Yea that’s a tough system to design for. Ideally you want sensitive stuff like that, where you don’t care what the data is just that something matches it, stored as the results of a one-way hash function.
The problem is that most of the data you’re going to want to secure is pathetically tiny. 10 digit SSN? My phone can brute force that in a few minutes if you’re doing raw hashes. Gotta salt them. But now you have a tradeoff decision, salting every one uniquely is best but now your comparison needs to do [leaked data] × [customers] checks to find matches. Same salt on all of them and as soon as one is cracked they all are.
Ah, I remember this controversy when the game launched. That person later admitted to modifying the meshes to make them fit better because they hated Palworld for “glorifying animal abuse”.
https://www.dsogaming.com/news/modder-who-accussed-palworld-of-using-3d-models-from-pokemon-games-admits-that-he-has-faked-everything/