Anyone heard of TinyMetrix?

I too got the email and I've heard from others that have too,  It's now in my trash folder.

For one thing it was way off on my total downloads, from back when we could see the actual download counts without rounding.  (one of my apps that now shows 500k+ today actually had close to 800k at that point).

They must be using the dev's support email for this which is spam and likely against the rules. 

I received the email too, and like Jim my download count is way off, its the amount 1 of my watch faces had before Garmin rounded the numbers.

Their website is registered in Iceland, and was registered in September 2025.

And as Iceland is part of the EEA it should be GDPR compliant - the website has no company info, and the email has no explanation as to why I received it and no opt out option - which is against the GDPR rules

they would have been much smarter to post in this forum in a similar way to Prettier Monkey has, which has (seemingly) garnered lots of good vibes and support

I guess every developer or at least those with more than X downloads got the email.

One thing about barrels: there's no such thing as closed source. You see all the source code in the barrel, so that's ok. I was playing myself with the idea to add some code to my apps to send proper stats to my own webserver. You could even collect all usage stats this way (like which features are used more than others). That's another question whether that would warrant the need to check the checkbox that you are collecting user data (I'd argue not, but maybe others would already count that as such)

I don't think the collection of download stats is malicious. My biggest problem with it is that it increases the code size, when that is already precious resource in my datafields (on older devices)

I also think this is an interesting idea.

However, GDPR is definitely a concern. The data would likely be tied to a unique device identifier, which generally makes it subject to GDPR, even if it is not directly linked to a user’s identity.

For this kind of data collection, relying on legitimate interest is probably the most appropriate approach. This does not require explicit consent, but it does require clearly informing the user, offering an opt-out (while keeping the app usable), and providing a way for users to request access to and deletion of their data.

In practice, this could be implemented by informing users in the app store description, adding a setting to disable data collection, and providing an email contact for data access and deletion requests. For the latter, TinyMetrix would likely need to provide some support.

Actually, the privacy policy is likely involved.  This is in the details for your app.

the-ninth said:

data would likely be tied to a unique device identifier

Re the other active discussion on this tread - there is no unique device identifier, just a device+app unique ID.  Meaning it can't identify a device or an individual from such?

the-ninth said:

but it does require clearly informing the user, offering an opt-out

Bit we also know ERA involves some kind of information data transfer from the device to Garmin (and then to developers) without consent or opt-out.  And Garmin (probably) have a bigger legal team than we do.

Just widening the conversation without prejudice.  I know nothing of TinyMatrix.

When you create a garmin account, you agree to give garmin access.

As far as ERA. that's just the ciq_log file being passed to garmin

Not an expert, but the language in the ERA report is kind of the closest to be personal - anecdotally multiple developers said that if you have an error in a strange place, only on 1 type of device, and you only see 1 language in the list (even if the error happened 100 times) it's probably only 1 user's issue.

Device+app uniq id is certainly more like that. Compare it to IP address.

However it's likely we all signed some 200 pages T&C with 1 paragraph of small letter disclaimer when we 1st opened our Garmin connect account where this was "explained" to us.

crispgarmin said:

Re the other active discussion on this tread - there is no unique device identifier, just a device+app unique ID.  Meaning it can't identify a device or an individual from such?

I would still consider this a unique identifier that is conceptually, even if not necessarily technically, attributable to a user and allows you to trace the activity of an individual user. For example, an IP address is also considered personal data, even if you cannot directly link it to a specific person, as their ISP could.

crispgarmin said:

Bit we also know ERA involves some kind of information data transfer from the device to Garmin (and then to developers) without consent or opt-out.  And Garmin (probably) have a bigger legal team than we do.

Like Jim and Flocsy said, you have probably agreed to this somewhere along the way. ERA itself does not pass a unique identifier to the developer. However, as Flocsy mentioned, if your user base is very small, you might still be able to draw some conclusions in individual cases.

Regarding opt-out, there is a general understanding that error reporting with only the minimum data required for debugging can be considered part of the app’s basic functionality and may not require an opt-out. You still need to inform users, though. As soon as tracking or analytics come into play, that no longer holds, and you typically need opt-out or even explicit consent.

The tricky part is that some law firms make money from “Abmahnungen” by targeting companies that violate these rules. That said, I doubt Garmin apps are really on their radar.

Another complication is that GDPR is supplemented by national laws, and how it is applied can vary a bit between countries, so overall it is a bit messy.

I did reply to the email as I was curious to see if it is legit, and got a reply from the developer.  I'll ask him to weigh-in here, join the discussion, see if he can prove his bone fides.