Data is securely encrypted during transit using robust HTTPS encryption using TLS 1.2, which employs AES-256 in Galois/Counter Mode (GCM). This method is chosen for its performance and security benefits, notably for its resistance to padding oracle attacks, a known vulnerability in Cipher Block Chaining (CBC) mode. However, to enhance system performance, data at rest is not encrypted. This decision allows faster data access and processing while maintaining strong protective measures during transmission.