How is this a violation of personal privacy? Sending mail? Submitting name & address to a business, a readily available datapoint for probably anybody?
That's 500 million people (EU), 25 Million people (California), and of course you forget about all the other places that have PII data protection laws, like Virginia, Colorado, Connecticut, Utah, and increasingly more US states. Then, of course, there is Canada, the UK, Brazil, South Korea, Japan, Australia, New Zealand, India, South Africa, Singapore, Israel, all of which have GDPR-compatible laws or are quickly approaching it.
I am no lawyer. Before collecting data, better talk to one.
When people share their address with businesses, they are generally protected under laws like GDPR and CCPA.
OP’s site seems a bit hosed at the moment so I can’t dig into their privacy policy and see how they handle GDPR and CCPA deletion requests.