What can I do about this clause?

{'method': 'EMAIL', 'recipient': 'privacyquestions@cloudflare.com', 'difficulty': 'EASY', 'action_type': 'DELETE_DATA', 'instructions': 'Email privacyquestions@cloudflare.com with your full name, California residency confirmation, and a clear description of the data you want deleted. Cloudflare must respond within 45 days under CCPA.', 'deadline_days': 45, 'deadline_hours': None} {'method': 'EMAIL', 'recipient': 'privacyquestions@cloudflare.com', 'difficulty': 'EASY', 'action_type': 'EXPORT_DATA', 'instructions': 'Email privacyquestions@cloudflare.com requesting a copy of the categories of personal information Cloudflare has collected about you as a California resident.', 'deadline_days': 45, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'State_AG', 'reason': 'The California Attorney General and California Privacy Protection Agency (CPPA) enforce CCPA/CPRA rights including deletion, access, and opt-out rights for California residents.', 'complaint_url': 'https://www.naag.org/find-my-ag/'}

What is the severity of this clause?

ConductAtlas classifies this California Resident Privacy Rights (CCPA/CPRA) clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar California Resident Privacy Rights (CCPA/CPRA) clauses across approximately 5 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

California Resident Privacy Rights (CCPA/CPRA) — Cloudflare

Share 𝕏 Share in Share 🔒 PDF

What it is

If you live in California, you have legal rights to see what data Cloudflare has collected about you, ask them to delete it, correct it, or opt out of your data being shared — and you can exercise these rights by contacting Cloudflare directly.

Consumer impact (what this means for users)

California residents can formally request deletion or access to personal data held by Cloudflare, and Cloudflare cannot discriminate against you for exercising these rights — making this one of the most actionable provisions in the policy for US consumers.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Delete Your Data
Within 45 days
Email privacyquestions@cloudflare.com with your full name, California residency confirmation, and a clear description of the data you want deleted. Cloudflare must respond within 45 days under CCPA.
Export Your Data
Within 45 days
Email privacyquestions@cloudflare.com requesting a copy of the categories of personal information Cloudflare has collected about you as a California resident.

Cross-platform context

See how other platforms handle California Resident Privacy Rights (CCPA/CPRA) and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

California's CCPA/CPRA gives residents stronger privacy rights than most US laws, including the ability to demand deletion of personal data — rights that Cloudflare is obligated to honor with a response within 45 days.

View original clause language

California law requires us to disclose certain information about how we collect, use, and disclose personal information of California residents. California residents have the right to: request that we disclose the categories of personal information we have collected about you; request that we disclose the categories of sources from which we collect personal information; request deletion of personal information we have collected from you, subject to certain exceptions; request that we correct inaccurate personal information we maintain about you; and opt out of the sale or sharing of personal information. We do not sell personal information as most people would understand that term.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: This provision implicates CCPA §§1798.100 (right to know), 1798.105 (right to delete), 1798.106 (right to correct), 1798.120 (right to opt out of sale/sharing), and 1798.125 (non-discrimination). CPRA amendments effective January 1, 2023, added correction rights and expanded sensitive personal information protections under §1798.121. Enforcement authority rests with the California Privacy Protection Agency (CPPA) and California AG, with fines up to $7,500 per intentional violation. The FTC may also have jurisdiction under Section 5 for deceptive privacy representations.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

State AG

The California Attorney General and California Privacy Protection Agency (CPPA) enforce CCPA/CPRA rights including deletion, access, and opt-out rights for California residents.
File a complaint →

Provision details

Document information

Document

Cloudflare Privacy Policy

Entity

Cloudflare

Document last updated

April 29, 2026

Tracking information

First tracked

April 18, 2026

Last verified

April 18, 2026

Record ID

CA-P-003013

Document ID

CA-D-00282

Evidence Provenance

Source URL

https://www.cloudflare.com/privacypolicy/

Wayback Machine

View archived versions →

SHA-256

f8e88ec9d8c545e030482f3dd3f67f81792db81930414a668aae4f61c5cebe58

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Cloudflare | Document: Cloudflare Privacy Policy | Record: CA-P-003013
Captured: 2026-04-18 11:44:46 UTC | SHA-256: f8e88ec9d8c545e0…
URL: https://conductatlas.com/platform/cloudflare/cloudflare-privacy-policy/california-resident-privacy-rights-ccpacpra/
Accessed: May 2, 2026

Classification

Severity

Medium

California Resident Privacy Rights (CCPA/CPRA)