IndustriesWorkPlaybookHow it worksAboutBook a systems auditBring us your idea

What is a backend?

Straight answer

The backend is the part of your app that visitors never see: the code that runs on a server, the database it talks to, and the logic that decides what happens. The frontend is what shows in the browser; the backend does the real work behind it, storing data, checking logins, and processing what people do.

Information current as at 5 July 2026

When people talk about the backend, they mean everything that happens out of sight after a visitor clicks a button. It is the least visible part of an app and often the most important, because it is where your data lives and where the decisions get made. Understanding it demystifies a lot of what your app is really doing.

Plain English
Backend
The behind-the-scenes part of an app: server code, the database, and the logic that runs the app.
Server
An always-on computer that runs your backend code and answers requests from visitors.
Business logic
The rules your app follows, like who can do what and what happens when they do.
Frontend
The part of the app a visitor actually sees and clicks in their browser.

Frontend and backend, side by side

Every app you use has two halves. The frontend is what you see and touch: the pages, the buttons, the forms, running inside your browser on your own device. The backend is everything behind that, running on a server somewhere else, that the visitor never sees. Think of a restaurant again. The frontend is the dining room, the menu, the tables, the presentation. The backend is the kitchen, the storeroom, the recipes, and the staff deciding what happens to your order. You interact only with the dining room, but the kitchen is where your meal is actually made. In an app, you click a button in the frontend, and the backend receives that click, decides what to do about it, changes the data if needed, and sends an answer back for the frontend to display.

What the backend actually does

The backend has three main jobs. It stores and retrieves data, talking to the database to save a new order or fetch a customer's history. It enforces rules, the logic that decides who is allowed to do what: whether a login is valid, whether this user can see that page, whether a booking is available. And it does the sensitive work that must not happen in the browser, like taking a payment or checking a password, because anything that runs in the frontend can be read and tampered with by the visitor. The backend runs on a server the visitor cannot reach directly, which is exactly why the trustworthy work belongs there. When people say an app has a backend, they mean it has this private, server-side half doing real work, not just pages being displayed.

No pressure
Show us what you built.

If you have made something and it needs to become real, send it over. We will tell you honestly what it needs to be live, safe and yours, whether that is a quick fix you can do or a proper build. No obligation.

Why the backend is where the risk lives

Because the backend holds your data and enforces your rules, it is also where the serious problems hide. A pretty frontend with a weak backend is like a smart shopfront with an unlocked storeroom. The classic AI-built app failures are backend failures: a database that anyone can read because it was never locked down, a rule that was supposed to check who is logged in but does not, a secret key sitting somewhere it can be found. None of these are visible from the frontend, which is why an app can look finished and polished while being wide open underneath. This is the reason we keep coming back to the same point: how your app looks tells you almost nothing about whether it is safe. The safety lives in the backend, out of sight.

Do you even have a backend

Not every site does. A plain website of fixed pages has effectively no backend to speak of; it is just files being served, which is why it is cheap and simple. The moment your app remembers anything, checks logins, or does something with what people enter, it has a backend, even if a builder created it for you invisibly. If you built with a tool like Lovable, Bolt or Replit and your app has accounts or saves data, you have a backend, and it is very often built around a Supabase database and some server-side logic. The practical thing is to know it exists and roughly where it runs, because when someone asks whether your app is secure, they are really asking about the backend, and you cannot answer that without knowing it is there.

Common questions

Questions, answered

What is the difference between the frontend and the backend?
The frontend is what visitors see and click in their browser. The backend is the hidden half running on a server: the code, the database and the rules behind the scenes. The frontend shows things; the backend does the real work of storing data and deciding what happens.
Does my app have a backend?
If it has logins, saves what people enter, takes payments, or shows different things to different people, yes. That behind-the-scenes work needs a server and usually a database, which together are the backend. A plain website of fixed pages has effectively none.
Why does everyone say the backend is where security matters?
Because the backend holds your data and enforces your rules, and none of it is visible from the outside. An app can look polished while its backend is wide open. Weak backends, unlocked databases and exposed keys are the common serious holes in AI-built apps.
Can I see my backend?
Not the way you see the frontend, because it runs on a server rather than in your browser. But you can find it: look for your database and any server-side functions in your builder or your Supabase project. Knowing where it runs is the first step to knowing whether it is safe.
No pressure
Show us what you built.

If you have made something and it needs to become real, send it over. We will tell you honestly what it needs to be live, safe and yours, whether that is a quick fix you can do or a proper build. No obligation.

Start here

Two doors. Same senior team.

Whether you can name exactly what you want built, or you just know something is leaking, the next step is the same conversation.