Defining P3P Policy for your website

 Return to Introduction  Previous page  Next page

Sales-n-Stats software can collect various information about website visitors which can be used later to improve an online business and to help serve customers better. However, this information can be easily abused if the site owner uses it for other purposes, such as sending spam or selling it to a third party.  That is why it is standard practice to have a privacy policy at your website explaining what user information is collected and what purposes it is used for.

Since it may be very tedious to read a privacy policy on every site, the World Wide Web Consortium (W3C) developed The Platform for Privacy Preferences Project (P3P) which allows websites to post their privacy policy in a machine-readable format. When information about a site's privacy practices is available in P3P format, the web browser can promptly advise the user visiting this site if the privacy policy of the site satisfies the selected level of privacy. Of course, machine-readable policy does not substitute for human-readable text and is only an extension that makes online experience more comfortable.

Modern web browsers check site Compact Policy before accepting cookies from the site. Sales-n-Stats JavaScript tracker sends Compact Policy in HTTP headers to comply with P3P requirement.

Sales-n-Stats is shipped with P3P policy that is typical for an average e-commerce website and is suitable in most cases, however, if your privacy policy differs from the default privacy policy, you should edit P3P Policy field in the Collector settings dialog so it matches the actual privacy policy of your site.  

Below is the default Sales-n-Stats compact privacy policy shipped with the system:

CP="NON CURa ADMa DEVa TAIa CONi OUR DELa BUS IND PHY ONL UNI PUR COM NAV DEM STA"

Description

NON     No access is available to collected information.

CURa   The data is used for completion of the current activity.

ADMa The data is used for site administration.

DEVa   The data is used for research and development.

TAIa   The data is used for tailoring the site.

CONi   The data is used for contacting the user, if the user selects it.

OUR   The data is given to ourselves and our agents.

DELa   The data is given to delivery services.

BUS   Our business practices specify how long the data will be kept.

IND     The data will be kept indefinitely.

PHY   Physical contact information is collected.

ONL   Online contact information is collected.

UNI     Unique identifiers are collected.

PUR   Purchase information is collected.

COM   Computer information is collected.

NAV   Navigation and clickstream data is collected.

DEM   Demographic and socioeconomic data is collected.

STA   State-management data is collected

For the full Compact Policy Vocabulary please refer to the Platform of Privacy Preferences specification available at W3C Consortium website http://www.w3.org/P3P/

We also recommend you download IBM P3P Policy Editor software http://www.alphaworks.ibm.com/tech/p3peditor that allows to create your own P3P policy in a visual mode.

Disclaimer: The P3P policy shipped with Sales-n-Stats software is a sample policy provided for reference purposes only. It is your responsibility to make sure that P3P policy defined in the Collector settings matches the actual privacy policy of your website.