Cap table info should be considered confidential information that is the property of the company and protected in the same way. I don’t really understand how this “privacy agreement” would apply or be enforced or even who the parties to it would be. It’s down to the company to assess what the privacy policy of any third party service (whether that is saas or an accountant or a lawyer) designed to take over cap table duties, and be confident that that third party will treat their confidential info properly - and have some recourse in the event that they do not.