What can I do about this clause?

{'method': 'EMAIL', 'recipient': 'privacy@gusto.com', 'difficulty': 'EASY', 'action_type': 'DELETE_DATA', 'instructions': 'California residents can submit a data deletion or access request by emailing privacy@gusto.com or using the privacy request form at gusto.com/legal/terms/privacy. Gusto is required to respond within 45 days under CPRA.', 'deadline_days': 45, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'State_AG', 'reason': 'The California Attorney General and California Privacy Protection Agency (CPPA) enforce CCPA/CPRA rights including data deletion, access, and opt-out of sharing for California residents.', 'complaint_url': 'https://www.naag.org/find-my-ag/'}

What is the severity of this clause?

ConductAtlas classifies this California Resident Privacy Rights (CCPA/CPRA) clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar California Resident Privacy Rights (CCPA/CPRA) clauses across approximately 5 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

California Resident Privacy Rights (CCPA/CPRA) — Gusto

Share 𝕏 Share in Share 🔒 PDF

What it is

If you live in California, you have legal rights to see what data Gusto has about you, ask them to delete it, correct mistakes, and stop them from sharing your data with advertisers.

Clause Stability Highly Volatile

Change

Month Monitored

Apr 28, 2026

First Seen

Apr 28, 2026

Last Seen

This clause has changed once in 1 month of monitoring.

Change history

modified Apr 29, 2026

Previous version had no excerpt; current version adds detailed explanation of specific CCPA/CPRA rights including correction and sensitive data limitation rights not previously detailed.

View full change record →

Consumer impact (what this means for users)

California-based Gusto users can formally request deletion or correction of their SSN, payroll, and benefits data, and can opt out of having their personal information shared with third-party advertising platforms — rights that must be honored within 45 days under CPRA.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Delete Your Data
Within 45 days
California residents can submit a data deletion or access request by emailing privacy@gusto.com or using the privacy request form at gusto.com/legal/terms/privacy. Gusto is required to respond within 45 days under CPRA.

Cross-platform context

See how other platforms handle California Resident Privacy Rights (CCPA/CPRA) and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

California employees and employers using Gusto have enforceable legal rights — backed by the CPPA and California AG — to control how some of the most sensitive payroll and financial data in existence is used and shared.

View original clause language

California residents have the right to know what personal information Gusto collects about them, the right to delete personal information, the right to opt out of the sale or sharing of personal information, the right to correct inaccurate personal information, and the right to limit the use and disclosure of sensitive personal information, as provided under the California Consumer Privacy Act and California Privacy Rights Act.

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: CCPA (Cal. Civ. Code §1798.100–1798.199) as amended by CPRA (effective Jan. 1, 2023) grants California consumers rights to access (§1798.110), deletion (§1798.105), correction (§1798.106), opt-out of sale/sharing (§1798.120), and limitation of sensitive PI use (§1798.121). Enforced by the California Privacy Protection Agency (CPPA) and California AG. CPRA requires response within 45 calendar days (extendable by 45 days with notice). (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

State AG

The California Attorney General and California Privacy Protection Agency (CPPA) enforce CCPA/CPRA rights including data deletion, access, and opt-out of sharing for California residents.
File a complaint →

Provision details

Document information

Document

Gusto Privacy Policy

Entity

Gusto

Document last updated

April 29, 2026

Tracking information

First tracked

April 28, 2026

Last verified

April 28, 2026

Record ID

CA-P-003668

Document ID

CA-D-00294

Evidence Provenance

Source URL

https://gusto.com/about/privacy

Wayback Machine

View archived versions →

SHA-256

d6e7cfbbde265012f8586fe6121a9e92a0ebc041ed4ea1611b6f921b07b3be2a

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Gusto | Document: Gusto Privacy Policy | Record: CA-P-003668
Captured: 2026-04-28 04:53:53 UTC | SHA-256: d6e7cfbbde265012…
URL: https://conductatlas.com/platform/gusto/gusto-privacy-policy/california-resident-privacy-rights-ccpacpra/
Accessed: May 2, 2026

Classification

Severity

Medium

California Resident Privacy Rights (CCPA/CPRA)