The default is "Encode data", this ensures your data is encoded both in transit and at rest. Your model will be available regardless of the machine you use to log into your account, as you would expect.
In cases when you need extra security, e.g. when handling sensitive data such as PII, you can choose the enhanced security mode. This is the most secure mode and ensures any sensitive data is confined to the original data source and, when applicable, the local machine on which the model was created. To do so, make sure the "Encode data" switch and the "Enable enhanced security mode" switch are turned on when creating your model.
Keep in mind that with the enhanced security mode, your model will only be available on the machine on which it was created, so sensitive data is never shared to the cloud.
If you need to integrate your model with other APIs that cannot access your encoding keys you will need to disable encoding. These settings only affect encryption at rest. In all cases data is always encrypted in transit using banking-grade encryption.