They collect all sorts of stuff. But they cant send it without network permission.
Maybe the app needs Network permission to downlod the dictionary?
So first of all its way smarter to "degoogle" (i.e. stop Google from getting data and privileged access over your device) by making the existing apps work without Google spying. This is often simply the network permission.
Apps can communicate though, so if you have another Google app like the Playstore or the services in the same profile, you will not want to use Gboard, as those apps can communicate with each other i.e. exchange data.
So in theory Gboard could collect data and even with disabled Network permission send it to the Play Services which to whatever with it.
This is very probably not done currently, as nobody has a per-app network permission on stock Android
But GrapheneOS devs work on a way to stop that communication between apps. It simply needs time.
Apps can only share data if they are in the same profile (the work profile is also separated) and if both are programmed to do so. Facebook has this a lot with random Apps for example. Your FOSS apps will not share data very likely.
So yes, using GBoard may sound strange, and there will be many features missing, but it is actually no problem.
If CalyxOS also uses the AOSP keyboard or matching components, it should be no problem to use their work. Unless it is GPLv3 or similar, because GrapheneOS wants to keep the possibility open that Hardware manufacturers can preinstall it without needing to allow users to modify it or install something else, which is not allowed under GPLv3.
GrapheneOS officially recommends very few apps, among those Accrescent and Molly, thats basically it. I agree that there is some kind of void, but unlike CalyxOS they dont blindly trust unrelated 3rd party apps they dont really know.
Have a look at the unofficial community wiki where you might find more recommendations.