Mastercard and Visa see all the transactions processed for the cards and so does the institution that issued your card (your bank). Unlike Stripe, they do a lot of non-fraud-related analysis on that information.
But putting fintech aside, GCP and AWS have access to everything on their customers' platforms, unless it's E2EE. They could (very illegally, and very stupidly) access all that data. There is no concrete difference between this and what you're talking about.
No matter how much encryption you put on it, your ISP has access to a history of a the IPs you directly connect to. To all the connections you make through them.
It's the nature of a middleman service provider to have access to these things. We can push to improve the status quo (more E2EE, decentralized designs and what not) but a better alternative has to exist before you can cry wolf about those that follow the norm.