Hello community!
We have designed our own web app, and are using auth0 for authentication, connected with github.
We have noticed that all users that login to our website have their login history saved in the “Users & Roles” section in our auth0 tenant page.
For GDPR purposes, we need to identify how long these users login history stays in the “Users & Roles” section, any idea regarding this?
Alternatively, any way to periodically clear the list?
Thank you all in advance!
Alex
Hey, @aleksander88! Welcome to the Auth0 Community.
This is anywhere between 2 and 30 days, depending on your plan. You can check more here: Log Data Retention
Since this data is pulled from our Logs, this also applies to that section.
Unfortunately, it is not possible to clear it out earlier.
Hello @joseantonio.rey!
Thank you for the answer! We read this on the documentation of auth0, but in fact we can see login sessions/data from 2-3 months ago…
It seems to me that the 2 to 30 days don’t apply to the Users & Roles section, only for the Logs. This section does have a reset button, which resets all user data (so, clears it), but I was wondering if there was some default period for how long it is kept, or if there was an automated way of doing it.
Thanks in advance!
Hello, @aleksander88,
What you mention is interesting. Are you looking at the same things I am? I go into Users & Roles > Users > Select the user > Click on History, and I see this
I’ve logged in 3 days ago, but because of my retention policy, I don’t see any logs. Or are you looking at a different section?
Thanks!
Hello, @joseantonio.rey!
I think we are looking at different things under the same section. So, the problem under GDPR is the keeping of user data, not just the logs. As you mention, the logs are cleared also on our application, but if you click on the Users & Roles > Users > Select the user > Details section, you will still have your user details stored indeterminately.
Our question is, is there a way to periodically reset these details?
Thanks for the replies!
Alex
Hey @aleksander88,
This information is not in the logs, it’s part of the user profile. If you scroll further down, you will be able to see that this is within the user profile itself. There is no way to remove this information, apart from deleting the user. This information is not comprised by a log itself, but only of a datetime stamp in the profile.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.
