Shopify
E-commerce GMV, orders, product revenue and refund tracking — read-only.
Why founders connect Shopify
Shopify store owners tend to check their dashboard compulsively, especially during campaigns. Fold gives you your daily GMV, order count, and AOV in a single row alongside your Meta ad spend — so you can see your return on ad spend in context without any manual calculation.
How your data flows
From Shopify to your Fold dashboard
This is the exact sequence every time Fold runs its daily sync. Nothing runs outside this pipeline.
Shopify API
OAuth 2.0 token
You authorise Fold once via Shopify's own OAuth page. Fold receives a scoped, time-limited token — your login credentials are never seen or stored.
Read-only API requests
4 HTTP GET calls per sync
Fold makes 4 read-only requests to Shopify's API — the exact endpoints are documented in the section below. No write requests are ever made.
Filter & aggregate
Personal data stripped before storage
The raw API response is processed in memory. Only aggregate numbers (totals, counts, rates) are extracted. Any field containing personal information — names, emails, IDs — is discarded and never written to disk.
Stored in your account
AES-256 at rest · row-level isolation
The filtered snapshot is written to your isolated tenant in our database, encrypted at rest. Row-level security ensures no other Fold user can read your data — not even via a misconfigured query.
Shown in your dashboard
Overview · Analytics · AI Digest
The stored aggregate numbers surface across your Fold dashboard — the Overview tile, Analytics tab charts, and the AI-generated daily digest. No raw data from the API is ever returned to the frontend.
Step 1 — How you connect
The exact connection flow
Here is precisely what happens when you connect Shopify to Fold, step by step.
- 1Click "Connect Shopify" in your Fold Settings tab.
- 2Enter your Shopify store domain (e.g. your-store.myshopify.com).
- 3You're redirected to your Shopify store's OAuth authorization page.
- 4You review the permissions and click "Install app".
- 5Shopify issues a scoped access token to Fold. Initial sync begins.
Step 2 — Permissions we request
Exactly what access Fold asks for
We request the minimum permissions needed. No more.
- read_orders — read-only access to order data for revenue and volume metrics.
- read_products — read product titles for the revenue-by-product breakdown.
- read_customers — count only (new vs returning customers). Customer PII is never stored.
- No write scopes. Fold cannot create orders, modify products or process refunds.
Step 3 — API calls Fold makes
Every request we send to Shopify
These are the exact API endpoints Fold calls during each sync, and why.
GET /admin/api/orders.json
Gross revenue, order count and average order value for the period.
GET /admin/api/orders.json?financial_status=refunded
Refund count and refund total for the refund rate metric.
GET /admin/api/products.json
Product names for the revenue-by-product breakdown.
GET /admin/api/customers/count.json
Total customer count for new vs returning split.
API impact: Fold makes 4 REST API calls per sync, all paginated with date filters. Well within Shopify's default limit of 40 requests/app/second.
What we store
Exactly what lands in our database
Every field we persist — with a real example and the reason it exists. Nothing more is stored.
| Field | Example value | Why we store it |
|---|---|---|
| Gross Merchandise Value (GMV) | $18,400 this month | Revenue KPI tile. |
| Net revenue (after refunds) | $17,100 | Actual income metric. |
| Total order count | 312 orders | Volume metric. |
| Average order value (AOV) | $59.00 | Order quality metric. |
| New customers count | 188 new | Acquisition metric. |
| Returning customers count | 124 returning | Retention metric. |
| Revenue by top 5 products | Product A: $6,200 | Product performance widget. |
| Refund count and total | 14 refunds, $820 | Refund rate metric. |
What a daily sync actually stores
One day's record — verbatim
This is a real-looking example of the row Fold writes to your account after a single sync. Every field, every value — nothing hidden.
{
"date": "2025-04-23",
"gmv": "18400.00",
"net_revenue": "17100.00",
"order_count": "312",
"aov": "59.00",
"new_customers": "188",
"refund_count": "14",
}
No customer names. No emails. No transaction IDs. Just numbers.
What we never store
Data Fold never touches
These fields are explicitly excluded. Even if the Shopify API returns them, Fold ignores and discards them before any storage step.
- Customer names, email addresses, phone numbers or shipping addresses
- Individual order line items, product variants or order notes
- Customer browsing history or cart abandonment data
- Payment method or card details
- Shopify Payments payout details
- Draft orders or quote data
What Fold never does
Hard limits — enforced at the API level
These aren't just policies — they're technically impossible given the permissions we request. Shopify's own API enforces them.
- Create, edit or cancel orders
- Modify product listings, pricing or inventory
- Process refunds or chargebacks
- Access your Shopify admin settings
- Share your store data with any third party
- Use your store data to train AI models
Privacy note — Shopify specific
Fold reads order and product aggregate data — totals, counts and averages. Customer personal information (names, email addresses, shipping addresses) is never read from the API or stored in our database.
Data retention
How long we keep it
Synced metrics are retained while your Fold account is active and purged within 24 hours of disconnecting or account deletion.
Refresh frequency
How often we sync
Automatic sync every 24 hours. Manual refresh available from Settings.
How to revoke access
You are always in control
You can disconnect Shopify from Fold at any time — from either side. Both options immediately stop all data access.
From Fold
Settings → Shopify → Disconnect. All synced Shopify data is deleted immediately.
From Shopify directly
Shopify Admin → Settings → Apps and sales channels → Fold Analytics → Delete.
Open Shopify settingsSecurity standards
How your credentials are protected
AES-256 encryption at rest
Your OAuth access token is encrypted with AES-256 before being written to our database. It is never stored in plaintext.
TLS 1.3 in transit
All API calls from Fold to Shopify use TLS 1.3. Your credentials cannot be intercepted in transit.
Read-only enforcement
Shopify's own API enforces the read-only permissions server-side. Even if Fold's code had a bug, the platform would reject any write request.
Row-level security
Your synced data is isolated in our database with row-level security. No other Fold user can query your data.
FAQ
Questions about the Shopify integration
Can Fold see my customers' names, emails or shipping addresses?
No. We only store aggregate counts (e.g. '188 new customers this month'). Customer PII fields are excluded from our API queries.
Can Fold create orders or process refunds on my Shopify store?
No. We only request read-only scopes. Shopify's API will reject any write operation from our token.
Does Fold affect my Shopify store's performance?
No. We make lightweight, read-only API calls once per 24 hours. The API load is negligible and well within Shopify's rate limits.
Will Fold install any apps or scripts on my Shopify store?
No. Fold is an analytics read tool — it adds nothing to your storefront.
Other live integrations
See how other connections work
Ready to connect Shopify?
Start your free trial — no credit card
7 days full access. Connect Shopify and every other live integration. Cancel anytime. Your data deleted on request, immediately.