I'm a security professional, btw. There are avenues like social key recovery which could be used to prevent absolute data loss, and UI approaches which ensure the user actually wrote down their recovery key (e.g. prevent copy and paste and have them type it in on the next screen, where it is not visible).
More to the point, sorting these sorts of things out is kinda what why your users are paying you. I would have been okay with "we want to make sure our users don't experience data loss, so we're still working on the right implementation of E2EE" (as long as you actually working on it). But outright declining to implement E2EE is user-hostile. As noted by the sibling comment, in 2022 privacy is non-negotiable.
(Also I don't think you're adequately considering the liability you're exposing yourself to by holding your user's data unencrypted. What if some HR exec decides to make a note with all their employees social security numbers, addresses, and contact information, and then there's a data breach?)
More to the point, sorting these sorts of things out is kinda what why your users are paying you. I would have been okay with "we want to make sure our users don't experience data loss, so we're still working on the right implementation of E2EE" (as long as you actually working on it). But outright declining to implement E2EE is user-hostile. As noted by the sibling comment, in 2022 privacy is non-negotiable.
(Also I don't think you're adequately considering the liability you're exposing yourself to by holding your user's data unencrypted. What if some HR exec decides to make a note with all their employees social security numbers, addresses, and contact information, and then there's a data breach?)