This Cloudflare Privacy & Security Policy (“Policy”) outlines the general policy and practices for the types of information that Cloudflare, Inc. (“Cloudflare”, “we”, “us” or “our”) gathers, how we use that information, and the options that our users (“you” or “your”) have regarding our use of, and your ability to correct, such information.
It’s our overriding privacy principle that any personal information provided to us by you is just that: personal and private. As such, we will never sell, rent, share, or otherwise disclose your personal information to anyone except to provide our services or as otherwise described in this Policy, without providing explicit notice of such and the ability to opt-out.
Cloudflare’s website and services are not intended for, nor designed to attract, individuals under the age of eighteen. Cloudflare does not knowingly collect personally identifiable information from any person under the age of eighteen.
This Policy applies to information provided to us by: (i) visitors to our websites, (ii) users of our services (i.e., subscribers to any of our plans), and (iii) information we collect from visitors to the websites of our users. We generally serve merely as a conduit for information controlled by others, and as such this Policy may not apply to our users’ websites. Our users’ websites or those to which we provide links, may have their own privacy policies. Because of this, we strongly encourage awareness and understanding of such websites’ separate privacy policies.
Cloudflare is the owner of the service information collected on this website and through any Cloudflare service. As visitors browse our website, or our users’ websites if they are protected by Cloudflare, we normally log these visitors’ interactions in order to provide better services to our users (e.g., using visitor log data in order to detect new threats and malicious third parties).
As part of our services, we may build statistical reports based upon what malicious visitors have visited certain site(s), in order to further protect your sites. We may also share information about our users or their visitors where we have a reasonable belief that they pose a security threat.
In order for us to provide some of our services we may also provide information that you supply to us to our affiliates, vendors and service providers, which we use for billing systems, contract and account management, customer support, relationship management and other technical operations. In such cases, we will ensure that such entities are bound by appropriate confidentiality restrictions to protect the information covered by this Policy. However, we will never use or share personal information that you provide to us in ways unrelated to those described herein, without first letting you know and giving you the ability to opt-out.
We do not sell, rent, or share personal information with third parties for their direct marketing purposes, including as defined under California Civil Code Sec. 1798.83.
Cloudflare collects and maintains certain information from our users for the purposes of billing. We may share this information with third party processors for the limited purpose of receiving payment. We do not store full credit card numbers or personal account numbers (PANs).
Some portions of our website are functional without cookies. You may delete Cloudflare's cookies yourself through your browser's cookie manager. However, disabling cookies will reset your session, disable auto-login, and may adversely affect other functions on the Cloudflare website and the services we provide.
As part of our services, we may place cookies on the computers of visitors to Cloudflare protected websites. We do this in order to identify malicious visitors, reduce the chance of blocking legitimate users, and to provide customized services.
Cloudflare may aggregate data we acquire about our users and the visitors to their websites. For example, we may assemble data to determine how Web crawlers index the Internet and whether they are engaged in malicious activity. If we assemble this sort of data and provide it to external parties, our users’ personal information will never be attached to or included in such aggregated data. Please note, data that our users provide to us, such as log files of their sites’ visitors, may be included in the aggregate data, reports, and statistics.
From time-to-time, Cloudflare may notify you about an offer from one of our promotional partners (e.g., Apps Marketplace partners) via our website or email. While we may target particular types of users for these offers, we do all of the targeting within our systems and not externally. Our partners will not have any access to the targeting information, including the names of the people who may be interested in a particular product or service. Until you affirmatively respond to a promotional offer, we will not share any identifying information about you to any of these partners.
If you install an app from one of our third party partners, Cloudflare may provide your email address to that partner for account creation and communication with that partner.
It’s possible that we may be required by law, court order, or other legal process to provide information about our customers to outside parties. It’s our policy to ensure adherence to the due process of law in all such instances, and if we are required to provide information under these circumstances, we will, whenever possible, attempt to inform users whose information we are compelled to produce, unless prohibited by law.
We may also retain copies of personal information to comply with our legal obligations, pursuant to our data retention policies, or for such reasonable period as is required to address potential disputes.
We take all reasonable steps to protect information we receive from our users from loss, misuse or unauthorized access, disclosure, alteration and/or destruction. We’ve put in place appropriate physical, electronic and managerial procedures to safeguard and secure such information. Cloudflare only processes personal information in a way that is compatible with and relevant for the purpose for which it was collected or authorized. We allow our users and their website visitors access to their own personal information, and allow them to correct, amend, or delete inaccurate personal information, except where the burden or expense of providing such access is disproportionate to the individual privacy risk, or where the rights of persons other than the requesting individual risk being violated.
If you purchase Cloudflare’s registrar service, ICANN and the registry operators overseeing a domain’s TLD require us to publish registrant data via the “WHOIS” protocol. We may also be required to share this public data with ICANN, registry operators, and other such bodies. Registrant data includes domain name, registrant name and contact information, and domain nameserver information.
Cloudflare has certified under the EU-U.S. Privacy Shield framework set forth by the U.S. Department of Commerce and the European Union. A detailed description of how we comply with the Privacy Shield Principles can be found here. For more information on the EU-U.S. Privacy Shield, please visit the U.S. Department of Commerce’s Privacy Shield website here. Please note that our Privacy Shield certification will become active once formally accepted by the U.S. Department of Commerce.
Cloudflare also abides by the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce, and we’ve certified that we adhere to the Safe Harbor Principles. For more information on the U.S.-Swiss Safe Harbor Framework and to view a copy of our certification, please visit here. If you have questions regarding our compliance with the U.S.-Swiss Safe Harbor Framework, please contact [email protected] or write to us at: Cloudflare Trust and Compliance, 101 Townsend St., San Francisco, CA 94107. As part of our participation in this Safe Harbor Framework, we’ve also agreed to dispute resolution by TRUSTe, our U.S.-based third party dispute resolution provider, for disputes relating to our compliance. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact TRUSTe (free of charge) here. Complaints must include the following information: the name and contact details of the data subject, the alleged privacy violation, and whether the particulars of the complaint should be shared with our customer, if not the data subject. The TRUSTe dispute resolution process shall be conducted in English.
ACCESSING OR USING OUR SITES OR SERVICES, OR OTHERWISE PROVIDING INFORMATION TO US OR OUR CUSTOMERS, CONSTITUTES CONSENTING TO OUR POTENTIAL TRANSFER, PROCESSING AND STORAGE OF SUCH INFORMATION IN THE UNITED STATES.
We take the trust and privacy of our customers and their users extremely seriously, and do not believe that we will need to change the core principles set forth in this Policy going forward. However, if we are required to modify this Policy, we will promptly provide notice of any material changes and post the modified Policy on this website along with the effective date of any necessary edits.
This Policy was last updated on September 30, 2016.
Attention: Trust and Compliance
101 Townsend St.
San Francisco, CA 94107