The agreement prohibits Employers from granting account access to any party that intends to harvest, crawl, or scrape data from the platform without Gusto's written authorization, and defines such parties as 'Prohibited Third Parties' regardless of whether the Employer consented to their access.
This analysis describes what Gusto's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision restricts data access methods that Employers might otherwise enable for third-party integrations or data export purposes, and it applies regardless of Employer consent, placing the responsibility on Employers to verify the intent of any third party to whom they grant access.
Interpretive note: The agreement does not specify what constitutes 'express written authorization' from Gusto for data access, creating ambiguity about whether API-based third-party integrations using Gusto's developer program satisfy this requirement.
The updated terms make explicit that requesting a background check through Gusto creates a legally binding agreement not just with Gusto but also incorporating terms from Gusto's payroll service and Checkr's service agreement. This means customers are committing to multiple overlapping sets of terms when they initiate a background check request. The change does not appear to alter the substantive rights or obligations, but rather clarifies their scope and binding nature in writing.
View change record →Developers integrating with Gusto's platform are now bound by mandatory arbitration and class action waiver provisions, meaning they cannot join or file class actions against Gusto and must resolve disputes through individual, binding arbitration. The updated terms also grant Gusto the right to modify, update, or discontinue developer tools at its sole discretion without notice or liability, which could disrupt integrations and require developers to absorb costs of upgrading to new versions. Developers should review Section 19 of the updated terms carefully before creating or maintaining integrations with Gusto's platform, and consider whether the arbitration and modification provisions align with their business and legal risk tolerance.
View change record →The updated terms now explicitly state that Employers waive the right to participate in class-action lawsuits and must pursue all claims against Gusto on an individual basis through binding arbitration. This means Employers can no longer join other users in collective legal action, even if many face identical problems with Gusto's service or billing. Individual arbitration typically costs more and produces less leverage for individual plaintiffs than class actions. You should review whether this dispute resolution requirement aligns with your business needs and consult legal counsel if you have concerns about waiving class-action rights.
View change record →This new provision restricts employer ability to authorize third-party access and data scraping, even with employer consent, unless Gusto explicitly authorizes it.
View full change record →Under this clause, the agreement prohibits Employers from knowingly or unknowingly providing account credentials to any party seeking to scrape or harvest platform data without Gusto's written authorization, and characterizes such access as a violation regardless of the Employer's purported authorization.
How other platforms handle this
You may not automatedly crawl or query the Services for any purpose or by any means (including, without limitation, screen and database scraping, spiders, robots, crawlers and any other automated activity with the purpose of obtaining information from the Services) unless you have received prior exp...
Subject to your compliance with the terms of the Agreement (including, without limitation, these Terms and Taskrabbit's Acceptable Use Policy), Taskrabbit grants you a limited, non-exclusive, non-transferable and revocable license to (a) access and use the Platform (in the locations and territories ...
relate to transactions involving (f) the promotion of hate, violence, racial or other forms of intolerance that is discriminatory or the financial exploitation of a crime... (i) involve offering or receiving payments for the purpose of bribery or corruption.
Monitoring
Gusto has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Employer agrees not to grant Employer Account access to, or disclose any confidential log-in credentials to, Prohibited Third Parties. A "Prohibited Third Party" is a third party that seeks to access or accesses the Platform or Services using an Administrator Profile or an Administrator's log-in credentials, regardless of Employer's purported consent or authorization, in order to harvest, crawl, or scrape information from the Platform or Services without Gusto's express written authorization.— Excerpt from Gusto's Gusto Terms of Service
1. REGULATORY LANDSCAPE: This provision engages the Computer Fraud and Abuse Act in the context of unauthorized access to computer systems, and may interact with open banking or data portability regulatory discussions at the CFPB level. The restriction on third-party data harvesting may also interact with state data broker registration requirements where the harvested data constitutes personal information. 2. GOVERNANCE EXPOSURE: Low to Medium. The practical scope of this restriction depends on how Gusto defines 'harvest, crawl, or scrape,' which may encompass legitimate third-party HR or payroll integration tools that access data programmatically. Employers using third-party platforms that connect to Gusto via API should confirm those integrations are covered by express written authorization from Gusto. 3. JURISDICTION FLAGS: CFPB data portability rulemaking under Section 1033 of the Dodd-Frank Act may create tension with this restriction for financial data held by Gusto, depending on how the rule's scope is applied to payroll platforms. This dependency is jurisdiction- and regulatory-context-specific. 4. CONTRACT AND VENDOR IMPLICATIONS: Organizations using third-party payroll analytics, HR reporting, or accounting software that accesses Gusto data should confirm that those integrations are authorized by Gusto through its API or partner program, and not reliant on credential sharing. Vendor assessments should include confirmation of authorization status. 5. COMPLIANCE CONSIDERATIONS: Legal and IT teams should audit all third-party systems with access to Gusto credentials or data to confirm they operate under Gusto's express written authorization. Any credential-sharing arrangements with third-party integrators should be reviewed and replaced with API-based access where available.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision restricts data access methods that Employers might otherwise enable for third-party integrations or data export purposes, and it applies regardless of Employer consent, placing the responsibility on Employers to verify the intent of any third party to whom they grant access.
Under this clause, the agreement prohibits Employers from knowingly or unknowingly providing account credentials to any party seeking to scrape or harvest platform data without Gusto's written authorization, and characterizes such access as a violation regardless of the Employer's purported authorization.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Gusto.