Questions on Permissions (Private Cards) & CockroachDB Backup Strategy for a Production Deployment

[ByteTrooper]

Hi everyone,
I’m currently deploying Huly (the open-source Jira alternative) for my company (~50 users). We are running the latest self-hosted stack (Docker Compose with CockroachDB + ElasticSearch + MinIO).
I'm hitting a few roadblocks and hoping someone here has experience with it:

1. Granular Visibility (The Main Blocker) I’ve set up Private Spaces (e.g., "Exec Strategy") which correctly hide content from general members. However, I’m trying to figure out if Private Cards exist within a shared Space.
   Scenario: We have a shared "Engineering" space. Can I create a card there that is only visible to the Assignee/Creator? Or is visibility strictly bound to the Space level?
   Concern: I want to avoid creating 50 different "Private Spaces" just to handle sensitive HR or 1-on-1 tasks.
2. Backup Strategy (CockroachDB) Since Huly moved from MongoDB to CockroachDB, I want to verify the production-standard backup method.
   Is running cockroach sql with BACKUP INTO to a local volume the standard way?
   Has anyone faced issues restoring these backups to a fresh Docker container (e.g., UUID or node issues)?
   Any advice is appreciated!
   Stack: Huly (latest Docker), Nginx Reverse Proxy, Ubuntu 22.04.