Cloudflare’s Data Localisation Suite Gives Global Companies the Tools They Need to Control Data Wherever They Do Business

Sydney, AUSTRALIA, December 8, 2020 — Cloudflare, Inc. (NYSE: NET), the security, performance, and reliability company helping to build a better Internet, today released Data Localisation Suite to give businesses across the globe tools to address their data locality, privacy, and compliance needs. With Data Localisation Suite, businesses can use Cloudflare’s global cloud network to control where their data goes and who has access to it––no matter what countries they operate in, their industry, or their specific data protection obligations.

Many countries across the globe are introducing new standards and regulations to address data access, protection, and privacy. As a result, businesses now need to evaluate and set data controls at the regional level. Until now, businesses who wanted to localise their data often had to choose to restrict their application to one data centre or one cloud provider's region—sacrificing performance or security as a result. The Data Localisation Suite helps businesses get the performance and security benefits of Cloudflare’s global network, while making it easy to set rules and controls at the edge about where their data is stored and protected.

"Companies that want to win globally need to be able to operate within the local values and requirements of different regions, and that is increasingly true as nearly every country evaluates how to address data access and protection within its borders," said Matthew Prince, co-founder and CEO of Cloudflare. “We've always prioritised privacy at Cloudflare, and now we're making it easier than ever for our customers to navigate this shifting landscape globally, and regionally.”

With Cloudflare’s Data Localisation Suite, businesses of all sizes have a suite of tools to give them:

• Control over where their data is inspected, no matter where they do business: To quickly adapt to changing local requirements, companies need an easy way to adjust local controls. With Cloudflare’s Regional Services offering, companies can choose the location of the data centres where their traffic is inspected. Businesses can also use Cloudflare’s Geo Key Manager to choose where private keys are held, and Edge Log Delivery to send their logs anywhere in the world.
• An easy way to build and deploy serverless code, with regional control: In this complex ecosystem, developers need an easy way to build applications that combine global performance with local compliance. Now Cloudflare is expanding Workers, its serverless platform, with Jurisdiction Tags for Durable Objects to give developers control of where they store data without sacrificing global performance.
• Alignment with global and European security certifications: As regulations and industry norms shift, standardised certifications can provide validation that businesses are acting in line with their industry. Today, Cloudflare meets industry-leading standards for security and privacy, and validates those commitments with third-party auditors on an annual basis. This includes ISO 27001/27002, Payment Card Industry Data Security Standards (PCI DSS), and SSAE 18 SOC 2 Type II.
• Default encryption based on the latest industry research: Privacy isn’t possible without encryption, which is why Cloudflare continuously contributes to the industry’s pursuit of better encryption protocols. For example, Cloudflare's work developing the Encrypted Client Hello (ECH) protocol standard will help protect the privacy of Internet traffic metadata.

“Australian businesses have had to adapt to rapid change this year, and this will only continue as regional data obligations become a requirement to do business here and around the globe,” said Raymond Maisano, Head of Australia at Cloudflare. “Our customers are turning to us to get the flexibility they need to make critical data decisions for their business today, and in the future."

Today, Cloudflare’s global network spans more than 200 cities in over 100 countries including five cities in Australia, to ensure that any customers in the region have close proximity to Cloudflare’s full suite of services. Cloudflare has long had a presence in Australia and serves customers including graphic design platform Canva, outdoor apparel and equipment retailer Kathmandu, eCommerce platform Neto, and more.

To learn more about Data Localisation Suite or Cloudflare’s commitment to customers’ privacy and compliance needs, please check out the resources below:

• Cloudflare Blog: Introducing the Cloudflare Data Localisation Suite
• Cloudflare Blog: Privacy needs to be built into the Internet
• Privacy Week Landing Page

About Cloudflare Cloudflare, Inc. (www.cloudflare.com / @cloudflare) is on a mission to help build a better Internet. Cloudflare’s platform protects and accelerates any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare have all web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks. Cloudflare was named to Entrepreneur Magazine’s Top Company Cultures 2018 list and ranked among the World’s Most Innovative Companies by Fast Company in 2019. Headquartered in San Francisco, CA, Cloudflare has offices in Austin, TX, Champaign, IL, Seattle, WA, New York, NY, San Jose, CA, Washington, D.C., Lisbon, London, Munich, Paris, Beijing, Singapore, Sydney, and Tokyo.

Forward-Looking Statements This press release contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended, which statements involve substantial risks and uncertainties. In some cases, you can identify forward-looking statements because they contain words such as “may,” “will,” “should,” “expect,” “explore,” “plan,” “anticipate,” “could,” “intend,” “target,” “project,” “contemplate,” “believe,” “estimate,” “predict,” “potential,” or “continue,” or the negative of these words, or other similar terms or expressions that concern our expectations, strategy, plans, or intentions. However, not all forward-looking statements contain these identifying words. Forward-looking statements expressed or implied in this press release include, but are not limited to, statements regarding our plans and objectives for the Data Localization Suite and the related suite of our products, the benefits to customers from using our products, the expected functionality and performance of our products, our security certifications, global and regional changes in data access, protection, and privacy standards and regulations, our technological development, future operations, growth, initiatives, or strategies, and comments made by our CEO and others. Actual results could differ materially from those stated or implied in forward-looking statements due to a number of factors, including but not limited to, risks detailed in our filings with the Securities and Exchange Commission (SEC), including our Quarterly Report on Form 10-Q filed on November 10, 2020, as well as other filings that we may make from time to time with the SEC.

The forward-looking statements made in this press release relate only to events as of the date on which the statements are made. We undertake no obligation to update any forward-looking statements made in this press release to reflect events or circumstances after the date of this press release or to reflect new information or the occurrence of unanticipated events, except as required by law. We may not actually achieve the plans, intentions, or expectations disclosed in our forward-looking statements, and you should not place undue reliance on our forward-looking statements.