Url redirections Prefix, Custom Url and Url fields ARE NOT taken as close personal data, so do not fill them with any sensitive or personal information. They are visible in readable format through the actual url redirection links without login if someone get or guess the Prefix and/or the Custom Url.
In the database, only values that can be seen in plain text is how much url redirects the user can create, whether the user email address is verified or not and date when the user last login, and some other dates of different actions. Dates of actions is stored in the database of manner of maintaining the database.
Also visible thing in the database is that which action the user have requested to control the account personal information(email address, name or password or account deletion). The action of what it was is visible, but can not be seen what the user did with it or what are the new information that the user have changed in readable format.