WASTEGATE

Security & Compliance

Security & compliance, built into the architecture

Licensing-first by design

Wastegate interprets data the customer is already licensed for and never redistributes OEM manuals. The AI never logs into third-party systems — the backend mediates access to licensed channels and passes only the minimum excerpt needed, tagged with source, chapter, revision, and effectivity.

Data rights & licensing

You stay licensed; we never redistribute

Per-tenant isolation & least privilege

Each customer accesses only the fleets and manuals they’re licensed for — no pooled redistribution.

Customer-provided data path

Shops upload their own licensed PDFs; FAA public data (ADs, ACs, Part 43, TCDS) is always available; OEM/aggregator partnerships expand coverage.

Traceability for compliance

Citations support 14 CFR 43.13(a) current-data requirements; the immutable audit log supports AC 120-78A.

Row-level security

Supabase PostgreSQL with per-tenant RLS — tenant-isolated data across every org.

Deployment options

From fully managed cloud to air-gapped appliance

01

Cloud

React + Vite on Vercel, Flask API, Supabase PostgreSQL with RLS and pgvector — the default, fully managed.

02

Professional (on-prem)

Customer-sourced GPU (Nvidia RTX 6000 Ada / L40S), self-hosted inference via Ollama (Llama 3.3 70B), local vector DB (Qdrant/ChromaDB).

03

Enterprise (air-gap)

Turnkey appliance (Mac Studio M4 Ultra), white-glove setup, zero data off-site, air-gap capable — for customers and OEM licenses that forbid cloud.

Role-gated sign-offs

Sign-off authority gated to 14 CFR 43.3 / 43.7

The right person signs the right work, every time — enforced server-side by the architecture, not by policy.

  • AMT Student
    Cannot sign off — read & assist only
  • Owner / Pilot
    Preventive maintenance only (14 CFR 43.3(g))
  • A&P Mechanic
    Routine, progressive & preventive maintenance
  • IA Mechanic
    All inspection types — annual, major repair, major alteration

Compliance by architecture

Traceable, isolated, and tamper-evident by default

Immutable audit log

The immutable audit log supports AC 120-78A.

Per-tenant RLS

Supabase PostgreSQL with per-tenant RLS — tenant-isolated data across every org.

Current-data citations

Citations support 14 CFR 43.13(a) current-data requirements.

Ready to run your shop from squawk to sign-off?

Start a 14-day free trial, or request a guided demo tailored to your operation.

Start free trialRequest a demo