It seems that by default it's synced through iCloud: https://support.apple.com/HT204351 They say it's 'end-to-end encryption', but I don't see how that's possible?
The data is encrypted and requires an on-device key to unlock it, Apple doesn't have the key[0]. If you lose a device, the data can also be decrypted via a device's passcode + 2FA. (Or, alternatively, without 2FA, you make up another key that is needed to access the data)[1]
If they can decrypt the data if you lose the device, it by definition do not require an on-device only key. That is, Apple do have the key outside the device.
