# Privacy & Consent
n360ortb includes built-in support for privacy regulations including GDPR/TCF, GPP (Global Privacy Platform), and US Privacy (CCPA).
## Overview
n360ortb automatically detects and reads consent signals from Consent Management Platforms (CMPs) that implement industry-standard APIs:
* **TCF v2** - IAB Transparency and Consent Framework
* **GPP** - IAB Global Privacy Platform
* **USP** - IAB US Privacy String (CCPA)
## GDPR / TCF v2
n360ortb automatically detects TCF v2 CMPs via the `__tcfapi` interface and reads the TC string.
### Configuration
```javascript
n360ortb.init({
currency: 'EUR',
gdpr: {
cmpTimeout: 1000 // Wait up to 1 second for CMP
}
});
```
### Options
| Property | Type | Default | Description |
| ---------- | ------ | ------- | ------------------------------------- |
| cmpTimeout | number | 50 | Milliseconds to wait for CMP response |
### How It Works
1. n360ortb calls `__tcfapi('getTCData')` when the page loads
2. If consent data is available within the timeout, it's included in bid requests
3. If the CMP doesn't respond in time, the request proceeds without consent data
4. SSPs receive the TC string and apply their consent logic
### Best Practices
* Set `cmpTimeout` high enough for your CMP to initialize
* Consider user experience - longer timeouts delay ad loading
* A timeout of 500-1500ms is typically sufficient
```javascript
// Recommended for most CMPs
n360ortb.init({
currency: 'EUR',
gdpr: {
cmpTimeout: 1000
}
});
```
### Direct Consent Passthrough
When running inside an iframe where the CMP is not accessible (e.g., GAM creative), you can pass consent data directly:
```javascript
n360ortb.init({
gdpr: {
applies: true, // Whether GDPR applies
consent: 'TC_STRING...' // The TC consent string
}
});
```
| Property | Type | Description |
| -------- | ------- | ------------------------------------ |
| applies | boolean | Whether GDPR applies to this request |
| consent | string | The IAB TCF v2 consent string |
When `applies` and `consent` are provided, n360ortb skips CMP detection and uses the provided values immediately.
{% hint style="info" %}
This is particularly useful for [GAM creative integration](https://developer.nexx360.io/direct-integration-n360ortb/gam-integration/integration-in-gam-as-creative) where you can use GAM macros like `%%GDPR%%` and `%%GDPR_CONSENT_755%%` to pass consent data.
{% endhint %}
## GPP (Global Privacy Platform)
n360ortb supports the IAB Global Privacy Platform for unified privacy signals across jurisdictions.
### Configuration
```javascript
n360ortb.init({
currency: 'USD',
gpp: {
cmpTimeout: 1000
}
});
```
### Options
| Property | Type | Default | Description |
| ---------- | ------ | ------- | ----------------------------------------- |
| cmpTimeout | number | 50 | Milliseconds to wait for GPP CMP response |
### How It Works
1. n360ortb calls the GPP API (`__gpp`) to retrieve the GPP string
2. The GPP string and applicable sections are included in bid requests
3. SSPs interpret the GPP string according to their policies
## US Privacy (CCPA)
n360ortb supports the IAB US Privacy String for CCPA compliance.
### Configuration
```javascript
n360ortb.init({
currency: 'USD',
usPrivacy: {
cmpTimeout: 500
}
});
```
### Options
| Property | Type | Default | Description |
| ---------- | ------ | ------- | ----------------------------------------- |
| cmpTimeout | number | 50 | Milliseconds to wait for USP API response |
### How It Works
1. n360ortb calls `__uspapi('getUSPData')` to retrieve the US Privacy string
2. The USP string (e.g., "1YNN") is included in bid requests
3. SSPs apply their CCPA logic based on the string values
## Combining Privacy Configurations
You can enable multiple privacy frameworks simultaneously:
```javascript
n360ortb.init({
currency: 'EUR',
gdpr: {
cmpTimeout: 1000
},
gpp: {
cmpTimeout: 1000
},
usPrivacy: {
cmpTimeout: 500
}
});
```
n360ortb will attempt to read consent from all configured frameworks and include available signals in bid requests.
## Example: Full Privacy Configuration
```html
```
## Consent Timeout Behavior
When consent is not available within the configured timeout:
| Scenario | Behavior |
| ------------------------- | ---------------------------------------- |
| CMP not present | Request proceeds without consent signals |
| CMP timeout | Request proceeds without consent signals |
| User hasn't consented yet | Request proceeds without consent signals |
| Consent available | Consent signals included in request |
{% hint style="warning" %}
When consent signals are not available, some SSPs may not bid or may bid at reduced rates depending on their policies and the user's jurisdiction.
{% endhint %}
## Debugging Consent
To verify consent is being captured correctly:
1. Open browser developer tools
2. Go to the Network tab
3. Find the bid request to Nexx360
4. Check the request payload for:
* `gdpr` and `gdpr_consent` fields (TCF)
* `gpp` and `gpp_sid` fields (GPP)
* `us_privacy` field (CCPA)
## Best Practices
1. **Load CMP first**: Ensure your CMP script loads before n360ortb
2. **Set appropriate timeouts**: Balance consent capture with ad load speed
3. **Test thoroughly**: Verify consent flows in different scenarios
4. **Monitor fill rates**: Low fill rates may indicate consent issues
## Compliance Note
{% hint style="info" %}
n360ortb provides the technical capability to pass consent signals to SSPs. Publishers are responsible for implementing a compliant CMP and ensuring proper consent collection according to applicable laws.
{% endhint %}
## Next Steps
* [Installation](https://developer.nexx360.io/direct-integration-n360ortb/installation) - Setup instructions
* [API Reference](https://developer.nexx360.io/direct-integration-n360ortb/api-reference) - Complete API documentation
* [GAM Integration](https://developer.nexx360.io/direct-integration-n360ortb/gam-integration) - Google Ad Manager setup