What are the institutional and regulatory implications of this document?

1) REGULATORY LANDSCAPE: The notice explicitly addresses CCPA/CPRA rights for California residents, including rights to know, delete, correct, and opt out of sale or sharing of personal information, which engages California Privacy Protection Agency (CPPA) enforcement authority. The collection and processing of financial account data and payroll information engages the FTC Act and potentially GLBA depending on Gusto's classification; health and benefits data processing may require evaluation un…

How does Gusto's Gusto Privacy Policy affect users?

Employees whose employers use Gusto operate under terms in which their Social Security numbers, bank account information, payroll data, and health benefits information are collected and processed by Gusto on the employer's behalf. The Privacy Notice authorizes Gusto to share this information with third-party service providers, financial institutions, and designated government agencies as part of service delivery. Qualifying users, including California residents, are entitled to submit data acce…

How often is Gusto's Gusto Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Gusto updates this document?

Yes. Watcher subscribers ($9.99/month) can add Gusto to their watchlist and receive same-day email alerts whenever this document or any other Gusto document changes.

CA-D-000294

Gusto Privacy Policy

Gusto

Last change detected May 19, 2026 Privacy policy

SHA-256: dcb5235058bf00277c9… 17 versions captured 14 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Gusto ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

2 High severity

4 Medium severity

2 Low severity

Summary

Gusto's Privacy Notice establishes how the company collects, processes, and shares personal information including Social Security numbers, bank account details, salary information, and health benefits data on behalf of employers that use Gusto's payroll and HR platform. The document authorizes disclosure of this information to third-party service providers, financial institutions, and government agencies as part of standard service operations. The document establishes that California residents and other qualifying users may submit requests to access, correct, or delete their personal data through privacy.gusto.com.

Technical / Legal Breakdown

This document is Gusto's Privacy Notice governing the collection, use, and disclosure of personal information for individuals who interact with Gusto's HR, payroll, and benefits platform, operating under applicable U.S. federal and state privacy laws. The notice states that Gusto collects a broad range of personal data including Social Security numbers, bank account details, payroll and compensation information, health and benefits enrollment data, and government-issued identification, and the terms authorize sharing this data with third-party service providers, financial institutions, government agencies, and business partners for purposes including payroll processing, benefits administration, and product improvement. Notably, the policy covers both employer-customers ('Employers') and their employees ('Team Members'), creating a layered data relationship in which employees may have limited direct control over how their employer-submitted data is handled, and the document asserts broad use of de-identified and aggregated data for product and business analytics with no opt-out described for that use. The notice engages CCPA/CPRA for California residents (providing explicit rights to know, delete, correct, and opt out of sale or sharing), and the sensitive nature of payroll, financial, and health data implicates GLBA, HIPAA where applicable to benefits data, and FTC Act jurisdiction over data security and unfair practices; compliance obligations will vary materially by jurisdiction and the specific Gusto products a customer deploys. Employers using Gusto as a data processor for employee data should evaluate whether Gusto's data practices align with their own privacy program obligations, particularly regarding employee notice requirements and data retention.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

14 important changes detected

17 versions captured · Last updated: May 2026

May 19, 2026

low

What changed The diff provided shows Gusto's Privacy Notice with minimal substantive changes. One sentence was modified, though the visible change in the diff context appears to be a character encoding issue (a typographic mark in the word 'Services'). The core privacy scope and introduction remain unchanged: Gusto describes how it collects, uses, and shares personal information as a controller or business when users interact with Gusto's small business platform. Without visibility into the specific sentence modification beyond the encoding artifact, the operational impact of this change cannot be determined from the provided information.

Why this matters One sentence in Gusto's Privacy Notice was modified on May 19, 2026. Based on the provided diff, the change appears to involve a character encoding correction rather than a substantive policy change. The privacy scope, data collection authority, and user protections described in the introductory language remain the same. Without visibility into the full text of the modified sentence, no operational impact on consumer rights or data practices can be determined.

View full change record →

May 19, 2026

low

What changed Gusto's Privacy Notice was updated on May 19, 2026, with one sentence modified in the table of contents or related reference materials. The change appears to be a minor addition to the Referee terms section, adding language about 'increase reward exp'. This is a minimal editorial or structural update that does not materially alter privacy practices, data handling procedures, or consumer rights as stated in the substantive privacy policy.

Why this matters This change appears to be a minor organizational or reference update with no material impact on how Gusto collects, uses, or shares personal information. The substantive privacy notice language remains unchanged. No action is required from consumers.

View full change record →

May 14, 2026 low

Gusto's privacy policy was updated on May 14, 2026 to correct a grammatical error in the list of purposes for which personal information is used. The text 'our partners�� programs' …

View change record →

May 9, 2026 low

Gusto's privacy policy was updated on May 9, 2026 to add two new document references in its table of contents: 'Gusto Handbook & Policy Compliance Scanner Beta Terms' and 'Handbook …

View change record →

May 1, 2026 low

Gusto updated contact email addresses in its privacy policy and related terms. The company replaced several branded email addresses (legal-opt-outs@gusto.com and support@gusto.com) with a generic inbox address ([email protected]). This …

View change record →

May 1, 2026 medium

Gusto updated its Background Checks Terms of Service on May 1, 2026, elevating it from Version 6.0 to Version 7.0 and changing the effective date to April 29, 2026. The …

View change record →

April 30, 2026 low

Gusto added a new promotion offering 40 free licenses to Gumloop's AI-powered Firm Growth Agents tools to eligible Accountant Partners. The promotion runs from April 29, 2026 through June 29, …

View change record →

April 29, 2026 high

Gusto updated its Developer Terms of Service on April 29, 2026, introducing a new version (2.0) with substantially expanded terms governing access to its API and developer tools. The document …

View change record →

April 26, 2026 low

Gusto added a new service called Gusto Business Compliance (GBC) to its platform on April 26, 2026. The GBC Service helps employers with state and local tax registrations, filings, and …

View change record →

April 25, 2026 high

Gusto added 408 sentences of new language to its Employer Terms of Service on April 25, 2026, including expanded definitions of key terms like 'Employer' and 'Member', clarification of who …

View change record →

April 24, 2026 medium

Gusto updated its Privacy Policy on April 24, 2026 with significant new language clarifying how the policy applies and when it does not. The policy now explicitly states it applies …

View change record →

April 23, 2026 low

Gusto updated contact email addresses in its Privacy Policy on April 23, 2026. The policy now directs users to email legal-opt-outs@gusto.com for arbitration opt-outs and legal notices, and support@gusto.com for …

View change record →

April 22, 2026 low

Gusto updated contact email addresses throughout its Privacy Policy on April 22, 2026. The document replaced multiple instances of 'legal-opt-outs@gusto.com' and 'support@gusto.com' with a generic masked email address '[email protected]'. …

View change record →

April 19, 2026 low

Gusto updated contact email addresses in its privacy policy on April 19, 2026. Arbitration opt-out requests now go to legal-opt-outs@gusto.com instead of a previous address, and general inquiries now route …

View change record →

Recent Provision Changes Apr 25, 2026

10 provisions unchanged.

View full change record →

High — 2 provisions

Sensitive Personal Information Collection

Gusto collects highly sensitive personal data including your Social Security number, bank account numbers, and health insurance information as part of delivering payroll and HR services.

Added May 10, 2026 Rare
Health and Benefits Data Collection Compare →

Gusto collects your health insurance enrollment details and other medical benefit information when you use its platform to manage employee benefits.

Added May 10, 2026 Standard Seen across 251 platforms

Medium — 4 provisions

Third-Party Data Sharing with Service Providers and Partners Compare →

Gusto shares your personal data including payroll and financial information with external companies that help deliver its services, as well as business partners who may offer additional products.

Added May 7, 2026 Standard Seen across 246 platforms
California Resident Privacy Rights (CCPA/CPRA) Compare →

California residents have specific legal rights to access, delete, correct, and limit how Gusto uses their personal data, and Gusto cannot penalize you for exercising these rights.

Added April 28, 2026 Standard Seen across 262 platforms
De-Identified and Aggregated Data Use for Analytics Compare →

Gusto can use anonymized versions of your data for internal research and product improvement purposes, and this use is not covered by the privacy rights described elsewhere in the notice.

Added May 10, 2026 Standard Seen across 189 platforms
Employee Data Submitted by Employers

If your employer uses Gusto, your employer controls much of the data submitted about you, and your privacy rights may be shaped by both Gusto's policy and your employer's own privacy practices.

Added May 10, 2026 Rare

Low — 2 provisions

Data Retention Compare →

Gusto keeps your personal data for as long as it needs to for business and legal purposes, without specifying exact timeframes for most data categories.

Added April 28, 2026 Standard Seen across 223 platforms
Cookies and Tracking Technologies Compare →

Gusto uses cookies and tracking tools on its platform to monitor your activity and collect information about how you use its services.

Added April 3, 2026 Standard Seen across 251 platforms