First, data is encrypted on the client-side, and is never resident in the database in cleartext. This means that even privileged attackers — e.g., employees with database access — will only be able to access the ciphertext in the database, as long as they don’t have encryption key access.
Second, queryable encryption uses fully randomized encryption to secure data. This means the same plaintext encrypts to a different ciphertext every time the data is encrypted. This makes it difficult for an adversary to learn patterns and infer values, hence minimizing the attack surface for adversaries to exploit.
For more information, refer to our documentation