Back to jobs
New

Privacy & Commercial Counsel

San Francisco, California, United States

Who Are We?

Postman is the world’s leading API platform, used by more than 45 million+ developers and 500,000 organizations, including 98% of the Fortune 500. Postman is helping developers and professionals across the globe build the API-first world by simplifying each step of the API lifecycle and streamlining collaboration—enabling users to create better APIs, faster.

The company is headquartered in San Francisco and has offices in Boston, New York, Austin, Tokyo, London, and Bangalore - where Postman was founded. Postman is privately held, with funding from Battery Ventures, BOND, Coatue, CRV, Insight Partners, and Nexus Venture Partners. Learn more at postman.com or connect with Postman on X via @getpostman.

P.S: We highly recommend reading The "API-First World" graphic novel to understand the bigger picture and our vision at Postman.

The Opportunity

Every enterprise deal Postman closes, every partner integration it launches, and every vendor it onboards more often than not involve privacy. As Privacy & Commercial Counsel, you will own the commercial privacy workstream that keeps these transactions moving: negotiating DPAs, responding to customer and partner privacy questionnaires, advising go-to-market teams on privacy-related deal issues, and translating regulatory requirements into contract language that counterparties can accept and Postman can operationalize.

Reporting to the Managing Counsel, Commercial, you will sit within the Commercial Legal team and serve as the primary point of contact for privacy questions that surface in the course of commercial transactions. You will work closely with the team under Managing Counsel, Compliance, including Sr. Privacy Counsel (who owns the privacy program), Sr Product Counsel, and AI & Security Counsel, particularly when updating templates and playbooks, escalating novel privacy issues, and translating the privacy dimensions of new products and services into commercial terms and customer-facing policies.

This role is heavily focused on privacy, with the opportunity to support commercial deal volume as capacity allows. In practice, we expect roughly 70-80% of your time on privacy-related work and 20-30% supporting the broader commercial deal pipeline. The right candidate will combine deep knowledge of global privacy frameworks with the speed, commercial instinct, and stakeholder management skills needed to operate in a high-growth enterprise SaaS environment.

What You'll Do

Commercial Privacy

  • Serve as the primary legal resource for privacy questions arising in commercial transactions, including enterprise customer deals, vendor agreements, and partner contracts.
  • Draft, review, and negotiate data processing agreements (DPAs), data protection addenda, and related privacy terms on both Postman paper and counterparty paper.
  • Manage a high volume of customer and prospect privacy questionnaires, security questionnaires, and due diligence requests, working with Security and Compliance teams to provide accurate, timely responses.
  • Advise Sales, Deal Operations, and Partner teams on privacy-related deal issues, translating complex regulatory requirements into clear, actionable guidance that non-lawyers can apply.
  • Monitor and interpret developments in global privacy law (GDPR, UK GDPR, CCPA/CPRA, and emerging frameworks) and advise on their impact to Postman's commercial contracting positions.
  • Advise on Postman’s established international data transfer mechanisms (SCCs, UK Addendum, adequacy decisions, transfer risk assessments) as they apply to customer and vendor transactions.

Templates, Playbooks, and Processes

  • Maintain and update Postman's DPA templates, privacy-related contract clauses, and negotiation playbooks to reflect changes in law, product, and commercial practice.
  • Partner with Sr. Privacy Counsel, Product Counsel, and AI & Security Counsel to translate the privacy components of new products, features, and services into commercial terms and customer-facing documentation.
  • Develop and maintain privacy-related FAQs, decision trees, and self-serve resources that enable Legal team members, Sales, and Deal Ops, to handle routine privacy questions without attorney involvement.
  • Identify patterns in counterparty requests and privacy questionnaire responses that signal opportunities to update standard positions or streamline processes.

Commercial Deal Support

  • Support enterprise and mid-market commercial transactions beyond privacy as capacity allows, including reviewing subscription agreements, order forms, and related deal documents.
  • Provide practical, commercially-minded counsel to internal stakeholders, helping them make informed decisions without slowing deal momentum.
  • Contribute to broader Legal team initiatives, including process improvements, legal tooling, and knowledge sharing.

Cross-Functional Collaboration

  • Work daily with the Commercial Legal team on deal flow, escalations, and contracting strategy.
  • Collaborate with the Compliance Legal team on privacy program matters that affect commercial terms, including product launches, data processing changes, regulatory developments, and understanding Postman’s technical architecture and data handling practices well enough to advise accurately on privacy questions from customers and partners. 
  • Build trust as an accessible, responsive legal partner who makes privacy feel approachable rather than obstructive.

About You

Required Qualifications

  • J.D. from an accredited U.S. law school and admitted to the bar in at least one U.S. jurisdiction.
  • 5-8 years of legal experience with a meaningful focus on data privacy and commercial transactions, including substantial in-house experience at a technology company.
  • Deep working knowledge of GDPR, UK GDPR, CCPA/CPRA, and international data transfer mechanisms (SCCs, UK Addendum, transfer risk assessments).
  • Hands-on experience drafting and negotiating DPAs and data protection terms in the context of enterprise SaaS transactions.
  • Experience managing high volumes of customer privacy and security questionnaires with speed and accuracy.
  • Exceptional ability to balance precision with pace. You take privacy seriously without letting it become a bottleneck.
  • Strong stakeholder management skills, with a demonstrated ability to advise Sales teams on privacy matters in language they can act on.
  • Ability to simplify complex privacy regulations for non-privacy attorneys, sales teams, and business stakeholders without sacrificing accuracy.
  • Clear, confident communicator who works independently and exercises strong judgment on when to escalate and when to move forward.
  • Experience with AI tools applied to legal workflows (contract review, research, drafting, questionnaire management).

Preferred Qualifications

  • CIPP/US, CIPP/E, or CIPM certification
  • Working knowledge of privacy frameworks beyond GDPR and CCPA/CPRA, including LGPD (Brazil), PIPL (China), PIPA (South Korea), APPI (Japan), PDPA (Singapore), or other emerging national and regional data protection regimes.
  • Experience drafting and negotiating Business Associate Agreements (BAAs) under HIPAA, including familiarity with the interplay between BAA requirements and standard DPA terms in enterprise SaaS transactions.
  • Experience supporting commercial transactions in regulated industries (healthcare, financial services, government/public sector) where privacy and data handling requirements are subject to sector-specific frameworks beyond general data protection law.
  • Experience with privacy aspects of AI-related products and services, including model training, usage data, and AI governance frameworks.
  • Experience building or improving DPA templates, privacy playbooks, or privacy-related legal operations processes.
  • Familiarity with B2B SaaS product architectures and how data flows through API platforms, cloud infrastructure, and third-party integrations.
  • Experience supporting cloud marketplace transactions or technology partnerships where privacy and data handling are key negotiation points.
  • Prior experience working alongside a dedicated privacy program team while owning the commercial-facing privacy workstream.
  • Familiarity with SOC 2, ISO 27001, and other security frameworks as they intersect with commercial privacy requirements.
  • Experience with CLM platforms (Ironclad or similar).

What Success Looks Like

You will have established yourself as the go-to legal resource for privacy questions in Postman's commercial transactions. Our GTM teams will come to you first when a deal has a privacy dimension, and they will trust that you move at their pace. You will have taken full ownership of the DPA negotiation workstream, privacy questionnaire process, and commercial privacy playbooks. Your counterparts on the Compliance team will view you as a reliable partner who keeps commercial privacy aligned with the broader privacy program.

The reasonably estimated base salary for this role ranges from $190,000 to $230,000, plus a competitive equity package. Actual compensation is based on the candidate's skills, qualifications, and experience.

What Else?

In addition to Postman's pay-on-performance philosophy, and a flexible schedule working with a fun, collaborative team, Postman offers a comprehensive set of benefits, including full medical coverage, flexible PTO, wellness reimbursement, and a monthly lunch stipend. Along with that, our wellness programs will help you stay in the best of your physical and mental health. Our frequent and fascinating team-building events will keep you connected, while our donation-matching program can support the causes you care about. We’re building a long-term company with an inclusive culture where everyone can be the best version of themselves. 

At Postman we value in person collaboration. We are in office 5 days a week for all roles based out of our hubs in San Francisco Bay Area, Boston, Austin, New York City, Tokyo and London. For roles based in Bangalore, employees currently work in the office three days a week and will transition to five days per week by the end of the year. We were thoughtful in our approach which is based on collaboration and grounded in feedback from our workforce, leadership team, and peers. The benefits of our in office model will be shared knowledge, brainstorming sessions, communication, and building trust in-person that cannot be replicated via zoom.

Our Values

At Postman, we create with the same curiosity that we see in our users. We value transparency and honest communication about not only successes, but also failures. In our work, we focus on specific goals that add up to a larger vision. Our inclusive work culture ensures that everyone is valued equally as important pieces of our final product. We are dedicated to delivering the best products we can.

Equal opportunity

Postman is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Headhunters and recruitment agencies may not submit resumes/CVs through this website or directly to managers. Postman does not accept unsolicited headhunter and agency resumes. Postman will not pay fees to any third-party agency or company that does not have a signed agreement with Postman.

Create a Job Alert

Interested in building your career at Postman? Get future opportunities sent straight to your email.

Apply for this job

*

indicates a required field

Phone
Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf


Select...
Select...
Select...

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Postman’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Select...
Select...
Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Select...

Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Select...

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.