diff --git a/src/events/customPermissions.py b/src/events/customPermissions.py
new file mode 100644
index 00000000..20296152
--- /dev/null
+++ b/src/events/customPermissions.py
@@ -0,0 +1,8 @@
+from rest_framework.permissions import BasePermission
+
+class OwnApplicationPermission(BasePermission):
+    """
+    Object-level permission to only allow updating his own profile
+    """
+    def has_object_permission(self, request, view, obj):
+        return obj.event_applicant == request.user
diff --git a/src/events/serializers/serializers.py b/src/events/serializers/serializers.py
index eaf926be..b4a23129 100644
--- a/src/events/serializers/serializers.py
+++ b/src/events/serializers/serializers.py
@@ -24,6 +24,7 @@ class EventApplicationSerializer(serializers.ModelSerializer):
     class Meta:
         model = EventApplication
         fields = '__all__'
+        depth = 1
 
 class TicketSerializer(serializers.ModelSerializer):
     class Meta:
diff --git a/src/events/views/api.py b/src/events/views/api.py
index 720e41f9..8e549e45 100644
--- a/src/events/views/api.py
+++ b/src/events/views/api.py
@@ -6,6 +6,7 @@
 from events.models.participant import Participant
 from events.models.application import EventApplication
 from events.models.ticket import Ticket
+from events.customPermissions import OwnApplicationPermission
 
 class CostsViewSet(viewsets.ReadOnlyModelViewSet):
     serializer_class = CostsSerializer
@@ -22,10 +23,14 @@ class ParticipantViewSet(viewsets.ReadOnlyModelViewSet):
     permission_classes = [IsAuthenticatedOrReadOnly]
     queryset = Participant.objects.all()
 
-class EventApplicationViewSet(viewsets.ReadOnlyModelViewSet):
+class EventApplicationViewSet(viewsets.ModelViewSet):
     serializer_class = EventApplicationSerializer
-    permission_classes = [IsAuthenticatedOrReadOnly]
-    queryset = EventApplication.objects.all()
+    permission_classes = [IsAuthenticated, OwnApplicationPermission]
+
+    def get_queryset(self):
+        user = self.request.user
+        queryset = EventApplication.objects.filter(event_applicant=user)
+        return queryset
 
 class TicketViewSet(viewsets.ReadOnlyModelViewSet):
     serializer_class = TicketSerializer