I just ran the iOS app. It does not use any client side encryption (i.e. at application level at rest) only in transit. From what I can see it is also using the default iOS data protection class. So while this app might provide good security for data in transit it provides little or no security for a local attack on a device locked but AFU.