Personally Identifiable Information in Auth0 Logs
Many events in Auth0 tenant logs can contain personally identifiable information (PII). Authentication events trigger log entries that can include users' PII. And if you use the Auth0 Management API or the Dashboard to add users, Auth0 logs the user account details.
These fields in log entries can contain PII:
Name
Phone number (used for multi-factor authentication)
Email address
IP address (which can reveal location)
Any custom user information you define
At no point does Auth0 log access tokens from Auth0 or any identity provider. When authorization code exchanges occur, the logs show only a partial code (for example: code: 31XXXXX
).