> Alex says Cerca is being misleading when it comes to encryption but it seems to me they are outright lying and will likely face no consequences for it.

Trasmitting information via HTTPS is usually enough to say your app uses "encryption and other industry-standard measures to protect your data."