https://nextcloud.com/encryption/
End-to-end Encryption client-side is available from Nextcloud desktop client 3.0 and newer as a folder-level option to keep extremely sensitive data fully secure even in case of a full server breach. The server facilitates key exchange for syncing between devices and sharing but has Zero Knowledge, that is, never has access to any of the data or keys in unencrypted form.
It’s not a big deal if you self-host at home either. You can use SSL for the traffic and LUKS for the storage.
I had to install MS Authenticator to get into my account, then I added a phone number. I then deleted Authenticator from my phone and from my 2FA settings.