>With each query to the model the full conversation is fed into the model again, so I guess there is no technical need to store them unencrypted.

I am pretty sure this isn't true. They have to have some sort of K-V cache system to make continuing conversations cheaper.