Effective Date: 1 December 2025
Version: 2.1
Issuing Entity
Superspeed.ai Pty Ltd (ACN 660 530 090), trading as Cushi.app
Parent Governance Entity
Strategic Global Holdings Pty Ltd (ACN 693 256 503), Queensland, Australia
Governance Oversight
Group CEO, Strategic Global Holdings Pty Ltd
Review Cycle
Reviewed at least annually or earlier where required by law or material operational change
1. PURPOSE AND LEGAL FRAMEWORK
This Privacy Policy explains how Superspeed.ai Pty Ltd collects, uses, stores, discloses, and protects personal information.
Cushi operates primarily under Australian law and complies with the Privacy Act 1988 (Cth), including the Australian Privacy Principles.
Where Cushi provides services to individuals or organisations located outside Australia, we design our privacy practices with reference to major international data protection frameworks where applicable. Additional safeguards may apply depending on the jurisdiction of the relevant Customer or user.
2. WHO WE ARE
Cushi provides governance infrastructure designed to record acknowledged instruction before work begins. Artificial intelligence functionality assists users with drafting and comprehension but does not replace human acknowledgement.
For the purposes of Australian privacy law, Superspeed.ai Pty Ltd is the entity responsible for personal information collected through its services.
3. SCOPE
This Policy applies to:
- Visitors to Cushi websites
- Users of Cushi web and mobile applications
- Customer administrators and team managers
- Customer end users
- Prospective customers
- Vendors and business partners
4. CONTROLLER AND PROCESSOR ROLES
4.1 Controller
When we determine the purposes and means of processing personal information, including for account management, billing, security, analytics, and direct communications.
4.2 Processor
When we process personal information on behalf of a Customer under a written agreement, including operational records, workflow data, onboarding data, and uploaded content.
Processor responsibilities are governed by our Data Processing Addendum and contractual terms.
Customers remain responsible for ensuring they have a lawful basis to provide personal information to Cushi.
5. PERSONAL INFORMATION WE COLLECT
We may collect:
5.1 Account Information
Name, email address, role, login credentials.
5.2 Organisation Information
Information provided by Customer organisations relating to their personnel or members.
5.3 Usage Information
Log data, device information, IP address, access timestamps, and system interaction data.
5.4 Payment Metadata
Limited billing information. Cushi does not store full payment card details where third party payment providers are used.
5.5 Support Communications
Information provided in support requests and correspondence.
5.6 Sensitive Information
Cushi does not intentionally collect sensitive information unless uploaded by a Customer in the course of using the service. Where such data is processed, the Customer is responsible for ensuring a lawful basis exists.
6. HOW WE COLLECT INFORMATION
Information may be collected through:
- Direct user input
- Customer account provisioning
- Automated system logging
- Cookies and similar technologies
- Integrated third party services authorised by Customers
7. PURPOSES OF PROCESSING
We use personal information to:
- Provide and maintain the service
- Authenticate users and manage access
- Maintain system security
- Detect fraud or misuse
- Provide customer support
- Meet legal and regulatory obligations
- Communicate service related information
Where required by law, we rely on appropriate legal bases including contractual necessity, legitimate interests, consent, or legal obligation.
Where we rely on legitimate interests, we assess and balance those interests against individual rights.
8. COOKIES AND TRACKING
Cushi uses cookies and similar technologies for authentication, security, performance monitoring, and analytics.
Non essential cookies are deployed in accordance with applicable legal requirements. Further information is available in our Cookie Notice.
9. DISCLOSURE OF PERSONAL INFORMATION
We may disclose personal information to:
- Customer administrators in accordance with Customer instructions
- Cloud hosting providers and subprocessors under written contractual safeguards
- Professional advisers including legal and accounting advisers
- Regulators or authorities where required by law
- A successor entity in connection with a corporate transaction, subject to equivalent privacy protections
Cushi does not sell personal information for targeted advertising.
10. INTERNATIONAL TRANSFERS
Personal information may be stored or processed outside Australia, including in jurisdictions where our service infrastructure or subprocessors operate.
Where personal information is transferred internationally, we implement safeguards appropriate to the relevant jurisdiction, which may include contractual protections or equivalent measures designed to ensure comparable protection to Australian privacy standards.
Customers may request additional information regarding international transfers.
11. DATA RETENTION
Personal information is retained only as long as reasonably necessary for:
- Service delivery
- Compliance with legal obligations
- Dispute resolution
- Security monitoring
Where Cushi acts as Processor, retention is governed by Customer instructions and contractual terms.
We securely delete or de identify information when no longer required.
12. SECURITY MEASURES
Cushi implements technical and organisational safeguards proportionate to the sensitivity of the information processed. These include:
- Encryption in transit
- Access controls and role based permissions
- Multi factor authentication for administrative access
- System logging and monitoring
- Secure development practices
- Vulnerability management processes
No system can guarantee absolute security. However, we take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure.
13. DATA BREACH RESPONSE
Cushi maintains documented incident response procedures.
Where a data breach is likely to result in serious harm, we comply with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth), including notification to affected individuals and the Office of the Australian Information Commissioner where required.
Where applicable, additional jurisdiction specific obligations may apply.
14. AUTOMATED DECISION MAKING
Cushi does not use automated decision making that independently produces legal or similarly significant effects.
Artificial intelligence features assist users with drafting and comprehension but do not independently determine rights, obligations, or binding outcomes.
15. CHILDREN’S INFORMATION
Cushi does not knowingly collect personal information directly from children without appropriate authorisation.
Where Customers use the service in environments involving minors, Customers are responsible for ensuring appropriate consent or lawful authority has been obtained.
Cushi processes such information only in accordance with Customer instructions and applicable law.
Legal review is recommended where services are deployed in child related environments.
16. YOUR RIGHTS
Individuals may request:
- Access to personal information
- Correction of inaccurate information
- Deletion where legally permissible
- Restriction of processing in certain circumstances
- Withdrawal of consent where processing relies on consent
Requests may be directed to privacy@cushi.app.
If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner at www.oaic.gov.au.
If you are located outside Australia, you may have additional rights under local law.
17. CHANGES TO THIS POLICY
We may update this Policy to reflect legal, technical, or operational changes.
Material changes will be communicated through appropriate channels, including website updates or direct notification where required.
CONTACT DETAILS
Privacy Officer
Superspeed.ai Pty Ltd
Email: privacy@cushi.app
Security matters: security@cushi.app
Support: support@cushi.app
COPYRIGHT AND GOVERNANCE
© 2025 Superspeed.ai Pty Ltd (ACN 660 530 090)
Part of the Strategic Global Holdings Pty Ltd group (ACN 693 256 503)