Customer data collection, safeguarding, & activation for healthcare

Commercial Contracts Manager

$120K - $170K
US / Remote (US)
Job Type
1+ years
Apply to Freshpaint and hundreds of other fast-growing YC startups with a single profile.
Apply to role ›

About the role

About Freshpaint

Customer data is the fuel that drives all modern businesses. From product analytics, to marketing, to support, to advertising, advanced data analysis in the warehouse, and even sales – customer data is the raw material for each function at a modern business.

For highly regulated businesses in healthcare, it’s always been a challenge to harness that customer data and get it to the marketing and analytics tools that require it while following patient privacy laws….until now.

Something as simple as running ads to get more users is simple for an e-commerce of software company to do. But common web analytics and advertising tools collect sensitive user identifiers and healthcare information automatically. Those same tools are not HIPAA compliant.

We provide a layer of data governance to make current web analytics tools HIPAA-compliant. For analytics, our customers can continue getting the insights they need to improve the patient experience. For marketing, Freshpaint safeguards health information while helping our customers promote access to care through popular advertising platforms like Facebook, Google, and others.

In short, we help healthcare marketers promote access to care and safeguard patient privacy at the same time. This is an important, complex problem in a massive market (healthcare is 20% of the US GDP).

Our customers manage their customer data with two offerings:

  1. Privacy Platform. We help healthcare providers automate their website’s + app’s HIPAA compliance, and safeguard first-party customer data across their tech stack.

  2. Data Activation Platform. We make it really easy for teams to activate customer data using their preferred analytics, data, and marketing tools.

We’re fully remote. If you strongly value in-person work, Freshpaint is likely not the best fit for you. Even though we don’t care where you’re located, we need employees to be based in the US. Many of our team is concentrated in various metro areas like SF or NYC.

To balance out our remote-ness, we gather the team 2-4 times per year for offsites. We’ve been to Greece, Jackson Hole, Cabo, Santa Fe, and California wine country in the recent past.

We’re backed by leading investors including Y-Combinator, Intel Capital, and angel investors like the Head of Data from Slack, Head of Data at LinkedIn, and more.

Who we are:

Freshpaint was founded by web analytics veterans who realized how hard it was for highly regulated companies to collect and use customer data in a compliant way. We started as part of Y Combinator’s S19 cohort and have been focused on enabling healthcare companies collect, safeguard, and activate patient data since.

In the beginning of 2023 the government issued updated guidance around HIPAA, basically making our software a requirement to use for healthcare companies. As a result, we're one of the fastest growing software companies on earth right now.

Our team has deep analytics and growth experience, with all of us coming from high-growth companies like Heap, Pendo, Iterable, Quantum Metric, and Retool.

If you value lots of freedom and ownership in your work, interfacing with customers, and working on a product with high customer impact, then Freshpaint is your home.

In This Role You Will:

  • Review and redline corporate transaction contracts and agreements between Freshpaint and our customers.

  • Act as the primary legal advisor for all matters related to customer Master Service Agreements (MSAs) and Business Associate Agreements (BAAs), ensuring both compliance with applicable laws and alignment with our business goals.

  • Help us close deals. You will collaborate heavily with the Sales team with stellar execution and operating principles

  • Review and redline MSAs, BAAs, privacy policies, and other legal documents, balancing legal risk and business objectives.

  • Collaborate closely with customer legal teams to negotiate and finalize terms that are favorable and equitable for both parties.

  • Stay abreast of legislative changes that may impact the company's business or operations, particularly in healthcare privacy laws and software compliance, and adjust company policies accordingly.

  • Educate and train employees on legal best practices, HIPAA compliance, and risk management to foster a culture of compliance across the organization.


  • Paralegal experience

  • Commercial contracts experience

  • Ability to manage priorities and workload across all US time zones to ensure proper support for our teams.

  • Proven track record of successfully negotiating MSAs and other complex contracts.

  • Excellent analytical, negotiation, and communication skills, capable of effectively engaging with both internal teams and external parties.

  • Ability to work independently in a fast-paced startup environment, managing multiple priorities with tight deadlines.

Nice to Have:

  • Juris Doctor (JD) degree from an accredited law school and admission to at least one state bar.

  • Prior experience in the healthcare technology sector, particularly in startups focusing on privacy and compliance solutions.

  • Deep knowledge of HIPAA and other relevant healthcare compliance regulations, as well as experience with software-related legal issues.

  • Additional certifications or advanced degrees in healthcare law, privacy, or a related field.

  • Technical proficiency or understanding of software development processes and the technological aspects of healthcare applications.

Benefits - what we offer in return:

  • Joining a high-growth venture-backed startup as part of the early crew. You will be employee #40-50 ish.

  • Competitive compensation with generous, employee-friendly equity. We have a 10-year exercise window.

  • Freshpaint Fridays: Half-day Fridays. Every week.

  • Unlimited PTO, with a minimum requirement of 2 weeks per year. Plus various observed holidays.

  • 100% remote

  • Flex in-office if you want with $150 WeWork credits each month

  • 401k

  • Health, dental, and vision insurance 100% covered by the company (some states it’s 99% because laws).

  • Mental health benefits - therapy appointments and more covered by the company

  • 2 Treat Yourself Days per year: We'll pay you $100 to take a day off and do whatever makes you happy. The only catch is you have to share what you did with the rest of the team.

  • Generous parental leave

  • Paid Spotify

  • Health & Wellness benefit – gym membership or similar covered

  • Regular team offsites 2-4 times per year. We’ve been to Greece, Jackson Hole, Cabo, Santa Fe, California wine country, and Mexico City in the recent past.

  • Ownership of your work, collaboration with a close team, and direct access to founders and what it’s like to build a startup. If you leave to start your own company, we'd love to be your first angel investors.

If you are interested in reading more about our team and our values, check out our team page.

Interested? How to apply

Please reach out even if you don’t meet all criteria! If you’re smart and driven, we’d love to hear from you.

What happens after you apply

If you apply online, you will hear back if you're a fit within a week or two. You will not hear back if you're not a fit (or the position gets filled before we have a chance to chat). We look at everything, we promise.

About Freshpaint

We help healthcare companies grow faster.

Our customers use Freshpaint to make their websites and entire marketing stack HIPAA compliant. It's impossible to use modern analytics and marketing tools without sharing sensitive HIPAA-regulated data. Our platform does the hard thing of moving data from A to B. And then we do the really hard thing of controlling the flow of sensitive HIPAA-regulated data to various 3rd-party marketing tools.

We're building the data infrastructure that safeguards patient privacy while also enabling marketing teams promote access to healthcare.

We are fully remote, we do need employees to work US timezone hours. To balance out our remote-ness, we gather the team 2-4 time per year for offsites (our last one was in Mexico City). We’re backed by leading investors including Y Combinator, Intel Capital, and more.

Team Size:45
Location:San Francisco
Steven Fitzsimmons
Steven Fitzsimmons
Michael Malis
Michael Malis