I’ve seen it before—a SaaS claiming to offer end-to-end encryption simply because it uses HTTPS/SSL for communication between the client and server. It’s laughable, but the lack of clear regulations or standards defining E2E encryption lets them get away with treating the client and server as the “ends.”

Not sure if that’s what happened here but it wouldn’t surprise me.

I understand that's one of possibilities. But what actually happened in this case?