AFAIK, All Journal entries are E2EE in iCloud.
If you have default two-factor authentication and a passcode, all Journal entries are end-to-end encrypted when stored in iCloud, so even Apple can’t read them. Additionally, you can choose to enable secondary authentication and lock the Journal app with your device passcode, Face ID, or Touch ID.
But that info conflicts with the dedicated ADP page, where Apple doesn’t mention anything about Journal. Also to be sure, you’re talking about the “Journal” app, right?
For the highest level of cloud data security, you can turn on Advanced Data Protection (iOS 16.2 or later required). It uses end-to-end encryption on more data categories such as the following:
- Device backup
- Messages backup
- iCloud Drive
- Notes
- Photos
- Reminders
- Safari bookmarks
- Siri Shortcuts
- Voice Memos
- Wallet passes
As you can see, no mention of anything about Journal 