diff --git a/opentech/apply/activity/forms.py b/opentech/apply/activity/forms.py
index fd857e845808c50174f912c68eb9217f0e35388b..b1f46544812f718bb5662607eab786795a148db9 100644
--- a/opentech/apply/activity/forms.py
+++ b/opentech/apply/activity/forms.py
@@ -16,8 +16,15 @@ class CommentForm(forms.ModelForm):
 
     def __init__(self, *args, user=None, **kwargs):
         super().__init__(*args, **kwargs)
+        self.allowed_visibility = self._meta.model.visibility_for(user)
         self.visibility_choices = self._meta.model.visibility_choices_for(user)
         if len(self.visibility_choices) > 1:
             self.fields['visibility'].choices = self.visibility_choices
         else:
             self.fields['visibility'].widget = forms.HiddenInput()
+
+    def clean_visibility(self):
+        choice = self.cleaned_data['visibility']
+        if choice not in self.allowed_visibility:
+            raise ValidationError('You do not have permission for that visibility.')
+        return choice