Indeed it is, inside a sensor (that's why so much trouble replacing one on iphone), gladly raw data never leaves it (same goes for Android as well, except really really old versions, like 4-)
Find the section titled "Secure Enclave." When the SE needs to store data on the filesystem, it's encrypted with a key that never leaves the SE. Effectively, assuming the encryption is implemented correctly, data 'owned' by the SE is never available to any other part of the system.
