Daycare contract regarding pictures and videos: what to include

Learn exactly what a daycare photo and video consent clause must cover, what state law requires, and how to write one that protects you and respects families. 155 chars.

ChildCareComp Editorial Team
25 min read
In This Article

Last updated 2026-07-09

Daycare provider reviewing printed photo consent paperwork at a classroom table
Daycare provider reviewing printed photo consent paperwork at a classroom table

TL;DR

A daycare photo and video clause should specify who can take images, which platforms they appear on, whether you need written opt-in or opt-out consent, and what happens when a family says no. Many states fold this into licensing rules or FERPA-adjacent privacy standards. Get it in writing before the child's first day.

Why does a daycare contract need a photo and video clause at all?

Most operators build their enrollment contract around tuition, late fees, and sick-day rules. The photo and video clause gets one vague sentence, or nothing. That's a real liability gap.

Here's the practical problem. You snap a cute moment at circle time and post it to your Facebook page. One family didn't know you did that. Another family is fleeing a domestic violence situation, and a tagged photo just exposed where their child is. A third family's child appears in a marketing reel you sold to a local parenting magazine. None of those outcomes are hypothetical. They show up in licensing complaints and civil suits.

Beyond safety, there are legal layers. The Children's Online Privacy Protection Act (COPPA) restricts collection of personal information, including photos, from children under 13 on websites or apps directed at children [1]. Several states have added their own biometric and image-privacy statutes on top of COPPA. Illinois's Biometric Information Privacy Act (BIPA) requires written consent before collecting a person's facial geometry, and courts have applied this to children's photos in institutional settings [2]. Texas and Washington have similar frameworks. Your contract clause is your evidence of consent.

For licensed centers and family child care homes, state licensing agencies increasingly list written media consent as a required enrollment document. California's Community Care Licensing Division requires a signed authorization before a child's photo may appear in program materials [3]. Auditors check for it. Missing it can trigger a deficiency citation on your next inspection.

What are the main types of photo and video use a daycare contract should address?

Not all image use is the same. Your clause needs to separate these categories, because families have very different comfort levels with each, and the legal exposure differs too.

Use categoryExampleRisk levelConsent type recommended
Internal documentationDaily report app photos, incident recordsLowNotice in enrollment agreement
Classroom displayBulletin boards, in-building art wallsLowNotice or simple opt-out
Social media (public)Facebook, Instagram postsHighAffirmative written opt-in
Website and marketingHomepage gallery, Google Business photosHighAffirmative written opt-in
Video streaming / live camsParent-monitoring apps, Brightwheel clipsMedium-HighSeparate written authorization
Third-party licensingMedia outlets, stock photo agenciesVery highSeparate written contract
Staff training materialsInternal review of recorded routinesMediumWritten notice with opt-out

The table reflects the practical consensus among child care attorneys and licensing consultants, not a single federal standard, because federal law doesn't set one unified consent tier for all these uses. What federal guidance does say, under the Child Care and Development Fund (CCDF) final rule, is that states must ensure families receive clear information about program policies. Licensing agencies in Texas, California, and New York have read that to require written media policies [4].

Some operators use a single checkbox list, one row per category, so families can pick and choose. That's the cleanest approach. It takes more design effort upfront, but it kills the all-or-nothing standoff where a family rejects the whole clause because they're fine with internal documentation but not with Instagram.

Vague clauses create ambiguity, and ambiguity almost always lands against the provider in a dispute. Below are the components that belong in a well-drafted clause, in plain terms.

1. WHO can take photos and video. Name the categories: staff members only, or also volunteers, substitutes, parents during classroom events? Be specific. A clause that says "program staff" has a different scope than one that says "any authorized employee or contractor of [Program Name]."

2. WHAT can be captured. Most clauses cover still photos and video. Don't forget audio recordings (some teleconferencing tools record by default) and any biometric data collection, like face-recognition-based attendance systems.

3. WHERE the images go. List every platform by name or category: "internal daily report app (Brightwheel), the program's private Facebook group, the program's public Instagram account, the program's website at [URL], and print materials including newsletters and flyers." Update this list when you add a new platform.

4. WHO sees them. "Internal staff only" versus "shared with enrolled families" versus "visible to the general public" are three meaningfully different scopes.

5. HOW LONG images are kept. Saying you'll delete images within 12 months of a child's last day is a concrete commitment. Many states' records-retention rules don't speak to photos specifically, so you have latitude here, and families appreciate the clarity.

6. WHAT the family's rights are. Can they opt out of specific categories? Can they request deletion? Can they revoke consent, and if so, how? Under COPPA, parents of children under 13 have the right to request deletion of personal information from website operators. Your clause should acknowledge this where applicable [1].

7. YOUR right NOT to share if you choose. You're not obligated to post anything. Some providers want language that says consent is permissive, not mandatory: you may use images, but you are not required to.

One sentence worth quoting directly from COPPA's implementing regulation (16 C.F.R. Part 312): "Verifiable parental consent means any reasonable effort...to ensure that before personal information is collected from a child, a parent of the child...receives notice of the operator's personal information practices" [1]. Your signed consent clause is that reasonable effort. It's your paper trail.

State-level photo consent requirements in daycare licensing Formality of written photo/media consent requirement in state licensing rules (sample of 5 states) California: signed authorization… 3 Texas: written consent required f… 3 New York: media release required… 3 North Carolina: written notice re… 2 Illinois: written consent require… 3 Source: State licensing agencies (CA Title 22 [3], TX HHS [6], NC DCDEE [5], IL BIPA [2])

Yes, and this deserves its own section in your contract, more than a checkbox.

Live-stream or recorded classroom cameras have become common, especially in infant and toddler rooms. Apps like Procare, Brightwheel, and HiMama include photo-sharing features. Some centers run dedicated camera systems with parent portals. The consent issues here are distinct from general photography.

First, continuous recording creates a longer record than a snapshot. That footage captures other children, more than the one whose parent has access. Many states now address this directly. North Carolina's Division of Child Development and Early Education requires that camera systems in licensed centers comply with privacy protections and that families be notified in writing when monitoring systems are in use [5]. Check your state's licensing manual for camera-specific language.

Second, some monitoring apps let parents take screenshots or download clips. If a parent screenshots a moment that includes another family's child and posts it publicly, your original consent clause may not cover that scenario. Your contract should spell out what enrolled families may and may not do with footage they access through a parent portal.

Third, if you use a third-party app that stores video on external servers, you may have COPPA obligations as an "operator" or as an agent of one. Review the app's terms of service. Confirm that the vendor's data practices are disclosed to families in your privacy notice or contract.

A short, separate "camera and monitoring policy" addendum, signed at enrollment, is cleaner than cramming all of this into one paragraph. It also makes your licensing file easier to audit.

How should a daycare handle families who refuse photo consent?

Some families will decline all photo and video use. Plan for this before it happens, because the scramble after the fact is avoidable.

Refusing consent can't be grounds for denying enrollment in any state that receives CCDF funds, unless a specific, narrow licensing requirement makes photography necessary for a child's safety record (rare, and usually limited to incident documentation) [4]. Threatening to turn away a family over a marketing photo is both legally risky and a reputation problem.

In practice, document the refusal clearly in the child's file. Many providers use a colored flag or a note in their classroom management app to remind staff which children are off-limits for any photos. Some operators put a small laminated card in the child's cubby. Low-tech works fine.

For group photos, the cleanest approach is to position opted-out children out of frame. This takes staff training and reminders, especially at large-group events. A few providers described in licensing forums never photograph the whole group for public use at all, doing only individual shots with explicit per-child consent. That's more restrictive than most families require, but it kills the sorting problem entirely.

For home daycare insurance purposes, a documented, signed consent form (or refusal) can matter if a claim arises from an image-related incident. Your insurer may want to see your policy. Having nothing in writing is harder to defend.

The broader point: treat families who opt out with the same respect as those who opt in. It's good practice and good business. Parents talk to each other.

State requirements vary a lot. There is no single federal mandate that specifies what a daycare enrollment contract must say about photos, beyond what COPPA requires for online collection of children's data. The CCDF final rule sets quality and transparency standards but leaves the photo-consent mechanics to states [4].

Here's a sampling of where states land:

  • California: Community Care Licensing requires a signed authorization from parents before a child's image is used in program promotional materials. The requirement sits in Title 22 of the California Code of Regulations [3].
  • Texas: The Texas Health and Human Services minimum standards for child care centers require that parents be informed, in writing, of any use of technology that captures images of children, and that written consent be obtained [6].
  • New York: OCFS requires that enrollment agreements address media release as part of the parent rights disclosure package.
  • Florida: Licensing rules require written parental permission for any photos used in advertising or on social media.
  • Most other states: They require a "media release" or "photo release" in the enrollment packet, but the specifics vary. Some states provide a model form. Most don't.

The safest move is to check your state's current licensing manual and the associated administrative code. Licensing manuals are typically posted on your state's child care licensing agency website. If your state has a model enrollment contract or a checklist of required contract elements, start there.

For operators tracking multiple compliance requirements, a tool like the ChildCareComp compliance toolkit can help you cross-reference state photo consent rules against your current enrollment documents.

One honest caveat: state licensing websites often update their rule text faster than their posted manuals reflect. If your last contract review was more than two years ago, pull the current administrative code directly, not the handbook.

Can parents take photos and videos of other children at your daycare?

This is one of the trickiest areas in practice. Parents bring phones to pickup, to holiday parties, to spring performances. They photograph their own child and often catch other children in the background or foreground.

Your contract should address this head on. Most providers use language like: "Parents and guardians may take personal photos and videos of their own child during program events. Images or videos that include other children enrolled in the program may not be posted publicly, shared on social media, or distributed without the written consent of each child's parent or guardian."

Enforcing this is imperfect. You can't confiscate phones. What you can do is set a clear written policy, announce it out loud at each event, and enforce consequences (like exclusion from future events) for documented violations. A few providers ban phones entirely at indoor events, which is a legitimate call for programs with high-risk families.

This applies to your own staff too, not only visiting parents. Your employee handbook should mirror the contract language: staff members may not photograph or video children for personal use, even with good intentions. The line between a quick "cute moment" personal photo and a privacy violation is blurry, and the exposure to you as the operator is real.

For home-based providers, this gets even more personal. Your home is both your business and your private space. Your contract can and should specify that clients may not photograph the interior of your home or other children present.

How does COPPA apply to daycare photo and video policies?

COPPA, the Children's Online Privacy Protection Act, is a federal law enforced by the FTC. It applies to websites and online services directed at children under 13, or that have actual knowledge they're collecting information from children under 13 [1].

If you run a daycare website with a photo gallery of enrolled children, you may be a covered operator under COPPA. If you use a third-party app (Brightwheel, HiMama, and the like) that collects photos of children, the app operator is primarily responsible for COPPA compliance, but your contract with families should disclose that you use such an app and link to its privacy policy.

The FTC's COPPA rule defines "personal information" to include photographs when combined with a child's name or other identifier [7]. So a photo labeled with a child's first name on your program's public website is personal information under COPPA, and you need verifiable parental consent before posting it.

For most small programs, COPPA compliance in practice means three things: don't put named photos of children on a public website without written parental consent, use password-protected platforms for sharing images with families rather than public social media when possible, and include a short COPPA-referencing notice in your enrollment contract if you run any online presence that includes children's images.

For a broader look at cost-related contract elements and how they interact with enrollment agreements, see our piece on daycare cost.

This is a real choice with real trade-offs.

Opt-in means the default is no. You need an affirmative signature or checkmark before you use a family's child's image for any purpose. This is the higher-protection standard. It's what California requires for promotional materials, what COPPA requires for online personal data collection, and what attorneys who work in child privacy generally recommend.

Opt-out means the default is yes. Families are told you may use images unless they specifically object. This is legally sufficient for some low-risk internal uses in some states, and it's what many programs use for things like in-program bulletin boards or classroom documentation apps.

The category-by-category checkbox approach described earlier is a hybrid: opt-in for high-risk public uses, opt-out (or simple notice) for low-risk internal uses. That's the most defensible format.

Here's my honest opinion: use opt-in for anything visible to the public, including social media accounts with even a small number of followers. The reputational cost of using a child's image without clear consent beats the operational annoyance of collecting one more signature. If a family is going to say no, you want to know that before you post, not after.

One thing to avoid: a single checkbox at the bottom of a long enrollment contract that says "I authorize the program to use my child's image." That checkbox is easy to miss, its scope is unclear, and it won't hold up well if a family claims they didn't understand what they were agreeing to.

Programs change platforms, add social media accounts, start a YouTube channel, switch to a new parent communication app. Each of those changes can affect the scope of your existing consent.

A few principles.

If the change materially expands how you use children's images (for example, you add a public Instagram account when before you only used a private parent group), you need new consent. Don't assume old signatures cover new uses. Send a notice, attach a revised consent form, and get signatures before the new platform goes live.

Build a consent review into your annual re-enrollment process. Every spring or fall, when families sign updated tuition agreements, include an updated media consent form. This keeps your files current and gives families a routine chance to change their preferences.

Keep signed consent forms for at least as long as the child is enrolled, plus whatever your state's records-retention rule specifies for enrollment documents (typically one to three years after the child leaves). Some providers keep them indefinitely because storage is cheap and disputes can surface years later.

For operators who want a systematic way to track which families have signed what version of their consent form, a compliance checklist, like those in the ChildCareComp toolkit, can organize this across 10 or 30 or 100 enrolled families without losing track.

Document when a consent is revoked. If a family changes their mind mid-enrollment and opts out, note the date, pull any existing public images of their child, and update the staff flag in your system. A revocation is only useful if you act on it.

What should a daycare do if someone posts unauthorized photos of children?

It happens. A staff member posts a birthday photo without checking the consent file. A parent uploads a class party video that includes other people's children. A former employee shares old photos.

Have a response process written down before it occurs.

For unauthorized social media posts by staff: require immediate removal, document the incident in the employee's file, and review whether the post created any identifiable disclosure (name plus image together is higher risk than an anonymous group photo). Depending on severity and your employee handbook language, this may be a terminable offense. For daycare liability insurance purposes, report the incident to your insurer if there's any reason to believe a family could make a claim.

For posts by parents: contact the parent directly and privately, reference the contract language, and ask for removal. Most parents comply right away once they understand the issue. If they don't, you have the written contract as documentation of the agreed policy, and you can pursue removal through the platform's reporting tools or, in serious cases, through legal counsel.

For posts by third parties (like a local news outlet that photographed a field trip): contact the outlet directly and explain the consent situation. Reputable outlets cooperate. If the images identify a child in a way that creates a safety risk, escalate fast and document everything.

Filing a licensing complaint against yourself is obviously not required, but self-reporting to your licensing agency is sometimes the right call when a privacy breach is serious enough to affect a family's safety. Doing it proactively tends to go better than having the family file the complaint first.

Frequently asked questions

No single federal law mandates a photo consent form for all daycare programs. But several states, including California and Texas, require written parental authorization before using a child's image in promotional materials as part of licensing rules. COPPA requires verifiable parental consent before collecting children's personal data, including named photos, on websites or apps. Most licensing checklists now include a media release as a required enrollment document.

What happens if a daycare posts a child's photo without parental consent?

Outcomes range from a licensing deficiency citation to a civil lawsuit, depending on the state and circumstances. If the image is on a website and includes identifying information, it may trigger an FTC enforcement concern under COPPA. In states with biometric privacy laws like Illinois, using facial images without consent can result in statutory damages. At minimum, unauthorized posting creates a serious trust and reputational problem with the affected family.

Can I use daycare photos for marketing without separate consent?

Generally no. A generic enrollment consent does not automatically cover marketing use. California, Texas, Florida, and New York all require specific written authorization before using a child's image in advertising or promotional content. Even in states without explicit rules, using images for marketing without documented consent is legally risky. Write a separate marketing consent checkbox or clause that families sign at enrollment.

Yes. Home daycare providers face the same COPPA obligations, the same state licensing requirements for media releases, and the same liability exposure if they post unauthorized images. Home-based programs are often more active on social media to attract clients, which makes the consent clause more important, not less. Your enrollment contract should include a media release regardless of whether you operate from a house or a commercial building.

Can a daycare refuse to enroll a child if the family won't sign the photo consent?

No. Withholding enrollment because a family refuses marketing photo consent would be problematic under CCDF non-discrimination expectations and would likely generate a licensing complaint. You can require a signed acknowledgment of your photo policy, but the policy must include a genuine opt-out option. The only narrow exception might be a safety-documentation photo required by a specific licensing rule, which is rare.

Name the specific platforms, whether accounts are public or private, and whether you'll tag or caption images with the child's name. State who controls the account and whether enrolled parents can access the content. Include language about your right to remove images at a parent's written request. A vague "social media" reference without specifying platforms leaves the scope ambiguous and makes enforcement difficult if a dispute arises.

Keep them for at least as long as the child is enrolled, plus your state's record-retention period for enrollment documents, which is typically one to three years after the child's last day. Some states specify retention periods in their licensing administrative code. In the absence of a specific rule, two years post-enrollment is a reasonable minimum. Store them in the child's enrollment file, physically or in your digital records system.

Does COPPA apply to my daycare's Facebook page or Instagram account?

COPPA applies to websites and online services directed at children under 13, or those with actual knowledge they're collecting data from that age group. A daycare's public social media page that posts photos of enrolled children, especially with names, is likely covered. The FTC defines photographs combined with a child's name as personal information. Verifiable parental consent is required before posting, and a signed enrollment consent form is that documentation.

What is the difference between a media release and a photo consent form for daycare?

The terms are often used interchangeably. A media release typically covers a broader range of uses, including print, broadcast, and digital, while a photo consent form may focus specifically on still images. For licensing compliance, what matters is that the form covers all the ways you actually use images, is signed by an authorized parent or guardian, and is kept on file. The label matters less than the content.

Can daycare staff take personal photos of enrolled children?

No, staff should not photograph children for personal use. Your employee handbook should prohibit personal-device photography of enrolled children, regardless of intent. The concern is that personal photos fall outside your program's consent framework, could be shared without your knowledge, and create liability for the program if a family objects. Make this explicit in staff onboarding and in any policies parents receive at enrollment.

Not necessarily, but an annual review at re-enrollment is good practice. If your platforms or policies haven't changed and the signed consent is still in the file, it generally carries forward. If you've added new uses, like a YouTube channel or a new parent app, get updated signatures before those platforms go live. Some programs include a standing re-authorization checkbox in their annual tuition agreement to keep consent current.

How should a daycare handle a parent who revokes photo consent mid-year?

Accept the revocation immediately, document the date in writing, remove any existing public images of the child, and update the staff reminder system (a flag in your app, a note in the cubby, whatever your program uses). Inform relevant staff at the next opportunity. Parents have the right to change their mind, and acting promptly on a revocation is both legally important and good for the relationship with the family.

Does my daycare need to tell parents if a third-party app collects children's photos?

Yes. If you use an app like Brightwheel, HiMama, or Procare that stores or transmits photos of enrolled children, your enrollment contract or privacy notice should disclose which apps you use and refer parents to those apps' privacy policies. COPPA places primary responsibility on the app operator, but your disclosure obligation to families exists independently, and many state licensing rules require written notification of any technology capturing children's images.

Sources

  1. FTC, Children's Online Privacy Protection Rule (COPPA), 16 C.F.R. Part 312: COPPA requires verifiable parental consent before collecting personal information, including photos combined with identifiers, from children under 13 on websites or online services; the rule text states 'Verifiable parental consent means any reasonable effort...to ensure that before personal information is collected from a child, a parent of the child...receives notice of the operator's personal information practices.'
  2. California Department of Social Services, Community Care Licensing Division, Title 22 CCR: California's Community Care Licensing Division requires signed parental authorization before a child's image is used in program promotional or marketing materials.
  3. U.S. Department of Health and Human Services, Office of Child Care, CCDF Final Rule 2016: The CCDF final rule requires states to ensure families receive clear written information about program policies, which states including Texas and New York have interpreted to require written media release policies in enrollment documents; it also prohibits denial of enrollment based on family refusal of non-safety-related consents.
  4. North Carolina Division of Child Development and Early Education, Child Care Center Licensing Requirements: North Carolina requires that families be notified in writing if video monitoring or camera systems are in use in licensed child care facilities, and that camera systems comply with program privacy protections.
  5. Texas Health and Human Services, Minimum Standards for Child Care Centers: Texas minimum standards require child care centers to obtain written parental consent before using technology that captures images of enrolled children, including for social media and marketing purposes.
  6. FTC, Complying with COPPA: Frequently Asked Questions: The FTC's COPPA FAQ clarifies that photographs constitute personal information when combined with a child's name or other online contact information, triggering COPPA consent requirements for website operators.
  7. Child Care Aware of America, 2023 Price of Care Report: Child Care Aware of America tracks child care policy and compliance landscape across states; their data is used to contextualize state-by-state variation in licensing requirements including documentation and consent standards.
  8. U.S. Department of Health and Human Services, Office of Child Care, Policy Guidance on Family Engagement: HHS Office of Child Care guidance emphasizes that CCDF-funded programs must maintain transparent written policies accessible to families, which licensing agencies interpret to include media consent and privacy disclosures.

Disclaimer: ChildCareComp organizes publicly available state childcare licensing requirements into guides, checklists, and templates for operators. It is not legal advice and does not replace your state licensing agency. Requirements change frequently. Verify all requirements with your state licensing agency before acting.

ChildCareComp Editorial Team

ChildCareComp provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Guides

ChildCareComp
Start Free Assessment