Delve, a compliance automation startup backed by Y Combinator, has quietly removed the “book a demo” option from its website as questions swirl around how its platform helps customers meet popular security and privacy standards.
The change comes after an anonymous whistleblower writing under the name “DeepDelver” published a detailed Substack post accusing Delve of fabricating compliance-related materials for clients. The whistleblower claims to be a former customer and alleges the company created evidence for things like board meetings, tests, and internal processes that “never happened,” then left customers with what they described as an unfair choice: accept questionable documentation or fall back on mostly manual compliance work with limited real automation.
Adding to the scrutiny, Insight Partners has reportedly removed an online article that previously explained its decision to invest $32 million in Delve. The post, authored by Insight Partners managing directors and focused on Delve’s approach to “AI-native compliance,” is no longer available in its original location, a move that has fueled speculation that investors may be trying to reduce their visibility amid the controversy. Delve’s founders and the investment firm were not immediately available for comment in the report that brought the situation to wider attention.
Delve, founded in 2023, positions itself as an AI-driven platform meant to streamline the path to widely used certifications and regulatory frameworks such as SOC 2, HIPAA, and GDPR. These standards are central to how modern businesses prove they can protect sensitive data, safeguard health information, and meet European privacy requirements. For startups and fast-growing companies especially, these audits can be time-consuming, expensive, and operationally disruptive—exactly the pain point compliance automation vendors promise to solve.
On its site, Delve has claimed it helped well-known organizations reduce “hundreds of hours” of compliance busywork, naming major brands and companies in financial services and tech among its customers. However, it’s unclear how many of those logos represent current, active users of the platform today.
The whistleblower’s allegations go beyond shortcuts or aggressive templating. According to the post, Delve’s platform allegedly “rubber-stamps” reports rather than ensuring a meaningful second layer of independent review—an especially serious claim in an industry where credibility depends on outside auditors verifying controls, policies, and evidence.
Delve has pushed back on these accusations. The company says it does not issue compliance reports and instead operates as an automation platform that collects and organizes compliance information, then gives auditors access to review that data. Delve also states that customers can work with an auditor of their choosing or select from Delve’s network of independent, accredited third-party audit firms, which it describes as established firms used broadly across the industry.
As for the charge that it provides “fake evidence,” Delve argues it offers templates designed to help teams document their processes in ways that meet compliance requirements—something it says is standard across compliance platforms.
Even with those denials, the timing of the disabled demo request feature—and the disappearance of a major investor’s public write-up—has intensified the perception that Delve is managing fallout. For companies shopping for SOC 2, HIPAA, or GDPR support, the episode is a reminder to look closely at where “automation” ends and where verified, auditor-reviewed evidence must begin. In compliance, trust is the product—so any suggestion that documentation is being manufactured rather than validated can quickly become an existential problem for a fast-growing startup.
