* the webserver hosting matrix.to can see your browser’s IP and user agent as it connects to it. (this could be improved by connecting to matrix.to via an overlay network of some kind, or simply using matrix URIs instead)
* it cannot see the room/user being linked to, as this is deliberately hidden in a url fragment from the server
* it cannot see details about the room/user being linked to (eg the icon or room name); it optionally lets the client chose to grab this from a given homeserver, but the service itself never sees this data.
In other words, it was written with privacy in mind.
* the webserver hosting matrix.to can see your browser’s IP and user agent as it connects to it. (this could be improved by connecting to matrix.to via an overlay network of some kind, or simply using matrix URIs instead)
* it cannot see the room/user being linked to, as this is deliberately hidden in a url fragment from the server
* it cannot see details about the room/user being linked to (eg the icon or room name); it optionally lets the client chose to grab this from a given homeserver, but the service itself never sees this data.
In other words, it was written with privacy in mind.