SpaceTech and SatelliteTech SaaS vendors operate under arguably the most consequential compliance stack in B2B software: ITAR 22 CFR Parts 120-130 (international export of defense articles), EAR 15 CFR Part 730 (dual-use technology), FCC Part 25 (satellite and earth station licensing), NOAA Commercial Remote Sensing Policy (51 USC §60122), OFAC SDN 31 CFR §501 (sanctions), and ITU Radio Regulations (frequency coordination). A single violation in this stack can mean criminal prosecution, orbital slot forfeiture, or a permanently suspended FCC license.
This article covers five production-ready n8n workflow templates for SpaceTech platforms — tier-segmented onboarding, regulatory deadline tracking, API health monitoring, incident response, and weekly KPI dashboards. Each workflow includes import-ready JSON.
Why SpaceTech SaaS Has a Unique Deemed-Export Problem
Most SaaS verticals deal with data privacy regulators. SpaceTech deals with export control regulators who have criminal prosecution authority. The core risk that cloud automation platforms create for SpaceTech vendors:
| Risk | Regulator | Trigger |
|---|---|---|
| Unauthorized technical data export | DDTC/State (ITAR) | Foreign national accessing design automation via cloud iPaaS |
| Deemed export of satellite technology | BIS/Commerce (EAR) | Foreign national employee using automation in US |
| SDN counterparty transaction | OFAC/Treasury | Customer or partner on SDN list at time of transaction |
| Unlicensed earth station operation | FCC | License lapse during automation failure |
| Non-compliant remote sensing | NOAA | Imaging outside license conditions via automated scheduling |
When a SpaceTech vendor routes ITAR-controlled technical data through Zapier or Make — both of which run on cloud infrastructure accessible to non-US persons — they have created an undocumented deemed-export pathway under ITAR §120.17. The cloud vendor is not your ITAR co-conspirator; they are your exposure.
The OFAC problem is faster: OFAC SDN list violations are strict liability — no knowledge required. If your automation provisioned a service to an entity that appeared on the SDN list at the time of transaction, the violation is complete regardless of whether you knew. An API outage in your SDN screening endpoint is not a defense.
Self-hosted n8n — running inside your ITAR-authorized facility or on infrastructure limited to US persons — eliminates the deemed-export surface created by cloud automation platforms.
The 6 SpaceTech SaaS Tiers (and Their Compliance Exposure)
| Tier | Flags | Fastest Clock |
|---|---|---|
| ENTERPRISE_SATELLITE_MANUFACTURER_SAAS | ITAR_CONTROLLED + EAR_CONTROLLED + FCC_PART25_LICENSED + OFAC_SCREENING_REQUIRED | OFAC_SDN_MATCH_DETECTED IMMEDIATE |
| LAUNCH_SERVICES_TECH_SAAS | ITAR_CONTROLLED + EAR_CONTROLLED + OFAC_SCREENING_REQUIRED | OFAC_SDN_MATCH_DETECTED IMMEDIATE |
| SATELLITE_IMAGERY_ANALYTICS_SAAS | NOAA_LICENSED + EAR_CONTROLLED + OFAC_SCREENING_REQUIRED | OFAC_SDN_MATCH_DETECTED IMMEDIATE |
| GROUND_STATION_NETWORK_SAAS | FCC_PART25_LICENSED + ITAR_CONTROLLED + ITU_FILING | FCC_PART25_LICENSE_LAPSE IMMEDIATE |
| SATCOM_SERVICES_SAAS | FCC_PART25_LICENSED + EAR_CONTROLLED + OFAC_SCREENING_REQUIRED | OFAC_SDN_MATCH_DETECTED IMMEDIATE |
| SMALLSAT_CUBESAT_SAAS | ITAR_CONTROLLED or EAR_CONTROLLED + OFAC_SCREENING_REQUIRED | ITAR_TECHNOLOGY_TRANSFER_ALERT IMMEDIATE |
| SPACETECH_STARTUP | SOC2_REQUIRED + EAR_CONTROLLED | EAR compliance review |
Workflow 1 — Tier-Segmented Onboarding Drip
Different SpaceTech tiers face different Day 0 compliance risks. A satellite manufacturer needs to hear about ITAR deemed-export exposure from cloud automation. A satellite imagery vendor needs to hear about OFAC SDN screening before every imagery delivery. A generic welcome email misses both.
{
"name": "SpaceTech Tier-Segmented Onboarding Drip",
"nodes": [
{
"id": "1",
"name": "Customer Created Trigger",
"type": "n8n-nodes-base.spreadsheetFile",
"parameters": {
"operation": "read"
},
"position": [
100,
300
]
},
{
"id": "2",
"name": "Classify SpaceTech Tier",
"type": "n8n-nodes-base.code",
"parameters": {
"jsCode": "const customer = $input.first().json;\nconst tier = customer.tier || 'SPACETECH_STARTUP';\nconst flags = (customer.compliance_flags || '').split(',').map(f => f.trim());\nconst hasFlag = (f) => flags.includes(f);\n\nlet day0Subject = '';\nlet day0Note = '';\n\nif (tier === 'ENTERPRISE_SATELLITE_MANUFACTURER_SAAS') {\n day0Subject = 'Your n8n setup: ITAR USML Category XV & EAR dual-use classification';\n day0Note = 'Satellite manufacturers are subject to ITAR 22 CFR Parts 120-130 for items on USML Category XV (spacecraft, satellites, launch vehicles). Every automation touching technical data, design specs, or manufacturing parameters is a potential ITAR \u00a7120.17 export. Cloud iPaaS running on foreign-accessible servers creates undocumented deemed-export exposure. Self-hosted n8n inside your ITAR-controlled facility keeps technical data inside your authorized boundary.';\n} else if (tier === 'LAUNCH_SERVICES_TECH_SAAS') {\n day0Subject = 'Your n8n setup: ITAR launch vehicle data & EAR 15 CFR Part 730';\n day0Note = 'Launch services automation handles trajectory data, propulsion parameters, and mission files \u2014 all ITAR Category XV controlled. Routing through Zapier/Make creates a third-party deemed-export pathway under ITAR \u00a7120.17. OFAC SDN screening is also mandatory before any launch service transaction. Self-hosted n8n keeps launch vehicle technical data inside your ITAR-authorized facility.';\n} else if (tier === 'SATELLITE_IMAGERY_ANALYTICS_SAAS') {\n day0Subject = 'Your n8n setup: NOAA remote sensing license & OFAC SDN screening';\n day0Note = 'Commercial satellite imagery operators require a NOAA license under the Commercial Remote Sensing Policy (51 USC \u00a760122). Imagery delivery automations must screen each recipient against the OFAC SDN list \u2014 distributing imagery to a sanctioned entity is a strict-liability violation under 31 CFR \u00a7501. Self-hosted n8n keeps imagery processing pipelines inside your controlled environment.';\n} else if (tier === 'GROUND_STATION_NETWORK_SAAS') {\n day0Subject = 'Your n8n setup: FCC Part 25 earth station license & ITU coordination';\n day0Note = 'Ground station network operators need FCC Part 25 licenses for each earth station. Automation workflows touching frequency coordination, orbital arc assignments, or interference monitoring are subject to FCC and ITU Radio Regulations. Foreign nationals accessing ground station automation may trigger ITAR deemed-export. Self-hosted n8n limits access to authorized US persons.';\n} else if (tier === 'SATCOM_SERVICES_SAAS') {\n day0Subject = 'Your n8n setup: FCC Part 25 space station license & ITU frequency slots';\n day0Note = 'SatCom services require FCC Part 25 space station authorization and ITU frequency coordination milestones. EAR 15 CFR Part 730 applies to dual-use satellite communications equipment. OFAC screening required before provisioning service to any entity. Self-hosted n8n keeps service provisioning workflows inside your ITAR/EAR compliance boundary.';\n} else if (tier === 'SMALLSAT_CUBESAT_SAAS') {\n day0Subject = 'Your n8n setup: EAR classification & ITAR USML Category XV threshold';\n day0Note = 'Small satellites and CubeSats may be ITAR-controlled (USML Category XV) or EAR-controlled depending on capability thresholds (e.g., remote sensing resolution, propulsion delta-V). Many operators incorrectly assume CubeSats are EAR99 \u2014 even a 3U with propulsion may cross into ITAR. Self-hosted n8n prevents unintentional technical data exposure during design automation.';\n} else {\n day0Subject = 'Your n8n automation is live \u2014 3 things to configure first';\n day0Note = 'Welcome to the FlowKit n8n SpaceTech template. Three things to configure: (1) Add your compliance flags (ITAR_CONTROLLED, NOAA_LICENSED, FCC_PART25_LICENSED) to the trigger node, (2) Update Slack channel IDs in notification nodes, (3) Set your Sheets ID in Google Sheets nodes.';\n}\n\nreturn [{ json: { ...customer, tier, flags, day0Subject, day0Note,\n hasItar: hasFlag('ITAR_CONTROLLED'),\n hasEar: hasFlag('EAR_CONTROLLED'),\n hasFcc: hasFlag('FCC_PART25_LICENSED'),\n hasNoaa: hasFlag('NOAA_LICENSED'),\n hasOfac: hasFlag('OFAC_SCREENING_REQUIRED')\n} }];"
},
"position": [
300,
300
]
},
{
"id": "3",
"name": "Send Day 0 Welcome",
"type": "n8n-nodes-base.gmail",
"parameters": {
"operation": "send",
"to": "={{$json.email}}",
"subject": "={{$json.day0Subject}}",
"message": "Hi {{$json.name}},\n\n{{$json.day0Note}}\n\nYour FlowKit SpaceTech automation is configured and running.\n\nNext: Review your ITAR/EAR/FCC compliance deadline tracker \u2014 it will alert you 30, 14, and 7 days before each regulatory deadline.\n\nFlowKit Support\nhttps://stripeai.gumroad.com"
},
"position": [
500,
200
]
},
{
"id": "4",
"name": "Log to Sheets",
"type": "n8n-nodes-base.googleSheets",
"parameters": {
"operation": "append",
"sheetId": "YOUR_SHEET_ID",
"range": "A:G",
"data": "={{[$json.email, $json.tier, $json.day0Subject, new Date().toISOString(), 'day0_sent', $json.hasItar, $json.hasOfac]}}"
},
"position": [
500,
400
]
}
],
"connections": {
"Customer Created Trigger": {
"main": [
[
{
"node": "Classify SpaceTech Tier",
"type": "main",
"index": 0
}
]
]
},
"Classify SpaceTech Tier": {
"main": [
[
{
"node": "Send Day 0 Welcome",
"type": "main",
"index": 0
},
{
"node": "Log to Sheets",
"type": "main",
"index": 0
}
]
]
}
}
}
What it does: Reads the customer's tier and compliance flags. Routes Day 0 welcome to a tier-specific message explaining the exact ITAR/EAR/OFAC/FCC/NOAA risk relevant to their automation. Logs to compliance onboarding sheet.
Workflow 2 — ITAR/EAR/FCC/NOAA/OFAC Deadline Tracker
The 13 deadline types SpaceTech SaaS vendors must track across their customer base:
| Deadline | Authority | Clock |
|---|---|---|
| ITAR_STATE_LICENSE_EXPIRATION | DDTC/State 22 CFR §123.1 | Exports cease immediately on expiration |
| ITAR_TAA_EXPIRATION | DDTC/State | All technical transfers under TAA must stop |
| ITAR_DSP5_RETURN_DATE | DDTC/State | Final delivery report within 90d of last export |
| ITAR_VOLUNTARY_DISCLOSURE_DEADLINE | DDTC §127.12 | Initial notification to DDTC within 60d of discovery |
| EAR_BIS_LICENSE_EXPIRATION | BIS/Commerce 15 CFR §750.7 | 4-year term; renewal before further export |
| EAR_ANNUAL_SELF_ASSESSMENT | BIS/Commerce Part 762 | Annual; 5-year record retention |
| FCC_PART25_SPACE_STATION_RENEWAL | FCC 47 CFR §25.121 | File 30d before expiration (15-year typical term) |
| FCC_EARTH_STATION_LICENSE_RENEWAL | FCC 47 CFR §25.121 | File 30d before expiration |
| FCC_CONSTRUCTION_PERMIT_DEADLINE | FCC Part 25 | Launch by permit deadline or forfeit |
| NOAA_REMOTE_SENSING_LICENSE_RENEWAL | NOAA 51 USC §60122 | Cease imaging if license lapses |
| OFAC_SDN_WEEKLY_RESCREEN | OFAC 31 CFR §501 | Weekly — SDN list updates continuously |
| ITU_COORDINATION_MILESTONE | ITU Radio Regulations | Miss milestone = lose filing priority |
| SOC2_TYPE2_RENEWAL | AICPA | Annual |
{
"name": "ITAR/EAR/FCC/NOAA/OFAC Deadline Tracker",
"nodes": [
{
"id": "1",
"name": "Daily 7AM Trigger",
"type": "n8n-nodes-base.scheduleTrigger",
"parameters": {
"rule": {
"interval": [
{
"field": "cronExpression",
"expression": "0 7 * * *"
}
]
}
},
"position": [
100,
300
]
},
{
"id": "2",
"name": "Load Compliance Deadlines",
"type": "n8n-nodes-base.googleSheets",
"parameters": {
"operation": "readAll",
"sheetId": "YOUR_DEADLINES_SHEET",
"range": "A:H"
},
"position": [
300,
300
]
},
{
"id": "3",
"name": "Classify Deadline Urgency",
"type": "n8n-nodes-base.code",
"parameters": {
"jsCode": "const today = new Date();\nconst deadlineTypes = {\n 'ITAR_STATE_LICENSE_EXPIRATION': { authority: 'DDTC/State', urgencyNote: 'ITAR 22 CFR \u00a7123.1 \u2014 export license expires, all shipments under this license must cease immediately' },\n 'ITAR_TAA_EXPIRATION': { authority: 'DDTC/State', urgencyNote: 'Technical Assistance Agreement expiration \u2014 all technical data transfers and defense services covered by TAA must stop' },\n 'ITAR_DSP5_RETURN_DATE': { authority: 'DDTC/State', urgencyNote: 'DSP-5 permanent export license return date \u2014 final delivery report required to DDTC within 90 days of last export' },\n 'ITAR_VOLUNTARY_DISCLOSURE_DEADLINE': { authority: 'DDTC/State', urgencyNote: 'ITAR \u00a7127.12 voluntary disclosure \u2014 initial notification to DDTC within 60 days of discovery; final report typically 90 additional days' },\n 'EAR_BIS_LICENSE_EXPIRATION': { authority: 'BIS/Commerce', urgencyNote: 'EAR 15 CFR \u00a7750.7 \u2014 BIS license expires 4 years from approval date; renewal required before any further export' },\n 'EAR_ANNUAL_SELF_ASSESSMENT': { authority: 'BIS/Commerce', urgencyNote: 'EAR Part 762 \u2014 export records must be retained 5 years; annual internal compliance review recommended under BIS audit guidance' },\n 'FCC_PART25_SPACE_STATION_RENEWAL': { authority: 'FCC', urgencyNote: 'FCC Part 25 space station license term (typically 15 years) \u2014 renewal application must be filed 30 days before expiration per 47 CFR \u00a725.121' },\n 'FCC_EARTH_STATION_LICENSE_RENEWAL': { authority: 'FCC', urgencyNote: 'FCC earth station license renewal \u2014 file renewal 30 days before expiration per 47 CFR \u00a725.121; operating without license = enforcement action' },\n 'FCC_CONSTRUCTION_PERMIT_DEADLINE': { authority: 'FCC', urgencyNote: 'FCC Part 25 construction permit deadline \u2014 failure to launch within permit period results in license forfeiture' },\n 'NOAA_REMOTE_SENSING_LICENSE_RENEWAL': { authority: 'NOAA/Commerce', urgencyNote: '51 USC \u00a760122 \u2014 NOAA commercial remote sensing license renewal; imaging operations must cease if license lapses' },\n 'OFAC_SDN_WEEKLY_RESCREEN': { authority: 'OFAC/Treasury', urgencyNote: '31 CFR \u00a7501 \u2014 OFAC SDN list updates weekly; all counterparties must be rescreened; violations are strict liability regardless of knowledge' },\n 'ITU_COORDINATION_MILESTONE': { authority: 'ITU', urgencyNote: 'ITU Radio Regulations \u2014 frequency coordination milestones must be met to maintain ITU filing priority; missing deadlines = loss of orbital slot protection' },\n 'SOC2_TYPE2_RENEWAL': { authority: 'AICPA', urgencyNote: 'Annual SOC 2 Type II audit cycle \u2014 schedule 6 months ahead for readiness' }\n};\nreturn $input.all().map(item => {\n const d = item.json;\n const dueDate = new Date(d.due_date);\n const daysUntil = Math.ceil((dueDate - today) / (1000 * 60 * 60 * 24));\n const meta = deadlineTypes[d.deadline_type] || { authority: 'REGULATORY', urgencyNote: 'See compliance calendar' };\n let urgency = 'NOTICE';\n if (daysUntil <= 0) urgency = 'OVERDUE';\n else if (daysUntil <= 7) urgency = 'CRITICAL';\n else if (daysUntil <= 14) urgency = 'URGENT';\n else if (daysUntil <= 30) urgency = 'WARNING';\n return { json: { ...d, daysUntil, urgency, ...meta } };\n}).filter(i => i.json.urgency !== 'NOTICE');"
},
"position": [
500,
300
]
},
{
"id": "4",
"name": "Alert to Slack",
"type": "n8n-nodes-base.slack",
"parameters": {
"channel": "#spacetech-compliance",
"text": "={{$json.urgency}} [{{$json.deadline_type}}] {{$json.customer_name}} \u2014 {{$json.daysUntil}} days ({{$json.due_date}}) | {{$json.authority}} | {{$json.urgencyNote}}"
},
"position": [
700,
200
]
},
{
"id": "5",
"name": "Email Compliance Lead",
"type": "n8n-nodes-base.gmail",
"parameters": {
"operation": "send",
"to": "={{$json.compliance_email}}",
"subject": "={{$json.urgency}}: {{$json.deadline_type}} due in {{$json.daysUntil}} days",
"message": "Compliance deadline approaching:\n\nType: {{$json.deadline_type}}\nDue: {{$json.due_date}} ({{$json.daysUntil}} days)\nAuthority: {{$json.authority}}\nNote: {{$json.urgencyNote}}\n\nCustomer: {{$json.customer_name}}\nAccount: {{$json.account_id}}"
},
"position": [
700,
400
]
}
],
"connections": {
"Daily 7AM Trigger": {
"main": [
[
{
"node": "Load Compliance Deadlines",
"type": "main",
"index": 0
}
]
]
},
"Load Compliance Deadlines": {
"main": [
[
{
"node": "Classify Deadline Urgency",
"type": "main",
"index": 0
}
]
]
},
"Classify Deadline Urgency": {
"main": [
[
{
"node": "Alert to Slack",
"type": "main",
"index": 0
},
{
"node": "Email Compliance Lead",
"type": "main",
"index": 0
}
]
]
}
}
}
Workflow 3 — SpaceTech API Health Monitor (15-min Cycle)
Six compliance-critical API endpoints for SpaceTech vendors, each annotated with the regulatory consequence of downtime:
{
"name": "SpaceTech API Health Monitor",
"nodes": [
{
"id": "1",
"name": "Every 15 Minutes",
"type": "n8n-nodes-base.scheduleTrigger",
"parameters": {
"rule": {
"interval": [
{
"field": "cronExpression",
"expression": "*/15 * * * *"
}
]
}
},
"position": [
100,
300
]
},
{
"id": "2",
"name": "API Endpoints Config",
"type": "n8n-nodes-base.googleSheets",
"parameters": {
"operation": "readAll",
"sheetId": "YOUR_SPACETECH_APIS",
"range": "A:D"
},
"position": [
300,
300
]
},
{
"id": "3",
"name": "Check Each Endpoint",
"type": "n8n-nodes-base.httpRequest",
"parameters": {
"url": "={{$json.endpoint_url}}",
"method": "GET",
"timeout": 5000
},
"position": [
500,
300
]
},
{
"id": "4",
"name": "Evaluate Health Status",
"type": "n8n-nodes-base.code",
"parameters": {
"jsCode": "const endpoints = {\n 'itar_classification_api': 'ITAR 22 CFR \u00a7120.6 \u2014 USML classification lookup; downtime blocks all export license checks for new hardware',\n 'ofac_sdn_screening_api': 'OFAC 31 CFR \u00a7501 \u2014 SDN screening; downtime means no new transactions can be safely initiated (strict liability)',\n 'fcc_license_status_api': 'FCC Part 25 \u2014 space station and earth station license status; outage delays license renewal alerts',\n 'noaa_remote_sensing_api': 'NOAA 51 USC \u00a760122 \u2014 commercial remote sensing license validation; downtime blocks imagery delivery authorization',\n 'itu_coordination_api': 'ITU Radio Regulations \u2014 frequency coordination status; outage delays orbit filing milestone tracking',\n 'ear_classification_api': 'EAR 15 CFR Part 730 \u2014 CCL ECCN lookup; downtime blocks dual-use export screening for satellite components'\n};\nconst result = $input.first().json;\nconst prev = $('API Endpoints Config').first().json;\nconst statusCode = result.statusCode || 0;\nconst responseTime = result.responseTime || 9999;\nconst complianceNote = endpoints[prev.api_name] || 'SpaceTech compliance endpoint';\nconst isDown = statusCode < 200 || statusCode >= 300;\nconst isSlow = responseTime > 3000;\nconst status = isDown ? 'CRITICAL' : (isSlow ? 'DEGRADED' : 'OK');\nreturn [{ json: { ...prev, statusCode, responseTime, status, complianceNote, checkedAt: new Date().toISOString() } }];"
},
"position": [
700,
300
]
},
{
"id": "5",
"name": "Alert if Not OK",
"type": "n8n-nodes-base.if",
"parameters": {
"conditions": {
"string": [
{
"value1": "={{$json.status}}",
"operation": "notEqual",
"value2": "OK"
}
]
}
},
"position": [
900,
300
]
},
{
"id": "6",
"name": "Slack NOC Alert",
"type": "n8n-nodes-base.slack",
"parameters": {
"channel": "#spacetech-noc",
"text": "={{$json.status}} | {{$json.api_name}} | HTTP {{$json.statusCode}} | {{$json.responseTime}}ms | {{$json.complianceNote}}"
},
"position": [
1100,
200
]
},
{
"id": "7",
"name": "Log to Sheets",
"type": "n8n-nodes-base.googleSheets",
"parameters": {
"operation": "append",
"sheetId": "YOUR_SPACETECH_APIS",
"range": "api_health_log!A:F",
"data": "={{[$json.api_name, $json.status, $json.statusCode, $json.responseTime, $json.checkedAt, $json.complianceNote]}}"
},
"position": [
1100,
400
]
}
],
"connections": {
"Every 15 Minutes": {
"main": [
[
{
"node": "API Endpoints Config",
"type": "main",
"index": 0
}
]
]
},
"API Endpoints Config": {
"main": [
[
{
"node": "Check Each Endpoint",
"type": "main",
"index": 0
}
]
]
},
"Check Each Endpoint": {
"main": [
[
{
"node": "Evaluate Health Status",
"type": "main",
"index": 0
}
]
]
},
"Evaluate Health Status": {
"main": [
[
{
"node": "Alert if Not OK",
"type": "main",
"index": 0
}
]
]
},
"Alert if Not OK": {
"main": [
[
{
"node": "Slack NOC Alert",
"type": "main",
"index": 0
}
],
[
{
"node": "Log to Sheets",
"type": "main",
"index": 0
}
]
]
}
}
}
Workflow 4 — Regulatory Incident Pipeline
Eight incident types with pre-configured compliance clocks:
| Incident | Clock | Regulatory Basis |
|---|---|---|
| OFAC_SDN_MATCH_DETECTED | IMMEDIATE | 31 CFR §501 — strict liability, no knowledge defense |
| ITAR_TECHNOLOGY_TRANSFER_ALERT | IMMEDIATE + 60d DDTC | 22 CFR §127.1 — criminal exposure up to 20 years |
| EAR_DEEMED_EXPORT_VIOLATION | IMMEDIATE + 60d BIS | 15 CFR §734.13 — deemed export to foreign national |
| FCC_PART25_LICENSE_LAPSE | IMMEDIATE | 47 CFR §25.121 — cease operations, $100K/day fines |
| NOAA_REMOTE_SENSING_LICENSE_VIOLATION | 24h | 51 USC §60122 — notify NOAA within 24h |
| ITU_COORDINATION_DEADLINE_MISSED | 30d | ITU Radio Regs — loss of frequency filing priority |
| ITAR_VOLUNTARY_DISCLOSURE | 60d | ITAR §127.12 — initial DDTC notification |
| DATA_BREACH_SATELLITE_CUSTOMER_DATA | 72h | GDPR Art.33 — regulator notification |
{
"name": "SpaceTech Regulatory Incident Pipeline",
"nodes": [
{
"id": "1",
"name": "Webhook Trigger",
"type": "n8n-nodes-base.webhook",
"parameters": {
"path": "spacetech-incident",
"responseMode": "responseNode"
},
"position": [
100,
300
]
},
{
"id": "2",
"name": "Respond 200 Immediately",
"type": "n8n-nodes-base.respondToWebhook",
"parameters": {
"responseCode": 200,
"responseBody": "{\"received\": true}"
},
"position": [
300,
200
]
},
{
"id": "3",
"name": "Classify Incident",
"type": "n8n-nodes-base.code",
"parameters": {
"jsCode": "const incident = $input.first().json;\nconst type = incident.incident_type || 'GENERAL';\nconst incidentMap = {\n 'OFAC_SDN_MATCH_DETECTED': {\n priority: 'P0', window: 'IMMEDIATE',\n regulatory_note: 'OFAC 31 CFR \u00a7501 \u2014 SDN match is a strict-liability violation. Transaction must be blocked immediately regardless of knowledge. All assets must be frozen and OFAC must be notified. Do not alert the counterparty (tipping-off risk). Retain transaction records. Legal counsel required immediately.',\n actions: ['block_transaction', 'freeze_assets', 'alert_legal', 'notify_ofac', 'preserve_records'],\n slack_channel: '#ofac-critical', compliance_clock: 'IMMEDIATE \u2014 notify OFAC, legal counsel within hours'\n },\n 'ITAR_TECHNOLOGY_TRANSFER_ALERT': {\n priority: 'P0', window: 'IMMEDIATE',\n regulatory_note: 'ITAR 22 CFR \u00a7127.1 \u2014 unauthorized export of ITAR-controlled technical data is a criminal violation (up to 20 years imprisonment, $1M per violation). Cease the transfer immediately. Preserve all records. DDTC Voluntary Disclosure (\u00a7127.12) initial notification typically within 60 days of discovery; early disclosure significantly mitigates penalties.',\n actions: ['cease_transfer', 'preserve_records', 'alert_legal', 'initiate_voluntary_disclosure'],\n slack_channel: '#itar-critical', compliance_clock: 'IMMEDIATE + DDTC initial notification within 60 days'\n },\n 'EAR_DEEMED_EXPORT_VIOLATION': {\n priority: 'P0', window: 'IMMEDIATE',\n regulatory_note: 'EAR 15 CFR \u00a7734.13 \u2014 deemed export: release of controlled technology to a foreign national in the US is treated as an export to their home country. BIS Voluntary Self-Disclosure (VSD) mitigates penalties. Initial notification to BIS OAC within 60 days of discovery.',\n actions: ['cease_release', 'preserve_records', 'alert_legal', 'initiate_vsd'],\n slack_channel: '#ear-compliance', compliance_clock: 'IMMEDIATE + BIS VSD initial notification within 60 days'\n },\n 'FCC_PART25_LICENSE_LAPSE': {\n priority: 'P0', window: 'IMMEDIATE',\n regulatory_note: 'FCC 47 CFR \u00a725.121 \u2014 operating a space station or earth station without a valid license is a violation of the Communications Act \u00a7301. Cease operations immediately. File for special temporary authority (STA) if continuation required. FCC enforcement can impose fines up to $100K/day.',\n actions: ['cease_operations', 'file_sta_request', 'alert_fcc_counsel', 'notify_customers'],\n slack_channel: '#fcc-compliance', compliance_clock: 'IMMEDIATE \u2014 cease operations, file STA within 24h'\n },\n 'NOAA_REMOTE_SENSING_LICENSE_VIOLATION': {\n priority: 'P0', window: '24h',\n regulatory_note: '51 USC \u00a760122 \u2014 operating commercial remote sensing without a NOAA license or violating license conditions is a federal offense. NOAA must be notified within 24 hours of a known violation. Cease non-compliant imaging immediately.',\n actions: ['cease_imaging', 'notify_noaa', 'preserve_imagery_records', 'alert_legal'],\n slack_channel: '#noaa-compliance', compliance_clock: '24h \u2014 notify NOAA of violation'\n },\n 'ITU_COORDINATION_DEADLINE_MISSED': {\n priority: 'P1', window: '30d',\n regulatory_note: 'ITU Radio Regulations \u2014 missing an ITU coordination milestone risks loss of frequency filing priority. Coordination must be restarted. Loss of ITU protection exposes the satellite to interference from other operators.',\n actions: ['contact_itu_br', 'assess_filing_status', 'engage_frequency_coordinator', 'notify_customers'],\n slack_channel: '#itu-compliance', compliance_clock: '30 days to assess and recover filing status'\n },\n 'ITAR_VOLUNTARY_DISCLOSURE': {\n priority: 'P1', window: '60d',\n regulatory_note: 'ITAR \u00a7127.12 \u2014 initial notification to DDTC Compliance Advisor within 60 days of discovering a potential ITAR violation. Full disclosure must be made in writing. Voluntary disclosure significantly reduces penalties and eliminates criminal referral in most cases.',\n actions: ['prepare_initial_notification', 'retain_export_counsel', 'conduct_internal_investigation'],\n slack_channel: '#itar-compliance', compliance_clock: '60 days to DDTC initial notification'\n },\n 'DATA_BREACH_SATELLITE_CUSTOMER_DATA': {\n priority: 'P1', window: '72h',\n regulatory_note: 'GDPR Art.33 \u2014 72h notification to supervisory authority; Art.34 \u2014 customer notification if high risk. State breach laws may impose shorter windows. Satellite imagery of persons may qualify as biometric or special category data.',\n actions: ['contain_breach', 'assess_scope', 'prepare_notification', 'alert_dpo'],\n slack_channel: '#security-incidents', compliance_clock: '72h to notify regulator (GDPR Art.33)'\n }\n};\nconst meta = incidentMap[type] || { priority: 'P2', window: 'review', regulatory_note: 'Review applicable SpaceTech regulatory requirements.', actions: ['log', 'review'], slack_channel: '#compliance-queue', compliance_clock: 'TBD' };\nreturn [{ json: { ...incident, ...meta, incident_type: type, logged_at: new Date().toISOString() } }];"
},
"position": [
500,
300
]
},
{
"id": "4",
"name": "Notify Compliance Slack",
"type": "n8n-nodes-base.slack",
"parameters": {
"channel": "={{$json.slack_channel}}",
"text": "={{$json.priority}} SpaceTech Incident: {{$json.incident_type}}\nClock: {{$json.compliance_clock}}\nRegulatory note: {{$json.regulatory_note}}\nActions: {{$json.actions.join(', ')}}"
},
"position": [
700,
300
]
},
{
"id": "5",
"name": "Email Compliance + Legal",
"type": "n8n-nodes-base.gmail",
"parameters": {
"operation": "send",
"to": "compliance@yourcompany.com",
"cc": "legal@yourcompany.com",
"subject": "={{$json.priority}} SpaceTech Incident: {{$json.incident_type}} \u2014 {{$json.compliance_clock}}",
"message": "Incident type: {{$json.incident_type}}\nPriority: {{$json.priority}}\nCompliance clock: {{$json.compliance_clock}}\n\nRegulatory context:\n{{$json.regulatory_note}}\n\nRequired actions:\n{{$json.actions.map((a,i) => (i+1)+'. '+a).join('\n')}}\n\nLogged at: {{$json.logged_at}}"
},
"position": [
700,
450
]
}
],
"connections": {
"Webhook Trigger": {
"main": [
[
{
"node": "Respond 200 Immediately",
"type": "main",
"index": 0
},
{
"node": "Classify Incident",
"type": "main",
"index": 0
}
]
]
},
"Classify Incident": {
"main": [
[
{
"node": "Notify Compliance Slack",
"type": "main",
"index": 0
},
{
"node": "Email Compliance + Legal",
"type": "main",
"index": 0
}
]
]
}
}
}
Workflow 5 — Weekly SpaceTech Platform KPI Dashboard
{
"name": "Weekly SpaceTech Platform KPI Dashboard",
"nodes": [
{
"id": "1",
"name": "Monday 8AM",
"type": "n8n-nodes-base.scheduleTrigger",
"parameters": {
"rule": {
"interval": [
{
"field": "cronExpression",
"expression": "0 8 * * 1"
}
]
}
},
"position": [
100,
300
]
},
{
"id": "2",
"name": "Query SpaceTech Metrics DB",
"type": "n8n-nodes-base.postgres",
"parameters": {
"operation": "executeQuery",
"query": "SELECT (SELECT COUNT(*) FROM accounts WHERE status='active') as active_accounts, (SELECT SUM(mrr_usd) FROM accounts WHERE status='active') as mrr_usd, (SELECT COUNT(*) FROM accounts WHERE tier='ENTERPRISE_SATELLITE_MANUFACTURER_SAAS') as manufacturer_accounts, (SELECT COUNT(*) FROM compliance_deadlines WHERE status='open' AND deadline_type LIKE 'ITAR_%') as itar_open, (SELECT COUNT(*) FROM compliance_deadlines WHERE status='open' AND deadline_type LIKE 'EAR_%') as ear_open, (SELECT COUNT(*) FROM compliance_deadlines WHERE status='open' AND deadline_type LIKE 'FCC_%') as fcc_open, (SELECT COUNT(*) FROM compliance_deadlines WHERE status='open' AND deadline_type LIKE 'NOAA_%') as noaa_open, (SELECT COUNT(*) FROM compliance_deadlines WHERE status='open' AND deadline_type='OFAC_SDN_WEEKLY_RESCREEN') as ofac_rescreen_pending, (SELECT COUNT(*) FROM incidents WHERE created_at > NOW() - INTERVAL '7 days') as incidents_7d, (SELECT COUNT(*) FROM incidents WHERE incident_type='OFAC_SDN_MATCH_DETECTED' AND created_at > NOW() - INTERVAL '30 days') as ofac_hits_30d"
},
"position": [
300,
300
]
},
{
"id": "3",
"name": "Build KPI Report",
"type": "n8n-nodes-base.code",
"parameters": {
"jsCode": "const d = $input.first().json;\nconst getStatic = (key) => { try { return $getWorkflowStaticData('global')[key] || 0; } catch(e) { return 0; } };\nconst prevMrr = getStatic('prev_mrr');\nconst mrrChange = prevMrr > 0 ? (((d.mrr_usd - prevMrr) / prevMrr) * 100).toFixed(1) : 'N/A';\ntry { const sd = $getWorkflowStaticData('global'); sd.prev_mrr = d.mrr_usd; } catch(e) {}\nconst html = '<h2>FlowKit SpaceTech Platform \u2014 Weekly KPI</h2>' +\n '<table border=1 cellpadding=6><tr><th>Metric</th><th>Value</th><th>Note</th></tr>' +\n '<tr><td>Active Accounts</td><td>' + d.active_accounts + '</td><td>Billing active</td></tr>' +\n '<tr><td>MRR (USD)</td><td>$' + Number(d.mrr_usd||0).toLocaleString() + '</td><td>WoW: ' + mrrChange + '%</td></tr>' +\n '<tr><td>Manufacturer Accounts</td><td>' + d.manufacturer_accounts + '</td><td>Enterprise tier</td></tr>' +\n '<tr><td>ITAR Open Deadlines</td><td>' + d.itar_open + '</td><td>DDTC/State compliance</td></tr>' +\n '<tr><td>EAR Open Deadlines</td><td>' + d.ear_open + '</td><td>BIS/Commerce compliance</td></tr>' +\n '<tr><td>FCC Open Deadlines</td><td>' + d.fcc_open + '</td><td>Part 25 licenses</td></tr>' +\n '<tr><td>NOAA Open Deadlines</td><td>' + d.noaa_open + '</td><td>Remote sensing licenses</td></tr>' +\n '<tr><td>OFAC Rescreens Pending</td><td>' + d.ofac_rescreen_pending + '</td><td>Weekly SDN list update</td></tr>' +\n '<tr><td>Incidents (7d)</td><td>' + d.incidents_7d + '</td><td>All types</td></tr>' +\n '<tr><td>OFAC SDN Hits (30d)</td><td>' + d.ofac_hits_30d + '</td><td>Blocked transactions</td></tr>' +\n '</table>';\nreturn [{ json: { ...d, html, mrrChange, generated_at: new Date().toISOString() } }];"
},
"position": [
500,
300
]
},
{
"id": "4",
"name": "Email CEO + BCC CISO",
"type": "n8n-nodes-base.gmail",
"parameters": {
"operation": "send",
"to": "ceo@yourcompany.com",
"bcc": "ciso@yourcompany.com,cco@yourcompany.com",
"subject": "SpaceTech Platform KPI \u2014 Week of {{new Date().toLocaleDateString()}}",
"message": "={{$json.html}}",
"isHtml": true
},
"position": [
700,
200
]
},
{
"id": "5",
"name": "Slack #gtm Summary",
"type": "n8n-nodes-base.slack",
"parameters": {
"channel": "#go-to-market",
"text": "Weekly SpaceTech KPI: {{$json.active_accounts}} accounts | MRR ${{$json.mrr_usd}} (WoW: {{$json.mrrChange}}%) | ITAR open: {{$json.itar_open}} | FCC open: {{$json.fcc_open}} | OFAC hits (30d): {{$json.ofac_hits_30d}} | Incidents (7d): {{$json.incidents_7d}}"
},
"position": [
700,
400
]
}
],
"connections": {
"Monday 8AM": {
"main": [
[
{
"node": "Query SpaceTech Metrics DB",
"type": "main",
"index": 0
}
]
]
},
"Query SpaceTech Metrics DB": {
"main": [
[
{
"node": "Build KPI Report",
"type": "main",
"index": 0
}
]
]
},
"Build KPI Report": {
"main": [
[
{
"node": "Email CEO + BCC CISO",
"type": "main",
"index": 0
},
{
"node": "Slack #gtm Summary",
"type": "main",
"index": 0
}
]
]
}
}
}
Self-Hosting vs Zapier/Make: The SpaceTech Sovereignty Argument
| Data Category | Why Cloud iPaaS Creates Risk | Self-Hosted n8n Fix |
|---|---|---|
| ITAR technical data (USML Category XV) | Foreign-accessible cloud = deemed export under §120.17 | Data stays inside ITAR-authorized facility |
| EAR dual-use technology | Foreign national access in US = deemed export under §734.13 | Access limited to authorized US persons |
| OFAC SDN screening | Cloud outage = no screening = transaction proceeds = violation | On-premise screening, no SaaS dependency |
| FCC license workflow | Automation failure during license renewal = unlicensed operations | On-premise reliability, no cloud SLA dependency |
| NOAA imagery pipeline | Cloud routing = undocumented third-party access to licensed data | Imagery processing inside license boundary |
The Zapier/Make argument: $50-200/month, no ops overhead. The self-hosted n8n argument: a single ITAR violation is $1M per incident and 20 years per person. One audit finding that your technical data flowed through a cloud automation platform accessible to foreign nationals ends careers.
Get the Templates
All five workflows above — plus 10 additional compliance automation templates for SpaceTech and adjacent verticals — are available at stripeai.gumroad.com.
Individual templates: $12–$29. Bundle (all templates): $97.
FlowKit — n8n automation templates for compliance-driven SaaS vendors. Self-host, stay sovereign.
Top comments (0)