Digital safety steps when leaving¶

Trigger: you are preparing to leave, or have recently left, a relationship involving technology-facilitated abuse, and you need to reduce the digital access the other person currently has.

This runbook covers digital steps only. Physical safety and legal considerations are beyond its scope and must be addressed alongside it, not after. Contact a specialist support organisation before or while working through these steps. In the UK: Refuge (refuge.org.uk), Women’s Aid (womensaid.org.uk), and the National Domestic Abuse Helpline (0808 2000 247). They have advisors who understand the technology and can help you sequence this safely.

Before anything else: get a safe device¶

Do not plan, research, or communicate on a device the other person has had access to. If that means every device you currently have, borrow one from a trusted person who is not connected to the other person, or use a library computer.

Create a new email address on the safe device, through a provider the other person does not know you are using (ProtonMail, Tutanota, or a fresh Gmail account on a new Google account). Do not create it using your existing compromised account as a recovery option.

This new email address is your staging account. Use it for all the steps below. Do not access it from your usual devices.

Secure the existing email account¶

From the safe device, log into your primary email account and work through the reclaim your primary email runbook. In brief:

Check and remove any forwarding rules, connected apps, and delegated access. Change the password. Enable two-factor authentication using an authenticator app on the safe device. Change the recovery phone number and backup email address to options the other person does not have access to. Sign out all other active sessions.

Timing: this step is visible. The other person will lose whatever email access they had. Do this when you are ready for them to know the email is no longer accessible, or when you are in a position where their reaction can be managed safely.

Understand what is currently shared¶

Before removing access, know what you are removing. Work through the audit shared accounts playbook from the safe device to map the current picture: family sharing plans, location sharing, streaming accounts, smart home access, cloud storage. Note what exists and what your plan is for each, but do not remove everything at once until you have considered the timing of each.

Secure accounts in order of sensitivity¶

From the safe device, after the email is secured:

Banking: contact your bank directly and explain the situation. Banks have processes for this. Check for any accounts or credit products you did not open, authorised access on your existing accounts, and any payment methods linked to shared accounts. Ask what access currently exists and how to remove it.

Phone: if you are on a shared mobile contract, the account holder can see your call records and sometimes your location. Contact your carrier from a safe phone or in person and ask about moving to an independent account.

Other financial accounts: PayPal, investment accounts, anything with money or credit attached. Change passwords and check authorised access from the safe device.

Work accounts: if the other person has any access to your work systems, notify your employer’s IT or HR team. Frame it appropriately for your situation, but do not leave work accounts connected to compromised personal email or shared devices.

Social media: change passwords on all platforms. Check connected apps, active sessions, and privacy settings. Remove any location sharing. Check whether any accounts were created in your name that you did not create.

Check the physical environment¶

If your home has smart devices: see the audit shared accounts playbook. An administrator account on a smart home system has access to cameras, door locks, and activity logs. This may not be possible to remove safely until you have left the physical space.

If you suspect Bluetooth trackers have been placed in your belongings or vehicle: the Apple AirTag detection feature (on iPhone) or the Tracker Detect app (Android) can help locate them. Carry a physical sweep of bags, car, and clothing before any movement that matters for your safety.

After the immediate steps¶

Once the most critical access is secured, continue at a sustainable pace:

Remove your information from data broker sites: see the remove yourself from data broker sites playbook. Data brokers may hold your current address and phone number, which the other person can purchase.

Set up encrypted messaging: see the use encrypted messaging playbook. Switch your close contacts to a channel the other person is not on.

Check devices for stalkerware: see the check a device for stalkerware playbook. If you need the devices to remain usable as evidence, take advice from a specialist before running scans or resetting.

Preserve evidence: document what has happened. Screenshots with timestamps, records of contacts and communications, any evidence of surveillance or harassment. Use the safe device for this. Do not delete anything that may be relevant to legal proceedings, even if it is distressing.

When to involve outside help¶

A specialist support organisation should be involved from the beginning, not as a last resort. They can help with the sequencing, with understanding the legal picture, and with connecting you to technical experts who can assess devices and accounts in ways this runbook cannot.

If you are in immediate danger, that takes priority over every digital step in this runbook. The digital situation can be addressed in stages. The physical situation cannot wait.