Have you considered a more simple setup such as a local text file that is encrypted? Of course, there is always a risk but reducing the attack surface can help.
I designed it to be local-first (local-only on Android, iOS didn't let me turn off internet permissions) and using an on-device encrypted database with required password to login. I think it was as secure as I could have made it, but I think I still have the worry of not being able to protect against state-sponsored attacks, or others that can get root access on the phone and install keyloggers, etc.
While I understand those are rare occurrences, I also didn't necessarily want to become a target like Signal. But maybe I'm blowing this out of proportion because Apple and Google have an incentive to make sure their phones aren't rooted, so maybe it would be a lot safer than I imagine.
I guess I also worry about law enforcement getting devices (legally or illegally) and having access to such deep info. What we say to ourselves in a journal often can be a LOT more honest than what we say to others in text messages, emails, etc.
