Hello,
Cloudflare is going to be the only party within your setup that is not open source (correct me if I am wrong). So their technology (code) is not peer reviewed and there is always a chance that they may be snooping.
However, so far no researcher or security experts have raised any red flags on their service.
Technically speaking, open source products with peer reviewed code can only be the truly private.
But without cloudflare there is that need of your own Dedicated Public IP. It’s been over a decade but world is no where close to a IPv6 INTERNET.
There are only so many v4 addresses.
Imagine if all home users demanded v4 Public IP from their ISP.
Just like Let’s Encrypt made SSL free for all, services like CloudFlare are adding another much needed layer. Along with Free SSL Certificate, doing the Reverse Proxy and Secure Tunneling to allow servers to run over CG-NAT.
Unfortunately, until Internet moves to a true IPv6 setup, cloudflare tunnel is a necessary evil.
Thanks.