Cloudflare and GDPR compliance

Cloudflare supports a number of Europe’s largest and fastest-growing companies. Learn how European companies can use Cloudflare to help meet their GDPR obligations.

cdn support byoip spot illustration

Our data privacy philosophy

Cloudflare’s network and all of our products are built with data protection in mind. As such, the GDPR was a codification of many steps we were already taking. Cloudflare does not sell personal data we process on customers’ behalf, or use it for any purpose other than to provide our services to our customers. In addition, we give people the ability to access, correct, and delete their personal information, and give our customers control over the information that passes through our network.

dns hero illustration

Frequently asked questions: GDPR compliance at Cloudflare

Get answers to common question about how we process data on behalf of our customers in a way that complies with the GDPR — and learn about our data protection safeguards, our responses to the latest legal rulings, and more.

Cloudflare features that support GDPR compliance

Encryption

Encryption

Cloudflare’s network can encrypt data throughout its journey from origin servers to end-users, using the very latest protocols.

Privacy-first analytics

Privacy-first analytics

Cloudflare’s Web Analytics does not use any client-side state, such as cookies or localStorage, to collect usage metrics — and never ‘fingerprints’ individual users.

Data localization

Data localization

Cloudflare lets organizations control which regional data centers their traffic is inspected in and where logs are sent.

Access management

Access management

Cloudflare for Teams lets organizations enforce country-specific access rules, block risky sites and content, and log access events for internal applications and data.

Reporting

Reporting

Cloudflare Logs gives granular insights into every HTTP request, helping you investigate potential breaches and other security incidents.

Certifications

Certifications

In addition to complying with industry-standard security certifications, Cloudflare is considered an ‘Operator of Essential Services’ under the EU Directive on Security of Network and Information Systems.

“As we tap into various public cloud services, Cloudflare serves as our independent, unified point of control — giving us the strategic flexibility to choose the right cloud solution for the job, and the ability to easily make changes down the line.”
Dr. Isabel Wolters
Chief Technology Officer

Protect and accelerate your websites, apps, and teams.

Sign up Contact us