Personally Identifiable Information in Auth0 Logs

Many events in Auth0 tenant logs can contain personally identifiable information (PII). Authentication events trigger log entries that can include users' PII. And if you use the Auth0 Management API or the Dashboard to add users, Auth0 logs the user account details.

These fields in log entries can contain PII:

  • Name

  • Phone number (used for multi-factor authentication)

  • Email address

  • IP address (which can reveal location)

  • Any custom user information you define

At no point does Auth0 log access tokens from Auth0 or any identity provider. When authorization code exchanges occur, the logs show only a partial code (for example: code: 31XXXXX).

Learn more