Mobile Application Privacy Policy

Effective October 4, 2018

This Mobile Application Privacy Policy (“ Mobile Privacy Policy”) outlines the information that Cloudflare gathers, how we use that information, and the options you have to access, correct, or delete such information when you use Cloudflare’s Mobile Application (“Mobile Application”). As used in this Mobile Privacy Policy, “Cloudflare,” “Us” or “We” refers to Cloudflare, Inc. and its affiliates.


Our mission to help build a better Internet is rooted in the importance we place on establishing trust with the Internet community globally. To earn and maintain that trust, we commit to communicating transparently, providing security, and protecting the privacy of data on our systems.

We keep your personal information personal and private. We will not sell, rent, share, or otherwise disclose your personal information to anyone except as necessary to provide our services or as otherwise described in this Mobile Privacy Policy without first providing you with notice and the opportunity to consent.

1. Scope of Mobile Policy.

This Mobile Policy only applies to Cloudflare’s collection, use, and disclosure of the information of individuals who use Cloudflare’s Mobile Application. Other Cloudflare products and services are governed under Cloudflare’s Privacy Policy.

2. Information We Collect.

Mobile Application Information: When you install the Mobile Application on your device, we receive limited information, such as the fact the Mobile Application was installed and your operating system. We do not receive your phone number, device ID, IP address or any other information that could identify you when you install or use the Mobile Application. We may receive crash log information in the event the Mobile Application crashes, but such information shall not include any personally identifiable information. We will not see console logs unless you have explicitly shared such logs with us, and such console logs may include the IP address of your device and the network you are using.

DNS Resolver Information: We will collect limited DNS query data that is sent to the resolvers when you have the Mobile Application activated on your device. The DNS query data that we retain does not contain user IP addresses or any other personally identifiable information, and the bulk of the data is only stored for 24 hours. You can learn more about our commitment to privacy here and here.

3. How We Use Information We Collect.

Cloudflare only processes personal information in a way that is compatible with and relevant for the purpose for which it was collected or authorized. We use information we collect from Mobile Application users to operate and improve the Mobile Application and Cloudflare Resolver, such as to assist us in our debugging efforts if an issue arises. We will not combine the information collected from DNS queries with any other Cloudflare or third party data in any way that can be used to identify individual end users. Learn more.

4. Information Sharing.

We work with other companies who help us run our business (“Service Providers”). These companies provide services to help us operate and improve the Mobile Application and the DNS Resolver, including assisting with debugging and crash analytics. These Service Providers may only process personal information pursuant to our instructions and in compliance both with this Mobile Privacy Policy, Cloudflare’s Privacy Policy and other applicable confidentiality and security measures and regulations, including our obligations under the EU-US and Swiss-US Privacy Shield frameworks described in Section 5, below.

Specifically, we do not permit our Service Providers to use any personal information we share with them for their own marketing purposes or for any other purpose than in connection with the services they provide to us.

In addition to sharing with Service Providers as described above, we may also share your information with others in the following circumstances:

Within the Cloudflare Group (defined for the purposes of this Mobile Privacy Policy as Cloudflare Inc. (United States), Cloudflare Ltd. (England), and Cloudflare, Pte. Ltd. (Singapore));

In the event of a merger, sale, change in control, or reorganization of all or part of our business;

When we are required to disclose personal information to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims. (Learn more about how we handle law enforcement requests here);

Where we have a good-faith belief sharing is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or as otherwise required to comply with our legal obligations; or as you may otherwise consent from time to time.

Learn more about information sharing specific to the Resolver here.

We do not sell, rent, or share personal information with third parties for their direct marketing purposes, including as defined under California Civil Code Sec. 1798.83.

5. International Information Transfers.

Cloudflare is a U.S.-based, global company. We primarily store your information in the United States and the European Economic Area (the “EEA”). To facilitate our global operations, we may transfer and access such information from around the world, including from other countries in which the Cloudflare Group has operations for the purposes described in this Mobile Policy.

Whenever Cloudflare shares personal information originating in the EEA or Switzerland with a Cloudflare entity outside the EEA or Switzerland, it will do so on the basis of the EU standard contractual clauses or the Privacy Shield Frameworks detailed in this section.

If you are accessing or using our Mobile Application or otherwise providing information to us, you are agreeing to the transfer of your personal information to the United States and other jurisdictions in which we operate.

Cloudflare is certified under both the EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EEA and Switzerland to the United States, respectively. If there is any conflict between the terms in this Mobile Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. For more information on the EU-U.S. Privacy Shield or Swiss-U.S. Privacy Shield, please visit the U.S. Department of Commerce’s Privacy Shield website at: https://www.privacyshield.gov/welcome.

6. Data Subject Rights.

In the event you elect to contact us to report an issue with the Mobile Application or to send console logs, you have the right to access, correct, update, export, or delete your personal information. You may email us at SAR@cloudflare.com with any such subject access requests (“SAR”), and we will respond within thirty (30) days. Otherwise, we do not retain information about our Mobile Application users that would be subject to the data subject rights described above.

7. Data Security, Data Integrity and Access.

If we make changes to this Mobile Privacy Policy that we believe materially impact the privacy of your personal data, we will promptly provide notice of any such changes (and, where necessary, obtain consent), as well as post the updated Mobile Privacy Policy on this website noting the effective date of any changes.

8. Notification of Changes.

We take all reasonable steps to protect information we receive from you from loss, misuse or unauthorized access, disclosure, alteration, and/or destruction. We have put in place appropriate physical, technical, and administrative measures to safeguard and secure your information, and we make use of privacy-enhancing technologies such as encryption. If you have any questions about the security of your personal information, you can contact us at privacyquestions@cloudflare.com

9. Business Transactions.

We may assign or transfer this Mobile Privacy Policy, as well as information covered by this Mobile Privacy Policy, in the event of a merger, sale, change in control, or reorganization of all or part of our business.

9. English Language Controls.

Non-English translations of this Mobile Privacy Policy are provided for convenience only. In the event of any ambiguity or conflict between translations, the English version is authoritative and controls.

10. Dispute Resolution.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

11. Contact Information.

Cloudflare, Inc.
101 Townsend St.
San Francisco, CA 94107
Attention: Data Protection Officer

Cloudflare, Ltd.
2nd Floor
25 Lavington Street
Attention: Data Protection Officer

Cloudflare, Pte., Ltd.
120 Robinson Road #15-00
Singapore 068913
Attention: Data Protection Officer

Website Terms of Use

Self-Serve Subscription Agreement

Service-Specific Terms

Privacy Policy

Cookie Policy

Trust & Safety

Transparency Report

Domain Registration Agreement

Modern Slavery Act Statement

Third Party Code of Conduct

Candidate Privacy Policy

Have Questions?

If you have questions about these terms or anything else about Cloudflare, please don't hesitate to contact us:

+1 (650) 319-8930

Cloudflare, Inc.
101 Townsend St,
San Francisco, CA 94107