User data is encrypted in transit from the source using SSL, then at rest using unique AES-256 keys which are themselves encrypted in part with a user password which never leaves the user’s device. This is in addition to whatever encryption the 3rd party storage service provides itself.

When user data is shared with a 3rd party app using PS, in addition to SSL, that payload is encrypted with a public key for the 3rd party such that only they can decrypt it with their corresponding private key.

As a developer, you just need to provide your decryption password and key to the SDK and the SDK will take care of decrypting incoming information for you.