What data does Cloudflare collect to facilitate the hosting of a Pages site
I am currently drafting the privacy policy for my website hosted using Cloudflare Pages and am seeking to understand the specific types of data that Cloudflare collects and processes in this context. My aim is to provide clear and transparent information to my website's visitors about the data that is collected when they access the site.
From my understanding, Cloudflare provides performance and security enhancements and likely collects some data related to user interactions with the site. However, I have not been able to find detailed documentation that outlines exactly what data is collected, how it is stored, and for how long it is retained.
Could anyone provide insights or direct me to resources regarding:
1. The types of data Cloudflare collects from visitors to a Pages site (e.g., IP addresses, cookies, etc.).
2. Any additional metadata or logs that Cloudflare stores (e.g., time of visit, duration, etc.).
3. How this data is used by Cloudflare, particularly in terms of enhancing performance or security.
4. The retention policy for the data collected through Cloudflare Pages.
This information is crucial for ensuring that my privacy policy accurately reflects the data handling processes in place and complies with applicable data protection regulations. Any assistance or pointers towards detailed documentation would be greatly appreciated.
4 Replies
I have the same question.
I've found...
- the privacy policy at https://www.cloudflare.com/privacypolicy/
- the 3 month analytics limit at https://developers.cloudflare.com/analytics/analytics-engine/limits/
- the EU data protection whitepaper at https://cf-assets.www.cloudflare.com/slt3lc6tev37/1Q4mtd7RL9I6UyCEYYsQPk/cfcccb4a75aa8286afa358b4ac36b085/How_Cloudflare_helps_address_data_protection_and_locality_obligations_in_Europe_-_June_2022.pdf
- don't sell personal data
- only store data to provide the service
- Trust Hub at https://www.cloudflare.com/trust-hub/gdpr/
- "for a limited period of time"
But there are no specifics and the privacy policy basically says "it depends"
the 3 month analytics limit at https://developers.cloudflare.com/analytics/analytics-engine/limits/that's a specific product retention, not analytics as a whole
Our privacy policy covers everything:
https://www.cloudflare.com/en-gb/privacypolicy/
Cloudflare's Privacy Policy | Cloudflare
Read about Cloudflare’s privacy policy, which outlines general policy practices and more.
But it doesn't specify how long you store data from end users ("customer logs").
That's the information our data protection officer is asking for.
Section 11 is pretty vague:
We store your personal information for a period of time that is consistent with the business purposes set forth in Section 3 of this policy or as long as needed to fulfill and comply with legal obligations. The criteria we used to determine how long we store your personal information will vary depending on several different factors.