We’re thrilled to welcome you to the Dropbox Bug Bounty Program where your curiosity, cleverness, and insights are not only welcomed, but celebrated. Whether you’re here to fuzz some endpoints, audit our auth flows, or just vibe with some recon, we’re genuinely excited to have you digging around in our digital environment.

At Dropbox, we believe in building trust through transparency and partnership. That means we see you not as adversaries, but as collaborators and an extended part of our security team, helping us make Dropbox safer for millions around the world.

Our scope is broad and our team is responsive. There’s plenty of interesting surface to explore and we’re here, ready for the thoughtful reports, the sharp PoCs, and the occasional meme-worthy bug title.

So fire up your proxy of choice, and let us know what you find. If you're unsure about something, just drop us a note — we’re real humans behind these endpoints.

Thanks again for joining us. Let the hunt begin!

— The Dropbox Security Team

P.S. Bonus points for well-formatted and humorous reports. We see you.