If you add something to your local IPFS node the data will stay only your local IPFS node. It only moves when someone else requests the correct hash. And they only learn that hash if you tell them or publish it.
However, your node will publish that hash to the DHT, which means it will send the hash and metadata to other nodes in the network so it can be indexed and located.
So data isn’t automatically propagated or published in some kind of public index, but it would be possible to write a “noisy” node that examined all hashes that get published to look for something. And if I were a 3-letter government agency then I could focus on any data being published by your IP address.
Also, I understand there is some support in the code for private IPFS networks where you can have a disconnected cloud of machines, but IPFS doesn’t include encryption so if you put this on the open internet then it is possible for people to discover it and connect to your private cloud.