if they do, it doesn't mean that this information is logged or stored. Sure it can be stored your end and passed through the API - I think Micro-transaction API. They can process it and not store. I think blockcypher are a trustworthy service, I know developers who use them over blockchain.info / other services just for the stability, speed, documentation and the bcy testnet.
No-one should ever be trusting a server "not to store private keys" (and no such server should ever even see them) so if that is what they are saying then I would be even more worried about it being a shady operation.