Cloudflare's privacy policy was updated on July 1, 2026 to remove two items from the footer navigation: 'Community forum' was deleted from the support section, and 'Cloudflare for Campaigns' was removed from the public interest projects list. These are navigation and organizational changes with no material impact on stated data practices, user rights, or privacy obligations.
This change is a navigation and footer update with no material impact on Cloudflare's stated data collection, processing, or user privacy rights. The privacy policy's operative terms remain unchanged; only two footer links were removed from the document layout.
This change has no operational significance for privacy or data governance. It is a formatting and navigation update to the policy document footer with no impact on Cloudflare's stated data practices, user rights, or privacy obligations.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
This is a formatting and navigation change to the privacy policy footer. No material changes to data handling practices, user rights, consent mechanisms, or privacy obligations are introduced. This does not create compliance obligations for organizations using Cloudflare's services.
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Monitor: regulatory citations + obligations. Compliance: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-003380.
Provision was consolidated into 'Automatic Data Collection and Log Data' rather than added as new content.
Specific enumeration of passive data collection (ISP, clickstream data, exit pages) was removed in favor of more generic language, reducing transparency about specific tracking categories.
Removal of contractual requirements for third-party data protection and purpose limitation weakens binding obligations on service providers handling personal data.
Specific distinction between session and persistent cookies and detailed enumeration of cookie purposes was removed, reducing granularity of cookie disclosure.
Definition expanded from generic contractual language to explicitly enumerate End User categories and clarify the direct contract requirement for Customers.
Language simplified from detailed enumeration (ISP, referring/exit pages, clickstream data) to broader categories, with clearer delineation of data collection on behalf of Customers.
Added explicit examples of tracking technologies (web beacons, pixels), categorized cookies by necessity, and added disclosure of third-party partner cookie usage.
Removed specific Data Privacy Framework certifications in favor of broader consent-based language emphasizing U.S. governance and reduced local protections, with vaguer reference to transfer mechanisms.
Added explicit mention of CPRA (new California law) and included additional rights (opt-out of sale/sharing, non-discrimination, correct inaccurate information) previously only partially addressed.
Changed from "sole discretion" standard to "reasonably necessary" standard, narrowed scope by removing vague "prevent illegal or unethical activity" clause, and reframed categories with specific examples (death/bodily injury instead of general safety).
Added specific trigger (account active status), enumerated purposes more explicitly (resolve disputes, enforce agreements), and added commitment to limited retention for log data.
Removed contractual restrictions on third-party use and protection requirements, and added new category of disclosure for corporate transactions (M&A, asset sales, etc.).
Cross-platform context
See how other platforms handle similar provisions across the ConductAtlas archive.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — MonitorCloudflare updated its Self-Serve Subscription Agreement on June 21, 2026, removing several sentences and modifying others. The changes include removal …
Cloudflare's privacy policy was updated on May 5, 2026, but the detected change is a minor navigation and service listing …
Cloudflare's website navigation and service menu was reorganized on May 5, 2026. The change involved restructuring how support and success …
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.