Cloudflare can share your personal data with law enforcement, government agencies, or private parties when legally required or when Cloudflare itself decides it is necessary — including to prevent activity it considers illegal or unethical, which is a broad discretionary power.
This analysis describes what Cloudflare's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This clause establishes the operational framework under which Cloudflare may respond to legal requests and governmental demands for user data. It defines both mandatory disclosures (required by law) and discretionary disclosures (based on Cloudflare's independent judgment regarding safety and legal compliance), thereby setting the conditions under which user information may be transferred to third parties outside the normal service relationship.
Your personal data can be disclosed to law enforcement or third parties not just when legally required but also when Cloudflare unilaterally decides it is necessary, which could include situations beyond formal legal process such as subpoenas or court orders.
How other platforms handle this
By issuing a chargeback or refund request for Premium subscriptions paid for through a third party, you agree to allow Telegram to release necessary data to that third party regarding your account status and Telegram Premium purchases.
We may disclose certain information, in connection with or during negotiations or closing of any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
We will share individual user information with companies, organizations or individuals outside of Google if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to: meet any applicable law, regulation, legal process or enforceable govern...
Monitoring
Cloudflare has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Cloudflare may disclose your personal information to government or law enforcement officials or private parties as required by law, and disclose and use such information as we, in our sole discretion, believe necessary or appropriate to: respond to claims and legal process (including but not limited to subpoenas); protect the property, rights, and safety of Cloudflare, its employees, customers, and the general public; prevent or stop activity we consider to be illegal or unethical.— Excerpt from Cloudflare's Cloudflare Privacy Policy
REGULATORY FRAMEWORK: Law enforcement disclosures implicate the Electronic Communications Privacy Act (ECPA, 18 U.S.C. §§2701–2712), the Stored Communications Act (SCA, 18 U.S.C. §2702), and GDPR Art. 6(1)(c) (legal obligation) and Art. 6(1)(f) (legitimate interests) for EU disclosures. GDPR Art. 23 permits member state law to restrict data subject rights for law enforcement purposes. The CLOUD Act (18 U.S.C. §2523) governs cross-border data requests. FTC Act Section 5 applies if discretionary disclosures are made in a manner inconsistent with representations in this policy.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This clause establishes the operational framework under which Cloudflare may respond to legal requests and governmental demands for user data. It defines both mandatory disclosures (required by law) and discretionary disclosures (based on Cloudflare's independent judgment regarding safety and legal compliance), thereby setting the conditions under which user information may be transferred to third parties outside the normal service relationship.
Your personal data can be disclosed to law enforcement or third parties not just when legally required but also when Cloudflare unilaterally decides it is necessary, which could include situations beyond formal legal process such as subpoenas or court orders.
ConductAtlas has identified this type of provision across 14 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Cloudflare.