Cloudflare's separate privacy policy governs how your data is handled, and by using the services you acknowledge that internet transmissions are not completely private or secure.
This analysis describes what Cloudflare's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Incorporating the privacy policy by reference means changes to that document affect your rights under this agreement, and the acknowledgment that transmissions are never fully secure may affect any expectation of confidentiality for data transmitted through Cloudflare's network.
Interpretive note: The adequacy of privacy policy incorporation by reference to satisfy GDPR transparency requirements depends on how and when notice is provided to data subjects and whether the privacy policy itself meets applicable standards, which requires review of that separate document.
Your data rights and privacy protections are governed by a separate document that can be updated independently of these terms. The acknowledgment regarding transmission security may be relevant if a data interception or security incident occurs and you seek to assert claims.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
Monitoring
Cloudflare has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Cloudflare's current Privacy Policy is incorporated into this Agreement by this reference and is located at https://www.cloudflare.com/privacypolicy/. In addition, by using the Services, you acknowledge and agree that internet transmissions are never completely private or secure.— Excerpt from Cloudflare's Cloudflare Terms of Use
REGULATORY LANDSCAPE: The incorporation of a privacy policy by reference into a terms of service agreement is evaluated under GDPR Article 12-13 (transparency obligations), CCPA Section 1798.100 et seq. (notice requirements), and applicable FTC guidance on privacy notice adequacy. GDPR requires that data subjects receive clear, accessible information about processing at the time data is collected, and incorporation by reference must satisfy these transparency standards. The acknowledgment that transmissions are never completely private may be evaluated under applicable data security laws and breach notification statutes if a security incident occurs. GOVERNANCE EXPOSURE: Medium. The by-reference incorporation means that privacy policy changes automatically affect the agreement terms without requiring re-execution of the main agreement, which may not satisfy GDPR's requirement for fresh consent or notice where material changes are made. The security acknowledgment is a standard risk allocation mechanism but may have limited effect in jurisdictions with mandatory data security obligations. JURISDICTION FLAGS: GDPR applies for EU/EEA users and requires Cloudflare to maintain a lawful basis for all personal data processing. UK GDPR imposes equivalent obligations for UK users. California users have CCPA rights including access, deletion, and opt-out of sale or sharing of personal information, which the privacy policy should address. Compliance with these frameworks should be verified in the privacy policy itself. CONTRACT AND VENDOR IMPLICATIONS: Organizations engaging Cloudflare as a data processor under GDPR should ensure a separate Data Processing Agreement has been executed, as the self-serve terms and privacy policy alone may be insufficient to satisfy GDPR Article 28 requirements for a written processor agreement. Procurement teams should flag the privacy policy update mechanism as a contract review trigger requiring periodic review. COMPLIANCE CONSIDERATIONS: Data protection officers and privacy teams should review the current Cloudflare Privacy Policy as a separate document and confirm it satisfies all applicable notice and transparency requirements for their user population. A Data Processing Addendum should be requested and executed for any processing of personal data under GDPR or CCPA if not already in place.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Incorporating the privacy policy by reference means changes to that document affect your rights under this agreement, and the acknowledgment that transmissions are never fully secure may affect any expectation of confidentiality for data transmitted through Cloudflare's network.
Your data rights and privacy protections are governed by a separate document that can be updated independently of these terms. The acknowledgment regarding transmission security may be relevant if a data interception or security incident occurs and you seek to assert claims.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Cloudflare.