Privacy & Compliance Specialist

SuperpowerSan Francisco, CA
Onsite

About The Position

We are seeking a Privacy & Compliance Specialist to build and run Superpower's privacy and compliance program and accelerate our mission. We are looking for someone who cares deeply about protecting member health data, crossing t’s and dotting i’s, and can think at scale. Critically, you’re excited about joining a fast-growing startup (backed by some of the world's best healthcare investors) on a mission to provide everyone access to the world's best care. This role will own privacy and compliance end-to-end within our longevity and functional medicine model, ensuring that how we collect, use, and protect data and expand operations across 50 states remains safe, compliant, and built to move the business forward rather than slow it down.

Requirements

  • 5+ years in privacy and/or compliance, ideally in healthcare or another highly regulated, data-intensive industry, with hands-on experience running a privacy program.
  • Working fluency with HIPAA and modern privacy laws (state health privacy laws, CCPA/CPRA, FTC health data rules); familiarity with frameworks like SOC 2 a plus.
  • Ability to research and understand new regulatory requirements.
  • Independent operator that builds scalable frameworks rather than one-off fixes, flagging risks before they become blockers.
  • Strong judgment — able to distinguish real risk from theoretical risk, and to know when to escalate to counsel or leadership versus handle it directly.
  • Excellent communication skills and ability to translate complex privacy and compliance concepts into clear, actionable guidance for non-specialists.
  • Comfort with ambiguity, cross-functional collaboration, and building 0-to-1 infrastructure in a fast-moving, tech-enabled startup.
  • Self-starter with a can-do attitude and an ownership mindset — you don't wait to be told what to do.
  • Strong personal interest in longevity and preventive healthcare.

Nice To Haves

  • Privacy certification (e.g., CIPP/US, CIPM, CIPP/E, or CHPC) valued but not required.
  • No JD or bar membership; this is not a counsel role.

Responsibilities

  • Build and run Superpower's privacy program end-to-end — data mapping and inventory, privacy notices, consent flows, and data subject / patient rights requests (access, deletion, correction).
  • Establish how Superpower collects, stores, processes, and uses member health data across EMRs, health information exchanges, genetic reports, wearables, and the AI-powered digital twin.
  • Run privacy impact assessments and privacy-by-design reviews for new products, features, and services (e.g., prescription peptides).
  • Manage vendor privacy diligence, data processing agreements, and Business Associate Agreements, and maintain the record of processing and data flows.
  • Own compliance frameworks and audit readiness (e.g., HIPAA Security Rule, SOC 2) — policies, controls, evidence, and remediation.
  • Run security and privacy awareness training and maintain the company risk register.
  • Respond to customer and partner security questionnaires and support due diligence for partnerships and fundraising.
  • Own incident response and breach assessment / notification workflows, in coordination with Engineering and leadership.
  • Advise Product and Engineering on practical guardrails for AI-driven clinical recommendations and member data use.
  • Track evolving state and federal privacy regulations — HIPAA, state health privacy laws (e.g., Washington's My Health My Data Act), CCPA/CPRA, and FTC health data rules — and translate them into concrete internal requirements.

Benefits

  • Visa sponsorship
  • Support relocation to the United States
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service