The only reason a business like CloudFlare offers a "Free plan" is to attract people to their service and then try to upgrade as many of them to paid plans.
He was happy to pay, they didn't capitalize on that.
Free DDoS protection is not a part of CloudFlare's business model -- plans [0]. A free CDN comes with caveats, like not receiving fast support, an SLA, etc... to name a few things the OP expected. There's no doubt CloudFlare lost a potential customer, but we just as well may not have all the details and shouldn't try running CloudFlare from our armchairs.
We must have different definitions of DDoS protection; what exactly are you thinking they are protecting that isn't covered instead by their Level 3, 4, and 7 attack protections? Of course, a CDN is by nature a protector of non-malicious DDoS, but the spirit of the conversation shouldn't really have to state such facts.
All CDNs offer DNS level DDOS protection by default. Not because they choose to, but because they have no other option. After all, the same IP ranges are used by all clients and this makes it impossible to pinpoint the original target. (thus no one to blame/bill)
Every CDN does it, but only CF claims it as a "feature".
He was happy to pay, they didn't capitalize on that.