Backlit is in private, invite-only beta, public launch coming soon.
Coming soon

April 30, 2026 · How-to

How to share an AI-built app privately (not on the public web)

You want a handful of people to use your AI-built app, not the whole internet. Here's how to share it privately, with an allowlist, sign-in, and data that stays put.

Not every app should be public. A family budget, a team’s internal tool, a client intake form, a tracker with real names in it: these need to be shared with specific people, not posted to the open web. Here’s how to share an app you built with AI privately, so only the people you choose can get in.

The quick answer

Host it on Backlit. Apps are private by default: they require sign-in and only let in the emails (or the domain) on your allowlist. There’s no public URL anyone can stumble into, each person’s data is isolated, and the data stays pinned to a region you choose. You share one link with your people; everyone else is turned away.

A common first instinct is to put the app on a static host with a long, random URL and assume nobody will find it. That’s not privacy. It’s hoping. Links leak: they get forwarded, end up in browser history on shared computers, get scraped. “Hard to guess” is not “only my people can see it.”

Real privacy for a shared app means four things:

  • A door, not just a hidden hallway: sign-in, so the app knows who’s knocking.
  • A guest list: an allowlist of exactly who’s permitted.
  • Separation: one person can’t see another’s data.
  • Residency: you know which region the data lives in and that it isn’t copied elsewhere.

A random URL gives you none of these. A platform built for private apps gives you all four.

How private sharing works on Backlit

  • Private by default. A new glow isn’t public. It requires sign-in before it shows anyone anything.
  • An allowlist you control. Add specific email addresses, or, on a paid plan, a whole domain like @yourcompany.com. Your own email is on the list automatically. Anyone not on it is refused at the door, even with the link.
  • Real sign-in. Magic link, Google, or Microsoft. No passwords for you to manage, no accounts for your people to create beyond the email they already have.
  • Per-user isolation. Each signed-in person gets their own data silo keyed to their verified email. There’s no way for one user to read another’s.
  • Region-pinned data. You choose Australia or the US; the app’s data stays there and isn’t replicated across regions.

Put together, that’s a genuinely private app, shareable with a link, but only usable by the people you named. It also takes the riskiest part off your hands, since sign-in and access control are where apps built with AI most often get breached, and here that layer is managed for you rather than hand-rolled (how to keep an app you built with AI from getting hacked).

Publishing a private app

  1. Connect Backlit to Claude or ChatGPT (https://mcp.backlit.run/mcp).
  2. Ask your assistant to publish the app. It’s private from the start.
  3. Set the allowlist to your people (emails, or a domain on a paid plan).
  4. Share the link. They sign in; they’re in. Nobody else is.

No extra “make it private” step to remember: private is the default, and you’d have to deliberately choose to make something public.

When you do want it public

Sometimes the whole point is that anyone can use it: a public booking page, a survey, a calculator. On a paid plan you can flip a glow to public, and Backlit mints an anonymous session for each visitor so it works without sign-in. The key thing is that this is a choice you make on purpose, not the default you fall into by leaving a link lying around. (Per-user data turns off in public mode, because there’s no verified person to attach it to.)

A note on what isn’t yours to control

Private hosting keeps the wrong people out, but it doesn’t change what your app itself does with data. That part is on you. If your app collects something sensitive, collect only what you need and be clear with your users. Backlit gives you the locked door and the separated rooms; what you keep in them is your call.

For the everyday case, “I built something and want my five, or fifty, specific people to use it, not the internet”, private-by-default hosting is exactly the right tool. Read the FAQ → or see how it works →.

Built an app with Claude or ChatGPT? Get early access to Backlit and share it in seconds.