diff --git a/firestore.rules b/firestore.rules
index ba0521d0..c56ef0f8 100644
--- a/firestore.rules
+++ b/firestore.rules
@@ -9,12 +9,20 @@ service cloud.firestore {
       }
       
       function inCharLimit(initials) {
-        return initials.size() < 4;
+        return initials.size() == 3;
+      }
+
+      function isValidScore(score) {
+        return score > 0 && score < 9999999999;
       }
       
       function isAuthedUser(auth) {
       	return request.auth.uid != null && auth.token.firebase.sign_in_provider == "anonymous"
       }
+
+      function isValidCharacter(character) {
+         return character == 'android' || character == 'dash' || character == 'dino' || character == 'sparky';
+       }
    
       // Leaderboard can be read if it doesn't contain any prohibited initials
       allow read: if isAuthedUser(request.auth);
@@ -23,7 +31,9 @@ service cloud.firestore {
       // it's 3 characters long, and not a prohibited combination.
       allow create: if isAuthedUser(request.auth) &&
                        inCharLimit(request.resource.data.playerInitials) && 
-                       !prohibited(request.resource.data.playerInitials);
+                       !prohibited(request.resource.data.playerInitials) &&
+                       isValidScore(request.resource.data.score) &&
+                       isValidCharacter(request.resource.data.character);
     }
   }
 }
\ No newline at end of file