my understanding is that terms of service would be helpful but not needed if someone trued to sue because you blocked access to the site. I would not expect ToS for a site like you are explaining, but if it did it would say “the web admin will ban you if you are naughty, you have been warned”
For privacy policy i think what you wrote to give us context is near perfect. Explain how your app stores data, be specific about encryption at rest and in motion. If your app is designed to hold name, email address, billing info you should highlight that in your policy. including a (monitored) contact email for questions would be nice, but not needed imo unless you are storing PII
Welcome! Without buying more enclosures and increasing the number of drives you can access at one time, you will need to partition your files based on your own use case and maintain an index so that you easily can retrieve the right drive when you need to access data. Perhaps you get a drive for each year. Perhaps images go to one and video to another. perhaps you split on the file name. For an index, this can be as simple as labeling the drives and putting them on your shelf. As mentioned by others, there are software solutions for indexing file metadata as well.
If you buy more enclosures you can use MergerFS or another union file system to bring both disks together and provide a single view while using ext4 for each drive. This allows you to easily remove a single drive and plug it into another basic linux distro, but you will not get any data striping or other protections. So if 1 drive dies, you will loose whatever data was stored on that disk. Because of that, I advise you to still think about partitioning your files even if you union them so that you understand your failure scope.