I recommend against putting sensitive usage on the owner profile, since disk encryption cannot be activated unless the device is powered off.

Secondary profiles get disk encryption when logged out, so it's a more practical way to secure that while using the Owner profile for normie things.