I bought one of his phones; it might be more expensive the diy but since I have learnt some useful tricks from him I thought it important to support him as he helps less technical people understand the risks to their personal data.
His phone comes with a stock of already installed apps with lineage 17 (I just got the prompt to update to 18, yesterday, so in the future it may be lineage 18). I have assiduously avoided putting any google related apps on the device, especially google play. Like others I use fdroid and aurora for installing apps. As far as I can tell I have no PII directly accessible on the phone.
The biggest challenge that I see for it is e-commerce and, now, state mandated apps. As an example of ecommerce problems, I use calibre on my linux machines and was using Calibre Companion on my old android, but it requires google play as it is a paid app. As a result I cannot use it on the de-googled phone. Threema, on the other hand, apparently allows one to pay for the app online and install it separately.