The Apache httpd server is logging hits in the standard "combined log format" -- date/time, IP address, request, status code, bytes transferred, and the reported referrer and user agents. These are cycled out after 30 days.
That's about it. No PII (personally identifiable information) is recorded, nor would I want that responsibility on this humble little site. Data security permeates everything I do professionally, and that's more than enough of that for me. :)