// Trust & Security Report
Cloudflare, Inc.
Workers AI: serverless GPU-based AI inference on Cloudflare's global network; sub-products include AI Gateway (observability/caching/rate-limiting for AI apps), Vectorize (vector database), and integration with Workers, R2, D1, KV, Durable Objects, and Pages.
Certifications held
6
Maturity
Enterprise
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on cloudflare.com“Cloudflare obtained the initial SOC 2 Type II validation in 2019 and issues updated reports annually. Scope covers security, confidentiality, and availability trust service criteria. Developer Platform (Workers, R2, Pages, Durable Objects) is explicitly listed in scope.”
Verify on cloudflare.com“Cloudflare's ISMS has been assessed and certified by a third-party auditor and is currently certified against ISO 27001:2022. Cloudflare has been ISO 27001 certified since 2019. Covers the Cloudflare global cloud platform and subsidiary offices.”
Verify on cloudflare.com“Cloudflare is ISO 27018 certified since 2022. Extends security protections to personal data in public cloud environments with 25 additional controls for data processors.”
Verify on cloudflare.com“Cloudflare was the first web performance and security company to be certified to the new ISO privacy standard as both a data processor and controller. Certified since 2021.”
Verify on cloudflare.com“Cloudflare is a privacy-first company. We do not sell personal data we process, or use it for any purpose other than delivering our services. Certified to EU-U.S. Data Privacy Framework, UK Extension, and Swiss-U.S. DPF. DPA (v6.4, effective April 3, 2026) available for all customers including self-serve.”
Verify on cloudflare.com“Cloudflare maintains PCI DSS Level 1 compliance for its network, platform, and infrastructure services. Annual audit by Qualified Security Assessors since 2014. Developer Platform (Workers, R2, Pages, Durable Objects) is explicitly within PCI scope.”
> Show 5 unconfirmed / not-held certifications
source: cloudflare.comNo public evidence found on cloudflare.com that Cloudflare holds ISO 27017 (cloud-specific security controls) certification. Not listed on trust hub ISO certifications page or in blog posts covering their certificate portfolio.
source: cloudflare.comNo public evidence found of ISO 42001 AI management certification. Cloudflare's Responsible AI page addresses EU AI Act posture and training data policies but does not mention ISO 42001.
source: blog.cloudflare.comNo public evidence found that Workers AI is a HIPAA-covered service. Cloudflare states 'Covered healthcare entities that are leveraging our enterprise version of our security products to protect their application layer can be assured that Cloudflare can sign Business Associates Agreements (BAA),' but the BAA is Enterprise-only and the covered scope is the application-layer security products (CDN, WAF, Bot Management, Zero Trust). Workers AI and the broader developer platform are not named in the covered-services scope; healthcare customers must confirm coverage with Cloudflare sales before routing ePHI.
source: cloudflare.comCloudflare is currently deploying the required services and technology to be In Process for FedRAMP High. Status is In Process, NOT authorized. No FedRAMP authorized ATO has been issued as of June 2026.
source: cloudsecurityalliance.orgCSA STAR Level 1 is a CAIQ self-assessment (self-attestation), not a third-party-audited certification, and the listing lives on the Cloud Security Alliance registry rather than on a Cloudflare-owned domain. Cloudflare has a CSA STAR Level 1 self-assessment entry but has NOT achieved CSA STAR Level 2 (third-party certification) or Level 3 (continuous monitoring), so this should not be represented as a held certification.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Primarily United States and European Economic Area. Enterprise customers can use Cloudflare's data localization suite (available in regions including Japan and EU) to restrict which regional data centers inspect traffic and where logs are sent. Workers AI inference runs on Cloudflare's global GPU network across 335+ cities.
Cloudflare explicitly states it does not use customer content to train any AI models made available on Workers AI or to improve any Cloudflare or third-party services, and would not do so unless explicit consent is received. Cloudflare also does not train LLMs itself. Customer content for Workers AI is only stored if the customer explicitly uses a Cloudflare storage service (R2, KV, Durable Objects, Vectorize) in conjunction with Workers AI; otherwise no customer content is retained by Workers AI after inference.
// Security controls
Encryption in transit
TLS/SSL on all API and Worker traffic; Cloudflare's network can encrypt data throughout its journey from origin servers to end-users using the very latest protocols (TLS 1.3 supported).
cloudflare.comEncryption at rest
AES-256 encryption at rest for KV, R2, and other storage services; encryption and decryption are automatic and require no user configuration.
developers.cloudflare.comGlobal network and DDoS
335+ PoPs across the world, within 50ms of 95% of the world's population. Unmetered DDoS mitigation included on all plans.
cloudflare.comZero Trust / SASE
Cloudflare One provides ZTNA, SWG, CASB, DLP, and email security as an integrated SASE platform; identity-aware access controls replace VPN.
cloudflare.comVulnerability disclosure
Security issues can be reported via https://www.cloudflare.com/report-security-issue/; responsible disclosure program is public.
developers.cloudflare.comSandbox isolation (Workers)
Cloudflare Workers run in V8 isolates, not containers or VMs, providing strong per-request isolation. Cloudflare has bolstered sandbox security for Workers AI workloads.
developers.cloudflare.com// Products & data scope
data: Customer prompts and completions processed in-flight; not retained after inference unless customer explicitly routes data to a Cloudflare storage service. No customer data used for model training.
50+ open-source models (text generation, image classification, object detection, embeddings). Available on Free and Paid plans. Custom requirements (private custom models, higher limits) require Enterprise agreement via Custom Requirements Form.
data: Caches, logs, and rate-limits AI requests passing through the gateway. Log retention is configurable.
Works with any LLM provider behind a gateway proxy; not limited to Cloudflare's own models.
data: Stores embeddings; data persists in Cloudflare's infrastructure within customer-selected region.
Designed for use with Workers AI for semantic search, RAG, and recommendations.
data: Code and request data processed at edge; no persistent storage unless customer uses KV, D1, R2, or Durable Objects.
In scope for SOC 2, PCI DSS. HIPAA BAA coverage must be confirmed with Cloudflare sales.
data: Customer data persists; AES-256 at rest. All within PCI DSS scope.
R2 HIPAA eligibility not confirmed publicly; must verify with Cloudflare.
// What to watch
- HIPAA BAA is Enterprise-only and explicitly covers CDN, WAF, Zero Trust, and Access services. Workers AI and the general Workers developer platform are NOT listed as covered BAA services in Cloudflare's published scope. Healthcare customers must confirm Workers AI is covered before routing ePHI.
- FedRAMP over-claim risk: Cloudflare is In Process for FedRAMP High but has NOT received an ATO. The press release language ('initiates top federal certifications') could mislead; verify current marketplace status before listing as FedRAMP compliant.
- CSA STAR is Level 1 self-assessment only. No independent third-party CSA STAR Level 2 certification has been issued. The self-assessment should not be conflated with a third-party-audited STAR certification.
- ISO 27017 (cloud-specific security controls) was not found in Cloudflare's public certification portfolio despite it being a logical companion to ISO 27001/27018.
- No ISO 42001 (AI management) certification found; Cloudflare addresses responsible AI principles on its trust hub but has not published an AI governance certification for Workers AI specifically.
// At a glance
Pricing model
Free tier available (25 AI requests/day, 100,000 Worker requests/day). Paid Workers plan starts at $5/month with pay-as-you-go for AI tokens. Enterprise/custom pricing for private models and higher limits.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Cloudflare, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
cloudflare.com