In addition to the comments of others … if the app is only available for iOS and Android (usually the case) then choosing the app forces you to use iOS or Android, which is a massive fail before you even run the app. So I will choose the web site. We’re all going to get L5 phones, right? So we might as well start now with choosing the web site. This is more a privacy consideration than a security consideration, although the choice of operating system clearly has security implications.
(In limited circumstances, there may be other workarounds e.g. Anbox. )
Once you include the server side in the question, it is almost impossible to answer. You can’t audit the server side. You don’t know how it is set up.
It may have a flawed architecture with a buggy implementation and lax operational controls. That’s about as bad as it gets.
Or it may be at the other end of the spectrum.
That raises a good question, another one that we can’t answer.
For some applications the data will be held on the server regardless of how you access it (web site or app).
It is also possible that for other applications the data is on the server for the web site but locally on the client for the app.
Anything that stores data locally comes with some issues: may never get backed up, may be difficult to migrate from an old device to a new device, more vulnerable to loss or damage or physical theft.
Anything that stores data in the cloud comes with some issues: may be being subject to unauthorized access and you may never even know about it.