Data collection surrounding the server application
To my best knowledge, there are no information regarding data which will be collected outside of the application : server logs, network logs, proxys, etc.
Such information include source IP and port, but may also include some technical details of the device in request headers.
Logging is a basic security practice and I would be surprised if there was no logging at all. If there is some logging, logging granularity/details must be revealed, as they could be in contradiction with announced privacy properties.
Logging IP, ports or even hashes of these data is not privacy-preserving, as many previous work of the scientific privacy community have shown. Details should thus be published for the overall transparency of the process surrounding the small part of the server application.