Last Updated: December 21, 2020
1. Information We Collect and How We Collect it
When you access our Site or use the Services, we collect and store certain information about you, including “personal information.” Personal information is information that, alone or in combination with other information in our possession, could be used to personally identify you. We collect the following categories of personal information and other information as described below.
A. Information you provide
Information You Provide Directly. We may collect or receive the following categories of personal information when you, your employer, or your employer’s designated administrator or accountant access the Site, request to receive information about Gusto or its Services, create an account, verify your identity, use any of the Services, or otherwise communicate with us, including through customer support channels.
- Financial Information, such as:
- Bank account and routing number
- Bank account balance and transaction information
- Identification Information, such as:
- Name, mailing address, email address, phone number, birthdate
- Social Security number, Taxpayer Identification number
- Government-issued documentation, such as drivers license or passport
- Taxpayer Information, such as:
- Federal Employer Identification Number (FEIN)
- Tax withholding selections, including how many dependents you have, jobs you’ve worked in a year, and your tax filing status
- Health and Welfare Benefits Information, such as:
- Identification information for you and your dependents
- Life events and conditions that impact benefits eligibility, including marital status, employment information, and illness or disability information
- Insurance policy information, including plan numbers, benefits and coverage information, and premium amounts
- Insurance claim information, including monetary amounts, CPT codes, and other information required to process or verify claims
Other Information You Voluntarily Choose to Provide. We may collect information, including personal information, that you voluntarily provide to us when you:
- participate in surveys, contests, sweepstakes, or promotions
- register for, attend, or participate in conferences, webinars, or events
- provide us feedback or comment on our blogs or social media pages
- submit information to us so that we can assess potential business opportunities
- apply for a job position with us
B. Information collected automatically
We automatically collect certain information when you access the Site or use the Services.
- Electronic & Online Identifiers (IDs), such as:
- If on a mobile device: mobile carrier, device IDs, and mobile advertising IDs
- If using a browser: operating system, browser type, and Internet Protocol (IP) address
- Geolocation Information, such as:
- Approximate location derived from IP address (if using a browser)
- Precise location (based on the GPS coordinates of your device) only if you have opted into a product feature that includes it (such as a geo-fenced or geo-location time tracking service).
- Internet Activity Information, such as:
- Your “log-in” and “log-out” information
- The pages that you visit before, after, and while using our Services
- Pages you visit, links you click, and the content you view on the Site
- Single Sign-On Information (SSO) that allows us to verify your authorized access to the Services from another service you use and with which we partner, such as your email.
- We collect information using Tracking Technologies, such as:
- Cookies, which are small text files that websites send to your computer or mobile device. This includes session cookies (which are deleted once you close your browser) and persistent cookies (which remain on your computer or device until you delete them or they expire)
- Pixel tags (also known as web beacons), which are pieces of code embedded in our Services that collect information about engagement on our Site or emails. To make it easier, we call cookies and pixel tags/web beacons “Tracking Technologies”
- We use the third-party analytics tools, including:
- We use Tracking Technologies for the following purposes:
- when it is operationally necessary for us to provide you access to our Site or Services. This also includes tracking behavior in order to protect against irregular, fraudulent, or possibly illegal behavior on our Site or Services
- to assess the performance of how you and others use our Site and Services (for more information, read the Analytics section below)
- to enhance the functionality of our Site or Services. This includes identifying you when you sign into our Services and keeping track of your preferences, interests, or past items viewed
- to target our advertising to you using Tracking Technologies that we or our third-party partners place on our Site or other websites
C. Information collected from third parties
2. How We Use Your Information
We use information that we collect about you for the following purposes:
- To develop and provide you with the Site and Services, including to:
- operate the Site, manage accounts and provide the Services
- determine your eligibility for our Services and our partners’ programs
- improve, personalize, and enable your use of the Site and Services
- develop new products and features
- To protect Gusto, our users, and the public, and comply with applicable law, regulation, or legal process, including to:
- validate user information for fraud and risk detection purposes
- resolve disputes and protect the rights of users and third parties
- respond to claims and legal process (such as subpoenas and court orders)
- monitor and enforce compliance with the applicable Terms of Service
- prevent or stop any activity that may be illegal, unethical, or legally actionable
- To operate our business, including to:
- process payment transactions
- manage and enforce contracts with you or with third parties
- manage our corporate governance, compliance and auditing practices
- recruit new hires, if you submit an application for employment with Gusto
- generate anonymized or aggregated data
- To communicate with you as part of your use of Services, including to:
- respond to requests or questions you submit to our support staff
- send you surveys and get your feedback about the Services
- otherwise contact you with Services-related notices
- To advertise and market to you, including to:
- determine your eligibility for certain programs, events, and offers
- inform you of our or our partners’ products, services, features or promotions
- provide you with newsletters, articles, reports, and announcements
- develop “interest-based” or “personalized advertising,” including through cross-device tracking
- For any other purpose for which you, your employer, or your employer’s agent expressly authorize us to use your information.
3. When and with Whom We Share Your Information
We will only share your information with the categories of third parties listed below for the purposes described above in the “Use of Your Information” section, unless otherwise noted at the point of collection.
- Service Providers that have signed an agreement with us that limits how they use your information and promises to keep your information confidential. Examples include:
- banks, financial institutions, and credit bureaus
- companies or organizations that provide services such as website hosting (ex: AWS), customer management (ex: Salesforce) and customer service
- Business Partners with whom we jointly offer products or services. Examples include:
- insurance carriers and third-party administrators, for users of the Benefits Service. We will share your protected health information (as defined in 45 C.F.R. Part 160) only as is (i) authorized by you; (ii) necessary for us to provide you with the Benefits Service; and (iii) compliant with the Health Insurance Portability and Accountability Act (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act (“HITECH”), as amended from time to time.
- third-party partners that provide services through our Site or Services, such as accounting software (ex: Xero) and 401(k) management (ex: Guideline). Some partners offer you their services through Gusto’s Application Program Interface (API) or Software Development Kits (SDKs). For more information about Gusto’s use of APIs and SDKs, please contact us.
- Advertising Partners that deliver advertisements about us to you, including Advertising Partners that utilize Tracking Technologies in order to deliver advertisements that are personalized to you when you visit their websites (“interest-based advertising” or “personalized advertising”)
- Government agencies, including taxing authorities and their authorized collectors, in the countries in which we operate, only as necessary for us to provide you with the Services.
- Other parties under the circumstances described below:
- for legal reasons, including:
- with companies that verify your identity for us and detect fraud
- with legal and financial advisors, auditors, examiners, and certain (including potential) investors
- with companies that may acquire us, if we are involved in a merger, acquisition, or sale of assets
- to comply with applicable law, regulation, or legal process, including to:
- comply with law enforcement or national security requests
- comply with legal process, such as a court order or subpoena (including in a country other than your home country)
- protect your, our, or others’ rights, property, or safety
- enforce our policies or contracts and collect amounts owed to us
- assist with an investigation or prosecution of suspected or actual illegal activity
- to manage the referral program, including emailing potential customers that you have referred to us, which reference your name as the referral source
- to further public policy goals, including:
- publishing reports that incorporate aggregated, non-personally identifiable information about customer attributes, transactions, and behavior
- sharing data containing aggregated and/or non-personally identifiable customer information with non-profit or non-partisan organizations, academic institutions, think tanks, trade associations, consultancies, or similar organizations, only if they have signed an agreement with us that restricts how they can store, access, share, and use the information
- for any other purpose and to any other person with whom you, your employer, or your employer’s agent expressly authorize us to share your information
- for legal reasons, including:
4. Your Privacy Choices and Rights
Your Privacy Choices. The privacy choices you may have about your personal information are determined by applicable law and are described below.
- Email and Text Messages. You can opt out of our promotional emails by using the unsubscribe link located at the bottom of our promotional emails, contacting us as described below, or visiting https://go.gusto.com/pls-dont-leave-us.html. You can opt out of text messages from us by replying “STOP” or contacting us as described below. If you decide to opt-out, we may still send you non-promotional communications such as your payday emails and messages about your account.
- Mobile Notifications. We may send you push notifications through our mobile app. You can opt out from receiving push notifications by changing the settings on your mobile device.
- “Do Not Track.” Do Not Track (“DNT”) is a privacy setting you can set on some web browsers that signals to websites like ours that you don’t want your online activities to be tracked. At this time, we do not respond to DNT signals sent to us by your web browser.
- Cookies and Interest-Based Advertising. You may stop us from sending Tracking Technologies to your browser by changing the settings on your browser. However, if you block all Tracking Technologies, our Services may not work properly. Please note you must separately opt out in each browser and on each device. You can learn how to manage your cookies on these popular browsers by clicking on the links below.
- Google Chrome. For more information, visit Google Chrome
- Internet Explorer. For more information, visit Internet Explorer
- Mozilla Firefox. For more information, visit Mozilla Firefox
- Safari – Desktop. For more information, visit Safari (Desktop)
- Safari – Mobile. For more information, visit Safari (Mobile)
- Android – Browser. For more information, visit Android Browser
You may stop us from personalizing our advertisements to you on some mobile applications by following the instructions for Android, iOS, and others. You may also opt out of receiving targeted ads from advertising partners that participate in self-regulatory programs, such as the Network Advertising Initiative, the Digital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada.
Your Privacy Rights. In accordance with applicable law, you may have the following rights. To exercise these rights, please contact us as set forth below.
- Access personal information about you, including confirming whether we are processing your personal information and obtaining access to your personal information
- Request correction of your personal information where it is inaccurate or incomplete
- Request deletion of your personal information
- Request restriction of or object to our processing of your personal information
- Withdraw your consent to our processing of your personal information.
5. Important Information
We employ administrative, physical and technical measures designed to protect your information from unauthorized access and to comply with applicable privacy laws in the states and countries in which we operate. Your personal information will be kept on our servers or on those of our service providers and only those employees that require it for the purposes of their duties will have access to your personal information. We have also implemented controls which require our third-party service providers and partners to have appropriate safeguards to protect your personal information However, despite these efforts, no security measures are perfect or impenetrable and no method of data transmission can be guaranteed to prevent any interception or other type of misuse. We also depend on you to protect your information. If you become aware of any breach of security or privacy, please notify us immediately. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized disclosure.
International Data Transfers
All information processed by us or our service providers may be transferred, processed, or stored anywhere in the world, including in countries that may have data protection laws that are different from the laws where you live. Your information may be accessible to the courts, law enforcement, and national security authorities of the United States. We endeavor to safeguard your information consistent with the requirements of applicable laws. If your personal information is transferred to a country other than your home country, we will take measures to protect your personal information with appropriate contract clauses. To obtain more information about Gusto’s policies and practices with respect to service providers outside your country, please contact us as set forth below.
Links to Other Sites
Our Policy Toward Children
The Service is not directed to children under 13. However, if a child under the age of 13 is a dependent on a benefits plan covered by the Benefits Service, we may collect information about the child (solely as needed to provide the Benefits Service) from the child’s parent or legal guardian, or from insurance carriers and third-party administrators.
Notice to California Consumers
This Supplemental California Privacy Notice only applies to our processing of personal information that is subject to the California Consumer Privacy Act of 2018 (“CCPA”). The CCPA specifies that natural persons who are California residents have the right to know what categories of personal information Gusto has collected about them and whether Gusto has disclosed or sold that personal information for a business purpose (e.g., to a service provider) in the preceding 12 months.
For purposes of the CCPA, Gusto does not “sell” personal information, nor do we have actual knowledge of any “sale” of personal information of minors under 16 years of age.
Categories of personal information we may collect about you:
- Identifiers (ex: name, email address, mailing address, phone number, signature);
- Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) (ex: Social Security number, passport number, driver’s license or state identification card number, insurance policy number, employment, employment history, financial information, medical information, or health insurance information)
- Protected classification characteristics under California or federal law (ex: age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, gender, sex, sexual orientation, veteran or military status, genetic information (including familial genetic information);
- Commercial information (ex: sales engagement history)
- Biometric information (ex: photographs of office visitors for identification badges);
- Internet or other electronic network activity information (ex: IP address, unique personal identifier, web history, advertising history)
- Geolocation data (ex: the location from which you’re logging in)
- Employment-related information (ex: employment history, employer name)
- Education information (ex: education history).
Categories of third parties who we may share that information:
Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights
You have the right not to receive discriminatory treatment from Gusto for exercising the privacy rights granted by the CCPA.
Verifiable Consumer Requests
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. In order to verify your request, we will ask you to provide your name, email address, and certain other pieces of identifying information. Once you have submitted this information and any necessary supporting documentation, we will confirm the information by reviewing it against Gusto’s records. To designate an authorized agent, please contact us as set forth below.
Notice to Nevada Residents
If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Information to third parties who intend to license or sell that Personal Information. Please note that we do not currently sell your Personal Information as sales are defined in Nevada Revised Statutes Chapter 603A. If you have any questions, please contact us as set forth below.