Yes definitely, and the companies will use the same line that zuck uses: "We don't sell people's data"
And then they will sell access to info based on your data, analytics on your data, recommendations on your data, they will sell everything about your data except your data itself so they can say they don't sell your data.
The only defense against this is to not publish what doesn't need to be published, nostr is more public than other networks so there needs to be more awareness of this.
There is still a lot of work to be done before you can say that nostr solves the issue of privacy. It doesn't require KYC to use and that's great, but it ends there. Almost everything after that is public and tied to your public key.
Relays are servers, they store a copy of your posts and depending on which clients you use you may have a copy yourself. The servers don't have any obligation to keep your posts forever and could delete your posts at will unless you have some other (paid) agreement.
Your data is stored on those 3 relays you mentioned, and likely propagated to more relays, most of it not encrypted unless it is DMs/chats or private lists, and that encrypted content is leaking metadata. (Some clients have been working on solutions for this)
As for scaling, it will probably scale similar as email, there are many email providers and not everyone is using the same email provider, although recently it has become difficult to compete with the few big providers, hopefully the outcome with nostr relays will be better.