My privacy hardening tips are:

• Avoid 5-eyes, 9-eyes and 14-eyes countries^[1].
• Don’t use CloudFlare or any CDN/AntiDDOS services because they decrypt all traffic that goes to and from your server^[2]^. You don’t know what they do with it.
• DNS queries sent by the server should be encrypted^[3] so that the ISP/data center cannot see them.
• If you want a VPS: try getting KVM instead of LXC one. It’s so easy to automate processes scanning on the fly^[4]

Honestly self host with physical security. As long as your house isn’t raided your fine.

You could also setup a vps gateway that routes traffic over wireguard into a isolated environment at home. This should be better for privacy.