I think you’re spot on: Markdown files with SyncThing. That’s my setup as well, you just can’t beat markdown files as a back-end for flexibility and future-safety in my opinion.

Some things to consider:

• Editor: The obvious no-nos are editors with built-in AI support or cloud storage. FOSS editors are highly recommended. If you find a good offline FOSS WYSIWYG-style markdown editor, let us know. I use Neovim myself, but I’m often asked for recommendations by non-geeks.
• Operating system: You should be fine on MacOS (for now), but Linux is a great option for desktop. Windows is a loose canon with their AI snapshot approach, definitely avoid. What are you syncing to? Mobile devices are a lot more difficult to keep control of.
• Encrypted devices: Make sure you have full disk encryption on all devices and on all your backups.

That depends on your threat model. It’s a useful strategy to hide your traffic from your local network admin (e.g. at the workplace) and your ISP, but it’s a bad strategy for hiding your identity from the sites you’re visiting.

I’m sure you’re a great couple but if your concern is future-proofness consider separate domains.

Privacy is a trade-off against convenience, and there is no perfect privacy.

VPNs are a mediocre privacy tool, because they presuppose trust in the VPN provider. Tor is flawed because it is open to correlation attacks.

There are low-hanging fruit that everybody should be using like sensible cookie policies, HTTPS-only mode, and DNS over HTTPS.

If you are looking for a solution on the far end of privacy/inconvenience you could look into I2P and use that situationally.

Should really be prefaced by: Don’t bring your phone. Write the phone number you plan to call if arrested on your lower arm in sharpie. If for some reason you have to bring your phone, read the following.