If you live in California, you have legal rights to see what data Cloudflare has collected about you, ask them to delete it, correct it, or opt out of your data being shared — and you can exercise these rights by contacting Cloudflare directly.
This analysis describes what Cloudflare's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision operationalizes California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) statutory rights by establishing the procedural framework through which California residents may exercise data access, deletion, correction, and opt-out mechanisms. The clause establishes the entity's position regarding data sale practices under applicable state law.
California residents can formally request deletion or access to personal data held by Cloudflare, and Cloudflare cannot discriminate against you for exercising these rights — making this one of the most actionable provisions in the policy for US consumers.
How other platforms handle this
If you are a California resident, you may have the right to: Know what personal information we collect, use, disclose, sell, or share. Correct inaccurate personal information. Delete your personal information. Opt out of the sale or sharing of your personal information. Limit the use and disclosure ...
If you are a California resident, you have the right to: Know what personal information is being collected about you; Know whether your personal information is sold or disclosed and to whom; Say no to the sale of personal information; Access your personal information; Request deletion of your person...
If you are a California resident, you have the right to know what personal information we collect, use, and disclose about you; the right to request deletion of your personal information; the right to opt out of the sale or sharing of your personal information; the right to correct inaccurate person...
Monitoring
Cloudflare has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"California law requires us to disclose certain information about how we collect, use, and disclose personal information of California residents. California residents have the right to: request that we disclose the categories of personal information we have collected about you; request that we disclose the categories of sources from which we collect personal information; request deletion of personal information we have collected from you, subject to certain exceptions; request that we correct inaccurate personal information we maintain about you; and opt out of the sale or sharing of personal information. We do not sell personal information as most people would understand that term.— Excerpt from Cloudflare's Cloudflare Privacy Policy
REGULATORY FRAMEWORK: This provision implicates CCPA §§1798.100 (right to know), 1798.105 (right to delete), 1798.106 (right to correct), 1798.120 (right to opt out of sale/sharing), and 1798.125 (non-discrimination). CPRA amendments effective January 1, 2023, added correction rights and expanded sensitive personal information protections under §1798.121. Enforcement authority rests with the California Privacy Protection Agency (CPPA) and California AG, with fines up to $7,500 per intentional violation. The FTC may also have jurisdiction under Section 5 for deceptive privacy representations.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision operationalizes California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) statutory rights by establishing the procedural framework through which California residents may exercise data access, deletion, correction, and opt-out mechanisms. The clause establishes the entity's position regarding data sale practices under applicable state law.
California residents can formally request deletion or access to personal data held by Cloudflare, and Cloudflare cannot discriminate against you for exercising these rights — making this one of the most actionable provisions in the policy for US consumers.
ConductAtlas has identified this type of provision across 12 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Cloudflare.