Client-side (Angular): use the browser's native Web Crypto API to encrypt the PII fields before submission. Server-side: a filter/interceptor early in the request pipeline detects the encrypted fields ...