No Pack login
The extension alpha does not require a Pack, Axal, or ComplyEaze account.
Only the access needed for this workflow.
Pack is built for one supported GST workflow, with exact portal access, packaged code, local state, and no extension telemetry.
Access and evidence
GST login remains on GST Portal
Pack does not collect GST credentials, OTPs, CAPTCHA responses, cookies, or session tokens.
Exact GST host access
https://www.gst.gov.in/*, https://services.gst.gov.in/*, https://return.gst.gov.in/*
Websites cannot control Pack
Websites cannot directly connect to Pack or invoke its extension capabilities.
What we verify
These are the checks that matter before a public store release.
- Pack ships its executable code inside the extension package; it does not load executable code from remote servers.
- No extension analytics or telemetry, crash-reporting, advertising, or session-replay SDKs.
- No downloaded GST PDF upload in the extension workflow.
- Permission allowlist excludes broad website access, cookies, history, webRequest, tabs, and identity.
- Package and source verification details are linked from the Source page.
Report a vulnerability
Email [email protected] with the subject ComplyEaze Pack security report. Do not open a public issue for security findings.
Include affected version, browser and operating system, synthetic reproduction steps, impact, and suggested remediation. Do not attach taxpayer files, credentials, cookies, OTP/CAPTCHA material, raw portal HTML, or unredacted screenshots.