum of the usage caps for all countries in such region. Notwithstanding the foregoing, any unused data capacity for a given regional tier may be used by Customer in any lower regional tier without incurring additional Fees. By way of example, for a Customer with regularly allotted usage limitations of 30% in the Tier II region and 15% in the Tier III region, there would be no overage charges if in a given billing period the geographic distribution of Customer’s data usage is 35% in the Tier II region and 10% in the Tier III region.

Magic Transit®

1. Overview.
   
   Cloudflare’s Magic Transit Service (“Magic Transit”) utilizes border gateway protocol to direct traffic from Customer’s set of ingress and egress termination points, including, but not limited to, individual IP addresses, protected subnets, IP networks and border routers under Customer’s control (the “Customer Network”). Magic Transit provides layer 3 DDoS mitigation, network firewall and traffic management solutions to the Customer Network traffic directed to the number of Customer’s IP Prefixes listed on Customer’s Order Form or Insertion Order, as provided by Customer to Cloudflare for the Customer Network.

2. Bandwidth Limits.
   
   Magic Transit will be provided to Customer subject to the Bandwidth Limits listed on Customer’s Order Form or Insertion Order, as measured by Cloudflare at the 95th percentile in five (5) minute intervals.
   
   To establish Customer’s bandwidth at the 95th percentile, Cloudflare will measure and record Customer’s bandwidth usage at five (5) minute intervals from 00:00 on the first day of each month until 24:00:00 on the same date of the next month (as based on the UTC+8 time zone). Customer’s bandwidth usage records (all clean bandwidth valued for all of the Customer’s Internet Properties) for the entire month will then be sorted by Cloudflare in descending order and the top 5% of the recorded bandwidth values will be discarded. The highest bandwidth value in the remaining records will be deemed the billable bandwidth for that month.
   
   By way of example, in a month with 30 days, Cloudflare would measure Customer’s bandwidth 8,640 times (i.e. 12 x 24 x 30). After sorting all of the bandwidth measurements from highest to lowest, and discarding the top 5% of such measurements, Customer would be charged at the 433rd highest value (i.e. 8,640 x 5%).

3. Magic Transit On-Demand Limits.
   
   Customer’s use of Cloudflare’s Magic Transit On-demand Service is limited to a maximum of 240 hours per month.

4. Configuration Changes.
   
   a. General. Customer shall administer Layer 3 DDoS mitigation, traffic filtering and traffic management configurations for Magic Transit directly or through Cloudflare as described in this Section 3.
   
   b. Procedure. Configuration changes for Customer’s use of Magic Transit may be completed by Cloudflare. To initiate a configuration change, Customer will issue Cloudflare a support ticket through Cloudflare’s ticketing system indicating the requested configuration change (a “Configuration Ticket”). Cloudflare will implement the requested configuration change on behalf of Customer based on the information provided in the Configuration Ticket. Customer acknowledges and agrees that it is responsible for all such requested configuration changes. Cloudflare will have no liability for any harm or damage arising out of or in connection with any configuration change requested by Customer unless such harm or damage is the result of Cloudflare’s failure to follow Customer’s instructions provided in the Configuration Ticket or unless Cloudflare has carried out the configuration changes in an imprudent or defective manner.
   
   c. Emergency Configurations. Customer pre-authorizes Cloudflare to implement emergency configuration changes without following the configuration change process set forth in Section 3(a) in order to mitigate adverse effects on the Customer Network in the event of a DDoS attack. Cloudflare will have no liability for any harm or damage arising out of or in connection with any emergency configuration changes unless such changes have been carried out in an imprudent or defective manner.
   

5. Customer Requirements.
   
   Customer will comply with the following requirements:
   
   a. Registry Information. Customer will maintain accurate and up to date WHOIS and Internet routing registry information for all IP Prefixes.
   
   b. Letter of Authorization. Customer will provide Cloudflare with a letter of authorization signed by an authorized representative of Customer sufficient to permit Cloudflare to announce the IP Prefixes.

Mobile SDK Service

The Mobile SDK Service is a Service that facilitates and analyzes network calls for mobile applications. Paid and enterprise plans of the Mobile SDK Service are available that can be used to optimize how data is transferred over networks through the use of ASAP™, a UDP-based protocol that accelerates the last mile to mobile devices.

1. Any use of the term “website” in the General Terms or any other written agreement between you and Cloudflare, as applicable, shall be deemed to mean “website or mobile application” with respect to your use of the Mobile SDK Service.

   In addition, the capitalized terms below shall have the following meanings:

   “Access Key” means a confidential access key provided by Cloudflare to Customer for enabling the Mobile SDK Service in a Mobile App.

   “Active User” means with respect to paid and enterprise Mobile SDK Service subscriptions, a unique user who has performed some action in a Mobile App in the applicable billing period. Each installation of the Mobile App on a device shall count as a unique user. For example, if a user installs and uninstalls a Mobile App 5 times in a day on the same device, such user will count as 5 unique users for the applicable billing period.

   “Mobile App” means a discrete compiled handheld or mobile device application that integrates the Cloudflare Mobile SDK to access the Cloudflare Mobile SDK Service. Each variation of compiled code that uses the Mobile SDK Service is counted as a unique Mobile App (e.g., iOS and Android each count as unique Mobile Apps). Cloudflare will provide one (1) Access Key for each unique Mobile App.

   “Platform Access Fee” means with respect to paid and enterprise Mobile SDK Service subscriptions, the Monthly Fee charged by Cloudflare for each Mobile App.

   “Total Active Users” means with respect to paid and enterprise Mobile SDK Service subscriptions the sum of all Active Users in all of Customer’s Mobile Apps for the applicable billing period. For example, if Customer’s iOS Mobile App has 300,000 Active Users in a given billing period, and Customer’s Android Mobile App has 200,000 Active Users in such billing period, the Total Active Users for such billing period is 500,000 Active Users.

2. Subject to your compliance with the terms and conditions of the Agreement, Cloudflare hereby grants you a non-exclusive, non-transferable, license, to enable the Mobile SDK Service in your Mobile App(s), solely in accordance with the Documentation and any other restrictions or obligations mutually agreed upon by the Parties. All rights not expressly granted to you herein are reserved to Cloudflare.

3. You acknowledge that you are solely responsible for your Mobile Apps, including the Mobile App’s performance and functioning with the Service. As between you and Cloudflare, you will provide all support of any type requested by Cloudflare or your end users related to your Mobile App(s) and be responsible for any warranty, liability or obligation to any end user or any third party that arises in connection with their use of your Mobile App.

4. Each Access Key may only be used by one (1) Mobile App to access the Service. You acknowledge and agree that: (a) you will ensure that each Access Key issued to a Mobile App will be used only by the Mobile App for which it was issued; (b) you are responsible for maintaining the confidentiality of all Access Keys, and are solely responsible for all activities that occur with such Access Keys; and (c) you will notify Cloudflare promptly of any actual or suspected unauthorized use of any Access Key, or any other breach or suspected breach of the Agreement. Cloudflare reserves the right to terminate any Access Key that Cloudflare reasonably determines may have been used by an unauthorized third party, and shall provide you with immediate notice of such. For your own security, Cloudflare strongly encourages that you take all necessary security precautions in conjunction with all Access Keys.

Project Pangea

By participating in Project Pangea, you represent and warrant that you meet the Project Pangea eligibility requirements available here (“Project Pangea Requirements”). You understand that should you fail to meet the Project Pangea Requirements at any time, Cloudflare may suspend, limit, or terminate your access to the Cloudflare Services. You represent that to the best of your knowledge, the information you provide to Cloudflare including, but not limited to, your expected bandwidth usage and geographic location of users is truthful, accurate, and complete. To the extent applicable to your use of the Cloudflare Services, you agree to the Cloudflare Supplemental Terms for Magic Transit and Cloudflare Network Interconnect.

Registrar Services

Your access or use of the Cloudflare Registrar Services is subject to the Cloudflare Domain Registration Agreement available here.

Security Center

1. Cloudflare Security Center is an opt-in Service that helps Customers identify certain infrastructure security risks and insecure configurations associated with their Cloudflare account (“Security Insights”).
   

2. In the course of providing the Services, Cloudflare may review, scan, access, or attempt to access certain of your infrastructure and related configurations that you have selected for the sole purpose of identifying Security Insights, including network ports, access policies, DNS records, and other network resources (“Customer Infrastructure”). By using Cloudflare Security Center, you represent and warrant that you lawfully own or control the Customer Infrastructure or are otherwise authorized to use the Service to identify Security Insights on the Customer Infrastructure.
   

3. By using Cloudflare Security Center, you acknowledge and agree that (i) Cloudflare is under no obligation to provide customer support, and does not have an SLA, for Cloudflare Security Center; (ii) Cloudflare may review, scan, access, or attempt to access Customer Infrastructure in order to provide the Services; (iii) Cloudflare Security Center is not intended to, and will not, identify all Security Insights or prevent any security breaches; (iv) the findings and/or recommendations of Cloudflare do not constitute any guarantee that your systems are secure from security breaches, even if fully remediated and/or implemented; and (v) Cloudflare reserves the right to modify or discontinue Cloudflare Security Center at any time.
   

4. Cloudflare may include (i) Security Insights in logs and reports made available in your Cloudflare account dashboard and (ii) security data made available via an API, each of which shall constitute Cloudflare Technology. You may access, download, and use such Cloudflare Technology for your own internal use only.
   

5. CLOUDFLARE SECURITY CENTER IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. CLOUDFLARE DOES NOT REPRESENT OR WARRANT THAT CLOUDFLARE SECURITY CENTER WILL DETECT ALL SECURITY INSIGHTS OR PROTECT YOUR NETWORK AND SYSTEMS FROM MALICIOUS CODE, INTRUSIONS, OR OTHER SECURITY BREACHES.
   

6. IN NO EVENT WILL CLOUDFLARE BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATING TO YOUR ACCESS TO OR USE OF, OR YOUR INABILITY TO ACCESS OR USE, THE CLOUDFLARE SECURITY CENTER, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), STATUTE, OR ANY OTHER LEGAL THEORY, WHETHER OR NOT CLOUDFLARE HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE.

Security Operations Center Service (SOC Service)

1. Cloudflare will provide proactive monitoring, alerting, analysis, and mitigation support (“SOC Service”) in accordance with the SOC Service SLA and any provisioning, configuration, or other support as agreed in the relevant Order Form. Any changes to the scope of the SOC Service or related support must be agreed in writing by Cloudflare.

2. Configuration changes for Customer’s use of the SOC Service may be completed by Cloudflare or initiated by Customer. Customer authorizes Cloudflare to implement configuration changes that Cloudflare deems reasonable in its sole discretion to prevent or mitigate adverse impacts on Customer Internet Properties.

3. Customer acknowledges and agrees that (i) Cloudflare’s performance of the SOC Service shall be contingent on reasonable access to Customer’s account and assistance from Customer personnel from time to time; (ii) the SOC Service cannot detect, prevent, or mitigate all possible attacks or threats; and (iii) Cloudflare will have no liability for any harm or damage arising out of or in connection with Cloudflare’s performance of the SOC Service in accordance with industry standards.

SSL for SaaS

SNI Rewrite functionality is only available to Enterprise customers when using custom origin functionality. It may only be enabled and used for the purpose of origin servers serving a correct certificate based on custom hostnames.

SNI Rewrite functionality may not be used for domain fronting. Such use constitutes a material breach of the Agreement. Cloudflare may suspend or terminate all or part of Cloudflare Services provided to you if Cloudflare determines you have used or are using SNI Rewrite for domain fronting.

Web3 Gateways

1. The following terms apply to Cloudflare’s Web3 Gateway Services to which you subscribe through your Cloudflare account, such as Ethereum Gateway and IPFS Gateway.

2. Customer is solely responsible for determining which content is accessible through its Web3 Gateway on a domain receiving Cloudflare’s Enterprise Services. Customer agrees to provide Cloudflare with an email address for receiving abuse reports made against such Web3 Gateway. Cloudflare may make the email address available to the reporters of such abuse reports.

3. For non-Enterprise Web3 Gateways, Cloudflare reserves the right to remove access to any content through a Customer’s Web3 Gateway.

Zaraz

1. Zaraz is a Service that allows users to customize the configuration and operation of Third-Party Products on Internet Properties associated with their Cloudflare account. By using Zaraz, you represent and warrant that you (i) lawfully own or control your Internet Properties or are otherwise authorized to apply the Service to such Internet Properties; (ii) will only use Third-Party Products in full compliance with any terms and conditions, policies, and documentation associated with such Third-Party Products (“Third-Party Terms”); and (iii) will provide notice to and obtain all consents from your End Users as required by applicable law or Third-Party Terms, including with respect to use of cookies or other cross-device tracking and ad targeting methods.
   

2. Cloudflare’s enablement of any Third-Party Products is solely on your behalf and at your direction, using the logic you define to configure when and how the Third-Party Products are enabled on your Internet Properties. Cloudflare has no control over any Third-Party Products, and assumes no responsibility for the content, privacy policies, required consents, or practices of such Third-Party Products. Cloudflare does not own the Third-Party Products, and Cloudflare is not affiliated with the owners of such Third-Party Products. You are solely responsible for your use of any Third-Party Products via the Service, including compliance with any Third-Party Terms.
   

3. By using Zaraz, you acknowledge and agree that Cloudflare may, on your behalf, (i) use your API keys, identifiers, or other credentials that you provide to Cloudflare to enable the Third-Party Products on your Internet Properties; and (ii) scan, analyze, re-direct, block, modify, and otherwise manipulate requests and responses between your Internet Properties and Third-Party Products, including, but not limited to, by adding scripts to your pages.
   

4. ZARAZ IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. ZARAZ MAY ADVERSELY AFFECT THE MANNER IN WHICH YOUR INTERNET PROPERTIES ACCESS OR COMMUNICATE WITH THIRD-PARTY PRODUCTS. CLOUDFLARE DOES NOT REPRESENT OR WARRANT THAT ZARAZ OR ANY THIRD-PARTY PRODUCTS CONFIGURED THROUGH THE SERVICE WILL BE RELIABLE, ERROR-FREE, OR UNINTERRUPTED, THAT DEFECTS WILL BE CORRECTED, OR THAT THE SERVICE OR ANY THIRD-PARTY PRODUCTS CONFIGURED THROUGH THE SERVICE WILL OTHERWISE MEET YOUR NEEDS OR EXPECTATIONS.

Legal

• Website Terms of Use

• Self-Serve Subscription Agreement

• Supplemental Terms

• Privacy Policy

• Cookie Policy

• Trust & Safety

• Transparency Report

• Domain Registration Agreement

• Modern Slavery Act Statement

Have Questions?

If you have questions about these terms or anything else about Cloudflare, please don't hesitate to contact us:

+1 (650) 319-8930

Cloudflare, Inc.
101 Townsend St,
San Francisco, CA 94107
USA