The NSL directed Cloudflare to provide the FBI with the names, addresses and the transaction records of certain customers. Although the company removed the request's details in the subpoena it published, it reportedly has some pretty controversial customers. In 2015, hacker collective Anonymous accused the service of doing business with ISIS-related websites. Cloudflare protects its customers from distributed denial of service (DDoS) attacks, preventing the hacker group from launching these against targets
Instead of complying to the NSL, though, Cloudflare teamed up with the EFF to bring the matter to court. The FBI rescinded the request in July 2013, five months after the company received the subpoena. However, Cloudflare had to fight the gag order in court for years. According to the EFF, the FBI lifted it in the end, because it's required to periodically review active gag orders under the USA Freedom Act of 2015. That's not always a good thing, the EFF says, because it leads to selective transparency. The organization says:
"Make no mistake: this process is irredeemably flawed. It fails to place on the FBI the burden of justifying NSL gag orders in a timely fashion to a neutral third party, namely a federal court. Nevertheless, Cloudflare's fight demonstrates that it is not unreasonable to require the FBI to relinquish some of its customary secrecy in national security cases."
You can read the company's full transparency report for the second half of 2016 on its website.