Niggly problem here
Isn't Cloudflare US, and thus required to comply with US laws?
In that case, your privacy is only protected for as long as none of the agencies give in to their usual data fetishism - if that hasn't happened already (I can't imagine KPMG defying a National Security letter - they've got too much to lose). Maybe they're presently distracted by the COVID19 crisis, but the attraction is certainly there.
Not saying it's happening already, but caveat emptor IMHO.