Lemon Squeezy
Digital product and subscription revenue — read-only via API key.
Why founders connect Lemon Squeezy
Lemon Squeezy is popular with indie hackers selling digital products and SaaS subscriptions. Fold pulls your daily revenue, new subscriptions, and churn into a single view — without having to refresh the LS dashboard to answer the question 'did yesterday beat last week?'
How your data flows
From Lemon Squeezy to your Fold dashboard
This is the exact sequence every time Fold runs its daily sync. Nothing runs outside this pipeline.
Lemon Squeezy API
Encrypted API key
Your API key is stored encrypted (AES-256) in our database. It is sent only to Lemon Squeezy's API over TLS 1.3 and never logged.
Read-only API requests
4 HTTP GET calls per sync
Fold makes 4 read-only requests to Lemon Squeezy's API — the exact endpoints are documented in the section below. No write requests are ever made.
Filter & aggregate
Personal data stripped before storage
The raw API response is processed in memory. Only aggregate numbers (totals, counts, rates) are extracted. Any field containing personal information — names, emails, IDs — is discarded and never written to disk.
Stored in your account
AES-256 at rest · row-level isolation
The filtered snapshot is written to your isolated tenant in our database, encrypted at rest. Row-level security ensures no other Fold user can read your data — not even via a misconfigured query.
Shown in your dashboard
Overview · Analytics · AI Digest
The stored aggregate numbers surface across your Fold dashboard — the Overview tile, Analytics tab charts, and the AI-generated daily digest. No raw data from the API is ever returned to the frontend.
Step 1 — How you connect
The exact connection flow
Here is precisely what happens when you connect Lemon Squeezy to Fold, step by step.
- 1Go to your Lemon Squeezy dashboard → Settings → API.
- 2Create a new API key — give it a name like "Fold Analytics".
- 3Copy the key and paste it into Fold's Settings tab under the Lemon Squeezy integration.
- 4Fold validates the key and performs an initial sync.
- 5You can delete this API key from Lemon Squeezy at any time to immediately revoke access.
Step 2 — Permissions we request
Exactly what access Fold asks for
We request the minimum permissions needed. No more.
- Read-only API key — grants read access to orders, subscriptions and products.
- Lemon Squeezy does not yet offer scoped API keys (as of 2025); the key gives read access to all store data. Fold only reads the fields listed below.
Step 3 — API calls Fold makes
Every request we send to Lemon Squeezy
These are the exact API endpoints Fold calls during each sync, and why.
GET /v1/orders
Fetch order counts and gross revenue for the period.
GET /v1/subscriptions
Count active, cancelled and paused subscriptions; calculate MRR.
GET /v1/products
Revenue breakdown by product.
GET /v1/subscription-invoices
Renewal revenue and failed payment tracking.
API impact: Fold makes 4 API requests per sync. Lemon Squeezy's API is rate-limited to 120 requests/minute — our usage is negligible.
What we store
Exactly what lands in our database
Every field we persist — with a real example and the reason it exists. Nothing more is stored.
| Field | Example value | Why we store it |
|---|---|---|
| Gross revenue (period) | $3,100 this month | Revenue KPI tile. |
| Net revenue after LS fees | $2,790 | Actual income metric. |
| Active subscription count | 94 active | MRR base metric. |
| New subscriptions (period) | 11 new | Growth metric. |
| Cancelled subscriptions (period) | 4 cancelled | Churn metric. |
| Revenue by product | Starter: $1,200 / Pro: $1,900 | Product breakdown chart. |
| Refund count and total | 2 refunds, $74 | Refund rate metric. |
What a daily sync actually stores
One day's record — verbatim
This is a real-looking example of the row Fold writes to your account after a single sync. Every field, every value — nothing hidden.
{
"date": "2025-04-23",
"gross_revenue": "3100.00",
"net_revenue": "2790.00",
"active_subscriptions": "94",
"new_subscriptions": "11",
"cancelled_subscriptions": "4",
}
No customer names. No emails. No transaction IDs. Just numbers.
What we never store
Data Fold never touches
These fields are explicitly excluded. Even if the Lemon Squeezy API returns them, Fold ignores and discards them before any storage step.
- Customer names, email addresses or billing addresses
- Individual order IDs or invoice IDs
- Customer metadata or custom fields
- Payment method details
- Your Lemon Squeezy store URL or subdomain configuration
- Webhook secrets
What Fold never does
Hard limits — enforced at the API level
These aren't just policies — they're technically impossible given the permissions we request. Lemon Squeezy's own API enforces them.
- Create or modify orders, subscriptions or products
- Issue refunds or cancellations
- Access your Lemon Squeezy dashboard configuration
- Share your revenue data with any third party
- Use your data to train AI models
Privacy note — Lemon Squeezy specific
Your Lemon Squeezy API key is stored encrypted (AES-256) in our database and is never logged or transmitted in plaintext. You can rotate or delete it from Lemon Squeezy at any time.
Data retention
How long we keep it
Synced metrics are retained while your Fold account is active. Disconnecting or closing your account purges all LS-sourced data within 24 hours.
Refresh frequency
How often we sync
Automatic sync every 24 hours. Manual refresh available from Settings.
How to revoke access
You are always in control
You can disconnect Lemon Squeezy from Fold at any time — from either side. Both options immediately stop all data access.
From Fold
Settings → Lemon Squeezy → Disconnect. All synced data is deleted immediately.
From Lemon Squeezy directly
Lemon Squeezy Dashboard → Settings → API → Delete the API key named "Fold Analytics".
Open Lemon Squeezy settingsSecurity standards
How your credentials are protected
AES-256 encryption at rest
Your API key is encrypted with AES-256 before being written to our database. It is never stored, logged, or returned in plaintext.
TLS 1.3 in transit
All API calls from Fold to Lemon Squeezy use TLS 1.3. Your credentials cannot be intercepted in transit.
Read-only enforcement
Lemon Squeezy's own API enforces the read-only permissions server-side. Even if Fold's code had a bug, the platform would reject any write request.
Row-level security
Your synced data is isolated in our database with row-level security. No other Fold user can query your data.
FAQ
Questions about the Lemon Squeezy integration
Is my Lemon Squeezy API key stored securely?
Yes. Your API key is encrypted with AES-256 before being written to our database. It is never logged, never returned via our API, and never shared with any third party.
Can Fold issue refunds or cancel subscriptions on my Lemon Squeezy store?
No. We only read data. While Lemon Squeezy's API key doesn't yet support read-only scoping, Fold's code only calls GET endpoints and never performs any write operation.
Can I see my customers' details through Fold?
No. We only store aggregate counts and totals. Individual customer names, emails, and order details are never extracted or stored by Fold.
Other live integrations
See how other connections work
Ready to connect Lemon Squeezy?
Start your free trial — no credit card
7 days full access. Connect Lemon Squeezy and every other live integration. Cancel anytime. Your data deleted on request, immediately.