About Droom’s Bug Bounty Program

Droom is committed to the security of data and technology. Hence, We recognize responsible disclosure of in-scope issues, exploitation techniques or any potential threat pertaining to exploits and vulnerabilities.

If you discover a bug, we would appreciate your cooperation in responsibly investigating and reporting it to us via email at Bugbounty@droom.in so that we can address it as soon as possible.

Recognition and Certificates

Get digital certificate for reporting the valid bugs.

  • Digital Certificate For Appreciation & Merit

  • Multiple submissions over time can be eligible for “Hall of Fame” and a digital certificate.

If in case, your findings are not accepted as a valid bug, we issue you a digital certificate for appreciation.

Our certification process is multi-leveled

Sample Certificate
  • Standard

  • Bronze

  • Silver

  • Gold

  • Platinum

Our “Hall of Fame” page recognizes the contributions of reporters who have demonstrated a high level of dedication to our Program, which you can use to highlight in your resume.

Rules for Reporting a Bug

Report your findings via email to Bugbounty@droom.in and adhere to below points:-

  • Please don't violate the privacy of other users, destroy data, disrupt our services, etc.

  • Please don't request updates on an hourly basis. We are handling dozens of reports daily and spam impacts the Program’s efficiency.

    Get More Info
  • Please target your own accounts in the process of investigating any bugs/findings.

    Get More Info
  • Please don't target our physical security measures, or attempt to use social engineering,

    Get More Info
  • In case you find a severe vulnerability that allows system access, you must not proceed further.

    Get More Info
  • It is Droom’s decision to determine when and how bugs should be addressed and fixed

    Get More Info
  • Disclosing bugs to a party other than Droom is forbidden, all bug submissions are to remain at the submitter

    Get More Info
  • Threatening of any kind will automatically disqualify you from participating in the Program.

  • Exploiting or misusing the vulnerability for your own or others' benefit will automatically disqualify the submission.

  • Bug disclosure communications with Droom’s security team are to remain private and confidential.

  • You must destroy all artifacts created to document vulnerabilities

    Get More Info
  • Your testing activities must not negatively impact Droom.

    Get More Info