When you enter your login data (DAV server URL, user name, password) in DAVdroid, the user name and password will be sent to the server you specified and nowhere else.
User name and password are stored using Android's account manager and not by DAVdroid itself. Client certificates are taken from Android's secure keystore and are not readable by DAVdroid itself. To protect your login data, consider using full-disk encryption.
Contacts, events and tasks are stored by the respective Android content providers and not by DAVdroid itself. User data won't be sent to any other server than the given CalDAV/CardDAV server.
DAVdroid doesn't collect, process or transmit any personal or statistical data like app or server usage. There are no ads and there's no tracking.
This Web site (DAVdroid Web site) doesn't collect or process personal data.
Visits are logged by the Web server. These logs are only used for maintenance purposes and to generate anonymous access statistics.