Draiv

AI EV road trips

Transparency

How Draiv works, out in the open.

A public-benefit reliability index only works if people trust where the signals come from. This page documents our independence policy, data limits, moderation, and privacy posture in plain English.

Independence policy

Draiv is editorially independent.

  • Draiv is operated as a public-benefit initiative of the Aisaiah Foundation.
  • No charging network, vehicle manufacturer, hotel chain, or advertiser has paid for placement on this site. There is no "sponsored stop" tier and we will not introduce one.
  • Future partnerships (e.g. an OEM data feed) will be disclosed on this page before they ship.
Reliability score independence

Operators cannot pay to change their score.

  • The Community Reliability Index is computed from driver-submitted reports using the documented formula on the methodology page.
  • There is no manual override path that a charging operator could pay or appeal into. Reports go in, the formula runs, the score comes out.
  • Operators who believe their score is inaccurate can report bugs in the same way drivers do — through the public reporting mechanism on the affected stops. We do not adjust scores out-of-band.
Sponsor independence

If we ever take sponsorships, they won't bias the data.

  • Draiv's core trip planner is free and ad-free. We don't plan to introduce ads on charging stops, the reliability index, or the learning center.
  • Any future revenue (premium fleet routing, affiliate hotel partnerships, Foundation programs) will be disclosed on this page and clearly labeled in-product where it appears.
  • Sponsorship will never move a station's Confidence Score, change its place in the Reliability Index, or hide negative community reports.
Data limitations

What Draiv knows, and what it doesn't.

  • Station identity (where chargers are): Open Charge Map directory — community-curated, public. Real station names, addresses, networks, connector types, and max kW where published.
  • Live stall availability: NOT connected for most networks. The OCM Directory provider gives a low-confidence "operational" signal where OCM has it; the Electrify America provider is a documented stub because EA does not publish a stable public availability endpoint and we don't scrape private APIs.
  • Routing: Google Directions when a key is configured; great-circle approximation when it's not.
  • Weather: OpenWeather per-leg sampling when a key is set; neutral 1.0 multiplier otherwise.
  • Community reports: Driver-submitted, informational, rate-limited to one report per user per station per 6 hours. Aggregated over a 30-day window.
  • Every plan's Trust Layer card shows which of these are real vs. falling back to mock for that specific trip.
Community moderation

How community reports are kept honest.

  • Reports require an authenticated account (magic-link email). Anonymous spam is not possible.
  • Server-side rate limit: one report per station per user per 6 hours, enforced in the API route — not just the UI.
  • Confidence Score adjustments from community reports are capped: +0.05 maximum from positive reports, −0.10 maximum from negative reports. Reports are signal, not authority — they nudge the score, they can't dominate it.
  • Reports older than 30 days drop out of the recent-signal counts. They still count in the lifetime total.
  • We reserve the right to remove reports that violate community standards (harassment, defamation, doxxing). A formal moderation policy will live on this page before the public beta.
Privacy principles

What we do — and don't — store.

  • We store: your email (for magic-link sign-in), your saved trips, your profile defaults, and the community reports you submit.
  • We don't store: location history outside of planned trips, payment information, advertising identifiers, or any third-party tracking pixels.
  • Public reads are anonymous: the public reliability index aggregates community reports without exposing your account, email, or any identifier. The reports API explicitly strips user_id from public responses, enforced by a static-source guard test that blocks the column ever being re-added.
  • Security headers: Draiv ships a baseline CSP plus HSTS, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and X-Frame-Options DENY. The CSP is intentionally not a strict nonce-based policy — the Google Maps JS SDK and Next.js streaming RSC both need 'unsafe-inline' on script-src. We mention this here so "security headers shipped" isn't overclaimed.
  • Row Level Security: Supabase RLS prevents anyone from reading another user's trips, profile, or saved places. Community reports are public-read by design (so the reliability index can render without an account) but owner-only for edit/delete.
  • Account deletion: log out, then email us. A self-serve "Delete my account" button is on the Phase 8 punch list.

Spot something wrong?

File an issue at our repo, or email [email protected]. Transparency improvements are the highest-priority bugs.