The Trust Vault
A COA is not enough.
A certificate proves a sample was tested. Peppies links the item in your hand to a batch, a serial, a scan history, an expiry date, and a Passport. Paper says one lot was clean once. The Vault tells you about this bottle, today.
The problem with ordinary sellers.
Most sellers hand you a PDF and call it proof. A generic certificate floats free of the bottle it's supposed to vouch for. Here is everything that PDF leaves out — and what a Peppies item carries instead.
| What you get | Ordinary seller | A Peppies item |
|---|---|---|
| Certificate | Generic COA PDF | Batch-matched certificate |
| Item identity | No vial-level identity | Serialized item |
| Verification | Nothing to scan | NFC / QR token |
| Visual ID | Look-alike label | PepCode visual ID |
| Tamper | No seal status | Tamper status |
| History | No scan history | Passport history |
| Recall route | No recall route | Recall-ready notifications |
| Refill | No refill logic | Refill rhythm |
| Support | No protocol support | Education & support |
Comparison is illustrative of the Peppies model. “Support” means education and protocol guidance — not medical advice. Speak with an independent qualified professional before making medical decisions.
The Batch Trust Vault.
Every batch opens its own page in the Vault. Scan the token on your cap and this is what loads — the full chain behind the bottle in your hand.
An ordinary COA could belong to any bottle. Here, the certificate is bound to the exact lot that filled your serial — and the serial is bound to your Passport. Paper, batch, and item travel together.
The NFC/QR on the cap holds a random token only — never personal or health data. Private front, full identity on scan, emergency identity under peel-back.
TrustScore — six checks, one number.
Every scan runs six independent checks against the live record, then resolves to a single figure. A perfect 100 needs all six green; anything short shows you exactly which line to look at.
Verified means this item passed the check at scan time. Example figure.
What the scan can — and cannot — prove.
Verification earns trust by being honest about its edges. The scan proves where it came from. It does not pretend to be a clinician.
The scan can
The scan cannot
An item belongs to one member.
When you register a scan, that item is assigned to your member account. Anyone else who scans it sees authenticity only — never your record. Selling or gifting it on? Transfer ownership in the app.
You see everything — batch, serial, scan history, expiry, refill rhythm, and the link into your Passport.
A stranger who scans your bottle confirms it is genuine and unexpired — and nothing more. Your data stays yours.
Private front. Full identity on scan. Emergency identity under peel-back. Transfer reassigns the item to a new member account in seconds.
If a batch is ever flagged, we can reach you.
Because every item is serialized and owner-locked, the chain runs both ways. A clean lot stays quiet. A flagged one can notify exactly the members who hold it — by serial, not by guesswork.
Your Glow Drops batch is clear. Tested 2026-03-18, no flags, monitored daily.
The app can notify affected members directly — with the lot, the reason, and the next step. Example of a flagged-state notification.
A recall doesn't have to be a press release that worries everyone. It can be a single quiet message to the few members who actually hold the affected serials.
The same link that proves your bottle is genuine is the link we use to reach you if something changes about its batch. Trust that only runs one way isn't trust.
A certificate is a claim. The Vault is a record.
Buy a formula and the bottle in your hand carries its own batch, serial, scan history, expiry, and Passport — verified at every scan, recall-ready for life.