Delve accused of misleading customers with ‘fake compliance’

An anonymous Substack post accuses compliance startup Delve of misleadingly assuring hundreds of customers of their compliance with privacy and security regulations, risking criminal liability under HIPAA and fines under GDPR. Delve, backed by Y Combinator and valued at $300 million after raising $32 million in Series A funding, refuted these claims on its blog, calling the post misleading and inaccurate. The post, attributed to “DeepDelver,” a former Delve client, claimed Delve leaked a spreadsheet with confidential reports and provided fake compliance evidence, making customers choose between false evidence or manual work. DeepDelver also stated that Delve relies on two audit firms, Accorp and Gradient, alleged to be part of the same operation in India, and accused Delve of structural fraud in compliance processes. Delve denied issuing compliance reports, emphasizing that independent auditors provide final reports. Delve reiterated that templates provided are for documentation, not pre-filled evidence, and stated it is investigating any leaks and reviewing the Substack claims. TechCrunch’s email to Delve bounced, and they have reached out to DeepDelver for further comment.