GDPR and Cloudflare

We implemented an application using Auth0 and we configured our tenants in the EU. Reasons: because our customers are based in the EU and we want of course to comply with GDPR.

A potential customer configured their firewall to make sure our application can connect to our cloud resources, but still they couldn’t make it work.
Troubleshooting the issue, we found out that our tenant URL (E.g. points to an IP address whose location is based in the US, which was blocked by their firewall.
According to the IP location query that I have run, that IP address points to Cloudflare. I guess Cloudflare is used internally by Auth0 to detect and mitigate security threats/issues.
Can you confirm this?

We assumed that because our tenants are configured to run in the EU, then we wouldn’t see any kind of request going outside of EU territory.

I have read the following page:
GDPR FAQ for Auth0 Customers - Auth0 Community

If I understand this correctly, GDPR applies also to non-EU based services/companies possessing data on EU residents, like Cloudflare, and Cloudflare seems to be compliant with it. Is that correct?

Our potential customers might have GDPR-related questions about the usage of an application whose all services run in the EU with the except of some requests made outside of the EU because of Cloudflare.
Is there a way to configure Cloudflare used in the tenant to use EU datacenters?

Thank you.