Personally Identifiable Information in Auth0 Logs
Many events in Auth0 tenant logs can contain personally identifiable information (PII). Authentication events trigger log entries that can include users' PII. And if you use the Auth0 Management API or the Dashboard to add users, Auth0 logs the user account details.
These fields in log entries can contain PII:
Phone number (used for multi-factor authentication)
IP address (which can reveal location)
Any custom user information you define
At no point does Auth0 log access tokens from Auth0 or any identity provider. When authorization code exchanges occur, the logs show only a partial code (for example: