lcalamar Contacting the company and directing them to the GrapheneOS Attestation Guide might be productive (or might not).
A possible point to make is that GrapheneOS (the official distribution) is arguably more secure than even Google's stock OS for the Pixel on supported devices, and is definitely more secure than end-of-life Android devices (which pass Google's Play Integrity checks) and also more secure than various Google partners with security issues (e.g., some Fairphone models are said to have a broken Verified Boot implementation).
So arguably a security-focused company would support official GrapheneOS builds and would not support Pixel 4 and 5 devices even if they are running Google's stock OS. Or, arguably, it would be better to alert users on "suspect" devices but to let the users decide what to do.