Gusto Cofounder
Gusto Cofounder is an AI-powered conversational interface to Gusto. A user can use Gusto Cofounder to manage payroll, benefits, HR, time, compliance, and more -- all through a chat interface. This app for Slack enables Gusto Cofounder to connect to the user's Slack Workspace via Slack's remote MCP server. Once connected, a user can instruct Gusto Cofounder to send and read messages in the user's Slack Workspace. For example, the user can say to Gusto Cofounder: "Check if there are any un-submitted timesheets for this week's payroll and if there are, send a reminder over Slack to those employees to submit their timesheet." A user can also communicate to Gusto Cofounder from the bot for Slack. For example, the user can say to the bot: "Who are my employees on Gusto?" and the bot will respond with the correct information. A paid Slack plan is required to use this functionality. AI can make mistakes. Please review important outputs before relying on them.
Gusto Cofounder will be able to view:
Gusto Cofounder will be able to do:
Review the details to better understand this app’s security practices. To learn more about assessing apps for your workspace visit our Help Center.
General
Developer
Gusto, Inc.
Company headquarters location
United States
Terms of service
Privacy & data governance
Data retention policy
Gusto retains personal data only for as long as needed to provide its services and fulfill the purposes described in its Privacy Notice, taking into account factors such as whether there is an ongoing customer or employer relationship, whether the data is needed to deliver requested products or services, and whether legal, regulatory, third-party, or internal recordkeeping obligations require continued retention. Gusto also notes that some deletion requests may be denied in whole or in part when retention is required for legal purposes, and its terms indicate that, because Gusto is subject to certain state and federal retention requirements as a financial institution, some employer data may not be removable from the platform.
Data archiving and removal policy
Gusto’s data archival and removal approach provides that, at the expiration or termination of the agreement, company personal data must be handled according to the agreement’s deletion terms, including secure destruction of all copies, expressly including automatically created archival copies, within 30 calendar days, unless applicable law requires longer retention. If requested, a copy of the data is to be returned within 30 days before deletion, and any retained data remains subject to the same contractual protections until it is destroyed. More generally, Gusto notes that deletion requests may be denied in whole or in part where legal obligations require retention of some or all data.
Data storage policy
Gusto’s data storage policy provides that personal data is stored only as necessary to deliver the services, using administrative, physical, and technical safeguards designed to protect it from unauthorized access, loss, destruction, theft, misuse, and disclosure; this includes encryption in transit and at rest, storage in physically and logically secure environments, and hosting platforms configured to reasonable industry-standard security requirements. Gusto also states that it may use contracted service providers, including IT and hosting providers, and that information processed by Gusto or its service providers may be transferred, processed, or stored globally, including in the United States, with contractual and legal safeguards applied where required, while also complying with any applicable local data localization obligations.
Data center location(s)
United States
Data hosting details
AWS
Data hosting company
AWS
App/service has sub-processors
no
App/service uses large language models (LLM)
yes
LLM model(s) used
OpenAI ChatGPT 5.4
LLM retention settings
Gusto Cofounder uses zero-data-retention (ZDR) LLM instances for everything except for files that are uploaded by the user.
LLM data tenancy policy
Gusto Cofounder uses OpenAI's API Platform (platform.openai.com), which is a multi-tenant
service with logical isolation.
LLM data residency policy
Gusto Cofounder maintains a US-only data residency policy
Certifications & compliance
Data deletion request procedure
You may contact us via our directly at privacy@gusto.com
Our backend systems automatically process data deletion requests according to compliance requirements.
HIPAA compliant
yes
While this app may offer HIPAA compliance, Slack does not have a business associate agreement with any third-party application providers, including those in the Slack Marketplace, so you are responsible for validating the provider's compliance and executing an appropriate agreement before enabling.
Security
Supports Single Sign On (SSO) with the following providers
Google
Supports Security Assertion Markup Language (SAML)
yes
Has a dedicated security team
yes
Contact for security issues
security@gusto.com
Has a vulnerability disclosure program
yes
Vulnerability disclosure program URL
Vulnerability disclosure program covers Slack app
yes
Has a bug bounty program
yes
Bug bounty program URL
Requires third party authorization/connections
yes
Uses token rotation
no