What can I do about this clause?

{'method': 'EMAIL', 'recipient': 'privacyquestions@cloudflare.com', 'difficulty': 'MODERATE', 'action_type': 'DELETE_DATA', 'instructions': "To request deletion of your personal data under GDPR, CCPA, or other applicable privacy law, contact Cloudflare's privacy team at privacyquestions@cloudflare.com with your account details and a clear data deletion request. EU/UK users may also use Cloudflare's Subject Access Request process.", 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC enforces against deceptive or unfair privacy practices, including inadequate disclosure of data collection and sharing practices at the point of consent.', 'complaint_url': 'https://reportfraud.ftc.gov/'}, {'agency': 'State_AG', 'reason': 'State attorneys general enforce CCPA and other state privacy laws that govern data collection disclosures and consumer data rights for California and other state residents.', 'complaint_url': 'https://www.naag.org/find-my-ag/'}

What is the severity of this clause?

ConductAtlas classifies this Data Processing and Privacy Policy Incorporation clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Data Processing and Privacy Policy Incorporation — Cloudflare

Share 𝕏 Share in Share 🔒 PDF

What it is

Cloudflare's Privacy Policy — a separate document — is automatically part of this agreement, meaning you're also agreeing to all of Cloudflare's data collection and sharing practices by accepting these terms.

Consumer impact (what this means for users)

Your agreement to these terms also constitutes consent to Cloudflare's data collection and sharing practices as described in a separate Privacy Policy document, which you must review independently to understand your data rights.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Delete Your Data

To request deletion of your personal data under GDPR, CCPA, or other applicable privacy law, contact Cloudflare's privacy team at privacyquestions@cloudflare.com with your account details and a clear data deletion request. EU/UK users may also use Cloudflare's Subject Access Request process.

Cross-platform context

See how other platforms handle Data Processing and Privacy Policy Incorporation and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

By accepting these terms, you are simultaneously agreeing to a separate Privacy Policy that governs how Cloudflare collects, uses, and shares your data — without that policy being fully presented to you in this document.

View original clause language

Please review our Privacy Policy, which is incorporated herein by reference and describes how we collect, use and share information about you when you use our Services. By agreeing to these Terms, you agree to our collection, use and sharing of your information as described in our Privacy Policy.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: Incorporation by reference of a privacy policy as a consent mechanism implicates GDPR Articles 6 (lawful basis for processing), 7 (conditions for consent), 13 (transparency obligations), and 25 (data protection by design). CCPA §1798.100 et seq. requires specific disclosures and opt-out rights for California residents. The FTC Act Section 5 governs deceptive privacy practices. COPPA (15 U.S.C. §6501) applies if any user data relates to children under 13. The ICO (UK GDPR) and EU supervisory authorities enforce data protection requirements. A Data Processing Addendum (DPA) is referenced separately and must be executed for GDPR Article 28 processor compliance.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

FTC

The FTC enforces against deceptive or unfair privacy practices, including inadequate disclosure of data collection and sharing practices at the point of consent.
File a complaint →
State AG

State attorneys general enforce CCPA and other state privacy laws that govern data collection disclosures and consumer data rights for California and other state residents.
File a complaint →

Provision details

Document information

Document

Cloudflare Terms of Use

Entity

Cloudflare

Document last updated

April 29, 2026

Tracking information

First tracked

April 18, 2026

Last verified

April 18, 2026

Record ID

CA-P-003009

Document ID

CA-D-00281

Evidence Provenance

Source URL

https://www.cloudflare.com/terms/

Wayback Machine

View archived versions →

SHA-256

af37667e124d0363f143ca727e79c9a668751aece57f83a9121e317e2cdbdbca

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Cloudflare | Document: Cloudflare Terms of Use | Record: CA-P-003009
Captured: 2026-04-18 11:39:55 UTC | SHA-256: af37667e124d0363…
URL: https://conductatlas.com/platform/cloudflare/cloudflare-terms-of-use/data-processing-and-privacy-policy-incorporation/
Accessed: May 2, 2026

Classification

Severity

Medium

Data Processing and Privacy Policy Incorporation