I've been considering this for a moment and I think that a secure enclave could actually work as an architecture for this. But, as long as someone reverse engineers things like efused keys and doesn't do a press release about obtaining these, I'm not sure how you can be 100% sure with a platform like SGX. It doesn't work well in extreme adversarial settings. 

optimism

Article on Doctors Using AI in Practice

Instead of “trust me bro we will delete your sensitive data”, I would like to see a method that makes it cryptographically impossible for my data to be leaked. Maybe using a secure enclave?