8 Total
2 High severity
4 Medium severity
2 Low severity
Summary

Gusto's Privacy Notice establishes how the company collects, processes, and shares personal information including Social Security numbers, bank account details, salary information, and health benefits data on behalf of employers that use Gusto's payroll and HR platform. The document authorizes disclosure of this information to third-party service providers, financial institutions, and government agencies as part of standard service operations. The document establishes that California residents and other qualifying users may submit requests to access, correct, or delete their personal data through privacy.gusto.com.

Technical / Legal Breakdown

This document is Gusto's Privacy Notice governing the collection, use, and disclosure of personal information for individuals who interact with Gusto's HR, payroll, and benefits platform, operating under applicable U.S. federal and state privacy laws. The notice states that Gusto collects a broad range of personal data including Social Security numbers, bank account details, payroll and compensation information, health and benefits enrollment data, and government-issued identification, and the terms authorize sharing this data with third-party service providers, financial institutions, government agencies, and business partners for purposes including payroll processing, benefits administration, and product improvement. Notably, the policy covers both employer-customers ('Employers') and their employees ('Team Members'), creating a layered data relationship in which employees may have limited direct control over how their employer-submitted data is handled, and the document asserts broad use of de-identified and aggregated data for product and business analytics with no opt-out described for that use. The notice engages CCPA/CPRA for California residents (providing explicit rights to know, delete, correct, and opt out of sale or sharing), and the sensitive nature of payroll, financial, and health data implicates GLBA, HIPAA where applicable to benefits data, and FTC Act jurisdiction over data security and unfair practices; compliance obligations will vary materially by jurisdiction and the specific Gusto products a customer deploys. Employers using Gusto as a data processor for employee data should evaluate whether Gusto's data practices align with their own privacy program obligations, particularly regarding employee notice requirements and data retention.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

22 important changes detected

26 versions captured · Last updated: July 2026

What changed Gusto's Privacy Policy was updated on July 1, 2026 by adding one sentence to the table of contents. The document now lists 'Gusto Channel Partner Program Terms' in the legal documents table, where this entry was previously absent. This represents a documentation update to the policy's navigational structure rather than a substantive change to privacy practices, data handling, or consumer rights.
Why this matters This change updates Gusto's Privacy Policy documentation structure by adding a reference to 'Gusto Channel Partner Program Terms' in the table of contents. The update does not modify how Gusto collects, uses, or shares personal information. No changes to consumer privacy rights, data handling practices, or consent requirements are introduced by this change.
View full change record →
What changed Gusto updated its Privacy Policy on June 28, 2026 with nine sentence-level edits, primarily formatting corrections and contact information updates. The substantive changes include correcting the contact email address from a bracket placeholder to privacy@gusto.com in three locations, fixing spacing errors in several section headers (removing spaces before colons and adding appropriate spacing), and clarifying that Communication Information may be shared with AI providers when AI-powered features are enabled. The operational effect is minor: the policy now explicitly discloses AI provider disclosure practices for AI-powered integrations, and the privacy contact email is properly formatted and consistent across the document.
Why this matters The updated privacy policy clarifies that when you enable AI-powered integrations through Gusto's platform, your communication information may be shared with artificial intelligence and large language model providers such as OpenAI to enable the features you requested. This disclosure was previously mentioned in the policy but is now more explicitly integrated into the data-sharing disclosure table. The policy also corrects its privacy contact email address to privacy@gusto.com for consistency across all sections. You can opt not to enable AI-powered integrations to avoid this data sharing, or contact privacy@gusto.com if you have questions about how your data is used.
View full change record →

June 21, 2026 low

Gusto updated three contact details in its Privacy Policy on June 21, 2026: the privacy email address changed from privacy@gusto.com to [email protected], and minor formatting corrections were made to …

View change record →
June 16, 2026 low

Gusto's Privacy Policy was updated on June 16, 2026, with one sentence modification detected in the document. The change involved updating a reference in the table of contents or document …

View change record →
June 13, 2026 unknown

Gusto updated their Gusto Privacy Policy on June 13, 2026. Change detected: 10 sentence(s) modified. Document contained 142 sentences after update.

View change record →
June 11, 2026 low

On June 11, 2026, Gusto modified a single sentence in their privacy policy's Cookies, Analytics, and Other Tracking Technologies section. The change involved a technical correction to quotation mark formatting …

View change record →
June 1, 2026 medium

Gusto updated its Privacy Policy effective June 1, 2026, to clarify scope and expand disclosure of data collection practices. The policy now explicitly covers retirement accounts (401k and SEP IRA/IRA …

View change record →
May 28, 2026 unknown

Gusto updated their Gusto Privacy Policy on May 28, 2026. Change detected: 1 sentence(s) modified. Document contained 120 sentences after update.

View change record →
May 21, 2026 low

Gusto updated its Privacy Policy on May 21, 2026 to change the email address listed for privacy inquiries and data requests from privacy@gusto.com to a masked email format displayed as …

View change record →
May 19, 2026 low

The diff provided shows Gusto's Privacy Notice with minimal substantive changes. One sentence was modified, though the visible change in the diff context appears to be a character encoding issue …

View change record →
May 19, 2026 low

Gusto's Privacy Notice was updated on May 19, 2026, with one sentence modified in the table of contents or related reference materials. The change appears to be a minor addition …

View change record →
May 14, 2026 low

Gusto's privacy policy was updated on May 14, 2026 to correct a grammatical error in the list of purposes for which personal information is used. The text 'our partners��� programs' …

View change record →
May 1, 2026 low

Gusto updated contact email addresses in its privacy policy and related terms. The company replaced several branded email addresses (legal-opt-outs@gusto.com and support@gusto.com) with a generic inbox address ([email protected]). This …

View change record →
May 1, 2026 medium

Gusto updated its Background Checks Terms of Service on May 1, 2026, elevating it from Version 6.0 to Version 7.0 and changing the effective date to April 29, 2026. The …

View change record →
April 30, 2026 low

Gusto added a new promotion offering 40 free licenses to Gumloop's AI-powered Firm Growth Agents tools to eligible Accountant Partners. The promotion runs from April 29, 2026 through June 29, …

View change record →
April 26, 2026 low

Gusto added a new service called Gusto Business Compliance (GBC) to its platform on April 26, 2026. The GBC Service helps employers with state and local tax registrations, filings, and …

View change record →
April 25, 2026 high

Gusto added 408 sentences of new language to its Employer Terms of Service on April 25, 2026, including expanded definitions of key terms like 'Employer' and 'Member', clarification of who …

View change record →
April 24, 2026 medium

Gusto updated its Privacy Policy on April 24, 2026 with significant new language clarifying how the policy applies and when it does not. The policy now explicitly states it applies …

View change record →
April 23, 2026 low

Gusto updated contact email addresses in its Privacy Policy on April 23, 2026. The policy now directs users to email legal-opt-outs@gusto.com for arbitration opt-outs and legal notices, and support@gusto.com for …

View change record →
April 22, 2026 low

Gusto updated contact email addresses throughout its Privacy Policy on April 22, 2026. The document replaced multiple instances of 'legal-opt-outs@gusto.com' and 'support@gusto.com' with a generic masked email address '[email protected]'. …

View change record →
April 19, 2026 low

Gusto updated contact email addresses in its privacy policy on April 19, 2026. Arbitration opt-out requests now go to legal-opt-outs@gusto.com instead of a previous address, and general inquiries now route …

View change record →
April 16, 2026 medium

Gusto updated its Data Processing Addendum on April 16, 2026, adding 60 sentences that clarify how the company handles employer data under data protection laws. The new language specifies the …

View change record →

Recent Provision Changes Jul 1, 2026

8 provisions unchanged.

View full change record →
High — 2 provisions
Medium — 4 provisions
Low — 2 provisions

Monitoring

Gusto has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle Behavioral Advertising and Third-Party Tracking Technologies and similar clauses.

Compare across platforms →

Mapped Governance Frameworks

CCPA/CPRA
California, USA
View official text ↗
Connecticut Data Privacy Act Amendments
US-CT
View official text ↗
CAN-SPAM
United States Federal
View official text ↗
FTC Act Section 5
United States Federal
View official text ↗
Indiana Consumer Data Protection Act
US-IN
View official text ↗
Kentucky Consumer Data Protection Act
US-KY
View official text ↗
Universal Opt-Out Mechanism Expansion 2026
US
View official text ↗
Archival ProvenanceSource & Archival Record
Last Captured July 1, 2026 00:42 UTC
Capture Method Automated scheduled archival capture
Document ID CA-D-000294
Version ID CA-V-004368
SHA-256 261e8593e009eb817a7369e33dab06fb02ae86eb489d913413724c6805151878
✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Governance Monitoring

Monitor governance changes across the platforms you rely on.

Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.

Create free account Compare plans