You can use user metadata (Understand How Metadata Works in User Profiles), in particular, for this situation the app_metadata seems to be the most suitable as I believe that the access type you mention should not be directly editable by the end-users themselves.
If you’re then requesting an access token for an API you configured at Auth0, then the access token will currently use the JWT format and you can add a custom claim to it containing the user access type. See OpenID Connect Scopes.