I read a post here a while back claiming that graphine is less private but somehow more secure. Of course the only person I have to ask is the graphine Matrix who claims are the opposite of this. Generally my main concern about Calyx is it’s Fake google play thing. Apparently this is less private than graphineOS’s sandboxed google play since it is still connecting to Google, and is just as privileged as Google play usually is.
I think what I’ve heard (more or less) is that they are equally private but GrapheneOS is more secure. I don’t remember what the justification was though. I’m interested to see what replies your question gets.
I’ve always seen CalyxOS as the version that is the more user friendly (easier installation, better support. At least as of few years ago. Things migh have changed now.)
Personally what I question is the choice of GrapheneOS to use sanboxed Google play services rarher than the open source alternative micro-G. I can’t see how that’s better.