How Fold works/Integrations/Mailchimp
Mailchimp
Email & MarketingLive integration

Mailchimp

Email list growth, campaign performance and engagement rates — read-only.

OAuth 2.0 — no password sharedRead-only — we never write to your accountGDPR compliant
Your password is never shared
We never sell your data
Disconnect = data deleted instantly

Why founders connect Mailchimp

List growth is one of the most important early indicators for content-led businesses, but it's buried inside Mailchimp under three clicks. Fold surfaces your net new subscribers alongside your traffic and revenue so you can see whether the newsletter is growing in sync with everything else.

How your data flows

From Mailchimp to your Fold dashboard

This is the exact sequence every time Fold runs its daily sync. Nothing runs outside this pipeline.

01

Mailchimp API

OAuth 2.0 token

You authorise Fold once via Mailchimp's own OAuth page. Fold receives a scoped, time-limited token — your login credentials are never seen or stored.

02

Read-only API requests

4 HTTP GET calls per sync

Fold makes 4 read-only requests to Mailchimp's API — the exact endpoints are documented in the section below. No write requests are ever made.

03

Filter & aggregate

Personal data stripped before storage

The raw API response is processed in memory. Only aggregate numbers (totals, counts, rates) are extracted. Any field containing personal information — names, emails, IDs — is discarded and never written to disk.

04

Stored in your account

AES-256 at rest · row-level isolation

The filtered snapshot is written to your isolated tenant in our database, encrypted at rest. Row-level security ensures no other Fold user can read your data — not even via a misconfigured query.

05

Shown in your dashboard

Overview · Analytics · AI Digest

The stored aggregate numbers surface across your Fold dashboard — the Overview tile, Analytics tab charts, and the AI-generated daily digest. No raw data from the API is ever returned to the frontend.

Step 1 — How you connect

The exact connection flow

Here is precisely what happens when you connect Mailchimp to Fold, step by step.

  1. 1Click "Connect Mailchimp" in your Fold Settings tab.
  2. 2You're redirected to Mailchimp's authorization page (login.mailchimp.com).
  3. 3You log in and review the permissions Fold is requesting.
  4. 4You click "Allow". Mailchimp issues a scoped access token.
  5. 5Fold performs the initial sync of your list stats and campaign performance.

Step 2 — Permissions we request

Exactly what access Fold asks for

We request the minimum permissions needed. No more.

  • OAuth 2.0 — read access to lists, campaigns and campaign reports.
  • No write scopes. Fold cannot send emails, add/remove subscribers, or modify campaigns.

Step 3 — API calls Fold makes

Every request we send to Mailchimp

These are the exact API endpoints Fold calls during each sync, and why.

GET /3.0/lists

Subscriber count, growth rate and list health for the email KPI tile.

GET /3.0/lists/{id}/growth-history

Subscriber growth trend over the past 30 days.

GET /3.0/campaigns

List of recent campaigns to report on.

GET /3.0/reports/{id}

Open rate, click rate, unsubscribe rate and bounce rate per campaign.

API impact: Fold makes 4 API requests per sync. Mailchimp's rate limit is 10 requests/second — our usage is negligible.

What we store

Exactly what lands in our database

Every field we persist — with a real example and the reason it exists. Nothing more is stored.

FieldExample valueWhy we store it
Total subscriber count4,820 subscribersEmail KPI tile.
Net subscriber growth (period)+143 this monthGrowth metric.
Unsubscribe count (period)28 unsubscribedChurn metric.
Average open rate (last 5 campaigns)32.4%Engagement KPI.
Average click rate (last 5 campaigns)4.8%Engagement KPI.
Bounce rate (hard + soft)0.8%List health metric.

What a daily sync actually stores

One day's record — verbatim

This is a real-looking example of the row Fold writes to your account after a single sync. Every field, every value — nothing hidden.

mailchimp_daily_snapshot

{

"date": "2025-04-23",

"total_subscribers": "4820",

"new_subscribers": "143",

"unsubscribes": "28",

"avg_open_rate": "0.324",

"avg_click_rate": "0.048",

}

No customer names. No emails. No transaction IDs. Just numbers.

What we never store

Data Fold never touches

These fields are explicitly excluded. Even if the Mailchimp API returns them, Fold ignores and discards them before any storage step.

  • Individual subscriber email addresses, names or profile information
  • Subscriber tags or segment membership
  • Email content, subject lines or campaign body text
  • Individual open or click events per subscriber
  • Your Mailchimp account API key
  • Audience merge fields or custom properties

What Fold never does

Hard limits — enforced at the API level

These aren't just policies — they're technically impossible given the permissions we request. Mailchimp's own API enforces them.

  • Send emails or create campaigns
  • Add, update or remove subscribers
  • Modify lists, segments or automations
  • Access subscriber email addresses
  • Share your email list data with any third party
  • Use your email data to train AI models

Privacy note — Mailchimp specific

Fold never accesses your subscriber list. We read aggregate audience statistics (total count, growth rate, open rates) — not the email addresses or personal details of any individual subscriber.

Data retention

How long we keep it

Synced metrics are retained while your Fold account is active and purged within 24 hours of disconnecting or account deletion.

Refresh frequency

How often we sync

Automatic sync every 24 hours. Manual refresh available from Settings.

How to revoke access

You are always in control

You can disconnect Mailchimp from Fold at any time — from either side. Both options immediately stop all data access.

From Fold

Settings → Mailchimp → Disconnect. All synced Mailchimp data is deleted immediately.

From Mailchimp directly

Mailchimp → Account → Extras → Registered Applications → Fold Analytics → Deauthorize.

Open Mailchimp settings

Security standards

How your credentials are protected

AES-256 encryption at rest

Your OAuth access token is encrypted with AES-256 before being written to our database. It is never stored in plaintext.

TLS 1.3 in transit

All API calls from Fold to Mailchimp use TLS 1.3. Your credentials cannot be intercepted in transit.

Read-only enforcement

Mailchimp's own API enforces the read-only permissions server-side. Even if Fold's code had a bug, the platform would reject any write request.

Row-level security

Your synced data is isolated in our database with row-level security. No other Fold user can query your data.

FAQ

Questions about the Mailchimp integration

Can Fold see my subscribers' email addresses?

No. We only read aggregate audience statistics — total subscriber count, growth numbers, average open rates. Individual subscriber data is never accessed or stored.

Can Fold send emails or add people to my list?

No. The OAuth token we receive is read-only. Mailchimp's API will block any write operation from our token.

Will Fold affect my Mailchimp audience or campaigns?

No. Read-only API calls have no effect on your Mailchimp account. Nothing changes when Fold syncs.

Other live integrations

See how other connections work

Stripe

Stripe

Payments & Revenue

Google Analytics 4

Google Analytics 4

Web Analytics

Meta Ads

Meta Ads

Advertising

Lemon Squeezy

Lemon Squeezy

Payments & Revenue

Gumroad

Gumroad

Payments & Revenue

Paddle

Paddle

Payments & Revenue

Plausible

Plausible

Web Analytics

PostHog

PostHog

Web Analytics

Klaviyo

Klaviyo

Email & Marketing

Beehiiv

Beehiiv

Email & Marketing

Shopify

Shopify

E-commerce

WooCommerce

WooCommerce

E-commerce

Ready to connect Mailchimp?

Start your free trial — no credit card

7 days full access. Connect Mailchimp and every other live integration. Cancel anytime. Your data deleted on request, immediately.

Get started freeBack to full guide