Your diagram is quite accurate, except for the number 3 which does not make sense to me. I made another diagram following the UML formalism to explain how everything works and how it allows not to share data over the internet and to our own servers.
I did not include the authentication process because it does not add anything relevant to your question but there are multiple round trips between the frontend, agent and public API.
By design, the agent that you are supposed to install on your side will never be accessed by our servers. It can call the API by itself to load some configuration or push some updates regarding the structure of your DB, but no data will ever be pushed to our server.
I hope that it answers your last questions