Gusto updated their Developer Terms of Service on April 29, 2026, moving from version 1.2 to version 2.0. The new version adds extensive new terms governing how developers can access and use Gusto's APIs and developer tools, including a mandatory arbitration clause and class action waiver. This matters because developers building applications that integrate with Gusto are now bound by stricter, more detailed conditions — including giving up their right to sue Gusto in court as part of a group.
This change primarily affects developers and businesses that build applications integrating with Gusto's platform via its API. The new version 2.0 terms introduce a mandatory arbitration provision and class action waiver, meaning developers who have a dispute with Gusto must resolve it through individual binding arbitration rather than in court. You can review the full updated Developer Terms at dev.gusto.com and consult legal counsel before accepting the new terms if you are building or maintaining a Gusto integration.
If you have a dispute with Gusto as a developer, you can no longer sue them in court as part of a group — you must go through arbitration alone.
You are allowed to use Gusto's API only for the specific purpose of connecting your app to Gusto — and Gusto can take that permission away.
+ 4 more obligation changes. Full breakdown available with Watcher.
Unlock — $9.99/mo →Developers who integrate with Gusto's platform have lost the right to pursue class action litigation against Gusto and are now bound by mandatory individual arbitration under the new v2.0 terms. Simultaneously, Gusto has granted itself broad unilateral rights to change or terminate API access without notice, creating significant operational and legal risk for businesses that depend on the Gusto API.
This is the 4th significant Arbitration Expansion change Gusto has made since ConductAtlas began monitoring.
ConductAtlas has recorded 5 material changes to this document (since April 2026). An additional minor or cosmetic changes were excluded.
Across all monitored documents, Gusto has made 8 significant changes.
4 of Gusto's significant changes have been classified as negative for consumers.
All developers are now required to resolve disputes with Gusto through individual binding arbitration and cannot participate in class action lawsuits.
Developers receive only a limited, revocable, non-transferable license to use Gusto's developer tools solely for building approved integrations.
Gusto can modify, restrict, or shut down its API and developer tools at any time without notice or liability to developers.
ConductAtlas Policy Archive Entity: Gusto | Document: Gusto Privacy Policy | Record: CA-C-000716 Captured: 2026-04-29 06:39:13 UTC URL: https://conductatlas.com/change/2026-04-29-gusto-gusto-privacy-policy-716/ Accessed: May 2, 2026
Unlock the full analysis
14-day free trial available.
Gusto's Developer Terms of Service moved from v1.2 to v2.0 effective April 29, 2026. The update introduces mandatory binding arbitration (Section 19) and a class action waiver binding on all developers, plus a detailed API license framework with Gusto retaining broad rights to modify, restrict, or discontinue API access without notice or liability. This touches contractual dispute resolution rights, vendor contract terms, and API governance. Compliance and legal teams at any organization with a Gusto API integration should treat this as a material contract change requiring review and likely acceptance before continued use.
1. Federal Arbitration Act (FAA), 9 U.S.C. §§ 1-16 — the arbitration clause and class action waiver are enforceable under federal law; organizations should assess whether this conflicts with any state-level consumer protection arbitration restrictions applicable to their own customers.
Compliance intelligence locked
Obligation analysis, escalation trigger, board language, and recommended action.
Watcher: regulatory citations + obligations. Professional: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-000716.
This provision consolidates multiple high-risk data categories (SSN, financial accounts, tax records) into a single high-severity provision with specific enumeration of sensitive data types.
This new provision reveals that Gusto deploys tracking pixels on its own privacy policy page, creating a significant conflict of interest and transparency concern regarding data collection practices disclosed in that very page.
This provision explicitly details the broad categories of third parties receiving data (payment processors, analytics, marketing vendors) and distinguishes between service providers and business partners, expanding visibility of data sharing practices.
This generic provision was removed and replaced with more specific 'Collection of Sensitive Financial and Payroll Data' provision, making the scope of sensitive data collection more explicit and detailed.
This generic provision was removed and replaced with 'Data Sharing with Third-Party Service Providers and Business Partners,' which provides more specific categories of recipients and clarifies the distinction between service provider and business partner relationships.
This provision was removed and consolidated into 'Collection of Sensitive Financial and Payroll Data,' merging financial account collection with payroll and tax data into a single comprehensive provision.
This provision was entirely removed from the current version, meaning biometric data collection is no longer explicitly mentioned in Gusto's privacy policy despite maintaining high-severity status previously.
This provision was entirely removed, meaning collection of government identifiers (driver's licenses, passports, etc.) is no longer explicitly stated in the privacy policy despite the high sensitivity of such data.
Previous version had no excerpt; current version adds detailed explanation of specific CCPA/CPRA rights including correction and sensitive data limitation rights not previously detailed.
Previous version had medium severity with no excerpt; current version upgrades to high severity and adds specific details about tracking methods (web beacons, pixel tags) and third-party analytics/advertising partners.
Previous version had no excerpt; current version adds explicit clarification that Gusto is a data processor and employers are controllers determining processing purposes and means.
Previous version had no excerpt; current version adds specific examples of health data types collected (insurance elections, dependent information, health plan data).
Renamed from 'Data Retention After Account Closure' to 'Data Retention'; previous version had no excerpt, current version adds general retention policy framework without specific mention of post-closure retention.
Cross-platform context
See how other platforms handle similar provisions across the ConductAtlas archive.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Unlock full diff — Watcher $9.99/moGusto updated their privacy policy on May 1, 2026, making 243 additions and 137 modifications across a large document. The …
We monitor 200+ platforms and archive every change — verified and timestamped.