What can I do about this clause?

{'method': 'WEB_FORM', 'recipient': 'https://gusto.com/legal/terms/privacy', 'difficulty': 'MODERATE', 'action_type': 'EXPORT_DATA', 'instructions': "Use your browser's privacy settings or a Global Privacy Control (GPC)-enabled browser (such as Firefox or Brave) to automatically signal opt-out of tracking. Alternatively, visit Gusto's cookie preference center via the OneTrust banner on gusto.com to manage tracking consents.", 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC has enforcement authority over pixel-based third-party data sharing practices under FTC Act Section 5, with recent precedent (GoodRx 2023) directly applicable to financial/health-context website tracking.', 'complaint_url': 'https://reportfraud.ftc.gov/'}, {'agency': 'State_AG', 'reason': 'California AG and other state AGs have enforcement authority under CCPA/CPRA and state CDPAs regarding cookie-based advertising data sharing and opt-out rights.', 'complaint_url': 'https://www.naag.org/find-my-ag/'}

What is the severity of this clause?

ConductAtlas classifies this Third-Party Advertising Tracker Deployment on Privacy Pages clause as high severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Third-Party Advertising Tracker Deployment on Privacy Pages — Gusto

Share 𝕏 Share in Share 🔒 PDF

What it is

Even when you visit Gusto's privacy policy page, your browser behavior is being tracked by advertising companies including Facebook, Google, LinkedIn, and others — meaning your visit to learn about your privacy is itself being monitored for marketing purposes.

Clause Stability Highly Volatile

Change

Month Monitored

Apr 28, 2026

First Seen

Apr 28, 2026

Last Seen

This clause has changed once in 1 month of monitoring.

Change history

added Apr 29, 2026

This new provision reveals that Gusto deploys tracking pixels on its own privacy policy page, creating a significant conflict of interest and transparency concern regarding data collection practices disclosed in that very page.

View full change record →

Consumer impact (what this means for users)

Visiting gusto.com/legal/terms/privacy triggers data collection by Facebook, Google, LinkedIn, and at least eight other advertising vendors, who may use this behavioral data to target you with ads — a practice that may qualify as 'sharing' of personal information under California law.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Export Your Data

Use your browser's privacy settings or a Global Privacy Control (GPC)-enabled browser (such as Firefox or Brave) to automatically signal opt-out of tracking. Alternatively, visit Gusto's cookie preference center via the OneTrust banner on gusto.com to manage tracking consents.

Cross-platform context

See how other platforms handle Third-Party Advertising Tracker Deployment on Privacy Pages and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

The deployment of advertising trackers on a privacy policy page is deeply inconsistent with user expectations and may constitute 'sharing' of personal information under CCPA/CPRA without adequate notice or opt-out at the point of collection.

View original clause language

The Gusto privacy policy page itself loads third-party tracking scripts from Facebook (Meta Pixel), Google Ads, Google Analytics, LinkedIn Insight Tag, ZoomInfo, Clearbit, Quora, Reddit Ads, Marketo Munchkin, Quantcast, and other advertising and analytics vendors, as evidenced by the script tags present in the page HTML.

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: Deployment of advertising pixels that transmit user behavioral data (URL visited, device identifiers, IP address) to third-party ad platforms constitutes 'sharing' of personal information under CPRA (Cal. Civ. Code §1798.140(ah)) and may constitute 'sale' under CCPA, triggering mandatory opt-out rights (Global Privacy Control compliance). FTC Act Section 5 prohibits deceptive practices, and regulators have scrutinized pixel-based data transfers in healthcare and financial services contexts (FTC v. GoodRx, 2023 — $1.5M penalty for pixel-based health data sharing). EU GDPR Art. 5(1)(a) fairness principle and Art. 7 consent requirements would be implicated for any EU-resident users. (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

FTC

The FTC has enforcement authority over pixel-based third-party data sharing practices under FTC Act Section 5, with recent precedent (GoodRx 2023) directly applicable to financial/health-context website tracking.
File a complaint →
State AG

California AG and other state AGs have enforcement authority under CCPA/CPRA and state CDPAs regarding cookie-based advertising data sharing and opt-out rights.
File a complaint →

Provision details

Document information

Document

Gusto Privacy Policy

Entity

Gusto

Document last updated

April 29, 2026

Tracking information

First tracked

April 28, 2026

Last verified

April 28, 2026

Record ID

CA-P-003667

Document ID

CA-D-00294

Evidence Provenance

Source URL

https://gusto.com/about/privacy

Wayback Machine

View archived versions →

SHA-256

d6e7cfbbde265012f8586fe6121a9e92a0ebc041ed4ea1611b6f921b07b3be2a

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Gusto | Document: Gusto Privacy Policy | Record: CA-P-003667
Captured: 2026-04-28 04:53:53 UTC | SHA-256: d6e7cfbbde265012…
URL: https://conductatlas.com/platform/gusto/gusto-privacy-policy/third-party-advertising-tracker-deployment-on-privacy-pages/
Accessed: May 2, 2026

Classification

Severity

High

Third-Party Advertising Tracker Deployment on Privacy Pages