We’re developing a medical app where it is important that we don’t collect a database of any user data such as emails.
We’ve set up Auth0 to use passwordless Email authentication, and a couple of social media logins like google and microsoft. This is great and our app receives the user’s name and email from a successful Auth0 login.
However we take issue with the fact that Auth0 themselves under Users & Roles > Users maintain a database that stores the information of everybody that has logged in and at what time.
Can we prevent this from happening? All Auth0 needs to store on their servers at most is the temporary session token. Especially since we don’t use a database on Auth0 at all, and we use passwordless & user-registration-less login methods.
We must be able to comply to GDPR rules of not collecting or having access to a database of stored personal info.