Stripe
Revenue, MRR, churn and subscription data — read-only.
Why founders connect Stripe
Stripe is usually the first thing a founder checks in the morning. Fold makes that check instant — your daily revenue, new customers, and refund rate land in the same view as your traffic and email metrics, so you can see whether a good traffic day actually turned into a good revenue day.
How your data flows
From Stripe to your Fold dashboard
This is the exact sequence every time Fold runs its daily sync. Nothing runs outside this pipeline.
Stripe API
OAuth 2.0 token
You authorise Fold once via Stripe's own OAuth page. Fold receives a scoped, time-limited token — your login credentials are never seen or stored.
Read-only API requests
7 HTTP GET calls per sync
Fold makes 7 read-only requests to Stripe's API — the exact endpoints are documented in the section below. No write requests are ever made.
Filter & aggregate
Personal data stripped before storage
The raw API response is processed in memory. Only aggregate numbers (totals, counts, rates) are extracted. Any field containing personal information — names, emails, IDs — is discarded and never written to disk.
Stored in your account
AES-256 at rest · row-level isolation
The filtered snapshot is written to your isolated tenant in our database, encrypted at rest. Row-level security ensures no other Fold user can read your data — not even via a misconfigured query.
Shown in your dashboard
Overview · Analytics · AI Digest
The stored aggregate numbers surface across your Fold dashboard — the Overview tile, Analytics tab charts, and the AI-generated daily digest. No raw data from the API is ever returned to the frontend.
Step 1 — How you connect
The exact connection flow
Here is precisely what happens when you connect Stripe to Fold, step by step.
- 1Click "Connect Stripe" in your Fold Settings tab.
- 2You're redirected to Stripe's own login and authorization page (stripe.com).
- 3You review the exact permissions Fold is requesting and click "Allow access".
- 4Stripe issues a scoped access token to Fold. Your password is never shared.
- 5Fold performs the initial data sync and you're done.
Step 2 — Permissions we request
Exactly what access Fold asks for
We request the minimum permissions needed. No more.
- read_only — grants read-only access to your Stripe account data.
- No write scopes are requested. Fold cannot create charges, issue refunds, or modify anything.
Step 3 — API calls Fold makes
Every request we send to Stripe
These are the exact API endpoints Fold calls during each sync, and why.
GET /v1/charges
Fetch transaction volume, amounts and counts for the current period.
GET /v1/subscriptions
Read active, trialing, cancelled and past-due subscription counts.
GET /v1/customers
Count new and churned customers; no PII (names, emails) is stored.
GET /v1/invoices
Calculate MRR, ARR and recurring vs one-time revenue split.
GET /v1/products + /v1/prices
Identify revenue by product and plan for breakdown charts.
GET /v1/balance_transactions
Net revenue calculation after Stripe fees.
GET /v1/refunds
Track refund rate as a health metric.
API impact: Fold makes 7 read-only API calls per sync, all well within Stripe's default rate limit of 100 requests/second. Syncs run once daily and complete in under 5 seconds.
What we store
Exactly what lands in our database
Every field we persist — with a real example and the reason it exists. Nothing more is stored.
| Field | Example value | Why we store it |
|---|---|---|
| MRR (monthly recurring revenue) | $4,200 | Core revenue KPI tile and trend chart. |
| ARR (annual recurring revenue) | $50,400 | Displayed on Overview and Analytics tabs. |
| Total transactions this period | 143 | Volume metric on Overview tile. |
| Average transaction value | $29.37 | Used in AI context for benchmarking. |
| New customers count | 12 this month | Growth metric on Overview tile. |
| Churned customers count | 3 this month | Churn rate calculation. |
| Revenue by product/plan | Pro plan: $3,800 / Starter: $400 | Plan-level breakdown chart. |
| Refund count and total | 2 refunds, $58 | Refund rate health metric. |
| Failed payment count | 5 this month | Dunning / revenue recovery insight. |
What a daily sync actually stores
One day's record — verbatim
This is a real-looking example of the row Fold writes to your account after a single sync. Every field, every value — nothing hidden.
{
"date": "2025-04-23",
"revenue": "4320.00",
"tx_count": "143",
"new_customers": "12",
"refund_count": "2",
"refund_total": "58.00",
}
No customer names. No emails. No transaction IDs. Just numbers.
What we never store
Data Fold never touches
These fields are explicitly excluded. Even if the Stripe API returns them, Fold ignores and discards them before any storage step.
- Customer names, email addresses or physical addresses
- Card numbers, CVV codes or any payment card data
- Bank account details or routing numbers
- Individual transaction IDs or invoice IDs
- Customer metadata fields
- Stripe secret keys or restricted keys
- Webhook signing secrets
What Fold never does
Hard limits — enforced at the API level
These aren't just policies — they're technically impossible given the permissions we request. Stripe's own API enforces them.
- Create, modify or delete charges, subscriptions or invoices
- Issue refunds or credits
- Update customer records
- Access your Stripe Dashboard on your behalf
- Share your revenue data with any third party
- Use your data to train AI models
Privacy note — Stripe specific
Stripe is a PCI DSS Level 1 certified payment processor. Fold never has access to raw card data — that data never leaves Stripe's infrastructure. The access token Fold receives is read-only and scoped to aggregated business metrics only.
Data retention
How long we keep it
Synced metrics are kept for as long as your Fold account is active. Disconnecting Stripe or deleting your account removes all Stripe-sourced data within 24 hours.
Refresh frequency
How often we sync
Automatic sync every 24 hours. You can trigger a manual sync from the Settings tab at any time.
How to revoke access
You are always in control
You can disconnect Stripe from Fold at any time — from either side. Both options immediately stop all data access.
From Fold
Settings → Stripe → Disconnect. All synced Stripe data is deleted from Fold's servers immediately.
From Stripe directly
Log into your Stripe Dashboard → Settings → Installed apps → Fold → Remove access.
Open Stripe settingsSecurity standards
How your credentials are protected
AES-256 encryption at rest
Your OAuth access token is encrypted with AES-256 before being written to our database. It is never stored in plaintext.
TLS 1.3 in transit
All API calls from Fold to Stripe use TLS 1.3. Your credentials cannot be intercepted in transit.
Read-only enforcement
Stripe's own API enforces the read-only permissions server-side. Even if Fold's code had a bug, the platform would reject any write request.
Row-level security
Your synced data is isolated in our database with row-level security. No other Fold user can query your data.
FAQ
Questions about the Stripe integration
Can Fold see my customers' names or email addresses?
No. We call the Stripe API with read-only scopes but we only store aggregate counts (e.g. '12 new customers this month'). We do not store any individual customer records, PII or contact information.
Can Fold charge my customers or issue refunds?
Absolutely not. We only request read_only OAuth scope. Stripe's own API enforcement prevents any write operations with our token.
What if I revoke access on the Stripe side?
Your integration will show as disconnected in Fold and syncs will stop. No data can be read after revocation. The data already synced stays in your Fold account until you disconnect from Fold's Settings tab.
Is my Stripe secret key stored?
No. Fold uses OAuth 2.0 — we never see or store your Stripe secret key. We receive a time-limited, scoped OAuth token which is stored encrypted (AES-256) in our database.
Other live integrations
See how other connections work
Ready to connect Stripe?
Start your free trial — no credit card
7 days full access. Connect Stripe and every other live integration. Cancel anytime. Your data deleted on request, immediately.