Nothing about this API requires handing over more than the bare minimum of information (which domains you want logos for). How could they be expected to implement it without that information?
There's also the referrer header that gets sent out, which includes the URL of the page that is embedding the image. Not really "all data on your visitors" but depending on how you use it, may leak sensitive information if you're unwise enough to put it in the page urls (depressingly common), or allow them to track every visit throughout your site (on pages that embed the image)
I don't know what clearbit collects, but I would guess that this isn't the business model. Clearbit sells a B2B product - they monetize by charging money for a service directly, not indirectly via "collecting data about your visitors".
Nothing about this API requires handing over more than the bare minimum of information (which domains you want logos for). How could they be expected to implement it without that information?