Cloudflare Data Localization Suite

Complying with evolving regional data privacy requirements isn’t easy.

Localizing often forces businesses to restrict their application to one data center or one cloud provider’s region. This creates a trade-off between compliance and fast, secure experiences for end users.

The Cloudflare Data Localization Suite takes a rigorous and granular approach to data localization, making it easy for businesses to set rules and controls at the Internet edge, adhere to compliance regulations, and keep data locally stored and protected.

Visit the Trust Hub to learn more about supported locales, or view a list of supported products.

Decide where your data is inspected

Choose the location of the data centers where your traffic is inspected. As local data collection and privacy regulations change, you can adjust local controls to remain compliant.

Deploy serverless code with regional control

Build applications that allow your developers to combine global performance with local compliance regulations. You decide where your data is stored — with no performance penalties.

How the Cloudflare Data Localization Suite works

Preserving end-user privacy is core to Cloudflare’s mission of helping to build a better Internet. There are several ways Cloudflare ensures that your data stays as private as you want it to, and only goes where you want it to go:

  • DDoS attacks are detected and mitigated at the data center closest to the end user.
  • Data centers inside the preferred region decrypt TLS and apply HTTP services like WAF, CDN, and Cloudflare Workers.
  • Keyless SSL and Geo Key Manager store private SSL keys in a user-specified region.
  • Edge Log Delivery securely transmits logs from the inspection point to the log storage location of your choice.

Effortlessly encrypt your data.

Data privacy requires airtight encryption. Cloudflare uses the highest level of encryption possible for data in transit and at rest, ensuring that all communication between our edge and core data centers is always protected.

Control access to SSL private keys.

Security regulations can make it impossible to share private keys with third-party providers. Geo Key Manager and Keyless SSL allow you to store and manage your own SSL private keys, while still routing encrypted traffic through Cloudflare’s global network.

Choose where your traffic is handled.

To meet your compliance obligations, you may need control over where your data is inspected. Cloudflare Regional Services helps you decide where your data should be handled, without losing the security and performance benefits our network provides.

Decide where log data is sent.

Logs can contain sensitive information that is subject to local regulations. Cloudflare Edge Log Delivery (Beta) allows you to send logs directly from the edge to your partner of choice — without passing through one of our core data centers first.

Build location-aware applications.

Traditional cloud systems aren’t always equipped to meet data compliance standards. Jurisdiction Restrictions for Workers Durable Objects makes it easy to build serverless applications that are confined to a specific region — so you can control where your applications store and run data.


Blog: Introducing the Cloudflare Data Localization Suite

Learn how Cloudflare Data Localization enables businesses around the globe to meet data compliance regulations while remaining performant.

Learn More
Whitepaper: How Cloudflare helps address data protection and locality obligations in Europe

This paper covers Cloudflare's global and European security certifications, GDPR-compliant data transfer mechanisms, and product features which support data localisation.

Learn more
Blog: How Geo Key Manager Works

With Geo Key Manager, Cloudflare hosts key servers in the locations of your choosing — without having to run a key server inside your infrastructure.

Learn More

Which Cloudflare services are covered by data localization?

Application Services
  • Advanced Certificates Manager
  • Advanced DDoS
  • Advanced Rate Limiting
  • API Security
  • API Schema Validation
  • API Security
  • API Shield
  • Application Security Advanced
  • Application Security Core
  • Bot Management
  • Cache Reserve
  • CDN
  • Custom SSL
  • Data Transfer
  • Dedicated SSL
  • Domains - Primary
  • Domains - Secondary
  • Durable Objects Compute
  • Durable Objects Storage
  • Enterprise - DNS Only
  • Enterprise - Primary
  • Enterprise - Secondary
  • Image Resizing
  • Load Balancing
  • Page Shield
  • Payload inspection
  • Rate Limiting
  • Spectrum
  • SSL for SaaS
  • SSL for SaaS Advanced
  • WAF
  • WAF Advantage
  • WAF Essential
  • WAF Premier
  • Waiting Room
  • Zaraz
Developer Services
  • Workers Bundled
  • Workers Unbound
Zero Trust Services
  • Access