For operators with existing systems of record, we connect the stack.
For operators without them, we provide bounded native workflows that generate the same readiness graph.
Until May 28, 2027 — FAA Declaration of Compliance Deadline
Waitlist + Lead Magnet
The first GTM wedge is simple: help operators understand where they are exposed, then turn that urgency into a design-partner and waitlist pipeline.
A printable baseline review for operators who need to map policy, risk, assurance, and promotion gaps before May 28, 2027.
We are publishing the control-plane build in public: schema foundations, trust gates, audit-room surfaces, and design-partner learnings.
See current entriesThe Problem
On April 26, 2024, the FAA mandated Safety Management Systems for all Part 135 operators. Most aren't ready.
Every operator must implement all four. No exceptions.
Management commitment, accountability, reporting policy, code of ethics, emergency response plan
Hazard identification, risk assessment, risk controls, acceptance of residual risk
Performance monitoring, audits, corrective actions, continuous improvement
Training, communication, ensuring personnel understand their SMS role
The FAA requires evidence the system is actually functioning. You can't declare compliance on day one.
Market Opportunity
The 54% with 1-2 aircraft are the strategic opening: too small for fragmented enterprise tools, too exposed to run on spreadsheets forever.
Assignment board, duty guardrails, release pack, FRAT, and debrief start as assistive workflows and feed the same control plane as imported evidence.
Schedaero, Leon, FL3XX, ForeFlight, Web Manuals, and maintenance systems stay in place while we prove readiness, route controls, and freeze audit-ready evidence.
Competitive Landscape
Ops vendors own workflows. SMS vendors own hazard tools. Manual vendors own document control. The audit-legible control plane tying them together with explainable readiness and an Audit Room is still open.
Nobody connects all four layers into an audit-legible safety control plane with explainable readiness, frozen audit packages, and a control registry that shows why every requirement is green or blocked.
No cross-system Part 5 evidence room linking ops, safety, manuals, and maintenance artifacts
AC 120-92D requires trusted-source model with de-identification and follow-up. Most offer generic "anonymous option"
Nobody closes: event → risk control → manual update → training → communication receipt → retained evidence
Only FlightPro offers POI read-only access. No purpose-built audit room for inspectors, consultants, insurers
Product Strategy
Build broad, launch narrow: connect existing systems where they exist, provide bounded native workflows where they do not, and make trust explicit before any workflow becomes authoritative.
For large operators: connect Schedaero, Leon, FL3XX, ForeFlight, Web Manuals, CAMP, and the rest of the stack into one Part 5-legible control plane.
For small operators: provide native daily workflows that produce the same evidence graph without pretending to replace an enterprise ops suite on day one.
The product is not “a little SMS tool.” It is the control plane that shows exactly what an inspector sees and why every requirement is green, stale, blocked, or waived.
Native ops-lite and connector-fed operators land in the same shared core: Organizational System Model, Control Registry, Readiness Engine, Evidence Room, Audit Room, Confidential Reporting, and Change Control.
Schedule, release pack, FRAT, debrief, acknowledgments, and quick-reference manuals make the app a daily operational surface instead of an occasional compliance chore.
Certificates, bases, fleet types, facilities, interfaces, and delegated authorities drive applicability, routing, and per-entity readiness.
Each control has an owner, linked evidence, verification cadence, monitoring signals, failure criteria, and retirement rules.
Applicability-aware states, freshness and confidence scoring, next-best actions, and explicit “why green / why blocked” reasoning.
Frozen evidence sets, DCT-indexed views, delta-since-last-review, redactions, export provenance, and the regulator-facing demo surface.
Spreadsheet, PDF, email, and SFTP intake with dedupe, mapping suggestions, confidence scoring, and “first readiness baseline” generation.
Multi-client workspace, delegated setup, pack rollouts, audit coauthoring, and managed trusted-source workflows for consulting partners.
More daily features → more app opens → more natural safety reporting → better Part 5 evidence.
Daily use is the mechanism: more opens, more context-rich reporting, better readiness, and less compliance theater.
Pricing Model
Pricing now tracks certificate complexity, connector footprint, and the operating surfaces the customer actually uses. Headcount alone is the wrong pricing model for this category.
Readiness Core + Native Ops-Lite + Crew Evidence replaces spreadsheets and consultant-heavy glue for the 1-5 aircraft segment.
Readiness Core + connectors beats paying for fragmented SMS, manuals, maintenance, and internal labor just to correlate evidence by hand.
Build Plan
The pacing item is not raw build velocity. It is trust: explainable readiness, connector reliability, vault review, export validation, and promotion gates before any workflow is treated as authoritative.
Connector Control Plane
Silent wrongness is the failure mode. Every connector needs freshness SLOs, drift detection, reconciliation, quarantine, and customer-visible health so imported evidence can be trusted.
Flights at 5-minute freshness, crews at 1 hour, manuals at 4 hours. Schema drift, semantic drift, and suspect record quarantine are first-class product features.
Customers need to see stale, delayed, replayed, and quarantined records. Connector status cannot live only in internal ops tooling.
Integration breadth can exceed GA promise, but only trusted connector families should carry authoritative readiness weight.
L1 polling first, L2 with partnership later. Dispatch already behaves like an integration hub, making it a strong attach-point rather than a head-on replacement target.
Polling first, event-driven later. Strong Part 135 presence and existing integration posture make it a high-value ops connector family.
L2 day-one target. GraphQL plus webhooks supports the kind of near-real-time sync and replay model the control plane wants.
L2 day-one target. Strong APIs, webhooks, and crew mobile behavior make it one of the cleanest existing systems-of-record to plug into.
Risk Assessment
Premortem: it's March 2027 and the product failed. Why?
Built the full vision instead of MVP. By Jan 2027, operators couldn't get 6 months of runtime data in time.
No aviation safety credentials. Operators chose established players with known names.
Part 135 operators don't browse Product Hunt. They hear about tools at conferences and from insurance brokers.
FAA already extended once (24 to 36 months). If operators aren't ready, enforcement discretion could kill urgency.
ForeFlight or Nimbl (4,200+ operators) adds "good enough" SMS and distribution wins.
Every operator has "does this comply?" questions. Became a consulting firm at $399/mo pricing.
Go-To-Market
Implementation Diary
The diary exists to show momentum, surface real implementation choices, and turn abstract strategy into a legible build record for design partners.
We are treating imported ops data as contextual unless it has connector-grade trust. That keeps us out of mini-dispatch creep and keeps the wedge centered on readiness, auditability, and evidence density.
The hard work is not UI breadth. It is falsifiable readiness logic, frozen audit packages, human gate workflows, and clear answers to why something is green or blocked.
The page, checklist, SME credibility, and design-partner funnel all start now. The launch motion cannot wait for the finished app because trust accumulation starts well before general availability.
FAQ
No. The launch product is an audit-legible control plane. We ingest or connect to the operational stack you already have, then show what is missing, stale, or blocked for Part 5 readiness.
No. The launch boundary is explicit: no native scheduling, no duty-legality engine, no release authoring, and no operational release signatures as authoritative compliance evidence.
Readiness logic, frozen audit packages, acknowledgment receipts, confidential reporting, post-flight debrief, FRAT where no authoritative FRAT system exists, and the minimal control/action closure loop.
Every imported field carries provenance, freshness, and trust state. Connectors are a product surface: they need freshness SLOs, drift detection, reconciliation, quarantine, and explicit certification status.
Yes. The launch path includes L0 messy-evidence ingestion and bounded native evidence capture. Small operators can create the same readiness graph without pretending they already have enterprise systems of record.
The first external motion is design-partner pilot and limited availability. Narrow GA follows only after design partners complete a baseline-to-audit-package cycle, an evidence refresh cycle, and a mock audit review.
Complete Document
The current full-stack app strategy: strategic evolution, dual-track architecture, compliance mapping, connector control plane, pricing, roadmap, and launch criteria.
Loading full plan...