Regev the launcher has no special permissions, they are restricted by the same permission model as any other app, in most cases revoking network toggle should be enough as it is an extreme edge case for app developers to take into account. Most of their users will be using the stock android model that doesn't expose this feature like GrapheneOS. The only way they could exfiltrate any usage data would depend on any other SDKs they include in the app and if you had any other app using the same SDK in the user and both apps explicitly granting IPC to each other, such as Firebase Analytics to name one. There are plenty others and developers often include more than one.
As with any app you download, you must judge your threat model accordingly, only install apps you trust, judge yourself if you really need the app etc.
When it comes to security, GrapheneOS has you covered, as far as Privacy is concerned, GrapheneOS at first install is the perfect environment, everything you start to add after that while secure, only adds anti-privacy elements which are only as private as the information you provide to them. That includes your usage of them. You should use the tools GrapheneOS provide such as network to mitigate this as much as you can where it is a concern.
The weakest link to the privacy of your device is YOU.