Is sensitive data encrypted (eg. user access tokens)?

Yes, sensitive data, like user access tokens are categorized as sensitive customer information according to our Information Classification Policy, and is encrypted both at-rest (using AES 192 bit) and in-transit (TLS 1.3).