Pool Filming Privacy for Swim Clubs

By BC — Founder, SwimMate
2026-02-21 · 6 min read
Updated 2026-04-01
A split comparison: filming privacy vs data privacy.

TLDR

  • Treat pool filming privacy as two problems: filming privacy (what happens on deck) and data privacy (what happens after capture).
  • You can reduce most risk with four operational controls: session boundaries, consent + notice, access control, retention + deletion.
  • In COPPA-covered contexts, a photo, video, or audio file containing a child's image or voice can be treated as personal information; parental consent requirements can apply. (FTC guidance) 1 2
  • Some states go beyond COPPA: California (CCPA/CPPA) and Illinois (BIPA) impose additional requirements on minor data and biometric information respectively. Always confirm specifics with legal counsel for your jurisdiction. 3 4
  • Prefer systems and policies that support: local-first processing by default, explicit consent for uploads/sharing, and "only my swimmer" access for families.

1) Acknowledge the issue (plainly)

If you film youth athletes, parents will worry about:

  • "Who can see the footage?"
  • "How long is it kept?"
  • "Will my child be posted online?"
  • "Is this happening outside practice?"

Ignoring these questions kills adoption. A simple, repeatable policy builds trust and keeps the program running. For the operational side of rollout, pair this with the setup guide for swim video analytics.

One note on alternatives: some clubs try to avoid cameras by relying on wearables, but if you want elbow-angle-level technique you can't do it with a single device. You need multiple sensors across the body and calibration, which introduces its own consent, data handling, and logistics burden.

2) Filming privacy (what happens in the pool space)

Filming privacy is about boundaries and behavior.

A) Session boundaries

  • Cameras/analytics are on only during defined team practice sessions.
  • One person owns start/stop (not "whoever remembers").
  • Out-of-scope zones are explicit (changing areas; public swim; unrelated lessons).

B) Consent + notice

  • Deck signage at entrances and on deck.
  • Explicit opt-in for athletes/guardians.
  • A one-page parent FAQ: what is captured, why, and what controls exist.

C) Access control on deck

  • Coaches see what they need for coaching.
  • Parents see "only my swimmer" if parent access exists.
  • No shared passwords. Prefer audit logs if supported.

3) Data privacy (what happens after capture)

Data privacy is about storage, sharing, and retention.

A) Where processing happens

Ask: where is raw video processed by default? Local-first processing reduces how much raw imagery is transmitted and stored remotely.

If you can avoid uploading raw video by default, you reduce the breach surface area and simplify your privacy posture.

B) Retention and deletion (make it boring and clear)

  • Raw video retention default: short (club-defined).
  • Who can extend retention and why: documented.
  • Deletion request process: one owner + response time.

C) Sharing controls

  • No public links by default.
  • Avoid personal-device storage for staff.
  • Watermark or expire shared clips if the system supports it.

D) "Only my swimmer" segmentation

For parent/swimmer access, the cleanest rule is: athletes can access only their own footage and metrics.

4) State-level considerations

COPPA sets the federal floor for child data online in the United States. Two states have additional requirements that swim clubs should be aware of:

California (CCPA / CPPA)

The California Consumer Privacy Act (CCPA) and its amendment (CPRA) give California residents enhanced rights over their personal information, including minors. 3 Key points for swim clubs:

  • California residents under 16 must affirmatively opt in (not just fail to opt out) before a business can "sell" their personal information. This applies to sharing data with analytics platforms and third-party processors.
  • Clubs with California members that collect video or performance data should ensure their vendor contracts include proper data processing agreements.
  • If your club has fewer than 100,000 members annually and under $25M in annual revenue, you may fall below CCPA threshold — but confirm with legal counsel.

Illinois (BIPA — Biometric Information Privacy Act)

Illinois has one of the strictest biometric data laws in the US. 4 Key points:

  • BIPA covers "biometric identifiers," which can include facial geometry derived from video. If your swim analytics system processes video to identify individual swimmers by their physical characteristics, that may qualify.
  • BIPA requires: written policy, informed written consent before collection, specific data retention schedules, and prohibition on selling biometric data.
  • Private right of action: BIPA allows individuals to sue directly, with damages of $1,000–$5,000 per violation. This is a material compliance risk.
  • If you operate in Illinois or have Illinois-resident athletes, confirm with legal counsel whether your analytics system falls within BIPA scope.

General guidance

Laws vary by state and evolve quickly. The safest posture is to:

  1. Collect only what you need.
  2. Get explicit written consent before any data collection begins.
  3. Document your data processing, retention, and deletion procedures.
  4. Review annually with a qualified attorney.

5) Compliance checklist (10 points)

Use this as a minimum viable compliance checklist before going live with any swim analytics program involving minors.

  1. Session scope defined in writing — document exactly when cameras are active and which spaces are in/out of scope.
  2. Signage posted — at every entrance to the filming area and visibly on deck.
  3. Written consent collected — from parents/guardians of all athletes under 18 (under 13 in particular for COPPA).
  4. Data handler identified — one named person responsible for data requests, deletions, and breaches.
  5. Vendor DPA reviewed — confirm your analytics vendor has a data processing agreement covering minors.
  6. Retention policy documented — default retention period set, extension criteria defined.
  7. Deletion process tested — verify you can delete an individual swimmer's data on request and within a defined timeline.
  8. Access controls verified — coach access, parent access, and admin access are separated; no shared credentials.
  9. No public sharing by default — confirm clips cannot be shared publicly without explicit action.
  10. Legal review for your state — confirm compliance with COPPA (federal) plus any applicable state laws (California, Illinois, others).

Templates (copy/paste)

Signage (minimum viable)

NOTICE: Training video and performance analytics may be used during scheduled team practice sessions in this area. Access is limited to authorized staff and participating athletes/guardians. Questions or deletion requests: [club email]

Parent message (short)

We use training video and analytics during scheduled practices to help coaches deliver more specific feedback and help families see progress. Cameras are on only during practice sessions, access is restricted, and we use a defined retention and deletion process. Questions: [club email].

Parent consent form (full template)

[Club Name] — Training Video and Analytics Consent Form

I, [Parent/Guardian Name], authorize [Club Name] to collect training video and performance analytics for my child, [Athlete Name], during scheduled team practice sessions at [Facility Name].

What is collected: Overhead and/or underwater video during practice sessions; automated performance metrics (lap times, stroke rates, split times).

Who can access: Coaching staff only; parents/guardians may access data for their own child only.

How long data is kept: Raw video is retained for [X days/weeks] by default. Processed metrics may be retained for [X months] for longitudinal tracking. Extended retention requires written request.

How to request deletion: Contact [Data Handler Name] at [email]. Deletion requests will be processed within [X business days].

Third-party processing: [Vendor Name] processes video under a data processing agreement. No raw footage is shared with third parties beyond this agreement.

Signature: __________________ Date: __________

FAQ

Do swim clubs need consent to film practice?

For youth programs, explicit consent + clear notice is a best practice regardless of jurisdiction. Requirements vary, so treat this as an operational standard and confirm specifics for your region.

What should signage say for filming at a swim practice?

State when filming occurs (practice sessions only), who can access footage, and how parents can ask questions or request deletion.

What should a pool camera privacy policy include?

Session boundaries, what is captured, who can access it, retention, deletion, and sharing controls.

How long should swim practice video be kept?

Short by default. Extend only when needed for training goals and when your consent and deletion policy supports it.

How should clubs handle deletion requests?

Assign one owner, define identity verification, set a response time, and keep a simple log of actions taken.

Is pool filming covered by COPPA?

COPPA applies in covered online contexts; FTC guidance notes that a photo/video/audio file containing a child's image or voice can be personal information. Use this as a risk lens and get legal guidance for your exact setup. 1 2

What are the COPPA requirements for swim clubs using video analytics?

If your analytics platform is an online service and collects data from athletes under 13, COPPA requires verifiable parental consent before collection, clear privacy notices, and data deletion on request. The FTC's six-step compliance plan is a useful starting point. 2

Does Illinois BIPA apply to swim practice video?

Potentially, if your analytics system uses video to identify individual swimmers by biometric characteristics (e.g., facial recognition or body geometry). BIPA requires written consent, a retention schedule, and prohibits selling biometric data. The private right of action ($1,000–$5,000 per violation) makes this a material compliance risk for Illinois-based clubs. Confirm scope with legal counsel.

Related reading

References

Footnotes

  1. FTC COPPA FAQ (photos, videos, audio): https://www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked-questions 2

  2. FTC COPPA six-step compliance plan (definition of personal information): https://www.ftc.gov/business-guidance/resources/childrens-online-privacy-protection-rule-six-step-compliance-plan-your-business 2 3

  3. California Consumer Privacy Act (CCPA) overview: https://oag.ca.gov/privacy/ccpa 2

  4. Illinois Biometric Information Privacy Act (BIPA), 740 ILCS 14: https://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=3004&ChapterID=57 2