How Fold works/Integrations/Gumroad
Gumroad
Payments & RevenueLive integration

Gumroad

Creator product sales and subscription revenue — read-only via OAuth.

OAuth 2.0 — no password sharedRead-only — we never write to your accountGDPR compliant
Your password is never shared
We never sell your data
Disconnect = data deleted instantly

Why founders connect Gumroad

Gumroad creators often sell across multiple products and memberships. Fold gives you a daily number — total revenue and units sold — without logging into Gumroad, so you can see at a glance whether your latest launch or email is moving the needle.

How your data flows

From Gumroad to your Fold dashboard

This is the exact sequence every time Fold runs its daily sync. Nothing runs outside this pipeline.

01

Gumroad API

OAuth 2.0 token

You authorise Fold once via Gumroad's own OAuth page. Fold receives a scoped, time-limited token — your login credentials are never seen or stored.

02

Read-only API requests

3 HTTP GET calls per sync

Fold makes 3 read-only requests to Gumroad's API — the exact endpoints are documented in the section below. No write requests are ever made.

03

Filter & aggregate

Personal data stripped before storage

The raw API response is processed in memory. Only aggregate numbers (totals, counts, rates) are extracted. Any field containing personal information — names, emails, IDs — is discarded and never written to disk.

04

Stored in your account

AES-256 at rest · row-level isolation

The filtered snapshot is written to your isolated tenant in our database, encrypted at rest. Row-level security ensures no other Fold user can read your data — not even via a misconfigured query.

05

Shown in your dashboard

Overview · Analytics · AI Digest

The stored aggregate numbers surface across your Fold dashboard — the Overview tile, Analytics tab charts, and the AI-generated daily digest. No raw data from the API is ever returned to the frontend.

Step 1 — How you connect

The exact connection flow

Here is precisely what happens when you connect Gumroad to Fold, step by step.

  1. 1Click "Connect Gumroad" in your Fold Settings tab.
  2. 2You're redirected to Gumroad's authorization page (gumroad.com).
  3. 3You log in and approve the connection.
  4. 4Gumroad issues a scoped access token to Fold.
  5. 5Fold performs the initial data sync.

Step 2 — Permissions we request

Exactly what access Fold asks for

We request the minimum permissions needed. No more.

  • view_sales — read-only access to sales data, products and subscription information.
  • No write scopes. Fold cannot create products, modify prices or issue refunds.

Step 3 — API calls Fold makes

Every request we send to Gumroad

These are the exact API endpoints Fold calls during each sync, and why.

GET /sales

Fetch total sales, revenue and unit counts for the period.

GET /products

Revenue breakdown by product.

GET /subscribers

Count active and cancelled membership subscribers for MRR.

API impact: Fold makes 3 API requests per sync. Gumroad's API rate limit is 5,000 requests per hour — our usage is negligible.

What we store

Exactly what lands in our database

Every field we persist — with a real example and the reason it exists. Nothing more is stored.

FieldExample valueWhy we store it
Total sales revenue (period)$2,400 this monthRevenue KPI tile.
Units sold82 unitsSales volume metric.
Revenue by productCourse: $1,800 / Ebook: $600Product breakdown chart.
Active subscribers (membership)34 activeMRR base metric.
Cancelled subscribers (period)3 cancelledChurn metric.
Refund count2 refundsRefund rate metric.

What a daily sync actually stores

One day's record — verbatim

This is a real-looking example of the row Fold writes to your account after a single sync. Every field, every value — nothing hidden.

gumroad_daily_snapshot

{

"date": "2025-04-23",

"revenue": "2400.00",

"units_sold": "82",

"active_subscribers": "34",

"cancelled_subscribers": "3",

"refund_count": "2",

}

No customer names. No emails. No transaction IDs. Just numbers.

What we never store

Data Fold never touches

These fields are explicitly excluded. Even if the Gumroad API returns them, Fold ignores and discards them before any storage step.

  • Buyer names, email addresses or shipping addresses
  • Individual sale IDs or transaction references
  • Buyer metadata or custom fields
  • Your Gumroad profile description or personal bio
  • Payout or banking information

What Fold never does

Hard limits — enforced at the API level

These aren't just policies — they're technically impossible given the permissions we request. Gumroad's own API enforces them.

  • Create, edit or delete products or pricing
  • Issue refunds or cancel subscriptions
  • Access your Gumroad profile settings
  • Share your sales data with any third party
  • Use your data to train AI models

Privacy note — Gumroad specific

Fold's Gumroad integration uses the official OAuth 2.0 flow. The access token received is scoped to read-only sales data and is stored encrypted in our database.

Data retention

How long we keep it

Synced metrics are retained while your Fold account is active and purged within 24 hours of disconnecting or account deletion.

Refresh frequency

How often we sync

Automatic sync every 24 hours. Manual refresh available from Settings.

How to revoke access

You are always in control

You can disconnect Gumroad from Fold at any time — from either side. Both options immediately stop all data access.

From Fold

Settings → Gumroad → Disconnect. All synced Gumroad data is deleted immediately.

From Gumroad directly

Gumroad → Settings → Applications → Fold Analytics → Revoke.

Open Gumroad settings

Security standards

How your credentials are protected

AES-256 encryption at rest

Your OAuth access token is encrypted with AES-256 before being written to our database. It is never stored in plaintext.

TLS 1.3 in transit

All API calls from Fold to Gumroad use TLS 1.3. Your credentials cannot be intercepted in transit.

Read-only enforcement

Gumroad's own API enforces the read-only permissions server-side. Even if Fold's code had a bug, the platform would reject any write request.

Row-level security

Your synced data is isolated in our database with row-level security. No other Fold user can query your data.

FAQ

Questions about the Gumroad integration

Can Fold see who bought my products?

No. We only store aggregate sales totals and product-level revenue. Individual buyer names, emails and order details are never extracted or stored.

Can Fold modify my Gumroad products or prices?

No. The view_sales OAuth scope is strictly read-only. Gumroad's API enforces this at their end.

Other live integrations

See how other connections work

Stripe

Stripe

Payments & Revenue

Google Analytics 4

Google Analytics 4

Web Analytics

Meta Ads

Meta Ads

Advertising

Lemon Squeezy

Lemon Squeezy

Payments & Revenue

Paddle

Paddle

Payments & Revenue

Plausible

Plausible

Web Analytics

PostHog

PostHog

Web Analytics

Mailchimp

Mailchimp

Email & Marketing

Klaviyo

Klaviyo

Email & Marketing

Beehiiv

Beehiiv

Email & Marketing

Shopify

Shopify

E-commerce

WooCommerce

WooCommerce

E-commerce

Ready to connect Gumroad?

Start your free trial — no credit card

7 days full access. Connect Gumroad and every other live integration. Cancel anytime. Your data deleted on request, immediately.

Get started freeBack to full guide