Regardless of whether or not you provide your own SSL certificates, cloudflare still uses their own between their servers and client browsers. So any SSL encrypted traffic is unencrypted at their end before being re-encrypted with your certificate. How can such an entity be trusted?
People say that, but the actual data would be so vast and with so little actual usability, that the dilution of it still results in largely garbage data. Its only when you have a particular focus and have the ability to filter to that focus that the data becomes very valuable.
Even banks and card processors, who have direct, legal, and completely open access to data as critical as where every one of their customers spends money struggle to do more than harvest aggregated usage patterns. The idea that data volumes, at a couple more orders of magnitude and notably more generalized will be easily processed and harvested ends up being pretty silly.
Well yeah, it’s not easy. Which is why they limit what they do to the aggregated data or to targeted discovery.
But that’s only a small technical hurdle and the speed with which you can analyze the data grows much faster than the volume (especially if you are smart about what data you analyze and how you do it) so it won’t last forever.