Maybe via metadata? The size of the information, etc. Do you mean that they should have a caveat about that?

Or if you want to be literal, you have to say that they're storing sensitive information even if it's encrypted. But by connotation that phrase implies that someone other than the user could conceivably have access to it. So for all any user could care, they just as well are not storing it. Do you mean that they should rephrase it so it's literally correct?

Or do you mean that it's actually bad for them to be collecting safely encrypted sensitive data? Because if so, you literally cannot accept any encrypted messenger because 3rd parties will always have access to it.

A ciphertext is not sensitive information. If your ciphertext can't be exposed to an adversary, your cryptography is fundamentally broken.