The difference being that on apps like Infinity I might be entering info on third parties, like contact details of our clients/customers. On websites like HN I'm concerned only about _my_ privacy as I'm only processing _my_ personal data. On an app like Infinity, I would be processing personal data of third parties. So if Infinity has a data breach and the personal data of such third parties is exposed, I might be liable if I picked a platform with weak security. Before granting them access to the personal data that I process, it is my duty (under the GDPR) to make sure that they are actually reliable.