tl;dr: Your files are private if you don’t push them and only keep them local (you will only get version history then, no sync). If you push your Vault to Github, Github can see your files. Also be sure to create a private repo, not a public one (these are free too nowadays).
That’s a good question!
If you do not create the repo on Github, not link it up, and do not push your repo to Github, then of course, there will be no copy of your files on Github. In that case, you will not be able to use Git to sync your Vault, but you can still get the benefits of a local repo: you will have version history.
Likewise, if you do push your Vault to Github, then those who run Github will be able to see it. Github is made for source code and a lot of companies trust their proprietary code too. It’s still a matter of trust though. Github is currently owned by Microsoft.
An important thing is also: in order to have your Vault private you have to create a PRIVATE repo on Github. If you do not specify this, your repo will be publicly visible, so everyone will see all your notes. I’ll edit this into my post too because it’s an important point for those who don’t wish to publish.
Like I said: there are other places to host your repo, it does not have to be Github. Alternatives are Gitlab, which has self-hostable options too. You can also just have your own VPS somewhere and push to a repo on that via SSH (this is a more advanced option, but I would say it’s the most private).