Delve accused of misleading customers with ‘fake compliance’

Core Insights - An anonymous Substack post accuses compliance startup Delve of misleading customers about their compliance with privacy and security regulations, potentially exposing them to legal liabilities under HIPAA and GDPR [2] - Delve, a Y Combinator-backed startup, raised $32 million in Series A funding last year at a valuation of $300 million [2] Allegations of Misconduct - The anonymous author, known as "DeepDelver," claims that Delve provided fabricated evidence of compliance, including fake board meeting records and test results, while misleading clients about their compliance status [4] - DeepDelver reported that Delve's clients were pressured to choose between using fake evidence or performing manual compliance work with limited automation [4] - The post alleges that Delve's clients have been audited by two firms, Accorp and Gradient, which are described as part of the same operation, primarily based in India [4] Structural Issues in Compliance - DeepDelver argues that Delve inverts the typical compliance structure by generating auditor conclusions and reports before any independent review, which constitutes structural fraud [5] - This practice is said to invalidate the entire attestation process, raising serious concerns about the integrity of Delve's compliance claims [5]