How Fold works/Integrations/Paddle
Paddle
Payments & RevenueLive integration

Paddle

SaaS billing, subscription MRR and net revenue after taxes — read-only.

API Key — stored encryptedRead-only — we never write to your accountGDPR compliant
Your password is never shared
We never sell your data
Disconnect = data deleted instantly

Why founders connect Paddle

Paddle acts as your Merchant of Record, which means the revenue numbers you care about (net after tax and fees) are only visible inside their dashboard. Fold syncs those net revenue figures daily so you can see your actual take-home alongside your other metrics without logging in to Paddle every morning.

How your data flows

From Paddle to your Fold dashboard

This is the exact sequence every time Fold runs its daily sync. Nothing runs outside this pipeline.

01

Paddle API

Encrypted API key

Your API key is stored encrypted (AES-256) in our database. It is sent only to Paddle's API over TLS 1.3 and never logged.

02

Read-only API requests

4 HTTP GET calls per sync

Fold makes 4 read-only requests to Paddle's API — the exact endpoints are documented in the section below. No write requests are ever made.

03

Filter & aggregate

Personal data stripped before storage

The raw API response is processed in memory. Only aggregate numbers (totals, counts, rates) are extracted. Any field containing personal information — names, emails, IDs — is discarded and never written to disk.

04

Stored in your account

AES-256 at rest · row-level isolation

The filtered snapshot is written to your isolated tenant in our database, encrypted at rest. Row-level security ensures no other Fold user can read your data — not even via a misconfigured query.

05

Shown in your dashboard

Overview · Analytics · AI Digest

The stored aggregate numbers surface across your Fold dashboard — the Overview tile, Analytics tab charts, and the AI-generated daily digest. No raw data from the API is ever returned to the frontend.

Step 1 — How you connect

The exact connection flow

Here is precisely what happens when you connect Paddle to Fold, step by step.

  1. 1Go to your Paddle dashboard → Developer Tools → Authentication.
  2. 2Create a new API key with read-only permissions.
  3. 3Copy the key and paste it into Fold's Settings tab under the Paddle integration.
  4. 4Fold validates the key and performs an initial sync.
  5. 5You can delete or rotate the key from Paddle at any time to immediately revoke access.

Step 2 — Permissions we request

Exactly what access Fold asks for

We request the minimum permissions needed. No more.

  • Read-only API key — scoped to transactions, subscriptions and product data.
  • Fold requests the minimum permissions needed and never requests billing or payout access.

Step 3 — API calls Fold makes

Every request we send to Paddle

These are the exact API endpoints Fold calls during each sync, and why.

GET /transactions

Net revenue after Paddle's Merchant of Record fees and taxes.

GET /subscriptions

Active, paused and cancelled subscription counts for MRR.

GET /products + /prices

Revenue breakdown by product and plan.

GET /adjustments

Refund and credit note tracking.

API impact: Fold makes 4 API requests per sync. Paddle's API rate limit is 500 requests/minute — our usage is well within limits.

What we store

Exactly what lands in our database

Every field we persist — with a real example and the reason it exists. Nothing more is stored.

FieldExample valueWhy we store it
Net revenue (period)$5,800 this monthRevenue KPI tile (net of Paddle fees and tax).
Active subscription count201 activeMRR calculation base.
New subscriptions (period)18 newGrowth metric.
Churn count (period)6 cancelledChurn rate metric.
Revenue by product/planMonthly Plan: $3,200 / Annual: $2,600Plan breakdown chart.
Refund/adjustment total$120 refundedRefund rate metric.
Revenue by country (top 5)US: $3,100 / UK: $900Geographic revenue breakdown.

What a daily sync actually stores

One day's record — verbatim

This is a real-looking example of the row Fold writes to your account after a single sync. Every field, every value — nothing hidden.

paddle_daily_snapshot

{

"date": "2025-04-23",

"net_revenue": "5800.00",

"active_subscriptions": "201",

"new_subscriptions": "18",

"churn_count": "6",

"refund_total": "120.00",

}

No customer names. No emails. No transaction IDs. Just numbers.

What we never store

Data Fold never touches

These fields are explicitly excluded. Even if the Paddle API returns them, Fold ignores and discards them before any storage step.

  • Customer names, email addresses or billing addresses
  • Individual transaction or invoice IDs
  • VAT/tax registration numbers
  • Paddle payout schedules or bank account information
  • Webhook signing secrets

What Fold never does

Hard limits — enforced at the API level

These aren't just policies — they're technically impossible given the permissions we request. Paddle's own API enforces them.

  • Create, edit or cancel subscriptions or transactions
  • Issue refunds or credits
  • Access Paddle's Merchant of Record tax filing data
  • Share your revenue data with any third party
  • Use your data to train AI models

Privacy note — Paddle specific

As Paddle operates as a Merchant of Record, your customer billing data (addresses, VAT numbers) is held by Paddle and is never accessible to Fold. We only see the aggregated net revenue figures Paddle reports.

Data retention

How long we keep it

Synced metrics are retained while your Fold account is active and purged within 24 hours of disconnecting or account deletion.

Refresh frequency

How often we sync

Automatic sync every 24 hours. Manual refresh available from Settings.

How to revoke access

You are always in control

You can disconnect Paddle from Fold at any time — from either side. Both options immediately stop all data access.

From Fold

Settings → Paddle → Disconnect. All synced Paddle data is deleted immediately.

From Paddle directly

Paddle Dashboard → Developer Tools → Authentication → Delete the API key.

Open Paddle settings

Security standards

How your credentials are protected

AES-256 encryption at rest

Your API key is encrypted with AES-256 before being written to our database. It is never stored, logged, or returned in plaintext.

TLS 1.3 in transit

All API calls from Fold to Paddle use TLS 1.3. Your credentials cannot be intercepted in transit.

Read-only enforcement

Paddle's own API enforces the read-only permissions server-side. Even if Fold's code had a bug, the platform would reject any write request.

Row-level security

Your synced data is isolated in our database with row-level security. No other Fold user can query your data.

FAQ

Questions about the Paddle integration

Since Paddle is a Merchant of Record, do they share customer data with Fold?

No. Fold only reads aggregated transaction totals and subscription counts. Customer billing details (names, addresses, VAT numbers) are owned and managed by Paddle as the Merchant of Record and are never exposed to Fold.

Is my Paddle API key stored securely?

Yes. It is encrypted with AES-256 before storage and never logged or returned via the Fold API.

Other live integrations

See how other connections work

Stripe

Stripe

Payments & Revenue

Google Analytics 4

Google Analytics 4

Web Analytics

Meta Ads

Meta Ads

Advertising

Lemon Squeezy

Lemon Squeezy

Payments & Revenue

Gumroad

Gumroad

Payments & Revenue

Plausible

Plausible

Web Analytics

PostHog

PostHog

Web Analytics

Mailchimp

Mailchimp

Email & Marketing

Klaviyo

Klaviyo

Email & Marketing

Beehiiv

Beehiiv

Email & Marketing

Shopify

Shopify

E-commerce

WooCommerce

WooCommerce

E-commerce

Ready to connect Paddle?

Start your free trial — no credit card

7 days full access. Connect Paddle and every other live integration. Cancel anytime. Your data deleted on request, immediately.

Get started freeBack to full guide