The site recently added more information, including this:
The value can be extracted at any time by signing a transaction from the Tangem Note to an arbitrary Bitcoin wallet. This requires a compatible NFCenabled Android phone and is protected by a 60to120second security delay. Faraday wallets recommended for additional security.
Private keys cannot be imported or exported from Tangem Notes under any circumstance. No backup possible by design. Each Tangem Note creates its own private keys and can never disclose them. The value is completely tied to the physical chip. Loss, theft, or destruction of a Tangem Note will result in loss of funds.
It looks like the chip will sign transactions, so it is like a hardware wallet.
Hmmm, well it could be worse.
But still, there is only one way to discover whether Tangem Notes are either counterfeits (or if Tangem are simply flashing memory chips with the same keys more than once), and that's to spend every Tangem note before you accept it from someone else.
I can imagine this working well:
Store: "So, let me just spend this Tangem note to an address I control, then I'll give you your goods"
Customer: "Uh, how about no?"
You can't really give a Tangem note to someone else, there's nothing to prove that there isn't another Tangem note that has access to the same private key. Except Tangem promising there isn't, of course.
In Tangem We Trust!