No, the cloud key IS encrypted with the bitkey device... but as long as you still have the unencrypted version of that key on your phone (in the app), you don't even have to bother with decrypting the cloud key in order to coordinate with bitkey to setup a new device (and new 2-of-3 keyset). The only purpose for the cloud key is in case you lose your phone (or delete the app), you can decrypt the key stored in your cloud (using your bitkey device) for use on a new phone.
*there are also encrypted version(s) of your app key stored in YOUR cloud that your recovery contact(s) hold the decryption key for. In case you lose both your phone AND your bitkey device, installing a fresh app on a new phone will allow you to use the decryption key held by a recovery contact to recover your app key from YOUR cloud - which in turn can be used to coordinate with bitkey to setup a new device (and new 2-of-3 keyset). Of course, the app on your phone combined with the app on your recovery contact's phone handle the coordination of all this to make it reasonably painless. (minus the waiting period you mentioned earlier).
Again, assuming designed as advertised (which I think is fair to question), I think it's pretty clever. My biggest problem with bitkey is that they advertise it as "self-custody"; but unlike virtually any other hardware wallet, if you lose the bitkey device, because it's designed to have nothing to backup (e.g. a seed phrase), self-recovery is not possible. In my book, reliance on a 3rd-party for recovery necessarily disqualifies it as self-custody.
