Cloudflare and GDPR compliance

Cloudflare supports a number of Europe’s largest and fastest-growing companies. Learn how European companies can use Cloudflare to help meet their GDPR obligations.

Cdn support byoip spot illustration
Our data privacy philosophy
Cloudflare’s network and all of our products are built with data protection in mind. As such, the GDPR was a codification of many steps we were already taking. Cloudflare does not sell personal data we process on customers’ behalf, or use it for any purpose other than to provide our services to our customers. In addition, we give people the ability to access, correct, and delete their personal information, and give our customers control over the information that passes through our network.

Frequently asked questions: GDPR compliance at Cloudflare

Dns hero illustration

Get answers to common question about how we process data on behalf of our customers in a way that complies with the GDPR — and learn about our data protection safeguards, our responses to the latest legal rulings, and more.

Learn more
Dns hero illustration

Resources on the GDPR

Whitepaper

Cloudflare’s policies around data privacy and law enforcement requests

This paper outlines policies and procedures that guide how we manage customer and end-user data on our systems — and how we address government and other legal requests for data.

Download PDF
Solution & Product Guides

How Cloudflare helps address data protection and locality obligations in Europe

Cloudflare’s network and products are built to support Europe’s most privacy-conscious and regulated industries. This paper explains how we do so via privacy-focused policies, certifications, and product features.

Download PDF
Link

Cloudflare sub-processors

Regularly updated descriptions and locations of Cloudflare's sub-processors

Learn More
Link

Cloudflare's data processing addendum

Download PDF
Link

Cloudflare Data Processing Addendum: Standard Contractual Clauses for Customers

Learn More

Cloudflare features that support GDPR compliance

Security lock blue
Encryption

Cloudflare’s network can encrypt data throughout its journey from origin servers to end-users, using the very latest protocols.

Learn more
Analytics network blue
Privacy-first analytics

Cloudflare’s Web Analytics does not use any client-side state, such as cookies or localStorage, to collect usage metrics — and never ‘fingerprints’ individual users.

Learn more
Internet globe blue
Data localization

Cloudflare lets organizations control which regional data centers their traffic is inspected in and where logs are sent.

Learn more
Cloudflare access blue
Access management

Cloudflare Zero Trust lets organizations enforce country-specific access rules, block risky sites and content, and log access events for internal applications and data.

Learn more
Documentation list blue
Reporting

Cloudflare Logs gives granular insights into every HTTP request, helping you investigate potential breaches and other security incidents.

Learn more
Certificate manager blue
Certifications

In addition to complying with industry-standard security certifications, Cloudflare is considered an ‘Operator of Essential Services’ under the EU Directive on Security of Network and Information Systems.

Learn more

“As we tap into various public cloud services, Cloudflare serves as our independent, unified point of control — giving us the strategic flexibility to choose the right cloud solution for the job, and the ability to easily make changes down the line.”

Dr. Isabel Wolters

Chief Technology Officer

Logo handelsblatt trusted by gray

Protect and accelerate your websites, apps, and teams.

Sign upContact us

Sales

Getting Started

Community

Developers

Support

Company

© 2022 Cloudflare, Inc.Privacy PolicyTerms of UseReport Security IssuesTrademark