Cloudflare and GDPR compliance

Cloudflare’s is a privacy-first company. As such, the General Data Protection Regulation (“GDPR”) represents many steps we were already taking. We do not sell personal data we process, or use it for any purpose other than delivering our services. In addition, we let people access, correct, and delete their personal information, and give our customers control over the information passing through our network.

To learn more, explore our GDPR FAQ below, or check out Cloudflare’s overall privacy policy.

Cdn support byoip spot illustration

Frequently asked questions


Resources on the GDPR

Whitepaper

Cloudflare’s policies around data privacy and law enforcement requests

This paper outlines policies and procedures that guide how we manage customer and end-user data on our systems — and how we address government and other legal requests for data.

Download PDF
Solution & Product Guides

How Cloudflare helps address data protection and locality obligations in Europe

Cloudflare’s network and products are built to support Europe’s most privacy-conscious and regulated industries. This paper explains how we do so via privacy-focused policies, certifications, and product features.

Download PDF
Link

Cloudflare sub-processors

Regularly updated descriptions and locations of Cloudflare's sub-processors

Learn More
Link

Cloudflare's data processing addendum

Download PDF
Link

Cloudflare Data Processing Addendum: Standard Contractual Clauses for Customers

Learn More

Cloudflare features that support data protection

Security lock blue
Encryption

Cloudflare’s network can encrypt data throughout its journey from origin servers to end-users, using the very latest protocols.

Learn more
Analytics network blue
Privacy-first analytics

Cloudflare’s Web Analytics does not use any client-side state, such as cookies or localStorage, to collect usage metrics — and never ‘fingerprints’ individual users.

Learn more
Internet globe blue
Data localization

In many regions — including the EU — Cloudflare lets organizations control which regional data centers their traffic is inspected in and where logs are sent.

Learn more
Cloudflare access blue
Access management

Cloudflare Zero Trust lets organizations enforce country-specific access rules, block risky sites and content, and log access events for internal applications and data.

Learn more
Documentation list blue
Reporting

Cloudflare Logs gives granular insights into every HTTP request, helping you investigate potential breaches and other security incidents.

Learn more
Certificate manager blue
Certifications

In addition to complying with industry-standard security certifications, Cloudflare is considered an ‘Operator of Essential Services’ under the EU Directive on Security of Network and Information Systems.

Learn more

Protect and accelerate your websites, apps, and teams.