We have a case where the user could upload scanned medical documents into TM, do TM encrypt the uploaded files?
Your project can have different implementations to store attachments. Assuming you use cloud services, you can refer to your transact cloud services document to check all the standards applied.
All sensitive data is stored encrypted in database plus AWS security standards are applied.
You can also add extra security by switching data encryption on between browser and TM communication.