> If the ring uses Bluetooth to sync the data to your phone and the phone syncs data to the Oura servers, but the data is in the clear on your phone, then by this definition, it is not E2E encrypted.

Yet another angle would be that both the phone and the ring are in one's material possession, whereas the cloud is someone else's computer, and to display a nice web UI it has to have the data unencrypted over there.

In that case, the cloud is the potentially untrusted intermediate between the data and one's eyeballs.

All of these are equally valid, it all depends on what is your threat model.