The most leveraged feature we ever built for a tax consultancy was a browser extension. Three lines of explanation, hours saved per day, still in production years later.
By Mohammad Jamnagarwala · Simply Five Studio
The most quietly leveraged piece of software we have built for any client is a browser extension. It does one thing. It logs into the GST portal on behalf of a tax consultancy's clients, with one click, using credentials stored encrypted on the consultancy's side. It has been in production for years. The savings, accumulated across the team's daily work, are larger than several full-time salaries.
This essay is about why browser extensions are an under-used category for compliance-heavy workflows in India, and what makes the right kind of extension worth building.
A tax consultancy with a roster of business clients files monthly GST returns for each client. Each filing requires logging into the GST portal as that client. The GST portal login is multi-step. It involves a username, a password, a captcha, and sometimes an OTP. The team member doing the filing has to type the credentials, solve the captcha, and wait for the page to settle, before they can begin the actual filing work.
A skilled team member does this thirty to fifty times a day across the roster. Multiply by the number of working days in a month, and the team is spending dozens of hours just authenticating to a portal that should authenticate them once.
The work is also a quiet compliance risk. Client GST credentials are sensitive. The team needs them to do the job. Storing them on paper or in a shared document is a real risk. Asking the client for them each time is not workable. The team usually ends up keeping them somewhere, somehow, in a state that nobody would defend if asked about it directly.
The temptation is to build a full automation that does the filing itself, end to end. That is a much larger project, it has compliance risk because the system is acting on the client's behalf without a human in the loop, and it solves the wrong problem. The team's expertise is in the filing decisions, not in the typing.
The browser extension solves the typing without touching the expertise. The team member opens the extension when they are ready to work on a client. The extension fetches the credentials from the consultancy's secure store, fills the login form, handles the captcha prompt, and lands the team member on the GST portal as that client. From that point forward the team member works in the portal the way they always did. The extension does not act on their behalf. It just removes the friction of getting in.
The credentials sit encrypted at rest in the consultancy's database. They are only released to the extension on demand, only to an authenticated team member, only for the duration of the session. The team never types or sees the credentials. The compliance posture is materially better than what existed before.
Indian compliance and operational work involves a lot of portals. GST. Income tax. ROC. MCA. Customs. Various state-level systems. Each has its own login flow, its own session timing, its own quirks. Any firm that interacts with multiple portals on behalf of multiple clients has the same shape of problem.
The browser extension category, used carefully, can be the right answer for any of these. The criteria are simple. Does the work involve authenticating to an external portal many times a day? Is the authentication a meaningful share of the team's time? Are the credentials sensitive enough that informal storage is a real risk? If the answers are yes, the extension is worth considering.
The criteria for when it is the wrong answer are also simple. Is the external portal automating something that the team's expertise should own? Then the extension is fine, but the automation is not. Is the portal authentication a small share of the team's day? Then the extension is over-engineering. Is the portal subject to terms of service that prohibit automated assistance? That is a serious question and requires legal review.
A good extension is narrow. It does one thing well. It does not collect data the firm does not need, it does not act on behalf of the team member, it does not store credentials on the user's machine, it does not become a general-purpose tool. Every additional feature in an extension is a place where the security posture can degrade.
A good extension is also boring. It looks like a small button in the browser toolbar. It does not pop up notifications, it does not advertise its own existence, it does not have a settings panel with twenty toggles. The team member should forget it is there, except for the moment they need it.
The extension we built for Taheri Consultancy Services passes both tests. It is a small icon in the toolbar. It logs into one external system. It has been in production for years without modification. The team uses it dozens of times a day without thinking about it, which is the correct outcome.
This is the kind of work that does not look like much in a case study, because the artefact is small. The leverage is in the recurring saved time, accumulated across years of operation. That is the kind of software we like to build.
Every Indian B2B founder running customer messaging on WhatsApp eventually asks the same question. The honest answer is technical, not a sales pitch, and it depends on a few specific factors most BSP comparison pages skip.
For a five-to-fifty-crore Indian business running custom software, the hosting choice is overdone. When a 1500-rupee VPS wins. When AWS wins. When Vercel wins.
Seventy percent of AI-in-ERP marketing is window dressing. The thirty percent that pays back lives in unstructured-input parsing, anomaly detection, and drafting outbound responses.
The contact form takes about two minutes. The reply comes from the founder within two working days.
