An unnamed Substack article released this week charges the conformity startup Delve with “deceptively” assuring “countless clients of their compliance” with data protection and security rules, potentially subjecting these clients to “penal responsibility under HIPAA and substantial penalties under GDPR.”
Delve, a startup supported by Y Combinator, disclosed last year that it had secured $32 million in Series A funding, valuing the company at $300 million. (Insight Partners spearheaded this financing round.) On Friday, the company sought to rebut the allegations on its blog, labeling the Substack entry as “deceptive” and asserting it “presents several erroneous assertions.”
The Substack publication is attributed to “DeepDelver,” who identified themselves as an employee of a (now former) Delve client.
DeepDelver narrated receiving an email in December alleging that the startup had “disclosed a spreadsheet containing private client reports.” Although Delve CEO Karun Kaushik seemingly guaranteed clients in a follow-up email that they were compliant and that no outside entity accessed confidential information, DeepDelver stated that they and other clients grew doubtful.
“Given our collective dissatisfaction with the Delve service, and sensing that something amiss was occurring, we opted to combine our efforts and probe into the matter collaboratively,” they penned.
Their finding? That Delve “fulfills its assertion of being the swiftest platform through the creation of spurious evidence, formulating auditor judgments for certification factories that merely approve reports, and bypassing significant framework mandates while informing clients of their complete adherence.”
DeepDelver elaborated extensively on these allegations, charging the startup with supplying clients with “concocted proof of board gatherings, examinations, and procedures that never took place,” subsequently compelling those clients to “select between utilizing counterfeit evidence or executing largely manual tasks with minimal genuine automation or artificial intelligence.”
Techcrunch event
San Francisco, CA
|
October 13-15, 2026
DeepDelver further asserted that nearly all of Delve’s clients appear to have engaged with two auditing entities, Accorp and Gradient, which they characterized as “components of a unified enterprise,” largely functioning in India, with only a token presence in the United States.
These companies, they stated, are simply endorsing reports created by Delve. Consequently, DeepDelver remarked that the startup “reverses” the standard compliance framework: “By devising auditor judgments, testing protocols, and ultimate reports prior to any impartial assessment, Delve positions itself as both the executor and the evaluator. This is not a triviality; it represents a systemic deception that nullifies the complete certification.”
Beyond accusing Delve of deceiving its clientele, DeepDelver mentioned the startup assists these clients in “misrepresenting facts to the public by hosting credibility pages showcasing security protocols that were never put into practice.”
Regarding its own association with Delve, DeepDelver stated that their firm has taken down its trust page and no longer depends on the startup for adherence to regulations.
Delve countered the allegations by asserting it does not release compliance reports whatsoever. Rather, it functions as an “automation platform” that processes data concerning compliance, subsequently granting auditors access to such details.
“Concluding reports and assessments are exclusively issued by autonomous, certified auditors, not by Delve,” the corporation declared.
Delve further explained that its clients “have the option to collaborate with an auditor of their preference or choose one from Delve’s consortium of autonomous, recognized third-party auditing companies.” These entities, the startup affirmed, are “well-known firms widely utilized throughout the sector, even by competing compliance platforms.”
Addressing the charge of supplying clients with “spurious evidence,” Delve rebutted by stating it merely furnishes “frameworks to aid teams in recording their procedures in line with compliance mandates, mirroring practices of other conformity platforms.”
“Provisional templates do not equate to ‘pre-populated evidence’,” the firm articulated.
Delve further mentioned that it is “diligently probing any disclosures” and is “currently examining the Substack content.”
TechCrunch dispatched an electronic mail requesting further commentary to the media relations address provided on Delve’s web portal; the message was undeliverable. We have also contacted DeepDelver for more input.
{content}
Source: {feed_title}