Summary
Gusto's Privacy Policy explains how Gusto — a payroll and HR platform — collects, uses, and shares your personal information, including highly sensitive data like your Social Security number, bank account details, salary, tax records, and health benefits information. The most important thing for employees and employers to know is that Gusto shares this sensitive financial and employment data with third-party service providers and may use tracking technologies (including Facebook, Google, and LinkedIn advertising pixels) to monitor your behavior on its website. If you are a California resident, you have the right to request access to, deletion of, or opt-out of the sale/sharing of your personal data by contacting Gusto directly through their privacy request portal.
Technical Summary
This document is Gusto's Privacy Policy governing the collection, use, storage, and disclosure of personal information by Gusto, Inc. (a payroll, HR, and benefits platform) and operates under applicable U.S. federal and state privacy frameworks, with specific provisions for California residents under the CCPA/CPRA. The policy obligates Gusto to disclose what personal data it collects (including highly sensitive financial, payroll, tax, and benefits data), how it shares that data with third-party service providers and business partners, and what rights users have to access, delete, or opt out of certain data uses. Notably, the document was extracted from an HTML page that was heavily truncated, and while Gusto's standard privacy policy is publicly known to include CCPA rights, third-party data sharing with advertising vendors, and broad use of tracking technologies (evidenced by the extensive list of advertising and analytics scripts loaded on the privacy policy page itself), the full substantive policy text was not fully rendered in the provided source. Gusto processes sensitive categories of personal data including SSNs, bank account details, payroll records, and health benefits information, triggering CCPA/CPRA, GLBA, HIPAA (for benefits administration), and FTC Act Section 5 obligations enforced by the FTC and California Privacy Protection Agency (CPPA). Material compliance considerations include Gusto's role as both a data controller and a processor/service provider for employer-clients, the layered consent requirements for employee data collected on behalf of employer-customers, and the presence of extensive third-party advertising trackers (Facebook Pixel, Google Ads, LinkedIn, Reddit, Quora, Marketo, ZoomInfo, Clearbit, Quantcast) loaded on Gusto's own legal/privacy pages.
Analyzed Changes
11 changes analyzed since monitoring began.
What changed
Gusto updated their Gusto Privacy Policy on May 01, 2026. Change detected: 243 sentence(s) added, 137 sentence(s) modified. Document contained 20264 sentences after update.
Consumer impact
Gusto's May 1, 2026 privacy policy update primarily involves formatting changes, including converting plain-text email addresses into clickable hyperlinks and a minor navigation label adjustment. The 243 sentences added and 137 modified suggest broader content changes beyond what is visible in the diff, but none of the visible changes alter consumer rights, data practices, or legal obligations. You can review the full updated policy at Gusto's terms page to check for any substantive changes not captured in the visible diff.
Why it matters
While the visible changes are cosmetic, the large volume of added and modified sentences means substantive privacy practice changes may exist that are not captured in the diff. Businesses using Gusto for payroll processing should verify no new data handling terms were introduced.
What changed
Gusto updated their Gusto Privacy Policy on May 01, 2026. Change detected: 75 sentence(s) added, 1 sentence(s) modified. Document contained 20021 sentences after update.
Consumer impact
Businesses using Gusto's background check service are now subject to a more explicitly defined legal agreement that spells out consent mechanisms, signatory authority requirements, and the binding nature of the Background Check Customer Agreement. The update clarifies that any person who checks a box, initiates a background check, or accesses the service is agreeing to be bound by the full agreement. You can review the updated Background Check Terms of Service at gusto.com to ensure your authorized signatory has appropriate authority before initiating any background checks.
Why it matters
Businesses using Gusto for background checks are now explicitly bound by a more detailed legal framework that expands what counts as consent — including simply accessing the feature. Ensuring only authorized personnel have access to the background check module is now a compliance necessity, not just a best practice.
What changed
Gusto updated their Gusto Privacy Policy on April 30, 2026. Change detected: 22 sentence(s) added, 1 sentence(s) modified. Document contained 19946 sentences after update.
Consumer impact
This change introduces a new promotional offer exclusively for accountant partners enrolled in the Gusto Accountant Partner Program, granting free access to Gumloop's AI-powered tools for two months. It does not affect the rights, data, or finances of individual end consumers or employers using Gusto's platform. You can visit Gusto's terms page and submit the Firm Growth Agents form if you are an eligible accountant partner wishing to claim one of the 40 available licenses before June 29, 2026.
Why it matters
Eligible Gusto accountant partners now have access to a free two-month trial of Gumloop's AI-powered firm growth tools, but with only 40 licenses available the opportunity is highly limited and time-sensitive.
What changed
Gusto updated their Gusto Privacy Policy on April 29, 2026. Change detected: 131 sentence(s) added, 1 sentence(s) modified. Document contained 19924 sentences after update.
Consumer impact
This change primarily affects developers and businesses that build applications integrating with Gusto's platform via its API. The new version 2.0 terms introduce a mandatory arbitration provision and class action waiver, meaning developers who have a dispute with Gusto must resolve it through individual binding arbitration rather than in court. You can review the full updated Developer Terms at dev.gusto.com and consult legal counsel before accepting the new terms if you are building or maintaining a Gusto integration.
Why it matters
Developers who integrate with Gusto's platform have lost the right to pursue class action litigation against Gusto and are now bound by mandatory individual arbitration under the new v2.0 terms. Simultaneously, Gusto has granted itself broad unilateral rights to change or terminate API access without notice, creating significant operational and legal risk for businesses that depend on the Gusto API.
What changed
Gusto updated their Gusto Privacy Policy on April 26, 2026. Change detected: 168 sentence(s) added, 1 sentence(s) modified. Document contained 19793 sentences after update.
Consumer impact
Gusto has introduced a new paid service called the Gusto Business Compliance Service, which handles state and local compliance registrations and filings for businesses. By accessing or using this service, business owners agree to new additional terms that include mandatory arbitration and a class action waiver carried over from the Employer Terms. You can review the full Gusto Business Compliance Terms of Service (effective April 24, 2026) on Gusto's legal page before opting into the service.
Why it matters
Businesses using Gusto should know that the new compliance service is a paid add-on with its own binding legal terms, including mandatory arbitration. Agreeing to use the GBC Service means waiving the right to participate in class action lawsuits related to that service.
What changed
Gusto updated their Gusto Privacy Policy on April 25, 2026. Change detected: 283 sentence(s) added, 1 sentence(s) modified. Document contained 19625 sentences after update.
Consumer impact
Gusto's updated Employer Terms of Service make explicit that employers waive their right to participate in class-action lawsuits and must pursue any claims against Gusto on an individual basis through binding arbitration. The update also adds detailed role definitions clarifying who qualifies as an 'Employer' versus a 'Member' on the platform. You can review Gusto's Arbitration Opt-Out Notice listed in their terms documents if you wish to explore opting out of mandatory arbitration.
Why it matters
The explicit class-action waiver means employers using Gusto can no longer join group lawsuits against the company, significantly limiting their legal remedies. This is a material reduction in employer rights that takes effect immediately as of April 23, 2026.
What changed
Gusto updated their Gusto Privacy Policy on April 24, 2026. Change detected: 120 sentence(s) added, 1 sentence(s) modified. Document contained 19342 sentences after update.
Consumer impact
Gusto's updated privacy policy adds clearer guidance on when the policy applies to you — including when you use the platform, attend events, or contact support — and importantly clarifies that if your employer manages your data through Gusto, their privacy notice may not protect you. Employees using Gusto through their employer should be aware that their data privacy questions should be directed to their employer, not Gusto. You can contact privacy@gusto.com if you have questions about your personal data handled directly by Gusto.
Why it matters
The new policy version clarifies that employees using Gusto through their employer are not protected by Gusto's own privacy notice — their employer holds that responsibility. This distinction is critical for both workers and the businesses using Gusto for payroll and HR.
What changed
Gusto updated their Gusto Privacy Policy on April 23, 2026. Change detected: 5 sentence(s) added, 131 sentence(s) modified. Document contained 19222 sentences after update.
Consumer impact
Gusto has replaced previously unclear or encoded contact email addresses with plain, readable versions in its Privacy Policy. This means users can now easily identify the correct email addresses for submitting legal opt-out requests (legal-opt-outs@gusto.com) and for general support (support@gusto.com). You can use legal-opt-outs@gusto.com to submit an arbitration opt-out or other legal request if you choose to exercise that right.
Why it matters
Accurate, readable contact addresses ensure users can actually exercise their legal opt-out rights and reach support without confusion. Previously garbled or encoded email addresses could have prevented users from submitting valid opt-out requests.
What changed
Gusto updated their Gusto Privacy Policy on April 22, 2026. Change detected: 130 sentence(s) modified. Document contained 19217 sentences after update.
Consumer impact
Gusto updated how contact email addresses appear in their privacy policy, changing plain-text addresses to clickable hyperlinks. The actual email addresses and their purposes remain identical — this is a display formatting change only. There is no impact on consumer rights, data handling, or privacy protections.
Why it matters
This change is purely cosmetic and does not affect any user rights or data handling practices. The only practical effect is that contact email addresses are now easier to click in digital formats.
What changed
Gusto updated their Gusto Privacy Policy on April 19, 2026. Change detected: 244 sentence(s) added, 130 sentence(s) modified. Document contained 19217 sentences after update.
Consumer impact
Gusto's April 19, 2026 privacy policy update primarily standardizes contact email addresses used throughout the document and adds new service term references such as EIN Application Service Supplemental Terms and Gusto Powered Practices Contest rules. These changes do not materially alter how Gusto collects, uses, or shares your personal data. No immediate action is required from consumers as a result of these updates.
Why it matters
The addition of EIN Application Service terms means businesses using that feature are now subject to a new set of legal terms they should review. The large volume of document changes not shown in the diff warrants a full review before concluding no material impact exists.
What changed
Gusto updated their Gusto Privacy Policy on April 16, 2026. Change detected: 60 sentence(s) added, 1 sentence(s) modified. Document contained 18973 sentences after update.
Consumer impact
Employers using Gusto now have clearer contractual terms governing when Gusto's data processing obligations begin, how long they last, and which document controls if there is a conflict. This reduces ambiguity about Gusto's responsibilities regarding sensitive payroll and employee personal data. If you are an employer, review the updated Version 3.0 addendum to confirm your organization's data processing rights and obligations are accurately reflected.
Why it matters
Employers using Gusto now have clearer, more enforceable legal commitments about how their payroll and employee personal data is processed, which directly affects their own compliance posture under GDPR, CCPA, and US state privacy laws. The new conflict resolution clause — making the DPA override the base agreement — is a significant structural change that affects how disputes about data handling would be resolved.