Hi,
since GDPR and such I’d like to automate removal of all accounts whose latest login is later than time x (eg. a year).
Reason for delete all old accounts is that these has social security numbers and full names and you should store these only if you are needing them for some GDPR qualified reason.
Are there internally in Auth0 some features which can set “retention policy” or such based on criteria? If not, how to accomplish this?
Thank you! 
There is no automatic “retention policy” feature, but you might accomplish this by getting a list of users with a last_login date of longer than a year, iterating over that list and deleting the users.
to get the list of users that have not logged in in a year, you’ll need to use the GET /api/v2/users endpoint with the query last_login: [* TO 2020-04-29]
to delete the users, you can use the DELETE /api/v2/users/{id} endpoint with each of the user ids
You can then create a script to run this periodically. Be sure to check the rate limits, specially for the delete users step.
Thank you @ricardo.batista for the fast reply! I will look into this API possibility.
Meanwhile a though for (continuous) improvement: This type of retention policy should be OOB and built in feature in solution such as Auth0.com. Not only because this is the force of law requirement at least in EU area but also for more secure permission management.
Just a though to consider for the future roadmaps if not on it already ^^
Thank you for sharing that feedback !
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.