Architecture in brief
Your machine runs the Sharnix agent, which opens an outbound WebSocket to our relay. Visitors open HTTPS share links on relay.sharnix.com or your preview subdomain. The relay forwards requests to your local port through that connection — visitors never receive your home or office IP address.
What Sharnix sees
| Data | Stored? | Notes |
|---|---|---|
| Your application source code | No | Stays on your machine |
| Preview HTTP/WebSocket traffic | Proxied in transit | Not intentionally persisted as page archives |
| Account & org settings | Yes | Required to operate the service |
| API keys | Hashed | Full secret shown once at creation |
| Link access events | Yes (plan-dependent) | Analytics, audit, abuse investigation |
| Visitor email for OTP gates | Minimal / transient | Used to verify access |
See also our Privacy policy.
Access controls
- Read-only mode rewrites HTML to disable forms and write actions
- Full mode allows interactive use — use only with trusted viewers
- Per-link expiry, one-time view, email/domain restrictions, and instant revocation
- Pro: require Sharnix login before viewing
- Team: IP and country allowlists, custom domains, audit log
When you go offline
If your agent or local app stops, share links pause automatically. Visitors see a branded paused or offline page instead of a raw connection error. This is intentional: the preview reflects what is actually running on your machine.
Abuse prevention
Public preview URLs can be misused. We take that seriously:
- Prohibited uses are defined in our Terms of Service
- Report abuse at abuse@sharnix.com or via report links on preview pages where available
- We may suspend links or accounts that violate policy or trigger security alerts
- New accounts may have rate limits on share-link creation during the first week
- We monitor domain reputation and act on Safe Browsing alerts
Encryption
Visitor connections use HTTPS. Agent-to-relay control connections use TLS. Do not share full-access preview links in public channels. Prefer read-only links with expiry for client reviews.
Managed service & open source
Sharnix is a managed service at launch. We may open-source components in the future based on user needs. If you require self-hosting today, contact sales@sharnix.com — we will tell you honestly what is available.
Report a vulnerability
Security issues: security@sharnix.com. Please include steps to reproduce. We aim to acknowledge reports within a few business days.