I received the following from Google. It looks like Auth0 is sending PII to Google. How do I correct this issue? It doesn’t look like the URL in the reset password email is configurable.
–
Dear Publisher,
It appears that personally identifiable information (PII) is being passed to Google from your site(s).
…
Passing PII to Google is a breach of your contract with Google and may result in disabling of your account(s) if this is not resolved … If you fail to submit any response to this message within 7 days, access to your account(s) will be suspended.
@joet could you provide more details where and possibly how these URLs were detected by Google? Reset password link goes directly to your mailbox, is there any way these links were present on your website instead of e-mail message?
The user clicks the link and then the resultant page produces an ad. The referring URL is available to Google Adsense and this URL contains an email address.
The user clicks the link and then the resultant page produces an ad. The referring URL is available to Google Adsense and this URL contains an email address.
Here’s the current status on this situation: the underlying situation is being tracked and planned to be addressed, however, at this time, I can’t provide any definitive information about any timelines.
The currently available workarounds are not to configure a redirection URL or configure a redirect URL that is solely under your control and that does not expose the information to third-parties. This redirect URL could still perform an additional redirection, but now without including the information that causes the issue with the third-party (Google).