Effective Date: 1 December 2025
Version: 2.0
Issuing Entities:
- Strategic Global Holdings Pty Ltd (ACN 693 256 503)
- Superspeed.ai Pty Ltd (ACN 660 530 090), trading as Cushi.ai / Cushi.app
Governance Oversight: Group CEO, Strategic Global Holdings Pty Ltd
Review Cycle: Annual or earlier if required by law or operational change
1. Introduction
This Corporate Governance Statement defines the governance structures, ethical principles, accountability systems, and compliance frameworks used by Superspeed.ai Pty Ltd (Cushi.ai / Cushi.app) to ensure responsible, transparent, and lawful management across domestic and international operations.
2. Governance Framework
- CEO: Provides strategic leadership and organisational oversight.
- Data Protection Lead: Manages privacy compliance and regulatory obligations.
- Security & Compliance: Oversees information security, risk management, and ISO-aligned controls.
- Technology Leadership: Ensures secure architecture, development standards, and operational integrity.
3. Ethical Conduct
Cushi maintains an ethical culture enforced through internal policies including the Code of Conduct, Whistleblower Policy, Responsible Disclosure Policy, Modern Slavery Statement, and Anti-Bribery & Corruption principles. Staff must avoid conflicts of interest and comply with legal and policy obligations.
4. Risk Management
Cushi applies enterprise risk management across security, operational, privacy, supply-chain, reputational, and business continuity areas. Controls align with ISO 27001, ISO 22301, and industry frameworks. High-risk suppliers undergo enhanced due diligence and periodic review.
5. Information Security Governance
Security governance follows the Data Security & Protection Policy, covering encryption, access control, vulnerability management, secure SDLC, logging, monitoring, and incident response in accordance with ISO 27001 and NIST CSF principles.
6. Privacy & Data Governance
Cushi processes Personal Data under the Privacy Act 1988 (APPs), GDPR / UK GDPR, CPRA, PIPL, and LATAM laws. Governance includes lawful basis determination, minimisation, user rights enablement, cross-border safeguards, and subprocessor oversight.
7. Stakeholder Engagement
Cushi engages openly with customers, partners, regulators, suppliers, and users through support, security, and privacy channels. Major updates and governance changes are communicated transparently.
8. ESG & Social Responsibility
Cushi adopts ESG-aligned principles including accessible design, ethical supply chains, modern slavery risk mitigation, environmental consideration, workforce fairness, and responsible AI practices in accordance with OECD and NIST AI RMF.
9. Continuous Improvement
Governance structures, risk controls, privacy frameworks, and security practices are reviewed regularly to reflect legal, technological, and organisational evolution. Internal audits and external assurance may be used to validate compliance.
Annex A – Definitions
Governance: Processes ensuring accountability, transparency, and lawful conduct.
Risk Management: Framework for identifying, assessing, and mitigating risks.
Personal Data: Information about an identifiable individual under applicable laws.
Subprocessor: A third party engaged to process data on behalf of Cushi.
ESG: Environmental, Social, and Governance principles guiding responsible operation.
Version Control, Review & Governance
© 2025 Superspeed.ai Pty Ltd (ACN 660 530 090), trading as Cushi.ai / Cushi.app.
Part of the Strategic Global Holdings Pty Ltd Group (ACN 693 256 503). All rights reserved.
Privacy: privacy@cushi.ai | Security: security@cushi.ai | Support: support@cushi.ai