Privacy policies need to be immediately accessible to users. Hiding your privacy info page behind captchas, using unclear names for links ("service status" as a link to privacy info for example), making users click through multiple pages to find it etc makes you non-compliant.
Basically: you cannot hide the information, you cannot make users jump through hoops (captchas, require signup/login, pay for accessing) to read them.
It really shouldn't, because the site owner is the one making the choice to use CF; CF is acting on their behalf (and the security-settings the site owner chooses at CF does influence whether and how often captchas are shown to users, i.e. "I'm under attack" mode). It would be different if the user's ISP did this.
This is another related issue, too, as CF is a data processor, so the controller (=site owner) needs to make users aware that their data is being shared with CloudFlare, as SSL terminates at CF, the content is analyzed and it's then (optionally re-encrypted) transmitted to the origin.
Basically: you cannot hide the information, you cannot make users jump through hoops (captchas, require signup/login, pay for accessing) to read them.