9 Total
1 High severity
8 Medium severity
0 Low severity
Summary

This document establishes Poshmark's data collection and use practices for users engaging in buying, selling, and browsing on its fashion resale platform. The policy authorizes collection of personal information including name, address, payment details, device identifiers, photos, and user activity, with provisions permitting disclosure to business partners for marketing and advertising purposes. User-generated content posted publicly on the platform, including profiles, listings, and comments, remains accessible to other users and third parties and may persist following account deletion.

Technical / Legal Breakdown

This document is Poshmark's Privacy Policy, governing the collection, use, disclosure, and retention of personal information from users of the Poshmark platform, a peer-to-peer social commerce marketplace, with a stated legal basis rooted in contractual necessity, consent, and legitimate business interests. The policy states that Poshmark collects a broad range of personal data including name, address, payment information, device identifiers, geolocation, photos, browsing and purchase history, and social graph connections, and the terms authorize use of this data for purposes including personalization, advertising, analytics, fraud prevention, and sharing with third-party business partners and service providers. Notably, the policy reserves the right to share personal information with a wide category of 'business partners' for marketing purposes and authorizes cross-context behavioral advertising, which the terms separately acknowledge may constitute a 'sale' or 'sharing' of personal data under California law, creating opt-out obligations; the breadth of the business partner sharing category and the public nature of user-generated content on the platform are operationally distinct from many consumer platforms where social visibility is more limited. The policy explicitly engages California Consumer Privacy Act and California Privacy Rights Act frameworks, providing opt-out mechanisms for data sale and sharing and sensitive data use, and acknowledges obligations to Nevada, Virginia, Colorado, Connecticut, and Utah residents, as well as referencing GDPR-equivalent obligations for users in certain international regions; enforcement context and the scope of applicable state privacy laws continue to evolve, and the practical enforceability of specific terms may vary by jurisdiction. Compliance teams should note that Poshmark's status as a social commerce platform means user-generated content, including photos and profile information, is broadly public by default, and the policy's treatment of publicly posted data as outside standard deletion or restriction rights warrants careful review.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

3 important changes detected

4 versions captured · Last updated: May 2026

May 27, 2026

unknown
What changed Poshmark updated their Poshmark Privacy Policy on May 27, 2026. Change detected: 83 sentence(s) added, 1 sentence(s) modified. Document contained 6786 sentences after update.
View full change record →
What changed Poshmark significantly expanded and restructured its Privacy Policy on April 19, 2026, adding 249 sentences to provide detailed disclosure of data collection, use, and sharing practices. The updated policy now explicitly describes what types of personal data the company collects (including names, addresses, payment information, photos, videos, and interaction data), how it uses that data, and how consumers can exercise their rights. The prior version was much shorter and less detailed, so this change increases transparency about Poshmark's data practices but does not appear to announce new data uses or remove consumer protections.
Why this matters Poshmark's updated Privacy Policy provides significantly more transparent disclosure about what personal data the company collects, how it uses that data, and how you can exercise your privacy rights. The policy now explicitly itemizes data collection points, including photos, videos, payment information, social media accounts, and user interaction data, and provides a dedicated section on consumer rights and choices. The policy also includes a dedicated California Privacy Notice supplement, indicating enhanced compliance with California privacy laws. You can review the full updated policy and California Privacy Notice to understand Poshmark's specific data practices and identify which privacy rights and choices are available to you.
View full change record →

March 25, 2026 medium

Poshmark expanded and reorganized its privacy policy on March 25, 2026, adding 249 sentences of new content that detail what data the company collects, how it uses that data, and …

View change record →

Recent Provision Changes May 27, 2026

Added (6)
Business Partner Data Sharing for Marketing High

This new high-severity provision discloses third-party data sharing for marketing with direct collection rights on platform, representing an expanded and more aggressive data monetization practice.

Public Content Exclusion from Deletion Rights Medium

This provision limits deletion rights by clarifying that publicly posted content may persist indefinitely after account deletion, reducing user control over personal data.

Data Collection Scope and Categories Medium

This new comprehensive disclosure itemizes extensive personal, financial, behavioral, and device data collection practices previously described vaguely as 'Financial Information Collection.'

User-Generated Content Public Visibility Medium

This new provision explicitly warns that user content is searchable and publicly accessible beyond registered users, increasing transparency about content exposure risks.

Children's Privacy and Age Restriction Medium

This new provision establishes COPPA compliance and child protection safeguards with clear notice and reporting procedures for unauthorized child data collection.

Removed (4)
Third-Party Data Sharing for Advertising

This vague provision was removed and replaced with more specific 'Business Partner Data Sharing for Marketing' (now high-severity) that explicitly allows direct partner data collection on platform.

Financial Information Collection

This provision was removed and its content incorporated into the new 'Data Collection Scope and Categories' provision with expanded scope.

Geolocation Data Collection

This previously identified provision is removed without replacement, creating potential gap in transparency regarding location tracking practices.

User Content License Grant

This low-severity provision was removed, potentially indicating weaker disclosure of Poshmark's rights to use user-generated content.

Modified (3)
Cookies and Cross-Context Behavioral Advertising

Previous version had empty excerpt for 'Cookies and Tracking Technologies'; current version now provides detailed disclosure of cross-context behavioral advertising and partner sharing practices.

Data Retention and Account Deletion

Previous version 'Data Retention Practices' and 'Account Closure and Data Handling' had empty excerpts; current version consolidates into single provision with explicit retention criteria and deletion procedures.

California Data Sale and Sharing Opt-Out

Previous 'California CCPA/CPRA Privacy Rights' had empty excerpt; current version now specifies opt-out mechanism for data sale/sharing with direct contact information and non-discrimination promise.

View full change record →
High — 1 provision
Medium — 8 provisions

Monitoring

Poshmark has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle Business Partner Data Sharing for Marketing and similar clauses.

Compare across platforms →

Mapped Governance Frameworks

CCPA/CPRA
California, USA
View official text ↗
Connecticut Data Privacy Act Amendments
US-CT
View official text ↗
CAN-SPAM
United States Federal
View official text ↗
FTC Act Section 5
United States Federal
View official text ↗
GDPR
European Union
View official text ↗
Indiana Consumer Data Protection Act
US-IN
View official text ↗
Kentucky Consumer Data Protection Act
US-KY
View official text ↗
Universal Opt-Out Mechanism Expansion 2026
US
View official text ↗
VPPA
United States Federal
View official text ↗
Archival ProvenanceSource & Archival Record
Last Captured May 27, 2026 00:45 UTC
Capture Method Automated scheduled archival capture
Document ID CA-D-000334
Version ID CA-V-003007
SHA-256 95748499aead6a2b0f334a37debca848375f262e06cdfa8613c3c49ba4be6f27
✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Governance Monitoring

Monitor governance changes across the platforms you rely on.

Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.

Create free account Compare plans