Can the vps provider not read everything on your server, unless it’s explicitly encrypted?
I’m asking because I’m interested in self-hosting mainly as a way to get privacy respecting services where good hosted ones don’t exist. I’m not sure I really want to deal with running my own hardware
Naturally. It’s their own infrastructure. But there are things you can do. If you choose a provider that lets you install your own OS, then using *nix distros like Debian you can enable encrypted volumes.