Is Gusto safe with your data?

Gusto

Gusto, Inc.

63/100

Partial disclosure · high confidence

Gusto earns a C (63/100) because it discloses its data practices only in part.

#82

of 177 apps ranked

score · HR & recruiting avg 65

-2

vs category average

Grade scaleA · 85–100B · 70–84C · 55–69D · 40–54F · 0–39

Gusto's controller Privacy Notice earns a C. It bars its third-party AI and large language model providers from training on user personal information, grants access, deletion, correction, and consent-withdrawal rights, and honors Global Privacy Control signals. It loses points for vague retention with no day count or deletion timeline, no data portability right, no breach notification commitment, and selling several data categories to advertising partners (an opt-out is offered, so this counts as a conditional practice). It has no dealbreaker reservations.

What Gusto's privacy policy says about your data

No AI training on your data

The notice states that Gusto does not permit its third-party AI and large language model providers to use your personal information to train, fine-tune, or improve their AI models. AI-powered integrations are optional and can be disconnected at any time.

Strong rights, no portability

The notice grants access to a copy, deletion, correction, consent withdrawal, and a no-discrimination right, and it honors Global Privacy Control signals. It does not offer a data portability right.

Sells to advertisers with an opt-out

The California chart marks several data categories as sold or shared for targeted advertising. The notice offers an opt-out through the Your Privacy Choices link and the Privacy Request Portal, which makes this a conditional practice.

Vague retention, silent on breaches

Retention is described only as for as long as necessary to fulfill the purposes, with no day count and no deletion timeline. The Security section names administrative, physical, and technical measures but makes no breach notification commitment.

What the policy is silent or vague on

Not stated: whether training use differs by plan
Not stated: data portability
Not stated: a deletion timeline after closure or request
Not stated: shorter retention for AI conversation logs

Gusto privacy rating

Training-data use2 of 4 disclosed

Keeps user inputs out of model training, or makes training opt-inDisclosed

Names a way to opt out of or into trainingDisclosed

Says whether training use differs by plan or tierSilent

Lets the user keep ownership of generated outputsPartial

Data-subject rights4 of 5 disclosed

Grants a right to access your dataDisclosed

Grants a right to delete your dataDisclosed

Offers data portability in a usable formatSilent

Grants a right to correct your dataDisclosed

Grants a way to object to or opt out of processingDisclosed

Retention and deletion0 of 4 disclosed

States a retention period for your dataPartial

States a deletion timeline after closure or requestSilent

Sets a shorter retention for AI conversation logsSilent

Commits to collecting only the data it needsPartial

Third-party sharing2 of 5 disclosed

Lists the categories of third parties it shares withDisclosed

References a sub-processor list or data processing agreementPartial

Does not sell or share data for advertising, or offers opt-outPartial

Names a safeguard for international data transfersPartial

States a standard for government and law-enforcement accessDisclosed

Transparency3 of 4 disclosed

Discloses that you are interacting with AIDisclosed

Marks AI-generated or synthetic outputNot applicable

Enumerates the categories of data it collectsDisclosed

Maps processing purposes to legal basesPartial

Is versioned and dated, with change noticeDisclosed

Sensitive data and children2 of 3 disclosed

Discloses automated decisions and a human-review pathPartial

Limits the use of special-category dataDisclosed

Governs biometric data specificallyNot applicable

States protections for children's dataDisclosed

Security and accountability0 of 3 disclosed

Describes its security safeguardsPartial

Commits to breach notificationSilent

Names a certification or a privacy contactSilent

DisclosedPartialSilentAdverseNot applicable

Details

Category: HR & recruiting
Modalities: text
Processes biometrics: No
Policy last updated: 2026-06-01
Region scored: Global / US-default
Assessed: 2026-06-20

Read Gusto's privacy policy

Other hr & recruiting apps

Each grade reflects our analysis of what an app states in its public privacy policy and terms as of the assessment date. It measures the transparency of those documents, not the company's actual data practices, security, or compliance. Grades are our opinion, offered for general information. Full disclaimer.