Privacy Policy

Last Updated September 26, 2017

This Privacy Policy explains how information about you is collected, used and disclosed by ZenPayroll, Inc., a Delaware corporation doing business as Gusto, and its subsidiaries and affiliates (collectively, “Gusto,” “we,” “us” or “our”) when you access or use our website (theSite”) and our online payroll, benefits, human resources and other related services (the “Service”), which are provided through the Site. By using the Site and/or the Service, you consent to the collection, use and disclosure of your information as outlined in this Privacy Policy.

Information We Collect and How We Collect It

In connection with your access to our Site and/or use of our Service, we collect and store certain information about you. Some of this information can be used on its own or in combination with other information to identify you individually. We call that information “personal information.” We collect personal information and other information as described below:

  • Information You Provide. We collect your personal information when you or your employer registers to use the Service, provides information when using the Site or Service, updates your account information, adds additional services, submits information to verify your identity, contacts us with questions or feedback, or otherwise communicates with us. This personal information may include your name, address, email address, phone number, bank account information and taxpayer identification number.
  • When You Choose to Participate in Market Research Programs. We may collect information from you, including personal information, if you choose to participate in a market research program or survey.
  • Your Email or Social Network Contacts. We collect your email, social network and other contacts (“Contacts”) if you choose to share them with us, or you choose to refer potential customers to us via our referral programs (the “Referred Leads”).
  • Public Information. We may collect information about you from public sources, such as public social media pages.
  • Information from Third Parties. We may collect and receive information about you, including personal information and financial account information, from third parties, such as financial institutions and our service providers, for identity verification, fraud protection, risk assessment and other purposes. We may collect your business information from credit bureaus for the foregoing purposes as well. In addition, we may receive demographic information about you from third parties to help us better understand our users and to improve and market our Service.
  • Health and Health Insurance Information. If you or your employer uses the Service to manage your health benefits (the “Benefits Service”), we may receive health information about you and your dependents in order to provide the Benefits Service. The health information may include information about your insurance carrier, insurance plan and claims you submit for coverage. We receive the health information (i) directly from you when you submit enrollment or claims information, or otherwise provide health information to us; (ii) from the primary policyholder on your benefits plan, if you are a spouse or dependent of the primary policyholder; (iii) from your employer; (iv) from insurance carriers; or (v) from other third-party administrators.
  • Automatically Collected Information. We automatically collect certain usage information when you access the Site or use the Service, such as your device identifier (if using a mobile device), Internet Protocol (IP) address (if using a browser), operating system, browser type and the address of a referring site. We also automatically collect certain usage information through cookies and related technologies, as described below. In addition, our Site may implement third-party software, such as Google’s Invisible reCAPTCHA (the “Invisible CAPTCHA”), that collects your information for security purposes.
  • Single Sign-On Information. Single Sign-On allows you to sign in to the Service from another service you use and with which we partner. We will collect certain information for security purposes in order to verify your authorized access to the Service, including your username and password for the other service.
Third-Party Software, Cookies and Other Related Technologies

We may use cookies, pixel tags, web beacons and other similar technologies to better understand how you interact with our Site, monitor aggregate usage by our users, and monitor web traffic routing on our Site to help us improve our Site. Most Internet browsers let you change the browser’s settings to stop accepting cookies or to prompt you before accepting a cookie from websites you visit. If you do not allow cookies, you may not be able to use some or all portions or functionality of the Site or Service.

We partner with third parties to manage our advertising on other sites and to determine our Site performance. Such partners may use cookies, pixel tags, web beacons and other related technologies to collect information about your activities on our Site and other sites so that we can (i) provide advertising that may be of interest to you, and (ii) evaluate the efficacy of our marketing programs and our Site. To prevent our partners from collecting your information for these purposes, you can visit to opt out of certain advertising networks.

We use the Invisible CAPTCHA on our Site to collect information for security reasons. Use of the Invisible CAPTCHA and information collected via the Invisible CAPTCHA are subject to Google’s Terms of Service and Privacy Policy, respectively.

Use of Your Information

We use information that we collect about you for the following purposes:

  • to administer the Site, manage accounts and provide the Service;
  • to monitor, analyze, improve and develop the Site and Service, and to create new Service features;
  • to provide a more customized experience on the Site, Service and/or our partners’ or affiliates’ websites;
  • to understand our users better;
  • to validate user information provided to us for fraud and risk detection purposes;
  • to determine eligibility for the Service;
  • to prevent, identify and address fraudulent or other illegal activity and security issues;
  • to (i) solicit feedback, (ii) respond to your or your employer’s comments, requests or inquiries, (iii) provide customer service and support, or (iv) otherwise contact you in connection with the Site or Service;
  • to generate anonymized, aggregate data containing only de-identified, non-personal information that we may use to publish reports;
  • for our marketing purposes, such as (i) informing you of our or our partners’ or affiliates’ products, services, features or offerings that may be of interest to you, (ii) providing you with newsletters, articles, reports, updates and announcements, as well as information about upcoming events, (iii) contacting Referred Leads and suggesting Contacts for you to refer to Gusto, (iv) improving and tailoring our advertising and communications, (v) analyzing our marketing efforts, and (vi) determining your eligibility for certain marketing programs, events and offers;
  • to operate our business, which includes, without limitation, using your information (i) to process payments, (ii) to manage and enforce contracts with you or with third parties, (iii) to manage our corporate governance, compliance and auditing practices, and (iv) for recruitment purposes, if you submit an application for employment with Gusto via the Site;
  • to (i) comply with laws, rules and regulations, including any disclosure or reporting obligations, (ii) resolve disputes with users or third parties, (iii) respond to claims and legal process (including but not limited to subpoenas and court orders) as we deem necessary or appropriate, (iv) protect our property rights or those of third parties, (v) protect the safety of the public or any person, and (vi) prevent or stop any activity which we may consider to be (or to pose a risk of being) illegal, unethical or legally actionable; and
  • for any other purpose for which you expressly authorize us to use your information.

Sharing and Disclosure of Your Information

We will only share your information with the third parties listed below for the purposes described above in the “Use of Your Information” Section:

  • government agencies and taxing authorities, as required to provide the Service, including but not limited to the Internal Revenue Service and state and local tax agencies;
  • group health plans, insurance carriers and other third parties, such as doctors, hospitals and pharmacies, as needed to carry out the Benefits Service (which may include but not be limited to facilitating benefits plan enrollments, health care operations and insurance payments);
  • banking and financial institutions;
  • certain parties as necessary to respond in good faith to legal process (including but not limited to subpoenas and court orders);
  • legal and financial advisors and auditors;
  • third-party agents, partners and service providers, who (i) are only permitted to use your information as we allow (which may include contacting you on our behalf), and (ii) are required under law or contract to keep your personal information confidential; and
  • the following third parties under the circumstances described below:
    • we may share business information with credit bureaus, and we may share information with certain companies, banks and organizations for the purposes of fraud prevention and determining eligibility for the Service;
    • if you participate in our referral programs and/or share your Contacts with us and invite them to join Gusto, the referral emails sent to your Contacts and Referred Leads will include your name, employer’s name and the fact that you are a Gusto user;
    • if there is a sale of Gusto (including, without limitation, a merger, stock acquisition, sale of assets or reorganization), or in the event that Gusto liquidates or dissolves, we may sell, transfer or otherwise share some or all of our assets, which could include your information, to the acquirer;
    • from time to time, we may share reports with the public that contain anonymized, aggregate, de-identified information and statistics; and
    • we may share your information with certain other third parties with whom you expressly authorize us to share your information.

We do not share information with third parties for their own direct marketing purposes. If we disclose any Protected Health Information (as that term is defined in 45 C.F.R. Part 160) to third parties, we will do so in accordance with the Health Insurance Portability and Accountability Act, as amended (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, as amended (“HITECH”), and any other applicable state and federal privacy and security laws, as they may be amended from time to time.

Your Choices

Changing or Deleting Your Information

You may review, update, correct or delete your personal information through your account or by contacting us using the contact information listed below. If you would like us to delete your account entirely, please contact us at with a request that we delete your personal information from our database. Please note that there may be some delay in the deletion of your data from our servers following your request. Additionally, we may retain some of your data as necessary to comply with our legal obligations, resolve disputes, enforce our agreements, or as needed for other legitimate business purposes.

Promotional Communications

You may unsubscribe from marketing and promotional emails that we send to you by following the opt-out instructions contained in such emails or by unsubscribing at If you opt out of receiving marketing and promotional emails from us, we may still need to send you emails related to your account and the Service.

Do Not Track

Our Site does not currently have the capability of responding to “Do Not Track” signals received from various browsers.


We employ administrative, physical and technical measures designed to protect your information from unauthorized access and to comply with HIPAA, HITECH and other applicable state and federal privacy and security laws; however, despite these efforts, no security measures are perfect or impenetrable and no method of data transmission can be guaranteed to prevent any interception or other type of misuse. We also depend on you to protect your information. Please set up a strong password and keep it confidential. If you become aware of any breach of security, please notify us immediately.

Links to Other Sites

The Site and/or Service may contain links to other sites. Any information you provide on a third-party site is provided directly to the owner of that site and is subject to that party's privacy policy. This Privacy Policy does not apply to such sites, and we are not responsible for the content, policies, or privacy and security practices of such sites.

Our Policy Toward Children

The Service is not directed to children under 13 and we do not knowingly collect personal information from children under 13. However, if a child under the age of 13 is a dependent on a benefits plan covered by the Benefits Service, we may collect information about the child (solely as needed to provide the Benefits Service) from the child’s parent or legal guardian, or from insurance carriers and third-party administrators.

Changes to this Privacy Policy

Any information that we collect is subject to the Privacy Policy in effect at the time such information is collected. We may, however, modify and revise our Privacy Policy from time to time. If we make any material changes to this policy, we will notify you of such changes by posting them on our Site, informing you through the Service, or sending you an email or other notification, and we will indicate when such changes will become effective. By continuing to access or use our Site or Service after those changes become effective, you are agreeing to be bound by the revised policy.

Contact Information

Please contact us at if you have any questions about our Privacy Policy.