Cloudflare and GDPR compliance

Cdn support byoip spot illustration

Cloudflare is a privacy-first company. As such, the General Data Protection Regulation (“GDPR”) represents many steps we were already taking. We do not sell personal data we process, or use it for any purpose other than delivering our services. In addition, we let people access, correct, and delete their personal information, and give our customers control over the information passing through our network.

To learn more, explore our GDPR FAQ below, or check out Cloudflare’s overall privacy policy.

Cdn support byoip spot illustration

Frequently asked questions (Last Updated: Oct 13, 2023)


Resources on the GDPR

Whitepaper

Cloudflare’s policies around data privacy and law enforcement requests

This paper outlines policies and procedures that guide how we manage customer and end-user data on our systems — and how we address government and other legal requests for data.

Download PDF
Solution & Product Guides

How Cloudflare helps address data protection and locality obligations in Europe

Cloudflare’s network and products are built to support Europe’s most privacy-conscious and regulated industries. This paper explains how we do so via privacy-focused policies, certifications, and product features.

Download PDF
Link

Cloudflare sub-processors

Regularly updated descriptions and locations of Cloudflare's sub-processors

Learn More
Link

Cloudflare's data processing addendum

Download PDF
Link

Cloudflare Data Processing Addendum: Standard Contractual Clauses for Customers

Learn More

Protect and accelerate your websites, apps, and teams.