Privacy Policy

Effective date: June 13, 2026 · Last updated: June 13, 2026

MizuFlow (“we,” “us,” “the app”) helps you see your bank, credit, investment, and loan accounts in one place. This policy explains what we collect, how we use it, and your choices.

MizuFlow is read-only — we never move, send, or hold your money.

1. Who we are

MizuFlow is operated by Shirley Zhao. Contact: hellomizuflow@gmail.com.

2. Information we collect

Account you create. When you sign up we collect your email address (and, if you use Google or Apple sign-in, the basic profile/email those services share). We use Firebase Authentication to manage sign-in.

Financial data via Plaid. When you link a financial institution, our partner Plaid Inc. securely connects to it and provides us:

account names, types, and balances;
transactions (date, amount, merchant, category);
investment holdings (securities, quantity, value).

Your bank login credentials are entered directly with Plaid and your bank — we never see or store them. Plaid’s handling of your data is governed by Plaid’s Privacy Policy and its end-user agreement.

Technical data. Basic app and diagnostic information needed to operate and secure the service.

3. How we use your information

To show your balances, transactions, net worth, and spending insights.
To detect and summarize your recurring subscriptions and bills.
To keep your data in sync via Plaid.
To operate, secure, and improve the app.
To communicate with you about your account.

We use your financial data only to provide MizuFlow’s features to you. We do not sell your data, and we do not use it for advertising.

4. How your data is stored and protected

Your data is stored using Google Firebase / Cloud Firestore. Connections use encryption in transit (HTTPS/TLS). Access credentials (such as Plaid access tokens) are kept server-side and are never stored in the app on your device. Access to your account requires sign-in and two-factor authentication.

5. Who we share it with

We share data only with service providers that help us run the app:

Plaid — to connect to your financial institutions.
Google Firebase — authentication, database, and hosting.
Apple — app distribution and, if you subscribe, payment processing.

We may disclose information if required by law. We do not sell or rent your personal or financial information to anyone.

6. Your choices and rights

Disconnect a bank at any time in the app, which removes that institution’s data.
Delete your account in Settings → Delete account — this signs you out, removes your MizuFlow data, and instructs Plaid to remove the connection. You can also email us to request deletion.
Depending on where you live (e.g. GDPR / CCPA), you may have rights to access, correct, export, or delete your data; contact us to exercise them.

7. Data retention

We keep your data while your account is active. When you delete your account, we delete your associated data and instruct Plaid to remove the connection.

8. Children

MizuFlow is not directed to children under 16, and we do not knowingly collect their information.

9. Changes to this policy

We may update this policy; we’ll post the new version here and update the “Last updated” date. Material changes will be communicated in-app or by email.

10. Contact

Questions or requests: hellomizuflow@gmail.com.