Effective Date: 1 December 2025
Version: 4.0
Issuing Entity
Superspeed.ai Pty Ltd (ACN 660 530 090), trading as Cushi.app
Parent Governance Entity
Strategic Global Holdings Pty Ltd (ACN 693 256 503), Queensland, Australia
Review Cycle
Reviewed at least annually or earlier where required by law or material operational change.
1. PURPOSE
This document outlines the security governance approach adopted by Superspeed.ai Pty Ltd in operating Cushi.app.
Cushi.app operates primarily under Australian law and implements security measures proportionate to its size, operational model, and risk profile.
This document does not constitute certification under any external security standard unless expressly stated in writing.
2. GOVERNANCE STRUCTURE
Ultimate accountability for security governance rests with the Chief Executive Officer of Superspeed.ai Pty Ltd.
Operational responsibility for security and privacy is allocated across designated internal roles within technology, risk, and compliance functions.
Security governance includes:
- Documented policies and procedures
- Defined internal accountability
- Risk based decision making
- Periodic review of control effectiveness
3. SECURITY CONTROL APPROACH
Cushi.app applies a layered security approach that may include:
3.1 Identity and Access Management
- Role based access controls
- Multi factor authentication for privileged access
- Access provisioning and deprovisioning processes
3.2 Data Protection
- Encryption of data in transit
- Encryption of stored data where appropriate
- Controlled access to sensitive systems
3.3 Infrastructure Security
- Use of reputable cloud infrastructure providers
- Logical separation of environments
- Network access controls
3.4 Application Security
- Secure development practices
- Code review processes
- Vulnerability identification measures
3.5 Monitoring and Response
- Logging of relevant system activity
- Monitoring for security events
- Documented incident response procedures
Specific technologies and configurations may evolve over time.
4. RISK MANAGEMENT
Cushi.app applies a risk based approach to identifying and mitigating security risks.
This includes:
- Assessment of material operational and data protection risks
- Implementation of controls proportionate to identified risks
- Periodic reassessment and improvement
Risk management is integrated into broader organisational governance processes.
5. THIRD PARTY DEPENDENCIES
Cushi.app relies on third party infrastructure and service providers for certain operational functions.
Where third parties process Customer Data:
- Contractual safeguards are implemented
- Data protection and confidentiality obligations are documented
Cushi.app cannot guarantee the security posture of independent third party infrastructure beyond reasonable contractual arrangements.
6. INCIDENT MANAGEMENT
Cushi.app maintains documented procedures to respond to security incidents.
In the event of a confirmed incident affecting Personal Information:
- The incident will be assessed
- Containment and remediation measures will be implemented
- Notification obligations will be evaluated in accordance with applicable law and contractual commitments
7. DATA PROTECTION AND PRIVACY
Personal Information is handled in accordance with the Privacy Policy and Data Processing and Liability Boundaries document.
Cushi.app operates primarily under the Privacy Act 1988 (Cth).
Where services involve individuals outside Australia, additional safeguards may apply where legally required.
8. CERTIFICATION POSITION
Cushi.app may consider pursuing formal security certifications as the organisation scales and where commercially appropriate.
Until such certification is formally achieved and publicly confirmed, references to recognised standards reflect internal consideration of industry guidance only.
9. CONTINUOUS REVIEW
Security governance practices are reviewed periodically and may be enhanced in response to:
- Legal developments
- Operational experience
- Emerging threats
- Infrastructure changes
Enhancements are implemented proportionate to organisational scale and risk exposure.
CONTACT
Superspeed.ai Pty Ltd
Brisbane, Australia
security@cushi.app
privacy@cushi.app
VERSION CONTROL AND GOVERNANCE
Version 4.0
Effective 1 December 2025
Approved by Chief Executive Officer, Superspeed.ai Pty Ltd© 2025 Superspeed.ai Pty Ltd (ACN 660 530 090), trading as Cushi.app
Part of the Strategic Global Holdings Pty Ltd group (ACN 693 256 503)