Cloudflare 隐私策略

This Privacy Policy is effective as of March 27, 2020.

We have updated our October 31, 2019 privacy policy to address new products and services and to give you a more comprehensive understanding of how we handle your personal information.


This Cloudflare Privacy Policy (“Policy”) outlines the personal information that Cloudflare, Inc. (“Cloudflare”, “we”, “us” or “our”) gathers, how we use that personal information, and the options you have to access, correct, or delete such personal information.


CLOUDFLARE 的承诺

我们的使命是帮助构建更好的互联网,因而与全球客户、网站访问者和互联网社区建立信任至关重要。为赢得并保持这份信任,我们承诺采用透明方式开展通信、提供安全防护并保护系统数据的隐私性。

始终维护您的个人信息私密性和隐私性。我们不会将您的个人信息出售或出租给任何人。未经事先通知您并征得您的同意,除提供服务必需或本策略所述的其他情形以外,我们绝不向任何人共享或披露您的个人信息。

1. POLICY APPLICATION

This Policy applies to Cloudflare’s collection, use, and disclosure of the personal information of the following categories of data subjects:

  • Attendees: Those who visit our offices or provide their information to Cloudflare or Cloudflare representatives when they attend or register to attend Cloudflare-sponsored events or other events at which Cloudflare (and/or its representatives) participates, as well as those who participate in Cloudflare’s studies such as user experience research.
  • Website Visitors: Those who visit our Websites and who may opt to provide an email address or other contact information to receive communications from Cloudflare, fill out a survey, or provide feedback. For the purposes of this Policy, “Websites” refer collectively to www.cloudflare.com as well as any other websites Cloudflare operates for its own behalf and that link to this Policy. For clarity, “Websites” does not include any sites owned or operated by our Customers, including where we serve as Registrar.
  • Customers: Individuals or entities who enter into a subscription agreement with Cloudflare (or its authorized partner) and to whom Cloudflare provides Services pursuant to such agreement. For purposes of this Policy, “Services” shall refer to all of the cloud-based solutions offered, marketed, or sold by Cloudflare or its authorized partners that are designed to increase the performance, security, and availability of Internet properties, applications, devices, and networks, along with any software, software development kits, and application programming interfaces ("APIs") made available in connection with the foregoing.
  • Administrators: Those with login credentials for a Cloudflare account and/or those who administer any of the Services for a Customer. In some cases, an Administrator and Customer may be the same individual. In other cases, an Administrator may be an agent acting on behalf of a Customer.
  • Public DNS Resolver Users: Those who use Cloudflare’s Public Recursive Domain Name System (“DNS”) Resolver services, such as the 1.1.1.1 Public DNS Resolver. Learn more about the 1.1.1.1 Public DNS Resolver here.
  • End Users: Those who (i) access or use our Customers’ domains, networks, websites, application programming interfaces, and applications, or (ii) are authorized Cloudflare for Teams users, such as our Customers’ employees, agents, or contractors.
  • 注册人: Cloudflare域注册商服务的用户。Cloudflare是ICANN认证的注册服务商,并遵守2013年《注册服务商认可协议》 (“ RAA”)。

This Policy does not apply to “Application Users”—those individuals who use Cloudflare’s consumer-facing applications, such as the 1.1.1.1 Application. See the 1.1.1.1 Application Privacy Policy for more information about the data collection and use practices for Cloudflare's 1.1.1.1 Application and the associated 1.1.1.1 Application Services.

This Policy also does not apply to our Customers’ domains, websites, APIs, applications, and networks, which may have their own terms and privacy policies. Our Customers are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, including those relating to the collection of personal information, in connection with the use of our Services by End Users with whom our Customers interact.

Cloudflare’s Websites and Services are not intended for, nor designed to attract, individuals under the age of eighteen. Cloudflare does not knowingly collect personal information from any person under the age of eighteen.

2. INFORMATION WE COLLECT (Categories of Data Subjects)

Attendees

  • Name, email address, and other contact information. We may ask for and collect personal information such as your name, address, phone number and email address when you visit our offices, register for or attend a sponsored event or other events at which Cloudflare (and/or its representatives) participates, or participate in Cloudflare’s studies such as user experience research.
  • Image and voice. When you participate in a Cloudflare study, we may ask for your permission to record your voice and/or image during your participation in the study.

Website Visitors

  • Name, email address, and other contact information. Name, email address, and other contact information. We ask for and—at your option—collect personal information from you when you submit web forms on our Websites, including opportunities to sign up for and agree to receive email communications from us. We also may ask you to submit such personal information if you choose to use interactive features of the Websites, including participation in surveys, contests, promotions, sweepstakes, or studies, requesting customer support, submitting feedback, or otherwise communicating with us. We will send such communications in accordance with applicable law.

  • 日志文件。 与访问和使用大部分通过互联网提供的网站和服务一样,当您访问我们的网站(包括 Cloudflare 社区论坛)时,我们会收集特定信息并将信息存储到日志文件中。此类信息可能包括但不限于互联网协议(IP)地址、系统配置信息、引用页面 URL、区域设置和语言首选项。

  • Cookies and Other Tracking Technologies. We may use cookies and other information-gathering technologies for a variety of purposes, such as providing us with information about how you interact with our Websites and assisting us in our marketing efforts. You can control how websites use cookies by configuring your browser's privacy settings (please refer to your browser's help function to learn more about cookie controls). Note that if you disable cookies entirely, Cloudflare’s Websites may not function properly. We may also use cookies and similar technologies to provide you advertising on third-party sites based upon your browsing activities and interests. If you wish not to have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here (or if located in the European Union, the United Kingdom, or Switzerland, click here). You may view a complete list of cookies and change your cookie preferences by clicking on the “Cookie Preferences” link in the footer of the Cloudflare homepage at cloudflare.com. For more information about the cookies Cloudflare uses and your privacy choices, please see our Cookie Policy.

  • Material contributed in Interactive Areas. The Websites may offer publicly accessible blogs, community forums, comments sections, discussion forums, or other interactive features (“Interactive Areas”). If you choose to participate in any of these Interactive Areas, please be aware that any information that you post in an Interactive Area might be read, collected, and used by others who access it. If you wish to remove your personal information from any of our Interactive Areas, please see the Section 8, below.

Customers and Administrators

  • Customer Account Information. Customer Account Information. When you register for an account, we collect contact information. Depending on subscription level, this contact information may include your Customer name, the email address(es) of your account Administrator(s), telephone number, and addresses necessary to process payment and delivery of Services. In addition, when you use the Services, we collect information about how you configure your account and the Services (e.g., firewall settings for the domains you administer), and we maintain logs of Administrator activity. We refer to all of this information collectively as “Customer Account Information” for the purposes of this Policy. Customer Account Information is required to enable your access to your Cloudflare account and Services. By providing us with any personal information, you represent that you are the owner of such personal information or otherwise have the requisite consent to provide it to us.

  • Payment Information. We do not require our Customers to have payment information on file with us unless they have a paid subscription to our Services. When you sign up for one of our paid Services, you must provide payment and billing information. The information you will need to submit depends on which payment method you choose. For example, if you pay with a credit card, we will collect your card information and billing address, although we do not store full credit card numbers or personal account numbers.

Public DNS Resolver Users

  • Limited DNS query data. We will collect limited DNS query data that is sent to our 1.1.1.1 public DNS resolver service (“1.1.1.1 resolver”). Our 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is only stored for 25 hours. You can learn more about our 1.1.1.1 resolver commitment to privacy here.

Please note that our data handling practices for our 1.1.1.1 Application, which is not covered by this Policy, are somewhat different than our 1.1.1.1 public DNS resolver data handling practices and are described here.

End Users

Cloudflare processes End Users’ information only on behalf of our Customers. This information is processed when End Users access or use our Customers’ domains, websites, APIs, applications, devices, end points, and networks that use one or more of our Services. Cloudflare also processes End Users’ information on behalf of our Customers when the End Users access our Services pursuant to our Customers’ authorization. The information processed may include but is not limited to IP addresses, system configuration information, and other information about traffic to and from Customers’ websites, devices, applications, and/or networks (collectively, “Log Data”).

Registrants

  • Contact and domain information. We collect data such as domain name and status, contact information (such as name, organization, address, phone number and email address), name server, DNSSEC, and Form of Approval (i.e., full WHOIS capture at time of transfer into our system, including the IP address that initiated the transfer).

由于 Cloudflare 是反向代理,使用我们服务的网站的 WHOIS 和 DNS 记录中可能会显示我们的 IP 地址。我们负责传播由他方控制的信息。我们的客户及其用户是网络传输内容(例如,图像、文字内容、图形等)的负责人。

Cloudflare还存储服务器和网络活动数据,以及从Cloudflare在提供服务的过程中收集的流量数据得出的观察和分析(统称为“运营指标”)。操作指标的示例包括服务正常运行时间和服务可用性指标、请求量、错误率、高速缓存率和IP威胁评分。

Information from Third Party Services. We may combine information we collect as described in this Section with personal information we obtain from third parties. For example, we may combine information entered on a Cloudflare sales submission form with information we receive from a third-party sales intelligence platform vendor to enhance our ability to market our Services to Customers or potential Customers.

3. HOW WE USE INFORMATION WE COLLECT

Cloudflare only processes personal information in a way that is compatible with and relevant to the purpose for which it was collected or authorized. As a general matter, for all categories of data described in Section 2 above, except 1.1.1.1 public DNS resolver user data, we may use the information (including personal information, to the extent applicable) to:

  • Provide, operate, maintain, improve, and promote the Websites and Services for all users of the Websites and Services;
  • Enable you to access and use the Websites and Services;
  • 处理并完成交易,同时向您发送相关信息,包括购货确认书和发票;
  • 发送交易消息,包括:对您的评论、问题和申请做出响应;提供客户服务和支持;向您发送技术通知、更新、安全警报以及支持和管理消息;
  • 根据您的通信偏好发送商业通信,例如,提供有关我们和我们合作伙伴的产品和服务信息、功能、调查、通讯、优惠、促销、比赛和活动;发送有关我们和我们合作伙伴的其他新闻或信息。有关管理通信偏好的信息,请参阅下方第 9 部分。
  • 处理并提供比赛或抽奖项目和奖励;
  • 出于营销或广告目的,监控并分析与网站和服务相关的趋势、使用和活动;
  • 履行法律义务以及调查并预防欺诈交易、未授权服务访问及其他非法活动;
  • Personalize the Websites and Services, including by providing features or content that match your interests and preferences;
  • To register visitors to our offices and to manage non-disclosure agreements that visitors may be required to sign, to the extent such processing is necessary for our legitimate interest in protecting our offices and our confidential information against unauthorized access; and
  • 出于征得您同意的其他目的进行处理。

1.1.1.1 Public Resolver Users. We use information we collect from 1.1.1.1 resolver users to operate and improve the 1.1.1.1 resolver, such as to assist us in our debugging efforts if an issue arises. Our 1.1.1.1 resolver service does not store 1.1.1.1 resolver users’ personal data. We will not combine any information collected from DNS queries to our 1.1.1.1 resolver with any other Cloudflare or third party data in any way that can be used to identify individual end users. Learn more about our 1.1.1.1 resolver commitment to privacy here.

Log Data from End Users. We use and process the Log Data from End Users to fulfill our obligations under our Customer agreements and act as a data processor and service provider pursuant to data processing instructions by our Customers.

4. DATA AGGREGATION

Cloudflare may aggregate data we acquire about our Customers, Administrators, and End Users, including the Log Data described above. For example, we may assemble data to determine how Web crawlers index the Internet and whether they are engaged in malicious activity or to compile web traffic reports and statistics. Non-personally identifiable, aggregated data may be shared with third parties.

5. NOTICE TO UK AND EU RESIDENTS

Please note that the “personal information” referenced in this Privacy Policy means “personal data” as that term is defined under the European Union (“EU”) General Data Protection Regulations (“GDPR”) and its United Kingdom (“UK”) GDPR counterpart. Cloudflare is a data controller for the Personal Data collected from all categories of data subjects listed above except for the Personal Data of End Users. Cloudflare processes the Personal Data of End Users on behalf of its Customers.

If you are an individual from the European Economic Area (the “EEA”), the UK or Switzerland, please note that our legal basis for collecting and using your personal information will depend on the personal information collected and the specific context in which we collect it. We normally will collect personal information from you only where: (a) we have your consent to do so, (b) where we need your personal information to perform a contract with you (e.g. to deliver the Cloudflare Services you have requested), or (c) where the processing is in our legitimate interests. Please note that in most cases, if you do not provide the requested information, Cloudflare will not be able to provide the requested service to you.

有些时候,我们还可能会依据法律义务收集您的个人信息,或者出于其他原因需要个人信息以保护您的或他人的切身利益。 倘若需要征得您的同意才能处理个人数据,那么您有权随时撤销或拒绝同意。 倘若需要具备合法权益才能处理个人数据,则有权提出反对。

如果您对我们收集和使用您的个人信息的法律依据有任何疑问或需要进一步的信息,请通过privacyquestions@cloudflare.com与我们联系。

6. INFORMATION SHARING

We work with other companies who help us run our business (“Service Providers”). These companies provide services to help us deliver customer support, process credit card payments, manage and contact our existing Customers and Administrators as well as sales leads, provide marketing support, and otherwise operate and improve our Services. These Service Providers may only process personal information pursuant to our instructions and in compliance both with this Privacy Policy and other applicable confidentiality and security measures and regulations, including our obligations under the EU-US and Swiss-US Privacy Shield frameworks described in Section 7, below.

具体而言,我们不允许我们的服务提供商出售我们与他们共享的任何个人信息,或将我们与他们共享的任何个人信息用于他们自己的营销目的或用于与给我们提供的服务无关的任何目的。

除与上述服务提供商共享信息以外,我们可能还会在下列情况下与他方共享您的信息:

  • 在Cloudflare集团(在本政策中定义为Cloudflare Inc.(美国)及其第16条列出的子公司)内;
  • 与可能有助于我们面向客户分发服务的经销商及其他销售合作伙伴共享;
  • 在安装 App Marketplace 应用程序时与应用程序开发商共享;
  • 合并、出售、控制权变更或重组全部或部分业务;
  • 在应对传票、法院指令、法律程序、确立或行使我们的合法权益或者进行法定求偿权抗辩而被要求披露个人信息的时候。(在此处了解更多我们如何应对执法部门的请求);
  • 在我们本着善意原则认定共享信息对于调查,防范或采取措施来应对下列威胁有必要的时候:非法活动、可疑欺诈、涉及对任何人身安全的潜在威胁或违反我们的网站使用条款、自助服务订阅的情况协议和/或企业订阅服务条款;或按其他要求遵守我们的法律义务;或
  • 可能不时表示同意的其他情形。

1.1.1.1 Public DNS Resolver Users: Cloudflare does not share 1.1.1.1 resolver logs with any third parties except for anonymous logs shared with APNIC pursuant to a Research Cooperative Agreement. Learn more about information sharing specific to the 1.1.1.1 resolver here.

Registrants: If you purchase a domain name from Cloudflare’s registrar service, ICANN (The Internet Corporation for Assigned Names and Numbers) and the relevant registry operators overseeing the domain’s top-level domain require us to collect registrant data for the purposes of domain registration and via the WHOIS protocol. We may also be required to share this public data with ICANN, the relevant registry operators and other such providers with whom we contract in order to provide our domain name services, and additionally upon the legitimate request of third parties. Registrant data may include the domain name, registrant name and other contact information, and domain name server information. See our Domain Registration Agreement here.

给加州居民的通知: 根据《 2018年加州消费者隐私法》(加州民法典,第二版,1798.100 条及以下)的规定,我们不会出售,出租或与第三方共享个人信息。也不会基于在加州民法典第二版1798.83 条中定义的第三方直接营销目的向第三方基规定与第三方出售、出租或共享个人信息。

7. INTERNATIONAL INFORMATION TRANSFERS

Cloudflare 是一家总部设在美国的全球性公司。我们主要将您的信息存储在美国和欧洲经济区。为了促进我们的全球运营,我们可能会从世界各地(包括从Cloudflare集团在其开展业务的其他国家/地区)传输和访问此类信息,以达到本政策中所述的目的。

Whenever Cloudflare shares personal information originating in the EEA, the UK, or Switzerland with a Cloudflare entity outside the EEA, the UK, or Switzerland, it will do so on the basis of the EU standard contractual clauses (adjusted to address transfers from the UK) or the Privacy Shield Frameworks detailed in this section.

如果您访问或使用我们的网站或服务,或者通过其他方式向我们提供信息,则意味着您同意将个人信息传输至美国及我们开展业务的其他管辖区。

Privacy Shield. Cloudflare is certified under both the EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EEA, the UK, and Switzerland to the United States, respectively (“Privacy Shields”). We commit to periodically review and verify the accuracy of our policies and our compliance with the Privacy Shields. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. For more information on the EU-U.S. Privacy Shield or Swiss-U.S. Privacy Shield, please visit the U.S. Department of Commerce’s Privacy Shield website at: https://www.privacyshield.gov/welcome.

如果您认为我们在“隐私保护盾”的范围内保留了您的个人数据副本,您可以将查询发送至SAR@cloudflare.com或通过邮件发送至:Cloudflare, Inc., San Francisco, Townsend St. 101, CA 94107,Attention: Data Protection Officer。我们将在收到查询的 30 日内做出回复并验证您的身份。

如果您有未解决的隐私问题或对我们针对数据使用疑问的解决结果感到不满意,请通过 https://feedback-form.truste.com/watchdog/request与我们的美国第三方争议解决提供商(免费)联系。如果我们和争议解决提供商均未能解决您的投诉,最后您还可以通过隐私保护盾专家组发起约束性仲裁。

我们在“隐私保护盾”下的承诺受美国联邦贸易委员会的调查和执行权力的约束。我们可能会应要求披露个人数据,回应政府当局的合法请求,包括满足国家安全或执法要求。在此类情况下,法律、法院指令或其他法律程序可能会禁止我们发出披露通知。

8. DATA SUBJECT RIGHTS AND CHOICES

  • Attendees, Website Visitors, Customers, Administrators, and Registrants. You have the right to access, correct, update, export, or delete your personal information. You may email us at SAR@cloudflare.com with any such subject access requests (“SAR”), and we will respond within thirty (30) days. Customers and Administrators also can access, correct, export, or update their Account Information by editing their profile or organization record at cloudflare.com.

  • 1.1.1.1 Public DNS Resolver Users. We do not retain any personal information about 1.1.1.1 resolver users that would be subject to the data subject rights described above.

  • End Users. Cloudflare has no direct relationship with End Users. Even where “Cloudflare” may be indicated as the authoritative name server for a domain, unless Cloudflare is the owner of that domain, we have no control over a domain’s content. Accordingly, we rely upon our Customers to comply with the underlying legal requirements for subject access requests. If an End User requests that we access, correct, update, or delete their information, or no longer wishes to be contacted by one of our Customers that use our Services, we will direct that End User to contact the Customer website(s) with which they interacted directly. Our Customers are solely responsible for ensuring compliance with all applicable laws and regulations with respect to their website users.

For any SAR, we will need to verify a requestor is inquiring about their own information before we can assist. Where a SAR may implicate the personal data of another individual, we must balance the request against the risk of violating another person’s privacy rights. We will comply with SARs to the extent required by applicable law or the US-Swiss or US-EU Privacy Shield. In the EEA, the UK, and Switzerland, you also have the right to lodge a complaint with a supervisory authority.

9. COMMUNICATION PREFERENCES

Cloudflare 将根据您的帐户设置中的通信偏好向您发送商业通信。Cloudflare 还将向您发送与服务相关的通信。如果您拥有Cloudflare帐户,则可以通过帐户设置,或通过单击此类电子邮件底部的“取消订阅”链接来管理您的商业通讯收取偏好,或者可以将请求发送到unsubscribe@cloudflare.com

10. DATA SECURITY, DATA INTEGRITY AND ACCESS

我们采取一切合理措施保护从您处获取的信息,防止丢失、误用或未授权访问、披露、修改和/或破坏。我们部署了相应的物理、技术和管理措施维护并保障您的信息,还广泛采用加密等隐私增强技术。如果您对个人信息的安全性有任何疑问,可以通过privacyquestions@cloudflare.com与我们取得联系。

11. NOTIFICATION OF CHANGES

If we make changes to this Policy that we believe materially impact the privacy of your personal information, we will promptly provide notice of any such changes (and, where necessary, obtain consent), as well as post the updated Policy on this website noting the effective date of any changes.

12. BUSINESS TRANSACTIONS

如果合并、出售、控制权变更或重组全部或部分业务,我们可能转让或转移本策略及本策略涵盖的信息。

13. ENGLISH LANGUAGE CONTROLS

本策略的非英语翻译仅为方便使用。 如果译文版本之间存在任何歧义或冲突,则以英语版本为准。

14. DISPUTE RESOLUTION

如果您有未解决的隐私问题或对我们针对数据使用疑问的解决结果感到不满意,请通过https://feedback-form.truste.com/watchdog/request与我们的美国第三方争议解决提供商(免费)联系。

15. EU REPRESENTATIVE

Cloudflare Portugal, Unipessoal Lda., further identified in the Contact Information section below, is our EU representative pursuant to Article 27 of the EU GDPR. Cloudflare, Ltd., further identified in the Contact Information section, is our UK representative pursuant to the UK GDPR.

16. CONTACT INFORMATION

Cloudflare, Inc. 101 Townsend St. San Francisco, CA 94107 Attention: Data Protection Officer privacyquestions@cloudflare.com

Cloudflare, Ltd. County Hall/The Riverside Building Belvedere Road London, SE1 7PB Attention: Data Protection Officer privacyquestions@cloudflare.com

Cloudflare Portugal, Unipessoal Lda. Largo Rafael Bordalo Pinheiro 29 1200-369 Lisboa Attention: Data Protection Officer privacyquestions@cloudflare.com

Cloudflare Germany GmbH Rosental 7 80331 München Attention: Data Protection Officer privacyquestions@cloudflare.com

Cloudflare Pte., Ltd. 182 Cecil Street, #35-01 Frasers Tower, Singapore 069547 Attention: Data Protection Officer privacyquestions@cloudflare.com

Cloudflare Australia Pty Ltd. 333 George St., 5th Floor Sydney, NSW 2000 Attention: Data Protection Officer privacyquestions@cloudflare.com

Cloudflare (Beijing) Information Technology Co., Ltd. 16 South Guangshun Street Donghuang Building 17th Floor Chaoyang District Beijing 100015 Attention: Data Protection Officer privacyquestions@cloudflare.com

有问题吗?

如果您对 Cloudflare 的上述条款或其他方面有任何疑问,请随时联系我们:

+1 (650) 319-8930

Cloudflare, Inc.
101 Townsend St,
San Francisco, CA 94107
USA
Attention: Data Protection Officer
privacyquestions@cloudflare.com