When you log in to a server, PuTTY will send your username. If you use a password to authenticate to the server, PuTTY will send it that password as well.
(Therefore, the server is told what your password is during login. This means that if you use the same password on two servers, the administrator of one could find out your password and log in to your account on the other.)
If you use an SSH private key to authenticate, PuTTY will send the public key, but not the private key. If you typed a passphrase to decrypt the private key, PuTTY will not send the passphrase either.
(Therefore, it is safer to use the same public key to authenticate to two SSH servers. Neither server gains the ability to impersonate you to the other server. However, if the server maintainers talked to each other, they would at least be able to find out that your accounts on the two machines were owned by the same person, if they didn't already know.)
When PuTTY prompts for a private key passphrase, a small copy of the PuTTY icon appears to the left of the prompt, to indicate that the prompt was genuinely from PuTTY. (We call this a ‘trust sigil’.) That icon never appears next to text sent from the server. So if a server tries to mimic that prompt to trick you into telling it your private key passphrase, it won't be able to fake that trust sigil, and you can tell the difference.
If you're running Pageant, and you haven't configured a specific public key to authenticate to this server, then PuTTY will try all the keys in Pageant one after the other, sending each public key to the server to see if it's acceptable. This can lead to the server finding out about other public keys you own. However, if you configure PuTTY to use a specific public key, then it will ignore all the other keys in Pageant.
Once you have logged in, keystrokes you type in the PuTTY terminal window, and data you paste in with the mouse, are sent to the destination host. That is PuTTY's primary job.
The server can request PuTTY to send details of mouse movements in the terminal window, in order to implement mouse-controlled user interfaces on the server. If you consider this to be a privacy intrusion, you can turn off that terminal feature in the Features configuration panel (‘Disable xterm-style mouse reporting’, as described in section 4.6.2).