I’m deploying a small web-tool that lets users input ID numbers and check public assistance status (similar to a “data lookup” service). I plan to host on DigitalOcean App Platform or a standard droplet + Nginx + Gunicorn.

Key concerns:

How to manage access security (rate-limiting, IP blocking)

Encryption of user queries & responses in transit & at rest

Keeping it lightweight and low-cost as usage grows

Best way to enable automated backups and scaling if traffic spikes

Any architecture examples or “gotchas” people have seen?