Eh?
You can’t build an unpickable back door into a computer system.
You can’t break encryption for only the good guys.
The path to hell is paved with good intentions.
Encryption only works when there is one decryption key. If there are two different keys then it isn’t encrypted bad actors will find a way in
The single best thing you can do security wise, is to NOT have any personal data on a web facing server.
Separate the data
Rereading it does look like you are doing the things right; so just audit what is on the public side. - your calendar and tasks- cool
Your photo and docs, do those need to be on there?
If they are on a server that is publicly accessible, please move them to a different location
Otherwise you sound like your doing well