Hi @EmrePiconbello,
Welcome and great that you are considering the Internet Computer as a platform to build your solution on.
It’d be great if you could provide more details on the architecture and flows you’re envisioning, but I’ll try to answer your concrete questions:
The canister code and state (memory) are not public on the IC (only the hash of the compiled wasm byte code). However, Boundary Nodes and node providers of the specific subnet can, with some effort, access the wasm byte code. Node providers are assigned by the Network Nervous System, so they are known entities, and not everybody can just run a node and get access to your canister code. It’s a bit similar to running code on a cloud provider, but on the IC there are always multiple “providers” that run your code. However, we are working on making it very hard for node providers to access the code and state of the canisters.
See the answer to 1) regarding privacy. You typically don’t run a real database on the IC, also there are some some examples (see: GitHub - dfinity/awesome-internet-computer: A curated list of awesome projects and resources relating to the Internet Computer Protocol). If possible, you keep your data in a data structure like a (btree) map.
yes, there are instruction/cycle limits on query and update calls. But we have e.g. the Bitcoin canister running on the IC which provides access to the Bitcoin UTXO set which has almost 90 million entries, so I guess it should be possible given a properly designed data structure. You also have the possibility to shard your state into multiple canisters (see e.g. https://www.canscale.dev/)
I don’t understand the question regarding 3rd party service possibilities, but canisters can be upgraded.
Each canister can have a list of controllers with permission to upgrade the code. Initially, canisters are typically controlled by the developers. Eventually, canisters should be (in most cases) controlled by other canisters such as a DAO or release management canister.
There’s also an upcoming feature that provides more features regarding on-chain encryption which might be of interest to you. Check out this thread.