Unless encryption is advertised as a feature, it’s a safe assumption that vendors that host your data will have access to it, the cloud being someone else’s computer and all that.

Nah, yeah the problem is also collecting the data in that way for to begin with