Cloudflare Data Localization Suite

Complying with evolving regional data privacy requirements isn’t easy.
Data localization suite illustration

Localizing often forces businesses to restrict their application to one data center or one cloud provider’s region. This creates a trade-off between compliance and fast, secure experiences for end users.

The Cloudflare Data Localization Suite takes a rigorous and granular approach to data localization, making it easy for businesses to set rules and controls at the Internet edge, adhere to compliance regulations, and keep data locally stored and protected.

Visit the Trust Hub to learn more about supported locales, or view a list of supported products.

Data localization suite illustration

Decide where your data is inspected

Choose the location of the data centers where your traffic is inspected. As local data collection and privacy regulations change, you can adjust local controls to remain compliant.

Deploy serverless code with regional control

Build applications that allow your developers to combine global performance with local compliance regulations. You decide where your data is stored — with no performance penalties.

How the Cloudflare Data Localization Suite works

Network map spot hero illustration

Preserving end-user privacy is core to Cloudflare’s mission of helping to build a better Internet. There are several ways Cloudflare ensures that your data stays as private as you want it to, and only goes where you want it to go:

  • DDoS attacks are detected and mitigated at the data center closest to the end user.
  • Data centers inside the preferred region decrypt TLS and apply HTTP services like WAF, CDN, and Cloudflare Workers.
  • Keyless SSL and Geo Key Manager store private SSL keys in a user-specified region.
  • Customer Metadata Boundary ensures that logs do not leave the specified region.
Network map spot hero illustration

Effortlessly encrypt your data.

Security lock spot

Data privacy requires airtight encryption. Cloudflare uses the highest level of encryption possible for data in transit and at rest, ensuring that all communication between our edge and core data centers is always protected.

Security lock spot

Control access to SSL private keys.

Security regulations can make it impossible to share private keys with third-party providers. Geo Key Manager and Keyless SSL allow you to store and manage your own SSL private keys, while still routing encrypted traffic through Cloudflare’s global network.


Choose where your traffic is handled.

Integrated cloud network illustration

To meet your compliance obligations, you may need control over where your data is inspected. Cloudflare Regional Services helps you decide where your data should be handled, without losing the security and performance benefits our network provides.

Integrated cloud network illustration

Decide where data is sent.

Illustration of Cloudflare integration with IBM QRadar

The Customer Metadata Boundary allows you to comply with local laws by ensuring that data containing sensitive information does not leave your specified region.

Illustration of Cloudflare integration with IBM QRadar

Build location-aware applications.

Illustration of globe surrounded by code

Traditional cloud systems aren’t always equipped to meet data compliance standards. Jurisdiction Restrictions for Workers Durable Objects makes it easy to build serverless applications that are confined to a specific region — so you can control where your applications store and run data.

Illustration of globe surrounded by code