The 2026 Safety-First Checklist for Domestic Violence Charities: Protecting Beneficiaries in a Digital Age

Look, here’s the thing: abusers don’t just weaponize phone calls anymore. In 2026, they’re using IoT devices, AI-powered deepfakes, and sophisticated stalkerware to maintain control over survivors even after they’ve physically escaped. For domestic violence charities, this reality demands more than well-meaning safety talks. It requires concrete, technology-driven protocols that actually protect the people you serve.

You’ll learn how to secure devices survivors use, build organizational policies that create real firewalls (not just paperwork), address the smart home problem that’s turned thermostats and baby monitors into surveillance tools, and educate survivors so they can protect themselves. Plus, we’ll cover what to do when, despite your best efforts, something goes wrong.

The Digital Threat Landscape: What’s Changed

Stalkerware and spyware now let abusers remotely monitor phones, capturing texts, calls, and exact locations without leaving any visible trace. And they’ve become disturbingly affordable.

Smart home technology created new harassment avenues. An analysis of 13 common IoT devices revealed widespread exploitable vulnerabilities in cameras, doorbells, and thermostats that enable intimidation, gaslighting, and 24/7 surveillance.

Perhaps most disturbing? AI-driven deepfakes and image-based abuse. What starts as online harassment quickly spills into real-world consequences like job loss, destroyed reputations, or devastating custody battles. As one UN report highlighted, 1 in 4 women journalists face online death threats, mirroring the digital violence trends survivors experience daily.

In 2025, Gen Digital and partners donated nearly 2,000 Norton licenses (retail value over $200,000) to survivors through shelters. That’s both a lifeline and a sobering reminder of just how massive this need has become. The stat that really drives it home? 97% of U.S. domestic violence programs report survivors experiencing technology-related abuse (NNEDV via Respond Inc.). This isn’t some future threat we’re preparing for. It’s happening now, in every shelter, every support group, and every safety planning session across the country.

Common Challenges We See Daily

Before nonprofits implement comprehensive digital safety protocols, we witness recurring patterns that put survivors at serious risk.

The “shared device” blindspot: You allow clients to use staff computers or tablets for job applications and housing searches, not realizing these devices cache search history and auto-save passwords. One abuser discovered their partner’s new address through a shelter computer’s browser history. Just one uncleared cache.

Over-reliance on donated but outdated hardware: Accepting well-intentioned device donations without proper security vetting. We’ve seen charities distribute smartphones to survivors that still had previous owners’ cloud accounts linked, creating accidental data leaks that put people in danger.

The scattered tech stack vulnerability: Running donor management on one platform, client intake on spreadsheets, and communications through personal email accounts creates multiple breach points. When one system’s compromised, there’s no firewall protecting other critical data.

Inconsistent staff training: Front-desk volunteers receive different safety protocols than case managers, creating weak links. One organization discovered their part-time weekend staff was inadvertently confirming client presence over the phone. All it takes is one person who doesn’t know the protocol.

Secure Devices DV Survivors: The Foundation Layer

Device hygiene represents your first and most critical line of defense. Without this foundation, every other security measure basically crumbles.

Enable multi-factor authentication (MFA) on all accounts immediately. This blocks 99% of automated attacks. Even when abusers steal passwords, they can’t access accounts protected with app-based authenticators like Authy. Avoid SMS-based verification, which can be intercepted.

Schedule automated malware scans and software updates without exception. A UK study found that 95% of tech abuse cases exploited unpatched vulnerabilities in IoT devices and applications. Partner with organizations like TechSoup to access free or discounted antivirus tools such as Norton 360.

Create separate “clean” accounts for survivors that abusers have no knowledge of. This prevents cross-contamination between old, potentially compromised accounts and new, secure ones. Advise using incognito mode or public Wi-Fi for initial account setup to avoid leaving traces on shared devices.

Limit app permissions ruthlessly. Review weekly which applications have access to cameras, microphones, contacts, and location data. Stalkerware relies on excessive permissions to function, so you’re essentially cutting off its oxygen supply.

In our experience, nonprofits who consolidated onto efficient, integrated platforms freed up resources for critical safety investments like enterprise-grade security tools. When you’re not juggling five different systems, you’ve got more bandwidth (and budget) for what actually protects people.

Data Privacy and Organizational Policies

Your organization’s policies either protect survivors or create liability. There’s really no middle ground here.

Develop survivor-centered data policies that mandate encryption for all client information, maintain detailed access logs, and conduct annual security audits. Ensure compliance with VAWA (Violence Against Women Act), FVPSA (Family Violence Prevention and Services Act), and VOCA (Victims of Crime Act) confidentiality requirements.

Segregate your most sensitive data using air-gapped systems that have no internet connectivity for client records containing addresses, shelter locations, or legal proceedings. This creates a true firewall against digital breaches. Old-school? Maybe. Effective? Absolutely.

Implement comprehensive staff screening and training protocols that include background checks, phishing recognition exercises, and secure device disposal procedures. Your weakest security link is often human error, not technical failure.

Limit database sharing even internally. Seal court records when possible and use private mailboxes rather than physical addresses for all organizational correspondence.

We’ve found that donor portals can maintain rigorous security while enabling growth. Nonprofits like Safe Families achieved 300%+ donor acquisition growth while keeping supporter information protected through properly architected systems. Security and growth aren’t mutually exclusive when you’ve got the right foundation.

IoT Safety Domestic Violence: The Smart Home Problem

Smart home devices require special attention because they’re designed for convenience, not security against malicious household members. That’s the uncomfortable truth manufacturers don’t advertise.

Audit every connected device in your facility and advise clients to do the same. Change all default passwords, disable remote access features, and factory reset any device that may have been compromised. A single unsecured baby monitor can provide an abuser with audio and video access to a supposedly safe space.

Take an unconventional approach with “device divorce” protocols. When survivors escape, help them reassign IoT device ownership using manufacturer apps. Organizations like Ring/Amazon have developed protocols with NNEDV guidance specifically for these situations. It’s tedious work, but it matters.

Block geofencing exploits in vehicles and security cameras. Where possible, recommend wired alternatives that can’t be accessed remotely. Train staff and clients on risks posed by baby monitors, cordless phones, and smart appliances, preferring encrypted models when replacement is necessary.

“Technology should empower survivors, not provide new tools for their abusers. Organizations that treat digital safety as an afterthought put their beneficiaries at continued risk.”

Funraise CEO Justin Wheeler

Survivor Tech Education: Building Digital Independence

Education transforms survivors from vulnerable targets into informed participants in their own safety. That shift from passive victim to active protector? It’s powerful.

Teach safe browsing fundamentals: how to use VPNs, enable incognito mode, clear caches, and avoid shared devices when creating safety plans. These basics make the difference between a successful escape and a tracked relocation.

Provide comprehensive safety plan templates that cover changing passwords on all accounts, disabling shared logins (particularly Google and Apple IDs that sync across devices), and properly documenting abuse through screenshots and secure storage.

Train on anonymous communication tools like Signal and other end-to-end encrypted platforms. Resources from NNEDV’s Tech Summit provide tested frameworks you can adapt for your specific client population.

One approach is using integrated platforms for secure, personalized safety reminders via SMS and email automation. Nonprofits using targeted communication technology report 78% higher conversion rates, a principle that applies equally to safety protocol compliance among survivors. When reminders arrive at the right time through secure channels, people actually follow through.

AI-Powered Prompt: Customize Your Safety Protocol

Ready to develop organization-specific safety protocols? Copy and paste this prompt into ChatGPT, Claude, Gemini, or Perplexity:

I run a [TYPE_OF_DV_ORGANIZATION] serving approximately [NUMBER_OF_CLIENTS] survivors annually in [GEOGRAPHIC_LOCATION]. Our current technology stack includes [LIST_YOUR_CURRENT_TOOLS]. 

Create a prioritized 90-day digital safety implementation plan that addresses:
1. Most critical device and account security measures for our specific client population
2. Staff training modules appropriate for our organization size
3. Budget-conscious security tool recommendations
4. Survivor education materials we can customize for our community

Focus on practical steps we can implement immediately with limited IT resources.

Replace the bracketed variables with your specifics, and you’ll receive a customized roadmap. While tools like this provide valuable starting points, consider solutions like Funraise that have AI functionality built directly into your workflow, maintaining full context of your donor relationships, campaign history, and organizational needs without requiring copy-pasting between platforms.

Encrypted Chat DV Nonprofits: Secure Communications Matrix

Different communication channels require different security approaches. Here’s what we’ve learned works:

Channel	Best Practice	Risk Mitigation
Email/SMS	Use ProtonMail or Signal instead of standard email/text	Create non-identifying usernames (bluecat2026@protonmail.com vs. survivor.name@gmail.com)
Video/Chat	Zoom with end-to-end encryption enabled; prefer anonymous participant options	Never screenshare documents containing addresses, full names, or case numbers
Social Media	Private profiles only, disable location tagging, use That’s Not Cool resources	Implement blocking/reporting protocols using Working to Halt Online Abuse tools

Apply the same strategic thinking behind AI-powered recurring revenue tools (which helped OTAT boost recurring revenue by 1000%) to your survivor follow-up communications. Secure, personalized touchpoints maintain connection without compromising safety. It’s about being intentional with your outreach.

Nonprofit Cybersecurity Vendors: The Vetting Framework

Not all technology vendors understand the unique safety requirements of domestic violence work. Your vetting process needs to be rigorous, maybe even a li’l paranoid.

Vendor Criteria	Checklist Items	Example Tools
Security Standards	SOC 2 Type II compliance, data encryption at rest and in transit, transparent breach history	Funraise (secure donor portals), TechSoup donation programs
Nonprofit Focus	VAWA-compliant features, privacy-by-design architecture, experience serving DV organizations	NNEDV technology partners (Airbnb, Uber safe coordination)
Scalability	API integrations, mobile-responsive platforms, multi-location support	Platforms demonstrating 583% year-over-year revenue growth for users

Audit third-party vendors quarterly, not annually. The threat landscape evolves too rapidly for yearly reviews, especially with AI-powered scams increasing throughout 2026. Annual reviews made sense in 2015. They’re basically negligent now.

For multi-chapter DV networks, consider platforms that offer subaccount functionality. This enhances data silos for privacy while maintaining consolidated impact measurement across your organization. You can protect individual locations while still understanding your collective reach.

DV Charity Incident Response: When Prevention Fails

Despite best efforts, breaches happen. Your response protocol determines whether an incident becomes a catastrophe.

Build a rapid response protocol that includes immediate device isolation, law enforcement notification (when appropriate), and meticulous documentation for potential legal proceedings. Every minute counts when an abuser discovers a survivor’s location. You don’t have time to figure out your process during a crisis.

Monitor trends proactively rather than reactively. Use reporting dashboards to identify internal threat patterns. Consider how data-driven platforms helped organizations achieve 65.8% monthly giving growth and apply the same analytical rigor to safety metrics. What patterns emerge before breaches? Where are your vulnerabilities clustering?

Take an unconventional approach with AI threat simulators. Train staff using mock deepfake scenarios and phishing attempts, potentially funded through Mozilla grants or similar technology-focused nonprofit support programs. It feels a bit like corporate team-building exercises (yeah, it’s cheesy), but the muscle memory staff develop actually saves lives.

Conduct annual external audits by security professionals who understand domestic violence dynamics, not just general cybersecurity principles. There’s a real difference between someone who can secure a network and someone who understands why revealing a client’s presence at your facility could get them killed.

Building a Safety-First Culture in 2026

Technology alone won’t protect survivors. The most sophisticated security tools fail when organizational culture treats digital safety as an IT problem rather than a mission-critical priority.

Mandate annual cybersecurity training for all staff and volunteers, covering evolving threats like AI scams, phishing tactics, and relocation privacy measures such as credit freezes. Make this training as mandatory as your abuse recognition training. If someone’s not trained on digital safety, they shouldn’t have access to client data. Period.

Form “Tech Safety Coalitions” with technology companies. Norton, Google, and other tech firms increasingly recognize their products’ role in both enabling and preventing tech-enabled abuse. These partnerships provide access to audits, donated tools, and expertise your budget couldn’t otherwise afford. Don’t be shy about asking. They’re looking for these collaborations.

Leverage resources like NNEDV’s Safety Net for webinars, toolkits, and peer learning opportunities. Track staff completion and competency through dashboards, ensuring accountability. You can’t manage what you don’t measure, even in the nonprofit world.

The Path Forward: From Intentions to Impact

The gap between good intentions and measurable impact has never been more apparent than in digital safety for domestic violence survivors. Saying you care about survivor safety while using outdated devices, unencrypted communications, and inconsistent protocols isn’t just ineffective. It’s dangerous.

This checklist provides the foundation, but implementation separates organizations that truly protect beneficiaries from those that simply hope for the best. Start with device security, build robust policies, educate survivors and staff, audit your vendors, and prepare for incidents before they occur.

The technology exists to protect survivors in 2026. The question is whether your organization will deploy it strategically or continue operating on good intentions alone. Survivors deserve the former. They’ve already survived enough. They shouldn’t have to survive your security gaps too.

Ready to consolidate your technology stack while enhancing security? Start with Funraise’s free tier to experience how integrated, purpose-built nonprofit technology eliminates the security vulnerabilities created by scattered systems. When your fundraising, communications, and donor management live in one secure platform, you reduce breach points while scaling impact. No commitments required to start.