Home / Business and Economy / Startup Accused of Faking Compliance
Startup Accused of Faking Compliance
21 Mar
Summary
- Startup Delve allegedly provided fake evidence of compliance.
- Customers claim they were misled about regulatory adherence.
- Delve refutes claims, stating it's an automation platform.
A Y Combinator-backed startup named Delve is currently embroiled in controversy following an anonymous Substack post. The post, authored by 'DeepDelver,' accuses Delve of allegedly "falsely" assuring hundreds of customers about their compliance with privacy and security regulations. This alleged misrepresentation could expose these clients to significant legal and financial penalties, including potential criminal liability under HIPAA and substantial fines under GDPR.
DeepDelver claims that Delve achieves its speed by producing fake evidence and generating auditor conclusions, thereby skipping major framework requirements. The post further asserts that Delve forces customers to choose between adopting fabricated evidence or performing extensive manual work. Additionally, the anonymous source alleges that Delve's clients frequently use specific audit firms, Accorp and Gradient, which are described as part of the same operation primarily based in India, to rubber-stamp reports generated by Delve. This practice, according to the post, constitutes a structural fraud that invalidates compliance attestations.
Delve has publicly responded to the allegations, characterizing the Substack post as "misleading" and containing inaccurate claims. The company denies issuing compliance reports, positioning itself as an "automation platform" that supplies information to independent auditors. Delve stated that final reports and opinions are solely issued by licensed auditors, not by Delve itself. The startup also noted that customers can choose their own auditors or select from Delve's network of accredited third-party firms, which it claims are established and widely used within the industry.
