Compliance

Flightstack Inc. maintains comprehensive compliance with all applicable regulations and requirements for government contracting and commercial operations.

NDAA Section 889 Compliance Statement (FY25)

Flightstack Inc.

Parent Company of THE WREKD COMPANY LLC

Business Address: 224 Meadowlark Ln., Monroe, Ohio 45050

DUNS: 12-709-6603 | CAGE: 11SE3 | UEI: FUQEZJX58K89

Effective Date: January 1, 2025 – Fiscal Year 2025

Document Version: 1.0

Last Updated: October 6, 2025

Executive Summary

Flightstack Inc. hereby certifies full compliance with Section 889 of the National Defense Authorization Act (NDAA) for Fiscal Year 2019, as amended and reaffirmed through Fiscal Year 2025. This statement confirms that Flightstack does not use, and will not provide to the U.S. Government, any “covered telecommunications equipment or services” as defined under Section 889.

Legal Framework

Section 889(a)(1)(A) - Prohibition on Procurement

Flightstack certifies that it does not use any covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.

Section 889(a)(1)(B) - Prohibition on Federal Funding

Flightstack certifies that it does not use any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component, or as critical technology as part of any system.

Covered Entities

Flightstack confirms it does not use equipment, services, or technology from the following entities or their subsidiaries, affiliates, or related companies:

Primary Covered Entities:

Huawei Technologies Company (and all subsidiaries/affiliates)
ZTE Corporation (and all subsidiaries/affiliates)
Hytera Communications Corporation (and all subsidiaries/affiliates)
Hangzhou Hikvision Digital Technology Company (and all subsidiaries/affiliates)
Dahua Technology Company (and all subsidiaries/affiliates)

Extended Coverage:

Any subsidiaries, affiliates, or joint ventures of the above entities
Any equipment or services that incorporate technology from covered entities
Any third-party products that contain covered telecommunications equipment as substantial components

Compliance Scope

Information Technology Systems

Network Infrastructure: All networking equipment, routers, switches, and wireless access points are sourced from compliant vendors
Telecommunications: All voice and data communication systems exclude covered equipment
Surveillance Systems: All security cameras, monitoring equipment, and related software are from approved vendors
Computing Hardware: All servers, workstations, and mobile devices are verified compliant

Supply Chain Management

Vendor Verification: All suppliers and subcontractors are required to certify NDAA Section 889 compliance
Component Tracking: Critical components in UAS systems are tracked and verified for compliance
Third-Party Audits: Regular audits of supply chain partners to ensure continued compliance

UAS/UAV Systems

Flight Controllers: All autopilot systems and flight management computers are sourced from compliant manufacturers
Communication Links: All command and control, telemetry, and video transmission systems exclude covered equipment
Ground Control Systems: All ground stations, antennas, and control interfaces are verified compliant
Payload Systems: All sensors, cameras, and mission equipment are sourced from approved vendors

Compliance Procedures

Ongoing Monitoring

Flightstack maintains continuous monitoring procedures including:

Quarterly Supply Chain Reviews: Comprehensive review of all vendors and suppliers
New Vendor Screening: NDAA compliance verification for all new suppliers
Technology Assessments: Regular evaluation of all IT and telecommunications systems
Contract Compliance: Inclusion of NDAA compliance requirements in all supplier contracts

Documentation and Records

Maintenance of vendor compliance certifications
Documentation of all technology procurement decisions
Records of compliance training for procurement staff
Audit trails for all technology acquisitions

Incident Response

In the event of potential non-compliance:

Immediate isolation and assessment of affected systems
Notification to relevant government contracting officers
Development and implementation of remediation plan
Documentation and reporting of corrective actions

Vendor Management

Approved Vendor Categories

Flightstack maintains relationships with pre-approved vendors in the following categories:

Telecommunications Equipment: Cisco, Juniper, Aruba, Ubiquiti
Computing Hardware: Dell, HP, Lenovo (non-covered models), Apple
Surveillance Systems: Axis Communications, Bosch, Pelco
UAS Components: Pixhawk, ArduPilot, DJI (where permitted), Autel (compliant models)

Vendor Certification Requirements

All vendors must provide:

Written NDAA Section 889 compliance certification
Supply chain transparency documentation
Ongoing compliance monitoring reports
Immediate notification of any compliance changes

Training and Awareness

Staff Training

Annual NDAA compliance training for all procurement personnel
Quarterly updates on covered entity lists and compliance requirements
Specialized training for technical staff on identifying covered equipment

Compliance Culture

Integration of NDAA compliance into corporate policies
Regular communication of compliance importance to all staff
Incentive structures that support compliance objectives

Government Contract Compliance

Contract Language

All government contracts include specific NDAA Section 889 compliance clauses and representations.

Subcontractor Requirements

All subcontractors and suppliers are required to:

Provide NDAA Section 889 compliance certifications
Flow down compliance requirements to their suppliers
Maintain compliance documentation and records
Report any compliance issues immediately

Ongoing Obligations

Annual compliance certifications for multi-year contracts
Immediate notification of any compliance changes
Cooperation with government compliance audits and reviews

Certification Statement

I, Joshua F. Rountree, Chief Executive Officer of Flightstack Inc., hereby certify that:

I have reviewed this compliance statement and the supporting documentation
The information contained herein is true, complete, and accurate to the best of my knowledge
Flightstack Inc. is in full compliance with NDAA Section 889 requirements
Appropriate systems and procedures are in place to maintain ongoing compliance
Any changes to our compliance status will be immediately reported to relevant government agencies

Signature: _________________________

Name: Joshua F. Rountree

Title: Chief Executive Officer

Company: Flightstack Inc.

Date: October 6, 2025

Contact Information

For questions regarding this compliance statement or Flightstack’s NDAA Section 889 compliance:

Primary Contact:

Joshua F. Rountree, CEO
Email: joshua@flightstack.com
Phone: (833) 955-2225

Compliance Officer:

Email: compliance@flightstack.com
Phone: (513) 540-4364

Government Contracting:

Email: commercial@flightstack.com
General Inquiries: info@flightstack.com
Public Safety: publicsafety@flightstack.com

Document Control

Document ID: FS-COMP-NDAA-889-FY25

Classification: Unclassified

Distribution: Approved for release to U.S. Government agencies and authorized personnel

Next Review Date: January 1, 2026

Retention Period: 7 years from effective date

This document contains proprietary and confidential information of Flightstack Inc. Distribution is restricted to authorized personnel and government agencies with legitimate need-to-know.

Additional Compliance Information

Flightstack Inc. maintains compliance with all applicable regulations including:

Federal Aviation Administration (FAA) regulations for UAS operations
Export Administration Regulations (EAR) and International Traffic in Arms Regulations (ITAR)
Federal Information Security Management Act (FISMA) requirements
Cybersecurity Maturity Model Certification (CMMC) standards

For specific compliance questions or documentation requests, please contact our compliance team at compliance@flightstack.com.