Cloudflare Data Localization Suite

The Cloudflare Data Localization Suite helps you manage your data locality, privacy, and compliance needs — without sacrificing security or performance.

Complying with evolving regional data privacy requirements isn’t easy.

Localizing often forces businesses to restrict their application to one data center or one cloud provider’s region. This creates a trade-off between compliance and fast, secure experiences for end users.

The Cloudflare Data Localization Suite takes a rigorous and granular approach to data localization, making it easy for businesses to set rules and controls at the Internet edge, adhere to compliance regulations, and keep data locally stored and protected.

Decide where your data is inspected

Choose the location of the data centers where your traffic is inspected. As local data collection and privacy regulations change, you can adjust local controls to remain compliant.

Deploy serverless code with regional control

Build applications that allow your developers to combine global performance with local compliance regulations. You decide where your data is stored — with no performance penalties.

How the Cloudflare Data Localization Suite works

Preserving end-user privacy is core to Cloudflare’s mission of helping to build a better Internet. There are several ways Cloudflare ensures that your data stays as private as you want it to, and only goes where you want it to go:

  • DDoS attacks are detected and mitigated at the data center closest to the end user.
  • Data centers inside the preferred region decrypt TLS and apply HTTP services like WAF, CDN, and Cloudflare Workers.
  • Keyless SSL and Geo Key Manager store private SSL keys in a user-specified region.
  • Edge Log Delivery securely transmits logs from the inspection point to the log storage location of your choice.

Effortlessly encrypt your data.

Data privacy requires airtight encryption. Cloudflare uses the highest level of encryption possible for data in transit and at rest, ensuring that all communication between our edge and core data centers is always protected.


Control access to SSL private keys.

Security regulations can make it impossible to share private keys with third-party providers. Geo Key Manager and Keyless SSL allow you to store and manage your own SSL private keys, while still routing encrypted traffic through Cloudflare’s global network.


Choose where your traffic is handled.

To meet your compliance obligations, you may need control over where your data is inspected. Cloudflare Regional Services helps you decide where your data should be handled, without losing the security and performance benefits our network provides.


Decide where log data is sent.

Logs can contain sensitive information that is subject to local regulations. Cloudflare Edge Log Delivery (Beta) allows you to send logs directly from the edge to your partner of choice — without passing through one of our core data centers first.


Build location-aware applications.

Traditional cloud systems aren’t always equipped to meet data compliance standards. Jurisdiction Restrictions for Workers Durable Objects makes it easy to build serverless applications that are confined to a specific region — so you can control where your applications store and run data.

Resources

Blog: How Geo Key Manager Works

With Geo Key Manager, Cloudflare hosts key servers in the locations of your choosing — without having to run a key server inside your infrastructure.

Learn More

Blog: Introducing Regional Services

Regional Services gives customers the ability to accommodate regional restrictions while still receiving the benefits of Cloudflare’s global edge network.

Learn More

Blog: Introducing the Cloudflare Data Localization Suite

Learn how Cloudflare Data Localization enables businesses around the globe to meet data compliance regulations while remaining performant.

Learn More