What can I do about this clause?

{'method': 'WEB_FORM', 'recipient': 'https://gusto.com/legal/terms/privacy', 'difficulty': 'MODERATE', 'action_type': 'EXPORT_DATA', 'instructions': 'Visit gusto.com and look for the OneTrust cookie consent banner to manage your cookie preferences. Alternatively, use a Global Privacy Control (GPC)-enabled browser such as Firefox with the GPC extension or Brave browser to automatically signal opt-out of tracking to Gusto.', 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC enforces against deceptive tracking practices and has established precedent (GoodRx 2023) for penalizing pixel-based behavioral data sharing in financial and health service contexts.', 'complaint_url': 'https://reportfraud.ftc.gov/'}, {'agency': 'State_AG', 'reason': 'State AGs (particularly California) enforce mandatory GPC signal compliance and CPRA opt-out rights related to cookie-based advertising data sharing.', 'complaint_url': 'https://www.naag.org/find-my-ag/'}

What is the severity of this clause?

ConductAtlas classifies this Use of Cookies and Tracking Technologies clause as high severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar Use of Cookies and Tracking Technologies clauses across approximately 6 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

Use of Cookies and Tracking Technologies — Gusto

Share 𝕏 Share in Share 🔒 PDF

What it is

Gusto and its advertising partners use tracking technologies on its website to monitor what you click, view, and how you navigate — including for advertising purposes across the internet.

Clause Stability Highly Volatile

Change

Month Monitored

Apr 28, 2026

First Seen

Apr 28, 2026

Last Seen

This clause has changed once in 1 month of monitoring.

Change history

modified Apr 29, 2026

Previous version had medium severity with no excerpt; current version upgrades to high severity and adds specific details about tracking methods (web beacons, pixel tags) and third-party analytics/advertising partners.

View full change record →

Consumer impact (what this means for users)

Your browsing behavior on gusto.com — including what HR pages you visit and what features you use — may be shared with advertising companies through tracking technologies, potentially creating profiles used to target you with ads across other websites.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Export Your Data

Visit gusto.com and look for the OneTrust cookie consent banner to manage your cookie preferences. Alternatively, use a Global Privacy Control (GPC)-enabled browser such as Firefox with the GPC extension or Brave browser to automatically signal opt-out of tracking to Gusto.

Cross-platform context

See how other platforms handle Use of Cookies and Tracking Technologies and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Even if you are an employee just checking your pay stubs or a business owner reviewing payroll, your online behavior on Gusto's platform may be monitored by advertising companies including Facebook, Google, and LinkedIn.

View original clause language

Gusto uses cookies, web beacons, pixel tags, and similar tracking technologies on its website and services to collect information about users' browsing activities, device characteristics, and interactions with content and advertisements, including through third-party analytics and advertising partners.

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: Cookie-based data collection and third-party sharing implicates CPRA §1798.120 (opt-out of sale/sharing), Global Privacy Control (GPC) compliance requirements per CPPA enforcement guidance (2022), ePrivacy Directive (EU) for any EU users, and FTC Act Section 5 for deceptive tracking practices. The ECPA (18 U.S.C. §2510 et seq.) may be implicated for certain forms of website session recording. (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

FTC

The FTC enforces against deceptive tracking practices and has established precedent (GoodRx 2023) for penalizing pixel-based behavioral data sharing in financial and health service contexts.
File a complaint →
State AG

State AGs (particularly California) enforce mandatory GPC signal compliance and CPRA opt-out rights related to cookie-based advertising data sharing.
File a complaint →

Provision details

Document information

Document

Gusto Privacy Policy

Entity

Gusto

Document last updated

April 29, 2026

Tracking information

First tracked

April 28, 2026

Last verified

April 28, 2026

Record ID

CA-P-003671

Document ID

CA-D-00294

Evidence Provenance

Source URL

https://gusto.com/about/privacy

Wayback Machine

View archived versions →

SHA-256

d6e7cfbbde265012f8586fe6121a9e92a0ebc041ed4ea1611b6f921b07b3be2a

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Gusto | Document: Gusto Privacy Policy | Record: CA-P-003671
Captured: 2026-04-28 04:53:53 UTC | SHA-256: d6e7cfbbde265012…
URL: https://conductatlas.com/platform/gusto/gusto-privacy-policy/use-of-cookies-and-tracking-technologies/
Accessed: May 2, 2026

Classification

Severity

High

Use of Cookies and Tracking Technologies