Cloudflare turnstile: Is cloudflare the data controller (GDPR)

I am working on integrating cloudflare turnstile on my website. I am currently looking at the cloudflare privacy policy. I am trying to decide if my analysis that cloudflare is a data controller is correct and thus the DPA does not apply when using turnstile

Text form the cloudflare privacy policy:
Cloudflare is a data controller for the personal information collected from all categories of data subjects listed above, with the following exceptions: Cloudflare is a data processor of Customer Logs, Administrative User logs, and some account settings information. In addition, Cloudflare is a data processor for any of the content provided by Customers and End Users through the Services that transits, or in some cases, is stored on, the Cloudflare network. Where Cloudflare is a data processor, Cloudflare processes data on behalf of its Customers pursuant to their data processing instructions.

My analysis:

  1. when using cloudflare they don’t process my logs
  2. when using cloudlare they don’t process administrative user logs and account settings
  3. Me or my webite visistors don’t provide content that ist stored on the cloudflare network.
  4. In addition cloudflare processes the data it collects with the turnstile solution according to their own insights

Conclusion:-> I am not a data controller, cloudflare is the data controller.

Is that correct?