Last Updated September 12, 2025
This Data Act Addendum (“Addendum”) amends the agreement (“Agreement”) between Cloudflare, Inc., a Delaware company with its principal office at 101 Townsend Street, San Francisco, CA 94107 (“Cloudflare”) and Customer (interchangeably, “Customer” or “You”). This Addendum applies solely to the provision of “Relevant Services” (defined below) to Customers who live or are headquartered in the European Union and who have billing addresses in the European Union. This Addendum’s terms apply only to Agreements formed or orders placed on or after September 12, 2025.
All capitalized terms not defined in this Addendum have the meanings set forth in the Agreement. For the purpose of this Addendum, the following additional definitions apply:
2.1. “Cloudflare Extension Notice” shall have the meaning as defined in Section 5.2.
2.3. “Confidential Information” shall have the meaning set forth in Cloudflare’s Enterprise Terms of Service, available at https://www.cloudflare.com/enterpriseterms/.
2.4. “Customer Extension Notice” shall have the meaning as defined in Section 5.3.
2.5. “Data” shall have the meaning as defined in Art. 2(1) Data Act.
2.6. “Data Act” shall mean EU Regulation 2023/2854.
2.7. “Digital Assets” shall have the meaning as defined in Art. 2(32) Data Act.
2.8. “Exportable Data” shall have the meaning as defined in Art. 2(38) Data Act.
2.9. “Initial Term” shall mean the initial term of a Customer’s subscription to Relevant Services.
2.10. “Intellectual Property Rights” shall have the meaning set forth in Cloudflare’s Enterprise Terms of Service, available at https://www.cloudflare.com/enterpriseterms/.
2.11. “Notice Period” shall have the meaning as defined in Section 3.1.
2.12. “Renewal Term” shall mean each recurring subscription period following expiration of the Initial Term.
2.13. “Relevant Services” shall mean the Cloudflare services listed in Exhibit 1 to this Addendum and any other Cloudflare service(s) that a European court or competent authority deems, in a final, non-appealable decision, a data processing service as defined in Art. 2(8) Data Act.
2.14. “Retrieval Period” shall have the meaning as defined in Section 10.1.
2.15. “Switching” or “Switch” shall have the meaning as defined in Art. 2(34) Data Act.
2.16. “Switching Assistance” shall have the meaning as defined in Section 4.
2.17. “Switching Notice” shall have the meaning as defined in Section 3.1
2.18. “Transitional Period” shall have the meaning as defined in Section 5.
3.1. Customer shall give Cloudflare a notice that it initiates Switching to replace one or more Relevant Service(s) no later than 2 (two) months prior to the initiation of Switching (“Switching Notice”, “Notice Period”).
3.2. Customer shall specify in the Switching Notice:
3.2.1. the Relevant Service(s), Data, or Digital Assets that it wishes to Switch;
3.2.2. whether Customer intends to (a) Switch to a different service provider and shall in this case provide the necessary details of the new service provider, (b) whether Customer wishes to Switch to an on-premises ICT infrastructure of Customer or, (c) whether Customer does not wish to Switch but only to erase its Exportable Data and Digital Assets; and
3.2.3. Customer’s desired time window(s) for Switching (i.e., a weekday during which Customer intends to make its systems unavailable for the users and no update occur so that Customer may carry out the Switching) and, if applicable, support/assistance requested by Customer from Cloudflare in such time windows.
3.3. If Cloudflare is not able to provide the Switching and/or Switching Assistance in the indicated time-windows, it shall notify Customer within reasonable time and propose several alternative time-windows to Customer taking reasonably into account the Transitional Period.
Subject to Customer’s compliance with Section 6 of this Addendum, Cloudflare shall provide reasonable assistance (“Switching Assistance”) to Customer and third parties authorized by Customer once the Switching process starts and throughout its duration so that the Customer can Switch within the Transitional Period (as defined in Section 5 below). Requests for assistance with Switching for Relevant Products for which Cloudflare provides adequate self-serve application programming interfaces or other tooling via which Customers may retrieve and/or erase Exportable Data are not “reasonable.” Customer shall request any Switching Assistance by engaging Cloudflare’s professional services offering.
5.1. Cloudflare shall use reasonable efforts to facilitate completion of the Switching within 30 (thirty) days of the end of the Notice Period(“Transitional Period”).
5.2. If Cloudflare believes the Switching is likely to be delayed due to technical or other obstacles, Cloudflare shall (a) notify Customer thereof within 14(fourteen) working days of receipt of the Switching Notice, duly justifying the technical or other obstacles, and (b) indicate an alternative Transitional Period which shall not exceed 7 (seven) months following the Notice Period (“Cloudflare Extension Notice”). Customer shall confirm receipt of the Cloudflare Extension Notice within 5 (five) working days.
5.3. Irrespective of whether Cloudflare extends the Transitional Period, Customer also may request an extension of the Transitional Period once for a reasonable duration which shall not exceed the Agreement’s term. Customer must notify Cloudflare of any requested extension of the Transitional Period no later than one month before the Transitional Period otherwise would end and indicate the alternative Transitional Period (“Customer Extension Notice”). Cloudflare shall use reasonable efforts to comply with such Customer’s request.
5.4. Customer shall continue to pay all charges in accordance with the Agreement during any Transitional Period.
6.1. Customer shall pay Cloudflare for the costs of reasonable Switching Assistance as described in Section 4 of this Addendum accrued prior to January 12, 2027, as documented in an Order Form for Cloudflare's professional services offering. Customer shall pay Cloudflare for other Switching Assistance before and after January 12, 2027, according to Cloudflare’s standard rates for its professional services offering as set forth in an Order Form for that offering.
6.2. Each invoice will be due and payable upon receipt by Customer unless otherwise specified in the Agreement.
7.1. Exhibit 1 to this Addendum identifies: (a) categories of Data and Digital Assets that can be transferred; (b) categories of Data specific to the internal functioning of Cloudflare’s Relevant Services that Cloudflare has no obligation to transfer during Switching Data due to a risk of breach of Cloudflare’s trade secrets.
7.2. The following URL identifies the locations of Cloudflare’s infrastructure: cloudflare.com/network.
7.3 Consistent with Data Act Articles 28 and 32, Cloudflare’s procedures regarding third-party access requests for personal data identified in Section 8 of its Data Processing Addendum (available at cloudflare.com/cloudflare-customer-dpa/) also describe how Cloudflare intends to handle third-party access requests for non-personal data held in the Union, to the extent applicable.
8.1. Cloudflare shall act with due care during the Switching in order to maintain business continuity and continue the provision of the functions or Relevant Services in accordance with the Agreement.
8.2. Cloudflare shall provide clear information to Customer concerning any known risks to continuity in the provision of the functions or Relevant Service(s) which are attributable to Cloudflare.
8.3. Cloudflare shall maintain an appropriate level of security while the Switching is being carried out, in particular, for the security of the Data during their transfer and the Retrieval Period in accordance with applicable law.
8.4. Subject to Section 6, Cloudflare shall reasonably support Customer’s exit strategy relevant to the Relevant Services, including by providing all relevant information.
9.1. Customer undertakes to take all reasonable measures to achieve effective Switching.
9.2. Customer also undertakes to be responsible for the import and implementation of Data and Digital Assets in their own systems or in the systems of their new service provider.
9.3. Customer or third parties authorized by them, including any new service provider, undertakes to respect the Intellectual Property Rights and confidentiality of any materials provided in the Switching process by Cloudflare, as well as Cloudflare’s trade secrets. Any disclosure of Cloudflare’s confidential information to a third party (including any new service provider) is subject to Cloudflare’s prior written approval.
10.1. Cloudflare shall retain Customer’s Data for a period of 30 (thirty) calendar days after termination of the Transitional Period for retrieval or erasure by Customer (“Retrieval Period”).
10.2. At the end of the Retrieval Period or at a later date than the expiration date of the Retrieval Period according to Cloudflare’s standard data deletion practices, Cloudflare shall erase all Exportable Data and Digital Assets except as required by applicable law.
10.3. Customer shall continue to pay all charges in accordance with the Agreement during any Retrieval Period.
11.1. In addition to any other conditions for termination provided in the Agreement, the Agreement also will terminate solely with respect to Relevant Services that Customer identifies to Cloudflare according to Section 3.2.1 of this Addendum: (a) on the successful completion of the Switching process (“Event A”); or (b) at the end of the Notice Period, if Customer notifies Cloudflare in the Switching Notice that they do not wish to Switch but instead wish to erase their Exportable Data and Digital Assets on termination of the Relevant Services (“Event B”).
11.2. In case of Event A pursuant to Section 11.1 above, Customer shall promptly notify Cloudflare of its successful Switching. That notification also shall constitute a termination notice, if required by applicable law and Cloudflare shall confirm the termination within 10 (ten) working days. Cloudflare also may send Customer a request for confirmation whether the successful Switching took place and, if Customer fails to respond within 10 (ten) working days, Event A will be deemed to have occurred, Cloudflare’s request for confirmation shall be deemed a notification of termination, and the Agreement shall immediately terminate with respect to the Relevant Services that Customer identified to Cloudflare according to Section 3.2.1 of this Addendum.
11.3. If Customer notifies Cloudflare of their intent to erase their Exportable Data and Digital Assets without Switching in accordance with Event B pursuant to Section 11.1 above, that notification shall constitute a termination notice, if required by applicable law.
11.4. Customer acknowledges that pricing for Relevant Services with annual or multi-year terms and minimum spend commitments is generally lower than for services with commensurate usage purchased without such commitments. Customer further acknowledges that, for any Relevant Services subject to annual or multi-year terms, they had the option to purchase those services on a month-to-month basis. Accordingly, if Event A or B occurs before the end of the Initial Term or thereafter before the end of the respective Renewal Term, Customer must pay an early termination fee equal to the amount of fees that Customer would have been obliged to pay to Cloudflare for the entire term of the Agreement, if it had not been terminated prematurely by Customer under this Addendum.
For fees tied to usage, the early termination fee shall include the value of any minimum usage commitments for the Relevant Services from the earlier of Event A or B until the conclusion of the Initial or Renewal Term, regardless of whether Event A or B occurs before the end of either Term. Customer shall pay the early termination fee by the earlier of Event A or B.
Customer shall not be entitled to a refund of or a discount for any fees corresponding to Relevant Services terminated before the end of an Initial or Renewal Term.
12.1. All notices may be sent via e-mail and will be effective when sent as set out in this Section.
12.2. Any notices to Customer may be sent to the e-mail address designated by Customer as administrator in the Cloudflare dashboard or, if no such administrator is designated, to any e-mail address provided by Customer to Cloudflare in connection with their user account(s). Customer is responsible for updating its information with Cloudflare, including providing Cloudflare with an up-to-date e-mail address for the provision of notices under the Agreement.
12.3. Any notice provided to Cloudflare pursuant to this Addendum must be sent to dataact@cloudflare.com.
13.1. If there is any conflict or inconsistency between the clauses of this Addendum and any other clauses under the Agreement including its exhibits, attachments, addendums, etc., the clauses of this Addendum shall take precedence.
13.2 In addition to any other of the Agreement’s terms that survive termination or expiration, Sections 6, 9, and 11.4 of this Addendum shall survive termination or expiration.
Self-Serve Subscription Agreement
If you have questions about these terms or anything else about Cloudflare, please don't hesitate to contact us:
+1 (650) 319-8930
Cloudflare, Inc.
101 Townsend St,
San Francisco, CA 94107
USA
| RELEVANT SERVICE | EXPORTABLE DATA[1] | DATA STRUCTURE & FORMAT | DATA PORTABILITY & RESTRICTIONS |
|---|---|---|---|
| Containers |
Customer container images and associated Worker scripts.
Any available audit logs reflecting administrative user activities or logs of end user interactions[2] with Customer’s Internet properties and Cloudflare’s services. |
For more information about this service’s data structure and format, refer to Cloudflare’s developer documents. See, e.g., https://developers.cloudflare.com/containers/. |
Customers can port most Exportable Data for this service via the Cloudflare API. Customers can download any available administrative user audit logs or end user logs via the Cloudflare Dashboard.
For more information, refer to: https://developers.cloudflare.com/containers/; https://developers.cloudflare.com/api/ |
| Durable Objects |
Customer Worker scripts (i.e., JavaScript/Typescript and WebAssembly code) and associated data files (e.g., JSON, CSV, and SQLite Database files).
Any available audit logs reflecting administrative user activities or logs of end user interactions with Customer’s Internet properties and Cloudflare’s services. |
For information about this service’s data structure and format, refer to Cloudflare’s developer documents. See, e.g. ,developers.cloudflare.com/durable-objects/; developers.cloudflare.com/durable-objects/concepts/what-are-durable-objects/. |
Customers can port most Exportable Data for this service via the Durable Objects Storage API. Customers can download any available administrative user audit logs or end user logs via the Cloudflare Dashboard.
For more information, refer to developers.cloudflare.com/durable-objects/; https://developers.cloudflare.com/api/. |
| D1 |
Customer data files such as JSON or those supported by SQLite (e.g., TEXT, INTEGER, REAL, Binary Large Object).
Any available audit logs reflecting administrative user activities or logs of end user interactions with Customer’s Internet properties and Cloudflare’s services. |
For information about this service’s data structure and format, refer to Cloudflare’s developer documents. See, e.g., developers.cloudflare.com/d1/. |
Customers can port most Exportable Data for this service via the Cloudflare API. Customers can download any available administrative user audit logs or end user logs via the Cloudflare Dashboard.
For more information, refer to: https://developers.cloudflare.com/d1/best-practices/import-export-data/; https://developers.cloudflare.com/d1/; https://developers.cloudflare.com/api/. |
| Images | Images uploaded by Customer.
Any available audit logs reflecting administrative user activities or logs of end user interactions with Customer’s Internet properties and Cloudflare’s services. |
For information about this service’s data structure and format, refer to Cloudflare’s developer documents. See, e.g., developers.cloudflare.com/images/. | Customers can port uploaded images via the Cloudflare API and the Cloudflare Dashboard. Customers can download any available administrative user audit logs or end user logs via the Cloudflare Dashboard.
For more information, refer to https://developers.cloudflare.com/images/manage-images/export-images/; developers.cloudflare.com/images/; https://developers.cloudflare.com/api/. |
| Log Explorer | Any available audit logs reflecting administrative user activities or logs of end user interactions with Customer’s Internet properties and Cloudflare’s services. | For information about this service’s data structure and format, refer to Cloudflare’s developer documents. See, e.g., https://developers.cloudflare.com/log-explorer/. | Customers can port most Exportable Data for this service via the Log Explorer API. Customers can download any available administrative user audit logs or end user logs via the Cloudflare Dashboard.
For more information, refer to https://developers.cloudflare.com/log-explorer/api/; https://developers.cloudflare.com/log-explorer/; https://developers.cloudflare.com/api/. |
| Pages | Website code (e.g., HTML, CSS, Javascript files), assets (e.g., image and media files) and configuration files (e.g., build settings, redirect rules).
Any available audit logs reflecting administrative user activities or logs of end user interactions with Customer’s Internet properties and Cloudflare’s services. |
For information about this service’s data structure and format, refer to Cloudflare’s developer documents. See, e.g., https://developers.cloudflare.com/pages/. | Customers can port most Exportable Data for this service by accessing the associated git repository created by or linked to their Pages project. Customers can download any available administrative user audit logs or end user logs via the Cloudflare Dashboard.
For more information, refer to https://developers.cloudflare.com/pages/; https://developers.cloudflare.com/api/. |
| R2 | Content uploaded by customer (e.g., objects such as JSON files and other data types).
Any available audit logs reflecting administrative user activities or logs of end user interactions with Customer’s Internet properties and Cloudflare’s services. |
For information about this service’s data structure and format, refer to Cloudflare’s developer documents. See, e.g., https://developers.cloudflare.com/r2/. | Customers can download objects stored in R2 via the Cloudflare dashboard or Cloudflare R2 API. Customers can download any available administrative user audit logs or end user logs via the Cloudflare Dashboard.
For more information, refer to https://developers.cloudflare.com/r2/objects/download-objects/; https://developers.cloudflare.com/r2/; https://developers.cloudflare.com/api/. |
| Secrets Store | Metadata reflecting each secret’s name, the identity of any service that can access each secret, and any commentary regarding each secret.
Any available audit logs reflecting administrative user activities or logs of end user interactions with Customer’s Internet properties and Cloudflare’s services. PLEASE NOTE: To ensure the security of Your secrets, Cloudflare irreversibly encrypts them. Cloudflare therefore cannot retrieve secrets that You store in Secrets Store. |
For information about this service’s data structure and format, refer to Cloudflare’s developer documents. See, e.g., https://developers.cloudflare.com/secrets-store/. | Secret metadata is accessible via the Cloudflare Dashboard, Wrangler, and the Cloudflare API. Customers can download any available administrative user audit logs or end user logs via the Cloudflare Dashboard.
PLEASE NOTE: To ensure the security of Your secrets, Cloudflare irreversibly encrypts them. Cloudflare therefore cannot retrieve secrets that You store in Secrets Store. For more information, refer to https://developers.cloudflare.com/secrets-store/. |
| Stream / Video | Video content and associated metadata.
Any available audit logs reflecting administrative user activities or logs of end user interactions with Customer’s Internet properties and Cloudflare’s services. |
For information about this service’s data structure and format, refer to Cloudflare’s developer documents. See, e.g., https://developers.cloudflare.com/stream/. | Customers can port most Exportable Data for this service via the Cloudflare API. Customers can download any uploaded videos as MP4 files according to these instructions: https://developers.cloudflare.com/stream/viewing-videos/download-videos/. Customers can download any available administrative user audit logs or end user logs via the Cloudflare Dashboard.
For more information, refer to https://developers.cloudflare.com/stream/; https://developers.cloudflare.com/api/. |
| Vectorize | Vector embeddings and associated metadata.
Any available audit logs reflecting administrative user activities or logs of end user interactions with Customer’s Internet properties and Cloudflare’s services. |
For information about this service’s data structure and format, refer to Cloudflare’s developer documents. See, e.g., https://developers.cloudflare.com/vectorize/. | Customers can port most Exportable Data for this service via the Vectorize API. Customers can download any available administrative user audit logs or end user logs via the Cloudflare Dashboard.
For more information, refer to https://developers.cloudflare.com/vectorize/; https://developers.cloudflare.com/api/. |
| Workers | Code from Workers applications.
Any available audit logs reflecting administrative user activities or logs of end user interactions with Customer’s Internet properties and Cloudflare’s services. |
For information about this service’s data structure and format, refer to Cloudflare’s developer documents. See, e.g., https://developers.cloudflare.com/workers/. | Customers can port most Exportable Data for this service via the Workers API. Customers can download any available administrative user audit logs or end user logs via the Cloudflare Dashboard.
For more information, refer to https://developers.cloudflare.com/workers/; https://developers.cloudflare.com/api/. |
| Workers AI | LoRA adapters uploaded by Customers.
Any available audit logs reflecting administrative user activities or logs of end user interactions with Customer’s Internet properties and Cloudflare’s services. |
For information about this service’s data structure and format, refer to Cloudflare’s developer documents. See, e.g., https://developers.cloudflare.com/workers-ai/. | Customers can port most Exportable Data for this service via the Cloudflare API. Customers can download any available administrative user audit logs or end user logs via the Cloudflare Dashboard.
PLEASE NOTE: Customers cannot currently retrieve uploaded LoRA adapters via the Cloudflare API. To ensure You do not lose access to any uploaded LoRA adapters, please retain copies of all uploaded LoRA adapters.
For more information, refer to https://developers.cloudflare.com/workers-ai/; https://developers.cloudflare.com/api/. |
| Workers Analytics Engine | Analytics data (dependent on customer instrumentation).
Any available audit logs reflecting administrative user activities or logs of end user interactions with Customer’s Internet properties and Cloudflare’s services. |
For information about this service’s data structure and format, refer to Cloudflare’s developer documents. See, e.g., https://developers.cloudflare.com/analytics/analytics-engine/. | Customers can port most Exportable Data for this service via the Workers Analytics Engine API. Customers can download any available administrative user audit logs or end user logs via the Cloudflare Dashboard.
For more information, refer to https://developers.cloudflare.com/analytics/analytics-engine/; https://developers.cloudflare.com/api/. |
| Workers for Platforms | Code from Workers applications.
Any available audit logs reflecting administrative user activities or logs of end user interactions with Customer’s Internet properties and Cloudflare’s services. |
For information about this service’s data structure and format, refer to Cloudflare’s developer documents. See, e.g., https://developers.cloudflare.com/cloudflare-for-platforms/workers-for-platforms/. | Customers can port most Exportable Data for this service via the Cloudflare API. Customers can download any available administrative user audit logs or end user logs via the Cloudflare Dashboard.
For more information, refer to https://developers.cloudflare.com/cloudflare-for-platforms/workers-for-platforms/; https://developers.cloudflare.com/api/. |
| Workers KV | Customer data (i.e., key-value pairs).
Any available audit logs reflecting administrative user activities or logs of end user interactions with Customer’s Internet properties and Cloudflare’s services. |
For information about this service’s data structure and format, refer to Cloudflare’s developer documents. See, e.g., https://developers.cloudflare.com/kv/. | Customers can port most Exportable Data for this service via the Cloudflare API. Customers can download any available administrative user audit logs or end user logs via the Cloudflare Dashboard.
For more information, refer to https://developers.cloudflare.com/kv/; https://developers.cloudflare.com/api/. |
| Workers Static Assets | Data assets associated with Workers applications (e.g., images and media, JSON, HTML/CSS/JavaScript code).
Any available audit logs reflecting administrative user activities or logs of end user interactions with Customer’s Internet properties and Cloudflare’s services. |
For information about this service’s data structure and format, refer to Cloudflare’s developer documents. See, e.g., https://developers.cloudflare.com/workers/static-assets/. | Customers can port most Exportable Data for this service via the Workers API. Customers can download any available administrative user audit logs or end user logs via the Cloudflare Dashboard.
For more information, refer to https://developers.cloudflare.com/workers/static-assets/; https://developers.cloudflare.com/api/. |