Delve accused of misleading customers with ‘fake compliance’

An anonymous Substack post published this week accuses compliance startup Delve of falsely convincing hundreds of customers they were compliant with privacy and security regulations, potentially exposing those customers to criminal liability under HIPAA and hefty fines under GDPR.

Delve is a Y Combinator-backed startup that last year raised a $32 million Series A at a $300 million valuation, led by Insight Partners. The post, credited to “DeepDelver” and written by someone who says they worked at a (now former) Delve client, recounts receiving an email in December about a leaked spreadsheet.

DeepDelver says Delve CEO Karun Kaushik later assured customers they were in compliance and that no external party gained access to sensitive data, but that multiple clients became suspicious and pooled resources to investigate.

delve, compliance, privacy, security, hipaa, gdpr, karun kaushik, y combinator, series a, insight partners