What are the institutional and regulatory implications of this document?

REGULATORY EXPOSURE: This policy implicates the California Consumer Privacy Act as amended by CPRA (Cal. Civ. Code §1798.100 et seq.), enforced by the California Privacy Protection Agency; the EU General Data Protection Regulation (GDPR Arts. 5, 6, 13, 17, 20) enforced by relevant EU supervisory authorities; Canada's PIPEDA; and the FTC Act Section 5 prohibiting unfair or deceptive data practices, enforced by the Federal Trade Commission. COPPA (15 U.S.C. §6501) is implicated by Poshmark's stat…

How does Poshmark's Poshmark Privacy Policy affect users?

Poshmark collects extensive personal data including geolocation, device identifiers, financial information, social graph data, and behavioral patterns, and shares this information with advertising partners, analytics providers, and affiliated companies for marketing purposes that extend beyond the core marketplace function. Users have limited visibility into exactly which third parties receive their data and for how long it is retained, as retention periods are tied to broad 'business purposes'…

How often is Poshmark's Poshmark Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Poshmark updates this document?

Yes. Watcher subscribers ($9.99/month) can add Poshmark to their watchlist and receive same-day email alerts whenever this document or any other Poshmark document changes.

Poshmark Privacy Policy — Poshmark

9 Total

4 High severity

5 Medium severity

0 Low severity

Summary

Poshmark's privacy policy explains how the fashion resale platform collects and uses your personal information, including your name, email, purchase history, device data, precise location, and social connections. The most important thing to know is that Poshmark shares your personal data — including browsing behavior and purchase history — with third-party advertising and analytics partners, and California residents have the right to opt out of the sale of their personal information. If you are a California resident, you can submit a 'Do Not Sell My Personal Information' request through Poshmark's privacy settings or by contacting privacy@poshmark.com.

Technical Summary

This document is Poshmark's Privacy Policy, governing the collection, use, sharing, and retention of personal data from users of its peer-to-peer fashion resale platform, with legal bases including consent, contractual necessity, and legitimate interests depending on jurisdiction. The policy creates significant obligations on Poshmark to collect and process a broad range of data types — including precise geolocation, device identifiers, payment information, behavioral data, and user-generated content — while granting Poshmark broad discretion to share this data with affiliates, service providers, advertising partners, and third parties for marketing and analytics purposes. Notably, the policy permits sharing personal data with third-party advertisers and data brokers for targeted advertising without a straightforward opt-out mechanism in the main policy text, and it retains data for unspecified periods tied to vague 'business purposes,' which deviates from data minimization principles under GDPR. The policy engages CCPA/CPRA (California residents), GDPR (EU/EEA users), PIPEDA (Canadian users), and the FTC Act Section 5, with Poshmark operating as both a data controller and processor in certain vendor contexts; California residents are afforded specific rights including the right to know, delete, and opt out of sale of personal information, while other US users receive fewer protections. Material compliance considerations include the adequacy of consent mechanisms for cross-border data transfers, the sufficiency of disclosed data retention schedules, and the breadth of 'affiliated companies' and 'business partners' defined as permissible data recipients.

Evidence Provenance

Captured April 19, 2026 06:30 UTC

Document ID CA-D-000334

Version ID CA-V-000824

Source URL https://poshmark.com/privacy

Wayback Machine View archived versions →

SHA-256 e8c42ef424cd6f3506430b58e5fd038e4d01ffc2494d19081e184f34ba50dcca

✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Cryptographically signed

Institutional Analysis

🔒 Institutional analysis locked

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Upgrade to Professional — $149/mo

Change Timeline

March 25, 2026 — Document updated medium

Poshmark updated their privacy policy on March 25, 2026 to version 8.2, adding extensive new sections that clearly describe what personal data they collect, how it is used and shared, and what rights users have. The previous version had a brief mission-focused introduction, while the new version provides a structured, detailed breakdown of data practices including payment information, user-generated content, and account data. This matters because users now have more transparency about exactly what information Poshmark collects and how it is handled.

249 added · 3 modified
View diff → View full record →
b594500b…
March 19, 2026 — Initial capture

Initial snapshot — monitoring begins

f7e643a8…

View full version history (0 captures) →

Analyzed Changes

1 change analyzed since monitoring began.

Updated March 25, 2026

medium

What changed Poshmark updated their Poshmark Privacy Policy on March 25, 2026. Change detected: 249 sentence(s) added, 3 sentence(s) modified. Document contained 6703 sentences after update.

Consumer impact Poshmark's updated privacy policy now provides significantly more detail about the personal data it collects, including your name, address, phone number, payment and bank account information, user-generated content, and behavioral data from your use of the platform. This gives users a clearer picture of their data exposure and what Poshmark does with their information. You can review the full updated policy and the supplemental California Privacy Notice to understand your specific rights and any opt-out options available to you.

Why it matters Poshmark's dramatically expanded privacy policy now explicitly discloses collection of sensitive financial data (credit cards, bank accounts) alongside behavioral and content data, giving users a clearer but more comprehensive picture of their data exposure. Users who were unaware of the breadth of data collection — particularly payment information — should review the updated policy to understand their rights and options.

Recent Clause-Level Changes Mar 25, 2026

8 provisions unchanged.

View full change record →

High Severity — 4 provisions

Third-Party Advertising Data Sharing

Poshmark allows outside advertising companies to place tracking technologies on the platform and collect your data over time and across different websites to show you targeted ads.

Added April 28, 2026
Geolocation Data Collection

Poshmark can collect your precise GPS location when you use the app if you grant permission, using multiple tracking methods including cell towers and Wi-Fi.

Added April 28, 2026
Social Media and Third-Party Platform Integrations

Poshmark includes buttons and tools from Facebook and other social media platforms that can track your IP address and browsing activity on Poshmark even if you don't click them.

Added April 28, 2026
Payment and Financial Data Collection

Poshmark collects your credit or debit card numbers and billing address when you make purchases on the platform.

Added April 28, 2026

Medium Severity — 5 provisions

Data Retention Tied to Business Purposes

Poshmark keeps your personal data for as long as your account exists or as long as they decide they need it for business, legal, or dispute reasons — with no specific time limits given.

Added April 28, 2026
California Do Not Sell or Share Rights (CCPA/CPRA)

California residents have specific legal rights under state law, including the ability to see what data Poshmark has on you, ask them to delete it, and tell them not to sell it to others.

Added April 28, 2026
Data Sharing with Affiliated Companies

Poshmark can share all your personal data with related companies (including its parent company Naver Corporation) for any purpose described in this privacy policy.

Added April 28, 2026
Children's Age Restriction and Minimum Age Policy

Poshmark does not allow children under 13 to use the platform and will delete any data it discovers was collected from a child under 13.

Added April 28, 2026
User-Generated Content and Public Profile Data

Anything you post publicly on Poshmark — including listings, comments, and profile information — can be collected and used by other users and third parties, and Poshmark is not responsible for what happens to that information.

Added April 28, 2026

Cross-platform context

See how other platforms handle Children's Privacy (COPPA Compliance) and similar clauses.

Compare across platforms →

Applicable Regulations

CCPA/CPRA

California, USA

CFAA

United States Federal

CAN-SPAM

United States Federal

DMCA

United States Federal

GDPR

European Union