Service-Specific Terms

Last updated September 27, 2023 (note that the "Supplemental Terms" have been renamed to the "Service-Specific Terms" as of May 10, 2023)

The following Service-Specific Terms (“Service-Specific Terms”), are an integral part of the Self-Serve Subscription Agreement, Enterprise Subscription Agreement, or any other agreement governing your use and access to Cloudflare's Service(s), as applicable (“Subscription Terms”). Unless defined below, all capitalized terms will have the definitions given to such terms in the Subscription Terms. For Enterprise customers, all references to “you” and “your” in the Service-Specific Terms below refer to the Customer named in the applicable Order Form or other ordering document.

Please click on the following links to navigate to the Service-Specific Terms applicable to your specific Cloudflare Services.


Cloudflare Zero Trust

  1. Overview

Cloudflare Zero Trust is a suite of cloud-based security solutions made available by Cloudflare to its Customers for use by their authorized End Users. Depending on the Cloudflare Zero Trust Services you have purchased and enabled, Cloudflare Zero Trust may include Cloudflare’s zero trust access solution for your applications (Cloudflare Access), Cloudflare’s secure web gateway and DNS filtering solution (Cloudflare Gateway), Cloudflare’s remote browser isolation solution, Cloudflare’s cloud email security solution (formerly called Area 1), Cloudflare’s cloud access security broker (CASB) solution, and Cloudflare’s data loss prevention solution.

2. Seats

2.1 Cloudflare Zero Trust is made available on a Seat licensing basis, unless a different unit of measurement is specified on your Order Form. You may substitute an existing End User that occupies a Seat with a new End User in the event of the existing End User's termination or reassignment to another job function, without incurring an additional Fee.

2.2 You shall not resell Cloudflare Zero Trust to any third parties (e.g., in an ASP, managed security services, outsourcing, time-sharing or service bureau relationship) unless expressly permitted by Cloudflare in writing. Your violation of the foregoing shall be considered a material breach of the Agreement and subject to immediate termination of your account.

2.3 Cloudflare Gateway is subject to an Average Monthly DNS Queries limit of 5,000 DNS queries per Seat per day. “Average Monthly DNS Queries” means the number of DNS queries by your total Seats in a month divided by the number of days in such a month and further divided by the number of licensed Seats. For example, if you purchased licenses for 1,000 Seats and your Seats submitted a total of 30,000,000 DNS queries in the prior 30-day calendar month, your Average Monthly DNS Queries would be 1,000 (calculated as follows: (30,000,000 / 30) / 1,000 = 1,000). Cloudflare may continuously monitor your usage of Cloudflare Gateway on a monthly basis to determine your Average Monthly DNS Queries. If Cloudflare determines that your Average Monthly DNS Queries has exceeded 5,000 DNS queries per Seat per day, Cloudflare reserves the right to require you to purchase additional licenses as required. In the event you purchase the Service in the middle of a month, the Average Monthly DNS Queries calculation for that month shall be based on the number of days that you were subscribed for the Service in that month.

3. Cloudflare Gateway Content

By accessing or using the Service you may receive access to Cloudflare-provided threat intelligence and domain categorization data (“Cloudflare Gateway Content”). You may only use the Cloudflare Gateway Content in connection with the Service. You agree not to provide the Cloudflare Gateway Content to any third parties. If you feel that a website has been incorrectly categorized, you may submit a report here.

4. Cloudflare Cloud Email Security (formerly called Area 1)

For the purpose of Cloudflare Cloud Email Security services, Customer Content includes electronic communications and the content of and attachments associated with such electronic communications that you or your End Users transmit to or through the Services (“Email Content”). You hereby instruct Cloudflare to process and analyze Email Content transmitted to or through the Service for the purposes of detecting and blocking Email Content that may be used for phishing, spam, malware distribution, and other suspicious or malicious activity, and to collect and use Email Content and other data associated with such activities (e.g., metadata, email header information, origin and nature of malware) (collectively, “Detection Data”) to provide and improve the Services. You understand and agree that Cloudflare may freely store, use, and share with third parties for threat intelligence purposes Detection Data that does not identify you or any of your End Users.

5. Telemetric Data

Cloudflare processes telemetry data to deliver, enhance, improve, customize, support, and/or analyze Cloudflare Zero Trust and may otherwise freely use telemetry data that does not identify you or any of your End Users. You may have the ability to configure Cloudflare Zero Trust to limit the telemetry data collected, but in some cases, you can only opt out of the telemetry data collection by uninstalling or disabling Cloudflare Zero Trust. Telemetry data includes data that Cloudflare Zero Trust generates in connection with your use of Cloudflare Zero Trust, such as, threat intelligence data (e.g., suspicious URLs, metadata, malware); and information about the devices connected to a network and the types of software or applications installed on a network or an endpoint (e.g., client-type, operating system).

6. Customer Responsibilities

You acknowledge and agree that you are responsible for: (i) all activity of your End Users and your End Users’ compliance with this Agreement; (ii) complying with all relevant third-party terms of service and applicable laws and/or regulations in using the Service, including, but not limited to, providing clear and conspicuous notice to all End Users that you may monitor their Internet activities through Cloudflare Zero Trust; (iii) forwarding your End Users’ DNS queries, web traffic and/or internal traffic, as applicable, to Cloudflare via valid forwarding mechanisms described in the Cloudflare documentation (e.g., the WARP Client, GRE tunnels); and (iv) configuring and maintaining your third-party identity provider for use in connection with Cloudflare Zero Trust.

The creation of Cloudflare Access authentication subdomains that include deceptive or offensive terms or names of other businesses, organizations, or individuals is prohibited. If Cloudflare determines that you are engaging in this activity it may suspend or terminate your account and/or project(s) immediately. The use of the Services for phishing schemes is prohibited.

7. CASB

You authorize and instruct Cloudflare to scan, analyze, retrieve information from, or otherwise access and use your third-party applications and services that you have integrated with Cloudflare’s CASB solution, including the accounts, settings, data, and other materials available therein, to provide the Services.

You represent and warrant that (i) your use of Cloudflare’s CASB solution shall at all times comply with any relevant third-party terms of service or other agreements; and (ii) you and each of your End Users are authorized to provide Cloudflare with the requisite access to your third-party applications and services, including the accounts, settings, data, and other materials available therein.

8. Disclaimer

CLOUDFLARE DOES NOT REPRESENT OR WARRANT THAT CLOUDFLARE ZERO TRUST WILL (I) GUARANTEE ABSOLUTE SECURITY DUE TO THE CONTINUAL DEVELOPMENT OF NEW TECHNIQUES FOR INTRUDING UPON AND ATTACKING FILES, NETWORKS AND ENDPOINTS; OR (II) PROTECT ALL YOUR AND YOUR END USERS’ FILES, DEVICES, NETWORK, OR ENDPOINTS FROM ALL MALICIOUS CODE, DATA EXFILTRATION, OR OTHER ATTACKS.


Security Center

  1. Cloudflare Security Center is an opt-in Service that helps Customers identify certain infrastructure security risks and insecure configurations associated with their Cloudflare account (“Security Insights”).

  2. In the course of providing the Services, Cloudflare may review, scan, access, or attempt to access certain of your infrastructure and related configurations that you have selected for the sole purpose of identifying Security Insights, including network ports, access policies, DNS records, and other network resources (“Customer Infrastructure”). By using Cloudflare Security Center, you represent and warrant that you lawfully own or control the Customer Infrastructure or are otherwise authorized to use the Service to identify Security Insights on the Customer Infrastructure.

  3. By using Cloudflare Security Center, you acknowledge and agree that (i) Cloudflare is under no obligation to provide customer support, and does not have an SLA, for Cloudflare Security Center; (ii) Cloudflare may review, scan, access, or attempt to access Customer Infrastructure in order to provide the Services; (iii) Cloudflare Security Center is not intended to, and will not, identify all Security Insights or prevent any security breaches; (iv) the findings and/or recommendations of Cloudflare do not constitute any guarantee that your systems are secure from security breaches, even if fully remediated and/or implemented; and (v) Cloudflare reserves the right to modify or discontinue Cloudflare Security Center at any time.

  4. Cloudflare may include (i) Security Insights in logs and reports made available in your Cloudflare account dashboard and (ii) security data made available via an API, each of which shall constitute Cloudflare Technology. You may access, download, and use such Cloudflare Technology for your own internal use only.

  5. You may only use the Brand Protection search tools to search for domains that may be attempting to impersonate your brand or a brand that has authorized you to conduct such search on its behalf.

  6. CLOUDFLARE SECURITY CENTER IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. CLOUDFLARE DOES NOT REPRESENT OR WARRANT THAT CLOUDFLARE SECURITY CENTER WILL DETECT ALL SECURITY INSIGHTS OR PROTECT YOUR NETWORK AND SYSTEMS FROM MALICIOUS CODE, INTRUSIONS, OR OTHER SECURITY BREACHES.

  7. IN NO EVENT WILL CLOUDFLARE BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATING TO YOUR ACCESS TO OR USE OF, OR YOUR INABILITY TO ACCESS OR USE, THE CLOUDFLARE SECURITY CENTER, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), STATUTE, OR ANY OTHER LEGAL THEORY, WHETHER OR NOT CLOUDFLARE HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE.