Depends on your threat model.

Honestly just use Sparrow. Whirlpool any KYC funds through it - spend from Postmix and let it handle stonewall txs and everything for you by default.

As long as you're not spending unmixed kyc with non-kyc funds that's all you need to do *if you even care*.