If you're planning to have more than a handfull of active users, i'd defenately start by running your own bitcoind instead of using blockcypher's api.

When configuring the bitcoin daemon, use notifyers as a hook to your update script, that way your database will stay up-to-date.

I'd probably use a combination of -walletnotify and -blocknotify, and maybe poll the mempool from within the user's account overview page for incoming, unconfirmed transactions.
Make sure you either have a watch-only wallet, or make sure your hotwallet is properly locked.