Six things that are easy to skim past on a landing page and harder to fake. We keep this page short on purpose.
Orders, invoices, stock, customers and conversations live in the same Postgres. No nightly sync, no plugin pipelines, no eventually-consistent surprises. The AI reads and writes the same rows your admin screen does.
Tom talks to the platform through the Model Context Protocol (MCP), the same open protocol your own Claude or in-house model can use. Every action passes through one set of tools with one audit trail.
Servers and Postgres in the EU. Personal data is minimised on purpose, deletes are real deletes, exports take seconds. No third-country processors in the order path.
Every API key has a scope (read:orders, write:inventory) and every action it takes is logged with the token, the IP, and the payload. AI agents are not a special case. They use the same primitives a human does.
The developer SDK is MIT, on npm, with semver. Storefronts you build on top of it run wherever you want. If you ever leave Behio, the front end you wrote does not have to.
TypeScript end to end. Next.js + NestJS. Prisma. R2 for blobs. No exotic infra, no proprietary runtimes, no lock-in below the SDK line. The novelty is the AI behaviour, not the stack underneath it.
For deeper questions about hosting, sub-processors, security review, or specific GDPR articles, ping us through the waiting list and we will reply with documents.