Skip to main content
GitHub

Last updated 24 June 2026

Pack privacy notice

This notice explains what Pack handles in the browser extension, on this website, and when you contact us.

Scope

Pack browser extension

Pack runs in the user's browser, uses local extension storage for local extension version, install timestamp, preferences, the last synthetic demo manifest summary, and temporary session workflow snapshots, and writes selected downloads to the user's machine.

  • No extension analytics or telemetry.
  • The local-download workflow does not upload GST files or document contents to ComplyEaze.
  • The options page includes a Clear local Pack data control.

GST Portal interaction

The user opens and authenticates to the GST Portal directly. Pack acts only on exact GST Portal hosts from the active browser session and does not ask for or store GST Portal credentials, OTPs, CAPTCHA responses, cookies, or session tokens.

  • https://www.gst.gov.in/*
  • https://services.gst.gov.in/*
  • https://return.gst.gov.in/*

Pack website diagnostics

The Pack website is separate from the browser extension. GST credentials, session tokens, and downloaded GST PDFs are not sent to ComplyEaze by the extension workflow. Pack does not collect or transmit extension analytics or telemetry.

  • Website page analytics are disabled.
  • Sanitized Sentry error diagnostics may process ordinary request metadata, with sensitive query keys stripped.
  • Pack pages do not initialize or use the ComplyEaze app session.

Support and security reports

GitHub issues, pull requests, email support, and private security reports receive only what a visitor or reporter chooses to send. Reports must use synthetic or redacted material.

  • Do not send real GST Portal credentials, OTPs, CAPTCHA responses, session cookies, taxpayer files, portal HTML, raw network captures, or unredacted screenshots.
  • Security reports go to [email protected]; general questions go to [email protected].
  • Public issues, pull requests, screenshots, and support messages must not include taxpayer identifiers, credentials, portal captures, or downloaded GST files.

Pack browser extension

The extension processes supported GST Portal page state locally in your browser to find and trigger filed GSTR‑3B PDF downloads.
Rendered GST page text and controls
Read transiently in the browser to classify and operate supported GST Portal pages; raw page text is not transmitted to ComplyEaze.
GST origin and page kind
Reduced to allowlisted context labels and stored temporarily in extension session storage.
Selected financial year and period
Processed locally to identify requested filed GSTR‑3B downloads; completion state may remain in extension session storage.
Download metadata
Examined transiently to correlate the requested GST-origin PDF and verify completion; raw filenames, local paths, referrers, and URLs are not transmitted or persisted.
Installation metadata
Local extension version and install timestamp may be stored in extension local storage until cleared or the extension is removed.
Local demo manifest
Stored locally for the synthetic demo until clear-data runs or the extension is removed.
GST PDF
Saved by Chrome to the user's configured download location; Pack does not upload downloaded GST PDFs to ComplyEaze.

GST Portal interaction

You open and authenticate to the GST Portal directly. Pack acts only on exact GST Portal hosts from the active browser session.
  • Pack does not ask for or store GST Portal credentials, OTPs, CAPTCHA responses, cookies, or session tokens.
  • Pack does not automate OTP, CAPTCHA, login, or consent challenges.
  • https://www.gst.gov.in/*
  • https://services.gst.gov.in/*
  • https://return.gst.gov.in/*

Pack website

The Pack website is separate from the browser extension. GST credentials, session tokens, and downloaded GST PDFs are not sent to ComplyEaze by the extension workflow. Pack does not collect or transmit extension analytics or telemetry.
Website analytics
disabled
Error diagnostics
Pack pages use sanitized Sentry error diagnostics without replay, tracing, logs, request bodies, cookies, default PII, or sensitive query keys.
Infrastructure logs
Standard hosting logs may include ordinary request metadata such as IP address, user agent, timestamp, path, status, and referrer.
ComplyEaze app session
not initialized or used by Pack pages

Support and security reports

Public issues, pull requests, email support, and private security reports receive only what a visitor or reporter chooses to send.
  • Do not send real GST Portal credentials, OTPs, CAPTCHA responses, session cookies, taxpayer files, portal HTML, raw network captures, or unredacted screenshots.
  • GSTIN, PAN, Aadhaar, taxpayer names, client names, or trade names.
  • Passwords, OTPs, CAPTCHA responses, cookies, session tokens, or credentials.
  • ARNs, return values, tax amounts, downloaded GST files, real filenames, portal HTML, headers, cookies, raw network captures, or unredacted screenshots.
  • Support and security submissions are retained only as needed to respond, investigate, and maintain an audit trail.

Chrome Limited Use

Pack's extension data use is limited to providing or improving the user-facing supported download workflow. Extension data is not used for advertising, lending, creditworthiness, unrelated profiling, or sold to third parties.
  • No extension analytics or telemetry.
  • No advertising or session-replay SDK in the extension.
  • The extension workflow does not upload GST files or GST document contents to ComplyEaze.
  • Local extension data can be cleared through Clear local Pack data, browser extension removal, or browser profile cleanup.