PROOF
Proof, not promises.
Most brands hand you a label and ask for the benefit of the doubt. We’d rather give you a garment that can answer for itself — what it is, where it’s been, and that no one’s faked it. Here’s how that’s built, and why each part is there.
Sewn into the logo patch is a secure NFC chip — the same class of silicon used for tap-to-pay and tamper-evident seals. It’s there for one reason: the secret it holds can’t be lifted out of it.
The chip carries a cryptographic key. That key never leaves the silicon — it can’t be read off, copied, or cloned, even by us. What the chip will do is use it to sign a fresh, one-time message every single time it’s tapped.
That last part is what makes a counterfeit pointless. Photograph the patch, copy the link, screenshot a verified page — none of it helps. The only thing that proves a HOLLOW is a HOLLOW is a live tap from the real chip, and the signature is different every time. There’s nothing static to copy.
NTAG 424 DNA · AES-128 · new signature every tap
You don’t need an app, an account, or our permission. Hold your phone to the logo. The chip wakes, signs its message, and your phone opens a verification page. About a second, start to finish.
Behind that second, a dedicated checker confirms the signature came from the real chip, makes sure it’s a fresh tap and not a replay of an old one, and pulls up the garment’s record. If anything’s off, it says so plainly — and it never explains why it failed, because the only people who’d want that detail are the ones trying to fake it.
The first time you tap a new piece, that’s the moment it goes from made to yours on the record. No ceremony required — the tap is the ceremony.
Every garment keeps a history: made, encoded, released, activated, and every time it changes hands after that. Each event is locked to the one before it with a cryptographic hash — a fingerprint that depends on everything that came before.
Change one entry, even slightly, and its fingerprint stops matching — and so does every entry after it. The break is obvious. That’s what tamper-evident means in practice: you don’t have to trust that the history is honest, you can see whether it’s intact.
No blockchain, no token, no coin to buy or speculate on. The record lives in one place, it’s ours to keep honest, and the math is what holds us to it.
SHA-256 hash chain · tamper-evident · no blockchain
There are two ways to see a piece’s truth, and we keep them deliberately apart.
The certificate is the shareable one. Anyone with the link can confirm a piece exists, who it belongs to if that’s been made public, and that its history is intact. It’s on record— calm, static, safe to pass around.
But it stops there on purpose.
The full confirmation — the live cryptographic proof above — only happens when you tap the actual garment. That’s authenticated, and it’s the one thing a link, a screenshot, or a copy can never reproduce. We won’t blur that line, because the moment a certificate can stand in for the garment, the proof stops meaning anything.
Verification shouldn’t cost you your privacy. If you’ve set your profile private, anyone who scans your piece sees that it’s authentic and nothing about you — no name, no handle, no tier.
On our side, we keep logs lean and hash the identifying parts, like IP addresses, so the records can’t be read back to a person. The encryption keys never appear in a page, an app response, or a log we can browse. And as covered, a failed check tells a forger nothing.
We collect what verification and shipping actually need, and we spell out the rest plainly in the privacy policy.
Own something that can answer for itself.
Drops open on a schedule. When one’s live, you enter like everyone else — and what arrives is a piece that can prove exactly what it is.