Tor encrypts the connection between you and the server, it doesn't encrypt data stored on the server. The server admins have to do that, but it's even safer if you encrypt it yourself so that only the recipient can read it, which is the purpose of PGP. Generally you should: 1. Encrypt your address 2. Encrypt other personal info or sensitive details that you only want the recipient to read. You don't have to encrypt every message to a vendor or every PM, in fact that wastes people's time.