Poshmark collects a broad range of information about you, including your contact details, payment information, photos, shopping behavior, search history, and technical information about the device you use to access the platform.
This analysis describes what Poshmark's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The breadth of data collected means Poshmark has a detailed picture of your identity, financial habits, interests, and device, which is used for personalization, advertising, and sharing with third parties as described elsewhere in the policy.
Poshmark's updated Privacy Policy provides significantly more transparent disclosure about what personal data the company collects, how it uses that data, and how you can exercise your privacy rights. The policy now explicitly itemizes data collection points, including photos, videos, payment information, social media accounts, and user interaction data, and provides a dedicated section on consumer rights and choices. The policy also includes a dedicated California Privacy Notice supplement, indicating enhanced compliance with California privacy laws. You can review the full updated policy and California Privacy Notice to understand Poshmark's specific data practices and identify which privacy rights and choices are available to you.
View change record →Poshmark's updated privacy policy provides more explicit detail about what categories of personal data the company collects through the platform, including user-generated content (photos, videos, listings), interaction data (likes, comments, offers), and payment information. The expanded disclosure does not necessarily indicate new data collection practices, but gives users clearer visibility into what information Poshmark holds. You can review the full policy at Poshmark's website to understand which data collection practices apply to your account activity and, if you are a California resident, consult the supplementary California Privacy Notice referenced in the policy.
View change record →This new comprehensive disclosure itemizes extensive personal, financial, behavioral, and device data collection practices previously described vaguely as 'Financial Information Collection.'
View full change record →Every interaction on Poshmark, from searching for items to completing a purchase, generates data that is collected and retained, creating a comprehensive profile of your behavior, preferences, and identity that may be shared with advertising and business partners.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
Poshmark has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We collect information you provide to us, such as your name, email address, postal address, phone number, credit card and other payment information, and photos. We also collect information about your activity on our platform, including items you view, buy, and sell, searches you conduct, and your interactions with other users. We collect device information such as your IP address, browser type, operating system, and device identifiers.— Excerpt from Poshmark's Poshmark Privacy Policy
REGULATORY LANDSCAPE: The categories of personal information collected, including payment card data, device identifiers, photos, and behavioral data, implicate multiple regulatory frameworks. Payment card data is governed by PCI DSS standards as well as applicable state financial data laws. Photos may constitute biometric data in certain jurisdictions, including Illinois under BIPA, if facial recognition or geometric analysis is applied. Device identifiers and behavioral data are subject to CCPA, CPRA, and state privacy law disclosure and access requirements. The FTC Act governs unfair or deceptive data collection practices. GOVERNANCE EXPOSURE: Medium. The breadth of collection is consistent with a social commerce platform of Poshmark's scale, but the inclusion of photos raises potential biometric data concerns in Illinois and other jurisdictions enacting biometric privacy legislation. Payment data handling obligations under PCI DSS should be verified independently of the privacy policy. JURISDICTION FLAGS: Illinois BIPA creates heightened exposure if Poshmark processes photos in ways that extract biometric identifiers such as faceprints. California CPRA requires disclosure of sensitive personal information categories and provides a right to limit their use, which applies to precise geolocation and certain financial data. EU and UK users have rights to access, correct, and object to processing of all personal data collected. CONTRACT AND VENDOR IMPLICATIONS: Data processing agreements with analytics, cloud hosting, payment processing, and advertising vendors should enumerate the specific categories of personal data processed and restrict use to disclosed purposes. Vendors who process photos should be assessed for biometric data processing capabilities, and contracts should address applicable biometric privacy law requirements. COMPLIANCE CONSIDERATIONS: A data inventory and mapping exercise should document all categories of personal data collected, the legal basis for collection in each jurisdiction, retention periods, and downstream sharing. Particular attention should be paid to photos and device data given their sensitivity and the evolving biometric privacy landscape. Data minimization principles should be evaluated to assess whether all collected data categories are necessary for the stated purposes.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The breadth of data collected means Poshmark has a detailed picture of your identity, financial habits, interests, and device, which is used for personalization, advertising, and sharing with third parties as described elsewhere in the policy.
Every interaction on Poshmark, from searching for items to completing a purchase, generates data that is collected and retained, creating a comprehensive profile of your behavior, preferences, and identity that may be shared with advertising and business partners.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Poshmark.