The host still has access to everything.
OK, the database is encrypted, but where is it encrypted? In the application, and the hoster also has access to the application!

host over the hill.
1) for such hosters, it doesn't matter to your client base.
2) even if someone somewhere in Russia wants to get the data, they simply will not be given it. because even before the Russian legislation over the hill there is no business.

1. I advise you to encrypt all data using standard mysql 5.7 tools: step by step instructions .
2. All the functionality of the personal account (including authorization, etc.), processing and storage of all important data - to be transferred to another separate hosting (as a subdomain), to which access will only be via API via AJAX requests from a web page opened in browser on the client.

Well, you can set the md5 encryption type for certain fields, for example, like this Link , but there is no way to get it, there is most likely no other solution

if we consider shared hosting, then the implementation of such a solution will cost an order of magnitude more than a regular server rental, where no one except you will have
a dedicated disk in hatzner for about 30 euros for a dedicated disk with 32 gigs of RAM and 4 processor cores and two disks of 2 TB each
to write a system that will encrypt coolly and securely + implement external services for it, this is many thousands of dollars, or even tens, so they don’t exist.