@mkhalila welcome to the forum
It all depends on how you have set up sync and Joplin.
Simple Summary
Sync to cloud storage using http (if your provider’s or your self hosted server only uses http over the Internet you should not use it)
- Plain text notes are sent unencrypted over the Internet and stored unencrypted on the cloud server.
- Someone capturing your network traffic could record the packets containing your note data being sent / received in plain text.
- Technically your cloud storage provider could see your plain-text note data.
Sync to cloud storage using https (default for Google / OneDrive)
- Plain text notes are sent https encrypted over the Internet and stored unencrypted on the cloud server.
- Someone capturing your network traffic could record the packets containing your note data being sent / received but they would be https encrypted.
- Technically your cloud storage provider could see your plain-text note data.
Sync to cloud storage using https with Joplin end-to-end encryption (E2EE) activated
- Joplin encrypts / decrypts your notes as part of the sync process
- Joplin encrypted (E2EE) notes are sent further encrypted (https) over the Internet and stored Joplin encrypted (E2EE) on the cloud server.
- Someone capturing your network traffic could record the packets containing your notes being sent / received but they would be https encrypted and Joplin encrypted (E2EE).
- Technically your cloud storage provider could see your note data but it would be Joplin (E2EE) encrypted.
Please see:
https://joplinapp.org/#encryption
https://joplinapp.org/e2ee/