Cloudflare and GDPR compliance

Cloudflare supports a number of Europe’s largest and fastest-growing companies. Learn how European companies can use Cloudflare to help meet their GDPR obligations.

Our data privacy philosophy
Cloudflare’s network and all of our products are built with data protection in mind. As such, the GDPR was a codification of many steps we were already taking. Cloudflare does not sell personal data we process on customers’ behalf, or use it for any purpose other than to provide our services to our customers. In addition, we give people the ability to access, correct, and delete their personal information, and give our customers control over the information that passes through our network.

Frequently asked questions: GDPR compliance at Cloudflare

Get answers to common question about how we process data on behalf of our customers in a way that complies with the GDPR — and learn about our data protection safeguards, our responses to the latest legal rulings, and more.

Learn more

Resources on the GDPR

Whitepaper

How Cloudflare Helps Address Data Locality and Privacy Obligations in Europe.

Learn about Cloudflare’s privacy commitments, our long history of working with European companies, and how our services help organizations meet their data protection needs.

Download PDF
Whitepaper

Cloudflare’s policies around data privacy and law enforcement requests

This paper outlines policies and procedures that guide how we manage customer and end-user data on our systems — and how we address government and other legal requests for data.

Download PDF
Ebook

How the Cloudflare network maintains data privacy

This paper breaks down how Cloudflare uses security measures to protect data privacy as data crosses our network.

Download PDF
Link

Cloudflare sub-processors

Regularly updated descriptions and locations of Cloudflare's sub-processors

Learn More
Link

Cloudflare's data processing addendum

Download PDF
Link

Cloudflare Data Processing Addendum: Standard Contractual Clauses for Customers

Learn More

Cloudflare features that support GDPR compliance

Encryption

Cloudflare’s network can encrypt data throughout its journey from origin servers to end-users, using the very latest protocols.

Learn more
Privacy-first analytics

Cloudflare’s Web Analytics does not use any client-side state, such as cookies or localStorage, to collect usage metrics — and never ‘fingerprints’ individual users.

Learn more
Data localization

Cloudflare lets organizations control which regional data centers their traffic is inspected in and where logs are sent.

Learn more
Access management

Cloudflare for Teams lets organizations enforce country-specific access rules, block risky sites and content, and log access events for internal applications and data.

Learn more
Reporting

Cloudflare Logs gives granular insights into every HTTP request, helping you investigate potential breaches and other security incidents.

Learn more
Certifications

In addition to complying with industry-standard security certifications, Cloudflare is considered an ‘Operator of Essential Services’ under the EU Directive on Security of Network and Information Systems.

Learn more

Protect and accelerate your websites, apps, and teams.