When to use policies

Do you use the laravel policy feature for general business rules or just when it's about what specific users can/cannot do to specific objects?

For instance, an e-commerce app should only allow refunding until 10 days after purchase. It does not matter which user is requesting the refund nor which product was purchased.

Is that still considered access control logic?