Audit and revoke shared account access¶

Relationships accumulate shared digital access over time. Family sharing plans, shared streaming logins, cloud storage with shared folders, smart home applications, location sharing features: most of this was set up in good faith and is not visible as a single list anywhere. This playbook works through it systematically.

Do this from a device and network you trust. Removing shared access may be visible to the other person: notifications can alert them when they are removed from a family plan or when a shared location stops updating. Time this according to your overall safety plan, not in isolation.

Ecosystem accounts: Apple, Google, Microsoft¶

These are the highest priority because they control the largest number of other things.

For Apple: go to your Apple ID settings and check Family Sharing (who is in your family group, what is shared with them, including location), Find My (who can see your location), and iCloud (whether any folders or photo albums are shared). Check which devices are signed into your Apple ID under Settings. Sign out any device you do not recognise or no longer control.

For Google: go to your Google Account and check People and sharing (location sharing, contacts sharing), Security (devices signed in, third-party apps with access), and if you use Google Family Link, who is linked and what they can see. Check Gmail separately for forwarding rules and connected apps.

For Microsoft: check your Microsoft Account for devices, connected apps, and any family group memberships.

Streaming and subscription services¶

Netflix, Spotify, Disney+, Amazon Prime, Apple TV+, and similar services often show active sessions. Log into each service’s account settings and look for a “Manage devices” or “Active sessions” option. Sign out sessions on devices you do not recognise. If a password was shared, change it.

If you are on a shared family plan and removing yourself or the other person requires cancelling and re-subscribing separately, decide whether the timing of that visibility is right for your situation before acting.

Cloud storage¶

For Google Drive, iCloud Drive, Dropbox, OneDrive, and similar services, check for shared folders and shared files. These give ongoing access to anything placed inside them and may have been set up to sync your documents automatically. Remove sharing on any folder that contains sensitive information.

If your photos are backing up to a shared cloud account, the other person may be able to see new photos as they are taken. Disable the shared backup and set up a new one on an account only you control.

Location sharing¶

Go through each of the following and check whether location sharing is active and visible to anyone who should not have it.

Google Maps: Settings, Location sharing. Apple Maps / Find My: the People tab shows who can see your location and who you are sharing with. Life360, if installed: check who is in your circles. Snapchat, WhatsApp, and other messaging apps: these have their own location sharing features, sometimes set to share continuously.

Fitness apps (Strava, Garmin Connect, Apple Fitness) log your routes and activity. Check whether any of these are connected to a shared account or have social features enabled that make your activity visible.

Smart home¶

If your home has smart devices (smart speakers, cameras, thermostats, locks, doorbells), check which account has administrator access. Smart home apps (Google Home, Amazon Alexa, Apple Home, Ring, Nest) all have a list of linked accounts and household members. An administrator account can see device activity and, in the case of cameras and speakers, may have access to recordings.

If you cannot remove the other person from administrator access without it being noticed, note what access exists rather than acting immediately. A specialist support worker can help you think through the timing.

Mobile and family plans¶

If you are on a shared mobile contract, the account holder may be able to see call records, data usage, and location through the carrier’s account portal. Contact your mobile carrier from a safe device to understand what is visible and how to move to an independent account. Most carriers have processes for this.

What to do after the audit¶

You will likely find more shared access than you expected. You do not need to remove everything at once. Prioritise in order of risk: what gives the most visibility into your current situation and movements, what connects to your identity anchors, and what can be removed without alerting the other person at a moment that is not yet safe.

After the email is secured and the most critical shared access is removed, continue working through the list at a pace that fits your situation. This is not something to complete in a single session.