Is Cannter available outside Perth?

Not yet. We're focused on Perth metro — seven zones from Joondalup to Mandurah — and expanding suburbs weekly.

Can I order Schedule 8 medication through Cannter?

Yes. Schedule 8 is a core part of what we do, and every S8 delivery uses a verified chain-of-custody workflow: pharmacist-to-driver handover, tamper-evident packaging, photo ID check, and a signed digital receipt.

Do I need to change pharmacies to use Cannter?

If your current pharmacy is one of our partners, no. If not, we'll introduce you to a partner pharmacy with comparable stock and pricing.

Where is my data stored?

All patient data is stored in Australia (AWS Sydney region), encrypted, and handled in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth).

Privacy — Cannter

Last updated: April 2026

1. Who we are

Cannter Pty Ltd (ABN [PLACEHOLDER]) (“Cannter”, “we”, “us”, “our”) is a pharmaceutical delivery platform based in Perth, Western Australia. We operate as a subsidiary of MedEx and act as a middleman between patients and our pharmacy partners, facilitating the management of prescriptions, dispensing requests, and last-mile delivery of Schedule 4 and Schedule 8 medications across the Perth metropolitan area.

We are committed to protecting the privacy of every individual who interacts with our platform, whether as a patient, pharmacy partner, prescriber, or visitor to our website.

2. Information we collect

We may collect the following categories of information:

Identity information— full name, date of birth, email address, phone number, and government-issued identification details (required for Schedule 8 deliveries).
Health information— prescription details, medication names, dosages, prescriber information, script images, and dispensing history. This is classified as sensitive information under the Privacy Act 1988 (Cth).
Delivery addresses — residential or nominated delivery addresses within the Perth metro area, including geocoded location data.
Payment information — billing details processed securely through Stripe. We do not store full card numbers on our servers.
Account data — email address, authentication tokens, role assignments, and account preferences.
Usage data — pages visited, features used, device type, browser information, IP address, and interaction patterns collected through analytics.

3. How we collect information

We collect personal information through the following means:

Directly from you — when you create an account, submit a prescription, request a fill, provide a delivery address, or contact us.
From our pharmacy partners — when a pharmacy confirms dispensing details, updates order status, or provides information necessary to complete your delivery.
From prescribers — where a prescriber refers you to Cannter or provides prescription information on your behalf with your consent.
Automatically — through cookies, analytics tools, and server logs when you visit our website or use our application.

4. Why we collect your information

We collect and use your information for the following purposes:

Service delivery — to process fill requests, coordinate dispensing with pharmacy partners, assign drivers, and deliver medications to you.
Regulatory compliance— to meet our obligations under Western Australian poisons legislation, including Schedule 8 chain-of-custody record-keeping, identity verification, and delivery documentation.
Schedule 8 chain of custody — to maintain a complete, auditable record of every handoff from pharmacy to driver to patient, as required by the WA Poisons Regulations.
Communication — to send you order confirmations, delivery status updates, push notifications, and important service announcements.
Account management — to authenticate your identity, manage your account, and enforce role-based access controls.
Service improvement — to understand how our platform is used, identify issues, and improve the patient and pharmacy experience.
Legal obligations — to comply with applicable laws, respond to lawful requests from regulators, and protect our legal rights.

5. Australian Privacy Principles

Cannter Pty Ltdis bound by the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). We are committed to handling your personal information in accordance with these principles, which govern how we collect, use, disclose, store, and provide access to personal information.

Where a practice, law, or court order of a state or territory applies in relation to health information, we comply with both the APPs and the applicable state or territory requirements. In Western Australia, this includes compliance with the Health Services Act 2016 (WA) and associated regulations where they apply to our operations.

6. Health information

Health information — including your prescription details, medication history, and dispensing records — is classified as sensitive informationunder the Privacy Act 1988 (Cth). We apply additional protections to this data:

Health information is only collected with your consent or where required by law.
Access to health information is restricted to personnel and systems that require it to deliver our service (pharmacy staff processing your order, drivers verifying delivery, and authorisedCannter administrators).
Health information is never used for marketing purposes or shared with third parties for their own marketing.
We do not contribute data to the My Health Record system. If you have questions about how your pharmacy partner interacts with the My Health Records Act 2012 (Cth), please contact them directly.

7. How we store and protect your information

We take the security of your information seriously and implement technical and organisational measures appropriate to the sensitivity of the data we handle:

Data hosting— all primary data is stored in Supabase's Sydney region (ap-southeast-2), ensuring your information remains within Australia.
Encryption— data is encrypted at rest using AES-256 and in transit using TLS 1.2 or higher.
Access controls — role-based access ensures that patients, pharmacy staff, drivers, and administrators can only access information relevant to their role. Row-level security policies are enforced at the database level.
Authentication — user authentication is managed through Supabase Auth with magic-link email verification.
Monitoring — we monitor for unauthorised access attempts and maintain audit logs of data access events.

While we implement robust security measures, no system is completely immune to risk. If you become aware of any security issue, please contact us immediately at hello@cannter.com.au.

8. Third-party service providers

We use the following third-party service providers to operate our platform. Each provider only receives the minimum data necessary to perform their function:

Supabase (database and authentication) — stores account information, prescription data, order records, and delivery history. Hosted in Sydney, Australia (ap-southeast-2).
Stripe(payment processing) — processes delivery fee payments and medication charges. Receives your name, email, and payment card details. Stripe is PCI DSS Level 1 compliant. We do not store full card numbers.
Locate2u (delivery logistics) — manages driver dispatch, route optimisation, and real-time delivery tracking. Receives delivery addresses, driver assignments, and order identifiers. Does not receive health or medication information.
PostHog (product analytics) — collects anonymised usage data including pages visited, features used, device type, and browser information to help us improve the platform. Does not receive health information, prescription details, or payment data.

We require each third-party provider to handle your data in accordance with their own privacy policies and applicable Australian privacy law. We do not sell your personal information to any third party.

9. Data retention

We retain your information for the following periods:

Schedule 8 records— records relating to Schedule 8 medications, including chain-of-custody logs, delivery confirmations, and identity verification records, are retained for a minimum of 7 yearsin accordance with the Medicines and Poisons Regulations 2016 (WA) and associated poisons record-keeping requirements.
Schedule 4 records— prescription and delivery records for Schedule 4 medications are retained for a minimum of 2 years from the date of the last transaction, or longer where required by law.
Account information— retained for as long as your account is active. If you request account deletion, we will remove your account data within 30 days, except where retention is required by law (such as Schedule 8 records).
Analytics data— anonymised usage data is retained for up to 24 months.

10. Your rights

Under the Australian Privacy Principles, you have the following rights in relation to your personal information:

Access— you may request access to the personal information we hold about you. We will respond within 30 days.
Correction — if you believe any information we hold is inaccurate, incomplete, or out of date, you may request that we correct it.
Deletion— you may request deletion of your account and associated personal information, subject to our regulatory retention obligations (see section 9).
Complaint — if you believe we have breached the APPs, you may lodge a complaint with us. If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

To make a request, email us at hello@cannter.com.au with the subject line “Privacy Request”. We may need to verify your identity before processing your request.

11. Cookies and analytics

Our website and application use cookies and similar technologies to improve your experience and understand how our platform is used.

Essential cookies — required for authentication, session management, and core platform functionality. These cannot be disabled.
Analytics cookies — we use PostHog to collect anonymised usage data, including pages visited, click patterns, device type, and browser information. PostHog does not track health information, prescription details, or payment data.

You can opt out of analytics tracking by adjusting your browser settings to block third-party cookies, or by using a browser extension that blocks analytics scripts. Opting out of analytics will not affect the functionality of your Cannter account.

12. Changes to this policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on our website and updating the “Last updated” date at the top of this page. Where changes materially affect how we handle your health information, we will also notify you via email or an in-app notification.

We encourage you to review this policy periodically.

13. Contact us

If you have any questions about this privacy policy, wish to make a privacy request, or have concerns about how we handle your personal information, please contact us:

Email: hello@cannter.com.au
Entity: Cannter Pty Ltd (ABN [PLACEHOLDER])
Address: [PLACEHOLDER — registered business address], Perth, Western Australia

Privacy policy