Gusto | Online Payroll Services, HR, and Benefits
See demo
Create free account
How it works
Sign in
Gusto

Terms

Privacy Notice

Last Updated: April 22, 2026

Effective Date: April 22, 2026

The Gusto Privacy Notice describes how Gusto, Inc. and its subsidiaries and affiliates (collectively, "Gusto", "we", "us", or “our”), collects, uses, and shares your personal information for our own purposes as a “controller” or “business” when you interact with Gusto’s small business platform, including our applications, websites, software, and support services (the “Platform”) through which we offer products and services (“Services”) to end users directly or through a third party program.

We recognize that privacy is an ongoing responsibility, and so we will update this Privacy Notice as we undertake new personal information practices or adopt new privacy policies. If you have any questions about this Privacy Notice or Gusto’s data-handling practices, please contact [email protected]. By accessing or using our Platform or Services, you acknowledge that you have read this Privacy Notice and agree to our privacy practices.

Where This Notice Applies

This Privacy Notice applies when you:

  • access, visit, interact with, or use Gusto’s Platform or Services;
  • create or use a Gusto Member account;
  • receive communication from us or otherwise communicate with us, including but not limited to emails, phone calls, texts, or interactions on branded social media pages including customer support interactions;
  • register for, attend, or take part in events, webinars, and trainings; and
  • participate in surveys, research, questionnaires, or other similar data collection facilitated by us.

This Privacy Notice does not apply when we process personal information on behalf of our customers as a “processor” or “service provider”. For example, if you are an employee of a Gusto customer (an “Employer”) and access the Gusto Services for payroll processing through your employer, this Privacy Notice may not apply. If you have questions or concerns about the personal information your employer manages about you via Gusto’s Services, please reach out directly to your employer.

Personal Information We Collect

The personal information we collect depends on your interaction and relationship with us. We collect and process the following categories and types of personal information with your consent or as otherwise required or permitted by law.

Information From You: We may collect or receive the following personal information from you subject to your use of our Platform or Services:

  • Account information, such as account usernames, passwords, and security credential information;
  • Biometric information, such as facial photographs for office visitors;
  • Contact information,such as full name, mailing address, email address, telephone number, and business contact information;
  • Government identifiers, such as Social Security number and government-issued photo ID such as a driver’s license, military ID, or passport;
  • Communication information, such as any information provided when you communicate with us by phone, email, or chatbot;
  • Professional information, such as employer, job title, professional qualifications, and employment history;
  • Feedback information, such as your responses to surveys or other feedback provided about the company, events, and interactions;
  • Marketing and content preferences, such as how you like to be contacted and choices regarding marketing communications;
  • Financial information, such as credit card information, payment card number, payment card expiration date and CVV code, bank account number, routing number, and balance and transaction information;
  • Demographic information, such as gender, date of birth, age, racial or ethnic origin, marital status, and disability information;
  • Insurance benefits information, such as dependents, health insurance policy information, claim information, and any other information required to provide broker services;
  • Audio and visual information, such as if you allow screen sharing, attend an event, or agree to being recorded; and
  • Commercial information, such as records of products or services purchased, obtained, or considered, and purchasing histories.

Where required by applicable law, we will obtain your opt-in consent before processing certain sensitive personal information such as precise geolocation, Social Security number, and biometric data.

Information We Automatically Collect: We may automatically collect the following personal information based on your interactions with our Platform or Services.

  • Internet or electronic usage data, such as data related to network and website interaction history, IP address, website cookie information, interaction with advertisements, device information, network log, and browsing time;
  • Geolocation data, such as approximate location derived from IP address and precise location data if you have granted permission to share;
  • Inferences, such as information from the categories of personal information described above in order to create inferences about you, to reflect your preferences, characters, behavior, and attitude; and
  • Other identifiers and information contained in cookies and similar tracking technologies as described in the Cookies, Analytics, and other Tracking Technologies section.

Information From Other Sources: We may collect and receive information about you, including personal information, from third parties and combine this information with personal information collected from other sources. These sources may include:

  • Your employer and your employer’s accountant or service providers;
  • Financial institutions, credit bureaus, insurance carriers and third-party administrators, and our service providers;
  • Public and third party data sources; and
  • Plaid Technologies, Inc. (“Plaid”) to collect information from financial institutions. By connecting your bank account using Plaid, you acknowledge and agree that such information will be treated in accordance with Plaid’s Privacy Policy.

How We Use Personal Information

We use the personal information we collect for purposes described in this Privacy Notice or as otherwise disclosed to you. For example, we use personal information for the following purposes:

  • Provide our Services;
  • Process transactions;
  • Manage account;
  • Determine eligibility for our Services and our partners’ programs;
  • Operate, develop, evaluate, and improve our business and Services;
  • Develop new products and features for our Services which may include the use of AI;
  • Protect against, identify, and prevent fraud, theft, and other illegal activity;
  • Maintain and enhance the safety and security of our Platform and Services;
  • Exercise our rights and remedies and defend against legal claims to protect us and our property;
  • Comply with applicable law, regulation, industry standards, or legal process;
  • Verify your identity;
  • Resolve disputes and protect the rights of users and third parties;
  • Monitor and enforce compliance with the applicable Terms of Service;
  • Prevent or stop any activity that may be illegal, unethical, or legally actionable;
  • Communicate with you as part of your use of Services;
  • Respond to inquiries, requests or questions, provide support, and resolve disputes;
  • Advertise and market our products and services and to send you information about third-party products and services;
  • Determine eligibility for, and administer participation in certain programs, features, events, and offers including but not limited to surveys, contests, sweepstakes, and promotions;
  • Provide “personalized” or “interest-based” advertising including through the use of cross-device tracking; and
  • For any other purpose for which we may describe to you.

How We Disclose Personal Information

We share your personal information with the categories of third parties listed below for the purposes described in the How We Use Personal Information section, unless otherwise noted at the point of collection or with your consent. No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

Your organization where your organization is a customer or potential customer of Gusto.

Service providers that we have contracted with to provide services on our behalf such as IT and hosting, data analytics, identity verification, customer support, chatbot technology, email fulfillment, and payment services.

Business partners with whom we jointly offer products or services. For example:

  • insurance carriers and third-party administrators, for users of the Benefits Service. We will share your protected health information (as defined in 45 C.F.R. Part 160) only as is (i) authorized by you; (ii) necessary for us to provide you with the Benefits Service; or (iii) in compliance with the Health Insurance Portability and Accountability Act (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act (“HITECH”), as amended from time to time.
  • third-party partners that provide services through our Services, such as accounting software (ex: Xero). Some partners offer you their services through Gusto’s Application Program Interface (API) or Software Development Kits (SDKs). For more information about Gusto’s use of APIs and SDKs, please contact us.

Advertising partners that deliver advertisements about us to you, including advertising partners that utilize tracking technologies in order to deliver advertisements that are personalized to you when you visit their websites (“interest-based advertising” or “personalized advertising”).

Government agencies such as tax authorities and their authorized collectors.

Other parties under the circumstances described below:

  • For legal reasons, including:
    • with companies that help secure our Services and detect fraud;
    • with legal and financial advisors, auditors, examiners, and certain (including potential) investors; and
    • with companies that may acquire us, if we are involved in a merger, acquisition, or sale of assets.
  • To comply with applicable law, regulation, or legal process, including to:
    • comply with law enforcement or national security requests;
    • comply with legal process, such as a court order or subpoena (including in a country other than your home country);
    • protect your, our, or others’ rights, property, or safety;
    • enforce our policies or contracts and collect amounts owed to us; and
    • assist with an investigation or prosecution of suspected or actual illegal activity.
  • To manage our referral program, including emailing potential customers that you have referred to us, which reference your name as the referral source.
  • To further public policy goals, including:
    • publishing reports that incorporate aggregated, non-personally identifiable information about customer attributes, transactions, and behavior;
    • sharing data containing aggregated and/or non-personally identifiable customer information with non-profit or non-partisan organizations, academic institutions, think tanks, trade associations, consultancies, or similar organizations, only if they have signed an agreement with us that restricts how they can store, access, share, and use the information.
  • For any other purpose and to any other person with whom you, your employer, or your employer’s agent expressly authorize us to share your information.

How Long Do We Keep Personal Information

We will retain your personal information for as long as necessary to fulfill the purposes described in the How We Use Personal Information section above, unless otherwise required by applicable laws. Criteria we will use to determine how long we will retain your information include whether: we need your information to provide you with products or services you have requested; we continue to have a relationship with you or your employer; you or your employer have requested information, products, or services from us; we have a legal right or obligation to continue to retain your information; we have an obligation to a third party that involves your information; our retention or record keeping policies and obligations dictate that we retain your information; we have an interest in providing you with information about our products or services; and we have another business purpose for retaining your information.

Cookies, Analytics, and Other Tracking Technologies

We and our third-party partner and service providers use various technologies, including cookies, web beacons, pixels, and other similar storage technologies (collectively, “Cookies”) when you interact with our Services to collect information concerning your online activities, such as the device and browser information, the pages you visit and the content you view. This may include the use of session-recording technology to help us perform a number of functions, including to analyze purchase behavior and optimize our checkout process. We may also use third-party analytics tools to obtain such information.

What are Cookies

Cookies are small data files stored on your computer or portable device when you visit certain web pages. Cookies help us improve the user experience and allow us to personalize our Services, assess which areas and features of our Services are popular and understand customers' usage of the Services.

Why we use Cookies

When you visit or interact with our Services, we may use both session-based and persistent Cookies. Session-based Cookies exist only during a single session and disappear from your device when you close your browser. Persistent Cookies remain on your device after you close your browser until they are deleted or they expire. These Cookies, some of which may be set by third parties, serve the following purposes:

  • Strictly necessary Cookies: These Cookies are required for our Services to function, enable basic features and services, and for security purposes.
  • Performance Cookies: These Cookies enhance functions, and performance for our Services. These Cookies also are used to help us understand how you engage with our Services and advertising. If you do not allow these cookies, certain features or functions may become unavailable.
  • TargetingCookies: These Cookies enable us and third parties to gain a better understanding of your interests. This allows us to display personalized ads that are more relevant to you, not only on our Services but also on those of third-party partners.

Social Media Features

Our Services may contain social media buttons such as Facebook, LinkedIn, Twitter, and Instagram (that might include widgets such as the “share this” button or other interactive mini programs). These features may collect your IP address, which page you are visiting on our Services, and may set a cookie to enable the feature to function properly. Your interactions with these platforms are governed by the privacy policy of the company providing it.

How to Manage Cookies

  • Cookie preferences: You have the right to decide whether to accept or decline Cookies. You can exercise your Cookies preferences via the “Your Privacy Choices” link at any time.
  • Browser settings: You can manage cookies by activating the setting on your internet browser that allows you to refuse the setting of all or some cookies. Please refer to the instructions or the online help files available via your relevant browser if you wish to manage cookies in this way. Alternatively, please visitwww.allaboutcookies.org oroptout.aboutads.info/ for further information.
  • Opt out of sharing for targeted advertising: Where online tracking technologies are deemed to be a “sale” or “share” (which includes targeted advertising, as defined under the applicable laws) under one or more U.S. state privacy laws, you can opt-out of these online tracking technologies by opting out of Targeting Cookies via the “Your Privacy Choices” link available at the bottom of the Gusto website and mobile app, or via the Privacy Request Portal.

Links to Other Websites

Our Services may provide links to third-party websites and applications whose privacy practices may differ from ours. If you choose to provide personal information to any of these websites or applications, your personal information is governed by their privacy practices. Gusto is not responsible for the privacy practices of these other websites and applications. We encourage you to read the privacy notice of any website you visit or application that you use.

Security

We use administrative, physical, and technical security measures designed to reduce the risk of unauthorized access, destruction, alternation, loss, and disclosure of personal information. However, no security measures are perfect and the security of information transmitted over the internet cannot be guaranteed. You are responsible for the security of your password and the devices used to access our Services.

International Data Transfers

All information processed by us or our service providers may be transferred, processed, or stored anywhere in the world, including in countries that may have data protection laws that are different from the laws where you live. Your information may be subject to laws of another country and may require or permit the disclosure of personal information to the courts, law enforcement, and national security authorities upon request. We endeavor to safeguard your information consistent with the requirements of applicable laws. If your personal information is transferred to a country other than your home country, we will take measures to protect your personal information, for example, by implementing appropriate contractual clauses.

Your Privacy Rights and Choices

Depending on where you reside and how you interact with Gusto, you may have certain rights over the personal information we process about you. Subject to applicable law, you may have the right to:

  • request access to a copy of the personal information we hold about you;
  • request the deletion of your personal information;
  • request the correction of inaccurate, incomplete, or outdated personal information we have collected;
  • withdraw your consent if we have collected and processed your personal information with your consent. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal. Withdrawing consent may impact your ability to use our Services and will not affect processing of your personal information processed on another basis;
  • be free from discrimination for the exercise of a privacy right;
  • lodge a complaint with your local data protection authority; and
  • unsubscribe from marketing and promotional communications from us.

You may unsubscribe from receiving marketing and promotional communications from us by following the instructions included in the communication you received. For example, you can opt out of receiving promotional emails by clicking the “unsubscribe” link in the footer of the email you receive or by replying “STOP” to the text message you received. Alternatively, you can unsubscribe from marketing and promotional emails for Gusto by visiting https://go.gusto.com/pls-dont-leave-us.html.

To request that we do not “sell” or “share” your personal information for the purposes of targeted advertising, you may submit your request through our Privacy Request Portal.

To exercise any other privacy right, you may submit your request through our Privacy Request Portal or contact us using the resources in the Contact Information section. If you submit a privacy right request, we must verify your identity before fulfilling your requests. If we cannot initially verify your identity, we may request additional information to complete the verification process. We will only use personal information provided in a request to verify the requestor’s identity. If you designate an authorized agent to submit a request on behalf, we will also need to verify your identity, which may require proof of your written authorization or evidence of a power of attorney.

We will respond to requests within the time period required by applicable law. If we require more time, we will inform you of the reason and extension period in writing.

We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

We cannot respond to your request or provide you with information if we cannot verify your identity and confirm the Personal Information relates to you. Submitting a verifiable consumer request does not require you to create an account with us.

We may deny certain requests, or only fulfill some in part, as permitted or required by law. For example, if you request to delete your personal information, we may retain some or all of it for legal purposes.

We do respond to Global Privacy Control (GPC) browser signals.

You may stop us from personalizing our advertisements to you on some mobile applications by following the instructions for Android, iOS, and others. You may also opt out of receiving targeted ads from advertising partners that participate in self-regulatory programs, such as the Network Advertising Initiative, the Digital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada.

Children’s Privacy

At Gusto, our Platform and Services are not directed to individuals under the age of 16, and we do not intentionally collect or process personal information from children under the age of thirteen (13). If a child under 13 submits personal information to Gusto and we learn that the information is from a child under 13 or the personal information was received without consent from the child’s parent or legal guardian, we will attempt to delete the information. If you are a parent or guardian and you believe we have processed personal information of your child under 13, please contact us via the Contact Us information below.

Contact Information

If you have any questions about our privacy practices or this Privacy Notice, or wish to exercise your privacy rights, please submit your request through our Privacy Request Portal. You may also contact us at:

Gusto, Inc.

Attn: Legal Privacy

525 20th Street

San Francisco, CA 94107

[email protected]

Changes to This Privacy Notice

This Privacy Notice may be modified or revised from time to time. We will notify you of any material changes to this Privacy Notice as required by law. Changes to this Privacy Notice will be posted on the website where this appears. The “Last Updated” date and the “Effective Date” at the top of this webpage indicates when this Privacy Notice was last revised and its effective date respectively. We recommend you review this Privacy Notice periodically.

Additional Notice to California Consumers

Shine the Light Law: We may disclose the personal information we collect about you to third parties for their direct marketing purposes. California’s Shine The Light law permits California residents to request and obtain from us once a year, free of charge, information about the personal information we disclosed to third parties for direct marketing purposes in the preceding calendar year. You may send us requests for this information to [email protected]. Please note that not all information sharing is covered by Shine The Light requirements, and only information on covered sharing will be included in our response.

Sensitive Personal Information We Collect: As listed in the Personal Information We Collect section above, California treats certain government identification numbers, account log-in, financial information, disability information, sexual orientation, and racial or ethnic origin as “sensitive personal information”.

Your California Privacy Rights: Under CCPA, California residents have the following rights:

  • The right to know what categories and specific pieces of personal information we collect, the purposes for which we collect personal information, the sources from which we collect personal information, and whether personal information is disclosed, sold, or shared with third parties.
  • The right to request deletion of your personal information, subject to certain exceptions.
  • The right to request that we correct inaccurate or incomplete personal information.
  • The right to limit the use and disclosure of your sensitive personal information.
  • The right to opt out of the sale or sharing of your personal information, and the right to opt out of automated-decision making technology.
  • The right not to receive discriminatory treatment for exercising your rights.

Exercising Your Privacy Rights

If you wish to exercise your privacy rights, please submit your request through our Privacy Request Portal. You may also use the resources provided in the Contact Information section above.