Privacy policy (operational summary)
This page outlines, at a high level, what data the Posh platform may process when a merchant uses the admin panel, storefront, or integrations (orders, payments, email, file storage). Complete and review it with legal counsel for your jurisdiction and real use of personal data.
Controller and purposes
End-customer data (name, contact, address, tax ID if applicable, line items) is stored to fulfil orders, internal billing, and purchase-related communications. Store owner and staff data is used for accounts, Posh subscription billing where applicable, and support.
Legal basis and retention
Retention is mainly defined by each merchant’s legal and business obligations. As technical guidance: orders and receipts are typically kept while the store is active plus any period required locally; cancelled accounts may be deleted or anonymized per your policy and contracts with Posh.
Sub-processors
Vendors may include hosting, database, transactional email (e.g. Resend), file storage (e.g. S3), and, if configured, analytics (Google Analytics / GTM). Each has its own terms and data locations.
Rights
Data subjects may exercise access, correction, erasure, or objection rights under applicable law. Channels are defined by each merchant in their contact information.