Poshmark Privacy Policy — Poshmark

8 Total

5 High severity

3 Medium severity

0 Low severity

Summary

This is Poshmark's privacy policy, which explains what personal data the fashion resale platform collects — including your name, email, purchase history, device identifiers, location, and social connections — and how it shares that data with third parties, advertisers, and its parent company Naver in South Korea. The most important thing to know is that your Poshmark profile, listings, and much of your activity on the platform are publicly visible by default, meaning strangers can see what you buy and sell. California residents can opt out of the sale or sharing of their personal data for cross-context behavioral advertising by visiting Poshmark's 'Do Not Sell or Share My Personal Information' page.

Technical Summary

This document is Poshmark's Privacy Policy governing the collection, use, storage, and sharing of personal data by Poshmark Inc. and its parent Naver Corporation, with legal basis rooted in user consent, contractual necessity, and legitimate interests under applicable U.S. and international privacy frameworks. The policy creates significant obligations including Poshmark's right to share user data with third-party partners, service providers, affiliates including Naver Corporation, and in the context of business transactions such as mergers or acquisitions, while users bear responsibility for understanding these disclosures through continued use of the platform. Notably, the policy grants Poshmark broad latitude to share personal information — including purchase history, location data, and device identifiers — with social features designed to make much user activity publicly visible by default, which deviates from a privacy-by-design standard and creates elevated disclosure risk. The policy engages CCPA/CPRA (Cal. Civ. Code §1798.100 et seq.) with explicit California resident rights enumerated, GDPR/UK GDPR for international users, COPPA for users under 13, and the FTC Act Section 5 governing unfair or deceptive practices; material compliance considerations include the adequacy of consent mechanisms for cross-border data transfers to South Korea via Naver, and the breadth of 'publicly visible' default settings that may conflict with GDPR data minimization principles under Art. 5(1)(c).

Institutional Analysis

REGULATORY EXPOSURE: This policy engages CCPA/CPRA (Cal. Civ. Code §§1798.100–1798.199), requiring opt-out rights for data sale/sharing and honoring Global Privacy Control signals; GDPR Arts. 6, 13, 14, and 44–49 for EU/EEA users given data transfers to Naver in South Korea (not an adequacy-recogni…

🔒

Compliance intelligence locked

Regulatory exposure, material risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Evidence Provenance

Captured March 25, 2026 06:10 UTC

Document ID CA-D-000334

Version ID CA-V-000324

Source URL https://poshmark.com/privacy

Wayback Machine View archived versions →

SHA-256 b594500b24d46bb8a0ec8dae9dfc65eb98d8af70bdc1aef7dfb2d7a9a8969142

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Cryptographically signed

Change Timeline

March 25, 2026 — Document updated medium

Poshmark updated their Privacy Policy on March 25, 2026, moving from version 8.1 to 8.2. The new version adds detailed explanations of what personal data is collected — including names, addresses, payment information, and activity on the platform — and how it is used and shared. This matters because users now have a clearer picture of exactly what data Poshmark collects, which can help them make more informed decisions about what they share.

249 added · 3 modified
View changes → View record →
b594500b…
March 19, 2026 — Initial capture

First snapshot archived

f7e643a8…

Analyzed Changes

1 change analyzed since monitoring began.

Updated March 25, 2026

medium

What changed Poshmark updated their Poshmark Privacy Policy on March 25, 2026. Change detected: 249 sentence(s) added, 3 sentence(s) modified. Document contained 6703 sentences after update.

Consumer impact Poshmark's updated Privacy Policy now explicitly details the types of personal data collected, including your name, address, phone number, payment information, browsing activity, and social interactions on the platform. This gives users a much clearer understanding of the scope of data collection compared to the previous version. You can review the full updated policy and the California Privacy Notice if you are a California resident to understand your specific rights and opt-out options.

Why it matters This update significantly expands the detail of what data Poshmark discloses it collects — including payment information and behavioral activity — giving users a clearer but also more complete picture of how much data is gathered. Understanding this scope is essential for users to make informed choices about their participation on the platform.

High Severity — 5 provisions

Cross-Border Data Transfer to Naver Corporation
Poshmark shares your personal data with its parent company Naver Corporation, which is based in South Korea. This means your data may be processed outside the United States under different privacy laws.

Added April 1, 2026
Default Public Visibility of User Profiles and Transactions
Your Poshmark profile, listings, purchase history, and social activity are visible to the public by default — anyone can see what you buy and sell without being your follower or connection.

Added April 1, 2026
Sale and Sharing of Personal Data for Targeted Advertising
Poshmark shares your personal information — including browsing behavior, purchase history, and device identifiers — with third-party advertisers and analytics companies, which California law classifies as a 'sale' or 'sharing' of personal data.

Added April 1, 2026
Children's Privacy (COPPA Compliance)
Poshmark states it does not knowingly collect personal information from children under 13, but the platform is accessible without strict age verification, and users between 13-18 are subject to the general privacy policy.

Added April 1, 2026
Cookies, Tracking Technologies, and Advertising Networks
Poshmark uses cookies, web beacons, pixel tags, and similar tracking technologies on its platform and through third-party advertising networks to track your behavior across the internet and deliver targeted advertising.

Added April 1, 2026

Medium Severity — 3 provisions

Data Collection from Third-Party Sources
Poshmark collects information about you not just from your own activity on the app, but also from third-party data providers, social media platforms you connect to, and advertising partners — even when you are not using Poshmark.

Added April 1, 2026
Data Sharing in Business Transactions (Mergers and Acquisitions)
If Poshmark is acquired, merges with another company, or sells its assets, your personal data may be transferred to the new owner as part of that transaction — even if that company has different privacy practices.

Added April 1, 2026
California Resident Privacy Rights (CCPA/CPRA)
California residents have specific rights under state law to know what personal data Poshmark collects, to delete their data, to correct inaccurate data, to opt out of data sale/sharing, and to limit the use of sensitive personal information.

Added April 1, 2026