How are my uploaded documents stored?: Difference between revisions

From Bittylicious
Jump to navigation Jump to search
 
(One intermediate revision by one other user not shown)
Line 7: Line 7:
* Your data is protected during transfer because Bittylicious uses SSL via https for all user pages and we have a valid certificate recognised by almost all web browsers.
* Your data is protected during transfer because Bittylicious uses SSL via https for all user pages and we have a valid certificate recognised by almost all web browsers.
* As soon as your data is uploaded, it is immediately encrypted using [http://www.gnupg.org GPG]. A 2048 bit public key is stored on the Bittylicious web server and this key is used to encrypt the data.
* As soon as your data is uploaded, it is immediately encrypted using [http://www.gnupg.org GPG]. A 2048 bit public key is stored on the Bittylicious web server and this key is used to encrypt the data.
* When we check your documents, we download the encrypted data onto a local office-based computer running Ubuntu. The corresponding private key is stored on this machine only and this is used to decrypt your documents. After being checked, this version of the document is deleted.
* When we check your documents, we download the encrypted data onto a local office-based computer. The corresponding private key is stored on this machine only and this is used to decrypt your documents. After being checked, this version of the document is deleted.
* The encrypted version of your documents are not deleted unless you delete your account. This is so that we have your details on file should any dispute arise after payment.
* The encrypted version of your documents are not deleted unless you delete your account, in which case see the [https://help.bittylicious.com/index.php/Data_protection data protection statement]. This is so that we have your details on file should any dispute arise after payment.
* Should the Bittylicious web server become compromised, only the encrypted version of your data will be available. This cannot be decrypted without the correct private key, which is not stored on the web server at any time.
* Should the Bittylicious web server become compromised, only the encrypted version of your data will be available. This cannot be decrypted without the correct private key, which is not stored on the web server at any time.

Latest revision as of 15:28, 12 October 2017

Context

Bittylicious requires users to upload personal information (e.g. passport images) when trading above a certain level.

Technical Information

  • Your data is protected during transfer because Bittylicious uses SSL via https for all user pages and we have a valid certificate recognised by almost all web browsers.
  • As soon as your data is uploaded, it is immediately encrypted using GPG. A 2048 bit public key is stored on the Bittylicious web server and this key is used to encrypt the data.
  • When we check your documents, we download the encrypted data onto a local office-based computer. The corresponding private key is stored on this machine only and this is used to decrypt your documents. After being checked, this version of the document is deleted.
  • The encrypted version of your documents are not deleted unless you delete your account, in which case see the data protection statement. This is so that we have your details on file should any dispute arise after payment.
  • Should the Bittylicious web server become compromised, only the encrypted version of your data will be available. This cannot be decrypted without the correct private key, which is not stored on the web server at any time.