Delve faces allegations of deceiving customers with fraudulent compliance claims.
Image Credits:Delve
Allegations Against Delve: Compliance Startup Faces Serious Accusations
This week, an anonymous Substack post has brought serious allegations against compliance startup Delve, claiming the company misled “hundreds of customers” into believing they were compliant with crucial privacy and security regulations. The claims suggest that Delve’s actions could expose these customers to significant risks, including criminal liability under HIPAA and hefty fines under GDPR.
Delve’s Background
Delve, a startup backed by Y Combinator, raised $32 million in a Series A funding round last year, valuing the company at $300 million. This round was led by Insight Partners, highlighting the startup’s growth and potential in the compliance automation space. However, the latest accusations threaten to tarnish its reputation.
The Substack Post by “DeepDelver”
The post, attributed to an individual named “DeepDelver,” is said to come from a former client of Delve. In the post, DeepDelver recounted an unsettling experience where they received an email in December indicating a potential data leak of confidential client reports. Despite assurances from Delve’s CEO, Karun Kaushik, that compliance was maintained and no sensitive data had been compromised, DeepDelver and others began questioning the validity of these claims.
The Investigation
With a collective sense of mistrust, DeepDelver and other clients embarked on their investigation. They concluded that Delve’s claims about being the fastest compliance platform were supported by dubious practices, including the generation of fake evidence and the use of “certification mills” that merely rubber-stamped reports.
DeepDelver elaborated on their findings, alleging that Delve provided customers with fabricated evidence of board meetings and processes that never took place. This led many clients to feel they either had to accept this false evidence or engage in manual, labor-intensive work with little to no automation or AI benefits.
Audit Firm Claims
DeepDelver also raised concerns about the audit firms affiliated with Delve, primarily Accorp and Gradient. They asserted that these firms were operating as part of the same organization, largely based in India, with minimal presence in the United States. According to DeepDelver, these audit firms merely rubber-stamped reports produced by Delve, undermining the integrity of the compliance process.
The allegations detail a concerning inversion of the usual compliance framework: Delve was portrayed as both the implementer and examiner, generating auditor conclusions and final reports prior to any independent review. This structure, they argue, amounts to structural fraud that could invalidate the entire compliance attestation.
Misleading Trust Pages
In addition to misleading clients, DeepDelver claimed that Delve was also facilitating public deception by hosting “trust pages” that described security measures that were never actually implemented. DeepDelver noted that while their organization was in discussions with Delve about these issues, the company attempted to placate them by sending multiple boxes of donuts.
Ultimately, DeepDelver’s employer opted to remove its trust page and ceased relying on Delve for compliance, raising serious questions about the startup’s practices.
Delve’s Response
In response to the allegations, Delve issued a statement asserting that they do not provide compliance reports directly. Rather, they describe themselves as an “automation platform” that offers clients access to compliance-related information, which independent, licensed auditors then examine.
Delve maintained that clients can select auditors of their preference or choose from a network of accredited third-party audit firms. Furthermore, they clarified that all final reports and opinions are issued exclusively by these independent auditors, distancing themselves from any responsibility for compliance validation.
Claiming to Provide Templates, Not Fake Evidence
Delve addressed allegations regarding the provision of fake evidence, stating that the company offers templates intended to aid teams in documenting their compliance processes. They emphasized that “draft templates are not the same as ‘pre-filled evidence,'” clearly distinguishing their offerings from the accusations of deception.
Ongoing Investigations and Security Concerns
As part of their protocol, Delve announced that they are actively investigating any possible leaks and are currently reviewing the Substack post’s claims. Additionally, following the original post, a user named James Zhou claimed to have accessed sensitive information from Delve, including employee background checks and equity vesting schedules. This alarming admission was echoed by Jamieson O’Reilly, founder of Dvuln, who discussed purported security gaps within Delve’s system.
Conclusion
The public allegations against Delve have raised serious concerns regarding the startup’s compliance practices and security measures. While Delve has refuted the claims, calling the Substack post misleading, the accusations pose a significant threat to its credibility and the trust of its customers.
As the situation develops, it will be essential to monitor Delve’s ongoing investigations and any further revelations that may surface. TechCrunch has reached out to Delve for additional comments and is closely following the story.
Whether the accusations hold any truth remains to be seen, but they underscore the importance of transparency and accountability in the compliance sector. As more details emerge, both current and prospective clients will certainly watch closely to assess the implications for their own compliance efforts.
Thanks for reading. Please let us know your thoughts and ideas in the comment section down below.
Source link
#Delve #accused #misleading #customers #fake #compliance
About The Author
