# Trustless SaaS

Critical Moments is built as what we call "Trustless SaaS": software designed to be remotely controlled from services, without needing to trust a 3rd party service provider for correctness, security, or uptime SLAs.

Read our blog for a [complete overview of Trustless SaaS](https://criticalmoments.io/blog/trustless_saas).

### Trustless SaaS Model

These three policies together form our Trustless SaaS framework:

#### **Source-Available**

Our SDK's source code is [available on Github](https://github.com/CriticalMoments/CriticalMoments). You can read and compile any of the code you integrate into your app.

#### **Self Hosting**

[Self hosting the SDK configuration](https://docs.criticalmoments.io/remote-control-service) means we can't change your app's behaviour, even if we wanted to.&#x20;

It also means you can use the access control systems already embedded into your company. Since you don't rely on our servers, you can't be impacted by outages in our services.

#### **No User Tracking**

In a default install, Critical Moments install does not call out to any servers owned by us. It only calls to the config-service you self host. We can't track your users.

Some optional features require an external service to function. Currently, service requests are necessary for Geo-IP location, and weather data. Our docs clearly indicate when a service call is necessary, and explain how we protect end user data.

## How it works

We are a business, and still need to check that you've registered your app, and only use the features in your subscription level. Instead of having every client call out to a centralized service like many other SaaS companies do, our systems use public key cryptography to verify these goals.&#x20;

The client can verify these signatures locally, quickly, offline, and without calling any service.

Read more details [on our blog](https://criticalmoments.io/blog/trustless_saas/#how_we_implement).