diff --git a/Gemfile b/Gemfile
index 4596178..892c538 100644
--- a/Gemfile
+++ b/Gemfile
@@ -52,3 +52,5 @@ group :test do
 end
 
 gem "faker", "~> 2.21"
+
+gem "pundit", "~> 2.2"
diff --git a/Gemfile.lock b/Gemfile.lock
index 4183bb1..9f156ef 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -209,6 +209,8 @@ GEM
     pg (1.4.1)
     puma (5.6.4)
       nio4r (~> 2.0)
+    pundit (2.2.0)
+      activesupport (>= 3.0.0)
     racc (1.6.0)
     rack (2.2.4)
     rack-test (2.0.2)
@@ -335,6 +337,7 @@ DEPENDENCIES
   omniauth-google-oauth2 (~> 0.8.2)
   pg (~> 1.1)
   puma (~> 5.0)
+  pundit (~> 2.2)
   rails (~> 7.0.3, >= 7.0.3.1)
   rails-erd (~> 1.7)
   redis (~> 4.0)
diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb
new file mode 100644
index 0000000..e000cba
--- /dev/null
+++ b/app/policies/application_policy.rb
@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+class ApplicationPolicy
+  attr_reader :user, :record
+
+  def initialize(user, record)
+    @user = user
+    @record = record
+  end
+
+  def index?
+    false
+  end
+
+  def show?
+    false
+  end
+
+  def create?
+    false
+  end
+
+  def new?
+    create?
+  end
+
+  def update?
+    false
+  end
+
+  def edit?
+    update?
+  end
+
+  def destroy?
+    false
+  end
+
+  class Scope
+    def initialize(user, scope)
+      @user = user
+      @scope = scope
+    end
+
+    def resolve
+      raise NotImplementedError, "You must define #resolve in #{self.class}"
+    end
+
+    private
+
+    attr_reader :user, :scope
+  end
+end