Gusto updated their Privacy Policy on April 24, 2026, releasing version 10.0. The most notable change is that the platform is now described as a 'small business platform' instead of a 'people platform,' and the policy adds new sections clarifying where it applies, what it does not cover, and how personal information is collected. These additions give users more transparency about when and how Gusto handles their data.
Gusto's updated privacy policy adds clearer guidance on when the policy applies to you — including when you use the platform, attend events, or contact support — and importantly clarifies that if your employer manages your data through Gusto, their privacy notice may not protect you. Employees using Gusto through their employer should be aware that their data privacy questions should be directed to their employer, not Gusto. You can contact privacy@gusto.com if you have questions about your personal data handled directly by Gusto.
Just by using Gusto, you are now considered to have agreed to how they handle your data.
Businesses using Gusto for payroll are now on notice that they are responsible for answering their employees' data privacy questions.
+ 2 more obligation changes. Full breakdown available with Watcher.
Unlock — $9.99/mo →The new policy version clarifies that employees using Gusto through their employer are not protected by Gusto's own privacy notice — their employer holds that responsibility. This distinction is critical for both workers and the businesses using Gusto for payroll and HR.
ConductAtlas has recorded 2 material changes to this document (since April 2026). An additional minor or cosmetic changes were excluded.
Gusto rebranded its platform from 'people platform' to 'small business platform,' signaling a shift in how the company positions its core offering.
New section explicitly lists all scenarios where the Privacy Notice applies, including events, surveys, social media, and customer support interactions.
Gusto now explicitly states its Privacy Notice does not apply when it processes employee data on behalf of employer-customers, directing employees to their employers for data concerns.
ConductAtlas Policy Archive Entity: Gusto | Document: Gusto Privacy Policy | Record: CA-C-000651 Captured: 2026-04-24 06:26:54 UTC URL: https://conductatlas.com/change/2026-04-24-gusto-gusto-privacy-policy-651/ Accessed: May 2, 2026
Unlock the full analysis
14-day free trial available.
Gusto released Privacy Policy v10.0 on April 24, 2026, adding 120+ sentences that expand scope definitions, clarify the controller/processor distinction, and introduce explicit acknowledgment language ('by accessing or using our Platform…you agree to our privacy practices'). The controller/processor delineation directly touches GDPR Art. 4(7)/(8) and CCPA's business/service-provider distinction. The added acknowledgment-of-agreement language may constitute a consent mechanism under applicable law. Compliance teams at organizations using Gusto for HR/payroll should verify whether their DPAs and employee privacy notices remain accurate given the clarified processor boundary. Action is likely required to review downstream employee-facing disclosures.
1. GDPR Art. 4(7)/(8) — Controller/processor distinction now explicitly clarified; organizations using Gusto for payroll must confirm DPA assignments are still accurate.
Compliance intelligence locked
Obligation analysis, escalation trigger, board language, and recommended action.
Watcher: regulatory citations + obligations. Professional: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-000651.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Unlock full diff — Watcher $9.99/moGusto updated their privacy policy on May 1, 2026, making 243 additions and 137 modifications across a large document. The …
We monitor 200+ platforms and archive every change — verified and timestamped.