New to the forum because I thought this needed to be shared.
Photos of receipts are currently being stored insecurely.
You can test this yourself. Go to Account > Settings > Statement History
Then download a month (in which you have saved a receipt photo) in .csv format.
Open that file in excel and there is a receipt column containing links.
These links can be opened in any browser without logging in. They are your photographs, containing your private data.
It has to be said that these urls contain random strings, so you can’t simply guess links to other peoples’ receipts, but it’s not beyond a bot to trawl through and collect information on every monzo user who uploads their receipts.