I just published a piece on why health apps should not put sensitive user data in the cloud by default.
The argument is simple: chronic pain users are often interacting with software while exhausted, foggy, stressed, offline, or trying to preserve records for doctors, insurers, or claims. That changes the architecture.
For PainTracker, I chose a local-first PWA model because the failure mode matters.
No required account. No default health database on my server. IndexedDB for local records. Offline-first behavior. User-controlled exports.
A health app is not trustworthy because the happy path works. It is trustworthy when failure does not make a vulnerable user more vulnerable.
Would love feedback from anyone building PWAs, health tools, local-first apps, privacy-respecting software, or anything involving sensitive user data.
No responses yet.