IndustriesWorkPlaybookHow it worksAboutBook a systems auditBring us your idea

What is the difference between frontend and backend?

Straight answer

The frontend is everything a visitor sees and clicks, running in their browser: the pages, buttons and forms. The backend is the hidden half running on a server: the database, the logic, the sensitive work. The frontend shows things; the backend does them. Anything that must be trusted or kept safe belongs in the backend.

Information current as at 5 July 2026

Frontend and backend is the most useful distinction to grasp about any app, because so much else hangs off it: what visitors can see, where your data lives, and above all where the safety of your app is decided. Once the line is clear in your head, a lot of otherwise confusing advice suddenly makes sense.

Plain English
Frontend
The part of an app a visitor sees and interacts with, running in their browser.
Backend
The hidden server-side part that stores data, runs logic and does the sensitive work.
Client
Another word for the visitor's device and browser, where the frontend runs.
Server
The always-on computer, out of the visitor's reach, where the backend runs.

Where each one runs

The clearest way to hold the difference is to think about where each part physically runs. The frontend runs on the visitor's own device, inside their browser. When someone opens your app, their browser downloads the frontend and runs it right there on their phone or laptop. The backend runs somewhere else entirely, on a server you rent, which the visitor never touches directly. This matters more than it first appears. Because the frontend runs on the visitor's device, they can, if they choose, look at it, read it, and tamper with it. Because the backend runs on a server they cannot reach, it is the only place you can put things you need to keep private or trust to be true. The whole discipline of building a safe app comes from putting the right work on the right side of this line.

What each half is responsible for

The frontend is responsible for presentation and interaction: showing your pages, laying out your content, responding when someone clicks or types, and sending their actions off to the backend. It is the dining room, concerned with how things look and feel. The backend is responsible for truth and work: storing and fetching data from the database, deciding what is allowed, checking logins, taking payments, and doing anything that must be reliable and cannot be left to the visitor's device. It is the kitchen. A booking, for example, is displayed by the frontend but actually made and recorded by the backend, because you cannot trust the visitor's browser to be the final word on whether a slot is free. This division, show in the front, decide in the back, is the backbone of how apps are put together.

No pressure
Show us what you built.

If you have made something and it needs to become real, send it over. We will tell you honestly what it needs to be live, safe and yours, whether that is a quick fix you can do or a proper build. No obligation.

Why the line is where safety lives

The single most important consequence of this split is about security, and it trips up a great many AI-built apps. Anything in the frontend can be seen and altered by anyone using the app, because it runs on their device. So a secret key placed in the frontend is not secret; a rule enforced only in the frontend is not enforced, because a determined visitor can simply bypass it. Real protection has to live in the backend, where the visitor cannot reach it. The classic failure is an app that checks who you are or hides a key in the frontend, looking perfectly fine, while the backend does not actually enforce anything, so the protection is theatre. Knowing that trust must live in the backend is the mental tool that lets you ask the right question: is this safety real, or is it only in the part the visitor controls.

Which parts you actually built

When you build with an AI tool, you are usually working most directly with the frontend: the pages you can see and rearrange are the visible half. But if your app remembers anything or has logins, the tool also built you a backend, often quietly, around a database like Supabase and some server-side rules. Many people are surprised to learn how much of their app is backend they never consciously touched. This is worth knowing for a plain reason: when someone asks whether your app is secure, or where your data is, or what happens under load, they are asking about the backend. You can judge the frontend just by using the app, but the backend is invisible from the outside, which is exactly why it deserves a deliberate look rather than an assumption that because the front looks finished, the back must be too.

Common questions

Questions, answered

What is the simplest way to remember the difference?
The frontend is what you see and click, running in your browser. The backend is the hidden part on a server that stores data and does the real work. The front shows things; the back decides and does them. Anything that must be safe or trusted belongs in the back.
Why does the frontend and backend split matter for security?
Because anything in the frontend runs on the visitor's device and can be seen and changed by them. A secret or a rule placed only in the frontend is not protected. Real security has to live in the backend, out of the visitor's reach, or it is only for show.
Which part did I build with my AI tool?
Mostly you worked with the frontend, the visible pages. But if your app has logins or remembers data, the tool also built a backend for you, often around a database like Supabase. Much of your app may be backend you never consciously touched.
Can I judge my app's safety just by using it?
No. Using it tells you about the frontend, which is only half the story. Safety lives in the backend, which is invisible from the outside. An app can look polished and finished while its backend is wide open, so the backend deserves a deliberate check.
No pressure
Show us what you built.

If you have made something and it needs to become real, send it over. We will tell you honestly what it needs to be live, safe and yours, whether that is a quick fix you can do or a proper build. No obligation.

Start here

Two doors. Same senior team.

Whether you can name exactly what you want built, or you just know something is leaking, the next step is the same conversation.