diff --git a/README.md b/README.md
index 3c2b496..c987503 100644
--- a/README.md
+++ b/README.md
@@ -16,13 +16,12 @@ Kresus is an open-source libre self-hosted personal finance manager. It allows y
 
 * to be added:
   * [ ] Email support
-  * [ ] Restrict more file access ($app is owner of everything, we should limit it more)
+  * [ ] Improve log file and add logrotate
   * [ ] Add user who will access the app (by default every one has access to the installed app)
-  * [ ] Email admin about installation with ynh_send_readme_to_admin helper
 
 ## Links
 
  * Report a bug about this package: https://github.com/YunoHost-Apps/kresus_ynh
  * Report a bug about Kresus itself: https://framagit.org/kresusapp/kresus
  * Kresus website: https://kresus.org
- * YunoHost website: https://yunohost.org/
+ * YunoHost website: https://yunohost.org
diff --git a/manifest.json b/manifest.json
index 8944e6c..c380122 100644
--- a/manifest.json
+++ b/manifest.json
@@ -15,7 +15,7 @@
     "requirements": {
         "yunohost": ">= 2.7.14"
     },
-    "version": "0.13.2~ynh2",
+    "version": "0.13.2~ynh3",
     "multi_instance": true,
     "services": [
         "nginx"
diff --git a/scripts/_common.sh b/scripts/_common.sh
index c7e475c..c92fb21 100644
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -164,3 +164,64 @@ EOF
 
 	chmod +x "/etc/cron.daily/node_update"
 }
+
+# Send an email to inform the administrator
+#
+# usage: ynh_send_readme_to_admin app_message [recipients]
+# | arg: app_message - The message to send to the administrator.
+# | arg: recipients - The recipients of this email. Use spaces to separate multiples recipients. - default: root
+#	example: "root admin@domain"
+#	If you give the name of a YunoHost user, ynh_send_readme_to_admin will find its email adress for you
+#	example: "root admin@domain user1 user2"
+ynh_send_readme_to_admin() {
+	local app_message="${1:-...No specific information...}"
+	local recipients="${2:-root}"
+
+	# Retrieve the email of users
+	find_mails () {
+		local list_mails="$1"
+		local mail
+		local recipients=" "
+		# Read each mail in argument
+		for mail in $list_mails
+		do
+			# Keep root or a real email address as it is
+			if [ "$mail" = "root" ] || echo "$mail" | grep --quiet "@"
+			then
+				recipients="$recipients $mail"
+			else
+				# But replace an user name without a domain after by its email
+				if mail=$(ynh_user_get_info "$mail" "mail" 2> /dev/null)
+				then
+					recipients="$recipients $mail"
+				fi
+			fi
+		done
+		echo "$recipients"
+	}
+	recipients=$(find_mails "$recipients")
+
+	local mail_subject="☁️🆈🅽🅷☁️: \`$app\` was just installed!"
+
+	local mail_message="This is an automated message from your beloved YunoHost server.
+
+Specific information for the application $app.
+
+$app_message
+
+---
+Automatic diagnosis data from YunoHost
+
+$(yunohost tools diagnosis | grep -B 100 "services:" | sed '/services:/d')"
+
+	# Define binary to use for mail command
+	if [ -e /usr/bin/bsd-mailx ]
+	then
+		local mail_bin=/usr/bin/bsd-mailx
+	else
+		local mail_bin=/usr/bin/mail.mailutils
+	fi
+
+	# Send the email to the recipients
+	echo "$mail_message" | $mail_bin -a "Content-Type: text/plain; charset=UTF-8" -s "$mail_subject" "$recipients"
+}
diff --git a/scripts/install b/scripts/install
index 204de79..c1162f2 100644
--- a/scripts/install
+++ b/scripts/install
@@ -152,7 +152,11 @@ ynh_add_systemd_config
 #=================================================
 
 # Set permissions to app files
-chown -R $app: $final_path
+chown -R "$app":"$app" "$final_path/data/"
+chmod -R 750 "$final_path/data/"
+
+# Set permissions to config file
+chown "$app" "$final_path/config.ini"
 chmod 600 "$final_path/config.ini"
 
 #=================================================
@@ -161,3 +165,23 @@ chmod 600 "$final_path/config.ini"
 
 service "$app" start
 service nginx reload
+
+#=================================================
+# SEND README TO ADMIN
+#=================================================
+
+message="
+Domain: $domain
+Path  : $path_url
+Config: $final_path/config.ini
+
+Please remember the default behavior of YunoHost when installing a new app is: everyone has access to the app.
+This may be an issue for Kresus as it is a personnal tool. Please remember to edit access rights in the YunoHost web administration panel or using command line interface.
+
+Note about config.ini: this package will regenerate the config file on upgrade.
+If you changed it manually and upgrade Kresus, you'll find a backup in $final_path.
+
+Are you facing an issue, want to improve this app or say thank you?
+Please open a new issue in this project: https://github.com/YunoHost-Apps/kresus_ynh
+"
+ynh_send_readme_to_admin "$message"
diff --git a/scripts/upgrade b/scripts/upgrade
index bc1f861..1c78c69 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -16,8 +16,6 @@ source /usr/share/yunohost/helpers
 # Exit if an error occurs during the execution of the script
 ynh_abort_if_errors
 
-# TODO: handle "/home/ynh$app" to final_path migration
-
 app=$YNH_APP_INSTANCE_NAME
 
 domain=$(ynh_app_setting_get $app domain)
@@ -136,6 +134,8 @@ ynh_use_nodejs
 # CONFIGURE HASTE
 #=================================================
 
+ynh_backup_if_checksum_is_different "$final_path/config.ini"
+
 cp ../conf/config.ini "$final_path/config.ini"
 
 ynh_replace_string "__PORT__"          "$port"       "$final_path/config.ini"
@@ -162,8 +162,15 @@ ynh_add_systemd_config
 # SECURE FILES AND DIRECTORIES
 #=================================================
 
-# Set right permissions for curl installation
-chown -R $app: $final_path
+# Reset permissions
+chown -R root:root "$final_path"
+
+# Set permissions to app files
+chown -R "$app":"$app" "$final_path/data/"
+chmod -R 750 "$final_path/data/"
+
+# Set permissions to config file
+chown "$app" "$final_path/config.ini"
 chmod 600 "$final_path/config.ini"
 
 #=================================================
@@ -172,3 +179,25 @@ chmod 600 "$final_path/config.ini"
 
 service "$app" restart
 systemctl reload nginx
+
+#=================================================
+# SEND README TO ADMIN
+#=================================================
+
+message="
+Kresus was updated!
+
+Domain: $domain
+Path  : $path_url
+Config: $final_path/config.ini
+
+Please remember the default behavior of YunoHost when installing a new app is: everyone has access to the app.
+This may be an issue for Kresus as it is a personnal tool. Please remember to edit access rights in the YunoHost web administration panel or using command line interface.
+
+Note about config.ini: this package will regenerate the config file on upgrade.
+If you changed it manually and upgrade Kresus, you'll find a backup in $final_path.
+
+Are you facing an issue, want to improve this app or say thank you?
+Please open a new issue in this project: https://github.com/YunoHost-Apps/kresus_ynh
+"
+ynh_send_readme_to_admin "$message"
\ No newline at end of file