An nameless Substack submit printed this week accuses compliance startup Delve of “falsely” convincing “a whole lot of consumers they had been compliant” with privateness and security rules, doubtlessly exposing these prospects to “prison legal responsibility beneath HIPAA and hefty fines beneath GDPR.”
Delve is a Y Combinator-backed startup that final 12 months introduced elevating a $32 million Sequence A at a $300 million valuation. (The spherical was led by Perception Companions.) On Friday, the startup tried to refute the accusations with on its weblog, calling the Substack submit “deceptive” and saying it “accommodates a lot of inaccurate claims.”
The Substack submit is credited to “DeepDelver,” who described themselves as working at a (now former) Delve shopper.
DeepDelver recounted receiving an e-mail in December claiming the startup had “leaked a spreadsheet with confidential shopper reviews.” Whereas Delve CEO Karun Kaushik apparently assured prospects in a subsequent e-mail that they had been in compliance and that no exterior celebration gained entry to delicate knowledge, DeepDelver mentioned they and different prospects had turn into suspicious.
“Having the shared expertise of being underwhelmed with the Delve expertise, and having the general sense that one thing fishy was occurring, we determined to pool assets and examine collectively,” they wrote.
Their conclusion? That Delve “achieves its declare of being the quickest platform by producing faux proof, producing auditor conclusions on behalf of certification mills that rubber stamp reviews, and skipping main framework necessities whereas telling purchasers they’ve achieved 100% compliance.”
DeepDelver went into appreciable element about these claims, accusing the startup of offering prospects with “fabricated proof of board conferences, exams, and processes that by no means occurred,” then forcing these prospects to “select between adopting faux proof or performing largely guide work with little actual automation or AI.”
Techcrunch occasion
San Francisco, CA
|
October 13-15, 2026
DeepDelver additionally claimed that just about all of Delve’s purchasers appear to have gone by means of two audit corporations, Accorp and Gradient, which they described as “a part of the identical operation,” one which operates primarily in India, with solely a nominal presence in the USA.
These corporations, they mentioned, are simply rubber-stamping reviews that had been generated by Delve. In consequence, DeepDelver mentioned the startup “inverts” the conventional compliance construction: “By producing auditor conclusions, check procedures, and last reviews earlier than any impartial assessment happens, Delve locations itself within the function of each implementer and examiner. This isn’t a technicality. It’s a structural fraud that invalidates your complete attestation.”
Along with accusing Delve of deceptive its prospects, DeepDelver mentioned the startup helps these prospects “mislead the general public by internet hosting belief pages that include security measures that had been by no means carried out.”
As for its personal relationship with Delve, DeepDelver mentioned their firm has unpublished its belief web page and not depends on the startup for compliance.
Delve responded to the accusations by saying it doesn’t problem compliance reviews in any respect. As a substitute, it’s an “automation platform” that ingests details about compliance, then offers auditors with entry to that data.
“Closing reviews and opinions are issued solely by impartial, licensed auditors, not Delve,” the corporate mentioned.
Delve additionally mentioned that its prospects “can decide to work with an auditor of their selecting or decide to work with one from Delve’s community of impartial, accredited third-party audit corporations.” These corporations, the startup mentioned, are “established corporations used broadly throughout the business, together with by different compliance platforms.”
In response to the accusation that it’s offering prospects with “faux proof,” Delve countered that it’s merely providing “templates to assist groups doc their processes in accordance with compliance necessities, as do different compliance platforms.”
“Draft templates usually are not the identical as ‘pre-filled proof,” the corporate mentioned.
Delve added that it’s “actively investigating any leaks” and is “nonetheless reviewing the Substack.”
information.killnetswitch despatched an e-mail looking for extra remark to the media contact handle listed on Delve’s web site; the e-mail bounced. We have now additionally reached out to DeepDelver for extra remark.
