Gusto uses cookies and tracking tools on its platform to monitor your activity and collect information about how you use its services.
This analysis describes what Gusto's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The provision establishes the technical mechanisms through which Gusto collects behavioral and usage data across its platform. This data collection infrastructure supports service analytics and optimization functions that Gusto identifies as operational improvements.
The updated terms make explicit that using Gusto's background check service constitutes a binding agreement. Previously, the terms of the service relationship may have been less clearly stated. Now, the agreement clarifies that an authorized signatory represents they have authority to bind the organization, and that three actions trigger binding acceptance: checking a box, initiating a background check, or accessing the service. This means employers should ensure the person clicking through has actual authority to commit the organization to the full Background Check Customer Agreement before proceeding.
View change record →Developers who build integrations with Gusto's API are now required to resolve any disputes with Gusto through mandatory individual binding arbitration rather than pursuing class action lawsuits, which may limit their legal remedies and transparency into disputes with Gusto. Additionally, Gusto explicitly reserves the right to modify, restrict, or discontinue its developer tools and API access at any time without notice or liability, meaning developers could lose access to critical platform capabilities that their business depends on without warning or recourse. Developers should review Section 19 of these terms carefully and consider whether the arbitration requirements and lack of access guarantees are acceptable before continuing to build on the Gusto API.
View change record →The updated terms now explicitly state that employers accept mandatory individual arbitration and waive the right to participate in class-action lawsuits or pursue relief in court with a jury trial. This significantly limits employers' ability to challenge Gusto's practices collectively or seek resolution through the court system. Any disputes employers have with Gusto must be resolved individually through arbitration, which typically involves private, binding proceedings with limited appeal options and discovery rights compared to court litigation.
View change record →Gusto tracks your activity on its platform using cookies, beacons, and scripts, which means behavioral data about how you interact with your payroll and HR information is collected in addition to the sensitive personal data you actively submit.
How other platforms handle this
We use cookies, web beacons, pixel tags, and other tracking technologies to collect information about your use of our website and Service, including your browser type, referring URL, pages visited, and time spent on pages. We may use this information to analyze trends, administer the site, track use...
We and our third-party partners may use cookies, web beacons, and similar tracking technologies to collect information about your use of the Sites. Cookies are small data files stored on your browser or device. We use both session cookies and persistent cookies. We may also use web beacons, pixel ta...
cookie data, resettable device identifiers, advertising identifiers and other unique identifiers (described below in the section "Cookies and other Technologies").
Monitoring
Gusto has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We use cookies and similar tracking technologies to track the activity on our Platform and hold certain information. Cookies are files with small amounts of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our services.— Excerpt from Gusto's Gusto Privacy Policy
1) REGULATORY LANDSCAPE: Cookie and tracking technology use engages CCPA/CPRA requirements for disclosure and opt-out of tracking that constitutes 'sharing' for cross-context behavioral advertising. The FTC Act applies to deceptive practices in cookie disclosures. California's cookie opt-out requirements under CPRA and the associated Global Privacy Control (GPC) signal recognition obligations are directly applicable to Gusto as a California-registered business. The CAN-SPAM Act applies if tracking is used for email marketing purposes. 2) GOVERNANCE EXPOSURE: Medium. The use of tracking technologies on a platform that handles sensitive payroll data warrants review to confirm that analytics and marketing cookies are not capturing sensitive session data (e.g., payroll amounts visible in the UI) through behavioral tracking. The notice should clearly distinguish between essential cookies and optional tracking. 3) JURISDICTION FLAGS: California CPRA requires businesses to honor Global Privacy Control signals as opt-out of sale or sharing. Colorado, Connecticut, and other states with comprehensive privacy laws have similar requirements for opt-out of targeted advertising. EU/EEA users would be covered by GDPR/ePrivacy Directive cookie consent requirements if Gusto operates internationally. 4) CONTRACT AND VENDOR IMPLICATIONS: Third-party analytics and advertising vendors receiving data through tracking technologies should be listed in Gusto's cookie disclosure or subprocessor list. Procurement teams should confirm these vendors are subject to appropriate data processing agreements, particularly if tracking captures behavioral data from within the authenticated payroll portal. 5) COMPLIANCE CONSIDERATIONS: Legal teams should audit Gusto's cookie management platform to confirm GPC signal recognition is implemented, cookie categories are accurately disclosed, and users have a functional mechanism to reject non-essential cookies. Session data captured through tracking within the authenticated payroll portal should be assessed for sensitivity classification.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The provision establishes the technical mechanisms through which Gusto collects behavioral and usage data across its platform. This data collection infrastructure supports service analytics and optimization functions that Gusto identifies as operational improvements.
Gusto tracks your activity on its platform using cookies, beacons, and scripts, which means behavioral data about how you interact with your payroll and HR information is collected in addition to the sensitive personal data you actively submit.
ConductAtlas has identified this type of provision across 69 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Gusto.