Traffic to and from the DESelect servers is secured through TLS based connectivity. The DESelect service always requires SSL/TLS between the client (browser, mobile apps, ...) and the server. Also, all communication between DESelect and the Marketing Cloud Api happens over TLS 1.3.
Administrative functions towards DESelect servers in the data center are performed over encrypted channels. These include SSH and TLS.