Associate Counsel, Privacy

Toast is driven by building the all-in-one restaurant platform that helps restaurants operate their business, increase sales, engage guests, and keep employees happy. We’re seeking an experienced Associate Counsel, Privacy to join Toast’s Legal & Compliance team who will be a cornerstone of our global privacy strategy, serving as a key legal advisor on complex data initiatives and international growth.

As a member of our collaborative Privacy team, you will bridge the gap between legal theory and operational reality. You won’t just be spotting risks; you’ll be building the legal frameworks that allow Toast to scale safely and ethically. This is an opportunity to handle high-stakes negotiations and privacy product counseling in a fast-paced, tech environment with both B2B and B2C exposure.

 

About this roll* (Responsibilities) 

• Vendor & Integration Excellence: Lead the legal review and negotiation of Data Processing Agreements (DPAs) with high-value vendors and strategic integration partners, ensuring alignment with Toast’s global privacy standards.
• Privacy Engineering & DPIAs: Conduct and oversee Data Protection Impact Assessments (DPIAs) for new products and complex data processing activities, providing actionable legal guidance to mitigate risk.
• Strategic Product Counseling: Act as a dedicated privacy partner to Product and Engineering teams. Review new features—from guest loyalty programs to fintech solutions—ensuring "Privacy by Design" is baked into the development lifecycle.
• International Expansion & Compliance: Help drive the legal strategy for Toast’s expansion into new markets, with a specific focus on the India DPDP Act, GDPR, and evolving US state laws.
• Cross-Functional Advocacy: Collaborate with the Privacy Program Management team to translate legal requirements into technical specifications and operational workflows.
• Data Governance & Transfers: Advise on complex cross-border data transfer mechanisms and contribute to the evolution of Toast's internal data governance policies and classification schemes.
• Individual rights support: advise on and support Toast’s individual rights process (including access, deletion and objection requests). Partner closely with Toast’s Operations team to ensure efficient responses to individual rights requests globally. 

Do you have the right ingredients? (Requirements)*

• Legal Expertise: LL.B. or LL.M. from a reputable university and a license to practice law in India.
• Experience: 3+ years of post-qualification experience (PQE) preferably specializing in privacy and data protection, ideally within a high-growth SaaS, Fintech, or global technology company. We will also consider commercial experience in negotiating DPAs and partnerships that would transfer well to our environment.
• Subject Matter Mastery: Deep understanding of the India DPDP Act, GDPR, and CCPA/CPRA. Experience navigating the intersection of privacy and financial regulations is a significant plus.
• Contractual Fluency: Proven track record of negotiating complex DPAs and privacy clauses in commercial contracts with global counterparties.
• Product Acumen: Ability to "speak tech." You should be comfortable discussing data flows, APIs, and privacy concepts such as controller/processor and DPIAs  with engineers to identify privacy touchpoints.
• Communication & Influence: Exceptional drafting skills and the ability to communicate nuanced legal risks to non-legal stakeholders in a clear, concise, and solution-oriented manner.
• Certifications: CIPP/E, CIPP/A, or CIPP/US are highly encouraged

Our "Secret Sauce" (Why Toast?)

At Toast, we believe in "empath