The client-side encryption approach is the right call here. We built PrivaVault (encrypted doc management for immigration cases) and learned quickly that "we encrypt it" isn't enough reassurance for people dealing with passports, visas, and financial docs. End-to-end encryption, in which the keys never touch our servers, was a fundamental requirement.

One thing we wrestled with: how do you make encrypted search actually useful? You can't just grep through ciphertext. We ended up doing encrypted metadata tagging client-side before upload, but it's still limited compared to plaintext search. I am curious about how others have addressed this issue without jeopardizing the zero-knowledge architecture.