Advocacy organizations, including the National Domestic Violence Hotline and NNEDV's Safety Net project, both draw a distinction that's useful to hold onto here: technology safety planning is not the same as generic digital security advice. A password manager and two-factor authentication are good defaults for most people, but for someone leaving or navigating an abusive relationship, the threat model is specific, the abuser often already has legitimate-looking access, and the wrong move at the wrong time, changing a password abruptly, deleting a shared app, can escalate risk rather than reduce it. If you're in an active safety planning process, working with an advocate who knows the specifics of your situation matters more than any general checklist, including this one.
Shared accounts are the most common access point
Couples routinely share an Apple ID, a Google account, a streaming login, sometimes without ever deciding to, just from setting up a household. Shared accounts often carry more than people realize: synced photo libraries, saved locations, browser history across every signed-in device, and message backups. If a partner set up the phone originally, they may know the passcode, may have an old fingerprint or face registered on it, or may have a secondary Apple ID or Google account added as a recovery method without the primary user's knowledge.
Checking device management settings for unfamiliar linked accounts, unrecognized trusted devices, or unknown backup email addresses is a concrete, quiet first step. It doesn't require confrontation and doesn't visibly change anything an abuser would notice immediately. Our guide to shared account privacy after a breakup covers the account-by-account mechanics in more depth.
It's also worth ruling out software installed directly on the device rather than just account-level sharing. Stalkerware detection is a separate, more technical process, and one where the safety-first sequencing matters even more, since removing spyware can immediately tip off whoever installed it.
Family location sharing was built for convenience, not consent
Apple's Find My, Google's Family Link, and consumer apps like Life360, covered in more detail in our piece on family locator apps, were designed to let families see each other's location, and none of them require ongoing, meaningful consent to keep sharing active once it's turned on. A survivor may not remember every place they agreed to share their location years into a relationship, or may have agreed to it under pressure. These apps are worth checking specifically, not assuming, because turning off location sharing in one app doesn't affect another, and some can be re-enabled remotely by anyone who still has account access.
If a device or account is actively being monitored, changing settings can alert the person watching that something is different, which is why advocates generally recommend safety planning with a professional before removing access, especially in situations involving custody proceedings or an abuser who has shown a pattern of escalation. The National Domestic Violence Hotline (1-800-799-7233) offers confidential support with exactly this kind of technology safety planning.
Custody and co-parenting apps create their own exposure
Court-ordered co-parenting communication apps, and shared calendars for children's schedules, are sometimes the only remaining digital connection to an ex-partner, and they're often overlooked as a monitoring vector because they feel mandatory rather than optional. It's worth knowing exactly what a given app shares: some log message timestamps and read receipts in ways visible to both parties, some include location tagging on photo uploads by default, and some retain full message history accessible to a family court if a dispute arises later, which is worth knowing before writing anything you wouldn't want read back in a hearing.
| Common access point | What to check |
|---|---|
| Shared cloud account (Apple ID / Google) | Recovery emails and phone numbers, linked devices, family sharing group membership. |
| Location sharing apps | Find My, Life360, Google Family Link, and any app-specific "share my location" toggle, checked individually. |
| Old or shared devices | A former partner's fingerprint, face ID, or saved passcode on a device that was never fully reset. |
| Social media | Tagged location on posts, mutual friends who might relay information, old check-ins that reveal patterns. |
| Co-parenting apps | What the app logs, whether it's court-mandated, and what either party can export or screenshot later. |
Documentation is its own safety task
Harassment and threats sent digitally, texts, app messages, voicemail transcripts, are evidence, and advocates generally recommend keeping a record even when reporting isn't happening right away. Screenshotting on the device where the message arrived is the obvious move, but it's worth also noting the date, time, and platform in a separate location, an email to a personal account the other party doesn't know about, or a note kept with a trusted friend or advocate, since a screenshot stored only on a phone that might later be taken, damaged, or reset isn't durable. Some advocacy organizations recommend a dedicated, newly created email account used only for this kind of documentation, kept separate from anything the other party has ever had access to or could guess the recovery details for.
What a fresh start actually looks like
When it's safe to make a clean break, the most reliable approach is often the simplest: a new device, purchased separately, with new accounts created from scratch rather than restored from an old backup, since a restored backup can silently bring old linked devices, saved passwords, and sync settings along with it. A new phone number, where possible, closes off SMS-based two-factor recovery on old accounts being used to regain access to new ones. None of this needs to happen all at once, and for many people it can't. Safety planning is iterative, and doing one piece today, checking one setting, writing down one account to deal with later, is real progress even when the whole picture can't be addressed at once.
Messaging that keeps conversations private by default, without relying on the user to configure it correctly, removes one layer of risk during an already difficult process. That's a narrow piece of a much larger safety plan, not a substitute for one, and it matters less than working with an advocate who can help think through the specific situation.