Poshmark · Poshmark Privacy Policy

Data Retention Tied to Business Purposes

Medium severity
Share 𝕏 Share in Share 🔒 PDF

What it is

Poshmark keeps your personal data for as long as your account exists or as long as they decide they need it for business, legal, or dispute reasons — with no specific time limits given.

Consumer impact (what this means for users)

Poshmark does not specify how long it retains different categories of personal data, meaning your purchase history, location data, and device identifiers could be stored for years without a clear endpoint. EU users should note this conflicts with GDPR's storage limitation principle and may support a deletion request.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Email privacy@poshmark.com with the subject 'Data Deletion Request' and include your registered account email. Request deletion of all personal data categories held by Poshmark and ask for confirmation of what data has been deleted.

Cross-platform context

See how other platforms handle Data Retention Tied to Business Purposes and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Without specific retention periods, Poshmark can hold your personal data indefinitely, making it harder for you to effectively exercise deletion rights and increasing the risk of your data being compromised in a breach.

View original clause language
We will retain your personal information for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes, and enforce our agreements.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: GDPR Art. 5(1)(e) requires data be kept no longer than necessary for the specified purpose (storage limitation principle), with Art. 13(2)(a) requiring specific retention periods to be communicated at collection. CPRA Cal. Civ. Code §1798.100(a)(3) requires businesses to disclose retention periods for each category of personal information. FTC Act Section 5 deceptive practices standards apply to vague retention commitments. Enforcement authority rests with EU supervisory authorities, the CPPA, and the FTC.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    The FTC can take enforcement action under Section 5 if Poshmark's vague retention practices constitute a deceptive or unfair trade practice.
    File a complaint →
  • State AG
    California's CPPA and Attorney General can enforce CPRA requirements for specific data retention period disclosures.
    File a complaint →

Provision details

Document information
Document
Poshmark Privacy Policy
Entity
Poshmark
Document last updated
April 29, 2026
Tracking information
First tracked
April 28, 2026
Last verified
April 28, 2026
Record ID
CA-P-003755
Document ID
CA-D-00334
Evidence Provenance
Source URL
https://poshmark.com/privacy
Wayback Machine
View archived versions →
SHA-256
2cc924fa513a0bd8e9feec282ca6e11d838f46832da0f5416673dd4f3402c29f
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Poshmark | Document: Poshmark Privacy Policy | Record: CA-P-003755
Captured: 2026-04-28 05:49:19 UTC | SHA-256: 2cc924fa513a0bd8…
URL: https://conductatlas.com/platform/poshmark/poshmark-privacy-policy/data-retention-tied-to-business-purposes/
Accessed: May 2, 2026
Classification
Severity
Medium
Categories
Unknown

Other provisions in this document