How are my uploaded documents stored?

From Bittylicious
Jump to navigation Jump to search

Context

Bittylicious requires users to upload personal information (e.g. passport images) when trading above a certain level.

Technical Information

  • Your data is protected during transfer because Bittylicious uses SSL via https for all user pages and we have a valid certificate recognised by almost all web browsers.
  • As soon as your data is uploaded, it is immediately encrypted using GPG. A 2048 bit public key is stored on the Bittylicious web server and this key is used to encrypt the data.
  • When we check your documents, we download the encrypted data onto a local office-based computer. The corresponding private key is stored on this machine only and this is used to decrypt your documents. After being checked, this version of the document is deleted.
  • The encrypted version of your documents are not deleted unless you delete your account, in which case see the data protection statement. This is so that we have your details on file should any dispute arise after payment.
  • Should the Bittylicious web server become compromised, only the encrypted version of your data will be available. This cannot be decrypted without the correct private key, which is not stored on the web server at any time.