Cloudflare and IT Act compliance

Cloudflare’s is a privacy-first company. As such, the Digital Personal Data Protection Bill (DPDP) represents many steps we were already taking. We do not sell personal data we process, or use it for any purpose other than delivering our services. In addition, we let people access, correct, and delete their personal information, and give our customers control over the information passing through our network.

To learn more, explore our DPDP FAQ below, or check out Cloudflare’s overall privacy policy.

Resources on IT Act Compliance


How Cloudflare helps address data protection and locality obligations in India

Cloudflare maintains a broad set of legal and contractual protections that comply with India’s Information Technology Act (IT Act) and Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules (SPDI Rules).

Download PDF

Cloudflare’s policies around data privacy and law enforcement requests

This paper outlines policies and procedures that guide how we manage customer and end-user data on our systems — and how we address government and other legal requests for data.

Download PDF

Cloudflare sub-processors

Regularly updated descriptions and locations of Cloudflare's sub-processors

Learn More

Protect and accelerate your websites, apps, and teams.