I've asked whether the dashboard is "a Wikimedia site" and as such subject to the WMF privacy policy.

I sent an e-mail to Wiki Education to check if they consider this a service falling under https://wikiedu.org/privacy-policy/

@Lokal_Profil This is a related task (I didn't find this one when I created that one): T241721

In T186805#5926433, @Lokal_Profil wrote:

I sent an e-mail to Wiki Education to check if they consider this a service falling under https://wikiedu.org/privacy-policy/

Got a reply

For Programs & Events Dashboard, it's governed by the privacy rules of the Wikimedia Cloud Services terms of use: https://wikitech.wikimedia.org/wiki/Wikitech:Cloud_Services_Terms_of_use
Although it's not explicitly called a "privacy policy", it covers in detail what P&E Dashboard admins can and cannot do with the (limited, as described in the Private Information page) amount of private information the Dashboard collects.
The Wiki Education privacy policy is much more permissive; P&E Dashboard is only covered by the more restrictive Wikimedia Cloud Services policy.

From the page Cloud Services Terms of use
"information shared with the Cloud Services Project, including usernames and passwords, will be made available to volunteer administrators and may not be treated confidentially."

This refers to accounts created in a Cloud Services Project, note the Wikimedia project which you use to log in with. Since the dashboard relies on OAuth to create the accounts no password information should be accessible to admins there.

From the page Private information
"For logged in users: OAuth credentials that allow partial access to to your Wikimedia account, including making edits on your behalf"

I pinged a question to WikiEdu about when these permissions are needed.