This document discusses what data Auth0 has, as well as how it processes this data.

Data Auth0 possesses

All of the data Auth0 has about an end user is located in the Auth0 user profile. The specific attributes contained in the user profile vary based on customer implementation and are based on a number of factors, such as connection type, user consent during the authentication flow, and whether you’ve augmented the user profiles with additional information.
Auth0 metadata is not a secure data store and should not be used to store sensitive information, such as high-risk secrets and Personally Identifiable Information (PII) like social security numbers or credit card numbers. Auth0 customers are strongly encouraged to evaluate the data stored in metadata and only store that which is necessary for identity and access management purposes.

When data is stored

The Auth0 user profile information is stored in Auth0 when you use a database connection. If a user logs in using any other type of connection (including custom database connections), Auth0 stores information provided by the external for future queries.

How data is used

The personal data stored in Auth0 is used only for the purposes of providing its services, namely authenticating users

What happens to data when an account is deleted

When an end user’s account is deleted, their user profile, included metadata, is removed. To learn more, read Auth0 General Data Protection Regulation Compliance: Right to access, correct, and erase data.