Wait, let me get this straight - your company has the non-sharded encryption key (not the user), it centralized by your service, and all of that is subject to google's whims. Yep, sounds like the heart of web3.
If you want something to have broad appeal you have to hide the key management. Users will never keep track of keys or wallets and they will lose them regularly. Most services solve this by not having the key be the source of truth for anything (i.e. iMessage, WhatsApp, and SSH) so that you can rotate them on a whim. Other services solve this by just hosting the key when it's actually important (Bitlocker). This is just an example of the latter. Sites that support "Login with Google/FB/Email" aren't some malicious conspiracy theory, they're how most people access and secure all their information.
It would be easier to let me know what web3 technology is not subject to Google's whims!