On balance, I'd go with a single user profile, at least to start with. As you say there is a compromise between privacy and convenience. I'll outline this further.
All apps are sandboxed and you can control their permissions.
Having a separate user profile makes sense if you have apps which you really don't want to be able communicate with each other via IPC. The first important aspect of multiple user profiles is that whilst notifications do get forwarded between user profiles, you won't be able to read the contents of the message until you switch user profile. Secondly. whilst you'll see WhatsApp calls in another profile incoming you won't be able to pick up the call. You'll have to decline the call, switch profile and then ring there person back.
SMS and carrier-based phone calls are a special case and can be conducted from any user profile. You can also optionally disable a user profile's access to SMS and phone calls if you wish to do so.
I would not use work profiles like Shelter, they're not designed for privacy and you also need to additionally trust the work profile admin since it has privileged access to those apps. If you want to stop apps like WhatsApp from accessing your contacts and files you can use contact scopes and storage scopes instead.
Therefore, on balance, I'd go with a single user profile. If you decide to use multiple user profiles, you can potentially improve your privacy by limiting IPC, but at the cost of some inconvenience.
In the end, if you're really not sure, you can always try both! Hope that helps.