You can create a policy using the Privy Dashboard, the NodeJS SDK, or the REST API. Policies optionally have owners, which represent the signatures required to modify the policy after creation, see setting authorization signatures.
We highly recommend specifying owners for your policies to further restrict the parties that can modify them. Without an owner, the policies can be updated by your app secret alone.
Use the PrivyClient’s createPolicy method to create a new policy.
const policy = await privy.walletApi.createPolicy({
  name: 'Allow list certain smart contracts',
  version: '1.0',
  chainType: 'ethereum',
  rules: [
    {
      name: 'Allow list USDC',
      method: 'eth_sendTransaction',
      action: 'ALLOW',
      conditions: [
        {
          fieldSource: 'ethereum_transaction',
          field: 'to',
          operator: 'eq',
          value: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913'
        }
      ]
    }
  ],
  ownerId: 'fmfdj6yqly31huorjqzq38zc'
});