This connects to something I keep running into with health software: the default architecture often decides the trust model before the user ever gets a real choice.
AI tools are great at pattern-matching and execution speed. But architecture is about failure modes, not happy paths. What happens when the database grows past expectations? What happens when the user loses their credentials? What happens when the company pivots and the storage model changes?
For health tools especially, those failure modes transfer cost directly onto users who may not be in a position to absorb the disruption. That makes architectural decisions a safety question, not just a scalability question.
A lot of apps treat cloud storage as the neutral default. But for sensitive data it is not neutral. It changes the risk surface, the recovery model, the breach impact, and the user's dependence on the company staying alive.
Local-first is not always the answer, but it should be considered much earlier than most teams consider it.