Auth0 Operational Policies

Auth0 has established operational policies that govern the following areas.

Billing

This policy covers change of address, credit card issues, canceling subscriptions, refunds, invoicing, sales tax, scaling users, and tenant conversion. See Billing Policy for details.

Data export and transfer

If you would like to export your data from Auth0, you can use the Export/Import Extension or the Management API. See Export Data for details.

Auth0 will not transfer data from one Auth0 tenant to another. This applies to both Public Cloud and Private Cloud customers. All data in your Auth0 tenant is always under your control and is available through the Management API at any time. If you want to stop using our service, you can export your data. See Data Export and Transfer Policy for details.

Endpoints

See Public Cloud Service endpoints and API Endpoints for Single Sign-On (SSO) for details.

Load and penetration testing

Only customers who have purchased an Enterprise subscription may conduct load testing. Customers with an Enterprise subscription may request one load test (with up to 2 repeats) per year against an Auth0 production tenant. Performance and load testing is only allowed with Auth0's prior written approval. Once approved, testing can only target tenants that we have approved. See Load Testing Policy and Penetration Testing Policy for details.

To conduct these tests, notify us in advance by submitting a Support Ticket. Auth0 requires at least 7 days' notice prior to your test's planned start date.

Migrations

We apply an iterative approach to product delivery, including an iterative product release lifecycle that allows us to introduce and improve upon new functionality.

When building Auth0 products, we resolve to

  • Deliver value to customers early and often, iterating based on their feedback.

  • Seek a deep understanding of our customers and consider them in every decision.

  • Relentlessly acquire and analyze data, so we can make better choices.

  • Visualize and design for current, idealized, and future versions of our whole product when adding features.

To best serve these goals, we apply an iterative approach to product delivery, including an iterative product release lifecycle that allows us to introduce and improve upon new functionality.

Rate limits

Actions such as rapidly updating configuration settings, aggressive polling, or making highly concurrent API calls may result in your app being rate limited. See Rate Limit Policy for details.

Entity limits

Entities in Auth0 are tenant configuration elements such as applications, connections, rules, and API resource servers. Auth0 limits the number of entities you can have depending on the platform for your subscription level group. See Entity Limit Policy for details.

Sanitize HAR files

If you contact Auth0 Support, you may need to include a sanitized HAR file for troubleshooting help.

Tenant restoration

Before you delete your tenant, please review the following resources for alternative options:

If you've already deleted your tenant and you require the use of a particular domain name, we recommend configuring a custom domain name for your new tenant.

Private Cloud Space restoration - Early Access

Private Cloud restoration allows customers to recover their space from data loss and corruption. This feature is being released to a subset of customers as part of an Early Access launch in December 2024.

During the Early Access (EA) period, customers can request restoration of a production Private Cloud space from a backup within the past 14 days through a support ticket. The restoration is performed using backup data maintained by Auth0. The full Private Cloud space will be restored to the closest available backup within the customer's requested time of restoration. Please refer to the Disaster Recovery RPO and RTO information documented in the Private Cloud contract for details on the associated service impact. Non backwards-compatible capabilities and deprecations could introduce limitations on restoration possibilities. Customers are responsible for functional validation of the environment post-restoration. 

Customers can request one restoration test per year over a non-production Private Cloud space. Only test requests from EA customers are supported.

Unsupported requests

Our support team strives to assist you to the best of our ability. However, we are currently unable to grant the following requests:

  • Transfer data from a non-production to a production account

  • Remove a tenant admin

  • Rename a tenant

  • Rename a connection

  • Re-use the name of a previously-deleted tenant

  • Migrate a tenant from one region to another (for example, from US to EU)

  • Ad hoc usage data reports

  • Restore any deleted or modified data or settings in tenants, including

    • Database connections and their users and passwords

    • Users, their profile information, metadata, and role memberships

    • Roles and permissions

    • Application

    • SSO integrations

    • APIs

    • Connections

    • Actions

    • Rules

    • Hooks

    • Extensions

    • Email templates

    • Tenant logs once the standard retention time has passed

Learn more