Your spouse may already have access to your messages, your location, and your financial accounts. This checklist exists because most people find out too late.
Maintained by Predaxia. Privacy for people who have something to lose.
Consumer spyware takes five minutes to install. It runs invisibly. It logs every message, every call, every location update, and sends everything to a dashboard the other person checks daily. Products like mSpy, FlexiSpy, and Hoverwatch are legally sold and marketed specifically for domestic monitoring.
The window between the decision to file and the actual filing is when the most damage happens. Shared accounts, shared devices, shared cloud storage. Each one is a liability once proceedings begin.
This is not a guide about hiding evidence. There is a legal distinction between routine data hygiene and evidence spoliation. This guide covers what that line looks like and what to do on the right side of it.
-
Understand the legal line. Deleting data after legal proceedings become reasonably foreseeable can be held against you in court. Before that point, it is not spoliation. Know where the line is before you act. What counts as deleting evidence vs protecting yourself
-
Check whether your phone is monitored. Battery drain, background data spikes, unexpected warmth, notification anomalies. Eight symptoms are reliably documented across multiple spyware products and are detectable without technical expertise. 8 signs your phone is being monitored
-
Assume your devices are already compromised. If your spouse had physical access to your phone for five minutes at any point in the last six months, operate on the assumption that a monitoring app is installed. Why you should assume your devices are compromised before filing
-
Get a new phone your spouse has never touched. Do not restore it from a shared iCloud or Google account. Set it up as a new device with a new Apple ID or Google account.
-
Do not connect the new device to your home Wi-Fi. Use mobile data or a trusted network until you have changed all passwords.
-
Set a strong password on the new device. 16 characters minimum, alphanumeric. Not a 4-digit PIN. Not Face ID alone. A 7-character password was cracked in 6 hours in a documented federal case using forensic tools.
-
If you must keep your old phone active to avoid suspicion, do not use it for anything sensitive. Treat it as a monitored device. All sensitive communication happens on the new device only.
-
Change passwords on all accounts from the new device only. Start with email. Then financial accounts. Then cloud storage. Then social media. Never change a password from a device your spouse has had access to.
-
Enable two-factor authentication on every account. Use an authenticator app, not SMS. SMS codes can be intercepted in real time through documented attacks on the SS7 protocol.
-
Remove your spouse from shared accounts. Apple ID family sharing, Google account, iCloud, streaming services, Amazon. Each shared account is a window into your activity.
-
Check which apps are signed into your accounts. Go to your Google account security page and your Apple ID device list. Remove any device you do not physically control.
-
Disable location sharing everywhere. Find My iPhone, Find My Friends, Life360, Google Maps location sharing. All of them.
-
Check for AirTags or Tile trackers. In your bag, your car, your coat pockets. Apple has a detection feature built into iOS. On Android, use the Tracker Detect app.
-
Turn off significant locations on your iPhone (Settings, Privacy, Location Services, System Services, Significant Locations). This log records every place you visit with timestamps.
-
Your phone carrier sells your location data. This is documented, not alleged. AT&T, T-Mobile, and Verizon sold real-time location data to third-party aggregators for years. The FCC issued fines. Consider whether your carrier account is in your spouse's name.
-
Do not delete old posts. Deletion after proceedings become foreseeable can constitute spoliation of evidence. Courts have penalized this.
-
Set all accounts to private immediately.
-
Stop posting about travel, purchases, lifestyle, or new relationships. Judges use Instagram posts as evidence in family court. Posts showing spending inconsistent with financial disclosures are regularly submitted as exhibits.
-
Screenshot anything your spouse has posted that may be relevant to your case. Do it now, before they delete it.
-
Understand that your digital footprint extends beyond social media. Search engine history, purchase history, app usage patterns. All of it is potentially discoverable.
-
Use Signal for sensitive conversations. Enable disappearing messages. Disable notification previews entirely (Settings, Notifications, Show Previews, set to Never).
-
Do not communicate about your case on any platform your spouse has ever had access to. Not email. Not iMessage on a shared Apple ID. Not WhatsApp if your spouse has ever held your phone.
-
Be aware that email metadata reveals more than content. Who you contacted, when, and how often. The content can be encrypted. The metadata usually cannot.
-
Open a new bank account at a different institution. Do not link it to any existing accounts.
-
Monitor all shared accounts for unauthorized transactions or changes.
-
Document all shared account balances, debts, and assets before separation. Screenshots with timestamps.
-
Use a password manager on the new device only. Never use the browser's built-in password save feature on a shared device.
-
Search your name on Spokeo, WhitePages, and BeenVerified. See what is publicly available. Your home address, phone number, and family member names are likely already out there.
-
Submit opt-out requests to the major data brokers. The manual process is free and covers the same brokers as paid services. How to remove yourself from data broker sites
-
If your safety is at risk, consider a paid removal service like DeleteMe that monitors for re-listing and automates the opt-out cycle.
-
Do not install spyware on your spouse's device. It is illegal in most jurisdictions regardless of the marital relationship.
-
Do not access accounts you are not authorized to access, even if you know the password.
-
Do not record conversations without understanding your state's consent laws. Some states require all-party consent.
-
Do not destroy devices or storage media. This is almost certainly spoliation once proceedings are foreseeable.
Every situation is different. A threat model is a structured way to identify what you are protecting, from whom, and what you are willing to do about it. Most people can complete one in under 20 minutes.
How to build your threat model in 20 minutes
59 OPSEC and privacy terms explained for non-technical users: predaxia.com/glossary
Predaxia is an independent publication covering operational security for civilians. We test tools under real conditions, document field failures, and write for people whose privacy is not theoretical.
There is no perfect setup. Anyone selling you perfect is selling fear. The goal is simple: make yourself a harder target than the person next to you.
(c) 2026 Predaxia - predaxia.com