This seems to be under dispute. Nobody really knows how the data is stored. Although if you wanted you could check AOSP source code and see how data is transmitted to Google.

It would appear however, that even *if* Android encrypts the data before sending them to Google, Google has or could get access to the information required to decrypt them.

For example, the data could be encrypted with your password. Which Google shouldn't be storing in clear text. However they get access to your clear text password every time you login to their servers.

Maybe a small technically point; unfortunately it looks like the bug might be ignored due to another technical point (is it a bug in AOSP or Google cloud?). Kind of important to get the details correct.

At one stage, perhaps years ago now, I seem to vaguely remember I could access this information using Google Docs, and it didn't appear to be encrypted. Think they have removed this access now.