Privacy Policy
Last updated: 2026-06-19
This Privacy Policy explains how MH WORKS ("we", "us") handles personal
information in connection with the Baldur website (https://baldur.sh) and the
Baldur PRO software license (together, the "Services"). We process personal
information in accordance with the Personal Information Protection Act (PIPA) of
the Republic of Korea.
1. Who we are
- Operator: MH WORKS (Business Registration No. 256-42-01432)
- Representative: Myeonghwan Yoon
- Address: 10, Baegyanggwanmun-ro, Busanjin-gu, Busan, Republic of Korea 304dong 1204ho
- Privacy Officer: Myeonghwan Yoon (Representative) —
support@baldur.sh
2. What we collect and why
We collect the minimum personal information needed to operate the Services.
| Data | When | Purpose | Legal basis |
|---|---|---|---|
| Email address | When you purchase a PRO license or contact support | Deliver your license key, provide support, send essential service notices | Performance of a contract |
| Order & license metadata (order reference, license key, plan) | At purchase | Issue and validate your license | Performance of a contract |
| Support correspondence | When you email us or open a public GitHub thread | Respond to and track your request | Legitimate interest / contract |
| Server access logs (IP address, user agent, timestamps) | When you visit the site | Security and abuse prevention | Legitimate interest |
The documentation site at baldur.sh is a static site. We do not run
advertising or analytics trackers, and we do not set tracking cookies.
3. What we do NOT collect
We never receive or store your payment card details. Payments are processed by Creem (see § 4), which acts as the Merchant of Record. Card and billing data are handled entirely by Creem.
4. Third parties (processors and providers)
We rely on the following providers. Each receives only the data needed for its function.
| Provider | Role | Data shared |
|---|---|---|
| Creem | Merchant of Record — handles payment, tax, and refunds | Payment, billing, and contact data you enter at checkout |
| Cloudflare | License-issuance pipeline and infrastructure | Order/license metadata and the email used for license delivery |
| GitHub | Documentation hosting (GitHub Pages), Discussions, Issues | Site access logs; any content you post publicly |
Creem is the Merchant of Record for all purchases. Your purchase is a transaction with Creem and is additionally governed by Creem's own privacy policy and terms.
5. Overseas transfer of personal information
To deliver the Services, we transfer certain personal information to overseas service providers. In accordance with the Personal Information Protection Act (PIPA), the following transfers are disclosed:
| Recipient | Country | Items transferred | When & how | Purpose | Retention |
|---|---|---|---|---|---|
| Cloudflare, Inc. | United States | Email address, order & license metadata | At the time of use, via network transmission | License issuance and delivery, infrastructure | Until your license ends (see § 6) |
| GitHub, Inc. | United States | Site access logs; any content you post publicly | At the time of use, via network transmission | Documentation hosting and community | Provider-set; access logs kept short-term |
Creem operates as the Merchant of Record and is an independent controller for the payment and billing data you enter at its checkout. That data is provided by you directly to Creem and is governed by Creem's own privacy policy, not by the processor relationship described above.
6. Retention
- License and order records: retained for the duration of your license and as required by applicable tax and commercial law.
- Support correspondence: retained while needed to resolve and reference your request.
- Server logs: retained for a short period for security purposes, then deleted or anonymized.
We destroy personal information without delay once its purpose is fulfilled and no legal retention obligation remains. Personal information stored in electronic form is permanently deleted by a method that prevents recovery; information recorded on paper is shredded or incinerated.
7. Your rights
Under PIPA you may request to access, correct, delete, or suspend processing of
your personal information, and you may withdraw consent. To exercise these rights,
contact support@baldur.sh. We will respond without undue delay. You may also
lodge a complaint with the Personal Information Protection Commission (PIPC) of
Korea.
8. Security
We limit access to personal information, use encrypted transport (HTTPS), and rely on reputable providers for payment and infrastructure. License keys are cryptographically signed (Ed25519).
9. Children
The Services are intended for professional and business use and are not directed to children.
10. Changes
We may update this Policy. Material changes will be reflected by updating the "Last updated" date above and, where appropriate, by notice on this site.
11. Contact
Questions about this Policy or your personal information: support@baldur.sh.