I think he’s asking about the best way to architect an app – the question is not auth0 specific, but more conceptual.
@techlink: You can store some data in the auth0 user object if it suits you, however in my case I have an API protected by auth0 where I create an entry in a graph database which has a key in it referencing the auth0 user id.
You can do the same in any db.
If you store in the auth0 object, you can use the management api to do changes. I use the management api for basic profile settings like username, email, and password.
If you store in your own object, you will design your own API to manage it.