Animuson already answered your specific questions; I'd just like to point out a few things that tend to get overlooked when folks are thinking about this stuff...
First off, the obvious stuff we know:
- If you're logged in and posting stuff on the site, that stuff is associated with your account. You don't really need me to tell you that; it's obvious if you look at your profile or anyone else's profile, but I want to state it first because a few of the other answers build on this basic information. You'll also find some stuff in your profile that's clearly based on information which isn't directly displayed: "last seen" for example.
- If you look in your own profile, you'll also find some information listed there that isn't displayed in the other profiles you might view: the "votes" and "responses" tabs and the "Edit Profile & Settings" tab. Again, this is pretty basic stuff, but worth keeping in mind because it's information that you can verify is tracked without needing to trust my answer.
Now the slightly less obvious stuff that you should still have probably assumed we know:
Logs: some basic information on every request made to one of these sites is logged. This is pretty much standard behavior for web sites - it'd be pretty hard to operate a server if it didn't keep track of what it was doing, and we have lots of servers so we have lots of logs. The data here is used for everything from rate-limiting to testing to support - for example, if someone contacts us to report a bug in how a page is rendered, I can look up their access to that page and try to figure out what browser they were using (if they forgot to mention it, which is often the case), if anyone else with that same browser is hitting it, which server they were directed to, etc. There's a tremendous amount of data captured in these logs, so it isn't kept forever. There are also secondary logs that track the outcome of certain requests; for example, if someone tries to post and is blocked by a blacklisted term, I need to know about that if I want to fix false-positives.
Event data: this is similar to what is tracked in the logs, but at a bit higher level, and recorded for an entirely different purpose - analyzing how folks use the site. A lot of this could be done using only the logs, but it would be extremely slow and awkward due to the shear volume of data; most of the time, we don't really care what an individual user is doing so much as we want to answer questions like, "how many people post questions after reading How To Ask?" - so Marc Gravell build a system for answering those questions, running A/B tests, etc. (he might be blogging about it in the near future!)
Synthesized data: most of what is logged falls into the category of "meta-data" - information about the request. Given enough meta-data, it is possible to construct useful profiles about the folks using our sites, even if they never actually fill out their profiles (see, I told you we'd get back to this). We're pretty circumspect in how much we try to do with this, and you can view what we have or opt-out at any time; for more details on this, check out Kevin Montrose's blog.
Now, with all that out of the way...
If you're sufficiently paranoid, you're asking the wrong questions.
We could collect a hell of a lot more information about you than we actually do; we could associate a lot more information with your account than we actually do. We could keep it for longer, disseminate it to more people, be more generally irresponsible about how we store it... Any time you visit a website, your browser is sending a fair bit of details along with your request, so either you trust the site to be responsible with them... Or you should take steps to reduce or alter what is sent.
This is our privacy policy - it states how we've committed to using any data we collect about you as a subscriber. You should read it carefully, and decide for yourself how much information you want to trust us with.