Effective Date: 1 December 2025
Version: 4.0
Issuing Entity
Superspeed.ai Pty Ltd (ACN 660 530 090), trading as Cushi.app
Parent Governance Entity
Strategic Global Holdings Pty Ltd (ACN 693 256 503), Queensland, Australia
Governing Law
Australia. For contractual matters, Queensland law applies unless otherwise agreed.
Review Cycle
Reviewed at least annually or earlier where required by law or material operational change.
1. PURPOSE
This Statement outlines the governance framework, accountability structure, and risk oversight approach adopted by Superspeed.ai Pty Ltd in operating Cushi.app.
Cushi.app operates primarily under Australian law and maintains governance practices proportionate to the size, nature, and risk profile of its activities.
This Statement does not represent certification under any external governance or security standard unless expressly stated in writing.
2. CORPORATE STRUCTURE
Superspeed.ai Pty Ltd is the operating entity responsible for the Cushi.app platform.
Strategic Global Holdings Pty Ltd is the parent entity providing corporate oversight.
Ultimate executive accountability rests with the Chief Executive Officer of Superspeed.ai Pty Ltd.
Governance responsibilities are allocated internally across operational, privacy, security, and technology functions.
3. ACCOUNTABILITY AND OVERSIGHT
Governance oversight includes:
- Defined executive accountability
- Documented internal policies
- Risk identification and mitigation processes
- Periodic internal review of controls
- Escalation pathways for material issues
Operational decisions are made with reference to legal obligations, risk exposure, and proportionality.
4. RISK MANAGEMENT APPROACH
Cushi.app applies a structured, risk based approach to identifying and managing material risks, including:
- Information security risk
- Privacy and data protection risk
- Operational and service continuity risk
- Third party and supplier risk
- Reputational risk
Risk treatment measures are implemented proportionate to assessed likelihood and impact.
Risk reviews are conducted periodically and when material changes occur.
5. INFORMATION SECURITY GOVERNANCE
Information security governance operates in accordance with the Data Security and Protection Policy.
Controls may include:
- Access management
- Encryption safeguards
- Secure development practices
- Vulnerability identification processes
- Logging and monitoring
- Documented incident response procedures
References to recognised industry frameworks reflect consideration of established guidance and do not constitute certification unless expressly stated.
6. PRIVACY AND DATA GOVERNANCE
Cushi.app processes Personal Information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.
Where services involve individuals in other jurisdictions, additional contractual or regulatory safeguards may apply where legally required.
Privacy governance includes:
- Data minimisation principles
- Defined Controller and Processor roles
- Subprocessor oversight
- Documented breach response procedures
- Mechanisms for responding to lawful data subject requests
7. THIRD PARTY RISK MANAGEMENT
Third party providers are engaged based on operational need and assessed proportionately to risk.
Where third parties process Customer Data, written agreements include confidentiality and data protection obligations.
Ongoing monitoring may occur where appropriate to risk exposure.
8. RESPONSIBLE TECHNOLOGY USE
Artificial intelligence features within Cushi.app are designed to assist with drafting and comprehension.
AI functionality does not replace human accountability or independently create binding outcomes.
Potential privacy and security implications of new features are considered prior to deployment.
9. BUSINESS CONTINUITY
Cushi.app maintains business continuity and recovery procedures proportionate to operational risk.
Backup and restoration processes are implemented to support service continuity.
Absolute service continuity cannot be guaranteed.
10. ETHICAL CONDUCT
Cushi.app expects lawful and ethical conduct from its personnel and leadership.
Internal standards may include:
- Conflict of interest management
- Confidentiality obligations
- Responsible disclosure processes
- Reporting mechanisms for misconduct
Ethical conduct expectations apply across operational and governance activities.
11. STAKEHOLDER ENGAGEMENT
Cushi.app maintains communication channels for customers, regulators, and other stakeholders, including:
- Privacy contact mechanisms
- Security reporting channels
- Customer support processes
Material governance changes may be communicated where appropriate.
12. CONTINUOUS REVIEW
Governance, risk, and compliance practices are reviewed periodically and may be enhanced in response to:
- Legal developments
- Operational experience
- Identified risk exposure
- Technological changes
Enhancements are implemented proportionate to risk and organisational scale.
CONTACT
Superspeed.ai Pty Ltd
Brisbane, Australia
privacy@cushi.app
security@cushi.app
support@cushi.app
VERSION CONTROL AND GOVERNANCE
Version 4.0
Effective 1 December 2025
Approved by Chief Executive Officer, Superspeed.ai Pty Ltd© 2025 Superspeed.ai Pty Ltd (ACN 660 530 090), trading as Cushi.app
Part of the Strategic Global Holdings Pty Ltd group (ACN 693 256 503)