Problem statement
We have some questions related to privacy concerns around user data being deleted through the Management API’s Delete a user endpoint.
We have a requirement that all personal data must be securely deleted so that it is rendered irreversibly unretrievable. What details can you provide to assure us that using this endpoint to delete user data satisfies our requirements?
Solution
When an end user’s account is deleted, their user profile, including metadata, is removed. This is mentioned here: Auth0 Data Processing.
When an object is deleted, the removal of the mapping from the public name to the object starts immediately and is generally processed across the distributed system within several seconds. Once the mapping is removed, there is no external access to the deleted object. That storage area is then made available only for write operations, and the data is overwritten by newly stored data. Additionally, our cloud service providers use the techniques detailed in DoD 5220.22-M (“National Industrial Security Program Operating Manual") or NIST 800-88(“Guidelines for Media Sanitization”) to destroy data as part of the decommissioning process.
How long the personal data will remain available in Auth0’s system before the data is overwritten?
Data deleted from the system will be unavailable immediately. Data in encrypted offline backups will remain stored for 14 months.
This can be found at: https://cdn.auth0.com/website/legal/Aug-2021-Data-Processing-Addendum.pdf.