1. They're using the crash reports provided through App Store Connect. These are stack traces with no personally identifying information. You can enable/disable these under Settings > Privacy & Security > Share With App Developers.

2. They're using a third-party crash reporter. Under the covers these are often based on PLCrashReporter or KSCrash. A few such as Firebase (previously Crashlytics) implement their own exception handlers/stack unwinders. These are typically anonymized, but at this point it's the app (or the crash reporting SDK it includes) to decide exactly what to report. Most apps will try hard to avoid PII because that's easier than dealing with GDPR, CCPA, ATT disclosures, etc.

> As soon as the crash reports come in

This leads me to believe it's (1) since third-party crash reporters usually send in the crash reports as soon as the app has restarted, while Apple delays crash reports in App Store Connect. In which case the app itself isn't collecting anything: it's iOS and you choose to opt-in when you first setup the device.