If you are not planning on changing the plans and their attributes very often, a good approach would be to use option sets.
Use an option set called “Plan” and add attributes for each row of the above image.
Add a field to the user (or whichever thing has a plan attached to it) which is of type “plan”. (you can use option sets as datafields).
Use privacy settings and workflow conditionals to check whether the user’s plan allows them to use/change/acceess data or actions.
You would also have to add new fields on the user thing which track consumption of limited functionalities (in the image this would be SKU count, storage, credits etc…)
If you are planning on changing the attributes/plans more frequently, you could look into creating a new thing type called plan, where you would place the 3 plans. Everything else would be analogous to the option set solution. It would be slightly slower as every request would have to check with the database, however it would allow you to change the plans without redeploying your app.
There are a few forum posts, and guides which can show you how to do this.
If you want a more comprehensive view, i would recommend reading
It dedicates a whole chapter to permissions and tiered-access to the website, while also talking about how to make sure that there are no vulnerabilities in your website which would allow people to ignore restrictions.