Gusto

Privacy Policy

Last Updated: December 21, 2020

This Privacy Policy explains how information about you is collected, used and disclosed by ZenPayroll, Inc., dba Gusto and its subsidiaries (collectively, “Gusto,” “we,” “us” or “our”) when you access or use our website (https://gusto.com), including through our associated point-of-sale or mobile applications (the “Site”), or our online payroll, benefits, human resources, financial, and other services (collectively, the “Services”). By accessing the Site or using the Services, you agree to our collection, use and disclosure of your information as outlined in this Privacy Policy. If you access our Services through your employer or another entity (our “Customer”), please note that this data and your account are controlled by the Customer and we process this data at their direction.

1. Information We Collect and How We Collect it

When you access our Site or use the Services, we collect and store certain information about you, including “personal information.” Personal information is information that, alone or in combination with other information in our possession, could be used to personally identify you. We collect the following categories of personal information and other information as described below.

A. Information you provide

Information You Provide Directly. We may collect or receive the following categories of personal information when you, your employer, or your employer’s designated administrator or accountant  access the Site, request to receive information about Gusto or its Services, create an account, verify your identity, use any of the Services, or otherwise communicate with us, including through customer support channels. 

  • Financial Information, such as:
    • Bank account and routing number
    • Bank account balance and transaction information
  • Identification Information, such as: 
    • Name, mailing address, email address, phone number, birthdate
    • Social Security number, Taxpayer Identification number
    • Government-issued documentation, such as drivers license or passport
  • Taxpayer Information, such as:
    • Federal Employer Identification Number (FEIN)
    • Tax withholding selections, including how many dependents you have, jobs you’ve worked in a year, and your tax filing status
  • Health and Welfare Benefits Information, such as:
    • Identification information for you and your dependents
    • Life events and conditions that impact benefits eligibility, including marital status, employment information, and illness or disability information 
    • Insurance policy information, including plan numbers, benefits and coverage information, and premium amounts
    • Insurance claim information, including monetary amounts, CPT codes, and other information required to process or verify claims 

Other Information You Voluntarily Choose to Provide. We may collect information, including personal information, that you voluntarily provide to us when you: 

  • participate in surveys, contests, sweepstakes, or promotions 
  • register for, attend, or participate in conferences, webinars, or events
  • provide us feedback or comment on our blogs or social media pages
  • submit information to us so that we can assess potential business opportunities
  • apply for a job position with us
B. Information collected automatically

We automatically collect certain information when you access the Site or use the Services.

  • Electronic & Online Identifiers (IDs), such as:
    • If on a mobile device: mobile carrier, device IDs, and mobile advertising IDs
    • If using a browser: operating system, browser type, and Internet Protocol (IP) address
  • Geolocation Information, such as: 
    • Approximate location derived from IP address (if using a browser)
    • Precise location (based on the GPS coordinates of your device) only if you have opted into a product feature that includes it (such as a geo-fenced or geo-location time tracking service). 
  • Internet Activity Information, such as:
    • Your “log-in” and “log-out” information
    • The pages that you visit before, after, and while using our Services
    • Pages you visit, links you click, and the content you view on the Site
  • Single Sign-On Information (SSO) that allows us to verify your authorized access to the Services from another service you use and with which we partner, such as your email.
  • We collect information using Tracking Technologies, such as: 
    • Cookies, which are small text files that websites send to your computer or mobile device. This includes session cookies (which are deleted once you close your browser) and persistent cookies (which remain on your computer or device until you delete them or they expire) 
    • Pixel tags (also known as web beacons), which are pieces of code embedded in our Services that collect information about engagement on our Site or emails. To make it easier, we call cookies and pixel tags/web beacons “Tracking Technologies”
  • We use Tracking Technologies for the following purposes:
    • when it is operationally necessary for us to provide you access to our Site or Services. This also includes tracking behavior in order to protect against irregular, fraudulent, or possibly illegal behavior on our Site or Services
    • to assess the performance of how you and others use our Site and Services (for more information, read the Analytics section below)
    • to enhance the functionality of our Site or Services. This includes identifying you when you sign into our Services and keeping track of your preferences, interests, or past items viewed
    • to target our advertising to you using Tracking Technologies that we or our third-party partners place on our Site or other websites
  • Social Media Platforms. Our Services may contain social media buttons such as Facebook, LinkedIn, Twitter, and Instagram (that might include widgets such as the “share this” button or other interactive mini programs). These features may collect your IP address, which page you are visiting on our Services, and may set a cookie to enable the feature to function properly. Your interactions with these platforms are governed by the privacy policy of the company providing it.
C. Information collected from third parties

We may collect and receive information about you, including personal information, from third parties, such as your employer, your employer’s accountant or service providers, financial institutions, credit bureaus, insurance carriers and third-party administrators, and our service providers, for the purposes described in this Privacy Policy. In addition, we may receive demographic and business industry information about you from third parties to help us better understand our users and to improve and market the Services.

We may use Plaid Technologies, Inc. (“Plaid”) to collect information from financial institutions. By connecting your bank account using Plaid, you acknowledge and agree that such information will be treated in accordance with Plaid’s Privacy Policy.

2. How We Use Your Information

We use information that we collect about you for the following purposes:

  • To develop and provide you with the Site and Services, including to:
    • operate the Site, manage accounts and provide the Services
    • determine your eligibility for our Services and our partners’ programs
    • improve, personalize, and enable your use of the Site and Services 
    • develop new products and features
  • To protect Gusto, our users, and the public, and comply with applicable law, regulation, or legal process, including to:
    • validate user information for fraud and risk detection purposes
    • resolve disputes and protect the rights of users and third parties
    • respond to claims and legal process (such as subpoenas and court orders) 
    • monitor and enforce compliance with the applicable Terms of Service
    • prevent or stop any activity that may be illegal, unethical, or legally actionable
  • To operate our business, including to:
    • process payment transactions
    • manage and enforce contracts with you or with third parties
    • manage our corporate governance, compliance and auditing practices
    • recruit new hires, if you submit an application for employment with Gusto
    • generate anonymized or aggregated data 
  • To communicate with you as part of your use of Services, including to:
    • respond to requests or questions you submit to our support staff 
    • send you surveys and get your feedback about the Services
    • otherwise contact you with Services-related notices
  • To advertise and market to you, including to:
    • determine your eligibility for certain programs, events, and offers
    • inform you of our or our partners’ products, services, features or promotions 
    • provide you with newsletters, articles, reports, and announcements 
    • develop “interest-based” or “personalized advertising,” including through cross-device tracking
  • For any other purpose for which you, your employer, or your employer’s agent expressly authorize us to use your information.

3. When and with Whom We Share Your Information

We will only share your information with the categories of third parties listed below for the purposes described above in the “Use of Your Information” section, unless otherwise noted at the point of collection.

  • Service Providers that have signed an agreement with us that limits how they use your information and promises to keep your information confidential. Examples include:
    • banks, financial institutions, and credit bureaus
    • companies or organizations that provide services such as website hosting (ex: AWS), customer management (ex: Salesforce) and customer service
  • Business Partners with whom we jointly offer products or services. Examples include:
    • insurance carriers and third-party administrators, for users of the Benefits Service. We will share your protected health information (as defined in 45 C.F.R. Part 160) only as is (i) authorized by you; (ii) necessary for us to provide you with the Benefits Service; and (iii) compliant with the Health Insurance Portability and Accountability Act (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act (“HITECH”), as amended from time to time.
    • third-party partners that provide services through our Site or Services, such as accounting software (ex: Xero) and 401(k) management (ex: Guideline). Some partners offer you their services through Gusto’s Application Program Interface (API) or Software Development Kits (SDKs). For more information about Gusto’s use of APIs and SDKs, please contact us. 
  • Advertising Partners that deliver advertisements about us to you, including Advertising Partners that utilize Tracking Technologies in order to deliver advertisements that are personalized to you when you visit their websites (“interest-based advertising” or “personalized advertising”)
  • Government agencies, including taxing authorities and their authorized collectors, in the countries in which we operate, only as necessary for us to provide you with the Services.
  • Other parties under the circumstances described below:
    • for legal reasons, including:
      • with companies that verify your identity for us and detect fraud 
      • with legal and financial advisors, auditors, examiners, and certain (including potential) investors
      • with companies that may acquire us, if we are involved in a merger, acquisition, or sale of assets
    • to comply with applicable law, regulation, or legal process, including to:
      • comply with law enforcement or national security requests
      • comply with legal process, such as a court order or subpoena (including in a country other than your home country) 
      • protect your, our, or others’ rights, property, or safety 
      • enforce our policies or contracts and collect amounts owed to us 
      • assist with an investigation or prosecution of suspected or actual illegal activity
    • to manage the referral program, including emailing potential customers that you have referred to us, which reference your name as the referral source
    • to further public policy goals, including:
      • publishing reports that incorporate aggregated, non-personally identifiable information about customer attributes, transactions, and behavior
      • sharing data containing aggregated and/or non-personally identifiable customer information with non-profit or non-partisan organizations, academic institutions, think tanks, trade associations, consultancies, or similar organizations, only if they have signed an agreement with us that restricts how they can store, access, share, and use the information
    • for any other purpose and to any other person with whom you, your employer, or your employer’s agent expressly authorize us to share your information

 4. Your Privacy Choices and Rights

Your Privacy Choices. The privacy choices you may have about your personal information are determined by applicable law and are described below. 

  • Email and Text Messages. You can opt out of our promotional emails by using the unsubscribe link located at the bottom of our promotional emails, contacting us as described below, or visiting https://go.gusto.com/pls-dont-leave-us.html. You can opt out of text messages from us by replying “STOP” or contacting us as described below. If you decide to opt-out, we may still send you non-promotional communications such as your payday emails and messages about your account.
  • Mobile Notifications. We may send you push notifications through our mobile app. You can opt out from receiving push notifications by changing the settings on your mobile device.
  • “Do Not Track. Do Not Track (“DNT”) is a privacy setting you can set on some web browsers that signals to websites like ours that you don’t want your online activities to be tracked. At this time, we do not respond to DNT signals sent to us by your web browser.
  • Cookies and Interest-Based Advertising. You may stop us from sending Tracking Technologies to your browser by changing the settings on your browser. However, if you block all Tracking Technologies, our Services may not work properly. Please note you must separately opt out in each browser and on each device. You can learn how to manage your cookies on these popular browsers by clicking on the links below.

You may stop us from personalizing our advertisements to you on some mobile applications by following the instructions for Android, iOS, and others. You may also opt out of receiving targeted ads from advertising partners that participate in self-regulatory programs, such as the Network Advertising Initiative, the Digital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada

Your Privacy Rights. In accordance with applicable law, you may have the following rights. To exercise these rights, please contact us as set forth below.

  • Access personal information about you, including confirming whether we are processing your personal information and obtaining access to your personal information
  • Request correction of your personal information where it is inaccurate or incomplete
  • Request deletion of your personal information
  • Request restriction of or object to our processing of your personal information
  • Withdraw your consent to our processing of your personal information. 

 5. Important Information

Security

We employ administrative, physical and technical measures designed to protect your information from unauthorized access and to comply with applicable privacy laws in the states and countries in which we operate. Your personal information will be kept on our servers or on those of our service providers and only those employees that require it for the purposes of their duties will have access to your personal information. We have also implemented controls which require our third-party service providers and partners to have appropriate safeguards to protect your personal information However, despite these efforts, no security measures are perfect or impenetrable and no method of data transmission can be guaranteed to prevent any interception or other type of misuse. We also depend on you to protect your information. If you become aware of any breach of security or privacy, please notify us immediately. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized disclosure.

International Data Transfers

All information processed by us or our service providers may be transferred, processed, or stored anywhere in the world, including in countries that may have data protection laws that are different from the laws where you live. Your information may be accessible to the courts, law enforcement, and national security authorities of the United States. We endeavor to safeguard your information consistent with the requirements of applicable laws. If your personal information is transferred to a country other than your home country, we will take measures to protect your personal information with appropriate contract clauses. To obtain more information about Gusto’s policies and practices with respect to service providers outside your country, please contact us as set forth below.

Links to Other Sites

This Privacy Policy only covers the privacy practices of Gusto. It does not apply to the practices of third-party websites, services, or applications, even those who we have partnered or integrated with.  Third-party services handle your information in accordance with their own practices and privacy policies. We are not responsible for their policies, practices, or handling of your information.

Our Policy Toward Children

The Service is not directed to children under 13. However, if a child under the age of 13 is a dependent on a benefits plan covered by the Benefits Service, we may collect information about the child (solely as needed to provide the Benefits Service) from the child’s parent or legal guardian, or from insurance carriers and third-party administrators. 

Notice to California Consumers

This Supplemental California Privacy Notice only applies to our processing of personal information that is subject to the California Consumer Privacy Act of 2018 (“CCPA”). The CCPA specifies that natural persons who are California residents have the right to know what categories of personal information Gusto has collected about them and whether Gusto has disclosed or sold that personal information for a business purpose (e.g., to a service provider) in the preceding 12 months.

For purposes of the CCPA, Gusto does not “sell” personal information, nor do we have actual knowledge of any “sale” of personal information of minors under 16 years of age.

Categories of personal information we may collect about you:

  • Identifiers (ex: name, email address, mailing address, phone number, signature);
  • Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) (ex: Social Security number, passport number, driver’s license or state identification card number, insurance policy number, employment, employment history,  financial information, medical information, or health insurance information)
  • Protected classification characteristics under California or federal law (ex: age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, gender, sex, sexual orientation, veteran or military status, genetic information (including familial genetic information);
  • Commercial information (ex: sales engagement history)
  • Biometric information (ex: photographs of office visitors for identification badges);
  • Internet or other electronic network activity information (ex: IP address, unique personal identifier, web history, advertising history)
  • Geolocation data (ex: the location from which you’re logging in)
  • Employment-related information (ex: employment history, employer name)
  • Education information (ex: education history).

Categories of third parties who we may share that information: 

  • Service Providers as described in Part 3 of this Privacy Policy
  • Business Partners as described in Part 3 of this Privacy Policy

Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights

You have the right not to receive discriminatory treatment from Gusto for exercising the privacy rights granted by the CCPA.

Verifiable Consumer Requests

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. In order to verify your request, we will ask you to provide your name, email address, and certain other pieces of identifying information. Once you have submitted this information and any necessary supporting documentation, we will confirm the information by reviewing it against Gusto’s records. To designate an authorized agent, please contact us as set forth below.

Notice to Nevada Residents

If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Information to third parties who intend to license or sell that Personal Information. Please note that we do not currently sell your Personal Information as sales are defined in Nevada Revised Statutes Chapter 603A. If you have any questions, please contact us as set forth below.

Changes to this Privacy Policy

Any information that we collect is subject to the Privacy Policy in effect at the time such information is collected. We may, however, modify and revise our Privacy Policy from time to time. If we make any material changes to this policy, we will notify you of such changes by posting them on the Site, informing you through the Services, or sending you an email or other notification, and we will indicate when such changes will become effective. By continuing to access or use the Site or the Services after those changes become effective, you agree to be bound by the revised policy.

Contact Information

If you have any questions about our privacy practices or this Privacy Policy, or to exercise your privacy rights as detailed in this Privacy Policy, please contact us at:

Gusto
Attn: Privacy Lead
525 20th Street
San Francisco, CA 94107
[email protected]
+1 (800) 936-0383