Encrypting data is easy; with the keys, decrypting data is also easy.
When your provider talks about protecting your data with in-transit (SSL/TLS) and at-rest encryption, by default that means that they themselves (or their servers) have access to the encryption keys. This means your messages and files are necessarily decrypted and re-encrypted by the service provider, giving them full access to your messages and files. (As well as any hacker able to breach their system.)
With end-to-end encryption, your data moves through Hotshot's servers encrypted, and is stored encrypted. Hotshot's servers, network and employees never have access to your encryption keys and do not have the ability to decrypt your messages or files. The system is designed in such a way that an attacker can live inside of Hotshot's servers/network perpetually without ever being able to decrypt your data.
Hotshot never has access to your messages and files, only you and your explicitly intended recipients have the ability to decrypt your messages/files.