Hi I’m Ken Carter, CloudFlare’s newly minted in-house counsel. Now that I have introduced myself, feel free to introduce yourself. Or, don’t. You may want to remain anonymous because you value your privacy. We do, too.
To that end, one of the first things I have undertaken in my new role is a full review of our privacy policy. I wanted to strengthen it to make sure that the policy is keeping pace with our growing business and the privacy expectations of our users worldwide. So, I am pleased to announce our new privacy policy effective today.
So what is changing in the new policy? Actually, not all that much. The old privacy policy was pretty good to start. Most of the changes were to more clearly explain how we treat specific information, remove ambiguity, and ensure we are complying with privacy standards around the world. Specifically, here are some of the changes we made:
We also removed a whole bunch of pronouns and replaced them with nouns. This makes the policy read a good bit more legal and formalistic, but greatly clarifies exactly whom and what we are referring to.
We have also changed our privacy policy to appoint TRUSTe for dispute resolution relating to our compliance with the U.S.–EU Safe Harbor framework and the U.S.–Swiss Safe Harbor. This ensures we are in line with EU privacy standards. TRUSTe has reviewed our privacy policy and signed off that it meets these Safe Harbor Privacy Principles for protecting users’ privacy.
We created a new, dedicated Trust and Safety email contact for handling your questions and concerns related to privacy and compliance issues. The address is privacy@cloudflare.com.
Since it is CloudFlare’s existing corporate policy to ensure adherence to due process in all law enforcement requests for our customers’ information, we decided to explicitly incorporate that policy into our privacy policy. By way of background, here’s our CEO’s a recent interview on the subject of law enforcement and privacy.
To ensure you can understand every change to the privacy policy, I have tracked changes from the old to the new privacy policy and embedded a PDF showing the differences below. I’ve also included comments explaining the rationale of every change. We wanted to show you exactly all the moving pieces, how we’ve sought to improve and clarify our policy, and the reasoning behind every change. Finally, for the more technically (and less legally) inclined, we’ve also included our privacy policy in a public GitHub repo where we will track changes to it over time.
Our guiding philosophy has always been and will continue to be that the personal information you provide to us is just that: personal and private. CloudFlare will not sell, rent, or give away any of your personal information without your consent. We will also challenge law enforcement requests that we determine do not meet the standards of due process.
I will continue to return to this blog to keep you informed as we review and strengthen our policies and procedures going forward.
CloudFlare Security and Privacy Policy August 2013 Difffromcloudflare_policies