Yes that is all possible. All accessible via different PIN codes. Read that some people have their ‘Kids’ profile setup with hardened permissions (not for their 3 year old but rather their own finance fun money stuff).

There are many different write-ups on Stacker News, but this is a great intro #200175. As are these entries:

GrapheneOSGrapheneOS

• A Basic Guide To Making The Switch To Graphene OS
• Curated list of useful Open Source applications for GrapheneOS
• GrapheneOS - My 2-Month Experience 📱
• GrapheneOS: Phone Privacy Protection
• Forensic companies are trying to exploit GrapheneOS - but they aren't succeeding
• Bitcoiners should use GrapheneOS instead of Android/iOS
• GrapheneOS guide on bitcoiner.guide
• How secure is GrapheneOS vs. Apple and Google
• Graphene Fixes This
• Graphene OS: Learn from my ignorance

Final tipFinal tip

Just make sure you grab Obtanium via https://github.com/ImranR98/Obtainium to download apps and avoid Google Play if you can avoid it (even with some privacy improvements there).

If I install, say, gmail or google maps on this phone, have I ruined privacy?

There are degrees of privacy.

With GrapheneOS you have the option to not give big tech your data, but of course you can opt-in to do so installing Gmail or other Google/Meta/etc apps.

Note that you can read and send emails from your gmail account using a much more private email client, such as FairEmail or K-9 Email

You can also get map directions using other apps such as Organic Maps, Magic Earth, etc.

Is it possible to have multiple "private" profiles? For instance,

Yes, you can have multiple profiles, including a guest one:

GrapheneOS raises the limit on the number of secondary user profiles to 32 (31 + guest) instead of only 4 (3 + guest) to make this feature much more flexible.

Each one of these profiles is unique, private, and independent of each other. For example you can have a special profile with sandboxed Google Play installed while your main profile doesn't have it.

User profiles each have their own unique, randomly generated disk encryption key and their own unique key encryption key is used to encrypt it. The owner profile is special and is used to store sensitive system-wide operating system data. This is why the owner profile needs to be logged in after a reboot before other user profiles can be used. The owner profile does not have access to the data in other profiles.

For further information, the GrapheneOS discussion board is excellent, as well as the official site

Yes you can do that. My whole point was trying to get away from google products as much as possible, but they are "sandboxed" , whatever that means technically, which I believe prevents them from interacting with other apps on the phone. The profiles will give you additional separation. I don't use any google apps. Of course I'm a hypocrite by buying a Google phone to begin with!

#Use the Pins.

Were you a previous iPhone user?