Our mission to help build a better Internet is rooted in the importance we place on establishing trust with our Customers, users, and the Internet community globally. To earn and maintain that trust, we commit to communicating transparently, providing security, and protecting the privacy of data on our systems.
We keep your personal information personal and private. We will not sell or rent your personal information to anyone. We will not share or otherwise disclose your personal information except as necessary to provide our Services or as otherwise described in this Policy without first providing you with notice and the opportunity to consent.
This Policy applies to Cloudflare’s collection, use, and disclosure of the personal information of the following categories of data subjects:
Attendees: Those who visit our offices or provide their information to Cloudflare or Cloudflare representatives when they attend or register to attend Cloudflare-sponsored events or other events at which Cloudflare (and/or its representatives) participates, as well as those who participate in Cloudflare’s studies such as user experience research.
Website Visitors: Those who visit our Websites, including those who may opt to provide an email address or other contact information to receive communications from Cloudflare, fill out a survey, or provide feedback. For the purposes of this Policy, “Websites” refer collectively to www.cloudflare.com as well as any other websites Cloudflare operates for its own behalf and that link to this Policy. For clarity, “Websites” does not include any sites owned or operated by our Customers, including where we serve as Registrar.
Customers: Individuals or entities who enter into a subscription agreement with Cloudflare (or its authorized partner) and to whom Cloudflare provides Services pursuant to such agreement. For purposes of this Policy, “Services” shall refer to all of the cloud-based solutions offered, marketed, or sold by Cloudflare or its authorized partners that are designed to increase the performance, security, and availability of Internet properties, applications, devices, and networks, along with any software, software development kits, and application programming interfaces ("APIs") made available in connection with the foregoing.
Administrators: Those with login credentials for a Cloudflare account and/or those who administer any of the Services for a Customer. In some cases, an Administrator and Customer may be the same individual. In other cases, an Administrator may be an agent acting on behalf of a Customer.
Public DNS Resolver Users: Those who use Cloudflare’s 126.96.36.199 public recursive Domain Name System (“DNS”) resolver service, including 188.8.131.52 for Families ("184.108.40.206 resolver"). Learn more about the 220.127.116.11 resolver here.
End Users: Those who (i) access or use our Customers’ domains, networks, websites, application programming interfaces, and applications, or (ii) are authorized Cloudflare for Teams users, such as our Customers’ employees, agents, or contractors.
Registrants: Users of Cloudflare’s domain registrar services. Cloudflare is an ICANN-accredited registrar and complies with the 2013 Registrar Accreditation Agreement (“RAA”).
This Policy also does not apply to our Customers’ domains, websites, APIs, applications, and networks, which may have their own terms and privacy policies. Our Customers are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, including those relating to the collection of personal information, in connection with the use of our Services by End Users with whom our Customers interact.
Cloudflare’s Websites and Services are not intended for, nor designed to attract, individuals under the age of eighteen. Cloudflare does not knowingly collect personal information from any person under the age of eighteen.
When Cloudflare is a reverse proxy, our IP addresses may appear in WHOIS and DNS records for websites using our Services. We are a conduit for information controlled by others. It is our Customers and their users who are responsible for the content transmitted across our network (e.g., images, written content, graphics, etc.).
Cloudflare only processes personal information in a way that is compatible with and relevant to the purpose for which it was collected or authorized. As a general matter, for all categories of data described in Section 2 above, except 18.104.22.168 resolver user data, we may use the information (including personal information, to the extent applicable) to:
Provide, operate, maintain, improve, and promote the Websites and Services for all users of the Websites and Services;
Enable you to access and use the Websites and Services;
Process and complete transactions, and send you related information, including purchase confirmations and invoices;
Send transactional messages, including responses to your comments, questions, and requests; provide customer service and support; and send you technical notices, updates, security alerts, and support and administrative messages;
Send commercial communications, in accordance with your communication preferences, such as providing you with information about products and services, features, surveys, newsletters, offers, promotions, contests, and events about us and our partners; and send other news or information about us and our partners. See Section 9 below for information on managing your communication preferences.
Process and deliver contest or sweepstakes entries and rewards;
Monitor and analyze trends, usage, and activities in connection with the Websites and Services and for marketing or advertising purposes;
Comply with legal obligations as well as to investigate and prevent fraudulent transactions, unauthorized access to the Services, and other illegal activities;
Personalize the Websites and Services, including by providing features or content that match your interests and preferences;
To register visitors to our offices and to manage non-disclosure agreements that visitors may be required to sign, to the extent such processing is necessary for our legitimate interest in protecting our offices and our confidential information against unauthorized access; and
Process for other purposes for which we obtain your consent.
Public DNS Resolver Users. We use information we collect from 22.214.171.124 resolver users to operate and improve the 126.96.36.199 resolver, such as to assist us in our debugging efforts if an issue arises. Our 188.8.131.52 resolver service does not store 184.108.40.206 resolver users’ personal data. We will not combine any information collected from DNS queries to our 220.127.116.11 resolver with any other Cloudflare or third party data in any way that can be used to identify individual end users. Learn more about our 18.104.22.168 resolver commitment to privacy here.
Log Data from End Users. We use and process the Log Data from End Users to fulfill our obligations under our Customer agreements and as may be required by law. We act as a data processor and service provider pursuant to data processing instructions by our Customers.
Information from Third Party Services. We may combine information we collect as described in Section 2 above with personal information we obtain from third parties. For example, we may combine information entered on a Cloudflare sales submission form with information we receive from a third-party sales intelligence platform vendor to enhance our ability to market our Services to Customers or potential Customers.
Cloudflare may aggregate data we acquire about our Customers, Administrators, and End Users, including the Log Data described above. For example, we may assemble data to determine how Web crawlers index the Internet and whether they are engaged in malicious activity or to compile web traffic reports and statistics. Non-personally identifiable, aggregated data may be shared with third parties.
If you are an individual from the European Economic Area (the “EEA”), the UK or Switzerland, please note that our legal basis for collecting and using your personal information will depend on the personal information collected and the specific context in which we collect it. We normally will collect personal information from you only where: (a) we have your consent to do so, (b) where we need your personal information to perform a contract with you (e.g. to deliver the Cloudflare Services you have requested), or (c) where the processing is in our legitimate interests. Please note that in most cases, if you do not provide the requested information, Cloudflare will not be able to provide the requested service to you.
In some cases, we may also have a legal obligation to collect personal information from you, or may otherwise need the personal information to protect your vital interests or those of another person.
Where we rely on your consent to process your personal data, you have the right to withdraw or decline consent at any time. Where we rely on our legitimate interests to process your personal data, you have the right to object.
If you have any questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us at firstname.lastname@example.org.
Specifically, we do not permit our Service Providers to sell any personal information we share with them or to use any personal information we share with them for their own marketing purposes or for any purpose other than in connection with the services they provide to us.
In addition to sharing with Service Providers as described above, we also may share your information with others in the following circumstances:
Within the Cloudflare Group (defined for the purposes of this Policy as Cloudflare, Inc. (United States) and its subsidiaries listed Section 16;
With our resellers and other sales partners who may help us distribute the Services to Customers;
With an app developer when you install an app from our App Marketplace;
In the event of a merger, sale, change in control, or reorganization of all or part of our business;
When we are required to disclose personal information to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims. (Learn more about how we handle law enforcement requests here);
As you may otherwise consent from time to time.
Public DNS Resolver Users. Cloudflare does not share 22.214.171.124 resolver logs with any third parties except for anonymous logs shared with APNIC pursuant to a Research Cooperative Agreement. Learn more about information sharing specific to the 126.96.36.199 resolver here.
Registrants. If you purchase a domain name from Cloudflare’s registrar service, ICANN (The Internet Corporation for Assigned Names and Numbers) and the relevant registry operators overseeing the domain’s top-level domain require us to collect registrant data for the purposes of domain registration and via the WHOIS protocol. We may also be required to share this public data with ICANN, the relevant registry operators and other such providers with whom we contract in order to provide our domain name services, and additionally upon the legitimate request of third parties. Registrant data may include the domain name, registrant name and other contact information, and domain name server information. See our Domain Registration Agreement here.
Notice to California Residents. We do not sell, rent, or share personal information with third parties as defined under the California Consumer Privacy Act of 2018 (California Civil Code Sec. 1798.100 et seq.), nor do we do not sell, rent, or share personal information with third parties for their direct marketing purposes as defined under California Civil Code Sec. 1798.83.
Cloudflare is a U.S.-based, global company. We primarily store your information in the United States and the European Economic Area. To facilitate our global operations, we may transfer and access such information from around the world, including from other countries in which the Cloudflare Group has operations for the purposes described in this Policy.
Whenever Cloudflare shares personal information originating in the EEA, the UK, or Switzerland with a Cloudflare entity outside the EEA, the UK, or Switzerland, we will do so on the basis of the EU standard contractual clauses (adjusted to address transfers from the UK) or the Privacy Shield Frameworks detailed in this section.
If you are accessing or using our Websites or Services or otherwise providing information to us, you are agreeing to the transfer of your personal information to the United States and other jurisdictions in which we operate.
Privacy Shield. Cloudflare is certified under both the EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EEA, the UK, and Switzerland to the United States, respectively (“Privacy Shields”). We commit to periodically review and verify the accuracy of our policies and our compliance with the Privacy Shields. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. For more information on the EU-U.S. Privacy Shield or Swiss-U.S. Privacy Shield, please visit the U.S. Department of Commerce’s Privacy Shield website at: https://www.privacyshield.gov/welcome.
If you believe that we maintain copies of your personal data within the scope of the Privacy Shields, you may direct any inquiries to SAR@cloudflare.com or via mail to: Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, Attn: Data Protection Officer. We will respond to your inquiry within 30 days of receipt and verification of your identity.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. If neither we nor our dispute resolution provider are able to resolve your complaint, as a last resort you may engage in binding arbitration through the Privacy Shield Panel.
Our commitments under the Privacy Shields are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. We may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Under such circumstances, we may be prohibited by law, court order or other legal process from providing notice of disclosure.
For any subject access request ("SAR"), we will need to verify a requestor is inquiring about their own information before we can assist. Where a SAR may implicate the personal data of another individual, we must balance the request against the risk of violating another person’s privacy rights. We will comply with SARs to the extent required by applicable law or the US-Swiss or US-EU Privacy Shield. In the EEA, the UK, and Switzerland, you also have the right to lodge a complaint with a supervisory authority.
Attendees, Website Visitors, Customers, Administrators, and Registrants. You have the right to access, correct, update, export, or delete your personal information. You may email us at SAR@cloudflare.com with any such subject access requests (“SAR”), and we will respond within thirty (30) days. Customers and Administrators also can access, correct, export, or update their Account Information by editing their profile or organization record at cloudflare.com.
Public DNS Resolver Users. We do not retain any personal information about 188.8.131.52 resolver users that would be subject to the data subject rights described above.
End Users. Cloudflare has no direct relationship with End Users. Even where “Cloudflare” may be indicated as the authoritative name server for a domain, unless Cloudflare is the owner of that domain, we have no control over a domain’s content. Accordingly, we rely upon our Customers to comply with the underlying legal requirements for subject access requests. If an End User requests that we access, correct, update, or delete their information, or no longer wishes to be contacted by one of our Customers that use our Services, we will direct that End User to contact the Customer website(s) with which they interacted directly. Our Customers are solely responsible for ensuring compliance with all applicable laws and regulations with respect to their website users.
Cloudflare will send you commercial communications based on the communication preferences in your account settings. Cloudflare also will send you service-related communications. You may manage your receipt of commercial communications by clicking on the “unsubscribe” link located on the bottom of such emails, through your account settings if you have a Cloudflare account, or you may send a request to email@example.com.
We take all reasonable steps to protect information we receive from you from loss, misuse or unauthorized access, disclosure, alteration and/or destruction. We have put in place appropriate physical, technical and administrative measures to safeguard and secure your information, and we make use of privacy-enhancing technologies such as encryption. If you have any questions about the security of your personal information, you can contact us at firstname.lastname@example.org.
If we make changes to this Policy that we believe materially impact the privacy of your personal information, we will promptly provide notice of any such changes (and, where necessary, obtain consent), as well as post the updated Policy on this website noting the effective date of any changes.
We may assign or transfer this Policy, as well as information covered by this Policy, in the event of a merger, sale, change in control, or reorganization of all or part of our business.
Non-English translations of this Policy are provided for convenience only. In the event of any ambiguity or conflict between translations, the English version is authoritative and controls.
If you have an unresolved privacy or data-use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Cloudflare Portugal, Unipessoal Lda., further identified in the Contact Information section below, is our EU representative pursuant to Article 27 of the EU GDPR.
Cloudflare, Ltd., further identified in the Contact Information section, is our UK representative pursuant to the UK GDPR.
Cloudflare, Inc.101 Townsend St.San Francisco, CA 94107Attention: Data Protection Officerprivacyquestions@cloudflare.com
Cloudflare, Ltd.County Hall/The Riverside BuildingBelvedere RoadLondon, SE1 7PBAttention: Data Protection Officerprivacyquestions@cloudflare.com
Cloudflare Portugal, Unipessoal Lda.Largo Rafael Bordalo Pinheiro 291200-369 LisboaAttention: Data Protection Officerprivacyquestions@cloudflare.com
Cloudflare Germany GmbHRosental 780331 MünchenAttention: Data Protection Officerprivacyquestions@cloudflare.com
Cloudflare Pte., Ltd.182 Cecil Street, #35-01Frasers Tower, Singapore 069547Attention: Data Protection Officerprivacyquestions@cloudflare.com
Cloudflare Australia Pty Ltd.333 George St., 5th FloorSydney, NSW 2000Attention: Data Protection Officerprivacyquestions@cloudflare.com
Cloudflare (Beijing) Information Technology Co., Ltd.16 South Guangshun StreetDonghuang Building 17th FloorChaoyang District Beijing 100015Attention: Data Protection Officerprivacyquestions@cloudflare.com
Cloudflare France SAS6 place de la Madeleine75008 ParisAttention: Data Protection Officerprivacyquestions@cloudflare.com
Cloudflare Japan K.K.3-1-6 Motoazabu, Minato-kuTokyo, 106-0046Attention: Data Protection Officerprivacyquestions@cloudflare.com
If you have questions about these terms or anything else about Cloudflare, please don't hesitate to contact us:
+1 (650) 319-8930
Cloudflare, Inc.101 Townsend St,San Francisco, CA 94107USAAttention: Data Protection Officerprivacyquestions@cloudflare.com