The person-specific context approach is the right framing for privacy — not encryption at rest, but structural isolation of what each context can access.

I've been building in the same direction: local inference on Android via MNN, no cloud, context that never leaves the device. The interesting problem isn't just running the model locally, it's defining the trust boundary between what the model can see and what it can't. Person-specific folders is a clean primitive for that.