Permissions for files edited by server-side sorting script

Nextcloud version: 17.0.2
Operating system and version: Raspbian buster
Apache or nginx version: Apache2
PHP version: 7.3

I’ve just installed and set up a Nextcloud on my Pi instance to act as primarily as a photo server and I would like all my photos to be sorted into folders based on their date to make them easier to find. I can achieve this by periodically running a server-side Python script on newly uploaded pictures that are uploaded to a ‘forSorting’ group folder.

At the moment this process works great except that I need to run my Python script as sudo to get it to work on any data in my nextcloud prescribed ‘data’ folder (/var/nextcloud/data) which means that any admin/users recieve a ‘You don’t have permission to upload or create files here’ message for any of the new folders created by the Python script (which is not ideal!)

I’m hoping that I just need to change the permission level on my ‘data’ folder to allow the Python script to act with the same permissions as my Nextcloud users, but I don’t have the Unix/apache knowledge to correctly set the permissions to allow my Pi user (or perhaps www-data?) to have the same permissions as the users that I have created for my nextcloud instance.

So my questions for you lovely smart folks are: Is there a simpler way of achieving the sorting that I am trying to do (perhaps through Nextcloud apps)? And what permissions should I set my ‘data’ folder to have it such that my Pi user can edit the data but not expose the server to harm should it ever be comprimised?

For context here are the permissions for my data directory:
$ stat /var/nextcloud/data
File: /var/nextcloud/data
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: b302h/45826d Inode: 260214 Links: 9
Access: (0750/drwxr-x---) Uid: ( 33/www-data) Gid: ( 33/www-data)

And the permissions for my nextcloud installation:
stat /var/www/html/nextcloud/
File: /var/www/html/nextcloud/
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: b302h/45826d Inode: 259954 Links: 14
Access: (0755/drwxr-xr-x) Uid: ( 33/www-data) Gid: ( 33/www-data)

I hope this is enough for some guidance, and I much appreciate anyone taking the time to point me in the right direction!