The data is encrypted anyway, but the key will be stored in encrypted form on the Gateway-MT side. To unlock (decrypt the key) you need to have your AWS S3-like access key and secret key. When you access the Gateway-MT with them, your Tardigrade keys become decrypted and they will be used to decrypt your data, thus you can access your data.
So it’s still safe, but not as much as the client-side encryption. So, we are working on implementation of the client-side encryption too.
You can read there