The big picture: what a live app is actually made of
When you build something with Claude, it runs on your computer. To let other people use it, the same pieces need to live somewhere on the internet that's always on. Almost every app is some combination of these five layers:
A simple landing page might only need layer 1. A dashboard where people log in, see their data, and download reports needs all five. The good news: you don't have to assemble five separate companies. A few modern platforms bundle several layers together so a beginner can run a real app with one or two accounts.
The rest of this guide walks through each layer, names the easiest tools, and explains when you'd reach for each.
Where to host: the one distinction that explains everything
Before comparing logos, understand the single fork in the road. Hosting platforms fall into two camps, and picking the right camp matters more than picking the right brand.
Your code wakes up only when someone visits, does its job in a few seconds, then goes back to sleep. You never touch a server. Deploys happen automatically when you push code.
Great for: websites, dashboards, full-stack web apps, anything request-and-response. Bad at: anything that needs to run continuously.
You get a computer in the cloud that stays running 24/7. It can hold long-lived processes, background jobs, and things that need to "think" for minutes or hours.
Great for: AI agents, bots, background workers, custom backends, long jobs. Trade-off: more control means a bit more setup.
If your app responds to clicks, you want Camp A (Vercel, Cloudflare). If your app keeps working when nobody's looking — an agent, a bot, a scheduled job — you want Camp B (Railway, a VPS like Hostinger).
The four platforms you'll reach for most
Vercel
The smoothest path for front-end and full-stack web apps, especially anything built with Next.js or React. Connect your GitHub repo and every push deploys itself with a live URL.
- Effortless deploys, preview links for every change
- Built-in global CDN so pages load fast everywhere
- Short-lived functions only (a request must finish in about a minute)
Reach for it when: you've built a website, marketing page, or interactive dashboard and want it live in minutes.
Watch out: the free Hobby tier is for personal, non-commercial use. The moment a project makes money, you're meant to be on a paid plan.
Railway
The friendliest always-on platform. It can run backends, bots, scheduled jobs, and long-running processes — and it can spin up a database for you with one click.
- Push from GitHub; Railway detects your stack and runs it
- One-click Postgres, MySQL, Redis, or MongoDB alongside your app
- Pay for what you use — small apps often land around $5–10/mo
Reach for it when: you need a real backend or a process that stays alive — an API, a Discord/Telegram bot, a worker that runs on a schedule.
Watch out: usage-based billing can creep up; check the dashboard so a busy month doesn't surprise you.
Cloudflare
Best when you want things fast and cheap at scale. Pages hosts websites with unlimited bandwidth (even free); Workers run lightweight code at the "edge"; R2 stores files; D1 is a simple database.
- No bandwidth/egress fees — a real cost advantage
- One company for site + small backend + files + database
- Workers are super fast but limited (tiny CPU budget per request, not full Node.js)
Reach for it when: you want a snappy site or API that stays cheap as traffic grows, or you're serving lots of files and don't want bandwidth bills.
Watch out: the edge model has more rules than Vercel; some libraries won't run there.
Hostinger VPS
A VPS ("virtual private server") is your own little Linux computer in the cloud with full root access. The most flexible option — and the one you'd reach for to run an agent.
- Run truly anything: persistent AI agents, custom daemons, Docker containers
- Predictable flat monthly price, no usage surprises
- You're the sysadmin: updates, security, and uptime are on you
Reach for it when: you need something always-on that other platforms won't allow — exactly the case for a self-hosted agent that holds state and keeps working in the background.
Honest take: a VPS is the most "raw" option. Great for control and agents; more effort than it's worth for a simple website (use Vercel/Cloudflare for those).
Free-tier limits and pricing on all of these shift every few months. Treat the numbers here as a 2026 snapshot and confirm on each platform's own pricing page before you commit a real project to it.
Which host do I pick? A 10-second decision
| If you're building… | Start here | Why |
|---|---|---|
| A website or marketing page | Cloudflare Pages or Vercel | Free, instant, fast everywhere |
| A full-stack web app / dashboard (login, data, pages) | Vercel + Supabase | Frontend + database + auth, minimal setup |
| A backend API or a bot | Railway | Always-on, one-click database |
| An AI agent that runs continuously | Hostinger VPS (or Railway) | Persistent process, full control |
| Something cheap that must scale | Cloudflare (Workers + R2 + D1) | No bandwidth fees, scales to zero cost |
You don't have to commit forever. Moving a small app between hosts later is normal and usually painless — so start with whatever gets you live fastest.
GitHub: the backbone that ties it all together
GitHub is where your code lives online. It's four things at once: a backup, a history of every change, a collaboration space, and the source that hosts like Vercel and Railway deploy from. Set this up first — everything else plugs into it.
The mental model
Your project is a repository ("repo") — a folder of code that GitHub tracks. As you work, you save snapshots called commits, then push them up to GitHub. When you connect a repo to Vercel or Railway, every push automatically deploys the new version. That's the magic loop: code → commit → push → live.
The handful of commands worth knowing
Claude can run most of these for you, but here's what they mean so the words aren't a mystery:
# copy a repo from GitHub down to your computer
git clone https://github.com/you/your-project
# see what you've changed since the last snapshot
git status
# stage your changes, then save a snapshot with a note
git add .
git commit -m "Add the upload button"
# send your snapshots up to GitHub (this triggers a deploy)
git push
# pull down changes someone else (or you, elsewhere) pushed
git pull
# branch = a safe parallel copy to experiment in
git checkout -b my-experimentIf you remember only two: commit saves a snapshot, push uploads it. That's 90% of day-to-day work.
Building with Claude on your repo
You can connect Claude directly to your GitHub so you can build, edit, and ship without leaving the conversation:
- Easiest sign-in: when a platform offers it, use "Continue with GitHub" (or Google). It skips creating yet another password and links your accounts cleanly. This is what we recommend for new builders — fewer credentials to lose.
- Connect the GitHub connector (or use Claude Code) so Claude can read your repo, propose changes, and open them as commits you review.
- Want to work together? You can add a collaborator to a repo (Settings → Collaborators) and invite a partner by username. Then you can both push to the same project and pair on the code live.
When you create a repo, choose Private, not Public. A public repo is visible to the entire internet — and people regularly leak API keys, passwords, and client data by forgetting this. You can always flip a repo to public later on purpose; you can't un-leak a secret. Private by default, every time.
Databases 101: where your app remembers things
A database is where structured information lives between visits — users, orders, bookings, messages, settings. If your app needs to remember anything after the page reloads, you need one.
Two flavors, and when each fits
SQL / relational (the default)
Data lives in tables with defined columns, like linked spreadsheets. Best when your data has clear structure and relationships — users have orders, orders have items. PostgreSQL is the modern go-to.
Pick this for ~95% of apps. When unsure, choose SQL.
NoSQL / document
Data lives as flexible documents (think JSON blobs) without a fixed shape. Handy for loosely structured data or huge scale. MongoDB and Firebase are common.
Pick this only when you have a specific reason. Otherwise SQL is simpler to reason about.
What we recommend for beginners
Supabase is the easiest on-ramp. It's a hosted PostgreSQL database plus login/auth plus file storage — three of our five layers in one friendly dashboard, with a real free tier. For most apps it's the single best first choice because Claude knows it well and it covers data, users, and files together.
| Tool | What it is | Use when |
|---|---|---|
| Supabase | Postgres + auth + storage, all-in-one | Your default. You want data, logins, and files without juggling services. |
| Neon | Just Postgres, very cheap, scales to zero | You want a clean database only, to pair with your own backend. |
| Cloudflare D1 | Simple SQLite database at the edge | You're already all-in on Cloudflare and your needs are light. |
| Railway Postgres | One-click database next to your app | Your backend lives on Railway and you want everything in one place. |
Free databases often pause after about a week of inactivity (Supabase does this). Fine for prototypes; for anything a real client depends on, plan to be on a paid tier so it never goes to sleep mid-demo.
Authentication: logins, and who's allowed in
Two words that sound alike and do different jobs. Authentication = "who are you?" (logging in). Authorization = "what are you allowed to see?" (permissions). You almost always need both, and you should never build the password-handling part from scratch — it's a security minefield. Use a proven tool.
Your options, easiest first
| Tool | Best for | The trade |
|---|---|---|
| Clerk | The fastest, prettiest drop-in login. Ready-made sign-in boxes and user profiles you paste in. | Generous free tier, then gets pricey at large user counts. Best developer experience for beginners. |
| Supabase Auth | Free and built-in if you're already using Supabase. Ties neatly to your database permissions. | You design a bit more of the UI yourself, but it's free up to ~50k monthly users. |
| Auth.js / Better Auth | Open-source libraries, no monthly bill, you run it yourself. | What AI tools often generate by default. More flexible, slightly more wiring. |
| Auth0 / WorkOS | Enterprise needs — single sign-on, corporate logins. | Overkill (and costly) until a client specifically demands it. |
Our beginner recommendation
- Already using Supabase for your database? Use Supabase Auth — it's free, included, and connects to your data permissions automatically.
- Want the absolute smoothest setup? Use Clerk — you can have a real login screen working in well under an hour.
- For your users, always offer "Sign in with Google" (and/or GitHub). Social login is the lowest-friction option — no new password for them to forget, and the auth provider handles the security.
Once someone is logged in, your app attaches their identity to every request. Your database then enforces rules like "a user can only read rows that belong to them." In Supabase this is called Row Level Security (RLS) — the database itself blocks access, so even a bug in your code can't leak someone else's data. This same idea is what makes the file-sharing case below work.
Files & storage: sharing the right file with the right person
This is the layer people get confused about most — so let's be concrete, because it's exactly the situation many builders hit: "I want a dashboard where I can post Excel files (or PDFs, images, exports) behind a login, and only certain people can open them."
First: database vs. file storage
The database holds…
Structured rows of data you query — names, dates, statuses, the record that "Q3 report was uploaded by Ana on March 3 and may be seen by the Finance group."
File storage holds…
The actual file itself — the real Q3-report.xlsx. Files don't belong in a database; they go in object storage built for exactly this.
So the answer to "what if they just need storage alongside their app?" is: yes, that's a normal, separate piece, and it works hand-in-hand with the database and login.
How "files behind an auth wall" actually works
The pattern is the same everywhere, and it's simpler than it sounds:
- The file goes into private object storage (it is not publicly linkable).
- A row in the database records what the file is and who may access it.
- When a logged-in user clicks "download," your app checks the rules: is this person allowed?
- If yes, the app hands out a signed URL — a temporary, expiring link that works for that person, for a few minutes, then dies. If no, they get nothing.
That signed-URL step is the whole trick. Files are never just sitting at a public address; access is granted per-person, per-moment, and checked against your permission rules.
The tools, beginner-friendly
| Tool | What it gives you | Use when |
|---|---|---|
| Supabase Storage | File storage that plugs into the same login and Row Level Security as your database | Your default — uploads, downloads, and per-person access rules in one system. Ideal for the dashboard case. |
| Cloudflare R2 | Cheap object storage with no bandwidth fees; you generate signed URLs | You're serving lots of/large files and want to keep costs flat. |
| Amazon S3 | The industry-standard object store | You need maximum scale or a specific integration; a little more setup. |
WORKED EXAMPLE The shareable, access-controlled dashboard
A client wants: users log in, see only the files meant for them, and can upload files that only certain people can open. Here's the recipe with the easy all-in-one stack:
- Login: users sign in with Google via Supabase Auth.
- Upload: an uploaded file lands in Storage; a database row records its name and an allowed-group (e.g. "Finance," or specific user IDs).
- Access control: Row Level Security ensures a user only ever sees the rows — and therefore the files — they're permitted to. Someone outside the group can't even see the file exists.
- Download: when allowed, the app issues a short-lived signed link; the file streams down and the link expires.
Tell Claude that's the shape you want and it can scaffold the whole thing. The point for you is to recognize the pattern — login + permission rules + private files + signed links — so you know what to ask for.
Recommended starter stacks
Rather than choosing ten tools, pick one of these three recipes based on what you're making. Each one is something Claude can set up well.
STACK 1 The easy all-in-one (most people, start here)
A web app or dashboard with logins, data, and file sharing, with the fewest moving parts. This covers the access-controlled dashboard example above. If it makes money, put Vercel on a paid plan (its free tier is non-commercial).
STACK 2 The flexible backend
When you need a real always-on backend, an API, a bot, or scheduled jobs — with a database sitting right next to it, all on one platform.
STACK 3 The autonomous agent
For a self-hosted agent that holds state and keeps working in the background. A VPS is right here precisely because serverless hosts won't keep a long-lived process alive.
Five habits that save you real pain
- Private repos, always. Worth repeating: new GitHub repos go to Private. Don't paste API keys into code that gets pushed.
- Keep secrets in environment variables. API keys and passwords belong in your host's "environment variables" settings, never typed into the code itself. Claude can show you where.
- Watch usage-based bills. Railway, Vercel overages, and Supabase egress are usage-priced. Glance at the dashboard occasionally so a viral day isn't a surprise invoice.
- Free tiers sleep. Free databases and some servers pause when idle. For anything a client relies on, budget the ~$5–25/mo to keep it awake.
- Ship small, ship often. Commit and push frequently with short notes. If something breaks, you can always step back to a working snapshot.
Mini glossary
| Deploy | Putting your app on the internet so others can use it. |
| Repo | A project folder that GitHub tracks the history of. |
| Commit / Push | Save a snapshot of your code / upload it to GitHub. |
| Serverless | Code that runs on demand and sleeps otherwise — you never manage a machine. |
| VPS | Your own always-on Linux computer in the cloud. |
| Edge | Code that runs in data centers close to your users for speed. |
| Auth | The login system; also covers permissions (who can see what). |
| MAU | Monthly active users — how auth tools often count usage and pricing. |
| Object storage | Where real files (Excel, PDF, images) live, separate from the database. |
| Signed URL | A temporary, expiring download link that grants access to one private file. |
| Environment variable | A safe place to store secrets like API keys, outside your code. |
Start with the smallest version that works, get it live, then add layers. The fastest way to learn this is to deploy one tiny thing this week. When you're picking what to build it in, the platforms guide and the editors & agents guide are the other half of the story.