In Standard Notes' case they are AES encrypted before leaving the device using a note specific key encrypted using your master password (or at least that's how the underlying system Standard File used to work). Encrypted at rest could just mean the volume is encrypted but they can still read your notes (since they have the key).