It just means that traffic is encrypted at a lower layer in the network stack, so there are entire protocols that get "wrapped" in it, and they can't sniff the IPs you're talking to, etc. Of course, now your VPN provider can.
I would recommend installing tailscale on a pc or raspberry pi at home. Then you can use it as an Exit Node. It's dead simple with no port forwarding or dynamic dns required. If you don't want to run something 24/7 in your home a free tier/$5 vps would work the same.