As @Woljciech said, if you can validate data before passign to model it will be the best. This way you do not hit the database layer, which in large applications could slow you down.
Basically what I do is:
Validate forms with javascript before sending to server;
Use Phalcon forms again to validate the data (since client based validation can be exploited);
Pass data to model to save (here you can also have validation for unique columns e.t.c.).