Cloudflare’s is a privacy-first company. As such, the General Data Protection Regulation (“GDPR”) represents many steps we were already taking. We do not sell personal data we process, or use it for any purpose other than delivering our services. In addition, we let people access, correct, and delete their personal information, and give our customers control over the information passing through our network.
To learn more, explore our GDPR FAQ below, or check out Cloudflare’s overall privacy policy.
Encryption
Cloudflare’s network can encrypt data throughout its journey from origin servers to end-users, using the very latest protocols.
Privacy-first analytics
Cloudflare’s Web Analytics does not use any client-side state, such as cookies or localStorage, to collect usage metrics — and never ‘fingerprints’ individual users.
Data localization
In many regions — including the EU — Cloudflare lets organizations control which regional data centers their traffic is inspected in and where logs are sent.
Access management
Cloudflare Zero Trust lets organizations enforce country-specific access rules, block risky sites and content, and log access events for internal applications and data.
Reporting
Cloudflare Logs gives granular insights into every HTTP request, helping you investigate potential breaches and other security incidents.
Certifications
In addition to complying with industry-standard security certifications, Cloudflare is considered an ‘Operator of Essential Services’ under the EU Directive on Security of Network and Information Systems.
To provide you with the best possible experience on our website, we may use cookies, as described here.By clicking accept, closing this banner, or continuing to browse our websites, you consent to the use of such cookies.