We are a HIPAA Hosting Specialist company that is about to start allowing people to use Nextcloud on our servers. We just need to know how to secure it properly. My question is if any sensitive data is stored in the db directly? I know where the files are and how to move them out of the webroot and secure them that way. Just need to know about db.