For anything you decide to build on blockchain, you have to consider its future. You have a few options for governing that future:
The simplest form of governance is none. If you just disable contract upgrades and every other privilege afforded by the private key, there's nothing to govern. Your contract is a permanent unchanging fixture that people can use and trust implicitly. (This is the default behavior on Ethereum).
The next option is monarchy. You hold the keys. You decide the future. This option is flexible, but not appropriate for most production dApps. Beware of using dApps that don't have a governance system in place. (This is the default on Koinos)
After that, you can have an oligarchy. By setting up a multisig wallet, you distribute the authority to a few key people. This prevents one person from scamming users alone, but it's still not good enough for public facing dApps. This would be appropriate for dApps you and your friends are building and using together.
Finally, we have DAOs. You issue a token and grant a stake-weighted vote to each token holder. Then limit what's allowed on the contract without DAO approval. This is what you have to do for public facing dApps that you intend to upgrade.
P.S. DAOs are awesome, but any time you can go with a simpler option, you should. I'd rather build a non-upgradeable contract when feasible.