Can someone comment on notification privacy on GOS vs iOS. I once heard Apple had access to notification previews on the device and that it was better not to enable previews.

The notifications go through Google's servers, so Google can see the contents.

"The Android Transport Layer (see FCM architecture) uses point-to-point encryption. Depending on your needs, you may decide to add end-to-end encryption to data messages. FCM does not provide an end-to-end solution. However, there are external solutions available such as Capillary or DTLS."
https://firebase.google.com/docs/cloud-messaging/concept-options

Google suggest end to end encryption for sensitive messages but does not seem to enforce it.

Not to be contradictory, but notifications do NOT "go through" g* or anything else. Notifications are a function of the operating system used to alert the user and they are totally private except to people who can actually SEE the screen. The reason for the alert could be a local condition, such as an alarm clock, or they could be data sent from some server, which may be g* if you have your phone set to use that (g* is themselves trying very hard to force network services to route their alerts through their servers, but it is NOT actually necessary), or it may be some other server.

FCM is not notifications. It is a route that can be used to pass messages via g*, which may or may not even result in a notification.

    bookreader

    You are correct that notifications need not use FCM.