I might be missing something, but is there a strong reason to not consider creating the users directly against your underlying store. The custom database supports user creation brokered through the Auth0 API, but it’s not technically required and for full control you can create the user in your store first.
The above would mean the user would only be available/visible to Auth0 at first login because that’s when the login script would be executed which would then store the returned user data as part of the Auth0 user profile. Given you can control the data returned by the login script this would allow you to not return any data that is associated to the user in your store, but that you don’t want to make it available at the Auth0 user profile.