The Cannabis Observer

Privacy Policy

Last updated: April 2026

The Cannabis Observer ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what personal information we collect when you use our website and related services, how we use that information, who we share it with, and the choices you have. It applies to all visitors, newsletter subscribers, and registered or paying members.

We handle personal information in accordance with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth) and other applicable Australian law.

1. Information We Collect

We collect only the information necessary to operate the site and deliver the services you have asked for. The categories of personal information we may collect include:

  • Contact details - your email address when you subscribe to our newsletter, join our waitlist, create an account, or contact us directly.
  • Account information - a record that an account exists for your email address and any authentication events associated with it. We do not store passwords; accounts are accessed via a magic link sent to your email.
  • Subscription and payment information - if you take out a paid subscription, your billing details are collected and processed by our payment provider, Stripe. We do not store full credit card numbers on our own systems; we hold only the subscription record returned by Stripe (status, renewal date, and the identifiers needed to manage your subscription).
  • Correspondence - the content of any emails or messages you send us.
  • Technical and usage information - analytics about how the site is used (pages viewed, referring site, approximate country, device category, browser). This is collected through a self-hosted analytics tool and is not tied to an identified individual. We also record a sample of visitor sessions (mouse movements, clicks, scrolls, and page interactions) so we can understand how the site is used in practice. Input fields are automatically masked at the "moderate" level so that text you type, including any personal details, is not captured in those recordings.

2. How We Collect Your Information

We collect personal information in three ways:

  • Directly from you - when you fill in a form on the site, subscribe to the newsletter, sign in, start a subscription, or email us.
  • Automatically - through privacy-respecting, self-hosted analytics that record usage patterns (including session replays of page interactions with input fields masked). No cross-site tracking cookies are set for this purpose and individual visitors are not identified by name or email.
  • From trusted service providers acting on our behalf - for example, Stripe returns subscription status and billing events after a successful payment, and our email delivery provider returns information about whether emails we sent were delivered, opened, or bounced.

3. How We Use Your Information

We use personal information only for the purposes for which it was collected or for closely related purposes you would reasonably expect, including:

  • Sending the newsletter, product updates, and service messages you signed up for.
  • Authenticating sign-ins to your account via a magic link.
  • Processing and managing paid subscriptions and handling billing enquiries.
  • Responding to your questions or feedback.
  • Understanding how the site is used so we can improve content and performance.
  • Meeting our legal and regulatory obligations.

We do not sell your personal information, and we do not use it for third-party advertising or profiling.

4. When We Disclose Your Information

We share personal information only with the small number of service providers we need to run the site, and only to the extent necessary for them to perform their role:

  • Stripe - handles payment processing and subscription management for premium memberships. Stripe is PCI DSS certified and stores any card data on its own infrastructure.
  • Email delivery provider - sends transactional emails and newsletters on our behalf. This provider processes the recipient email address and message content solely for the purpose of delivery.
  • Hosting and infrastructure providers - host our website, database, and analytics under contractual confidentiality obligations.

We may also disclose personal information where required or permitted by Australian law, to enforce our Terms & Conditions, or to protect the rights, property, or safety of our users, ourselves, or others.

We do not share or sell your personal information with advertisers, data brokers, or unrelated third parties for their own marketing.

5. Security and Storage

Personal information is held in our application database, which is hosted on infrastructure protected by access controls and encryption in transit (TLS). Payment data is held by Stripe rather than on our systems. Account access uses single-use magic links, so we do not store passwords that could be leaked.

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. No system is perfectly secure, but we continue to review and improve our safeguards.

We retain personal information only for as long as needed for the purpose it was collected: newsletter subscriptions until you unsubscribe; account records for the life of your account; billing and tax records for the period required by law; magic-link tokens for a short expiry window.

6. Your Rights and Choices

You have choices about how your personal information is handled:

  • Unsubscribe - every newsletter and marketing email contains an unsubscribe link. Clicking it removes you from the relevant list.
  • Access, correction, and deletion - you can request a copy of the personal information we hold about you, ask us to correct anything inaccurate, or ask us to delete your account and associated data. Send requests to the contact address at the bottom of this page. We will respond within a reasonable time and in line with the APPs.
  • Analytics and session recording opt-out - our analytics does not use cross-site tracking cookies and respects standard browser privacy signals. You can block the analytics script and the session recorder with a content blocker of your choice - or block the paths /_/script.js and /_/recorder.js specifically - with no loss of site functionality.

7. Cookies, Analytics, and Session Recording

We do not use cookies for advertising or cross-site tracking. The small number of cookies and similar identifiers that may be set fall into three categories:

  • Strictly necessary - short-lived tokens used to keep you signed in after you click a magic link. Without these the site cannot remember that you are logged in.
  • Analytics - our self-hosted analytics tool does not set cross-site tracking cookies. It may set a first-party identifier so that repeated page views within a single visit are counted as one session rather than many. We do not use it to identify you by name or email.
  • Session recording - when the session recorder is enabled it may set a first-party session identifier so the individual events it records can be grouped into a single replay. Recordings capture page interactions (mouse movements, clicks, scrolls, navigations) with the content of input fields masked at the "moderate" level. Recordings are stored on our self-hosted analytics server and retained for approximately 30 days before being deleted, unless a different retention is configured. They are not shared with third parties.

You can configure your browser to reject cookies entirely; doing so may prevent you from remaining signed in between visits but will not otherwise affect your ability to read the site.

8. When Your Information Leaves Australia

Some of the service providers described in section 4 (including Stripe and our email delivery provider) may process personal information outside Australia, typically in the United States or the European Union. Where this happens, we take reasonable steps to ensure the overseas recipient handles your information in a way that is consistent with the Australian Privacy Principles, through contractual arrangements and the provider's own compliance programs.

9. Data Breaches

If we become aware of a data breach that is likely to result in serious harm to any individual whose personal information we hold, we will comply with the Notifiable Data Breaches scheme under the Privacy Act. Affected individuals and the Office of the Australian Information Commissioner (OAIC) will be notified as required by law.

10. Children

This site is not directed at children, and we do not knowingly collect personal information from anyone under the age of 16. If you believe a child has provided us with personal information, please contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of the page. Material changes will be drawn to your attention through the site or by email where appropriate. Continued use of the site after a change takes effect means you accept the updated policy.

12. Contact and Complaints

Questions, access requests, and privacy complaints can be sent to us at the address below. We will acknowledge your message and aim to resolve any complaint within a reasonable time.

The Cannabis Observer
Email:

If you are not satisfied with our response, you may also lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.