They can’t do much if you use any proxy, be it Tor, a public single-node proxy, or a commercial VPN (which I think is inadequate for an use like this, after all VPN providers are ISPs in a way, so you are just hiding traffic from your own ISP and giving it to another one).

They could just see the traffic encrypted between proxy client and server, and maybe do some correlation with time of usage and stuff like that.

If you have bad opsec, it’s possible to completely deanonymize you on Tor and track what you do, but it’s not easy and so it’s something that only law enforcement does. Entities with simple commercial interests don’t go above certain limits of complexity. Most websites for example use browser fingerprinting techniques, and as far as I know some stuff uses advanced user fingerprinting tactics (logging the unique way you move the mouse or type on the keyboad, like Google ReCaptcha 2 does), an ISP could do even less.