Cloudflare automatically collects technical data including your IP address, browser type, and pages visited whenever you use its services or visit a website powered by Cloudflare's network, even if you have no direct relationship with Cloudflare.
This analysis describes what Cloudflare's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Your IP address and browsing behavior are collected passively across a vast range of internet destinations that use Cloudflare's infrastructure, which represents a significant breadth of data collection relative to a single service provider.
Every time you visit a website using Cloudflare's network, your IP address and device information may be logged, regardless of whether you have an account with Cloudflare or are aware of its involvement.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
Cloudflare has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"When you use our Services, we automatically receive and record information from your browser or device, which may include your IP address or device identifier, the type of browser and/or device you're using to access our Services, and the page or feature you requested. Cloudflare also collects information on behalf of our Customers about End Users of our Customers' websites and applications. This information may include log data, IP addresses, and other information regarding users of our Customers' websites.— Excerpt from Cloudflare's Cloudflare Privacy Policy
REGULATORY LANDSCAPE: Automatic collection of IP addresses and device identifiers constitutes personal data processing under GDPR, requiring a documented legal basis. The FTC Act applies to deceptive or unfair collection practices in the U.S. CCPA and CPRA classify IP addresses as personal information subject to consumer rights. Cookie and tracking disclosures also engage ePrivacy Directive requirements in the EU. GOVERNANCE EXPOSURE: Medium. The scope of automatic data collection across Cloudflare's network is broad, but collection of log data and IP addresses for security and network operations is standard practice for infrastructure providers. Legal basis documentation under GDPR (likely legitimate interests for security operations) and transparency of disclosure are the primary governance concerns. JURISDICTION FLAGS: EU and EEA users have the right to object to processing based on legitimate interests under GDPR Article 21. California residents have the right to know about categories of personal information collected under CCPA. Illinois and other states with biometric or sensitive data laws are less directly implicated by log data collection alone. CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers using Cloudflare should understand that end-user log data collected on their behalf is governed by the DPA, not this public privacy policy. Vendor assessments should confirm data retention periods for log data and confirm sub-processor obligations are met. COMPLIANCE CONSIDERATIONS: Teams should review whether Cloudflare's legitimate interests assessments for automatic data collection are documented and available, and whether website operators using Cloudflare have disclosed Cloudflare's data collection in their own privacy notices as required under GDPR transparency obligations.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Your IP address and browsing behavior are collected passively across a vast range of internet destinations that use Cloudflare's infrastructure, which represents a significant breadth of data collection relative to a single service provider.
Every time you visit a website using Cloudflare's network, your IP address and device information may be logged, regardless of whether you have an account with Cloudflare or are aware of its involvement.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Cloudflare.