diff --git a/README.md b/README.md
index f883c92..63e1920 100644
--- a/README.md
+++ b/README.md
@@ -15,9 +15,9 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
 
 ## Overview
 
-Online web spreadsheet editor providing collaborative editing in really real-time
+EtherCalc is a collaborative spreadsheet that can be edited in real time. Each spreadsheet has its own URL. It has the basic functionalities: formatting, mathematical functions, graphics, adding comments, version history, export in HTML or in CSV. EtherCalc is a decentralized software: different instances allow the use of the service, they are made available by several organizations (for example the eponymous site or the FramaCalc service). This makes it possible to avoid concentrating all the data in the hands of the same actor. Instances can be personalized (limitation of the duration of hosting of the spreadsheet, modification of the design, etc.).
 
-**Shipped version:** 20201228~ynh2
+**Shipped version:** 20201228~ynh3
 
 **Demo:** https://ethercalc.net/
 
diff --git a/README_fr.md b/README_fr.md
index eaa656b..9807594 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -11,9 +11,10 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour
 
 ## Vue d'ensemble
 
-Feuille de calcul collaborative en ligne
+EtherCalc est un tableur collaboratif éditable en temps réel. Chaque tableur possède sa propre URL. Il dispose des fonctionnalités de base : mise en forme, fonctions mathématiques, graphiques, ajout de commentaires, historique des versions, export en HTML ou en CSV. EtherCalc est un logiciel décentralisé : différentes instances permettent d'utiliser le service, elles sont mises à disposition par plusieurs organisations (par exemple le site éponyme ou le service FramaCalc). Cela permet d'éviter de concentrer toutes les données entre les mains d'un même acteur. Les instances peuvent être personnalisées (limitation de la durée d'hébergement du tableur, modification du design, etc.).
 
-**Version incluse :** 20201228~ynh2
+
+**Version incluse :** 20201228~ynh3
 
 **Démo :** https://ethercalc.net/
 
diff --git a/check_process b/check_process
index 6de33a6..d8b0d45 100644
--- a/check_process
+++ b/check_process
@@ -1,5 +1,4 @@
 ;; Test complet
-	auto_remove=1
 	; Manifest
 		domain="domain.tld"
 		path="/"
diff --git a/conf/app.src b/conf/app.src
index cad7801..7be8559 100644
--- a/conf/app.src
+++ b/conf/app.src
@@ -4,4 +4,3 @@ SOURCE_SUM_PRG=sha256sum
 SOURCE_FORMAT=tar.gz
 SOURCE_IN_SUBDIR=true
 SOURCE_FILENAME=
-
diff --git a/conf/systemd.service b/conf/systemd.service
index fb65a1a..4361b48 100644
--- a/conf/systemd.service
+++ b/conf/systemd.service
@@ -14,5 +14,35 @@ ExecStart=__FINALPATH__/bin/ethercalc --host 127.0.0.1 --port __PORT__ --expire
 RuntimeMaxSec=86400
 Restart=always
 
+# Sandboxing options to harden security
+# Depending on specificities of your service/app, you may need to tweak these 
+# .. but this should be a good baseline
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+DevicePolicy=closed
+ProtectSystem=full
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
+
+# Denying access to capabilities that should not be relevant for webapps
+# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
+CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
+CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
+CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG 
+
 [Install]
 WantedBy=multi-user.target
diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md
new file mode 100644
index 0000000..6b925ce
--- /dev/null
+++ b/doc/DESCRIPTION.md
@@ -0,0 +1 @@
+EtherCalc is a collaborative spreadsheet that can be edited in real time. Each spreadsheet has its own URL. It has the basic functionalities: formatting, mathematical functions, graphics, adding comments, version history, export in HTML or in CSV. EtherCalc is a decentralized software: different instances allow the use of the service, they are made available by several organizations (for example the eponymous site or the FramaCalc service). This makes it possible to avoid concentrating all the data in the hands of the same actor. Instances can be personalized (limitation of the duration of hosting of the spreadsheet, modification of the design, etc.).
\ No newline at end of file
diff --git a/doc/DESCRIPTION_fr.md b/doc/DESCRIPTION_fr.md
new file mode 100644
index 0000000..39e1834
--- /dev/null
+++ b/doc/DESCRIPTION_fr.md
@@ -0,0 +1 @@
+EtherCalc est un tableur collaboratif éditable en temps réel. Chaque tableur possède sa propre URL. Il dispose des fonctionnalités de base : mise en forme, fonctions mathématiques, graphiques, ajout de commentaires, historique des versions, export en HTML ou en CSV. EtherCalc est un logiciel décentralisé : différentes instances permettent d'utiliser le service, elles sont mises à disposition par plusieurs organisations (par exemple le site éponyme ou le service FramaCalc). Cela permet d'éviter de concentrer toutes les données entre les mains d'un même acteur. Les instances peuvent être personnalisées (limitation de la durée d'hébergement du tableur, modification du design, etc.).
diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md
deleted file mode 100644
index e69de29..0000000
diff --git a/manifest.json b/manifest.json
index 00f884c..faade0b 100644
--- a/manifest.json
+++ b/manifest.json
@@ -6,7 +6,7 @@
         "en": "Online web spreadsheet editor providing collaborative editing in really real-time",
         "fr": "Feuille de calcul collaborative en ligne"
     },
-    "version": "20201228~ynh2",
+    "version": "20201228~ynh3",
     "url": "https://ethercalc.net/",
     "upstream": {
         "license": "CPAL-1.0",
diff --git a/scripts/_common.sh b/scripts/_common.sh
index ab3b7fc..d493113 100644
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -4,7 +4,7 @@
 # COMMON VARIABLES
 #=================================================
 
-pkg_dependencies="redis-server redis-tools g++ make"
+pkg_dependencies="redis-server redis-tools"
 
 nodejs_version=14
 
diff --git a/scripts/remove b/scripts/remove
index 2684af4..f5b41ab 100644
--- a/scripts/remove
+++ b/scripts/remove
@@ -15,9 +15,9 @@ source /usr/share/yunohost/helpers
 
 app=$YNH_APP_INSTANCE_NAME
 
-domain=$(ynh_app_setting_get $app domain)
-port=$(ynh_app_setting_get $app port)
-final_path=$(ynh_app_setting_get $app final_path)
+domain=$(ynh_app_setting_get --app=$app --key=domain)
+port=$(ynh_app_setting_get --app=$app --key=port)
+final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 
 #=================================================
 # STANDARD REMOVE
@@ -47,6 +47,7 @@ ynh_script_progression --message="Removing dependencies..." --weight=2
 
 # Remove metapackage and its dependencies
 ynh_remove_app_dependencies
+ynh_remove_nodejs
 
 #=================================================
 # REMOVE NGINX CONFIGURATION
diff --git a/scripts/restore b/scripts/restore
index b36d31a..97853e5 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -38,8 +38,6 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
 #=================================================
 ynh_script_progression --message="Validating restoration parameters..." --weight=1
 
-ynh_webpath_available --domain=$domain --path_url=$path_url \
-	|| ynh_die --message="Path not available: ${domain}${path_url}"
 test ! -d $final_path \
 	|| ynh_die --message="There is already a directory: $final_path "
 
diff --git a/scripts/upgrade b/scripts/upgrade
index 680d9e8..fc4e75e 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -27,6 +27,20 @@ port=$(ynh_app_setting_get --app=$app --key=port)
 
 upgrade_type=$(ynh_check_app_version_changed)
 
+#=================================================
+# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
+#=================================================
+ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=2
+
+# Backup the current version of the app
+ynh_backup_before_upgrade
+ynh_clean_setup () {
+	# restore it if the upgrade fails
+	ynh_restore_upgradebackup
+}
+# Exit if an error occurs during the execution of the script
+ynh_abort_if_errors
+
 #=================================================
 # ENSURE DOWNWARD COMPATIBILITY
 #=================================================
@@ -45,20 +59,6 @@ if ynh_legacy_permissions_exists; then
 	ynh_app_setting_delete --app=$app --key=is_public
 fi
 
-#=================================================
-# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
-#=================================================
-ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=2
-
-# Backup the current version of the app
-ynh_backup_before_upgrade
-ynh_clean_setup () {
-	# restore it if the upgrade fails
-	ynh_restore_upgradebackup
-}
-# Exit if an error occurs during the execution of the script
-ynh_abort_if_errors
-
 #=================================================
 # STANDARD UPGRADE STEPS
 #=================================================