Any shared data is encrypted in transit from the source using SSL, then at rest using unique AES-256 keys which are themselves encrypted in part with a password which never leaves the individual’s device. This is in addition to whatever encryption the third party storage service provides itself.

When data is shared with a third party app using PS, in addition to SSL, that payload is encrypted with a public key for the third party, such that only they can decrypt it with their corresponding private key.

As a developer, you just need to provide your decryption password and key to the SDK and the SDK will take care of decrypting incoming information for you.