I built a micro-journaling app back in the day and subscribed to this philosophy as much as i could have. On Android, i even didnt let the app have the permission to access the internet. Everything was stored on device, encrypted. However i was still scared that individual phones would be hacked (or the app itself) and the info would get out anyways.