From an architecture standpoint, I strongly recommend that you run your Pi read-only in any embedded IOT application. Ideally you would never write to the boot image at all and would store data in a cloud server.
Note there is another way to do the above using overlay file systems that comes out of the box on current Raspberry Pi OS.
If you do the above it is always safe to power down.