In short, the code sent to the minify service does not include any personal information, does not include much information about your project, and is not permanently stored. I believe it to be fully compliant with our existing privacy policy.
Here's a few more details about precisely what it does and how it works. If you export a project with minify disabled, you'll find a lot of engine code in the files c3runtime.js and main.js. When you minify your project these files are sent to the minify service, which runs Closure Compiler on them, and then sends them back again.
These files contain the stock Construct engine code used for all Construct projects. Why don't we just ship minified engine code with Construct itself? The problem with that is for efficiency, Construct only exports code from the plugins, behaviors and effects your project actually uses. That can also include code from third-party addons too. So the engine code does end up changing, but only because it's a combination of different pre-defined components to suit your project. Further, the engine code does also include any JavaScript code you write in your project, either in event sheets or script files. So the code sent to the minify server does include your project's JavaScript, and strictly speaking implicitly contains the list of addons used by your project. However this is not enough information to reverse-engineer your project. For this reason I used the phrase "does not include much information about your project" rather than "does not include any information about your project".
To be clear, the actual information describing your main Construct project is not sent to the minify server. The main project-specific data is stored in data.json, and in all the other assets as image files, sound files etc; none of that is sent to the minify server.
The code that is sent to the minify server is encrypted in transit in both directions. It is decrypted for the purposes of performing minification, and then as soon as the minified result has been transmitted back to the client, all files are promptly deleted. So decrypted engine code will remain on the server for perhaps a couple of minutes before deletion. There are also various failsafes to make sure that in the event of an error, or even a server crash, the working files will be deleted. In the event the minify server was compromised and the information leaked, it would potentially expose any JavaScript code written in your project. If that is for any reason a problem for you, there is the option of manually minifying your code locally: export from Construct with no minification, and then use a third-party tool to minify the code in c3runtime.js and main.js.
Hopefully that helps clear up any concerns about what it does and how it works.