Seaghan,
Yes, I think that's a good summary. It's not storing any information at the user level nor storing the reports as data anywhere, just extracting it as you run it and presenting it onscreen, as far as I can tell. So, aside from the report creator or any users given permissions to it, I think it is safe from a GDPR PII standpoint.
Randy