diff --git a/cmd/server/bucket_journey_test.go b/cmd/server/bucket_journey_test.go
index a1bc7b0..99c1349 100644
--- a/cmd/server/bucket_journey_test.go
+++ b/cmd/server/bucket_journey_test.go
@@ -46,6 +46,7 @@ func TestBucketJourney(t *testing.T) {
 	mockClient.On("DataUsageInfo", mock.Anything).Return(madmin.DataUsageInfo{
 		BucketSizes: map[string]uint64{"bucket-1": 1024, "bucket-2": 2048},
 	}, nil)
+	mockClient.On("GetBucketPolicy", mock.Anything, mock.Anything).Return("", nil)
 	mockClient.On("MakeBucket", mock.Anything, "newbucket", mock.Anything).Return(nil)
 	mockClient.On("RemoveBucket", mock.Anything, "newbucket").Return(nil)
 
@@ -117,6 +118,7 @@ func TestObjectBrowserJourney(t *testing.T) {
 		IsTruncated:           false,
 		NextContinuationToken: "",
 	}, nil)
+	mockClient.On("GetBucketPolicy", mock.Anything, "my-bucket").Return("", nil)
 	mockClient.On("PutObject", mock.Anything, "my-bucket", "testfile.txt", mock.Anything, mock.Anything, mock.Anything).Return(minio.UploadInfo{}, nil)
 
 	encrypted, _ := authService.EncryptCredentials(creds)
diff --git a/cmd/server/main.go b/cmd/server/main.go
index b4c3aad..949a771 100644
--- a/cmd/server/main.go
+++ b/cmd/server/main.go
@@ -140,6 +140,8 @@ func newServer(minioEndpoint string) *echo.Echo {
 	e.GET("/buckets/:bucketName/replication", bucketsHandler.GetReplication)
 	e.GET("/buckets/:bucketName/quota", bucketsHandler.GetBucketQuota)
 	e.POST("/buckets/:bucketName/quota", bucketsHandler.SetBucketQuota)
+	e.GET("/buckets/:bucketName/policy", bucketsHandler.GetBucketPolicy)
+	e.POST("/buckets/:bucketName/policy", bucketsHandler.SetBucketPolicy)
 
 	e.GET("/settings", settingsHandler.ShowSettings)
 	e.POST("/settings/restart", settingsHandler.RestartService)
diff --git a/cmd/server/mocks_test.go b/cmd/server/mocks_test.go
index 25e0cb5..e8ce82c 100644
--- a/cmd/server/mocks_test.go
+++ b/cmd/server/mocks_test.go
@@ -243,6 +243,16 @@ func (m *MockMinioClient) GetBucketReplication(ctx context.Context, bucketName s
 	return args.Get(0).(replication.Config), args.Error(1)
 }
 
+func (m *MockMinioClient) GetBucketPolicy(ctx context.Context, bucketName string) (string, error) {
+	args := m.Called(ctx, bucketName)
+	return args.String(0), args.Error(1)
+}
+
+func (m *MockMinioClient) SetBucketPolicy(ctx context.Context, bucketName, policy string) error {
+	args := m.Called(ctx, bucketName, policy)
+	return args.Error(0)
+}
+
 // MockMinioFactory implements MinioClientFactory for testing
 type MockMinioFactory struct {
 	mock.Mock
diff --git a/internal/handlers/buckets_handler.go b/internal/handlers/buckets_handler.go
index 00c6296..45b9af4 100644
--- a/internal/handlers/buckets_handler.go
+++ b/internal/handlers/buckets_handler.go
@@ -2,12 +2,14 @@ package handlers
 
 import (
 	"archive/zip"
+	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
 	"path/filepath"
 	"strconv"
 	"strings"
+	"sync"
 	"time"
 
 	"github.com/damacus/iron-buckets/internal/models"
@@ -30,6 +32,43 @@ func NewBucketsHandler(minioFactory services.MinioClientFactory) *BucketsHandler
 	return &BucketsHandler{minioFactory: minioFactory}
 }
 
+// canonicalJSON re-serializes JSON to a canonical form (sorted keys, no extra whitespace).
+func canonicalJSON(raw string) string {
+	var obj interface{}
+	if err := json.Unmarshal([]byte(raw), &obj); err != nil {
+		return ""
+	}
+	b, err := json.Marshal(obj)
+	if err != nil {
+		return ""
+	}
+	return string(b)
+}
+
+// detectPolicyType determines whether a policy matches a known preset
+// by comparing canonical JSON representations.
+func detectPolicyType(policyJSON string, bucketName string) string {
+	if policyJSON == "" {
+		return "private"
+	}
+	canonical := canonicalJSON(policyJSON)
+	if canonical == "" {
+		return "custom"
+	}
+
+	presets := map[string]string{
+		"public-read":       fmt.Sprintf(`{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":["*"]},"Action":["s3:GetObject"],"Resource":["arn:aws:s3:::%s/*"]}]}`, bucketName),
+		"public-read-write": fmt.Sprintf(`{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":["*"]},"Action":["s3:GetObject","s3:PutObject","s3:DeleteObject"],"Resource":["arn:aws:s3:::%s/*"]}]}`, bucketName),
+	}
+
+	for name, preset := range presets {
+		if canonical == canonicalJSON(preset) {
+			return name
+		}
+	}
+	return "custom"
+}
+
 // ListBuckets renders the buckets page
 func (h *BucketsHandler) ListBuckets(c echo.Context) error {
 	creds, err := GetCredentialsOrRedirect(c)
@@ -60,19 +99,38 @@ func (h *BucketsHandler) ListBuckets(c echo.Context) error {
 		minio.BucketInfo
 		Size          uint64
 		FormattedSize string
+		PolicyType    string
+	}
+
+	// Fetch bucket policies concurrently
+	policyTypes := make([]string, len(buckets))
+	var wg sync.WaitGroup
+	for i, b := range buckets {
+		wg.Add(1)
+		go func(idx int, name string) {
+			defer wg.Done()
+			policy, err := client.GetBucketPolicy(c.Request().Context(), name)
+			if err != nil {
+				policyTypes[idx] = "unknown"
+				return
+			}
+			policyTypes[idx] = detectPolicyType(policy, name)
+		}(i, b.Name)
 	}
+	wg.Wait()
 
-	var bucketsWithStats []BucketWithStats
-	for _, b := range buckets {
+	bucketsWithStats := make([]BucketWithStats, len(buckets))
+	for i, b := range buckets {
 		size := uint64(0)
 		if usage.BucketSizes != nil {
 			size = usage.BucketSizes[b.Name]
 		}
-		bucketsWithStats = append(bucketsWithStats, BucketWithStats{
+		bucketsWithStats[i] = BucketWithStats{
 			BucketInfo:    b,
 			Size:          size,
 			FormattedSize: utils.FormatBytes(size),
-		})
+			PolicyType:    policyTypes[i],
+		}
 	}
 
 	return c.Render(http.StatusOK, "buckets", map[string]interface{}{
@@ -237,6 +295,30 @@ func (h *BucketsHandler) BrowseBucket(c echo.Context) error {
 		}
 	}
 
+	// Construct MinIO endpoint base URL
+	scheme := "https"
+	if !services.ShouldUseSSL(creds.Endpoint) {
+		scheme = "http"
+	}
+	endpointURL := scheme + "://" + creds.Endpoint
+
+	// Fetch bucket policy
+	policy, _ := client.GetBucketPolicy(c.Request().Context(), bucketName)
+	policyType := detectPolicyType(policy, bucketName)
+	formattedPolicy := ""
+	if policy != "" {
+		var jsonObj interface{}
+		if json.Unmarshal([]byte(policy), &jsonObj) == nil {
+			if formatted, err := json.MarshalIndent(jsonObj, "", "  "); err == nil {
+				formattedPolicy = string(formatted)
+			} else {
+				formattedPolicy = policy
+			}
+		} else {
+			formattedPolicy = policy
+		}
+	}
+
 	return c.Render(http.StatusOK, "browser", map[string]interface{}{
 		"ActiveNav":             "buckets",
 		"BucketName":            bucketName,
@@ -246,6 +328,11 @@ func (h *BucketsHandler) BrowseBucket(c echo.Context) error {
 		"Breadcrumbs":           breadcrumbs,
 		"HasMore":               result.IsTruncated,
 		"NextContinuationToken": result.NextContinuationToken,
+		"PolicyType":            policyType,
+		"Policy":                policy,
+		"FormattedPolicy":       formattedPolicy,
+		"HasPolicy":             policy != "",
+		"EndpointURL":           endpointURL,
 	})
 }
 
@@ -579,11 +666,31 @@ func (h *BucketsHandler) BucketSettings(c echo.Context) error {
 		}
 	}
 
+	// Get bucket policy
+	policy, _ := client.GetBucketPolicy(c.Request().Context(), bucketName)
+	policyType := detectPolicyType(policy, bucketName)
+	formattedPolicy := ""
+	if policy != "" {
+		var jsonObj interface{}
+		if json.Unmarshal([]byte(policy), &jsonObj) == nil {
+			if formatted, err := json.MarshalIndent(jsonObj, "", "  "); err == nil {
+				formattedPolicy = string(formatted)
+			} else {
+				formattedPolicy = policy
+			}
+		} else {
+			formattedPolicy = policy
+		}
+	}
+
 	return c.Render(http.StatusOK, "bucket_settings", map[string]interface{}{
 		"ActiveNav":         "buckets",
 		"BucketName":        bucketName,
 		"VersioningStatus":  versioningStatus,
 		"VersioningEnabled": versioningConfig.Enabled(),
+		"PolicyType":        policyType,
+		"FormattedPolicy":   formattedPolicy,
+		"HasPolicy":         policy != "",
 	})
 }
 
@@ -1171,3 +1278,137 @@ func isPreviewable(contentType string, size int64) bool {
 	}
 	return isImageType(contentType) || isTextType(contentType) || isVideoType(contentType)
 }
+
+// GetBucketPolicy returns the policy for a bucket
+func (h *BucketsHandler) GetBucketPolicy(c echo.Context) error {
+	bucketName := c.Param("bucketName")
+
+	creds, err := GetCredentials(c)
+	if err != nil {
+		return c.Render(http.StatusOK, "bucket_policy", map[string]interface{}{
+			"BucketName": bucketName,
+			"PolicyType": "private",
+			"Error":      "Unauthorized",
+		})
+	}
+
+	client, err := h.minioFactory.NewClient(*creds)
+	if err != nil {
+		return c.Render(http.StatusOK, "bucket_policy", map[string]interface{}{
+			"BucketName": bucketName,
+			"PolicyType": "private",
+			"Error":      "Failed to connect to MinIO",
+		})
+	}
+
+	policy, err := client.GetBucketPolicy(c.Request().Context(), bucketName)
+	if err != nil {
+		return c.Render(http.StatusOK, "bucket_policy", map[string]interface{}{
+			"BucketName": bucketName,
+			"PolicyType": "unknown",
+			"Error":      "Failed to fetch policy: " + err.Error(),
+		})
+	}
+
+	// Determine policy type for display
+	policyType := detectPolicyType(policy, bucketName)
+
+	// Format JSON for display
+	formattedPolicy := policy
+	if policy != "" {
+		var jsonObj interface{}
+		if json.Unmarshal([]byte(policy), &jsonObj) == nil {
+			if formatted, err := json.MarshalIndent(jsonObj, "", "  "); err == nil {
+				formattedPolicy = string(formatted)
+			}
+		}
+	}
+
+	return c.Render(http.StatusOK, "bucket_policy", map[string]interface{}{
+		"BucketName":      bucketName,
+		"Policy":          policy,
+		"FormattedPolicy": formattedPolicy,
+		"PolicyType":      policyType,
+		"HasPolicy":       policy != "",
+	})
+}
+
+// SetBucketPolicy sets the policy for a bucket
+func (h *BucketsHandler) SetBucketPolicy(c echo.Context) error {
+	creds, err := GetCredentials(c)
+	if err != nil {
+		return err
+	}
+
+	bucketName := c.Param("bucketName")
+	policyType := c.FormValue("policyType")
+	customPolicy := c.FormValue("policy")
+
+	client, err := h.minioFactory.NewClient(*creds)
+	if err != nil {
+		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to connect to MinIO")
+	}
+
+	var policy string
+
+	switch policyType {
+	case "private":
+		// Empty policy = private (remove policy)
+		policy = ""
+	case "public-read":
+		policy = fmt.Sprintf(`{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {"AWS": ["*"]},
+      "Action": ["s3:GetObject"],
+      "Resource": ["arn:aws:s3:::%s/*"]
+    }
+  ]
+}`, bucketName)
+	case "public-read-write":
+		policy = fmt.Sprintf(`{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {"AWS": ["*"]},
+      "Action": ["s3:GetObject", "s3:PutObject", "s3:DeleteObject"],
+      "Resource": ["arn:aws:s3:::%s/*"]
+    }
+  ]
+}`, bucketName)
+	case "custom":
+		policy = customPolicy
+		// Validate JSON if not empty
+		if policy != "" {
+			var jsonObj interface{}
+			if err := json.Unmarshal([]byte(policy), &jsonObj); err != nil {
+				return c.Render(http.StatusBadRequest, "bucket_policy", map[string]interface{}{
+					"BucketName":      bucketName,
+					"Policy":          policy,
+					"FormattedPolicy": policy,
+					"PolicyType":      "custom",
+					"HasPolicy":       true,
+					"Error":           "Invalid JSON: " + err.Error(),
+				})
+			}
+		}
+	default:
+		return echo.NewHTTPError(http.StatusBadRequest, "Invalid policy type")
+	}
+
+	if err := client.SetBucketPolicy(c.Request().Context(), bucketName, policy); err != nil {
+		return c.Render(http.StatusInternalServerError, "bucket_policy", map[string]interface{}{
+			"BucketName":      bucketName,
+			"Policy":          policy,
+			"FormattedPolicy": policy,
+			"PolicyType":      policyType,
+			"HasPolicy":       policy != "",
+			"Error":           "Failed to set policy: " + err.Error(),
+		})
+	}
+
+	return HTMXRedirect(c, "/buckets/"+bucketName+"/settings")
+}
diff --git a/internal/handlers/policy_test.go b/internal/handlers/policy_test.go
new file mode 100644
index 0000000..e645c61
--- /dev/null
+++ b/internal/handlers/policy_test.go
@@ -0,0 +1,179 @@
+package handlers
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestCanonicalJSON(t *testing.T) {
+	tests := []struct {
+		name     string
+		input    string
+		expected string
+	}{
+		{"empty string", "", ""},
+		{"invalid json", "not json", ""},
+		{"already compact", `{"a":1}`, `{"a":1}`},
+		{"with whitespace", `{  "a" : 1  }`, `{"a":1}`},
+		{"sorts keys", `{"b":2,"a":1}`, `{"a":1,"b":2}`},
+		{"nested sorting", `{"z":{"b":2,"a":1},"a":0}`, `{"a":0,"z":{"a":1,"b":2}}`},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			assert.Equal(t, tt.expected, canonicalJSON(tt.input))
+		})
+	}
+}
+
+func TestDetectPolicyType(t *testing.T) {
+	bucket := "my-bucket"
+
+	publicReadPolicy := fmt.Sprintf(`{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {"AWS": ["*"]},
+      "Action": ["s3:GetObject"],
+      "Resource": ["arn:aws:s3:::%s/*"]
+    }
+  ]
+}`, bucket)
+
+	publicReadWritePolicy := fmt.Sprintf(`{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {"AWS": ["*"]},
+      "Action": ["s3:GetObject", "s3:PutObject", "s3:DeleteObject"],
+      "Resource": ["arn:aws:s3:::%s/*"]
+    }
+  ]
+}`, bucket)
+
+	tests := []struct {
+		name       string
+		policyJSON string
+		bucketName string
+		expected   string
+	}{
+		{
+			name:       "empty policy is private",
+			policyJSON: "",
+			bucketName: bucket,
+			expected:   "private",
+		},
+		{
+			name:       "invalid json is custom",
+			policyJSON: "not valid json",
+			bucketName: bucket,
+			expected:   "custom",
+		},
+		{
+			name:       "public-read preset",
+			policyJSON: publicReadPolicy,
+			bucketName: bucket,
+			expected:   "public-read",
+		},
+		{
+			name:       "public-read-write preset",
+			policyJSON: publicReadWritePolicy,
+			bucketName: bucket,
+			expected:   "public-read-write",
+		},
+		{
+			name:       "public-read with different formatting",
+			policyJSON: fmt.Sprintf(`{"Statement":[{"Action":["s3:GetObject"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::%s/*"]}],"Version":"2012-10-17"}`, bucket),
+			bucketName: bucket,
+			expected:   "public-read",
+		},
+		{
+			name:       "wrong bucket name is custom",
+			policyJSON: publicReadPolicy,
+			bucketName: "other-bucket",
+			expected:   "custom",
+		},
+		{
+			name: "custom policy with s3:GetObject should not match public-read",
+			policyJSON: fmt.Sprintf(`{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {"AWS": ["*"]},
+      "Action": ["s3:GetObject"],
+      "Resource": ["arn:aws:s3:::%s/*"]
+    },
+    {
+      "Effect": "Deny",
+      "Principal": {"AWS": ["arn:aws:iam::123456:user/bad"]},
+      "Action": ["s3:GetObject"],
+      "Resource": ["arn:aws:s3:::%s/secret/*"]
+    }
+  ]
+}`, bucket, bucket),
+			bucketName: bucket,
+			expected:   "custom",
+		},
+		{
+			name: "custom policy with extra actions is custom",
+			policyJSON: fmt.Sprintf(`{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {"AWS": ["*"]},
+      "Action": ["s3:GetObject", "s3:ListBucket"],
+      "Resource": ["arn:aws:s3:::%s/*"]
+    }
+  ]
+}`, bucket),
+			bucketName: bucket,
+			expected:   "custom",
+		},
+		{
+			name: "custom policy with restricted principal is custom",
+			policyJSON: fmt.Sprintf(`{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {"AWS": ["arn:aws:iam::123456:root"]},
+      "Action": ["s3:GetObject"],
+      "Resource": ["arn:aws:s3:::%s/*"]
+    }
+  ]
+}`, bucket),
+			bucketName: bucket,
+			expected:   "custom",
+		},
+		{
+			name: "custom policy with condition is custom",
+			policyJSON: fmt.Sprintf(`{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {"AWS": ["*"]},
+      "Action": ["s3:GetObject"],
+      "Resource": ["arn:aws:s3:::%s/*"],
+      "Condition": {"IpAddress": {"aws:SourceIp": "192.168.1.0/24"}}
+    }
+  ]
+}`, bucket),
+			bucketName: bucket,
+			expected:   "custom",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := detectPolicyType(tt.policyJSON, tt.bucketName)
+			assert.Equal(t, tt.expected, result)
+		})
+	}
+}
diff --git a/internal/renderer/renderer.go b/internal/renderer/renderer.go
index bc2cdca..ee6f476 100644
--- a/internal/renderer/renderer.go
+++ b/internal/renderer/renderer.go
@@ -67,6 +67,7 @@ func (t *TemplateRenderer) parseTemplates() {
 	t.Templates["replication"] = template.Must(template.ParseFiles("views/partials/replication.html"))
 	t.Templates["versioning_status"] = template.Must(template.ParseFiles("views/partials/versioning_status.html"))
 	t.Templates["bucket_quota"] = template.Must(template.ParseFiles("views/partials/bucket_quota.html"))
+	t.Templates["bucket_policy"] = template.Must(template.ParseFiles("views/partials/bucket_policy.html"))
 	t.Templates["logs"] = template.Must(template.ParseFiles("views/partials/logs.html"))
 }
 
@@ -90,6 +91,7 @@ var selfExecutingTemplates = map[string]bool{
 	"replication":                  true,
 	"versioning_status":            true,
 	"bucket_quota":                 true,
+	"bucket_policy":                true,
 	"logs":                         true,
 }
 
diff --git a/internal/services/minio_factory.go b/internal/services/minio_factory.go
index cf9942c..b1c1618 100644
--- a/internal/services/minio_factory.go
+++ b/internal/services/minio_factory.go
@@ -107,6 +107,10 @@ type MinioClient interface {
 
 	// Replication
 	GetBucketReplication(ctx context.Context, bucketName string) (replication.Config, error)
+
+	// Bucket Policy
+	GetBucketPolicy(ctx context.Context, bucketName string) (string, error)
+	SetBucketPolicy(ctx context.Context, bucketName, policy string) error
 }
 
 // MinioClientFactory creates authenticated clients
@@ -262,11 +266,23 @@ func (c *WrappedMinioClient) GetBucketReplication(ctx context.Context, bucketNam
 	return c.client.GetBucketReplication(ctx, bucketName)
 }
 
+func (c *WrappedMinioClient) GetBucketPolicy(ctx context.Context, bucketName string) (string, error) {
+	return c.client.GetBucketPolicy(ctx, bucketName)
+}
+
+func (c *WrappedMinioClient) SetBucketPolicy(ctx context.Context, bucketName, policy string) error {
+	return c.client.SetBucketPolicy(ctx, bucketName, policy)
+}
+
 // RealMinioFactory is the production implementation
 type RealMinioFactory struct{}
 
-// shouldUseSSL determines if SSL should be used based on the endpoint.
+// ShouldUseSSL determines if SSL should be used based on the endpoint.
 // Returns false for localhost, 127.0.0.1, and docker service names.
+func ShouldUseSSL(endpoint string) bool {
+	return shouldUseSSL(endpoint)
+}
+
 func shouldUseSSL(endpoint string) bool {
 	// Local development endpoints
 	if endpoint == "localhost:9000" || endpoint == "127.0.0.1:9000" {
diff --git a/views/layouts/base.html b/views/layouts/base.html
index e230ef0..18ca840 100644
--- a/views/layouts/base.html
+++ b/views/layouts/base.html
@@ -55,8 +55,7 @@
     </style>
 </head>
 
-<body class="bg-background text-zinc-100 h-screen w-screen flex overflow-hidden" x-data="{ collapsed: false }"
-    hx-boost="true">
+<body class="bg-background text-zinc-100 h-screen w-screen flex overflow-hidden" x-data="{ collapsed: false }">
 
     <!-- SIDEBAR -->
     <div class="border-r border-border bg-surface flex flex-col transition-all duration-300 ease-in-out w-64"
diff --git a/views/pages/browser.html b/views/pages/browser.html
index 9b7800e..4ac051a 100644
--- a/views/pages/browser.html
+++ b/views/pages/browser.html
@@ -84,6 +84,20 @@
                         <i data-lucide="arrow-left" size="20"></i>
                     </a>
                     <h1 class="text-lg font-semibold text-white">{{ .BucketName }}</h1>
+                    <!-- Policy Badge -->
+                    <button @click="policyModalOpen = true"
+                        class="flex items-center gap-1.5 text-xs px-2 py-1 rounded-md transition-colors cursor-pointer
+                        {{ if eq .PolicyType "private" }}bg-zinc-500/10 text-zinc-400 hover:bg-zinc-500/20
+                        {{ else if eq .PolicyType "public-read" }}bg-emerald-500/10 text-emerald-400 hover:bg-emerald-500/20
+                        {{ else if eq .PolicyType "public-read-write" }}bg-yellow-500/10 text-yellow-400 hover:bg-yellow-500/20
+                        {{ else }}bg-accent/10 text-accent hover:bg-accent/20{{ end }}"
+                        title="Click to view policy">
+                        <i data-lucide="shield" size="9"></i>
+                        {{ if eq .PolicyType "private" }}Private
+                        {{ else if eq .PolicyType "public-read" }}Public Read
+                        {{ else if eq .PolicyType "public-read-write" }}Public R/W
+                        {{ else }}Custom{{ end }}
+                    </button>
                 </div>
                 <div class="flex items-center gap-3">
                 <!-- Search -->
@@ -288,13 +302,17 @@ <h1 class="text-lg font-semibold text-white">{{ .BucketName }}</h1>
                                         class="p-2 text-zinc-400 hover:text-white hover:bg-zinc-700 rounded-md transition-colors" title="Info">
                                         <i data-lucide="info" size="16"></i>
                                     </button>
+                                    <button @click="copyDirectLink('{{ .Key }}')"
+                                        class="p-2 text-zinc-400 hover:text-white hover:bg-zinc-700 rounded-md transition-colors" title="Copy Direct Link">
+                                        <i data-lucide="link" size="16"></i>
+                                    </button>
                                     <button
                                         hx-post="/buckets/{{ $.BucketName }}/share"
                                         hx-vals='{"key": "{{ .Key }}", "expires": "3600"}'
                                         hx-target="body"
                                         hx-swap="beforeend"
                                         class="p-2 text-zinc-400 hover:text-white hover:bg-zinc-700 rounded-md transition-colors" title="Share">
-                                        <i data-lucide="link" size="16"></i>
+                                        <i data-lucide="share-2" size="16"></i>
                                     </button>
                                     <a href="/buckets/{{ $.BucketName }}/download?key={{ .Key }}" class="p-2 text-zinc-400 hover:text-white hover:bg-zinc-700 rounded-md transition-colors" title="Download">
                                         <i data-lucide="download" size="16"></i>
@@ -327,92 +345,190 @@ <h1 class="text-lg font-semibold text-white">{{ .BucketName }}</h1>
                 {{ len .Folders }} folder(s), {{ len .Objects }} file(s)
             </div>
         </div>
-    </main>
 
-    <!-- Preview Modal -->
-    <div x-show="previewOpen" x-cloak
-        class="fixed inset-0 bg-black/80 z-50 flex items-center justify-center p-8"
-        @click.self="previewOpen = false"
-        @keydown.escape.window="previewOpen = false">
-        <div class="bg-surface border border-border rounded-xl max-w-5xl w-full max-h-[90vh] overflow-hidden flex flex-col">
-            <!-- Modal Header -->
-            <div class="flex items-center justify-between p-4 border-b border-border">
-                <h3 class="font-semibold text-white truncate" x-text="previewName"></h3>
-                <div class="flex items-center gap-2">
-                    <a :href="'/buckets/{{ .BucketName }}/download?key=' + previewKey"
-                        class="p-2 text-zinc-400 hover:text-white hover:bg-zinc-700 rounded-md transition-colors" title="Download">
-                        <i data-lucide="download" size="18"></i>
-                    </a>
-                    <button @click="previewOpen = false"
-                        class="p-2 text-zinc-400 hover:text-white hover:bg-zinc-700 rounded-md transition-colors">
-                        <i data-lucide="x" size="18"></i>
-                    </button>
-                </div>
-            </div>
-            <!-- Modal Content -->
-            <div class="flex-1 overflow-auto p-4 flex items-center justify-center bg-zinc-900 min-h-[400px]">
-                <!-- Loading -->
-                <div x-show="previewLoading" class="text-zinc-500">
-                    <i data-lucide="loader-2" size="32" class="animate-spin"></i>
-                </div>
-                <!-- Image Preview -->
-                <template x-if="previewType === 'image' && !previewLoading">
-                    <img :src="'/buckets/{{ .BucketName }}/download?key=' + previewKey"
-                        @load="previewLoading = false"
-                        class="max-w-full max-h-full object-contain" />
-                </template>
-                <!-- Text Preview -->
-                <template x-if="previewType === 'text' && !previewLoading">
-                    <pre class="text-sm text-zinc-300 whitespace-pre-wrap w-full h-full overflow-auto p-4 bg-zinc-950 rounded-lg"
-                        x-text="previewContent"></pre>
-                </template>
-                <!-- Video Preview -->
-                <template x-if="previewType === 'video' && !previewLoading">
-                    <video controls class="max-w-full max-h-full" @loadeddata="previewLoading = false">
-                        <source :src="'/buckets/{{ .BucketName }}/download?key=' + previewKey" />
-                    </video>
-                </template>
-                <!-- Unsupported -->
-                <template x-if="previewType === 'unsupported'">
-                    <div class="text-center text-zinc-500">
-                        <i data-lucide="file-question" size="64" class="mx-auto mb-4 opacity-50"></i>
-                        <p>Preview not available for this file type</p>
+        <!-- Preview Modal -->
+        <div x-show="previewOpen" x-cloak
+            class="fixed inset-0 bg-black/80 z-50 flex items-center justify-center p-8"
+            @click.self="previewOpen = false"
+            @keydown.escape.window="previewOpen = false">
+            <div class="bg-surface border border-border rounded-xl max-w-5xl w-full max-h-[90vh] overflow-hidden flex flex-col">
+                <!-- Modal Header -->
+                <div class="flex items-center justify-between p-4 border-b border-border">
+                    <h3 class="font-semibold text-white truncate" x-text="previewName"></h3>
+                    <div class="flex items-center gap-2">
                         <a :href="'/buckets/{{ .BucketName }}/download?key=' + previewKey"
-                            class="inline-flex items-center gap-2 mt-4 text-accent hover:underline">
-                            <i data-lucide="download" size="16"></i>
-                            Download to view
+                            class="p-2 text-zinc-400 hover:text-white hover:bg-zinc-700 rounded-md transition-colors" title="Download">
+                            <i data-lucide="download" size="18"></i>
                         </a>
+                        <button @click="previewOpen = false"
+                            class="p-2 text-zinc-400 hover:text-white hover:bg-zinc-700 rounded-md transition-colors">
+                            <i data-lucide="x" size="18"></i>
+                        </button>
                     </div>
-                </template>
+                </div>
+                <!-- Modal Content -->
+                <div class="flex-1 overflow-auto p-4 flex items-center justify-center bg-zinc-900 min-h-[400px]">
+                    <!-- Loading -->
+                    <div x-show="previewLoading" class="text-zinc-500">
+                        <i data-lucide="loader-2" size="32" class="animate-spin"></i>
+                    </div>
+                    <!-- Image Preview -->
+                    <template x-if="previewType === 'image' && !previewLoading">
+                        <img :src="'/buckets/{{ .BucketName }}/download?key=' + previewKey"
+                            @load="previewLoading = false"
+                            class="max-w-full max-h-full object-contain" />
+                    </template>
+                    <!-- Text Preview -->
+                    <template x-if="previewType === 'text' && !previewLoading">
+                        <pre class="text-sm text-zinc-300 whitespace-pre-wrap w-full h-full overflow-auto p-4 bg-zinc-950 rounded-lg"
+                            x-text="previewContent"></pre>
+                    </template>
+                    <!-- Video Preview -->
+                    <template x-if="previewType === 'video' && !previewLoading">
+                        <video controls class="max-w-full max-h-full" @loadeddata="previewLoading = false">
+                            <source :src="'/buckets/{{ .BucketName }}/download?key=' + previewKey" />
+                        </video>
+                    </template>
+                    <!-- Unsupported -->
+                    <template x-if="previewType === 'unsupported'">
+                        <div class="text-center text-zinc-500">
+                            <i data-lucide="file-question" size="64" class="mx-auto mb-4 opacity-50"></i>
+                            <p>Preview not available for this file type</p>
+                            <a :href="'/buckets/{{ .BucketName }}/download?key=' + previewKey"
+                                class="inline-flex items-center gap-2 mt-4 text-accent hover:underline">
+                                <i data-lucide="download" size="16"></i>
+                                Download to view
+                            </a>
+                        </div>
+                    </template>
+                </div>
             </div>
         </div>
-    </div>
-
-    <!-- Upload Progress Modal -->
-    <div id="upload-progress-modal" x-cloak
-        style="display: none;"
-        :style="uploadProgress.show ? 'display: flex' : 'display: none'"
-        class="fixed inset-0 bg-black/50 z-50 flex items-center justify-center">
-        <div class="bg-surface border border-border rounded-xl p-6 w-full max-w-md">
-            <h3 class="font-semibold text-white mb-4">Uploading Files</h3>
-            <div class="space-y-3">
-                <template x-for="(file, index) in uploadProgress.files" :key="index">
-                    <div class="flex items-center gap-3">
-                        <i data-lucide="file" size="16" class="text-zinc-500"></i>
-                        <div class="flex-1 min-w-0">
-                            <p class="text-sm text-white truncate" x-text="file.name"></p>
-                            <div class="w-full bg-zinc-800 rounded-full h-1.5 mt-1">
-                                <div class="bg-accent h-1.5 rounded-full transition-all"
-                                    :style="'width: ' + file.progress + '%'"></div>
+
+        <!-- Upload Progress Modal -->
+        <div x-show="uploadProgress.show" x-cloak
+            class="fixed inset-0 bg-black/50 z-50 flex items-center justify-center">
+            <div class="bg-surface border border-border rounded-xl p-6 w-full max-w-md">
+                <h3 class="font-semibold text-white mb-4">Uploading Files</h3>
+                <div class="space-y-3">
+                    <template x-for="(file, index) in uploadProgress.files" :key="index">
+                        <div class="flex items-center gap-3">
+                            <i data-lucide="file" size="16" class="text-zinc-500"></i>
+                            <div class="flex-1 min-w-0">
+                                <p class="text-sm text-white truncate" x-text="file.name"></p>
+                                <div class="w-full bg-zinc-800 rounded-full h-1.5 mt-1">
+                                    <div class="bg-accent h-1.5 rounded-full transition-all"
+                                        :style="'width: ' + file.progress + '%'"></div>
+                                </div>
                             </div>
+                            <span class="text-xs text-zinc-500" x-text="file.progress + '%'"></span>
                         </div>
-                        <span class="text-xs text-zinc-500" x-text="file.progress + '%'"></span>
+                    </template>
+                </div>
+                <p class="text-sm text-zinc-500 mt-4" x-text="uploadProgress.status"></p>
+            </div>
+        </div>
+
+        <!-- Direct Link Dialog -->
+        <div x-show="directLinkDialogOpen" x-cloak
+            class="fixed inset-0 bg-black/80 z-50 flex items-center justify-center p-8"
+            @click.self="directLinkDialogOpen = false"
+            @keydown.escape.window="directLinkDialogOpen = false">
+            <div class="bg-surface border border-border rounded-xl p-6 w-full max-w-lg shadow-2xl">
+                <div class="flex items-start gap-4 mb-6">
+                    <div class="flex-shrink-0 w-10 h-10 rounded-full bg-accent/10 flex items-center justify-center">
+                        <i data-lucide="link" size="20" class="text-accent"></i>
+                    </div>
+                    <div>
+                        <h3 class="text-lg font-semibold text-white">Direct Link</h3>
+                        <p class="text-sm text-zinc-400 mt-1">This link does not expire</p>
+                    </div>
+                </div>
+
+                <div class="mb-4">
+                    <label class="block text-xs text-zinc-500 mb-1">URL</label>
+                    <div class="flex items-center gap-2">
+                        <input type="text" readonly :value="directLinkURL"
+                            class="flex-1 bg-zinc-900 border border-zinc-700 rounded-lg px-3 py-2 text-sm font-mono text-white truncate" />
+                        <button @click="copyDirectLinkToClipboard()"
+                            class="p-2 text-zinc-400 hover:text-white hover:bg-zinc-700 rounded-md transition-colors" title="Copy">
+                            <i data-lucide="copy" size="16"></i>
+                        </button>
+                    </div>
+                </div>
+
+                <div class="bg-yellow-500/10 border border-yellow-500/20 rounded-lg p-3 mb-6">
+                    <div class="flex items-start gap-2">
+                        <i data-lucide="alert-triangle" size="16" class="text-yellow-400 mt-0.5"></i>
+                        <p class="text-sm text-yellow-300/80">Only available when your bucket policy includes public read access.</p>
+                    </div>
+                </div>
+
+                <div class="flex justify-end">
+                    <button @click="directLinkDialogOpen = false"
+                        class="bg-white hover:bg-zinc-200 text-black px-4 py-2 rounded-lg text-sm font-medium transition-colors">
+                        Done
+                    </button>
+                </div>
+            </div>
+        </div>
+
+        <!-- Policy Modal -->
+        <div x-show="policyModalOpen" x-cloak
+            class="fixed inset-0 bg-black/80 z-50 flex items-center justify-center p-8"
+            @click.self="policyModalOpen = false"
+            @keydown.escape.window="policyModalOpen = false">
+            <div class="bg-surface border border-border rounded-xl max-w-2xl w-full max-h-[80vh] overflow-hidden flex flex-col">
+                <!-- Modal Header -->
+                <div class="flex items-center justify-between p-4 border-b border-border">
+                    <div class="flex items-center gap-3">
+                        <i data-lucide="shield" size="20" class="text-zinc-400"></i>
+                        <h3 class="font-semibold text-white">Bucket Policy</h3>
+                        <span class="text-xs px-2 py-0.5 rounded
+                            {{ if eq .PolicyType "private" }}bg-zinc-500/10 text-zinc-400
+                            {{ else if eq .PolicyType "public-read" }}bg-emerald-500/10 text-emerald-400
+                            {{ else if eq .PolicyType "public-read-write" }}bg-yellow-500/10 text-yellow-400
+                            {{ else }}bg-accent/10 text-accent{{ end }}">
+                            {{ if eq .PolicyType "private" }}Private
+                            {{ else if eq .PolicyType "public-read" }}Public Read
+                            {{ else if eq .PolicyType "public-read-write" }}Public Read/Write
+                            {{ else }}Custom{{ end }}
+                        </span>
+                    </div>
+                    <div class="flex items-center gap-2">
+                        <a href="/buckets/{{ .BucketName }}/settings"
+                            class="text-sm text-accent hover:text-accent/80 transition-colors flex items-center gap-1">
+                            <i data-lucide="settings" size="14"></i>
+                            Edit
+                        </a>
+                        <button @click="policyModalOpen = false"
+                            class="p-2 text-zinc-400 hover:text-white hover:bg-zinc-700 rounded-md transition-colors">
+                            <i data-lucide="x" size="18"></i>
+                        </button>
                     </div>
-                </template>
+                </div>
+                <!-- Modal Content -->
+                <div class="flex-1 overflow-auto p-4 bg-zinc-900">
+                    {{ if .HasPolicy }}
+                    <pre class="text-sm text-zinc-300 font-mono whitespace-pre-wrap">{{ .FormattedPolicy }}</pre>
+                    {{ else }}
+                    <div class="text-center py-8 text-zinc-500">
+                        <i data-lucide="lock" size="32" class="mx-auto mb-3 opacity-50"></i>
+                        <p class="text-sm">No policy configured</p>
+                        <p class="text-xs mt-1">Only the bucket owner can access objects</p>
+                    </div>
+                    {{ end }}
+                </div>
+                <!-- Modal Footer -->
+                <div class="p-4 border-t border-border bg-surface flex justify-end">
+                    <button @click="policyModalOpen = false"
+                        class="bg-zinc-800 hover:bg-zinc-700 text-white px-4 py-2 rounded-lg text-sm font-medium transition-colors">
+                        Close
+                    </button>
+                </div>
             </div>
-            <p class="text-sm text-zinc-500 mt-4" x-text="uploadProgress.status"></p>
         </div>
-    </div>
+    </main>
 
     <!-- Styled Confirm Dialog -->
     <dialog id="confirm-dialog" class="bg-transparent p-0 m-0 max-w-none w-full h-full backdrop:bg-black/60">
@@ -544,6 +660,13 @@ <h3 id="confirm-dialog-title" class="text-lg font-semibold text-white mb-2">Conf
                 previewContent: '',
                 previewLoading: false,
 
+                // Policy modal state
+                policyModalOpen: false,
+
+                // Direct link dialog state
+                directLinkDialogOpen: false,
+                directLinkURL: '',
+
                 // Upload progress
                 uploadProgress: {
                     show: false,
@@ -611,6 +734,17 @@ <h3 id="confirm-dialog-title" class="text-lg font-semibold text-white mb-2">Conf
                     this.$nextTick(() => lucide.createIcons());
                 },
 
+                copyDirectLink(key) {
+                    const url = '{{ .EndpointURL }}/{{ .BucketName }}/' + key;
+                    this.directLinkURL = url;
+                    this.directLinkDialogOpen = true;
+                    this.$nextTick(() => lucide.createIcons());
+                },
+
+                copyDirectLinkToClipboard() {
+                    navigator.clipboard.writeText(this.directLinkURL);
+                },
+
                 bulkDownload() {
                     // Download each selected file
                     this.selectedFiles.forEach(key => {
diff --git a/views/pages/bucket_settings.html b/views/pages/bucket_settings.html
index dbc8119..4af0257 100644
--- a/views/pages/bucket_settings.html
+++ b/views/pages/bucket_settings.html
@@ -203,6 +203,131 @@ <h3 class="font-semibold text-white">Storage Quota</h3>
                 </div>
             </div>
         </div>
+
+        <!-- Bucket Policy -->
+        <div class="bg-surface border border-border rounded-xl p-6 lg:col-span-2">
+            <div class="flex items-start justify-between mb-4">
+                <div class="flex items-center gap-3">
+                    <div class="p-2 bg-zinc-800/50 rounded-lg text-zinc-400">
+                        <i data-lucide="shield" size="20"></i>
+                    </div>
+                    <div>
+                        <h3 class="font-semibold text-white">Bucket Policy</h3>
+                        <p class="text-xs text-zinc-500">Configure access permissions</p>
+                    </div>
+                </div>
+            </div>
+            <p class="text-sm text-zinc-400 mb-4">
+                Bucket policies define who can access objects in this bucket and what actions they can perform.
+            </p>
+            <div id="policy-section" class="space-y-4" x-data="{
+                policyType: '{{ .PolicyType }}',
+                customPolicy: '',
+                showEditor: {{ if eq .PolicyType "custom" }}true{{ else }}false{{ end }},
+                init() {
+                    const el = this.$refs.policyData;
+                    if (el && el.value) this.customPolicy = el.value;
+                }
+            }">
+                <textarea x-ref="policyData" class="hidden">{{ .FormattedPolicy }}</textarea>
+
+                {{ if .HasPolicy }}
+                <div class="bg-zinc-800/50 rounded-lg p-3">
+                    <div class="flex items-center justify-between mb-2">
+                        <span class="text-zinc-500 text-xs">Current Policy</span>
+                        {{ if eq .PolicyType "private" }}
+                        <span class="text-xs bg-zinc-500/10 text-zinc-400 px-2 py-0.5 rounded">Private</span>
+                        {{ else if eq .PolicyType "public-read" }}
+                        <span class="text-xs bg-emerald-500/10 text-emerald-400 px-2 py-0.5 rounded">Public Read</span>
+                        {{ else if eq .PolicyType "public-read-write" }}
+                        <span class="text-xs bg-yellow-500/10 text-yellow-400 px-2 py-0.5 rounded">Public Read/Write</span>
+                        {{ else }}
+                        <span class="text-xs bg-accent/10 text-accent px-2 py-0.5 rounded">Custom</span>
+                        {{ end }}
+                    </div>
+                    <pre class="text-xs text-zinc-300 overflow-x-auto max-h-48 overflow-y-auto bg-zinc-900 rounded p-2 font-mono">{{ .FormattedPolicy }}</pre>
+                </div>
+                {{ else }}
+                <div class="text-center py-4 text-zinc-500">
+                    <i data-lucide="lock" size="24" class="mx-auto mb-2 opacity-50"></i>
+                    <p class="text-sm">No policy configured (Private)</p>
+                    <p class="text-xs mt-1">Only the bucket owner can access objects</p>
+                </div>
+                {{ end }}
+
+                <form hx-post="/buckets/{{ .BucketName }}/policy" hx-target="#policy-section" hx-swap="outerHTML" class="space-y-4 pt-4 border-t border-zinc-700">
+                    <div>
+                        <label class="block text-xs text-zinc-500 mb-2">Access Policy</label>
+                        <div class="grid grid-cols-2 gap-2">
+                            <label class="flex items-center gap-2 p-3 bg-zinc-800/50 rounded-lg cursor-pointer border border-transparent hover:border-zinc-600 transition-colors"
+                                :class="{ 'border-accent': policyType === 'private' }">
+                                <input type="radio" name="policyType" value="private" x-model="policyType" @change="showEditor = false"
+                                    class="text-accent focus:ring-accent" />
+                                <div>
+                                    <div class="text-sm text-white font-medium">Private</div>
+                                    <div class="text-xs text-zinc-500">Owner only</div>
+                                </div>
+                            </label>
+                            <label class="flex items-center gap-2 p-3 bg-zinc-800/50 rounded-lg cursor-pointer border border-transparent hover:border-zinc-600 transition-colors"
+                                :class="{ 'border-accent': policyType === 'public-read' }">
+                                <input type="radio" name="policyType" value="public-read" x-model="policyType" @change="showEditor = false"
+                                    class="text-accent focus:ring-accent" />
+                                <div>
+                                    <div class="text-sm text-white font-medium">Public Read</div>
+                                    <div class="text-xs text-zinc-500">Anyone can read</div>
+                                </div>
+                            </label>
+                            <label class="flex items-center gap-2 p-3 bg-zinc-800/50 rounded-lg cursor-pointer border border-transparent hover:border-zinc-600 transition-colors"
+                                :class="{ 'border-accent': policyType === 'public-read-write' }">
+                                <input type="radio" name="policyType" value="public-read-write" x-model="policyType" @change="showEditor = false"
+                                    class="text-accent focus:ring-accent" />
+                                <div>
+                                    <div class="text-sm text-white font-medium">Public Read/Write</div>
+                                    <div class="text-xs text-zinc-500">Anyone can read/write</div>
+                                </div>
+                            </label>
+                            <label class="flex items-center gap-2 p-3 bg-zinc-800/50 rounded-lg cursor-pointer border border-transparent hover:border-zinc-600 transition-colors"
+                                :class="{ 'border-accent': policyType === 'custom' }">
+                                <input type="radio" name="policyType" value="custom" x-model="policyType" @change="showEditor = true"
+                                    class="text-accent focus:ring-accent" />
+                                <div>
+                                    <div class="text-sm text-white font-medium">Custom</div>
+                                    <div class="text-xs text-zinc-500">JSON policy</div>
+                                </div>
+                            </label>
+                        </div>
+                    </div>
+
+                    <div x-show="showEditor" x-cloak class="space-y-2">
+                        <label class="block text-xs text-zinc-500">Policy JSON</label>
+                        <textarea name="policy" x-model="customPolicy" rows="10"
+                            class="w-full bg-zinc-900 border border-zinc-700 rounded-lg px-3 py-2 text-sm text-white font-mono placeholder-zinc-500 focus:border-accent focus:outline-none"
+                            placeholder='{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {"AWS": ["*"]},
+      "Action": ["s3:GetObject"],
+      "Resource": ["arn:aws:s3:::{{ .BucketName }}/*"]
+    }
+  ]
+}'></textarea>
+                        <p class="text-xs text-zinc-500">
+                            <i data-lucide="info" size="12" class="inline mr-1"></i>
+                            Use AWS IAM policy format. Leave empty to remove the policy.
+                        </p>
+                    </div>
+
+                    <div class="flex gap-2">
+                        <button type="submit" class="bg-accent hover:bg-accent/80 text-white px-4 py-2 rounded-lg text-sm font-medium transition-colors">
+                            <i data-lucide="save" size="14" class="inline mr-1"></i>
+                            Apply Policy
+                        </button>
+                    </div>
+                </form>
+            </div>
+        </div>
     </div>
 </div>
 {{ end }}
diff --git a/views/pages/buckets.html b/views/pages/buckets.html
index 80daa22..ad18e7d 100644
--- a/views/pages/buckets.html
+++ b/views/pages/buckets.html
@@ -29,8 +29,11 @@ <h2 class="text-xl font-bold text-white">Buckets</h2>
                         <i data-lucide="more-vertical" size="16"></i>
                     </button>
                     <div
-                        class="hidden absolute right-0 mt-2 w-48 bg-zinc-900 border border-zinc-700 rounded-lg shadow-lg z-50"
-                        onclick="event.stopPropagation()">
+                        x-show="open"
+                        x-cloak
+                        @click.away="open = false"
+                        x-transition
+                        class="absolute right-0 mt-2 w-48 bg-zinc-900 border border-zinc-700 rounded-lg shadow-lg z-50">
                         <a
                             href="/buckets/{{ .Name }}"
                             class="block px-4 py-2 text-sm text-zinc-300 hover:bg-zinc-800 rounded-t-lg">
@@ -54,7 +57,22 @@ <h2 class="text-xl font-bold text-white">Buckets</h2>
                 </div>
             </div>
             <a href="/buckets/{{ .Name }}" class="block">
-                <div class="font-bold text-lg text-white mb-1">{{ .Name }}</div>
+                <div class="flex items-center gap-2 mb-1">
+                    <div class="font-bold text-lg text-white">{{ .Name }}</div>
+                    <!-- Policy Badge -->
+                    <span class="text-xs px-1.5 py-0.5 rounded flex items-center gap-1
+                        {{ if eq .PolicyType "private" }}bg-zinc-500/10 text-zinc-400
+                        {{ else if eq .PolicyType "public-read" }}bg-emerald-500/10 text-emerald-400
+                        {{ else if eq .PolicyType "public-read-write" }}bg-yellow-500/10 text-yellow-400
+                        {{ else if eq .PolicyType "unknown" }}bg-zinc-500/10 text-zinc-500
+                        {{ else }}bg-blue-500/10 text-blue-400{{ end }}">
+                        {{ if eq .PolicyType "private" }}Private
+                        {{ else if eq .PolicyType "public-read" }}Public Read
+                        {{ else if eq .PolicyType "public-read-write" }}Public R/W
+                        {{ else if eq .PolicyType "unknown" }}Unknown
+                        {{ else }}Custom{{ end }}
+                    </span>
+                </div>
                 <div class="text-sm text-zinc-500">
                     Created {{ .CreationDate.Format "Jan 2, 2006" }}
                 </div>
diff --git a/views/partials/bucket_policy.html b/views/partials/bucket_policy.html
new file mode 100644
index 0000000..42204db
--- /dev/null
+++ b/views/partials/bucket_policy.html
@@ -0,0 +1,118 @@
+{{ define "bucket_policy" }}
+<div id="policy-section" class="space-y-4" x-data="{
+    policyType: '{{ .PolicyType }}',
+    customPolicy: '',
+    showEditor: {{ if eq .PolicyType "custom" }}true{{ else }}false{{ end }},
+    init() {
+        const el = this.$refs.policyData;
+        if (el && el.value) this.customPolicy = el.value;
+    }
+}">
+    <textarea x-ref="policyData" class="hidden">{{ .FormattedPolicy }}</textarea>
+    {{ if .Error }}
+    <div class="bg-red-500/10 border border-red-500/20 text-red-400 rounded-lg p-3 text-sm">
+        <i data-lucide="alert-circle" size="16" class="inline mr-1"></i>
+        {{ .Error }}
+    </div>
+    {{ end }}
+
+    <!-- Current Policy Display -->
+    {{ if .HasPolicy }}
+    <div class="bg-zinc-800/50 rounded-lg p-3">
+        <div class="flex items-center justify-between mb-2">
+            <span class="text-zinc-500 text-xs">Current Policy</span>
+            {{ if eq .PolicyType "private" }}
+            <span class="text-xs bg-zinc-500/10 text-zinc-400 px-2 py-0.5 rounded">Private</span>
+            {{ else if eq .PolicyType "public-read" }}
+            <span class="text-xs bg-emerald-500/10 text-emerald-400 px-2 py-0.5 rounded">Public Read</span>
+            {{ else if eq .PolicyType "public-read-write" }}
+            <span class="text-xs bg-yellow-500/10 text-yellow-400 px-2 py-0.5 rounded">Public Read/Write</span>
+            {{ else }}
+            <span class="text-xs bg-accent/10 text-accent px-2 py-0.5 rounded">Custom</span>
+            {{ end }}
+        </div>
+        <pre class="text-xs text-zinc-300 overflow-x-auto max-h-48 overflow-y-auto bg-zinc-900 rounded p-2 font-mono">{{ .FormattedPolicy }}</pre>
+    </div>
+    {{ else }}
+    <div class="text-center py-4 text-zinc-500">
+        <i data-lucide="lock" size="24" class="mx-auto mb-2 opacity-50"></i>
+        <p class="text-sm">No policy configured (Private)</p>
+        <p class="text-xs mt-1">Only the bucket owner can access objects</p>
+    </div>
+    {{ end }}
+
+    <!-- Policy Selection Form -->
+    <form hx-post="/buckets/{{ .BucketName }}/policy" hx-target="#policy-section" hx-swap="outerHTML" class="space-y-4 pt-4 border-t border-zinc-700">
+        <div>
+            <label class="block text-xs text-zinc-500 mb-2">Access Policy</label>
+            <div class="grid grid-cols-2 gap-2">
+                <label class="flex items-center gap-2 p-3 bg-zinc-800/50 rounded-lg cursor-pointer border border-transparent hover:border-zinc-600 transition-colors"
+                    :class="{ 'border-accent': policyType === 'private' }">
+                    <input type="radio" name="policyType" value="private" x-model="policyType" @change="showEditor = false"
+                        class="text-accent focus:ring-accent" />
+                    <div>
+                        <div class="text-sm text-white font-medium">Private</div>
+                        <div class="text-xs text-zinc-500">Owner only</div>
+                    </div>
+                </label>
+                <label class="flex items-center gap-2 p-3 bg-zinc-800/50 rounded-lg cursor-pointer border border-transparent hover:border-zinc-600 transition-colors"
+                    :class="{ 'border-accent': policyType === 'public-read' }">
+                    <input type="radio" name="policyType" value="public-read" x-model="policyType" @change="showEditor = false"
+                        class="text-accent focus:ring-accent" />
+                    <div>
+                        <div class="text-sm text-white font-medium">Public Read</div>
+                        <div class="text-xs text-zinc-500">Anyone can read</div>
+                    </div>
+                </label>
+                <label class="flex items-center gap-2 p-3 bg-zinc-800/50 rounded-lg cursor-pointer border border-transparent hover:border-zinc-600 transition-colors"
+                    :class="{ 'border-accent': policyType === 'public-read-write' }">
+                    <input type="radio" name="policyType" value="public-read-write" x-model="policyType" @change="showEditor = false"
+                        class="text-accent focus:ring-accent" />
+                    <div>
+                        <div class="text-sm text-white font-medium">Public Read/Write</div>
+                        <div class="text-xs text-zinc-500">Anyone can read/write</div>
+                    </div>
+                </label>
+                <label class="flex items-center gap-2 p-3 bg-zinc-800/50 rounded-lg cursor-pointer border border-transparent hover:border-zinc-600 transition-colors"
+                    :class="{ 'border-accent': policyType === 'custom' }">
+                    <input type="radio" name="policyType" value="custom" x-model="policyType" @change="showEditor = true"
+                        class="text-accent focus:ring-accent" />
+                    <div>
+                        <div class="text-sm text-white font-medium">Custom</div>
+                        <div class="text-xs text-zinc-500">JSON policy</div>
+                    </div>
+                </label>
+            </div>
+        </div>
+
+        <!-- Custom Policy Editor -->
+        <div x-show="showEditor" x-cloak class="space-y-2">
+            <label class="block text-xs text-zinc-500">Policy JSON</label>
+            <textarea name="policy" x-model="customPolicy" rows="10"
+                class="w-full bg-zinc-900 border border-zinc-700 rounded-lg px-3 py-2 text-sm text-white font-mono placeholder-zinc-500 focus:border-accent focus:outline-none"
+                placeholder='{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {"AWS": ["*"]},
+      "Action": ["s3:GetObject"],
+      "Resource": ["arn:aws:s3:::{{ .BucketName }}/*"]
+    }
+  ]
+}'></textarea>
+            <p class="text-xs text-zinc-500">
+                <i data-lucide="info" size="12" class="inline mr-1"></i>
+                Use AWS IAM policy format. Leave empty to remove the policy.
+            </p>
+        </div>
+
+        <div class="flex gap-2">
+            <button type="submit" class="bg-accent hover:bg-accent/80 text-white px-4 py-2 rounded-lg text-sm font-medium transition-colors">
+                <i data-lucide="save" size="14" class="inline mr-1"></i>
+                Apply Policy
+            </button>
+        </div>
+    </form>
+</div>
+{{ end }}
\ No newline at end of file