We’re looking at external logging applications and the implications of what kind of data is stored in Auth0 logs, and what could potentially be exported to external logging applications. Specifically, we’re concerned about PII (personally identifiable identification) - not specific to, but perhaps sharing similar concerns as the GDPR topic (we do not have EU users).
I’ve been searching through Auth0 documentation and hunting around on google but I was unable to find anything specific. What I would like to know is what kind of PII data is stored in Auth0 logs, what about metadata or URLs etc. From a privacy point of view and from the point of view of the security paranoid, what does auth0 log and what should be be wary of?