Welcome to the community!
@eraytufan’s answer may not be official, but it is excellent!
SonarQube and SonarQube analysis do not send your code anywhere but to the database you’ve configured and control.
If you are concerned about the visibility of your code, the first step is to make sure your SonarQube server isn’t exposed on the internet at large. After that, you may want to turn on “force authentication”. And then you do want to implement project permissioning so that only those who should be able to can see the project. The docs should help.
P.S. Meant to add that SonarQube does send some very high-level, aggregate data home, such as which languages you use, and what DB flavor. The kind of data that helps us understand, E.G. what DB compatibility we need to maintain. You can opt-out of it if you like by twiddling a setting in your server config file.