Where is the Auth0 user DB stored exactly? I am a part if a cyber startup, we are super strict with out users’ data and I think putting the most crucial data in a third party hands sounds a bit risky.
Is it possible to completely replace the Auth0 db with my own, such that the Auth0 won’t hold any of the users data?
This will depend on where your tenant is deployed. When creating a tenant you select the tenant region, this will be where your tenant data is hosted. See deployment options here.
You can configure your Auth0 Tenant to connect with an external database connection, our docs here, customer database connections, the pages will explain how this can be done. Usually, our customers will connect a pre-existing datastore of users and migrate them into an Auth0 database either over time or by bulk.