IMO just get ISO 27001 to demonstrate that you are managing the sensitive information properly, and you will also improve your client confidence.
I work as ISO 27001 auditor, and help companies get ISO 27001 certified in no time (1-2 months), with a budget from 5k - 8k in total (external support and certification included). The goal it to keep it simple, save costs, and in the end get the company certified.
"Oh, wow, I had no idea it was that affordable, we should talk..." is the response you are hoping for, correct? Self-promotion is not prohibited, but it goes better if you engage with the discussions here beyond just your own marketing.
Anyhoo, I don't think thousands of dollars for certification makes sense for a solo dev who is kicking an idea around.
I work as ISO 27001 auditor, and help companies get ISO 27001 certified in no time (1-2 months), with a budget from 5k - 8k in total (external support and certification included). The goal it to keep it simple, save costs, and in the end get the company certified.