All traffic between ExamsPublisher and the Cloud server is secured via TLS 1.2/1.3. No DICOM communication takes place between the two modules.

ExamPublisher communicates with the storage server (minio) using TLS 1.2/1.3. Files are encrypted at the source, meaning that each file (DICOM or non DICOM) is encrypted by Exams Publisher using AES 128 and a key derived from the study instance uid (among other things). Minio then proceeds to perform a second encryption on the reception of the file. 
Access to the bucket in write mode is granted to a dedicated user.

Exams Portal, RemotEye Viewer and RemotEye Lite are all served over the internet via TLS 1.2/1.3. Retrieval of images and files is performed over TLS and both clients are capable of decrypting files on the fly.