Privacy & Commercial Counsel

PostmanSan Francisco, CA
Onsite

About The Position

Postman is seeking a Privacy & Commercial Counsel to own the commercial privacy workstream. This role involves negotiating DPAs, responding to privacy questionnaires, advising go-to-market teams, and translating regulatory requirements into contract language. The position reports to the Managing Counsel, Commercial, and will work closely with the Compliance Legal team. The role is primarily focused on privacy (70-80% of time) with the remainder supporting broader commercial deal volume. The ideal candidate will have deep knowledge of global privacy frameworks, commercial instinct, and stakeholder management skills for a high-growth enterprise SaaS environment.

Requirements

  • J.D. from an accredited U.S. law school and admitted to the bar in at least one U.S. jurisdiction.
  • 5-8 years of legal experience with a meaningful focus on data privacy and commercial transactions, including substantial in-house experience at a technology company.
  • Deep working knowledge of GDPR, UK GDPR, CCPA/CPRA, and international data transfer mechanisms (SCCs, UK Addendum, transfer risk assessments).
  • Hands-on experience drafting and negotiating DPAs and data protection terms in the context of enterprise SaaS transactions.
  • Experience managing high volumes of customer privacy and security questionnaires with speed and accuracy.
  • Exceptional ability to balance precision with pace. You take privacy seriously without letting it become a bottleneck.
  • Strong stakeholder management skills, with a demonstrated ability to advise Sales teams on privacy matters in language they can act on.
  • Ability to simplify complex privacy regulations for non-privacy attorneys, sales teams, and business stakeholders without sacrificing accuracy.
  • Clear, confident communicator who works independently and exercises strong judgment on when to escalate and when to move forward.
  • Experience with AI tools applied to legal workflows (contract review, research, drafting, questionnaire management).

Nice To Haves

  • CIPP/US, CIPP/E, or CIPM certification
  • Working knowledge of privacy frameworks beyond GDPR and CCPA/CPRA, including LGPD (Brazil), PIPL (China), PIPA (South Korea), APPI (Japan), PDPA (Singapore), or other emerging national and regional data protection regimes.
  • Experience drafting and negotiating Business Associate Agreements (BAAs) under HIPAA, including familiarity with the interplay between BAA requirements and standard DPA terms in enterprise SaaS transactions.
  • Experience supporting commercial transactions in regulated industries (healthcare, financial services, government/public sector) where privacy and data handling requirements are subject to sector-specific frameworks beyond general data protection law.
  • Experience with privacy aspects of AI-related products and services, including model training, usage data, and AI governance frameworks.
  • Experience building or improving DPA templates, privacy playbooks, or privacy-related legal operations processes.
  • Familiarity with B2B SaaS product architectures and how data flows through API platforms, cloud infrastructure, and third-party integrations.
  • Experience supporting cloud marketplace transactions or technology partnerships where privacy and data handling are key negotiation points.
  • Prior experience working alongside a dedicated privacy program team while owning the commercial-facing privacy workstream.
  • Familiarity with SOC 2, ISO 27001, and other security frameworks as they intersect with commercial privacy requirements.
  • Experience with CLM platforms (Ironclad or similar).

Responsibilities

  • Serve as the primary legal resource for privacy questions arising in commercial transactions, including enterprise customer deals, vendor agreements, and partner contracts.
  • Draft, review, and negotiate data processing agreements (DPAs), data protection addenda, and related privacy terms on both Postman paper and counterparty paper.
  • Manage a high volume of customer and prospect privacy questionnaires, security questionnaires, and due diligence requests, working with Security and Compliance teams to provide accurate, timely responses.
  • Advise Sales, Deal Operations, and Partner teams on privacy-related deal issues, translating complex regulatory requirements into clear, actionable guidance that non-lawyers can apply.
  • Monitor and interpret developments in global privacy law (GDPR, UK GDPR, CCPA/CPRA, and emerging frameworks) and advise on their impact to Postman's commercial contracting positions.
  • Advise on Postman’s established international data transfer mechanisms (SCCs, UK Addendum, adequacy decisions, transfer risk assessments) as they apply to customer and vendor transactions.
  • Maintain and update Postman's DPA templates, privacy-related contract clauses, and negotiation playbooks to reflect changes in law, product, and commercial practice.
  • Partner with Sr. Privacy Counsel, Product Counsel, and AI & Security Counsel to translate the privacy components of new products, features, and services into commercial terms and customer-facing documentation.
  • Develop and maintain privacy-related FAQs, decision trees, and self-serve resources that enable Legal team members, Sales, and Deal Ops, to handle routine privacy questions without attorney involvement.
  • Identify patterns in counterparty requests and privacy questionnaire responses that signal opportunities to update standard positions or streamline processes.
  • Support enterprise and mid-market commercial transactions beyond privacy as capacity allows, including reviewing subscription agreements, order forms, and related deal documents.
  • Provide practical, commercially-minded counsel to internal stakeholders, helping them make informed decisions without slowing deal momentum.
  • Contribute to broader Legal team initiatives, including process improvements, legal tooling, and knowledge sharing.
  • Work daily with the Commercial Legal team on deal flow, escalations, and contracting strategy.
  • Collaborate with the Compliance Legal team on privacy program matters that affect commercial terms, including product launches, data processing changes, regulatory developments, and understanding Postman’s technical architecture and data handling practices well enough to advise accurately on privacy questions from customers and partners.
  • Build trust as an accessible, responsive legal partner who makes privacy feel approachable rather than obstructive.

Benefits

  • full medical coverage
  • flexible PTO
  • wellness reimbursement
  • monthly lunch stipend
  • wellness programs
  • frequent and fascinating team-building events
  • donation-matching program

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Senior

Education Level

Ph.D. or professional degree

© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service