Privacy & Commercial Counsel responsible for negotiating DPAs, managing privacy questionnaires, advising sales on regulatory issues, and updating privacy templates/playbooks in high-volume enterprise SaaS transactions. Requires JD, 5-8 years privacy + commercial legal experience (in-house tech preferred), deep GDPR/CCPA knowledge, and ability to balance precision with deal speed.
Salary not listed
On-site5+ YOELegal
About the role
What You'll Do
Commercial Privacy
Serve as the primary legal resource for privacy questions arising in commercial transactions, including enterprise customer deals, vendor agreements, and partner contracts.
Draft, review, and negotiate data processing agreements (DPAs), data protection addenda, and related privacy terms on both Postman paper and counterparty paper.
Manage a high volume of customer and prospect privacy questionnaires, security questionnaires, and due diligence requests, working with Security and Compliance teams to provide accurate, timely responses.
Advise Sales, Deal Operations, and Partner teams on privacy-related deal issues, translating complex regulatory requirements into clear, actionable guidance that non-lawyers can apply.
Monitor and interpret developments in global privacy law (GDPR, UK GDPR, CCPA/CPRA, and emerging frameworks) and advise on their impact to Postman's commercial contracting positions.
Advise on Postman’s established international data transfer mechanisms (SCCs, UK Addendum, adequacy decisions, transfer risk assessments) as they apply to customer and vendor transactions.
Templates, Playbooks, and Processes
Maintain and update Postman's DPA templates, privacy-related contract clauses, and negotiation playbooks to reflect changes in law, product, and commercial practice.
Partner with Sr. Privacy Counsel, Product Counsel, and AI & Security Counsel to translate the privacy components of new products, features, and services into commercial terms and customer-facing documentation.
Develop and maintain privacy-related FAQs, decision trees, and self-serve resources that enable Legal team members, Sales, and Deal Ops to handle routine privacy questions without attorney involvement.
Identify patterns in counterparty requests and privacy questionnaire responses that signal opportunities to update standard positions or streamline processes.
Commercial Deal Support
Support enterprise and mid-market commercial transactions beyond privacy as capacity allows, including reviewing subscription agreements, order forms, and related deal documents.
Provide practical, commercially-minded counsel to internal stakeholders, helping them make informed decisions without slowing deal momentum.
Contribute to broader Legal team initiatives, including process improvements, legal tooling, and knowledge sharing.
Cross-Functional Collaboration
Work daily with the Commercial Legal team on deal flow, escalations, and contracting strategy.
Collaborate with the Compliance Legal team on privacy program matters that affect commercial terms, including product launches, data processing changes, regulatory developments, and understanding Postman’s technical architecture and data handling practices well enough to advise accurately on privacy questions from customers and partners.
Build trust as an accessible, responsive legal partner who makes privacy feel approachable rather than obstructive.
About You
Required Qualifications
J.D. from an accredited U.S. law school and admitted to the bar in at least one U.S. jurisdiction.
5-8 years of legal experience with a meaningful focus on data privacy and commercial transactions, including substantial in-house experience at a technology company.
Deep working knowledge of GDPR, UK GDPR, CCPA/CPRA, and international data transfer mechanisms (SCCs, UK Addendum, transfer risk assessments).
Hands-on experience drafting and negotiating DPAs and data protection terms in the context of enterprise SaaS transactions.
Experience managing high volumes of customer privacy and security questionnaires with speed and accuracy.
Exceptional ability to balance precision with pace. You take privacy seriously without letting it become a bottleneck.
Strong stakeholder management skills, with a demonstrated ability to advise Sales teams on privacy matters in language they can act on.
Ability to simplify complex privacy regulations for non-privacy attorneys, sales teams, and business stakeholders without sacrificing accuracy.
Clear, confident communicator who works independently and exercises strong judgment on when to escalate and when to move forward.
Experience with AI tools applied to legal workflows (contract review, research, drafting, questionnaire management).
Preferred Qualifications
CIPP/US, CIPP/E, or CIPM certification.
Working knowledge of privacy frameworks beyond GDPR and CCPA/CPRA, including LGPD (Brazil), PIPL (China), PIPA (South Korea), APPI (Japan), PDPA (Singapore), or other emerging national and regional data protection regimes.
Experience drafting and negotiating Business Associate Agreements (BAAs) under HIPAA, including familiarity with the interplay between BAA requirements and standard DPA terms in enterprise SaaS transactions.
Experience supporting commercial transactions in regulated industries (healthcare, financial services, government/public sector) where privacy and data handling requirements are subject to sector-specific frameworks beyond general data protection law.
Experience with privacy aspects of AI-related products and services, including model training, usage data, and AI governance frameworks.
Experience building or improving DPA templates, privacy playbooks, or privacy-related legal operations processes.
Familiarity with B2B SaaS product architectures and how data flows through API platforms, cloud infrastructure, and third-party integrations.
Experience supporting cloud marketplace transactions or technology partnerships where privacy and data handling are key considerations.
Skills
Data PrivacyGDPRCCPADpasData Processing AgreementsInternational Data TransfersSccsContract NegotiationPrivacy QuestionnairesLegal ResearchStakeholder ManagementAi Legal Tools
Product Counsel serving as embedded legal partner to product, engineering, and research teams at an AI video platform. Advise on generative AI issues including IP, copyright, right of publicity, privacy, and content moderation while building legal processes and triaging company-wide matters.
190k – 280k
On-site5+ YOELegal
Commercial Counsel-Infrastructure and GTM
Together AISan Francisco, CA
Commercial Counsel supporting infrastructure procurement (GPU/cloud capacity, data centers) and GTM enterprise deals at an AI infrastructure company. Requires JD, 5+ years in-house tech transactions experience, knowledge of data privacy, export controls, and regulatory regimes.
200k – 230k
On-site5+ YOELegal
Commercial Counsel
PostmanSan Francisco, CA
Commercial Counsel responsible for drafting, negotiating, and managing enterprise SaaS subscription agreements and strategic partner/channel/reseller agreements at Postman. Requires JD, 5-8 years B2B SaaS legal experience with strong focus on partnership deals, and ability to advise Sales and Partner teams.
190k – 230k
On-site5+ YOELegal
Contracts Manager
PostmanBoston, MA +1
Contracts Manager responsible for administering Postman's Ironclad CLM platform, managing high-volume commercial contract workflows, building templates and playbooks, and coordinating with Sales, Deal Ops, and Finance teams to ensure timely execution in a scaling B2B SaaS environment. Requires 5-7 years experience in contract management or legal operations.
100k – 140k
On-site5+ YOELegal
Legal Operations Manager
GustoDenver, CO +1
Legal Operations Manager owning systems, tools, processes, and AI solutions for Gusto's Legal & Compliance team. Requires 5+ years legal ops experience at high-growth tech companies, expertise with legal tech stack and AI tools, budgeting, outside counsel management, and metrics.