TL;DR: We've been on the Cloudflare Business plan ($250/month) for years. They suddenly contacted us and asked us to either pay them $120k up front for one year of Enterprise within 24 hours or they would take down all of our domains. While this escalated up our business we had 3 sales calls with them, trying to figure out what was happening and how to reach a reasonable contract in a week. When we told them we were also in talks with Fastly, they suddenly "purged" all our domains, causing huge downtime in our core business, sleepless nights migrating away from CF, irreparable loss in customer trust and weeks of ongoing downtime in our internal systems.
This is how I view it. Even if they were doing it maliciously, it is still a company and cloud flare should make the assumption they didn’t know they were doing anything wrong. Tell them it’s actually not allowed, that you just caught it, and give a clear (reasonable) timeline on getting to compliance.