Poshmark can share your personal information with outside companies for their own marketing purposes, including companies that run co-branded promotions with Poshmark.
This analysis describes what Poshmark's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision extends the use of your personal data beyond Poshmark itself, allowing outside businesses to market directly to you based on information you provided to Poshmark, which may not match users' reasonable expectations.
Interpretive note: The category of business partners is not exhaustively defined, and the precise scope of data shared and purposes permitted may vary in practice; applicable law may impose additional restrictions on such sharing not fully captured by the policy's disclosures.
Poshmark's updated Privacy Policy provides significantly more transparent disclosure about what personal data the company collects, how it uses that data, and how you can exercise your privacy rights. The policy now explicitly itemizes data collection points, including photos, videos, payment information, social media accounts, and user interaction data, and provides a dedicated section on consumer rights and choices. The policy also includes a dedicated California Privacy Notice supplement, indicating enhanced compliance with California privacy laws. You can review the full updated policy and California Privacy Notice to understand Poshmark's specific data practices and identify which privacy rights and choices are available to you.
View change record →Poshmark's updated privacy policy provides more explicit detail about what categories of personal data the company collects through the platform, including user-generated content (photos, videos, listings), interaction data (likes, comments, offers), and payment information. The expanded disclosure does not necessarily indicate new data collection practices, but gives users clearer visibility into what information Poshmark holds. You can review the full policy at Poshmark's website to understand which data collection practices apply to your account activity and, if you are a California resident, consult the supplementary California Privacy Notice referenced in the policy.
View change record →This new high-severity provision discloses third-party data sharing for marketing with direct collection rights on platform, representing an expanded and more aggressive data monetization practice.
View full change record →Your name, contact details, purchase history, and behavioral data may be shared with third-party business partners who can use it for their own advertising campaigns, potentially resulting in targeted marketing from companies you have no direct relationship with.
How other platforms handle this
Loyalty and partner program companies. We share information with our loyalty and partner program companies, like Ulta Beauty and Marriott.
We may share your personal information with third parties in the following circumstances: with service providers who perform services on our behalf; with business partners with whom we jointly offer products or services; in connection with, or during negotiations of, any merger, sale of company asse...
We may collect information derived or resulting from voluntary surveys. We may also collect Personal Information when you voluntarily provide us with Personal Information as a Visitor, such as when you use our "Contact Us" form.
Monitoring
Poshmark has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may share your personal information with our business partners for their own marketing purposes. For example, we may share your information with companies that offer co-branded products or services. We may also allow business partners to collect information directly from you on our platform.— Excerpt from Poshmark's Poshmark Privacy Policy
REGULATORY LANDSCAPE: This provision directly implicates the CCPA and CPRA definitions of sale and sharing of personal information, as disclosure of personal data to third parties for cross-context behavioral advertising or other marketing purposes triggers opt-out obligations regardless of whether monetary consideration is exchanged. The California Privacy Protection Agency and the California Attorney General hold enforcement authority. Under GDPR, sharing personal data with third-party controllers for their own marketing purposes requires a separate lawful basis for each controller, and reliance on legitimate interests for such sharing faces heightened scrutiny. GOVERNANCE EXPOSURE: High. The breadth of the business partner category is not exhaustively defined in the policy, which creates ambiguity about which entities receive data and for what purposes. If business partners are receiving personal data for independent marketing use, they likely fall outside the CCPA service provider exemption, requiring that the sharing be treated as a sale or sharing under California law with corresponding opt-out mechanisms and contractual restrictions. JURISDICTION FLAGS: California presents the highest exposure due to CPRA opt-out requirements for sharing of personal information for cross-context behavioral advertising. Virginia, Colorado, Connecticut, and Utah similarly require opt-out rights for targeted advertising using personal data. EU and UK users are protected by GDPR and UK GDPR, which impose stricter controller-to-controller transfer requirements including separate lawful bases and data sharing agreements. CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should verify that all business partner relationships are governed by data sharing agreements that define permitted uses, restrict onward transfer, and align with applicable state law requirements. The absence of an exhaustive list of business partners in the policy may complicate vendor inventory and data mapping exercises. Contracts should specify whether business partners are classified as service providers, contractors, or third parties under CCPA or CPRA, as the classification determines the legal requirements for the sharing arrangement. COMPLIANCE CONSIDERATIONS: Compliance teams should audit whether Poshmark's opt-out mechanisms for data sale and sharing are operationally effective and whether the Global Privacy Control signal is honored for California users as required under CPRA. Data processing agreements with all business partners who receive personal data for marketing purposes should be reviewed and updated. A complete inventory of business partner data sharing relationships should be maintained and reflected in the policy's data practices disclosures.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision extends the use of your personal data beyond Poshmark itself, allowing outside businesses to market directly to you based on information you provided to Poshmark, which may not match users' reasonable expectations.
Your name, contact details, purchase history, and behavioral data may be shared with third-party business partners who can use it for their own advertising campaigns, potentially resulting in targeted marketing from companies you have no direct relationship with.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Poshmark.