CloudFlare Privacy & Security Policy

This CloudFlare Privacy & Security Policy (“Policy”) outlines the general policy and practices for the types of information that CloudFlare, Inc. (“CloudFlare”, “we”, “us” or “our”) gathers, how we use that information, and the options that our users (“you” or “your”) have regarding our use of, and your ability to correct, such information.

CloudFlare will not sell, rent, share, or give away any of your personal information without your consent. It is our overriding privacy principle that any personal information provided to us by you is just that: personal and private. In order for us to provide some of our services we may need to provide information that you supply to us, to external parties. When such sharing is necessary, we will provide you with explicit notice, and whenever possible, the ability to opt-out.

CloudFlare’s website and services are not intended for, nor designed to attract, individuals under the age of eighteen. CloudFlare does not knowingly collect personally identifiable information from any person under the age of eighteen.


This Policy applies to all (i) visitors to our website, (ii) users of our services (i.e., subscribers to any of our plans), and (iii) information we collect from visitors to the websites of users of our services. Our users’ websites may have their own privacy policies and may not be covered by this Policy. We strongly encourage visitors to these third party websites to make themselves aware of such websites’ separate privacy policies.


As part of our services, you may decide to provide information to us specifically to be shared with third parties. For example, you may allow us to build statistical reports based on what malicious visitors have visited your site(s). In these cases, we will try to make it clear whenever any information you provide to us will be made public.


CloudFlare is the owner of the service information collected on this site and through any CloudFlare service. As visitors browse our website, or our users’ websites if they are protected by CloudFlare, we normally log these visitors’ interactions in order to provide better services to our users (e.g., using visitor log data in order to detect new threats and malicious third parties).


CloudFlare collects and maintains certain information from our users for the purposes of billing. We may report this information to third party processors for the limited purpose of receiving payment. We do not store full credit card numbers or personal account numbers (PANs).


Our site uses “cookies” in order to provide a better service to you. Cookies are placed by your browser on your computer’s hard drive to assign a unique identification to that computer. For example, we may use cookies to help direct you to the appropriate part of our website, by indicating that you are a repeat visitor to our website. We also may use that information to present you with services that are customized to your preferences. CloudFlare does not store information we consider personal or private in a cookie, unless that information is obscured.

Some portions of our website are functional without cookies. You may delete CloudFlare’s cookies yourself through your browser’s cookie manager. However, disabling cookies will reset your session, disable auto-login, and may adversely affect other functions on the CloudFlare website and the services we provide to you.

As part of our services, CloudFlare may also place cookies on the computers of visitors to your CloudFlare-protected website. We do this to in order to identify malicious visitors, to reduce the chance of blocking legitimate users, and to provide customized services.


CloudFlare may aggregate data we acquire about our users and the visitors to their websites. For example, we may assemble data to determine how Web crawlers index the Internet and whether they are engaged in malicious activity. If we assemble this sort of data and provide it to external parties, our users’ personal information will never be attached to or included in such aggregated data. Please note, data that our users provide to us, such as log files of their site’s visitors, may be included in the aggregate data, reports, and statistics.


From time to time, CloudFlare may notify you about an offer from one of our promotional partners (e.g., Apps Marketplace partners) via our website or email. While we may target particular types of users for these offers, we do all of the targeting within our systems and not externally. Our business partners will not have any access to the targeting information, including the names of the people who may be interested in a particular product or service. Until you affirmatively respond to a promotional offer, we will not share any identifying information about you to any of these partners.

If you install an app from one of our third party partners, CloudFlare may provide your email address to that partner for account creation and communication with that partner.

Note that in both cases, these partners may have their own privacy policies and partners are not covered by this Policy. We encourage you to read such privacy policies.


The CloudFlare website and other websites contain links to the sites of third parties. We are not responsible for the privacy practices of these external websites. We encourage you to be aware when you leave our website, and to read the privacy statements of these external websites.


It is possible that we may be required by court order to provide information about our customers to third parties. CloudFlare may also be required to provide information pursuant to law, applicable regulation, subpoena or other legal process. It is our corporate policy to ensure adherence to the due process of law in all such legal requests. If we are required to provide information under these circumstances, we will, whenever possible, attempt to inform users whose information we are compelled to produce.


We take all reasonable steps to protect our users’ information from loss, misuse and unauthorized access, disclosure, alteration and destruction. We have put in place appropriate physical, electronic and managerial procedures to safeguard and secure such information. CloudFlare only processes personal information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. CloudFlare allows our users and website visitors access to their own personal information, and allows them to correct, amend, or delete inaccurate personal information, except where the burden or expense of providing such access would be disproportionate to the risks to the privacy of the individual, or where the rights of persons other than the individual risk being violated.

Note however, that CloudFlare may choose to outsource certain business functions to third party vendors, including website and marketing analytics. When we do, notwithstanding the foregoing, we will ensure that such vendors are bound by appropriate confidentiality restrictions to protect the information covered by this Policy.


If you purchase CloudFlare’s registrar service, ICANN and the registry operators overseeing a domain’s TLD require us to publish registrant data via the “WHOIS” protocol. We may also be required to share this public data with ICANN, registry operators, and other such bodies. Registrant data includes domain name, registrant name and contact information, and domain nameserver information.


CloudFlare participated in the U.S-EU Safe Harbor framework as set forth by the United States Department of Commerce, and following the decision in Maximillian Schrems v. Data Protection Commissioner, continues to honor its obligations under such framework. We fully intend to remain committed to any successor framework developed by U.S. and EU authorities, such as Privacy Shield, once such framework is finalized. By using our services, you consent to the transmittal of personal data outside of the European Union, if applicable, and understand that such transmittal may be required for performance of your agreement(s) with CloudFlare. This applies to all personal information received by CloudFlare whether in electronic, paper, or verbal format.
 As part of our participation in the U.S.-EU Safe Harbor, we agreed to TRUSTe dispute resolution for disputes relating to our compliance with this Safe Harbor. Complaints regarding our compliance should first be directed to CloudFlare at the contact information below. If contacting us does not resolve a complaint, users may raise a complaint with TRUSTe by Internet at, by fax at 415-520-3420, or by mailing the TRUSTe Safe Harbor Compliance Dept. Complaints must include the following information: the name of company, the alleged privacy violation, the user’s contact information, and whether the particulars of the complaint should be shared with the company. For information about TRUSTe or the operation of TRUSTe’s dispute resolution process, click here or request this information from TRUSTe at the address listed above. The TRUSTe dispute resolution process shall be conducted in English.

CloudFlare continues to participate in the U.S.-Swiss Safe Harbor.


We will always maintain the overriding principle that we will not sell, rent, share, or give away any personal information that our users share with us, without their consent, unless otherwise compelled by law. We do not believe that we will need to change that principle going forward. However, if we do need to change an aspect of this Policy, we will promptly post any changes on this website along with the effective date of those changes.


This Policy was last updated and is effective as of February 23, 2016.


Attention: Trust and Compliance
CloudFlare, Inc.
101 Townsend St.
San Francisco, CA 94107
[email protected]

CloudFlare makes more than 2,000,000 web properties faster and safer. Join today!

Sign up