Privacy & Commercial Counsel
Who Are We?
Postman is the world’s leading API platform, used by more than 45 million+ developers and 500,000 organizations, including 98% of the Fortune 500. Postman is helping developers and professionals across the globe build the API-first world by simplifying each step of the API lifecycle and streamlining collaboration—enabling users to create better APIs, faster.
The company is headquartered in San Francisco and has offices in Boston, New York, Austin, Tokyo, London, and Bangalore - where Postman was founded. Postman is privately held, with funding from Battery Ventures, BOND, Coatue, CRV, Insight Partners, and Nexus Venture Partners. Learn more at postman.com or connect with Postman on X via @getpostman.
P.S: We highly recommend reading The "API-First World" graphic novel to understand the bigger picture and our vision at Postman.
The Opportunity
Every enterprise deal Postman closes, every partner integration it launches, and every vendor it onboards more often than not involve privacy. As Privacy & Commercial Counsel, you will own the commercial privacy workstream that keeps these transactions moving: negotiating DPAs, responding to customer and partner privacy questionnaires, advising go-to-market teams on privacy-related deal issues, and translating regulatory requirements into contract language that counterparties can accept and Postman can operationalize.
Reporting to the Managing Counsel, Commercial, you will sit within the Commercial Legal team and serve as the primary point of contact for privacy questions that surface in the course of commercial transactions. You will work closely with the team under Managing Counsel, Compliance, including Sr. Privacy Counsel (who owns the privacy program), Sr Product Counsel, and AI & Security Counsel, particularly when updating templates and playbooks, escalating novel privacy issues, and translating the privacy dimensions of new products and services into commercial terms and customer-facing policies.
This role is heavily focused on privacy, with the opportunity to support commercial deal volume as capacity allows. In practice, we expect roughly 70-80% of your time on privacy-related work and 20-30% supporting the broader commercial deal pipeline. The right candidate will combine deep knowledge of global privacy frameworks with the speed, commercial instinct, and stakeholder management skills needed to operate in a high-growth enterprise SaaS environment.
What You'll Do
Commercial Privacy
- Serve as the primary legal resource for privacy questions arising in commercial transactions, including enterprise customer deals, vendor agreements, and partner contracts.
- Draft, review, and negotiate data processing agreements (DPAs), data protection addenda, and related privacy terms on both Postman paper and counterparty paper.
- Manage a high volume of customer and prospect privacy questionnaires, security questionnaires, and due diligence requests, working with Security and Compliance teams to provide accurate, timely responses.
- Advise Sales, Deal Operations, and Partner teams on privacy-related deal issues, translating complex regulatory requirements into clear, actionable guidance that non-lawyers can apply.
- Monitor and interpret developments in global privacy law (GDPR, UK GDPR, CCPA/CPRA, and emerging frameworks) and advise on their impact to Postman's commercial contracting positions.
- Advise on Postman’s established international data transfer mechanisms (SCCs, UK Addendum, adequacy decisions, transfer risk assessments) as they apply to customer and vendor transactions.
Templates, Playbooks, and Processes
- Maintain and update Postman's DPA templates, privacy-related contract clauses, and negotiation playbooks to reflect changes in law, product, and commercial practice.
- Partner with Sr. Privacy Counsel, Product Counsel, and AI & Security Counsel to translate the privacy components of new products, features, and services into commercial terms and customer-facing documentation.
- Develop and maintain privacy-related FAQs, decision trees, and self-serve resources that enable Legal team members, Sales, and Deal Ops, to handle routine privacy questions without attorney involvement.
- Identify patterns in counterparty requests and privacy questionnaire responses that signal opportunities to update standard positions or streamline processes.
Commercial Deal Support
- Support enterprise and mid-market commercial transactions beyond privacy as capacity allows, including reviewing subscription agreements, order forms, and related deal documents.
- Provide practical, commercially-minded counsel to internal stakeholders, helping them make informed decisions without slowing deal momentum.
- Contribute to broader Legal team initiatives, including process improvements, legal tooling, and knowledge sharing.
Cross-Functional Collaboration
- Work daily with the Commercial Legal team on deal flow, escalations, and contracting strategy.
- Collaborate with the Compliance Legal team on privacy program matters that affect commercial terms, including product launches, data processing changes, regulatory developments, and understanding Postman’s technical architecture and data handling practices well enough to advise accurately on privacy questions from customers and partners.
- Build trust as an accessible, responsive legal partner who makes privacy feel approachable rather than obstructive.
About You
Required Qualifications
- J.D. from an accredited U.S. law school and admitted to the bar in at least one U.S. jurisdiction.
- 5-8 years of legal experience with a meaningful focus on data privacy and commercial transactions, including substantial in-house experience at a technology company.
- Deep working knowledge of GDPR, UK GDPR, CCPA/CPRA, and international data transfer mechanisms (SCCs, UK Addendum, transfer risk assessments).
- Hands-on experience drafting and negotiating DPAs and data protection terms in the context of enterprise SaaS transactions.
- Experience managing high volumes of customer privacy and security questionnaires with speed and accuracy.
- Exceptional ability to balance precision with pace. You take privacy seriously without letting it become a bottleneck.
- Strong stakeholder management skills, with a demonstrated ability to advise Sales teams on privacy matters in language they can act on.
- Ability to simplify complex privacy regulations for non-privacy attorneys, sales teams, and business stakeholders without sacrificing accuracy.
- Clear, confident communicator who works independently and exercises strong judgment on when to escalate and when to move forward.
- Experience with AI tools applied to legal workflows (contract review, research, drafting, questionnaire management).
Preferred Qualifications
- CIPP/US, CIPP/E, or CIPM certification
- Working knowledge of privacy frameworks beyond GDPR and CCPA/CPRA, including LGPD (Brazil), PIPL (China), PIPA (South Korea), APPI (Japan), PDPA (Singapore), or other emerging national and regional data protection regimes.
- Experience drafting and negotiating Business Associate Agreements (BAAs) under HIPAA, including familiarity with the interplay between BAA requirements and standard DPA terms in enterprise SaaS transactions.
- Experience supporting commercial transactions in regulated industries (healthcare, financial services, government/public sector) where privacy and data handling requirements are subject to sector-specific frameworks beyond general data protection law.
- Experience with privacy aspects of AI-related products and services, including model training, usage data, and AI governance frameworks.
- Experience building or improving DPA templates, privacy playbooks, or privacy-related legal operations processes.
- Familiarity with B2B SaaS product architectures and how data flows through API platforms, cloud infrastructure, and third-party integrations.
- Experience supporting cloud marketplace transactions or technology partnerships where privacy and data handling are key negotiation points.
- Prior experience working alongside a dedicated privacy program team while owning the commercial-facing privacy workstream.
- Familiarity with SOC 2, ISO 27001, and other security frameworks as they intersect with commercial privacy requirements.
- Experience with CLM platforms (Ironclad or similar).
What Success Looks Like
You will have established yourself as the go-to legal resource for privacy questions in Postman's commercial transactions. Our GTM teams will come to you first when a deal has a privacy dimension, and they will trust that you move at their pace. You will have taken full ownership of the DPA negotiation workstream, privacy questionnaire process, and commercial privacy playbooks. Your counterparts on the Compliance team will view you as a reliable partner who keeps commercial privacy aligned with the broader privacy program.
The reasonably estimated base salary for this role ranges from $190,000 to $230,000, plus a competitive equity package. Actual compensation is based on the candidate's skills, qualifications, and experience.
What Else?
In addition to Postman's pay-on-performance philosophy, and a flexible schedule working with a fun, collaborative team, Postman offers a comprehensive set of benefits, including full medical coverage, flexible PTO, wellness reimbursement, and a monthly lunch stipend. Along with that, our wellness programs will help you stay in the best of your physical and mental health. Our frequent and fascinating team-building events will keep you connected, while our donation-matching program can support the causes you care about. We’re building a long-term company with an inclusive culture where everyone can be the best version of themselves.
At Postman we value in person collaboration. We are in office 5 days a week for all roles based out of our hubs in San Francisco Bay Area, Boston, Austin, New York City, Tokyo and London. For roles based in Bangalore, employees currently work in the office three days a week and will transition to five days per week by the end of the year. We were thoughtful in our approach which is based on collaboration and grounded in feedback from our workforce, leadership team, and peers. The benefits of our in office model will be shared knowledge, brainstorming sessions, communication, and building trust in-person that cannot be replicated via zoom.
Our Values
At Postman, we create with the same curiosity that we see in our users. We value transparency and honest communication about not only successes, but also failures. In our work, we focus on specific goals that add up to a larger vision. Our inclusive work culture ensures that everyone is valued equally as important pieces of our final product. We are dedicated to delivering the best products we can.
Equal opportunity
Postman is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Headhunters and recruitment agencies may not submit resumes/CVs through this website or directly to managers. Postman does not accept unsolicited headhunter and agency resumes. Postman will not pay fees to any third-party agency or company that does not have a signed agreement with Postman.
Create a Job Alert
Interested in building your career at Postman? Get future opportunities sent straight to your email.
Apply for this job
*
indicates a required field

