Tally for Gusto
Payroll data for accounting — without ever seeing SSNs.
Tally reads employees, payrolls, contractors, and benefits from Gusto. SSNs, home addresses, dates of birth, and bank-account numbers are stripped at the integration layer and never accessible.
What Tally does with Gusto
Tally connects to Gusto to automate the data flow into your accounting stack — with explicit safety rules at every step.
Employee & contractor rosters
Reads employee and contractor records — names, work email, job title, department, location, and start/termination dates.
Payroll history
Reads payroll runs and contractor payments for journal-entry creation in QuickBooks. Includes gross pay, net pay, employer taxes, and benefit contributions.
Pay schedule & department visibility
Reads pay schedules, departments, and locations for accurate cost-center coding when posting payroll JEs.
Benefits & PTO
Reads benefit plans (health, dental, 401k, etc.) and time-off records. Used for accruals and benefit-cost reporting.
Custom report generation
Generates custom payroll reports via Gusto's report templates — useful for ad-hoc analysis without manual export.
Multi-entity support
Each Ballast client maps to a single Gusto company. Multi-entity clients with multiple Gusto companies need a separate connection per company.
How it works
Setup is straightforward and auditable. No copy-pasted CSVs, no shared logins.
Authorize Tally in Gusto
A Ballast accountant initiates the connection. Authorization happens through Gusto's standard OAuth or API-key flow with the minimum required scopes.
Credentials encrypted at rest
Tokens are immediately encrypted with AES-256-GCM and stored in Tally's PostgreSQL database. Plaintext credentials never touch logs or error reports.
Tally pulls and normalizes data
Tally fetches data from Gusto on a schedule, normalizes it, and ties it back to the corresponding records in QuickBooks Online.
Your accountant takes it from there
A Ballast accountant reviews exceptions, posts entries, and closes the books. You get monthly financials without lifting a finger.
Availability
This integration is provided to Ballast Consulting Group's accounting clients at no additional charge as part of their engagement. There is no per-seat fee, per-API-call fee, or per-integration fee billed to the client. The cost is included in your accounting fee.
Tally isn't sold separately. Access requires an active engagement with Ballast Consulting Group as your finance and accounting department. If you're interested in becoming a Ballast client, please reach out.
Security & compliance
Every Tally integration follows the same safety pattern. Here is how the Gusto integration specifically is locked down.
Strictly read-only
assertAllowedMethod() rejects all non-GET requests. Tally cannot run payroll, change pay rates, modify benefits, or update employee personal info.
PII filtering at the integration layer
sanitizeResponse() strips home_address, date_of_birth, ssn, and bank_accounts from every employee/contractor response inside the Gusto-core package. By the time data reaches a dashboard or AI agent, this PII is already gone.
Blocked even-for-GET path patterns
Even GET requests to /bank_accounts, /federal_taxes, /state_taxes, /garnishments, /run, /calculate, and /submit are blocked. Reading sensitive payroll-process data is forbidden.
Read-only OAuth scopes
Only read scopes are requested at OAuth time. Tally cannot request or use scopes that would allow payroll mutation.
Single-use refresh tokens
Gusto refresh tokens rotate on each use (like Microsoft). Tally persists the new token atomically so concurrent refreshes don't lose tokens.
Conservative rate limit
Tally is configured at 200 req/min per company (Gusto's documented limit). Token-bucket implementation prevents burst exhaustion during a backfill.
Frequently asked questions
Can Tally see SSNs?
No. The ssn field is stripped from every API response inside the Gusto-core package — before data reaches any dashboard, log, or AI agent. There is no code path through Tally that exposes an SSN.
Can Tally see employee bank accounts?
No. The bank_accounts field is stripped from every employee response. Even if you call get_employee directly, the bank-account data is removed before the response reaches you.
Can Tally run payroll?
No. Tally is strictly read-only. The /run, /calculate, and /submit endpoints are blocked at the path-pattern layer. Running payroll is a human action, full stop.
Can Tally update an employee's pay rate or address?
No. assertAllowedMethod() rejects PATCH and POST requests. The only thing Tally can do is read.
Why is the integration read-only?
Most accounting workflows don't need payroll mutations — they need data for posting JEs. Plus Gusto holds extremely sensitive personal data (SSNs, bank accounts, DOBs). Read-only access plus PII stripping minimizes blast radius if Tally is ever compromised.
Talk to Ballast about your books
Tally's Gusto integration comes at no additional charge when Ballast runs finance and accounting for you. If you need a team that actually understands the systems your business runs on, get in touch.