This question was explained by Troy Hunt several times on his blog, on Twitter and in the FAQ of haveibeenpwned.com

See here:

When you search for an email address

Searching for an email address only ever retrieves the address from storage then returns it in the response, the searched address is never explicitly stored anywhere. See the Logging section below for situations in which it may be implicitly stored.

Data breaches flagged as sensitive are not returned in public searches, they can only be viewed by using the notification service and verifying ownership of the email address first. Sensitive breaches are also searchable by domain owners who prove they control the domain using the domain search feature. Read about why non-sensitive breaches are publicly searchable.

See also the Logging paragraph

And from the FAQ:

How do I know the site isn’t just harvesting searched email addresses?

You don’t, but it’s not. The site is simply intended to be a free service for people to assess risk in relation to their account being caught up in a breach. As with any website, if you’re concerned about the intent or security, don’t use it.

Of course we have to trust Troy Hunt on his claims, as we have no way of proving that he is not doing something else, when handling your specific request.
But I think it is more than fair to say, that haveibeenpwned is a valuable service and Troy Hunt himself is a respected member of the infosec community.

But let’s suppose we don’t trust Troy: what do you have to lose? You might disclose your email address to him. How big of a risk is that to you, when you can just enter any email address you want?

At the end of the day, HIBP is a free service for you(!) that costs Troy Hunt money. You can choose to search through all the password databases of the world yourself if you don’t want to take the risk that maybe a lot of people are wrong about Troy Hunt, just because then you would disclose your email address.