androidin I am wondering what data flows out.
When it comes to just notifications, not much I personally think. Others might disagree with me because they think Google is super evil and "leaking" any data to Google is very bad, no matter how inconsequential the data is.
For the most part it all depends on how each app handles data they push to FCM. Some apps send messages with nothing in the data
field. Others may use encryption. Devs can also be lazy and send sensitive info in the notification.
Since you're using GrapheneOS and Google Play apps are all sandboxed and don't have privileged access, Google can't get that much data about you. Kind of nothing useful from your phone at least. Obviously Google can get IP addresses, know which service is pushing the notifications, know your IP from Google Play Services' connection to FCM. Using a VPN can be useful here.