diff --git a/CHANGELOG.md b/CHANGELOG.md
index 646826a..7613299 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,10 @@
 - `.authorize` and `#authorize` return the instance, even for namespaced
   policies (#626)
 
+### Changed
+
+- Generate application scope with `protected` attr_readers. (#616)
+
 ### Removed
 
 - Dropped support for Ruby end-of-life versions: 2.1 and 2.2. (#604)
diff --git a/README.md b/README.md
index 432a07e..6cd75b8 100644
--- a/README.md
+++ b/README.md
@@ -220,8 +220,6 @@ define a class called a policy scope. It can look something like this:
 ``` ruby
 class PostPolicy < ApplicationPolicy
   class Scope
-    attr_reader :user, :scope
-
     def initialize(user, scope)
       @user  = user
       @scope = scope
@@ -234,6 +232,10 @@ class PostPolicy < ApplicationPolicy
         scope.where(published: true)
       end
     end
+
+    private
+
+    attr_reader :user, :scope
   end
 
   def update?
diff --git a/lib/generators/pundit/install/templates/application_policy.rb b/lib/generators/pundit/install/templates/application_policy.rb
index 50f2d7c..d989e9b 100644
--- a/lib/generators/pundit/install/templates/application_policy.rb
+++ b/lib/generators/pundit/install/templates/application_policy.rb
@@ -37,8 +37,6 @@ class ApplicationPolicy
   end
 
   class Scope
-    attr_reader :user, :scope
-
     def initialize(user, scope)
       @user = user
       @scope = scope
@@ -47,5 +45,9 @@ class ApplicationPolicy
     def resolve
       scope.all
     end
+
+    private
+
+    attr_reader :user, :scope
   end
 end