How Fold works/Integrations/Klaviyo
Klaviyo
Email & MarketingLive integration

Klaviyo

E-commerce email flows, campaign revenue and subscriber growth — read-only.

API Key — stored encryptedRead-only — we never write to your accountGDPR compliant
Your password is never shared
We never sell your data
Disconnect = data deleted instantly

Why founders connect Klaviyo

Klaviyo is the engine for most DTC and e-commerce email revenue — but the dashboard is complex and slow for a quick morning check. Fold pulls your campaign performance, list growth, and attributed revenue into a single daily snapshot so you can see whether your email channel is keeping pace with your ad spend.

How your data flows

From Klaviyo to your Fold dashboard

This is the exact sequence every time Fold runs its daily sync. Nothing runs outside this pipeline.

01

Klaviyo API

Encrypted API key

Your API key is stored encrypted (AES-256) in our database. It is sent only to Klaviyo's API over TLS 1.3 and never logged.

02

Read-only API requests

5 HTTP GET calls per sync

Fold makes 5 read-only requests to Klaviyo's API — the exact endpoints are documented in the section below. No write requests are ever made.

03

Filter & aggregate

Personal data stripped before storage

The raw API response is processed in memory. Only aggregate numbers (totals, counts, rates) are extracted. Any field containing personal information — names, emails, IDs — is discarded and never written to disk.

04

Stored in your account

AES-256 at rest · row-level isolation

The filtered snapshot is written to your isolated tenant in our database, encrypted at rest. Row-level security ensures no other Fold user can read your data — not even via a misconfigured query.

05

Shown in your dashboard

Overview · Analytics · AI Digest

The stored aggregate numbers surface across your Fold dashboard — the Overview tile, Analytics tab charts, and the AI-generated daily digest. No raw data from the API is ever returned to the frontend.

Step 1 — How you connect

The exact connection flow

Here is precisely what happens when you connect Klaviyo to Fold, step by step.

  1. 1Go to your Klaviyo account → Settings → API Keys.
  2. 2Create a new Private API Key — select "Read Only" access.
  3. 3Copy the key and paste it into Fold's Settings tab under the Klaviyo integration.
  4. 4Fold validates the key and performs an initial sync.
  5. 5Delete or revoke the key from Klaviyo at any time.

Step 2 — Permissions we request

Exactly what access Fold asks for

We request the minimum permissions needed. No more.

  • Read-only Private API Key — scoped to profiles (count only), campaigns, flows and metrics.
  • Fold requests the minimum permissions needed and does not request SMS, segments or suppression data.

Step 3 — API calls Fold makes

Every request we send to Klaviyo

These are the exact API endpoints Fold calls during each sync, and why.

GET /api/profiles/ (count only)

Total active profile / subscriber count.

GET /api/campaigns/

List recent email campaigns to pull performance on.

GET /api/campaign-message-assign/ (metrics)

Open rate, click rate and revenue attributed per campaign.

GET /api/flows/

Revenue attributed to automated flows (welcome series, abandoned cart, etc.).

GET /api/metrics/

Key events: placed_order, ordered_product used for revenue attribution.

API impact: Fold makes 5 API requests per sync. Klaviyo's API rate limit is 75 requests/second — our usage is negligible.

What we store

Exactly what lands in our database

Every field we persist — with a real example and the reason it exists. Nothing more is stored.

FieldExample valueWhy we store it
Active profile count6,200 profilesEmail KPI tile.
Net new profiles (period)+220 this monthList growth metric.
Average campaign open rate29.1%Engagement KPI.
Average campaign click rate3.7%Engagement KPI.
Revenue attributed to campaigns (period)$4,100Email ROI metric.
Revenue attributed to flows (period)$2,800Automation ROI metric.

What a daily sync actually stores

One day's record — verbatim

This is a real-looking example of the row Fold writes to your account after a single sync. Every field, every value — nothing hidden.

klaviyo_daily_snapshot

{

"date": "2025-04-23",

"active_profiles": "6200",

"new_profiles": "220",

"emails_sent": "4100",

"opens": "1193",

"clicks": "152",

"attributed_revenue": "4100.00",

}

No customer names. No emails. No transaction IDs. Just numbers.

What we never store

Data Fold never touches

These fields are explicitly excluded. Even if the Klaviyo API returns them, Fold ignores and discards them before any storage step.

  • Individual profile email addresses, names or phone numbers
  • Individual event history per profile
  • Segment membership or suppression lists
  • Email content or subject lines
  • SMS message content or opt-in records
  • Your Klaviyo account password

What Fold never does

Hard limits — enforced at the API level

These aren't just policies — they're technically impossible given the permissions we request. Klaviyo's own API enforces them.

  • Send emails or SMS messages
  • Add, update or suppress profiles
  • Modify flows, campaigns or segments
  • Access individual subscriber purchase history
  • Share your email data with any third party
  • Use your data to train AI models

Privacy note — Klaviyo specific

Fold uses Klaviyo's read-only API key scoping. We count profiles and read campaign-level aggregates — we never access individual subscriber profiles, event histories, or personal data.

Data retention

How long we keep it

Synced metrics are retained while your Fold account is active and purged within 24 hours of disconnecting or account deletion.

Refresh frequency

How often we sync

Automatic sync every 24 hours. Manual refresh available from Settings.

How to revoke access

You are always in control

You can disconnect Klaviyo from Fold at any time — from either side. Both options immediately stop all data access.

From Fold

Settings → Klaviyo → Disconnect. All synced Klaviyo data is deleted immediately.

From Klaviyo directly

Klaviyo → Settings → API Keys → Revoke the Fold Analytics key.

Open Klaviyo settings

Security standards

How your credentials are protected

AES-256 encryption at rest

Your API key is encrypted with AES-256 before being written to our database. It is never stored, logged, or returned in plaintext.

TLS 1.3 in transit

All API calls from Fold to Klaviyo use TLS 1.3. Your credentials cannot be intercepted in transit.

Read-only enforcement

Klaviyo's own API enforces the read-only permissions server-side. Even if Fold's code had a bug, the platform would reject any write request.

Row-level security

Your synced data is isolated in our database with row-level security. No other Fold user can query your data.

FAQ

Questions about the Klaviyo integration

Can Fold see my customers' purchase history or email addresses?

No. We read aggregate campaign performance metrics and profile counts. Individual profiles, event histories, and email addresses are never accessed or stored.

Is my Klaviyo API key stored securely?

Yes. Encrypted with AES-256 before storage and never logged, exposed via our API, or shared with third parties.

Can Fold send emails to my Klaviyo subscribers?

No. Read-only API keys in Klaviyo prevent any send, create, or modify operations.

Other live integrations

See how other connections work

Stripe

Stripe

Payments & Revenue

Google Analytics 4

Google Analytics 4

Web Analytics

Meta Ads

Meta Ads

Advertising

Lemon Squeezy

Lemon Squeezy

Payments & Revenue

Gumroad

Gumroad

Payments & Revenue

Paddle

Paddle

Payments & Revenue

Plausible

Plausible

Web Analytics

PostHog

PostHog

Web Analytics

Mailchimp

Mailchimp

Email & Marketing

Beehiiv

Beehiiv

Email & Marketing

Shopify

Shopify

E-commerce

WooCommerce

WooCommerce

E-commerce

Ready to connect Klaviyo?

Start your free trial — no credit card

7 days full access. Connect Klaviyo and every other live integration. Cancel anytime. Your data deleted on request, immediately.

Get started freeBack to full guide