Our Report Sender product was built in a way that allows you to run it without handing any of your data over to us. Many other applications will use outside services which means they can access your data whenever they would like.
Here are a few points about how security works in our app:
It's fully salesforce native, so all the code runs inside your organization.
Configuration options are stored in records in your org.
Private custom settings are used to store security secrets, which are only visible to the application code.
We don't send any secret data to our servers.
The reports run as the user who setup the report schedule so you know what data will be in the report.
The app is regularly scanned for security flaws and approved by the Salesforce security team. Read more about the security review.
Please let us know if you want any more information.