Korveln is LinkedIn relationship intelligence software. It tracks your LinkedIn interaction history, scores relationship strength, surfaces champions, flags cooling-off contacts, and maps warm paths into target accounts.

How does Korveln track LinkedIn interactions?

Korveln uses a browser extension that runs while you browse LinkedIn. It automatically captures likes, comments, replies, mentions, follows, and network activity so you do not have to log them manually.

What platforms does Korveln support today?

Korveln currently tracks LinkedIn activity. Other sources may be added later, but LinkedIn is the live product today.

Every account starts with a 7-day free trial of all Pro features with no credit card required. After the trial, the Pro plan is $29 per month. A Pro Annual plan is available at $24 per month billed annually at $288 per year, saving $60 compared to monthly billing.

How is Korveln different from a CRM?

CRMs track deals and stages. Korveln tracks the relationship layer underneath those deals: who is engaging, who is cooling off, who has become a champion, and where the warmest path into an account actually exists.

Privacy Policy

Last updated: March 2026

At Korveln, operated by NullStrike Security ("Company," "we," "us," or "our"), the privacy and security of your information is foundational to everything we build. This Privacy Policy describes in detail how we collect, process, store, protect, and manage information when you use the Korveln platform, including our website at korveln.com, the Korveln browser extension, the Korveln dashboard application, and any related services, tools, or features (collectively, the "Service"). By accessing or using any part of the Service, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with any part of this policy, you should discontinue use of the Service immediately.

1. Scope and Applicability

This Privacy Policy applies to all users of the Service, including but not limited to individuals who create accounts, install the browser extension, access the dashboard, visit the marketing website, or otherwise interact with any component of the Korveln platform. This policy governs all data collected through automated means, manual input, browser extension activity, authentication processes, and any other method by which information enters the Korveln system. This policy applies regardless of the device, browser, operating system, or geographic location from which you access the Service. Where local laws impose additional requirements, those requirements are addressed within the relevant sections of this policy and are incorporated by reference into the overall framework described herein.

2. Information We Collect

We collect several categories of information in order to provide, maintain, improve, and secure the Service. The types of information we collect include the following:

2.1 Account Information

When you create an account on Korveln, we collect your email address and, if provided, your name. This information is used for authentication, account recovery, communication about your account, and delivery of the Service. We may also collect metadata associated with your account creation, including the date and time of registration, the method of authentication used (email/password or third-party OAuth), and the referring source if applicable.

2.2 Professional Interaction Data

The Korveln browser extension captures professional interaction data from supported platforms when you have the extension installed and active. This data includes, but is not limited to: the type of interaction (such as a like, comment, reply, or mention), the identifiers of the participants involved in the interaction, the timestamp of the interaction, and contextual metadata necessary to classify and score the interaction. This data is collected passively as you use supported platforms in the normal course of your professional activities. The extension does not capture private messages, browsing history outside of supported platforms, personal social media activity, financial information, or any content that is not directly related to the professional interactions described in this section.

2.3 Network and Connection Data

When you initiate a network scan through the browser extension, Korveln collects information about your professional connections, including names, profile headlines, profile identifiers, connection status, and follow relationships. This data is used to build your relationship map within the dashboard, identify mutual connections, calculate network proximity, and enable features such as pathfinding and company intelligence. Network scan data is collected only when you actively initiate a scan or when automatic scanning is enabled in your extension settings. You may control which categories of network data are collected (connections, followers, following) through the extension popup or the dashboard Settings page.

2.4 Imported Data

If you use the Apollo CSV import feature (available on Pro plans and above), we collect the data contained in the CSV files you upload. This may include professional contact information such as names, email addresses, phone numbers, job titles, company names, company websites, social profile URLs, location information, and other professional attributes included in the Apollo export format. This data is stored in its entirety within your account and is used to enrich your contact records within the Korveln dashboard. Imported data is treated with the same level of security and access control as all other data in your account.

2.5 Usage and Technical Data

We automatically collect certain technical information when you access the Service, including your IP address, browser type and version, operating system, device type, screen resolution, referring URL, pages visited within the Service, features used, session duration, and interaction patterns within the dashboard. This information is collected through standard web technologies and is used to maintain and improve the Service, diagnose technical issues, prevent abuse, and understand how users interact with different features of the platform. We may also collect error logs and performance metrics to identify and resolve issues that affect the reliability of the Service.

2.6 Payment Information

When you subscribe to a paid plan, payment processing is handled entirely by our third-party payment processor, DodoPayments. We do not directly collect, store, or process your credit card numbers, bank account details, or other sensitive financial information. Our payment processor may share with us limited transactional information such as your subscription status, payment dates, plan type, and billing cycle for the purpose of managing your subscription within the Service. All payment-related data handling by our payment processor is governed by their own privacy policy and PCI DSS compliance standards.

3. How We Use Your Information

We use the information we collect for the following purposes, each of which is essential to the delivery, maintenance, and improvement of the Service:

3.1 Service Delivery and Core Functionality

Your interaction data, network data, and imported data are processed to generate the core features of the Korveln platform, including but not limited to: relationship warmth scoring, lead scoring, champion detection, at-risk alerts, interaction timelines, engagement heatmaps, sentiment analysis, network graph visualization, company intelligence, target mode pathfinding, and the inbox feed. All of these features are generated exclusively from data within your own account and are visible only to you (or, in the case of Teams and Agency plans, to authorized members of your organization). The processing of this data is fundamental to the purpose of the Service and cannot be separated from the Service itself.

3.2 Internal Analytics and Service Improvement

We use aggregated and anonymized usage data to understand how users interact with the Service, identify the most and least used features, diagnose performance bottlenecks, plan product development, and improve the overall user experience. When we use data for internal analytics, we take steps to ensure that individual users cannot be identified from the aggregated data sets. These analytics inform our decisions about feature development, infrastructure scaling, and user interface design. We do not use your personal relationship data or interaction data for internal analytics purposes. Only technical and usage metadata is used for these purposes.

3.3 Account Management and Communication

We use your email address to send you account-related communications, including but not limited to: email verification messages, password reset links, subscription confirmations, billing receipts, service announcements, security alerts, and responses to support inquiries. We do not send marketing emails unless you have explicitly opted in to receive them, and you may opt out of marketing communications at any time. Transactional and security-related communications cannot be opted out of, as they are essential to the security and operation of your account.

3.4 Security, Fraud Prevention, and Abuse Detection

We use technical data, access patterns, and authentication logs to detect and prevent unauthorized access, fraudulent activity, abuse of the Service, and violations of our Terms of Service. This includes monitoring for unusual login patterns, excessive API usage, automated scraping attempts, and other behaviors that may indicate a security threat or policy violation. We may use automated systems to flag suspicious activity for further review. In the event that we detect a security incident affecting your account, we will notify you as required by applicable law.

3.5 Legal Compliance

We may process your information as necessary to comply with applicable laws, regulations, legal processes, or enforceable governmental requests. This includes responding to valid subpoenas, court orders, or other legal process, and cooperating with regulatory authorities as required by law. We will notify you of such requests to the extent permitted by law.

4. Data Storage, Security, and Infrastructure

4.1 Storage Infrastructure

All user data is stored in managed PostgreSQL databases hosted on Supabase infrastructure, which operates on Amazon Web Services (AWS) cloud infrastructure. Our database instances are configured with automated backups, point-in-time recovery capabilities, and geographic redundancy to ensure data durability and availability. The physical security of the data centers that host our infrastructure is managed by AWS and meets or exceeds the requirements of SOC 2 Type II, ISO 27001, and other industry-recognized security certifications.

4.2 Encryption

All data transmitted between your browser and the Korveln servers is encrypted using TLS 1.2 or higher, ensuring that your data cannot be intercepted or read during transmission. Data stored in our databases is encrypted at rest using AES-256 encryption, which is the same standard used by financial institutions and government agencies for protecting sensitive information. Database backups are also encrypted using the same standard. Authentication tokens are generated using cryptographically secure random number generators and are transmitted only over encrypted connections.

4.3 Access Control and Row-Level Security

Korveln implements row-level security (RLS) policies on every database table that contains user data. This means that every database query is automatically filtered to return only data belonging to the authenticated user. Even in the unlikely event of a software vulnerability, row-level security provides an additional layer of protection that prevents unauthorized access to another user's data at the database level. Administrative access to production databases is strictly limited to authorized personnel, requires multi-factor authentication, and is logged for audit purposes. We do not grant database access to third parties, contractors, or partners under any circumstances.

4.4 Application Security

The Korveln application is developed following security best practices, including input validation, parameterized queries, content security policies, and protection against common web vulnerabilities as defined by the OWASP Top 10. We regularly review our codebase for security vulnerabilities and apply patches promptly when vulnerabilities are discovered in our dependencies. Our browser extension follows the Chrome Manifest V3 security model, which provides enhanced sandboxing and permission controls compared to earlier extension architectures. The extension operates with the minimum permissions necessary to provide its functionality.

4.5 Incident Response

In the event of a data breach or security incident that affects your personal data, we will notify affected users within 72 hours of becoming aware of the incident, as required by applicable data protection regulations. Our notification will include a description of the nature of the incident, the types of data potentially affected, the measures we have taken to address the incident, and recommendations for steps you can take to protect yourself. We maintain an internal incident response plan that is reviewed and tested periodically to ensure our readiness to respond to security events.

5. Data Sharing and Disclosure

5.1 No Sale of Personal Data

We do not sell, rent, lease, or trade your personal data, interaction data, relationship data, or any other data associated with your account to any third party, for any purpose, under any circumstances. This is a fundamental principle of the Korveln platform and will not change. Your data exists within the Service solely for your benefit, and we derive our revenue exclusively from subscription fees paid by our users, not from the monetization of user data.

5.2 No Third-Party Advertising

We do not use your data for targeted advertising, behavioral advertising, interest-based advertising, or any other form of advertising. We do not share your data with advertising networks, data brokers, or marketing platforms. The Korveln platform does not display third-party advertisements, and your data is never used to build advertising profiles or audience segments.

5.3 No AI or Machine Learning Training

We do not use your personal data, interaction data, relationship data, or any other data associated with your account to train artificial intelligence models, machine learning algorithms, large language models, or any other form of automated learning system. Your data is processed only for the purpose of delivering the features of the Service to you and is not used as training data for any purpose.

5.4 Service Providers

We use a limited number of third-party service providers to support the operation of the Service. These providers include Supabase (authentication, database hosting, and serverless functions), DodoPayments (payment processing), and standard web infrastructure providers (DNS, CDN, and hosting). These service providers process data only as necessary to provide their respective services to us and are contractually prohibited from using your data for any other purpose. We carefully evaluate the security practices and privacy policies of all service providers before engaging them, and we limit the data shared with each provider to the minimum necessary for them to perform their function.

5.5 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or enforceable governmental request. We may also disclose information if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Korveln, our users, or the public. In such cases, we will make reasonable efforts to notify you before disclosing your information, unless we are legally prohibited from doing so or unless notification would compromise an ongoing investigation or endanger public safety.

5.6 Business Transfers

In the event that Korveln or NullStrike Security is involved in a merger, acquisition, reorganization, bankruptcy, dissolution, or sale of assets, your information may be transferred as part of that transaction. In such cases, we will ensure that the acquiring entity is bound by privacy protections that are at least as protective as those described in this policy, and we will notify you of the transfer and any changes to the handling of your data before the transfer takes effect or as soon as practicable thereafter.

6. Data Retention

6.1 Active Accounts

We retain your data for as long as your account remains active and you continue to use the Service. Your interaction data, network data, imported data, and all derived analytics are maintained continuously to provide the full functionality of the platform. The retention period for your data is not limited by time while your account is active, subject to the storage limitations of your subscription plan (for example, Starter plans retain 7 days of interaction history, Solo plans retain 90 days, and Pro plans and above retain unlimited history).

6.2 Account Deletion

You may delete your account at any time through the Settings page in the dashboard. When you delete your account, all data associated with your account is permanently deleted from our primary databases, including all interaction records, people records, company records, network scan data, imported Apollo data, subscription records, payment records, and scan settings. This deletion is irreversible. Deleted data may persist in encrypted database backups for up to 30 days after deletion, after which it is permanently removed from all backup systems as part of our standard backup rotation cycle. We do not retain any copy of your data after the backup rotation period has elapsed.

6.3 Inactive Accounts

Accounts that remain inactive for an extended period of time (defined as no login activity for 12 consecutive months) may be subject to automatic deletion after we have made reasonable efforts to contact you via email and provide an opportunity to reactivate your account. We will send at least two notifications (at 30 days and 7 days before scheduled deletion) to the email address associated with your account before proceeding with automatic deletion.

7. Data Portability and Export

The Korveln platform is designed as a real-time intelligence system that continuously processes and presents your data within the dashboard interface. Due to the nature of the derived analytics, scoring algorithms, and proprietary processing methods that are integral to the Service, we do not currently offer a self-service data export feature. The relationship scores, warmth metrics, sentiment analyses, network pathfinding results, and other derived insights generated by the platform are the product of proprietary algorithms and processing pipelines that are designed to be consumed within the dashboard interface rather than exported as raw data files.

If you have a specific need related to data portability or if you require a copy of your raw data for compliance purposes, you may contact us at [email protected] and we will work with you to accommodate your request to the extent required by applicable data protection regulations. We are committed to supporting your rights under applicable law while maintaining the integrity and security of our proprietary systems.

8. Cookies and Tracking Technologies

The Korveln website and dashboard use essential cookies and local storage for the purpose of maintaining your authenticated session, remembering your theme preference (dark or light mode), and storing application state necessary for the dashboard to function correctly. These cookies and local storage entries are strictly necessary for the operation of the Service and cannot be disabled without breaking core functionality.

We do not use third-party tracking cookies, retargeting pixels, social media tracking scripts, or any other tracking technologies that monitor your behavior across websites. We do not participate in cross-site tracking or allow third parties to place tracking technologies on our website or application.

9. Children's Privacy

The Korveln Service is designed for professional use and is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18 years of age. If we become aware that we have inadvertently collected personal information from a child under 18, we will take immediate steps to delete that information from our systems. If you believe that a child under 18 has provided us with personal information, please contact us at [email protected] so that we can take appropriate action.

10. International Data Transfers

Korveln operates infrastructure that may be located in jurisdictions outside of your country of residence. By using the Service, you acknowledge and consent to the transfer of your information to facilities and servers located in such jurisdictions. We ensure that any international transfer of data is conducted in compliance with applicable data protection laws and that appropriate safeguards are in place to protect your information during and after the transfer. These safeguards may include standard contractual clauses, adequacy decisions by relevant regulatory authorities, or other legally recognized transfer mechanisms as appropriate.

11. Your Rights Under Applicable Data Protection Laws

Depending on your jurisdiction, you may have certain rights regarding your personal data. These rights may include, but are not limited to:

Right of Access: You have the right to request confirmation of whether we process your personal data and to request a copy of the personal data we hold about you. You can access most of your data directly through the dashboard at any time.

Right to Rectification: You have the right to request correction of any inaccurate personal data we hold about you. Contact information and account details can be updated through your account settings.

Right to Erasure: You have the right to request deletion of your personal data. You can exercise this right by deleting your account through the dashboard Settings page, which will permanently remove all data associated with your account as described in Section 6.2 of this policy.

Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of your data or when you object to processing based on legitimate interests.

Right to Object: You have the right to object to the processing of your personal data for certain purposes. Where you exercise this right, we will cease processing your data for those purposes unless we have compelling legitimate grounds that override your interests, rights, and freedoms.

Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your jurisdiction if you believe that our processing of your personal data violates applicable data protection laws.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days, or within the timeframe required by applicable law, whichever is shorter. We may request verification of your identity before processing your request to ensure the security of your account.

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). These rights include the right to know what personal information we collect, use, and disclose; the right to request deletion of your personal information; the right to opt out of the sale or sharing of your personal information; and the right to non-discrimination for exercising your privacy rights. As stated in Section 5.1 of this policy, we do not sell or share your personal information. We do not use sensitive personal information for purposes beyond what is necessary to provide the Service. California residents may exercise their rights by contacting us at [email protected]. We will not discriminate against you for exercising any of your California privacy rights.

13. European Economic Area and UK (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, our processing of your personal data is governed by the General Data Protection Regulation (GDPR) and the UK GDPR, respectively. Our legal basis for processing your data is the performance of the contract between you and Korveln (i.e., the provision of the Service as described in our Terms of Service) and, in certain cases, our legitimate interests in maintaining the security and integrity of the Service. For any processing that is not covered by these legal bases, we will obtain your explicit consent before proceeding. You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. The data controller for the purposes of GDPR is NullStrike Security, contactable at [email protected].

14. Browser Extension Specific Privacy Practices

The Korveln browser extension operates within the security framework of Chrome Manifest V3 and adheres to all Chrome Web Store developer program policies regarding user data handling. The extension collects data only from supported professional networking platforms and only while you are actively browsing those platforms. The extension does not access your browsing history, bookmarks, downloads, other tabs, file system, camera, microphone, or any other browser functionality beyond what is necessary for its stated purpose. All data captured by the extension is transmitted directly to the Korveln servers over encrypted HTTPS connections and is immediately associated with your authenticated account using row-level security. The extension does not store data locally on your device beyond the minimum necessary for authentication and session management. You can disable or uninstall the extension at any time, which will immediately stop all data collection. Uninstalling the extension does not delete data that has already been transmitted to and stored on Korveln servers. To delete previously collected data, you must use the account deletion feature in the dashboard Settings page.

15. Third-Party Links and Services

The Korveln platform may contain links to third-party websites or services, particularly professional networking profiles and company websites referenced in your contact data. These links are provided for your convenience and informational purposes only. We are not responsible for the privacy practices, content, or security of any third-party websites or services. We encourage you to review the privacy policies of any third-party websites or services before providing your information to them. The inclusion of a link to a third-party website or service does not imply endorsement or affiliation with that website or service by Korveln or NullStrike Security.

16. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. When we make changes, we will update the "Last updated" date at the top of this page and, for material changes, we will notify you via email to the address associated with your account and/or through a prominent notice within the Service. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy. If you do not agree with a revised version of this policy, you should discontinue use of the Service and delete your account.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, your personal data, or our privacy practices, please contact us at:

NullStrike Security
Email: [email protected]
Data Protection Inquiries: [email protected]
Response Time: Within 30 days of receipt

We take every inquiry seriously and are committed to resolving any concerns you may have about the handling of your personal data in a timely and transparent manner.