Newbie Here - Struggling With VLAN basics

Hi all

I am giving up on the search engine struggle as it's clear it's my understanding that's the issue.

I am running an establishment in which there is public WiFi, and two private WiFi's. On the private WiFi's, there are multiple castable devices (chromecast, google nest mini, etc.).

The end goal of this is to prevent users on the public WiFi from being able to cast to the castable devices (and hide them altogether if possible).

I am aware that there may be other settings that can prevent this etc. but I am in need, for future use, of how to prevent communication between the Public WiFi users, and the devices on the Private WiFi's.

This is currently how things are set up:

Internet <---> BT Business Hub 2 <---> Port 1 - GS324T - Port 2 <---> Public WiFi AP
                                                                                          - Port 3 <---> Private WiFi AP 1
                                                                                          - Port 4 <---> Private WiFi AP 2

Also - by default - all devices are part of VLAN 1 & all untagged (which I'm struggling to understand completely).

Will VLAN's work here? Is there a way to prevent the communication between Public & Private WiFi's without either losing connection to the internet?

Please can explanations be kept...in a way that a newbie would understand? I am a heavy web developer professional of many years, but have never dipped into networking until now.

Thanks for reading.