Concerns are rising over compliance startup Delve, following allegations of misleading hundreds of clients regarding their adherence to privacy laws like HIPAA and GDPR. An anonymous post on Substack, authored by a user named DeepDelver, claims that Delve has potentially exposed its customers to significant legal risks by falsely assuring them of compliance.
Delve, a startup backed by Y Combinator that secured a $32 million Series A funding round last year, responded to the accusations by labeling the Substack post as “misleading” and filled with inaccuracies. In December, the startup reportedly faced allegations of leaking confidential client information, which prompted concern among its clients.
According to DeepDelver, customers have become increasingly suspicious of Delve’s practices, suggesting that the company fabricates compliance evidence and relies on audit firms, Accorp and Gradient, to merely endorse its claims without thorough verification. The post describes how clients are pressured to choose between accepting false documentation or undertaking significant manual work to achieve actual compliance.