Your data is protected during transfer because Bittylicious uses SSL via https for all user pages and they have a valid certificate recognised by almost all web browsers.
As soon as your data is uploaded, it is immediately encrypted using GPG. A 2048 bit public key is stored on the Bittylicious web server and this key is used to encrypt the data.
When checking your documents, they download the encrypted data onto a local office-based computer running Ubuntu. The corresponding private key is stored on this machine only and this is used to decrypt your documents. After being checked, this version of the document is deleted.
The encrypted version of your documents are not deleted unless you delete your account. This is so your details on file should any dispute arise after payment.
Should the Bittylicious web server become compromised, only the encrypted version of your data will be available. This cannot be decrypted without the correct private key, which is not stored on the web server at any time.