Sure, I still find it's a weird choice for a privacy-focused service. Also it's not clear that the Cloudflare cookie is really required to ensure the functionality of a web service (it probably isnt' as they're planning to get rid off it), so just pretending that you don't need to inform customers about this cookie set by your data processor is mere wishful thinking. Again, no one cares much about this and it's not enforced, if you're building a privacy-focused service you should give it some thought though instead of just saying "Cloudflare is cool because it gives me free TLS and load balancing". Just my 2c.
Regardinging CloudFlare cookies, I am not sure if this is the authors problem, since I guess he is neither processing nor storing any data about it.