They answered this:
"The IP throwing the connection is to your website, but we would need to know the other IP. That is, the communication takes place between two systems: yours and the other and we need to know is the IP system to another to trace the communication between your server and the "other".
Regarding security modules: on your server does not, but on our network obviously yes, but not detachable ..."
No personal information is shared.