I read a post here a while back claiming that graphine is less private but somehow more secure. Of course the only person I have to ask is the graphine Matrix who claims are the opposite of this. Generally my main concern about Calyx is it’s Fake google play thing. Apparently this is less private than graphineOS’s sandboxed google play since it is still connecting to Google, and is just as privileged as Google play usually is.
Graphene has been good at getting security and feature updates out the door quicker. For that reason (and that google telemetry will happen no matter what OS), it’s much more secure.