1. In terms of sender privacy, monero leaks the following data:

- at least one of the sender's inputs -- useful for tracing monero via the common input ownership heuristic

- at least one of the sender's ring signatures, including the sender's pubkey -- useful for tracing monero via the decoy elimination attack, the Eve-Alice-Eve attack, and the poisoned output attack

- Lightning does not reveal either of those things

2. In terms of receiver privacy, monero leaks the following data:

- the recipient's monero address -- useful for tracing monero by asking exchanges if any of their users has that address

- the recipient's stealth pubkey -- useful for tracing monero via the decoy elimination attack, the Eve-Alice-Eve attack, and the poisoned output attack

- the amount received by the recipient -- useful for tracing monero via the Eve-Alice-Eve attack, the poisoned output attack, and the timing analysis attack

- Lightning does not reveal any of those things, except sometimes a pubkey used for communication -- though that can also be avoided, either by using a proxy or via blinded routes

3. In terms of amount privacy, monero leaks the following data:

- the fee paid by the sender -- useful for fingerprinting wallets (e.g. custodial wallets tend to set higher fees than do users of self-custodial wallets)

- I already mentioned the following leak under "receiver privacy" but it's also an amount privacy leak so I'll just repeat it: monero leaks the amount received by the recipient -- useful for tracing monero via the Eve-Alice-Eve attack, the poisoned output attack, and the timing analysis attack

- Lightning does not reveal either of those things