Last Updated September 28, 2021
The following Supplemental Terms (“Terms”), unless otherwise specified, are provided to supplement Cloudflare’s Enterprise Subscription Terms of Service, Self-Serve Subscription Agreement, and any other agreement, Order Form, or Insertion Order that explicitly incorporates these Terms by reference (collectively, the “General Terms”). Unless defined below, all capitalized terms will have the definitions given to such terms in the General Terms. For Enterprise customers, all references to “you” and “your” in the Terms below refer to the Customer named in the applicable Order Form or Insertion Order.
Please click on any of the following links to navigate to the Supplemental Terms applicable to your Cloudflare Services.
The following definitions apply to quantities referenced in orders and invoices for Cloudflare Services. Unless explicitly stated otherwise in the applicable Order Form or Insertion Order(s), the defined terms below have the same meaning regardless of whether such terms are capitalized or uncapitalized.
“Business domain” is any domain entitled to a Business subscription level of protection, products, and support (as defined at cloudflare.com/plans/), exclusive of any add-on or usage-based features for which you may be charged separately.
“Concurrent connections” is the maximum number of clients concurrently connected to Cloudflare’s servers at any one time.
“Custom hostname” is any hostname that you send to Cloudflare’s custom hostname endpoint. A custom hostname can be a domain at any level (including but not limited to second- and third-level domains). For billing purposes, foo.com, foo.co.uk, www.foo.com, x.foo.com would be considered four separate custom hostnames. Cloudflare will invoice you for any custom hostname that has been active during the billing month, regardless of the duration of the activity during such month.
“Custom SSL certificate” is an SSL certificate that is provided by you for use with the Service. Unless otherwise mutually agreed to in writing, you may only use SNI certificates.
“Dedicated SSL certificate” is an SSL certificate that is provided and managed by Cloudflare on your behalf for use with the Service.
“Domain” is a publicly registrable domain (e.g., example.com) along with its child subdomains (e.g., help.example.com that is configured individually in the Cloudflare dashboard and assigned its own unique zone ID through the Cloudflare Service dashboard. If you require a subdomain to be managed separately from its parent domain, such subdomain must have its own zone ID and will be counted as a separate domain.
“Enterprise primary domain” is any domain receiving Cloudflare’s Enterprise Services that utilizes more than 50 Gigabytes (GB) of data transfer per month.
“Enterprise secondary domain” is any domain receiving Enterprise Services that utilizes less than 50 GB of data transfer per month, including all DNS-only domains.
“Images Delivered” means Images Stored that are delivered to an end user at any time during the applicable billing period.
“Images Stored” means images stored in Cloudflare Images at any time during the applicable billing period.
“Origin” is any server that communicates with Cloudflare’s edge, and that hosts any content or data, or that runs one or more programs to intercept and process incoming internet requests.
“Pro domain” is a domain entitled to a Pro subscription level of protection, products, and support (as defined at cloudflare.com/plans/), exclusive of any add-on or usage-based features for which you may be charged separately.
“Read/Write/List/Delete” are defined as follows for the purposes of Cloudflare Workers KV: a “Read” is a Request where a single value for a given key is read; a “Write” is a Request where a single key/value pair is written; a “List” is a Request where a list of keys within a given namespace is returned; and a “Delete” is a Request where a single key/value pair is removed.
"Request" is a single HTTP/S request that is received by Cloudflare’s edge. For Cloudflare Workers, a Request is a single HTTP/S request that is received by Cloudflare’s edge and hits a Worker script.
“Seat” means an employee, agent, contractor, or other third party, or a device, in each case, authorized by you to use a Cloudflare Service, as applicable.
“Uncached Image” is an image that is not cached on any Cloudflare server.
“Workers KV Storage” is defined for billing purposes as the average hourly amount of data stored in gigabytes (GB) during a single monthly billing period.
“Zone” is an instance configured in the Cloudflare Services dashboard which has a unique zone id assigned to it. In general, a zone would be associated with a single registrable domain and would include all of that domain’s child subdomains unless one or more of the child subdomains requires a different performance or security setting, in which case each child subdomain could either be assigned its own zone id or be grouped together with other child subdomains that share the same performance or security settings under a single zone id.
Always Online Beta is a Service that serves a limited copy of the portions of your Zone (as defined in the Supplemental Terms Units of Measurements) that are available from the Internet Archive’s Wayback Machine in case your server goes offline. You can learn more about the Internet Archive here.
By enabling Always Online Beta on your Zone, you authorize Cloudflare to share your Zone’s hostname and frequently-visited URLs with the Internet Archive, and to serve a limited copy of your Zone from the Internet Archive’s Wayback Machine when Cloudflare determines your origin server is unavailable by forwarding portions of client requests to your Zone to the Internet Archive to retrieve and serve requested content from the Internet Archive (e.g., requested URL, Accept request-header field).
You understand that Always Online Beta is made available to you on an “as is” and “as available” basis. Always Online Beta is not covered by Cloudflare customer support and does not have an SLA. Cloudflare reserves the right to modify or discontinue Always Online Beta at any time without notice to you.
IN NO EVENT WILL CLOUDFLARE BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATING TO YOUR ACCESS TO OR USE OF, OR YOUR INABILITY TO ACCESS OR USE, ALWAYS ONLINE BETA, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), STATUTE, OR ANY OTHER LEGAL THEORY, WHETHER OR NOT CLOUDFLARE HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE.
Customer will not be billed for any requests that Cloudflare reasonably determines were generated by bad bots (e.g., requests with a low cf.bot_management.score that are not included in Cloudflare’s or Customer’s list of allowed bots).
In order to use the BYOIP Service, Customer must provide Cloudflare with a letter of authorization signed by an authorized representative of Customer sufficient to permit Cloudflare to announce the Customer’s IP addresses. Customer shall maintain accurate whois information for its IP addresses at all times. Customer represents and warrants that the Customer has obtained all rights, licenses, consents, and permissions necessary to convey the rights set forth in the letter of authorization. In the event that the Customer is not the legal owner of the IP addresses, Customer must also supply a letter of authorization from the legal owner, authorizing Cloudflare to announce the IP addresses. Customer understands that if the legal owner of the IP addresses withdraws its authorization, Cloudflare may stop advertising such IP addresses without any liability to Customer. In such a circumstance, Cloudflare will use reasonable efforts to provide Customer with advanced notice.
Information related to your Cloudflare account’s carbon usage is provided solely for informational purposes. You can learn more about Cloudflare's methodology for calculating this number in the Carbon Impact Report accessible in the Cloudflare Service dashboard. The information provided is not warranted to be error free and contains both original Cloudflare data and estimates, subject to update, correction and revision.
Cloudflare’s China Service is operated by its Chinese partners, Baidu and JD Cloud & AI (collectively, the “China Service Partners”). Customer acknowledges that as part of the China Service the China Service Partners will process a portion of Customer's data in mainland China, and as a result such Customer data may be subject to Chinese law, including China’s Cybersecurity Law. By using Cloudflare’s China Service, Customer acknowledges and agrees that: (i) it will be solely responsible for obtaining and maintaining a valid Internet Content Provider (ICP) license (the “ICP License”) throughout the Term, as required by the Chinese Ministry of Industry and Information Technology, (ii) Cloudflare will not be liable for Customer’s inability to obtain or maintain such an ICP License, (iii) in the absence of such an ICP License, Cloudflare or its China Service Partners may refuse to provide the China Service to Customer without liability, and (iv) Cloudflare may share ICP License information, as well as Customer address and contact information with the China Service Partners. Notwithstanding any provision of the Agreement to the contrary, the China Service is provided to Customer “AS-IS,” with all faults, and without warranty, obligation, or service level of any kind, and unless otherwise explicitly agreed to in writing, any custom security requirements that have been negotiated between Customer and Cloudflare will not apply to the China Service. Cloudflare and its China Service Partners reserve the right to terminate or suspend Customer’s right to use or access the Service in China, at any time and without liability, in response to Chinese law, rule, regulation, or court order; provided, that (i) Cloudflare provides notice to Customer of such termination or suspension as soon as reasonably practicable, and (ii) Cloudflare works to promptly route Customer’s traffic to the next nearest data center(s) outside of China. Termination or suspension of the China Service will have no effect upon any other Services provided to Customer under the Agreement, which will remain in full force and effect. Customer’s use of the China Service is subject to Chinese law including laws governing the dissemination of certain types of content.
Cloudflare for Teams is a suite of cloud-based security solutions made available by Cloudflare to its Customers for use by their authorized End Users. Depending on the Cloudflare for Teams Services you have purchased and enabled, Cloudflare for Teams may include Cloudflare’s zero trust access solution for your applications (Cloudflare Access), Cloudflare’s secure web gateway and DNS filtering solution (Cloudflare Gateway), and Cloudflare’s remote browser isolation solution.
2.1 Cloudflare for Teams is made available on a Seat licensing basis. You may substitute an existing End User that occupies a Seat with a new End User in the event of the existing End User's termination or reassignment to another job function, without incurring an additional Fee.
2.2 You shall not resell Cloudflare for Teams to any third parties (e.g., in an ASP, managed security services, outsourcing, time-sharing or service bureau relationship) unless expressly permitted by Cloudflare in writing. Your violation of the foregoing shall be considered a material breach of the Agreement and subject to immediate termination of your account.
2.3 Cloudflare Gateway is subject to an Average Monthly DNS Queries limit of 5,000 DNS queries per Seat per day. “Average Monthly DNS Queries” means the number of DNS queries by your total Seats in a month divided by the number of days in such a month and further divided by the number of licensed Seats. For example, if you purchased licenses for 1,000 Seats and your Seats submitted a total of 30,000,000 DNS queries in the prior 30-day calendar month, your Average Monthly DNS Queries would be 1,000 (calculated as follows: (30,000,000 / 30) / 1,000 = 1,000). Cloudflare may continuously monitor your usage of Cloudflare Gateway on a monthly basis to determine your Average Monthly DNS Queries. If Cloudflare determines that your Average Monthly DNS Queries has exceeded 5,000 DNS queries per Seat per day, Cloudflare reserves the right to require you to purchase additional licenses as required. In the event you purchase the Service in the middle of a month, the Average Monthly DNS Queries calculation for that month shall be based on the number of days that you were subscribed for the Service in that month.
Cloudflare Gateway Content
By accessing or using the Service you may receive access to Cloudflare-provided threat intelligence and domain categorization data (“Cloudflare Gateway Content”). You may only use the Cloudflare Gateway Content in connection with the Service. You agree not to provide the Cloudflare Gateway Content to any third parties. If you feel that a website has been incorrectly categorized, you may submit a report here.
Cloudflare processes telemetry data to deliver, enhance, improve, customize, support, and/or analyze Cloudflare for Teams and may otherwise freely use telemetry data that does not identify you or any of your End Users. You may have the ability to configure Cloudflare for Teams to limit the telemetry data collected, but in some cases, you can only opt out of the telemetry data collection by uninstalling or disabling Cloudflare for Teams. Telemetry data includes data that Cloudflare for Teams generates in connection with your use of Cloudflare for Teams, such as, threat intelligence data, URLs, metadata; origin and nature of malware; information about the devices connected to a network and the types of software or applications installed on a network or an endpoint (e.g., client-type, operating system).
You acknowledge and agree that you are responsible for: (i) all activity of your End Users and for your End Users’ compliance with this Agreement; (ii) complying with all applicable laws and/or regulations in using the Service, including, but not limited to, providing clear and conspicuous notice to all End Users that you may monitor their Internet activities through Cloudflare for Teams; (iii) for forwarding your End Users’ DNS queries, web traffic and/or internal traffic, as applicable, to Cloudflare via valid forwarding mechanisms described in the Cloudflare documentation (e.g., the WARP Client, GRE tunnels); and (iv) configuring and maintaining your third-party identity provider for use in connection with Cloudflare for Teams.
CLOUDFLARE DOES NOT REPRESENT OR WARRANT THAT CLOUDFLARE FOR TEAMS WILL GUARANTEE ABSOLUTE SECURITY DUE TO THE CONTINUAL DEVELOPMENT OF NEW TECHNIQUES FOR INTRUDING UPON AND ATTACKING FILES, NETWORKS AND ENDPOINTS. CLOUDFLARE DOES NOT REPRESENT OR WARRANT THAT CLOUDFLARE FOR TEAMS WILL PROTECT ALL YOUR AND YOUR USERS’ FILES, DEVICES, NETWORK, OR ENDPOINTS FROM ALL MALWARE, VIRUSES, OR THIRD PARTY MALICIOUS ATTACKS.
By connecting your infrastructure to the Cloudflare network via a private network interconnection (physical or virtual) or over an Internet Exchange, you understand and agree that Cloudflare has no responsibility for the performance or reliability of your interconnection, and that all requests for interconnection support should be submitted to the applicable colocation service provider. You shall ensure that at all times your infrastructure has multiple connections to the public Internet that are unrelated and not dependent on your interconnection to the Cloudflare network.
IN NO EVENT WILL CLOUDFLARE BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATING TO YOUR INABILITY TO ACCESS OR USE CLOUDFLARE NETWORK INTERCONNECT, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), STATUTE, OR ANY OTHER LEGAL THEORY, WHETHER OR NOT CLOUDFLARE HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE.
Any limits on data transfer related to non-HTTP/S products (e.g., Cloudflare Spectrum) will be separate from and in addition to any other data transfer caps related to HTTP/S traffic that Customer has under the Agreement. Cloudflare will determine Customer’s Spectrum traffic for the billing period by calculating the sum of both the ingress and egress traffic to and from Customer's internet clients as measured by Cloudflare during each billing period.
Cloudflare is not required to retain and may delete, without notice to you, any of your content in Cloudflare Stream and Cloudflare Images following the expiration or termination of your trial or subscription.
Unlike most Cloudflare products, Cloudflare Stream and Cloudflare Images can be used to host or stream content. Content stored or streamed on Cloudflare Stream and Cloudflare Images that we determine in our sole judgment to be illegal or harmful may be blocked or removed, and use of Cloudflare Services for storage or streaming of such illegal or harmful content may result in suspension or termination of Cloudflare Services. While we generally try to provide notice of such action, we reserve the right to take action without notice as appropriate. For these purposes, illegal or harmful content includes but is not limited to: (a) content containing, promoting, or facilitating child sexual abuse material (CSAM) or human trafficking; (b) content that infringes on another person’s intellectual property rights or is otherwise unlawful; (c) content that discloses sensitive personal information, incites or exploits violence, or is intended to defraud the public; and (d) content that seeks to distribute malware, facilitate phishing, or otherwise constitutes technical abuse.
Cloudflare Workers is a Service that permits developers to deploy and run encapsulated versions of their proprietary software source code (each a “Workers Script”) on Cloudflare’s edge servers. Cloudflare Pages is a JAMstack platform for frontend developers to collaborate and deploy websites. You may use Cloudflare Pages and Workers (whether in conjunction with a storage offering such as Cloudflare Workers KV and Durable Objects or not) to serve HTML content as well as non-HTML content (e.g., image files, audio files) other than video files.
By adding a Workers Script to the Service or deploying a Cloudflare Pages project, you are granting Cloudflare a limited, revocable, worldwide, non-exclusive, royalty-free, sub-licenseable right to use your Workers Script and/or code and assets from your project as is necessary to provide you the Service (“License”). You retain all copyright and any other proprietary rights that you may hold in the Workers Script(s) and the code and the assets that you provide (or derived from such code and assets through the build process) to Cloudflare.
Cloudflare may with or without notice to you and without liability of any kind, temporarily limit the number of requests your Workers Scripts and Cloudflare Pages sites can make or receive if processing such requests would put an undue burden on the Cloudflare network, or otherwise threaten the integrity of Cloudflare’s networks.
You acknowledge that you are solely responsible for your Workers Script(s) and Cloudflare Pages projects, including (i) the Workers Scripts’ and Cloudflare Pages projects’ performance and functioning with the Services and any reference libraries that Cloudflare may provide from time to time; and (ii) maintaining licenses and adhering to the license terms of any third party software that may be incorporated into your Workers Scripts and Cloudflare Pages projects.
As between you and Cloudflare, you will provide all support of any type requested by Cloudflare or your end users related to the Workers Script and Cloudflare Pages sites, and be responsible for any warranty, liability or obligation to any end user or any third party that arises in connection with their use of your Workers Scripts and Cloudflare Pages sites.
You represent and warrant that (i) you have and will retain all necessary rights to grant the License; (ii) your Workers Scripts and Cloudflare Pages projects and sites are free from and do not disseminate any viruses, adware, spyware, worms, crypto-mining software or other malicious code; (iii) you will not use the Services to engage in any volumetric attacks or in any other activities to intentionally harm another party’s rights; and (iv) you will use the Services in accordance with the Cloudflare Workers and Cloudflare Pages developer documentation.
You agree to indemnify and hold Cloudflare, and its officers, directors, employees, consultants, affiliates, subsidiaries and agents, harmless from any claim or demand, including reasonable attorneys’ fees, arising out of or related to your violation of any third-party right, including without limitation any intellectual property right, or your breach of any of the foregoing representations and warranties.
You understand and agree that Cloudflare is constantly enhancing its Services and we may enhance our Services in a way that is competitive with your Workers Scripts, Cloudflare Pages projects/sites, or other products, services, or ideas that you have, regardless of whether you have shared them with us. Although Cloudflare affirms that you retain intellectual property rights in the source code to your Workers Scripts and Cloudflare Pages projects, you acknowledge that Cloudflare has the right to make, use, develop, acquire, license, market, promote, or distribute products, software, or technologies that perform the same or similar functions as, or otherwise compete with, any of your Workers Scripts and Cloudflare Pages projects/sites as well as other products, software, or technologies that you may develop, produce, market, or distribute now or in the future.
The creation of Cloudflare Workers or Cloudflare Pages accounts/projects using subdomains that include deceptive or offensive terms or names of other businesses, organizations, or individuals is prohibited. If Cloudflare determines that you are engaging in this activity it may suspend or terminate your account and/or project(s) immediately. The use of the Services for phishing schemes is prohibited.
Cloudflare may change Cloudflare Workers/Pages subdomain names for any or no reason. Cloudflare will attempt to provide you with at least one week prior notice for such change, unless the change is due to your violation of the terms governing your use of Cloudflare Workers and Cloudflare Pages.
Unlike most Cloudflare products, Cloudflare Pages and Workers can be used to host content. Content stored on Cloudflare Pages and Cloudflare Workers (whether in conjunction with a storage offering such as Cloudflare Workers KV and Durable Objects or not) that we determine in our sole judgment to be illegal, harmful, or in violation of Section 6 of the Cloudflare Pages and Cloudflare Workers Supplemental Terms may be blocked or removed, and use of Cloudflare Pages or Cloudflare Workers for storage of such illegal or harmful content may result in suspension or termination of Cloudflare Pages/Workers and other Cloudflare Services. While we generally try to provide notice of such action, we reserve the right to take action without notice as appropriate. For these purposes, illegal or harmful content includes but is not limited to: (a) content containing, promoting, or facilitating child sexual abuse material or human trafficking; (b) content that infringes on another person’s intellectual property rights or is otherwise unlawful; (c) content that discloses sensitive personal information, incites or exploits violence, or is intended to defraud the public; and (d) content that seeks to distribute malware, facilitate phishing, or otherwise constitutes technical abuse.
Acknowledgement of Relevant Legal Requirements
In connection with your obligation to comply with all laws and regulations applicable to your use of Cloudflare Services as set out in the General Terms, you acknowledge that the content of the data you identify using the CSAM Scanning Tool may be subject to specific legal requirements which may include, but are not limited to, laws requiring the reporting of any facts or circumstances from which you obtain actual knowledge of an apparent violation of laws relating to Child Sexual Abuse Material (CSAM) to the National Center for Missing and Exploited Children (NCMEC) and/or a government agency in your jurisdiction. Any information that Cloudflare provides to you regarding the use of the CSAM Scanning Tool is not intended as legal advice and is not a substitute for the advice of your own legal counsel.
Purpose limitation, Your instructions to Audit and report to NCMEC
The purpose of the CSAM Scanning Tool is to prevent the spread of child sexual abuse content, and to support investigations targeted to stopping the distribution and possession of child sexual abuse content (“Purpose”). You may use the CSAM Scanning Tool solely for the Purpose, and you must not use it for any other purposes. To achieve the Purpose, it is important for you and Cloudflare to work together to maintain the integrity of the service.
(a) You hereby authorize Cloudflare to take steps to monitor and audit your usage of the CSAM Scanning Tool to help ensure that the service is used solely for the Purpose, and otherwise in accordance with these terms.
(b) You hereby authorize Cloudflare to provide reports to NCMEC on your behalf on the images you upload on the CSAM Scanning Tool that match the signatures of known CSAM images. You hereby instruct Cloudflare to use your NCMEC CyberTipline credentials and the email address you have specified for the CSAM Scanning Tool to submit these reports on your behalf. You understand that such reports do not relieve you of any legal requirements that might arise from your use of the CSAM Scanning Tool, including, but not limited to, any applicable preservation obligations and obligations that may be applicable in your local jurisdiction.
(c) You hereby authorize Cloudflare to block images that the CSAM Scanning Tool matches to signatures of known CSAM images.
Details for the CSAM Scanning Tool
This applicable service details are as follows:
(a) In order to use the CSAM Scanning Tool, you must provide Cloudflare with your NCMEC CyberTipline credentials and you will be required to verify the email address you have provided.
(b) The CSAM Scanning Tool is provided free of charge. Accordingly, Cloudflare will have no liability for any harm or damage arising out of or in connection with your use of the CSAM Scanning Tool.
(c) Cloudflare reserves the right to modify or discontinue offering the CSAM Scanning Tool at any time (including, without limitation, by limiting or discontinuing certain features of the CSAM Scanning Tool) without notice to you.
(d) Cloudflare may limit or throttle your CSAM Scanning Tool transactions at any time, with or without notice.
(e) Cloudflare may terminate all Cloudflare Services provided to you if we determine that you have failed to timely remove CSAM, or we suspect you are attempting to abuse the CSAM Scanning Tool.
Internal Use Only
You will use the CSAM Scanning Tool solely for your internal use. You may not use the CSAM Scanning Tool to provide a managed service solution.
No Support or SLA
The CSAM Scanning Tool is not covered by customer support and does not have an SLA.
Limitation of Liability
IN NO EVENT WILL CLOUDFLARE BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATING TO YOUR ACCESS TO OR USE OF, OR YOUR INABILITY TO ACCESS OR USE, THE CSAM SCANNING TOOL, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), STATUTE, OR ANY OTHER LEGAL THEORY, WHETHER OR NOT CLOUDFLARE HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE.
Cloudflare Customers that purchase the Data Localization Suite will be entitled to Cloudflare’s Regional Services, Geo Key Manager, and Keyless SSL Services for Customer Zones that are on Cloudflare’s Enterprise plan for the sole use of Data Localization suite.
By purchasing Cloudflare’s Data Localization Suite, you agree to pay Cloudflare an additional fee equal to thirty percent (30%) of the monthly Fees (“Localization Suite Fee”) for any Services identified on the Data Localization Suite page here (each such Service, a “Covered Service”). The Localization Suite Fee will apply to all Covered Services, regardless of whether such Covered Services are invoiced on a fixed fee or variable basis. The Localization Suite Fee will apply to all future, as well as all previously quoted, pricing including any volume discounts extended to you by Cloudflare. For the avoidance of doubt, the Data Localization Suite does not provide you with an entitlement to a Covered Service, which must be purchased separately.
As a Data Localization Suite customer, you may configure Regional Services for your Enterprise primary domain and your Enterprise secondary domain(s). If you have enabled Regional Services for your Domain(s), Cloudflare will terminate TLS and apply application layer services to Customer Content for HTTPS traffic transmitted between End Users and the origin web server(s) for such a Domain only in Cloudflare data centers located in the geographic region you have selected. The geographic regions available for the Regional Service are listed on the Data Localization Suite page here.
Customer is solely responsible for ensuring that its use of the Data Localization Suite is compliant with all applicable laws and regulations as well as any and all privacy policies, agreements or other obligations Customer may maintain or enter into.
If no regional data usage limitations are set forth in Customer’s Order Form or Insertion Order, as applicable, then the geographic distribution of Customer’s data usage must not exceed in any billing period (i) 25% in the Tier II region or (ii) 8% in the Tier III region, as such regions are defined below.
In general, (i) the Tier I region includes North America and Europe; (ii) the Tier II region includes China, India, South America, Middle East, Africa, and elsewhere in Asia (except for Korea and Taiwan); and the Tier III region includes Taiwan, Korea, Australia, and New Zealand.
If regional data usage limitations are specified in Customer’s Order Form or Insertion Order, then the geographic distribution of Customer’s data usage must not exceed for any region in any billing period the sum of the usage caps for all countries in such region. Notwithstanding the foregoing, any unused data capacity for a given regional tier may be used by Customer in any lower regional tier without incurring additional Fees. By way of example, for a Customer with regularly allotted usage limitations of 30% in the Tier II region and 15% in the Tier III region, there would be no overage charges if in a given billing period the geographic distribution of Customer’s data usage is 35% in the Tier II region and 10% in the Tier III region.
Cloudflare’s Magic Transit Service (“Magic Transit”) utilizes border gateway protocol to direct traffic from Customer’s set of ingress and egress termination points, including, but not limited to, individual IP addresses, protected subnets, IP networks and border routers under Customer’s control (the “Customer Network”). Magic Transit provides layer 3 DDoS mitigation, network firewall and traffic management solutions to the Customer Network traffic directed to the number of Customer’s IP Prefixes listed on Customer’s Order Form or Insertion Order, as provided by Customer to Cloudflare for the Customer Network.
Magic Transit will be provided to Customer subject to the Bandwidth Limits listed on Customer’s Order Form or Insertion Order, as measured by Cloudflare at the 95th percentile in five (5) minute intervals.
To establish Customer’s bandwidth at the 95th percentile, Cloudflare will measure and record Customer’s bandwidth usage at five (5) minute intervals from 00:00 on the first day of each month until 24:00:00 on the same date of the next month (as based on the UTC+8 time zone). Customer’s bandwidth usage records (all clean bandwidth valued for all of the Customer’s Internet Properties) for the entire month will then be sorted by Cloudflare in descending order and the top 5% of the recorded bandwidth values will be discarded. The highest bandwidth value in the remaining records will be deemed the billable bandwidth for that month.
By way of example, in a month with 30 days, Cloudflare would measure Customer’s bandwidth 8,640 times (i.e. 12 x 24 x 30). After sorting all of the bandwidth measurements from highest to lowest, and discarding the top 5% of such measurements, Customer would be charged at the 433rd highest value (i.e. 8,640 x 5%).
Magic Transit On-Demand Limits.
Customer’s use of Cloudflare’s Magic Transit On-demand Service is limited to a maximum of 240 hours per month.
a. General. Customer shall administer Layer 3 DDoS mitigation, traffic filtering and traffic management configurations for Magic Transit directly or through Cloudflare as described in this Section 3.
b. Procedure. Configuration changes for Customer’s use of Magic Transit may be completed by Cloudflare. To initiate a configuration change, Customer will issue Cloudflare a support ticket through Cloudflare’s ticketing system indicating the requested configuration change (a “Configuration Ticket”). Cloudflare will implement the requested configuration change on behalf of Customer based on the information provided in the Configuration Ticket. Customer acknowledges and agrees that it is responsible for all such requested configuration changes. Cloudflare will have no liability for any harm or damage arising out of or in connection with any configuration change requested by Customer unless such harm or damage is the result of Cloudflare’s failure to follow Customer’s instructions provided in the Configuration Ticket.
c. Emergency Configurations. Customer pre-authorizes Cloudflare to implement emergency configuration changes without following the configuration change process set forth in Section 3(a) in order to mitigate adverse effects on the Customer Network in the event of a DDoS attack. Cloudflare will have no liability for any harm or damage arising out of or in connection with any emergency configuration changes.
Customer will comply with the following requirements:
a. Registry Information. Customer will maintain accurate and up to date WHOIS and Internet routing registry information for all IP Prefixes.
b. Letter of Authorization. Customer will provide Cloudflare with a letter of authorization signed by an authorized representative of Customer sufficient to permit Cloudflare to announce the IP Prefixes.
Managed IP addresses must be used solely in connection with Customer’s domains that are receiving Cloudflare's Enterprise Services.
The Mobile SDK Service is a Service that facilitates and analyzes network calls for mobile applications. Paid and enterprise plans of the Mobile SDK Service are available that can be used to optimize how data is transferred over networks through the use of ASAP™, a UDP-based protocol that accelerates the last mile to mobile devices.
Any use of the term “website” in the General Terms or any other written agreement between you and Cloudflare, as applicable, shall be deemed to mean “website or mobile application” with respect to your use of the Mobile SDK Service.
In addition, the capitalized terms below shall have the following meanings:
“Access Key” means a confidential access key provided by Cloudflare to Customer for enabling the Mobile SDK Service in a Mobile App.
“Active User” means with respect to paid and enterprise Mobile SDK Service subscriptions, a unique user who has performed some action in a Mobile App in the applicable billing period. Each installation of the Mobile App on a device shall count as a unique user. For example, if a user installs and uninstalls a Mobile App 5 times in a day on the same device, such user will count as 5 unique users for the applicable billing period.
“Mobile App” means a discrete compiled handheld or mobile device application that integrates the Cloudflare Mobile SDK to access the Cloudflare Mobile SDK Service. Each variation of compiled code that uses the Mobile SDK Service is counted as a unique Mobile App (e.g., iOS and Android each count as unique Mobile Apps). Cloudflare will provide one (1) Access Key for each unique Mobile App.
“Platform Access Fee” means with respect to paid and enterprise Mobile SDK Service subscriptions, the Monthly Fee charged by Cloudflare for each Mobile App.
“Total Active Users” means with respect to paid and enterprise Mobile SDK Service subscriptions the sum of all Active Users in all of Customer’s Mobile Apps for the applicable billing period. For example, if Customer’s iOS Mobile App has 300,000 Active Users in a given billing period, and Customer’s Android Mobile App has 200,000 Active Users in such billing period, the Total Active Users for such billing period is 500,000 Active Users.
Subject to your compliance with the terms and conditions of the Agreement, Cloudflare hereby grants you a non-exclusive, non-transferable, license, to enable the Mobile SDK Service in your Mobile App(s), solely in accordance with the Documentation and any other restrictions or obligations mutually agreed upon by the Parties. All rights not expressly granted to you herein are reserved to Cloudflare.
You acknowledge that you are solely responsible for your Mobile Apps, including the Mobile App’s performance and functioning with the Service. As between you and Cloudflare, you will provide all support of any type requested by Cloudflare or your end users related to your Mobile App(s) and be responsible for any warranty, liability or obligation to any end user or any third party that arises in connection with their use of your Mobile App.
Each Access Key may only be used by one (1) Mobile App to access the Service. You acknowledge and agree that: (a) you will ensure that each Access Key issued to a Mobile App will be used only by the Mobile App for which it was issued; (b) you are responsible for maintaining the confidentiality of all Access Keys, and are solely responsible for all activities that occur with such Access Keys; and (c) you will notify Cloudflare promptly of any actual or suspected unauthorized use of any Access Key, or any other breach or suspected breach of the Agreement. Cloudflare reserves the right to terminate any Access Key that Cloudflare reasonably determines may have been used by an unauthorized third party, and shall provide you with immediate notice of such. For your own security, Cloudflare strongly encourages that you take all necessary security precautions in conjunction with all Access Keys.
By participating in Project Pangea, you represent and warrant that you meet the Project Pangea eligibility requirements available here (“Project Pangea Requirements”). You understand that should you fail to meet the Project Pangea Requirements at any time, Cloudflare may suspend, limit, or terminate your access to the Cloudflare Services. You represent that to the best of your knowledge, the information you provide to Cloudflare including, but not limited to, your expected bandwidth usage and geographic location of users is truthful, accurate, and complete. To the extent applicable to your use of the Cloudflare Services, you agree to the Cloudflare Supplemental Terms for Magic Transit and Cloudflare Network Interconnect.
Your access or use of the Cloudflare Registrar Services is subject to the Cloudflare Domain Registration Agreement available here.
SNI Rewrite functionality is only available to Enterprise customers when using custom origin functionality. It may only be enabled and used for the purpose of origin servers serving a correct certificate based on custom hostnames.
SNI Rewrite functionality may not be used for domain fronting. Such use constitutes a material breach of the Agreement. Cloudflare may suspend or terminate all or part of Cloudflare Services provided to you if Cloudflare determines you have used or are using SNI Rewrite for domain fronting.
If you have questions about these terms or anything else about Cloudflare, please don't hesitate to contact us:
+1 (650) 319-8930
101 Townsend St,
San Francisco, CA 94107