Skip to content
All posts

The privacy advantage of local-first apps

The most private data is the data you never collect. Local-first isn't just an architecture choice — it's the simplest privacy policy there is.

MFKAPPS 3 min read

Every privacy policy you’ve ever skimmed is a list of promises about data the company has already collected. “We take your privacy seriously.” “We only share with trusted partners.” “We may retain data as required.”

There’s a much shorter version: don’t collect it in the first place.

That’s the whole idea behind local-first software, and it’s the foundation every MFKAPPS app is built on. Your data lives on your device. Not on my servers, because there are no servers holding your data. The most private byte is the one that never left your phone.

What local-first actually means

Local-first means your device is the source of truth, not a cloud database. The app reads and writes locally first, works fully offline, and is fast because it isn’t waiting on a network round-trip for everything.

In Granyn, every expense you log is stored on your device. In Hydrame, every glass of water is too. There’s no account to create, no sync server quietly mirroring your habits, no analytics pipeline reconstructing your month from a thousand little events.

This isn’t a feature I bolt on at the end. It’s a decision made at line one, because it changes everything downstream.

Privacy by architecture, not by promise

Here’s the difference that matters. A cloud app promises to protect your data. A local-first app is structurally incapable of misusing data it doesn’t have.

Consider the questions a typical privacy policy has to answer:

  • Where is my data stored, and for how long?
  • Who can access it internally?
  • Which third parties receive it?
  • What happens to it if the company is sold or breached?

For a local-first app, most of these collapse into a single answer: it’s on your device. There’s no internal access because there’s no internal copy. There’s nothing meaningful for a server breach to leak. If I shut the studio down tomorrow, your data is exactly where it always was — with you.

You can’t lose what you never held.

The honest trade-offs

I’m not going to pretend local-first is free. It isn’t, and I’d rather be straight about the costs.

  • Sync is harder. Moving data between your own devices without a central server is real engineering work. When I add it, it’ll be done carefully — ideally end-to-end encrypted, so even sync doesn’t mean handing me your data.
  • Backups are on you (for now). I lean on the platform’s own backup systems and offer export so you’re never locked in. Your data is yours, in a format you can take elsewhere.
  • Some features need a server. And that’s fine — when one genuinely does, I’ll say so plainly and collect the minimum required, nothing more.

Honesty about trade-offs is part of the deal. Calm tools don’t get to wave away the hard parts.

”But you use Firebase and ads?”

Fair question. Some standard mobile services — crash reporting, basic anonymized analytics, occasional ads — may process limited data, and I disclose exactly which in the privacy policy. The line I hold is simple: the content you create stays local. Your expenses, your logs, your settings never get uploaded to me. The supporting services see anonymized, aggregate signals at most, and never the personal data itself.

Why it’s worth the effort

Building this way is slower and occasionally inconvenient. I do it anyway, because privacy you have to trust is fragile, and privacy that’s baked into the architecture is durable. One depends on my good behavior forever. The other doesn’t depend on me at all.

That’s the kind of privacy I’d want from the apps on my own phone. So it’s the kind I build.

#privacy #engineering
Back to all posts Got thoughts? Say hi →