I built something that solves this problem. It uses an open source program installed on the client to encrypt and store data in a way that doesn't allow the website to access the plaintext data. https://redact.ws