Gusto collects highly sensitive data including Social Security numbers, bank account numbers, health and medical information, biometric data, and immigration status as part of its payroll and HR services.
This analysis describes what Gusto's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The clause establishes Gusto's authority to collect sensitive personal data from employers as a condition of account setup and ongoing service delivery, with collection scope determined by Gusto in its sole discretion. This operational requirement enables identity verification and due diligence processes that Gusto deems necessary for account management.
The updated terms make explicit that using Gusto's background check service constitutes a binding agreement. Previously, the terms of the service relationship may have been less clearly stated. Now, the agreement clarifies that an authorized signatory represents they have authority to bind the organization, and that three actions trigger binding acceptance: checking a box, initiating a background check, or accessing the service. This means employers should ensure the person clicking through has actual authority to commit the organization to the full Background Check Customer Agreement before proceeding.
View change record →Developers who build integrations with Gusto's API are now required to resolve any disputes with Gusto through mandatory individual binding arbitration rather than pursuing class action lawsuits, which may limit their legal remedies and transparency into disputes with Gusto. Additionally, Gusto explicitly reserves the right to modify, restrict, or discontinue its developer tools and API access at any time without notice or liability, meaning developers could lose access to critical platform capabilities that their business depends on without warning or recourse. Developers should review Section 19 of these terms carefully and consider whether the arbitration requirements and lack of access guarantees are acceptable before continuing to build on the Gusto API.
View change record →The updated terms now explicitly state that employers accept mandatory individual arbitration and waive the right to participate in class-action lawsuits or pursue relief in court with a jury trial. This significantly limits employers' ability to challenge Gusto's practices collectively or seek resolution through the court system. Any disputes employers have with Gusto must be resolved individually through arbitration, which typically involves private, binding proceedings with limited appeal options and discovery rights compared to court litigation.
View change record →Your most sensitive personal information is stored by Gusto and could be at risk if shared inappropriately or exposed in a data breach. This data is used for payroll processing, benefits administration, and tax filing.
How other platforms handle this
We collect information you provide, information we get when you use our services, and information we get from third parties. Information you provide: your username, password, email address, phone number, name, birthday, and profile information... Information from the phone book on your device if you...
We collect information you provide directly to us, such as when you create an account, use our Services, make a purchase, or contact us for support. The types of information we may collect include your name, email address, password, phone number, credit card and other payment information, and any ot...
Comcast collects information about your use of the Services, including the types of Services you purchase, how you use them, and information about your equipment and network performance. Comcast may use this information to provide and improve the Services, send you marketing communications about Com...
Monitoring
Gusto has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Gusto will require Employer to provide certain information to us from time to time, but in particular during onboarding of the Employer Account, to help us verify Employer's business entity information, the identity of Employer's Administrators and signatory, and perform other additional due diligence as we may deem necessary in our sole discretion. This information may include (but is not limited to) full name, address, date of birth, Employer taxpayer ID, telephone number, email address, business entity ownership documentation, and other information that will allow us to identify Employer, Employer's signatory, and/or Employer's Administrators.— Excerpt from Gusto's Gusto Privacy Policy
Collection of SSNs, financial account data, biometric identifiers, and health information triggers heightened obligations under CCPA/CPRA's sensitive personal information provisions, HIPAA (for health data), and applicable state laws. Data processing agreements and security controls must be reviewed.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The clause establishes Gusto's authority to collect sensitive personal data from employers as a condition of account setup and ongoing service delivery, with collection scope determined by Gusto in its sole discretion. This operational requirement enables identity verification and due diligence processes that Gusto deems necessary for account management.
Your most sensitive personal information is stored by Gusto and could be at risk if shared inappropriately or exposed in a data breach. This data is used for payroll processing, benefits administration, and tax filing.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Gusto.