How does Delve respond to the allegations of fake evidence?

Delve denies the accusations, stating that the Substack post is misleading and that it operates as an automation platform, not an issuer of compliance reports. The company claims it provides templates to help document processes.

What are the potential consequences for Delve's customers mentioned in the claims?

Customers are allegedly at risk of criminal liability under HIPAA and hefty fines under GDPR due to being misled about their regulatory compliance.

Home / Business and Economy / Startup Accused of Faking Compliance

Startup Accused of Faking Compliance

Q: What are the main accusations against the compliance startup Delve?

The compliance startup Delve is accused of falsely assuring customers about their compliance with privacy and security regulations, potentially by fabricating evidence and skipping major framework requirements.

21 Mar

•

Summary

Startup Delve allegedly provided fake evidence of compliance.
Customers claim they were misled about regulatory adherence.
Delve refutes claims, stating it's an automation platform.

A Y Combinator-backed startup named Delve is currently embroiled in controversy following an anonymous Substack post. The post, authored by 'DeepDelver,' accuses Delve of allegedly "falsely" assuring hundreds of customers about their compliance with privacy and security regulations. This alleged misrepresentation could expose these clients to significant legal and financial penalties, including potential criminal liability under HIPAA and substantial fines under GDPR.

DeepDelver claims that Delve achieves its speed by producing fake evidence and generating auditor conclusions, thereby skipping major framework requirements. The post further asserts that Delve forces customers to choose between adopting fabricated evidence or performing extensive manual work. Additionally, the anonymous source alleges that Delve's clients frequently use specific audit firms, Accorp and Gradient, which are described as part of the same operation primarily based in India, to rubber-stamp reports generated by Delve. This practice, according to the post, constitutes a structural fraud that invalidates compliance attestations.