Offline-first isn't nostalgia, it's the future

Cloud outages, account lockouts, subscription expirations, and sunset products all share one thing: your data is held hostage. Offline-first flips the relationship.

Every few months another cloud-first app quietly changes the rules. A region loses access overnight. A free feature goes behind a paywall after an acquisition. A cloud outage takes out millions of users' historical data for a day. Every cloud-first product is one business decision or one incident away from disrupting you. You don't own the app, you rent it. And when the rent stops making sense for the owner, they close the door.

The hidden cost of cloud-first

When you use a cloud-first health app, you're accepting a long list of silent dependencies:

Their infrastructure. If their database goes down, you lose access to your historical data.
Their business model. Free tier today, $12/month tomorrow, ad-supported the year after.
Their legal posture. Subpoenas, breaches, hostile acquisitions, jurisdiction changes.
Their commitment. The median B2C app company lives 7 years. Your health journey doesn't.

None of these show up in the app store listing. All of them show up, eventually, in the life of a daily user.

Offline-first, defined

Offline-first means your app works whether the company exists or not. The network is an enhancement, not a dependency. Core loops (open, log, review, export) happen entirely on your device. Sync is a feature, not the foundation.

This is different from "offline support", which usually means "it caches a few screens but breaks if the server is down for real". Offline-first is architectural: the app assumes there is no server, and adds sync on top.

The term local-first software (coined by Ink & Switch, 2019) gave the movement its manifesto: software where the data is on your device, sync is optional, and the app still works when the company that built it is gone.

How Refit is structured

Refit runs entirely in your browser. The app is a static HTML/CSS/JS bundle served from a CDN. The service worker caches it so it works on a plane. Data lives in localStorage, a JSON object per day, keyed by date. Sync, if you want it, is opt-in, end-to-end encrypted, and built so our relay never sees a byte of your health data in plaintext.

Consequence: if Refit the company disappears tomorrow, the app you already have still works. Your data still works. Your export still works. You could take the localStorage dump, feed it to an LLM, and get a perfectly readable health journal back. No vendor, no API, no key.

The sync question

"But how do I use the same data on my phone and laptop?" This is the legitimate question. Our answer is shipped today: an opt-in encrypted relay. You pick a passphrase (twelve characters minimum), it derives two separate keys via PBKDF2, and the relay sees only an opaque sync id and AES-256-GCM ciphertext. A Last-Writer-Wins CRDT merges edits across devices deterministically, so you can work offline on either and converge without conflict dialogs.

We cannot read your data on the relay because we never had the key. Offline still works. Export still works. The relay is a convenience, not a prison. For the plain-language write-up see Sync that can't read you; for the full architectural and cryptographic breakdown, see the Refit security page.

What the future actually looks like

The next decade of software will be shaped by three forces:

Client compute keeps getting cheaper. Phones now run ML models the cloud ran five years ago. Pushing work client-side is no longer a premature optimization.
Regulation is tightening. GDPR, HIPAA, state-level health privacy laws. Companies that don't store data have nothing to audit.
Trust in cloud is eroding. Every breach headline is a prospective user who wonders if their data is next.

Offline-first isn't a throwback to the desktop era. It's a better fit for where we're headed. Your data belongs on your device; the network exists to serve you, not own you.

What to look for in any app you trust

Can you export everything to a standard format? (JSON, CSV, plaintext)
Does it work without an account?
Does it work offline, fully, not just cached?
If the company disappears tomorrow, do you still have your data?

If any answer is "no", the app owns you more than you own it. The best software assumes it might not be here tomorrow, and makes sure your data outlives it.