Drivuum — Road Safety Score Platform

The Problem

Driving assessment across most countries is broken. A driver passes a single test, gets a license, and is never evaluated again — unless they cause an accident. There is no continuous scoring, no centralized record of incidents, and no way for insurance companies to price risk based on actual driving ability rather than age, gender, and postcode.

The data exists in fragments: test centers have evaluation results, police departments have violation and accident records, insurance companies have claims history — but none of it is connected. A driver with three at-fault accidents in one state can move to another and get a clean slate. An insurer has no way to distinguish a genuinely safe driver from one who has simply never been caught.

Drivuum was built to solve this. A single platform that ingests data from every touchpoint in a driver’s lifecycle — structured tests, police records, incidents — and produces a trusted, shareable safety score.

What I Built

A complete cloud platform that connects test centers, drivers, police departments, licensing authorities, and insurance companies around a unified driver safety score.

4-Level Driving Assessment System:

• Level 1 — Theory & Rules: Written examination covering traffic laws, road signs, right-of-way rules, and emergency procedures. Scored digitally at test centers.
• Level 2 — Controlled Environment: Practical driving test in a closed course with standardized obstacles — lane changes, parallel parking, emergency braking, hill starts. Captured by in-vehicle sensors and track-side cameras.
• Level 3 — On-Road Evaluation: Real-world driving test on public roads with an examiner. In-vehicle devices capture speed compliance, lane discipline, signal usage, gap judgments, and reaction times.
• Level 4 — Advanced & Defensive Driving: High-speed maneuvering, wet/low-grip surfaces, night driving, highway merging at speed. This level is optional but significantly boosts the driver score. Captured by specialized devices at advanced test facilities.

Each level feeds structured data into the platform via REST APIs from test center devices.

Test Center Integration:

• Test centers are equipped with specialized IoT devices — in-vehicle telemetry units, track sensors, camera systems, and biometric readers (fingerprint + photo for identity verification)
• Devices push data to the cloud via secure REST APIs in real-time during tests
• Each test session generates a structured payload: driver ID, test level, timestamp, raw sensor readings, examiner notes, pass/fail per criterion, and an overall level score
• Device health monitoring — the platform tracks device heartbeats, firmware versions, and calibration status to ensure data integrity
• Offline buffering — if connectivity drops during a test, devices queue data locally and sync when connection resumes

Driver Score Engine:

• Ingests data from all four test levels, weighted by recency and level difficulty
• Incorporates police records: traffic violations, at-fault accidents, DUI charges, license suspensions
• Incorporates incident records: reported near-misses, road rage complaints, hit-and-run involvement
• Produces a composite score on a 0–1000 scale with letter grades (A+ through F)
• Score decays over time if the driver doesn’t retest — incentivizing periodic reassessment
• Score drops immediately on new violations or incidents, with severity-based penalties
• Full audit trail — every factor that contributed to the score is logged and explainable

Driver Portal:

• Drivers create an account linked to their national ID / license number
• Dashboard showing current score, score history over time, and breakdown by category (test performance, violation history, incident record)
• Detailed view of each test attempt — what they scored, where they lost points, recommendations for improvement
• Score sharing — drivers can generate a verifiable, time-limited score link to share with insurers or employers
• Retest scheduling — book Level 1–4 tests at nearby test centers directly from the portal
• Notifications for score changes, upcoming test appointments, and license renewal reminders

Authority Portal (Government / Licensing Bodies):

• Secure portal for driving authorities to access driver scores and records
• Bulk lookup — search drivers by license number, name, region, or score range
• Aggregate analytics — average scores by region, age group, test center; pass/fail rates per level; trend analysis over time
• Incident dashboard — real-time feed of police-reported violations and accidents, mapped to driver profiles
• License decision support — authorities can use scores as input for license renewals, suspensions, or restrictions
• Data export for policy analysis — CSV/PDF reports for road safety committees
• Score verification API — third parties (employers, fleet companies) can verify a driver’s score with the driver’s consent

Police & Incident Recording:

• Police officers log traffic violations, accidents, and incidents against driver records via a dedicated API
• Structured incident schema: date, location (GPS), severity, type (speeding, DUI, at-fault accident, hit-and-run, reckless driving), officer ID, evidence references
• Accident records include parties involved, fault determination, injury severity, and vehicle damage assessment
• Records are immutable once filed — amendments create new entries referencing the original, maintaining a full audit trail
• Bulk import pipeline for historical records from existing police databases

Insurance Company Portal:

• Insurance companies register as verified partners with role-based access
• Multi-tenant isolation — each insurer sees only the data they are authorized to access
• Driver lookup by license number (with driver consent) returns: current score, score history, violation count by type, accident history, and test completion status
• Risk scoring integration — insurers can pull scores via API into their own underwriting systems
• Portfolio analytics — aggregate views of insured driver pools, score distributions, predicted risk tiers
• Claims correlation — insurers can feed claims data back into the platform to validate and improve the scoring model over time
• Consent management — drivers explicitly grant access to specific insurers, and can revoke at any time

Technical Challenges

• Multi-tenant data isolation — Five distinct stakeholder types (drivers, test centers, police, authorities, insurers) each with different data access levels and privacy requirements. Built a role-based access control system with row-level security in PostgreSQL. Each API endpoint enforces tenant context — an insurer can never see raw police notes, a driver can never see another driver’s data. Consent tokens govern cross-tenant data sharing.

• Device data ingestion at scale — Hundreds of test center devices pushing telemetry simultaneously during peak hours. Built an ingestion pipeline with request validation, deduplication (idempotency keys per test session), and async processing. Raw payloads land in a staging table, get validated and normalized by a worker, then feed into the score engine. Redis queues buffer spikes so the API always responds fast even under load.

• Score calculation complexity — The scoring algorithm weighs dozens of factors: four test levels with different weights, recency decay, violation severity multipliers, incident frequency penalties, and retest bonuses. Built the engine as a deterministic, versioned calculation — every score is tagged with the algorithm version that produced it, so scores can be recalculated if the model improves. Full factor breakdown is stored alongside every score for auditability.

• Data integrity and auditability — Government and insurance use cases demand that records are tamper-evident. All police records and score calculations are append-only. Score history is immutable — you can see every score a driver ever had, what changed, and why. Database triggers prevent updates to sealed records.

• REST API design for heterogeneous clients — Test center devices run embedded firmware with constrained HTTP clients. Police mobile apps run on spotty cellular connections. Insurance platforms expect standard OAuth2 flows. Designed a unified REST API surface with device-friendly endpoints (simple payloads, idempotent retries, offline sync support) alongside full OAuth2/OIDC for web portal integrations.

• Offline resilience — Test centers in rural areas have unreliable internet. Devices buffer test data locally and sync when connectivity returns. The platform handles out-of-order and duplicate submissions gracefully using session-level idempotency and timestamp reconciliation.

Architecture

• Frontend — React single-page application with role-based views. Drivers, authorities, and insurers each get a tailored dashboard after login. Responsive design for desktop and tablet use at test centers.
• API Layer — Node.js + TypeScript REST API. Versioned endpoints (/api/v1/). JWT authentication with role-based middleware. Rate limiting per tenant tier. Request validation with JSON Schema.
• Score Engine — Standalone service that consumes test results, police records, and incident data. Runs the scoring algorithm and publishes score change events. Versioned algorithm with full factor audit logs.
• Device Gateway — Dedicated ingestion endpoint for test center devices. Handles authentication via device certificates, payload validation, deduplication, and async handoff to the processing pipeline.
• Database — PostgreSQL with row-level security policies per tenant type. Separate schemas for driver profiles, test results, police records, scores, and insurance access logs. Append-only tables for audit-critical data.
• Cache & Queues — Redis for session caching, score caching (drivers check their score frequently), and job queues for async processing (score recalculation, bulk imports, report generation).
• Infrastructure — AWS deployment. Docker containers on ECS. RDS for PostgreSQL. ElastiCache for Redis. CloudWatch for monitoring and alerting. S3 for evidence file storage (photos, videos from test center cameras).
• Integrations — REST APIs for test center devices (inbound), authority verification APIs (outbound), insurance platform APIs (outbound with consent tokens), police record import pipeline (batch + real-time).

Results & Impact

• Unified driver scoring — For the first time, test performance, police records, and incident history feed into a single, auditable score that all stakeholders trust
• Insurance risk pricing — Insurers can price policies based on actual driving ability and history rather than demographic proxies, rewarding genuinely safe drivers with lower premiums
• Government visibility — Licensing authorities get real-time dashboards on driver competency across regions, enabling data-driven road safety policy
• Driver accountability — Drivers see exactly where they stand, what dragged their score down, and what they can do to improve — creating a feedback loop that incentivizes safer driving
• Test center modernization — Standardized device integration means test centers produce consistent, comparable data regardless of location
• Sole architect and developer — Designed and built the entire platform end-to-end: data model, scoring engine, multi-tenant API, all four portals, device integration, and cloud infrastructure

Stack Deep Dive

• Node.js + TypeScript for the API layer and score engine — type safety critical for a system where calculation errors have real-world consequences
• React for all portal frontends — driver, authority, insurance, and admin views share a component library but render role-specific dashboards
• PostgreSQL with row-level security for multi-tenant data isolation — each query is scoped to the authenticated tenant automatically
• Redis for caching frequently-accessed scores and buffering device data ingestion spikes
• AWS (ECS, RDS, ElastiCache, S3, CloudWatch) for managed infrastructure with high availability
• REST API design with JSON Schema validation, idempotency keys, and OAuth2/OIDC for partner integrations
• Docker for consistent deployment across environments
• IoT device integration via certificate-authenticated REST endpoints with offline buffering support