pull down to refresh

It seems both Ledger Live and Trezor Suite allow you to import XPUBs and use them on their mobile apps. Is this something that is strictly locally stored? Does it call home to mama? Have the HW manufacturers clarified what their data retention process is here?
Yes, Trezor uses XPUBs. Why? Because it faster, thus better UX.
Queries to Blockbook (the backend Trezor Suite connects to) with a XPUB rather than sending hundreds of individual addresses.
Though, if you are privacy conscience, you can connect Trezor Suite to your own Electrum node: https://blog.trezor.io/connecting-your-wallet-to-a-full-node-edf56693b545
If that is too hard, you can enable Tor within Trezor Suite. That that way there is no connect between your real IP and XPUB on Blockbook.
What data does Trezor collect? Firstly, it's opt-in and it's anonymous: https://github.com/trezor/trezor-suite/blob/develop/docs/analytics/index.md