Regardless of a certificate issuer being used, certificates are operated by Cloudflare's reverse-proxy servers that receive all data, decrypt it and transmit to origin servers, what imminently gives Cloudflare access to all data between site users and origin servers making it a traditional MITM. There is also a setting to disable SSL/TLS for communication with origin servers to send everything via unencrypted HTTP on port 80, since it's not required for origin servers to use SSL/TLS at all and end-users can never know whether web site owners have it or not.

Cloudflare logs absolutely everything and you can be sure about it. Also, their "Checking if the site connection is secure" wording is a biggest snake oil of digital security - sites that use Cloudflare put their users privacy and security at risk (when the treat model consists of law enforcement being an adversary, which is common nowadays).