Effective Date: 1 December 2025
Version: 2.0
Issuing Entities:
- Strategic Global Holdings Pty Ltd (ACN 693 256 503)
- Superspeed.ai Pty Ltd (ACN 660 530 090), trading as Cushi.ai / Cushi.app
Governance Oversight: Group CEO, Strategic Global Holdings Pty Ltd
Review Cycle: Annual or earlier if required by law or operational change
1. PURPOSE
This Whistleblower Policy establishes safe, confidential, and protected channels for reporting misconduct. It aligns with:
• Corporations Act 2001 (Cth) Part 9.4AAA
• ASIC Regulatory Guide 270
• Fair Work Act 2009
• Australian Privacy Act 1988 (APPs)
• Global standards including UK FCA expectations, EU Whistleblowing Directive principles, U.S. SEC/DOJ whistleblower norms, Singapore PDPA duties.
Cushi commits to providing protections equal to or greater than those required under any jurisdiction where we operate or where the alleged misconduct has effect.
2. SCOPE
Eligible whistleblowers include employees, contractors, suppliers, former staff, volunteers, and their relatives or dependants.
3. DISCLOSABLE MATTERS
Protected disclosures include:
• breaches of law, fraud, bribery, corruption
• harassment, discrimination, bullying, victimisation
• data misuse, cybersecurity breaches, privacy violations
• risks to health, safety, environment, or the public
• unethical behaviour or conflicts of interest
• systemic wrongdoing or governance failures
Personal employment grievances are excluded unless part of systemic wrongdoing or victimisation.
4. PROTECTIONS FOR WHISTLEBLOWERS
4.1 Confidentiality
Identity cannot be disclosed without consent except to regulators, courts, or legal advisers.
4.2 Protection From Detriment
Prohibited actions include dismissal, demotion, threats, intimidation, reputational damage, discrimination, or adverse treatment.
4.3 Immunity
No civil, criminal, or administrative liability applies for making a protected disclosure.
5. REPORTING CHANNELS
Protected disclosures may be made to:
• whistleblower@cushi.ai
• CEO: ceo@cushi.ai
• Data Protection Lead: privacy@cushi.ai
External Reporting (Australia):
• ASIC, APRA, AFP, qualified legal practitioners
International Reporting:
Whistleblowers may report directly to:
• UK regulators (FCA, HMRC)
• EU national authorities under the EU Whistleblowing Directive
• U.S. regulators (SEC, DOJ, CFPB)
• Singapore PDPC
• Other equivalent regulators in countries where Cushi operates or where harm occurs.
6. HANDLING OF DISCLOSURES
• Acknowledgement within 7 days (where contact details provided)
• Preliminary assessment of protection status
• Fair, confidential investigation by authorised personnel
• Findings communicated as permitted
• Corrective actions initiated where required
7. SUPPORT & PROTECTION MEASURES
Cushi may provide:
• counselling referrals
• workload reallocation or flexible arrangements
• safety planning
• active monitoring for victimisation
8. FALSE OR MALICIOUS REPORTS
Deliberately false reports may lead to appropriate action. Genuine mistakes remain protected.
9. ROLES & RESPONSIBILITIES
CEO: oversight, resources, governance compliance
Data Protection Lead: identity protection, secure handling
Security & Compliance: investigative support
All staff: cooperation, ethical conduct
10. RECORD KEEPING & PRIVACY
Records stored securely in compliance with APPs and global privacy laws. Identifying information is minimised or redacted where possible. Records retained for seven years.
11. REVIEW OF THIS POLICY
Reviewed annually or earlier based on regulatory change or operational need.
12. CONTACT
Whistleblower: whistleblower@cushi.ai
CEO: ceo@cushi.ai
Privacy: privacy@cushi.ai
ANNEX A – DEFINITIONS
Whistleblower: Eligible individual protected under law.
Disclosable Matter: Misconduct defined by legislation.
Detriment: Any adverse action prohibited under whistleblower protections.
Eligible Recipient: Internal or external authority authorised to receive disclosures.
VERSION CONTROL & GOVERNANCE
© 2025 Superspeed.ai Pty Ltd (ACN 660 530 090), trading as Cushi.ai / Cushi.app.
Part of the Strategic Global Holdings Pty Ltd Group (ACN 693 256 503). All rights reserved.
Privacy: privacy@cushi.ai | Security: security@cushi.ai | Support: support@cushi.ai