All of the data Auth0 has about an end user is located in the Auth0 user profile. The specific attributes contained in the user profile vary based on customer implementation and are based on a number of factors, such as connection type, user consent during the authentication flow, and whether you’ve augmented the user profiles with additional information.
Auth0 metadata is not a secure data store and should not be used to store sensitive information, such as high-risk secrets and Personally Identifiable Information (PII) like social security numbers or credit card numbers. Auth0 customers are strongly encouraged to evaluate the data stored in metadata and only store that which is necessary for identity and access management purposes.
The Auth0 user profile information is stored in Auth0 when you use a database connection. If a user logs in using any other type of connection (including custom database connections), Auth0 stores information provided by the external for future queries.
Auth0 retains Customer data as long as the Customer is considered active.Auth0 classifies a Customer as inactive when they meet both of the following conditions:
The Customer uses a Free Plan (including those who opted for or downgraded to a Free Tier).
All associated tenants show no activity for a continuous period of 150 days.
After 150 days of inactivity, the system schedules the inactive Customer’s tenants and all associated data for permanent deletion.
