diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index d648e83..e589949 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -76,7 +76,7 @@ jobs:
             exit 1
           fi
 
-          # Validate CLOUDFLARED_TOKEN (required since we deploy with cloudflare profile)
+          # Validate CLOUDFLARED_TOKEN (required for cloudflared tunnel service)
           if [ -z "${CLOUDFLARED_TOKEN}" ]; then
             echo "Missing required secret: CLOUDFLARED_TOKEN"
             exit 1
@@ -85,7 +85,7 @@ jobs:
           # Create .env file with required configuration
           echo "BEARER_TOKEN=${BEARER_TOKEN}" > .env
 
-          # Add optional Cloudflare Tunnel token if configured
+          # Add required Cloudflare Tunnel token
           if [ -n "${CLOUDFLARED_TOKEN}" ]; then
             echo "CLOUDFLARED_TOKEN=${CLOUDFLARED_TOKEN}" >> .env
           fi
@@ -116,4 +116,4 @@ jobs:
         run: mkdir -p logs
 
       - name: Deploy with Docker Compose
-        run: docker compose -p temp-monitor --profile cloudflare up -d --build --remove-orphans
+        run: docker compose -p temp-monitor up -d --build --remove-orphans
diff --git a/README.md b/README.md
index 260cea6..b895528 100644
--- a/README.md
+++ b/README.md
@@ -82,7 +82,7 @@ All configuration is done via environment variables in `.env`. Copy `.env.exampl
 |----------|---------|-------------|
 | `BEARER_TOKEN` | (required) | API authentication token |
 | `LOG_FILE` | `temp_monitor.log` | Log file path |
-| `CLOUDFLARED_TOKEN` | (none) | Cloudflare Tunnel token for docker-compose `cloudflared` service |
+| `CLOUDFLARED_TOKEN` | (required for CI) | Cloudflare Tunnel token for docker-compose `cloudflared` service (optional for local dev) |
 
 ### Webhook Settings
 
@@ -228,11 +228,13 @@ docker compose down
 
 **Note**: Requires privileged mode for I2C/hardware access.
 
-**Cloudflare Tunnel (Optional):** To enable the bundled Cloudflare Tunnel:
+**Cloudflare Tunnel:** The bundled Cloudflare Tunnel service starts automatically:
 1. Add `CLOUDFLARED_TOKEN` to `.env`
-2. Start with the cloudflare profile: `docker compose --profile cloudflare up -d`
+2. Start with: `docker compose up -d`
 3. In Cloudflare Zero Trust UI, point the tunnel service at `http://temp-monitor:8080`
 
+**Note:** `CLOUDFLARED_TOKEN` is **required for CI/production** - the CI workflow (`.github/workflows/ci.yml:79-83`) enforces this and will fail deployment if missing. For **local development**, the token is optional: if not set, the cloudflared service will fail to start but the main temp-monitor service continues working. To run locally without Cloudflare Tunnel, use `docker compose up -d temp-monitor`.
+
 ### Systemd Service
 
 ```bash
diff --git a/docker-compose.yml b/docker-compose.yml
index 0cd50e6..86ac37d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -28,6 +28,4 @@ services:
     command: tunnel --no-autoupdate run --token ${CLOUDFLARED_TOKEN}
     depends_on:
       - temp-monitor
-    restart: unless-stopped
-    profiles:
-      - cloudflare
\ No newline at end of file
+    restart: unless-stopped
\ No newline at end of file