diff --git a/.cursor/rules/python_coding_standards.mdc b/.cursor/rules/python_coding_standards.mdc
new file mode 100644
index 0000000..4c75556
--- /dev/null
+++ b/.cursor/rules/python_coding_standards.mdc
@@ -0,0 +1,9 @@
+---
+description: Coding standards that should be respect when working on Python code.
+alwaysApply: false
+---
+
+- Use type hinting. Check regularly with mypy via the `Makefile` command `make typecheck`.
+- Use docstrings following the style of the existing code. 
+- Avoid bloaty comments. Instead, favour using descriptive functions and variable names to make what's happening obvious.
+- Use tests frequently to detect errors early. Make sure that tests are kept up to date. Remove dead code tests when removing code.
diff --git a/.cursor/rules/running_tests.mdc b/.cursor/rules/running_tests.mdc
new file mode 100644
index 0000000..87de31a
--- /dev/null
+++ b/.cursor/rules/running_tests.mdc
@@ -0,0 +1,8 @@
+---
+description: How to run tests
+alwaysApply: false
+---
+
+There are backend, frontend and e2e tests.
+
+They should be run with the `test-` commands found in the `Makefile`.
diff --git a/.cursor/rules/security_authorization.mdc b/.cursor/rules/security_authorization.mdc
new file mode 100644
index 0000000..49b4d1e
--- /dev/null
+++ b/.cursor/rules/security_authorization.mdc
@@ -0,0 +1,14 @@
+---
+description: Instructions on ensuring that authorization gets respected in the app.
+alwaysApply: false
+---
+
+The app has users with roles and permissions. These should be respected.
+
+When working on the frontend, make sure that the users can only access the pages and contents they are expected to due to their role in the app.
+
+When working on the backend, ensure that endpoints are only accessible by those who need them.
+
+When building new features, reflect on whether there is the need to create new permissions or modify existing ones, as well as changing roles.
+
+Add tests that try "sneaky" approaches to overcoming authorization limits and verify that the app is properly protected against them.