Everything is a little more complicated than it seems.
1. After the client's registration, we determine its client identifier (CID; based on the browser and provider's subnet, for example)
2. Write it to the database on the server and send a registration confirmation link to the mail. The link contains an encrypted client key (a server key, a key for each client is generated by its own).
3. After following the link, we check that this is indeed the device and our user, and send the key to decrypt the key and save it to the browser (Cookies or LocalStorage).
4. At the time of downloading the private data (on the server - they are closed with the key of an authorized client), through JS we take the key from the browser's storage and decrypt it: the user sees pure text data.
Custom - when the user is logged in.
Public - for everyone who is not logged in. It is usually NOT used, but if you want to open some data later, you need to foresee this in advance!
Something like this...

Such protection is at times bypassed by headless browsers or the same Selenium through which the page will be rendered.
Restriction on parsing, regging, posting, etc. works only in the form of increasing the cost of these actions, namely:
1. Captcha for data return. Even simple captchas force parsers to send them to special services, which greatly increase the cost of the process.
2. Parsing restrictions by ip. Proxy servers cost 50-100 rubles apiece. And if the bot has to change the proxy every 100 requests. The user will think 100 times whether it is worth parsing or not.

You can use this RSA implementation for PHP:
phpseclib.sourceforge.net

<?php
include('Crypt/RSA.php');

$privatekey = file_get_contents('private.key');

$rsa = new Crypt_RSA();
$rsa->loadKey($privatekey);

$plaintext = new Math_BigInteger('+7 800 200 0000');
echo $rsa->_exponentiate($plaintext)->toBytes();
?>