A recent anonymous post on Substack has raised serious accusations against the compliance startup Delve, suggesting that it has misled numerous clients about their compliance status with privacy and security regulations. The allegations suggest that Delve’s practices could expose its customers to potential legal repercussions under HIPAA and significant fines under GDPR.
Delve, a Y Combinator-backed company, secured $32 million in a Series A funding round last year, bringing its valuation to $300 million. In response to the accusations, Delve disputed the claims, labelling the post as misleading and filled with inaccuracies.
Authored by an individual using the pseudonym “DeepDelver,” who claims to have previously worked with Delve, the post outlines concerns regarding the startup’s compliance processes. The writer cites an unsettling incident from December involving a leaked spreadsheet containing confidential client reports. Contrary to assurances from Delve’s CEO about compliance and data safety, DeepDelver and other clients purportedly felt a growing distrust.
The anonymous author described how they, alongside other dissatisfied customers, conducted their own investigation into Delve. Their findings suggested that Delve may be fabricating compliance evidence and erroneously claiming 100% compliance without proper audits. DeepDelver outlined serious allegations, including accusations that Delve delivered counterfeit documentation regarding board meetings and processes, compelling clients to choose between using fabricated evidence or undertaking labor-intensive compliance work.
Moreover, the post claims that Delve’s clients are mainly interacting with two audit firms — Accorp and Gradient — which are described as being intricately linked, primarily operating from India. DeepDelver argues that these firms merely rubber-stamp Delve’s generated reports, undermining the reliability of compliance verifications.
Delve countered these allegations by clarifying that it does not issue compliance reports directly. Instead, the company positions itself as an automation platform that aids in gathering compliance information for independent auditors. They assert that clients are free to select their auditors or utilise Delve’s network of accredited firms. Regarding accusations of providing “fake evidence,” Delve maintains that it merely supplies templates for documentation, differing from the alleged pre-filled evidence.
Despite Delve’s rebuttal, DeepDelver expressed disbelief, suggesting the company is deflecting accountability. They remarked on Delve’s failure to address several critical issues, including assertions related to its structural integrity and claims about AI usage within its operations.
In addition to the Substack post, further concerns were highlighted by an X user who reportedly accessed sensitive information from Delve, including details about employee records, signalling potential security vulnerabilities in the company’s systems.
As the controversy unfolds, DeepDelver has indicated that more revelations will follow, hinting at continued scrutiny of Delve and its practices.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
