XTender
  • Features
  • For Pharmacists
  • Pricing
  • Contact
Get it on Google Play Download on the App Store
Start Free Trial

Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your information.

Effective Date: 12 July 2026
Version: 1.1
Version 1.1 clarifies support and administrative access to Customer data (Health Information section). Version 1.0 applied before this date.

1. Introduction

XTENDER HEALTH SOLUTIONS PTY LTD (ABN 74 694 974 984, ACN 694 974 984) ("Xtender", "we", "us", or "our") is committed to protecting the privacy of personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By using our services, you acknowledge that you have read and agree to this Privacy Policy.

2. Definitions

  • "Customers" means business entities that subscribe to our Services, such as pharmacies and pharmacy groups.
  • "Users" means individuals who access or use our Services, including individual pharmacists using the free Pharmacist Hub.
  • "Services" means the Xtender platform, website, applications, and related services.
  • "Personal Information" has the meaning given in the Privacy Act 1988 (Cth).

3. Information We Collect

Information You Provide

  • Contact details (name, email, phone number, business address)
  • Account credentials (username, password)
  • Business information (ABN, company name)
  • Payment and billing information

Information Collected Automatically

  • Device information (IP address, browser type, operating system)
  • Usage data (pages visited, features used)
  • Cookies and similar tracking technologies

Email Analytics (Invitations and Enquiries)

Where we send an invitation or follow-up email to a prospective Customer, we record limited information about how that email is engaged with, so we can tell whether our message arrived and whether to follow up:

  • Whether the email was displayed. Our invitation emails may contain a small tracking image that loads when the message is opened. We record that the message was displayed and the time. We do not record your IP address for this. This signal is unreliable by design — many mail providers (including Apple Mail Privacy Protection and Google's image proxy) load images automatically whether or not a person has read the message — so we treat it only as an indication that the email was delivered.
  • Whether the invitation link was opened. If you click the link in an invitation email, we record the date and time, the IP address and the browser used, and whether the invitation was still valid.
  • Whether you unsubscribed, and when.

We use this only to confirm our emails are arriving and to decide whether to send a reminder. It is not used for profiling or automated decision-making, and it is not disclosed to third parties. Every invitation email includes an unsubscribe link; once you unsubscribe, we stop sending invitation emails to that address. This information is retained with the related invitation record and is deleted when that record is deleted.

Health Information

Our platform may process health information on behalf of our Customers (such as pharmacies). In such cases, health information is collected and processed only as directed by our Customers, who remain responsible for compliance with applicable health records legislation.

Authorised Xtender personnel may access Customer data, including health information, where reasonably necessary to provide requested support, troubleshoot faults, verify correct operation of the Services, or maintain security. Such access is treated as processing at the direction of the Customer (as set out in the Support and Administrative Access clause of our Terms of Service), is limited to what is reasonably necessary, is recorded in an audit trail, and is performed only by personnel bound by confidentiality obligations.

Important: Where our Customers use our Services to process health information, those Customers are responsible for ensuring compliance with applicable privacy and health records legislation.

4. Lawful Basis for Collection

We collect, use, and disclose personal information where reasonably necessary for our functions and activities, with your consent, or as otherwise permitted or required by law, including under the Australian Privacy Principles.

5. How We Use Your Information

  • Service Delivery: To provide and improve our Services
  • Account Management: To create and manage your account
  • Communication: To send service notices and updates
  • Marketing: To send promotional materials (with your consent and in accordance with the Spam Act 2003 (Cth)). You may opt out at any time using the unsubscribe mechanism provided in each communication.
  • Security: To detect and prevent fraud
  • Legal Compliance: To comply with applicable laws

6. Disclosure of Information

We may share personal information with:

  • Cloud hosting and infrastructure providers
  • Payment processors
  • Email and SMS service providers
  • Analytics services

We may also disclose information where required by law or court order.

Overseas Disclosure

Some of our service providers (such as cloud hosting, email delivery, and payment processing providers) may be located outside Australia. Where personal information is disclosed to overseas recipients, we take reasonable steps to ensure those recipients handle the information in accordance with the Australian Privacy Principles, as required by APP 8.

7. Data Security

We implement appropriate security measures including:

  • Encryption of data in transit and at rest (AES-256, TLS 1.2+)
  • Secure access controls and authentication
  • Regular security assessments
  • Employee training on data protection

8. Data Breach Notification

In the event of an eligible data breach, we will comply with our obligations under the Privacy Act 1988 (Cth), including the Notifiable Data Breaches (NDB) scheme. This includes notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) as required.

9. Your Rights

  • Access: You may request access to your personal information
  • Correction: You may request correction of inaccurate information
  • Opt-Out: You may opt out of marketing communications at any time
  • Complaints: You may lodge a complaint with us or the Office of the Australian Information Commissioner (OAIC)

10. Cookies

We use cookies to remember preferences, authenticate users, and analyse usage. You can control cookies through your browser settings.

11. Data Retention

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, comply with legal requirements, and enforce our agreements.

12. Clinical and Medical Disclaimer

Xtender provides operational software tools for pharmacy management and professional development tracking. We do not provide medical, clinical, or therapeutic advice. Clinical decisions remain solely the responsibility of qualified healthcare professionals.

Any information displayed within the Services (including CPD tracking, training course directories, and professional development tools) is for administrative and organisational purposes only and should not be relied upon as a substitute for professional medical judgement.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified by posting the updated policy and updating the "Effective Date".

Contact Us

For questions about this Privacy Policy:

XTENDER HEALTH SOLUTIONS PTY LTD
ABN: 74 694 974 984 | ACN: 694 974 984
Email: privacy@xtender.com.au
Website: https://xtender.com.au

Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Phone: 1300 363 992

XTender
Australian-built software for pharmacy operations. Simple, practical, built with care.
Privacy Policy Terms of Service Contact
© 2026 XTENDER HEALTH SOLUTIONS PTY LTD (ABN 74 694 974 984). All rights reserved.
Pharmacy, Extended.