Nothing about this API requires handing over more than the bare minimum of information (which domains you want logos for). How could they be expected to implement it without that information?
There's also the referrer header that gets sent out, which includes the URL of the page that is embedding the image. Not really "all data on your visitors" but depending on how you use it, may leak sensitive information if you're unwise enough to put it in the page urls (depressingly common), or allow them to track every visit throughout your site (on pages that embed the image)
Nothing about this API requires handing over more than the bare minimum of information (which domains you want logos for). How could they be expected to implement it without that information?