More implementation details for folks skimming:

- Stack: Laravel 12 + React 19 + Inertia v2 + TypeScript + MySQL/Redis.

- Encryption code lives under src/lib/crypto (happy to point to specific files).

- Import is CSV/XLS; encryption happens before upload.

- Hosting/deploy: Docker + docker-compose, includes a production compose and a Coolify template.

If anyone has experience with audits / threat modeling for E2E apps, I’d appreciate pointers on what to formalize first.