California residents have specific legal rights to access, delete, correct, and limit how Gusto uses their personal data, and Gusto cannot penalize you for exercising these rights.
This analysis describes what Gusto's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
These rights give California residents meaningful control over highly sensitive payroll, financial, and health data held by Gusto, including the ability to request deletion of that data.
The updated Privacy Policy now explicitly states it covers retirement account management (401k, SEP IRA, IRA accounts) and adds Stripe alongside Plaid as a third-party service provider that collects financial institution data. The policy restructures how it describes Gusto's role in different contexts: when Gusto acts as a service provider processing payroll or other data on behalf of employers, when it acts as an employer itself, or when it operates as a co-employer under a professional organization (PEO) arrangement, with separate privacy notices applying in each case. The policy introduces a new commitment that de-identified data will not be re-identified except to verify compliance with applicable law. If you connect a bank account through Stripe, that data will be treated under Stripe's Privacy Policy, which you should review separately.
View change record →The updated terms make explicit that using Gusto's background check service constitutes a binding agreement. Previously, the terms of the service relationship may have been less clearly stated. Now, the agreement clarifies that an authorized signatory represents they have authority to bind the organization, and that three actions trigger binding acceptance: checking a box, initiating a background check, or accessing the service. This means employers should ensure the person clicking through has actual authority to commit the organization to the full Background Check Customer Agreement before proceeding.
View change record →The updated terms now explicitly state that employers accept mandatory individual arbitration and waive the right to participate in class-action lawsuits or pursue relief in court with a jury trial. This significantly limits employers' ability to challenge Gusto's practices collectively or seek resolution through the court system. Any disputes employers have with Gusto must be resolved individually through arbitration, which typically involves private, binding proceedings with limited appeal options and discovery rights compared to court litigation.
View change record →Provision renamed from 'California and Multi-State Privacy Rights' to 'California Resident Privacy Rights (CCPA/CPRA)' with added excerpt detailing specific consumer rights including right to correct and right to limit sensitive data use.
View full change record →If you live in California, you can formally request that Gusto tell you exactly what data it holds about you, correct errors, or delete your personal information, and Gusto is legally prohibited from retaliating against you for making these requests.
How other platforms handle this
If you are a California resident, you may have the right to: Know what personal information we collect, use, disclose, sell, or share. Correct inaccurate personal information. Delete your personal information. Opt out of the sale or sharing of your personal information. Limit the use and disclosure ...
If you are a California resident, you have the right to: Know what personal information is being collected about you; Know whether your personal information is sold or disclosed and to whom; Say no to the sale of personal information; Access your personal information; Request deletion of your person...
If you are a California resident, you have the right to know what personal information we collect, use, and disclose about you; the right to request deletion of your personal information; the right to opt out of the sale or sharing of your personal information; the right to correct inaccurate person...
Monitoring
Gusto has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"If you are a California resident, you have the following rights: The right to know about the personal information we collect, use, disclose, and sell. The right to delete personal information we have collected about you. The right to correct inaccurate personal information. The right to opt out of the sale or sharing of your personal information. The right to limit the use and disclosure of sensitive personal information. The right to non-discrimination for exercising your rights.— Excerpt from Gusto's Gusto Privacy Policy
1) REGULATORY LANDSCAPE: This provision directly implements CCPA as amended by CPRA, enforceable by the California Privacy Protection Agency (CPPA) and the California Attorney General. The enumerated rights, including the right to correct and the right to limit sensitive personal information use, reflect CPRA's 2023 expansions. Non-discrimination requirements are codified in CCPA Section 1798.125. 2) GOVERNANCE EXPOSURE: Medium. The provision discloses rights but the operational robustness of the rights fulfillment mechanism, including response timelines, identity verification processes, and appeals procedures, is not fully detailed in the notice itself. CPPA enforcement has focused on rights fulfillment operationalization, not just disclosure. 3) JURISDICTION FLAGS: Applies specifically to California residents. Other states including Colorado, Virginia, Connecticut, Texas, and others have enacted similar rights frameworks; the policy does not explicitly address those states' residents, which may create compliance gaps depending on Gusto's user base distribution. Employees who are not California residents but whose employers are California-based may face ambiguity in rights applicability. 4) CONTRACT AND VENDOR IMPLICATIONS: Employers using Gusto should confirm that their own privacy notices to employees accurately reflect the CCPA/CPRA rights employees can exercise directly with Gusto as a service provider or directly as a data controller, depending on the data category. The service provider vs. controller distinction affects which entity is obligated to fulfill the rights request. 5) COMPLIANCE CONSIDERATIONS: Legal teams should audit the privacy.gusto.com portal to confirm response timelines meet the 45-day statutory requirement, identity verification procedures do not create unreasonable barriers, and the opt-out of sale or sharing mechanism is functional and clearly accessible. The 'limit sensitive personal information' right should be mapped against all sensitive data categories Gusto processes to confirm operationalization.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
These rights give California residents meaningful control over highly sensitive payroll, financial, and health data held by Gusto, including the ability to request deletion of that data.
If you live in California, you can formally request that Gusto tell you exactly what data it holds about you, correct errors, or delete your personal information, and Gusto is legally prohibited from retaliating against you for making these requests.
ConductAtlas has identified this type of provision across 12 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Gusto.